From: jin-gyu.kim <jin-gyu.kim@samsung.com>
Date: Thu, 12 Apr 2018 07:59:50 +0000 (+0900)
Subject: Give capabilities to stc-iptables
X-Git-Tag: submit/tizen/20180412.081848^0
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=1b1abde46a2bc151d2e2a238e19e7d01f45790e3;p=platform%2Fcore%2Fsecurity%2Fsecurity-config.git

Give capabilities to stc-iptables

- To change non-root daemon, give network related capabilities.

Change-Id: I2385cf7c696eaa297f0ce935625ae1357fb0f987
---

diff --git a/config/set_capability b/config/set_capability
index 3e545b0..8cad271 100755
--- a/config/set_capability
+++ b/config/set_capability
@@ -192,6 +192,7 @@ if [ -e "/usr/bin/charon" ]
 then /usr/sbin/setcap cap_setgid,cap_net_admin,cap_net_bind_service,cap_net_broadcast,cap_net_raw=ei /usr/bin/charon
 fi
 
+
 # Package		net-config
 # Owner			Hyunuk Tak(hyunuk.tak@samsung.com)
 # Date			Oct 7, 2016
@@ -585,6 +586,16 @@ if [ -e "/usr/bin/dlog_logger" ]
 then /usr/sbin/setcap cap_syslog=ei /usr/bin/dlog_logger
 fi
 
+# Package               platform/core/connectivity/stc-iptables
+# Owner                 Hyunuk Tak(hyunuk.tak@samsung.com)
+# Date                  Apr 12, 2018
+# Required              cap_net_bind_service,cap_net_raw,cap_net_admin
+# cap_net_bind_service,cap_net_raw,cap_net_admin	netlink and ipproto sockets
+
+if [ -e "/usr/bin/stc-iptables" ]
+then /usr/sbin/setcap cap_net_bind_service,cap_net_raw,cap_net_admin=ei /usr/bin/stc-iptables
+fi
+
 # TODO: MOVE TO OTHER SCRIPT OR REMOVE
 # Requested by sooyeon.kim@samsung.com
 if [ -e "/etc/skel/share/.voice" ]