# Owner Minje Ahn(minje.ahn@samsung.com)
# Date May 27, 2016
# Required cap_dac_override
-# cap_dac_override media-server needs to access client's directory defined as each client's uid and gid
+# cap_dac_read_search media-server needs to access client's directory defined as each client's uid and gid
# in case of providing its capi; thumbnail_util_extract() (providing thumbnail requested by client)
# client would be another service daemon and application
if [ -e "/usr/bin/media-server" ]
-then /usr/sbin/setcap cap_dac_override=eip /usr/bin/media-server
+then /usr/sbin/setcap cap_dac_read_search=eip /usr/bin/media-server
fi
# Package csr-server
# cap_net_admin Interface binding in case of using curl api (mms sending/receiving)
# cap_net_raw Bind to any address for proxying in using RAW and PACKET sockets (mms sending/receiving)
# cap_chown For change uid or gid chown file
-# cap_dac_override For access fstat file operation
# cap_lease Establish leases on arbitrary files
if [ -e "/usr/bin/msg-server" ]
-then /usr/sbin/setcap cap_chown,cap_dac_override,cap_lease,cap_net_admin,cap_net_raw=eip /usr/bin/msg-server
+then /usr/sbin/setcap cap_chown,cap_lease,cap_net_admin,cap_net_raw=eip /usr/bin/msg-server
fi
# Package pkgmgr-server
# Owner Seonah Moon(seonah1.moon@samsung.com)
# Date Oct 7, 2016
# Required cap_dac_override, cap_net_admin, cap_net_bind_service, cap_net_raw, cap_fowner
-# cap_dac_override network interface configruration
# cap_net_admin to use ioctl socket
# cap_net_bind_service to call bind
# cap_net_raw to use RAW socket
# cap_fowner network interface configruration
if [ -e "/usr/sbin/hostapd" ]
-then /usr/sbin/setcap cap_dac_override,cap_net_admin,cap_net_bind_service,cap_net_raw,cap_fowner=eip /usr/sbin/hostapd
+then /usr/sbin/setcap cap_net_admin,cap_net_bind_service,cap_net_raw,cap_fowner=eip /usr/sbin/hostapd
fi
# Package dnsmasq
# Date Oct 7, 2016
# Required cap_dac_override, cap_sys_admin, cap_net_admin, cap_net_raw
# Capability Bit only effective and inheriable
-# cap_dac_override network interface configruration
# cap_net_admin to use ioctl socket
# cap_net_raw to use RAW socket
# cap_sys_admin to initialize iptables table
if [ -e "/usr/sbin/xtables-multi" ]
-then /usr/sbin/setcap cap_dac_override,cap_net_admin,cap_net_raw,cap_sys_admin=ei /usr/sbin/xtables-multi
+then /usr/sbin/setcap cap_net_admin,cap_net_raw,cap_sys_admin=ei /usr/sbin/xtables-multi
fi
# Package chmod
then /usr/sbin/setcap cap_dac_override=ei /usr/bin/amixer
fi
-# Package boot-animation
-# Owner Junkyu Han(junkyu.han@samsung.net)
-# Date Aug 16, 2016
-# Required cap_dac_override
-# cap_dac_override to override dac permission for accessing to display group
-
-if [ -e "/usr/bin/boot-animation" ]
-then /usr/sbin/setcap cap_dac_override=eip /usr/bin/boot-animation
-fi
-
# Package data-provider-master
# Owner Myung-ki Lee (mk5004.lee@samsung.com)
# Date Nov 21, 2016
# Required cap_dac_override
-# cap_dac_override to override dac permission for accessing to app's po files.
+# cap_dac_read_search to override dac permission for accessing to app's po files.
if [ -e "/usr/bin/data-provider-master" ]
-then /usr/sbin/setcap cap_dac_override=eip /usr/bin/data-provider-master
+then /usr/sbin/setcap cap_dac_read_search=eip /usr/bin/data-provider-master
fi
# Package platform/upstream/iptables
projects / platform / core / security / security-config.git / commitdiff