Add cap_net_admin to /usr/bin/pass

- Requested by SECSFV-229
- cap_net_admin is required to use netlink interface

Change-Id: I524b7ce4a22a02d9d7213303a07758dde4b54445

diff --git a/config/set_capability b/config/set_capability
index a05937264dabc2427c25bf374672d36f20d4cf62..2d2217dd381ea4b6355fa6e4c613a2c0015cc9cd 100755 (executable)
--- a/config/set_capability
+++ b/config/set_capability
@@ -950,6 +950,15 @@ if [ -e "/usr/sbin/insmod" ]
 then /usr/sbin/setcap cap_sys_module=ei /usr/sbin/insmod
 fi
 
+# Package              platform/core/system/pass
+# Date                 Feb 23, 2022
+# Required             /usr/bin/pass : cap_net_admin : ei
+# cap_net_Admin                To use Netlink interface
+
+if [ -e "/usr/bin/pass" ]
+then /usr/sbin/setcap cap_net_admin=ei /usr/bin/pass
+fi
+
 # These are not related with the capability, but place here to run in generic-security.post
 # It would be better to run this separately in generic-security.post future.
 /usr/share/security-config/change_permission