From: jin-gyu.kim <jin-gyu.kim@samsung.com>
Date: Fri, 15 Jan 2021 03:55:27 +0000 (+0900)
Subject: Give cap_mac_admin to wrt-service
X-Git-Tag: submit/tizen/20210115.050443^0
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=011e77db6d0bde9d3928d501cffe95d61f8e7b85;p=platform%2Fcore%2Fsecurity%2Fsecurity-config.git

Give cap_mac_admin to wrt-service

- "eip" option is applied, but restricted to use by only chromium-efl app.

Change-Id: I025a3c34c84179d4986c25216288a088c555c4bf
---

diff --git a/config/set_capability b/config/set_capability
index 2780e02..4026edf 100755
--- a/config/set_capability
+++ b/config/set_capability
@@ -884,6 +884,18 @@ if [ -e "/usr/sbin/img-verifier" ]
 then /usr/sbin/setcap cap_dac_override=ei /usr/sbin/img-verifier
 fi
 
+# Package		platform/framework/web/chromium-efl
+# Date                  Jan 15, 2021
+# Required		/usr/bin/wrt-service : cap_mac_admin : eip
+# cap_mac_admin		To change a process label
+# It is excuted by a specific application not by systemd service.
+# Therefore, "eip" is required but restricted to access it by SMACK label.
+
+if [ -e "/usr/bin/wrt-service" ]
+then /usr/sbin/setcap cap_mac_admin=eip /usr/bin/wrt-service
+fi
+
+
 # TODO: MOVE TO OTHER SCRIPT OR REMOVE
 # Requested by sooyeon.kim@samsung.com (.voice) and dalton.lee@samsung.com (.multiassistant)
 dir_list=(".voice" ".multiassistant")