Migrate root daemon to non root

Change-Id: Iada8f0e50a106138d8e5fee6926962a825d82425
Signed-off-by: Yu jiung <jiung.yu@samsung.com>

diff --git a/packaging/dbus-wfd-manager.conf b/packaging/dbus-wfd-manager.conf
index a0ea5c5..6ed3eb3 100644 (file)
--- a/packaging/dbus-wfd-manager.conf
+++ b/packaging/dbus-wfd-manager.conf
@@ -1,6 +1,11 @@
 <!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
        "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
 <busconfig>
+       <policy user="network_fw">
+               <allow own="net.wifidirect"/>
+               <allow send_destination="net.wifidirect"/>
+               <allow receive_sender="net.wifidirect"/>
+       </policy>
        <policy user="root">
                <allow own="net.wifidirect"/>
                <allow send_destination="net.wifidirect"/>

diff --git a/packaging/net.wifidirect.service b/packaging/net.wifidirect.service
index 924bfd2..12e749f 100644 (file)
--- a/packaging/net.wifidirect.service
+++ b/packaging/net.wifidirect.service
@@ -2,5 +2,6 @@
 Name=net.wifidirect
 
 Exec=/bin/false
-User=root
+User=network_fw
+Gruop=network_fw
 SystemdService=wifi-direct-manager.service

diff --git a/packaging/wifi-direct-manager.service b/packaging/wifi-direct-manager.service
index 184a761..8479435 100644 (file)
--- a/packaging/wifi-direct-manager.service
+++ b/packaging/wifi-direct-manager.service
@@ -8,5 +8,8 @@ Type=dbus
 BusName=net.wifidirect
 SmackProcessLabel=System
 ExecStart=/usr/bin/wfd-manager
-CapabilityBoundingSet=~CAP_MAC_ADMIN
-CapabilityBoundingSet=~CAP_MAC_OVERRIDE
+User=network_fw
+Group=network_fw
+Capabilities=cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw=i
+SecureBits=keep-caps
+

diff --git a/packaging/wifi-direct-manager.spec b/packaging/wifi-direct-manager.spec
index 8791382..a180f08 100644 (file)
--- a/packaging/wifi-direct-manager.spec
+++ b/packaging/wifi-direct-manager.spec
@@ -8,7 +8,7 @@
 
 Name:          wifi-direct-manager
 Summary:       Wi-Fi Direct manger
-Version:       1.2.225
+Version:       1.2.226
 Release:       1
 Group:      Network & Connectivity/Wireless
 License:    Apache-2.0
@@ -622,7 +622,7 @@ esac
 %files
 %manifest wifi-direct-manager.manifest
 %license LICENSE
-%defattr(-,root,root,-)
+%defattr(-,network_fw,network_fw,-)
 %config %{TZ_SYS_RO_ETC}/wifi-direct/ccode.conf
 %config %{TZ_SYS_RO_ETC}/wifi-direct/dhcpd.conf
 %config %{TZ_SYS_RO_ETC}/wifi-direct/p2p_supp.conf
@@ -632,8 +632,8 @@ esac
 %attr(755,-,-) %{_bindir}/wifi-direct-server.sh
 %attr(755,-,-) %{_bindir}/wifi-direct-dhcp.sh
 %attr(755,-,-) %{TZ_SYS_RO_ETC}/wifi-direct/udhcp_script.non-autoip
-%attr(644,root,root) %{_datadir}/dbus-1/system-services/*
-%attr(644,root,root) %{_libdir}/systemd/system/*
+%attr(644,network_fw,network_fw) %{_datadir}/dbus-1/system-services/*
+%attr(644,network_fw,network_fw) %{_libdir}/systemd/system/*
 %if "%{?_lib}" == "lib64"
 %{_unitdir}/wifi-direct-manager.service
 %endif
@@ -646,7 +646,7 @@ esac
 # This is for backward-compatibility. This does not deteriorate 4.0 Configurability
 # if common || ivi || "undefined"
 %if "%{?profile}" != "wearable" && "%{?profile}" != "tv" && "%{?profile}" != "mobile"
-%defattr(-,root,root,-)
+%defattr(-,network_fw,network_fw,-)
 %{_libdir}/wifi-direct-plugin-wpasupplicant.so
 %endif
 
