Add cap_dac_override to isud binary

- This is needed by the isud to perform clean-up of the unnecessary
  files from globalapps path which is owned by tizenglobalapp:root
  but the isud service is run with the system:system user and group.

Reference ticket: SECSFV-271

Change-Id: Ib4b57bf44891dc902fa18d2c555c0e91adad93c9
(cherry picked from commit 70b36004b0aaacd65a031455ef000a654cca3cdc)

diff --git a/config/set_capability b/config/set_capability
index 8189fb8f92d95cc61a8ea7ce1bde6b4cc74ef03b..5115b9c288093dbe8d53c0ee7f5b758c188beab9 100755 (executable)
--- a/config/set_capability
+++ b/config/set_capability
@@ -967,6 +967,15 @@ if [ -e "/usr/bin/pass" ]
 then /usr/sbin/setcap cap_net_admin,cap_sys_ptrace=ei /usr/bin/pass
 fi
 
+# Package              platform/core/system/isu
+# Date                 Apr 11, 2024
+# Required             /usr/bin/isud : cap_dac_override : ei
+# cap_dac_override     isud needs to access application's directory for scanning and removing app files
+
+if [ -e "/usr/bin/isud" ]
+then /usr/sbin/setcap cap_dac_override=ei /usr/bin/isud
+fi
+
 # These are not related with the capability, but place here to run in generic-security.post
 # It would be better to run this separately in generic-security.post future.
 /usr/share/security-config/change_permission