Set the smack label of executable binary tools

Apps (3rd party and even in-house Apps) are not permitted to run dbus tools directly.
User System::Tools rx
User::Shell System::Tools rx
System::TEF System::Tools rx
System::Privileged System::Tools rx
System System::Tools rx

Change-Id: Ica6d587d2516da8241590f3cf090a91ed8d3ff75
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>

diff --git a/packaging/dbus.spec b/packaging/dbus.spec
index 53ad811a32a92c80eb56fbba80a285c8c92c2c8c..a521dc5437bb1da74f2c5713dd9c35ef0d14c5ab 100644 (file)
--- a/packaging/dbus.spec
+++ b/packaging/dbus.spec
@@ -283,6 +283,17 @@ getent group  dbus > /dev/null || /usr/sbin/groupadd -r -g 81 dbus 2> /dev/null
 getent passwd dbus > /dev/null || /usr/sbin/useradd -c 'System message bus' -u 81 -g 81 \
                                    -s /sbin/nologin -r -d '/' dbus 2> /dev/null || :
 
+%post
+# Set the smack label of executable binary tools
+chsmack %{_bindir}/dbus-cleanup-sockets -a "System::Tools"
+chsmack %{_bindir}/dbus-daemon -a "System::Tools"
+chsmack %{_bindir}/dbus-monitor -a "System::Tools"
+chsmack %{_bindir}/dbus-run-session -a "System::Tools"
+chsmack %{_bindir}/dbus-send -a "System::Tools"
+chsmack %{_bindir}/dbus-uuidgen -a "System::Tools"
+chsmack %{_bindir}/dbus-test-tool -a "System::Tools"
+chsmack %{_bindir}/dbus-update-activation-environment -a "System::Tools"
+
 %post -n dbus-libs-extension-kdbus
 pushd %{_libdir}
 for FILE in libdbus*.so.*.extension-kdbus; do mv "$FILE" "${FILE%.extension-kdbus}"; done