@@ -654,7 +654,7 @@ esac
 # if common || ivi || "undefined"
 %if "%{?profile}" != "wearable" && "%{?profile}" != "tv" && "%{?profile}" != "mobile"
 %files profile_common
-%defattr(-,root,root,-)
+%defattr(-,network_fw,network_fw,-)
 %{_bindir}/wfd-manager
 
 %files -n wifi-direct-plugin-wpasupplicant-profile_common
@@ -665,22 +665,22 @@ esac
 # if mobile || "undefined"
 %if "%{?profile}" != "wearable" && "%{?profile}" != "tv" && "%{?profile}" != "ivi" && "%{?profile}" != "common"
 %files profile_mobile
-%defattr(-,root,root,-)
+%defattr(-,network_fw,network_fw,-)
 %{_bindir}/wfd-manager.mobile
 
 %files -n wifi-direct-plugin-wpasupplicant-profile_mobile
 %manifest wifi-direct-plugin-wpasupplicant.manifest
-%defattr(-,root,root,-)
+%defattr(-,network_fw,network_fw,-)
 %{_libdir}/wifi-direct-plugin-wpasupplicant.so.mobile
 
 %ifarch %{arm}
 %files extension-TM1
-%defattr(-,root,root,-)
+%defattr(-,network_fw,network_fw,-)
 %{_bindir}/wfd-manager.tm1
 
 %files -n wifi-direct-plugin-wpasupplicant-extension-TM1
 %manifest wifi-direct-plugin-wpasupplicant.manifest
-%defattr(-,root,root,-)
+%defattr(-,network_fw,network_fw,-)
 %{_libdir}/wifi-direct-plugin-wpasupplicant.so.tm1
 %endif
 %endif
@@ -689,12 +689,12 @@ esac
 # if wearable || "undefined"
 %if "%{?profile}" != "mobile" && "%{?profile}" != "tv" && "%{?profile}" != "ivi" && "%{?profile}" != "common"
 %files profile_wearable
-%defattr(-,root,root,-)
+%defattr(-,network_fw,network_fw,-)
 %{_bindir}/wfd-manager.wearable
 
 %files -n wifi-direct-plugin-wpasupplicant-profile_wearable
 %manifest wifi-direct-plugin-wpasupplicant.manifest
-%defattr(-,root,root,-)
+%defattr(-,network_fw,network_fw,-)
 %{_libdir}/wifi-direct-plugin-wpasupplicant.so.wearable
 %endif
 
@@ -702,17 +702,17 @@ esac
 # if tv || "undefined"
 %if "%{?profile}" != "mobile" && "%{?profile}" != "wearable" && "%{?profile}" != "ivi" && "%{?profile}" != "common"
 %files profile_tv
-%defattr(-,root,root,-)
+%defattr(-,network_fw,network_fw,-)
 %{_bindir}/wfd-manager.tv
 
 %files -n wifi-direct-plugin-wpasupplicant-profile_tv
 %manifest wifi-direct-plugin-wpasupplicant.manifest
-%defattr(-,root,root,-)
+%defattr(-,network_fw,network_fw,-)
 %{_libdir}/wifi-direct-plugin-wpasupplicant.so.tv
 %endif
 
 #%files -n wifi-direct-prd-plugin-wpasupplicant
 #%manifest wifi-direct-prd-plugin-wpasupplicant.manifest
 #%license LICENSE
-#%defattr(-,root,root,-)
+#%defattr(-,network_fw,network_fw,-)
 #%{_libdir}/wifi-direct-prd-plugin-wpasupplicant.so