From: jin-gyu.kim Date: Thu, 3 May 2018 04:30:34 +0000 (+0900) Subject: Give capabilities to audit-trail X-Git-Tag: submit/tizen/20180511.084431^0 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=1ca010aac2a5f12f73a5f4b5208bb508ae4b66d1;p=platform%2Fcore%2Fsecurity%2Fsecurity-config.git Give capabilities to audit-trail - audit-trail needs cap_audit_control and cap_audit_write - update service list for audit-trail Change-Id: I2ccc8feb19994293c890ad343bb5c94d910739f4 --- diff --git a/config/set_capability b/config/set_capability index 8cad271..337d804 100755 --- a/config/set_capability +++ b/config/set_capability @@ -596,6 +596,17 @@ if [ -e "/usr/bin/stc-iptables" ] then /usr/sbin/setcap cap_net_bind_service,cap_net_raw,cap_net_admin=ei /usr/bin/stc-iptables fi +# Package platform/core/security/audit-trail +# Owner Jaemin Ryu(jm77.ryu@samsung.com) +# Date May 3, 2018 +# Required cap_audit_control,cap_audit_write +# cap_audit_control To change auditing filter rules +# cap_audit_write To record the kernel auditing log + +if [ -e "/usr/bin/audit-trail-daemon" ] +then /usr/sbin/setcap cap_audit_control,cap_audit_write=ei /usr/bin/audit-trail-daemon +fi + # TODO: MOVE TO OTHER SCRIPT OR REMOVE # Requested by sooyeon.kim@samsung.com if [ -e "/etc/skel/share/.voice" ] diff --git a/test/new_service_test/emulator/mobile/systemd_service.list b/test/new_service_test/emulator/mobile/systemd_service.list index 93686bc..d602817 100644 --- a/test/new_service_test/emulator/mobile/systemd_service.list +++ b/test/new_service_test/emulator/mobile/systemd_service.list @@ -2,6 +2,7 @@ ac.service;app_fw;app_fw;System; accounts-service.service;service_fw;service_fw;System; alarm-server.service;app_fw;app_fw;System; app2sd-server.service;root;root;System; +audit-trail.service;security_fw;security_fw;System; auth-fw.service;security_fw;security_fw;System; bluetooth-address.service;network_fw;network_fw;System; bluetooth-force-hci-logger.service;network_fw;network_fw;System; diff --git a/test/new_service_test/emulator/tv/systemd_service.list b/test/new_service_test/emulator/tv/systemd_service.list index d32509f..db375a4 100644 --- a/test/new_service_test/emulator/tv/systemd_service.list +++ b/test/new_service_test/emulator/tv/systemd_service.list @@ -1,5 +1,6 @@ ac.service;app_fw;app_fw;System; alarm-server.service;app_fw;app_fw;System; +audit-trail.service;security_fw;security_fw;System; auth-fw.service;security_fw;security_fw;System; bluetooth.service;network_fw;network_fw;System; bluetooth-address.service;network_fw;network_fw;System; diff --git a/test/new_service_test/emulator/wearable/systemd_service.list b/test/new_service_test/emulator/wearable/systemd_service.list index c3340c6..ff34ee1 100644 --- a/test/new_service_test/emulator/wearable/systemd_service.list +++ b/test/new_service_test/emulator/wearable/systemd_service.list @@ -1,6 +1,7 @@ ac.service;app_fw;app_fw;System; accounts-service.service;service_fw;service_fw;System; alarm-server.service;app_fw;app_fw;System; +audit-trail.service;security_fw;security_fw;System; auth-fw.service;security_fw;security_fw;System; bluetooth-address.service;network_fw;network_fw;System; bluetooth-force-hci-logger.service;network_fw;network_fw;System; diff --git a/test/new_service_test/target/mobile/systemd_service.list b/test/new_service_test/target/mobile/systemd_service.list index b80c67b..9a7c551 100644 --- a/test/new_service_test/target/mobile/systemd_service.list +++ b/test/new_service_test/target/mobile/systemd_service.list @@ -2,6 +2,7 @@ ac.service;app_fw;app_fw;System; accounts-service.service;service_fw;service_fw;System; alarm-server.service;app_fw;app_fw;System; app2sd-server.service;root;root;System; +audit-trail.service;security_fw;security_fw;System; auth-fw.service;security_fw;security_fw;System; bluetooth-address.service;network_fw;network_fw;System; bluetooth-force-hci-logger.service;network_fw;network_fw;System; diff --git a/test/new_service_test/target/tv/systemd_service.list b/test/new_service_test/target/tv/systemd_service.list index f861195..f451f6e 100644 --- a/test/new_service_test/target/tv/systemd_service.list +++ b/test/new_service_test/target/tv/systemd_service.list @@ -1,5 +1,6 @@ ac.service;app_fw;app_fw;System; alarm-server.service;app_fw;app_fw;System; +audit-trail.service;security_fw;security_fw;System; auth-fw.service;security_fw;security_fw;System; bluetooth.service;network_fw;network_fw;System; bluetooth-address.service;network_fw;network_fw;System; diff --git a/test/new_service_test/target/wearable/systemd_service.list b/test/new_service_test/target/wearable/systemd_service.list index a451d73..fb80761 100644 --- a/test/new_service_test/target/wearable/systemd_service.list +++ b/test/new_service_test/target/wearable/systemd_service.list @@ -1,6 +1,7 @@ ac.service;app_fw;app_fw;System; accounts-service.service;service_fw;service_fw;System; alarm-server.service;app_fw;app_fw;System; +audit-trail.service;security_fw;security_fw;System; auth-fw.service;security_fw;security_fw;System; bluetooth-address.service;network_fw;network_fw;System; bluetooth-force-hci-logger.service;network_fw;network_fw;System;