/usr/sbin/tayga = cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw+ei
/usr/sbin/xtables-multi = cap_net_admin,cap_net_raw+ei
-/usr/sbin/named = cap_fowner,cap_net_bind_service,cap_net_admin,cap_sys_chroot+eip
-/usr/sbin/lwresd = cap_fowner,cap_net_bind_service,cap_net_admin,cap_sys_chroot+eip
-/usr/sbin/sdbd = cap_dac_override,cap_setgid,cap_setuid,cap_sys_admin+eip
-/usr/bin/hostapd = cap_fowner,cap_net_bind_service,cap_net_admin,cap_net_raw+eip
+/usr/sbin/named = cap_net_bind_service,cap_net_admin,cap_sys_chroot+ei
+/usr/sbin/lwresd = cap_net_bind_service,cap_net_admin,cap_sys_chroot+ei
+/usr/sbin/sdbd = cap_dac_override,cap_setgid,cap_setuid,cap_sys_admin+ei
+/usr/bin/hostapd = cap_dac_override,cap_net_bind_service,cap_net_admin,cap_net_raw+eip
/usr/sbin/ip = cap_net_admin+ei
-/usr/bin/wpa_supplicant = cap_net_admin,cap_net_raw+ei
-/usr/bin/focus_server = cap_chown,cap_fowner,cap_lease+eip
+/usr/bin/wpa_supplicant = cap_dac_override,cap_net_admin,cap_net_raw+ei
+/usr/bin/focus_server = cap_fowner,cap_lease+ei
/usr/bin/touch = cap_dac_override+ei
-/usr/bin/pkgdir-tool = cap_chown,cap_dac_override,cap_fowner+eip
-/usr/bin/msg-server = cap_chown,cap_net_admin,cap_net_raw,cap_lease+eip
-/usr/bin/media-server = cap_dac_read_search+eip
-/usr/bin/alarm-server = cap_sys_time+eip
+/usr/bin/pkgdir-tool = cap_chown,cap_dac_override,cap_fowner+ei
+/usr/bin/msg-server = cap_chown,cap_net_admin,cap_net_raw,cap_lease+ei
+/usr/bin/media-server = cap_dac_read_search+ei
+/usr/bin/alarm-server = cap_sys_time+ei
/usr/bin/systemd-user-helper = cap_dac_override,cap_setgid,cap_sys_admin,cap_mac_admin+ei
-/usr/bin/csr-server = cap_dac_override,cap_fowner+eip
-/usr/bin/pkgmgr-server = cap_chown,cap_dac_override,cap_fsetid,cap_kill,cap_setgid,cap_setuid+eip
-/usr/bin/muse-server = cap_dac_override+eip
+/usr/bin/csr-server = cap_dac_override,cap_fowner+ei
+/usr/bin/pkgmgr-server = cap_chown,cap_dac_override,cap_fsetid,cap_kill,cap_setgid,cap_setuid+ei
+/usr/bin/muse-server = cap_dac_override+ei
/usr/bin/amd = cap_dac_override,cap_kill,cap_setgid,cap_setuid,cap_sys_admin,cap_mac_admin+ei
/usr/bin/amd = cap_dac_override,cap_kill,cap_sys_admin+ei
-/usr/bin/wrt-loader = cap_setgid,cap_sys_admin+ei
-/usr/bin/tpk-backend = cap_chown,cap_dac_override,cap_fowner+eip
-/usr/bin/launchpad-loader = cap_setgid,cap_sys_admin+ei
+/usr/bin/wrt-loader = cap_setgid,cap_sys_admin+ei/usr/bin/tpk-backend = cap_chown,cap_dac_override,cap_fowner+ei
+/usr/bin/launchpad-loader = cap_setgid,cap_sys_admin,cap_sys_nice+ei
/usr/bin/email-service = cap_chown+eip
-/usr/bin/wgt-backend = cap_chown,cap_dac_override,cap_fowner+eip
-/usr/bin/download-provider = cap_chown,cap_dac_override+eip
+/usr/bin/wgt-backend = cap_chown,cap_dac_override,cap_fowner+ei
+/usr/bin/download-provider = cap_chown,cap_dac_override+ei
/usr/bin/chmod = cap_fowner+ei
-/usr/bin/sound_server = cap_chown,cap_fowner,cap_lease+eip
+/usr/bin/sound_server = cap_lease+ei
/usr/bin/dnsmasq = cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw+ei
-/usr/bin/feedbackd = cap_dac_override+eip
+/usr/bin/feedbackd = cap_dac_override+ei
/usr/bin/data-provider-master = cap_dac_override+ei
/usr/bin/amixer = cap_dac_override+ei
-/usr/bin/pkg_getsize = cap_dac_read_search+eip
-/usr/bin/pkg_cleardata = cap_dac_override+eip
-/usr/bin/launchpad-process-pool = cap_dac_override,cap_setgid,cap_sys_admin,cap_mac_admin+ei
-/usr/bin/mobileap-agent = cap_fowner,cap_net_bind_service,cap_net_admin+eip
+/usr/bin/pkg_getsize = cap_dac_read_search+ei
+/usr/bin/pkg_cleardata = cap_dac_override+ei
+/usr/bin/launchpad-process-pool = cap_dac_override,cap_setgid,cap_sys_admin,cap_sys_nice,cap_mac_admin+ei
+/usr/bin/mobileap-agent = cap_net_bind_service,cap_net_admin+ei
/usr/bin/chgrp = cap_chown+ei
/usr/bin/xdelta3 = cap_dac_override+ei
-/usr/bin/telephony-daemon = cap_net_admin,cap_net_raw+ei
-/usr/bin/telephony-daemon.tv = cap_net_admin,cap_net_raw+ei
-/usr/bin/telephony-daemon.ivi = cap_net_admin,cap_net_raw+ei
-/usr/bin/nether = cap_net_admin+eip
-/usr/bin/dotnet-launcher = cap_setgid,cap_sys_admin,cap_mac_admin+ei
+/usr/bin/telephony-daemon = cap_dac_override,cap_net_admin,cap_net_raw+ei
+/usr/bin/telephony-daemon.tv = cap_dac_override,cap_net_admin,cap_net_raw+ei
+/usr/bin/telephony-daemon.ivi = cap_dac_override,cap_net_admin,cap_net_raw+ei
+/usr/bin/nether = cap_net_admin+ei
