Give cap_sys_admin to dotnet-launcher and wrt-loader.

Change-Id: I4956bd116cd8f15649ef4bf3ef66622b3c69f0f9

diff --git a/config/set_capability b/config/set_capability
index 0533dceecbc18340d08f1a3c87df44f0c8f508fb..f1bd3232b9b22f286e287a8bd24ab4c68e7f6019 100755 (executable)
--- a/config/set_capability
+++ b/config/set_capability
@@ -409,13 +409,14 @@ fi
 # Required              cap_mac_admin, cap_setgid
 # cap_mac_admin                to change app process smack label (need for VD)
 # cap_setgid           to change app process gid
+# cap_sys_admin                to split mount namespace
 
 if [ -e "/usr/bin/dotnet-launcher" ]
-then /usr/sbin/setcap cap_mac_admin,cap_setgid=ei /usr/bin/dotnet-launcher
+then /usr/sbin/setcap cap_mac_admin,cap_setgid,cap_sys_admin=ei /usr/bin/dotnet-launcher
 fi
 
 if [ -e "/usr/bin/scd-launcher" ]
-then /usr/sbin/setcap cap_mac_admin,cap_setgid=ei /usr/bin/scd-launcher
+then /usr/sbin/setcap cap_mac_admin,cap_setgid,cap_sys_admin=ei /usr/bin/scd-launcher
 fi
 
 # Package               platform/core/telephony/telephony-daemon
@@ -489,9 +490,10 @@ fi
 # Required              cap_sys_admin, cap_setgid
 # cap_sys_admin                to mount ( TODO : need to be checked) => removed as it is not needed.
 # cap_setgid           to change process gid
+# cap_sys_admin                to split mount namespace
 
 if [ -e "/usr/bin/wrt-loader" ]
-then /usr/sbin/setcap cap_setgid=ei /usr/bin/wrt-loader
+then /usr/sbin/setcap cap_setgid,cap_sys_admin=ei /usr/bin/wrt-loader
 fi
 
 # Package               platform/core/connectivity/wifi-direct-manager