# Package connmand
# Owner Hyunuk Tak(hyunuk.tak@samsung.com)
# Date Oct 7, 2016
-# Required cap_dac_override,cap_net_admin,cap_net_bind_service,cap_net_broadcast,cap_net_raw
+# Required cap_net_admin,cap_net_bind_service,cap_net_broadcast,cap_net_raw
# cap_net_admin to add interface flags and make the interface UP/DOWN using ioctl
# cap_net_bind_service to execute bind() function
# cap_net_broadcast to make socket broadcasts, and listen to multicasts
then /usr/sbin/setcap cap_net_admin,cap_net_bind_service,cap_net_broadcast,cap_net_raw=ei /usr/bin/connmand
fi
+if [ -e "/usr/bin/connman-vpnd" ]
+then /usr/sbin/setcap cap_net_admin,cap_net_bind_service,cap_net_broadcast,cap_net_raw=ei /usr/bin/connman-vpnd
+fi
+
+# Package platform/upstream/strongswan
+# Owner Jiuing Yu(jiung.yu@samsung.com)
+# Date Oct 26, 2017
+# Required cap_setgid,cap_net_admin,cap_net_bind_service,cap_net_raw,cap_net_broadcast
+# cap_setgid to use initgroup
+# cap_net_admin to set SA configuration using linux kernel and netlink socket
+# cap_net_bind_service to use UDP 500 port for IKEv2 protocol
+# cap_net_broadcast to use IKEv2 protocol
+# cap_net_raw to use IKEv2 protocol
+
+if [ -e "/usr/bin/charon" ]
+then /usr/sbin/setcap cap_setgid,cap_net_admin,cap_net_bind_service,cap_net_broadcast,cap_net_raw=ei /usr/bin/charon
+fi
+
# Package net-config
# Owner Hyunuk Tak(hyunuk.tak@samsung.com)
# Date Oct 7, 2016
/usr/bin/pkgmgr-server = cap_chown,cap_dac_override,cap_fsetid,cap_kill,cap_setgid,cap_setuid+eip
/usr/bin/muse-server = cap_dac_override+eip
/usr/bin/amd = cap_dac_override,cap_kill+ep
-/usr/bin/wrt-loader = cap_setgid+ei
+/usr/bin/wrt-loader = cap_setgid,cap_sys_admin+ei
/usr/bin/tpk-backend = cap_chown,cap_dac_override,cap_fowner+eip
-/usr/bin/launchpad-loader = cap_setgid+ei
+/usr/bin/launchpad-loader = cap_setgid,cap_sys_admin+ei
/usr/bin/email-service = cap_chown+eip
/usr/bin/wgt-backend = cap_chown,cap_dac_override,cap_fowner+eip
/usr/bin/download-provider = cap_chown,cap_dac_override+eip
/usr/bin/amixer = cap_dac_override+ei
/usr/bin/pkg_getsize = cap_dac_read_search+eip
/usr/bin/pkg_cleardata = cap_dac_override+eip
-/usr/bin/launchpad-process-pool = cap_dac_override,cap_setgid,cap_mac_admin+ei
+/usr/bin/launchpad-process-pool = cap_dac_override,cap_setgid,cap_sys_admin,cap_mac_admin+ei
/usr/bin/mobileap-agent = cap_fowner,cap_net_bind_service,cap_net_admin+eip
/usr/bin/chgrp = cap_chown+ei
/usr/bin/xdelta3 = cap_dac_override+ei
/usr/bin/telephony-daemon.tv = cap_net_admin,cap_net_raw+ei
/usr/bin/telephony-daemon.ivi = cap_net_admin,cap_net_raw+ei
/usr/bin/nether = cap_net_admin+eip
-/usr/bin/dotnet-launcher = cap_setgid,cap_mac_admin+ei
+/usr/bin/dotnet-launcher = cap_setgid,cap_sys_admin,cap_mac_admin+ei
/usr/bin/wfd-manager = cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw+ei
/usr/bin/wfd-manager.tm1 = cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw+ei
/usr/bin/wfd-manager.mobile = cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw+ei
/usr/sbin/ifconfig = cap_net_admin+ei
/usr/bin/pkill = cap_kill+ei
/usr/bin/toybox = cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw+ei
+/usr/sbin/route = cap_net_admin+ei
+/usr/bin/oded = cap_dac_override,cap_kill,cap_sys_ptrace,cap_sys_admin,cap_sys_boot+ei
+/usr/bin/connman-vpnd = cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw+ei
+/usr/bin/charon = cap_setgid,cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw+ei
projects / platform / core / security / security-config.git / commitdiff