systemd: change GID/UID of non-daemon service

To follow the platform's secure profile, the group ID and User ID of
services which are not daemon and not root privilaged are modified.

Change-Id: I5d3bc561bf1239817c8f12c68c180d0edac9e5b0
Signed-off-by: Sooyoung Ha <yoosah.ha@samsung.com>

diff --git a/filesystem/usr/lib/systemd/system/emul-common-preinit.service b/filesystem/usr/lib/systemd/system/emul-common-preinit.service
index 4e47488..b092adb 100644 (file)
--- a/filesystem/usr/lib/systemd/system/emul-common-preinit.service
+++ b/filesystem/usr/lib/systemd/system/emul-common-preinit.service
@@ -5,6 +5,10 @@ After=vconf-setup.service
 Before=basic.target
 
 [Service]
+User=service_fw
+Group=service_fw
+Capabilities=cap_dac_override=i
+SecureBits=keep-caps
 Type=oneshot
 
 # execute prerun scripts.

diff --git a/filesystem/usr/lib/systemd/system/emul-setup-audio-volume.service b/filesystem/usr/lib/systemd/system/emul-setup-audio-volume.service
index de30797..31ec4a6 100644 (file)
--- a/filesystem/usr/lib/systemd/system/emul-setup-audio-volume.service
+++ b/filesystem/usr/lib/systemd/system/emul-setup-audio-volume.service
@@ -3,6 +3,10 @@ Description=Audio volume setup on emulator
 DefaultDependencies=no
 
 [Service]
+User=service_fw
+Group=service_fw
+Capabilities=cap_dac_override=i
+SecureBits=keep-caps
 Type=oneshot
 SmackProcessLabel=System
 ExecStart=/usr/bin/amixer "cset" "name='Master Playback Switch'" "1"

diff --git a/packaging/system-plugin-emulator.spec b/packaging/system-plugin-emulator.spec
index 8356995..ed3f676 100644 (file)
--- a/packaging/system-plugin-emulator.spec
+++ b/packaging/system-plugin-emulator.spec
@@ -1,5 +1,5 @@
 Name: system-plugin-emulator
-Version: 0.1.7
+Version: 0.1.8
 Release: 1
 Summary: System plugin for emulator
 License: Apache-2.0