+/usr/bin/dotnet-launcher = cap_setgid,cap_sys_admin+ei
/usr/bin/wfd-manager = cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw+ei
/usr/bin/wfd-manager.tm1 = cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw+ei
/usr/bin/wfd-manager.mobile = cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw+ei
/usr/bin/wfd-manager.wearable = cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw+ei
/usr/bin/wfd-manager.tv = cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw+ei
-/usr/bin/net-config = cap_net_admin,cap_net_raw+ei
-/usr/bin/connmand = cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw+ei
+/usr/bin/net-config = cap_dac_override,cap_net_admin,cap_net_raw+ei
+/usr/bin/connmand = cap_dac_override,cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw+ei
/usr/sbin/ifconfig = cap_net_admin+ei
/usr/bin/pkill = cap_kill+ei
/usr/bin/toybox = cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw+ei
/usr/sbin/route = cap_net_admin+ei
/usr/bin/oded = cap_dac_override,cap_kill,cap_sys_ptrace,cap_sys_admin,cap_sys_boot+ei
-/usr/bin/connman-vpnd = cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw+ei
+/usr/bin/connman-vpnd = cap_dac_override,cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw+ei
/usr/bin/charon = cap_setgid,cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw+ei
/usr/bin/dlog_logger = cap_syslog+ei
/usr/libexec/bluetooth/bluetoothd = cap_dac_override,cap_net_bind_service,cap_net_admin+ei
/usr/bin/session-bind = cap_sys_admin+ei
/usr/bin/kmod = cap_sys_module+ei
/usr/bin/hciconfig = cap_net_admin+ei
+/usr/bin/stc-iptables = cap_net_bind_service,cap_net_admin,cap_net_raw+ei
+/usr/bin/audit-trail-daemon = cap_audit_write,cap_audit_control+ei
+/usr/sbin/tcpdump = cap_net_raw+ei
# [Variable]
#=========================================================
PATH=/bin:/usr/bin:/sbin:/usr/sbin
-log_file="$dep_script_dir/log.csv"
-result_file="$dep_script_dir/result"
+log_file="$log_dir/dep_test.log"
+tmp_file="$rw_base_dir/dep_tmpfile"
+result_file="$result_dir/dep_test.result"
fail_cnt=
exception_list="$dep_script_dir/exception.list"
function getExecstack {
- $FIND /usr /etc /opt -perm +111 | $XARGS $utils_dir/file | grep "ELF" | cut -d ":" -f1 | xargs $utils_dir/execstack -q | grep "^X " | cut -d " " -f2 > $log_file
+ $FIND /usr /etc /opt -perm +111 | $XARGS $utils_dir/file | grep "ELF" | cut -d ":" -f1 | xargs $utils_dir/execstack -q | grep "^X " | cut -d " " -f2 > $tmp_file
+ while read line
+ do
+ CHECK_EXCEPTION $line
+ if [ "$?" == 0 ]
+ then
+ echo "$line" >> $log_file
+ fi
+
+ done < $tmp_file
fail_cnt=`cat $log_file | wc -l`
+ rm $tmp_file
+}
+
+function CHECK_EXCEPTION
+{
+ temp=$(grep $1 <<< cat $exception_list)
+ if [ -n "$temp" ]
+ then
+ return 1
+ fi
+ return 0
}
#=========================================================
# [01] Delete previous result and set utils
#=========================================================
$RM $log_file
-$TOUCH $log_file
-$RM $result_file
-$TOUCH $result_file
+
+# Rename utils
+file_cmd=`$FIND $utils_dir -name file*`
+execstack_cmd=`$FIND $utils_dir -name execstack*`
+if [ "$file_cmd" != "" ]; then
+ $MV $file_cmd $utils_dir/file
+fi
#set required so
LIBELF="libelf-0.153.so"
#=========================================================
echoI "Get Execstack"
-getExecstack
-echo "================================================================"
-if [ $((fail_cnt)) -lt 1 ]; then
- echo "NO STACK RWE"
- echo "YES" > $result_file
- $RM $log_file
-else
- echo "STACK RWE: $((fail_cnt))"
- echo "NO" > $result_file
-fi
-echo "================================================================"
-echo ""
-
if [ ! -d $log_dir ]; then
echo "make log dir"
$MKDIR $log_dir
else
echo "result dir exist"
fi
-if [ -a $dep_script_dir/log.csv ]; then
- $MV $dep_script_dir/log.csv $log_dir/dep_test.log
+
+getExecstack
+echo "================================================================"
+if [ $((fail_cnt)) -lt 1 ]; then
+ echo "NO STACK RWE"
+ echo "YES" > $result_file
+ $RM $log_file
+else
+ echo "STACK RWE: $((fail_cnt))"
+ echo "NO" > $result_file
fi
-$MV $dep_script_dir/result $result_dir/dep_test.result
-if [ -a $lib_dir/$LIBELF_LN ]; then
+echo "================================================================"
+echo ""
+
+if [ -e $lib_dir/$LIBELF_LN ]; then
rm $lib_dir/$LIBELF_LN
fi
fnPrintSDone
projects / platform / core / security / security-config.git / commitdiff