%license LICENSE
%manifest crash-worker.manifest
%dir %{crash_root_path}
+# attr() needed because: crash-worker running as crash_worker:crash_worker (user:group) creates files/dir under this path
%attr(0775,crash_worker,crash_worker) %{crash_path}
-%attr(-,root,root) %{upgrade_script_path}/500.crash-manager-upgrade.sh
+%{upgrade_script_path}/500.crash-manager-upgrade.sh
%files dumpsystemstate-util
%manifest crash-worker.manifest
%license LICENSE
-%attr(0750,crash_worker,crash_worker) %{_bindir}/dump_systemstate
+# attr() needed because: dump_systemstate has Smack exec_label(=System) set and we don't want to allow everyone to abuse it
+%attr(0750,root,crash_worker) %{_bindir}/dump_systemstate
%if %{with dumpsystemstateservice}
%files dumpsystemstate-service
%license LICENSE
%manifest crash-worker.manifest
-%attr(0750,crash_worker,crash_worker) %{_bindir}/dump_systemstate-service
-%attr(-,root,root) %{_unitdir}/dump_systemstate.service
-%attr(-,root,root) %{_datadir}/dbus-1/system-services/org.tizen.dumpsys.providers.org.tizen.systemstate.service
+%{_bindir}/dump_systemstate-service
+%{_unitdir}/dump_systemstate.service
+%{_datadir}/dbus-1/system-services/org.tizen.dumpsys.providers.org.tizen.systemstate.service
%endif
%files dumpsystemstate-config
%files support-regdump
%license LICENSE
%manifest crash-worker.manifest
-%attr(-,root,root) %{_prefix}/lib/sysctl.d/70-crash-manager.conf
-%attr(0750,crash_worker,crash_worker) %{_bindir}/crash-manager
+%{_prefix}/lib/sysctl.d/70-crash-manager.conf
+# attr() needed because: crash-worker has Smack exec_label(=System::Privileged) set and we don't want to allow everyone to abuse it
+%attr(0750,root,crash_worker) %{_bindir}/crash-manager
%{_libexecdir}/crash-popup-launch
%{_libexecdir}/crash-notify-send
%endif
%if %{with tests}
%files tests
%manifest %{name}.manifest
-%defattr(-,root,root)
%{_libexecdir}/crash-worker/tests/test1-default-crash
%{_libexecdir}/crash-worker/tests/test1-default-sleep
%{_libexecdir}/crash-worker/tests/test1-default-ill