From: jin-gyu.kim <jin-gyu.kim@samsung.com>
Date: Wed, 20 Sep 2017 02:06:41 +0000 (+0900)
Subject: Give cap_net_raw to telephony-daemon
X-Git-Tag: submit/tizen/20170920.095249^0
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=1db4691104dfe13f8bc991437f3bb3060c2fee74;p=platform%2Fcore%2Fsecurity%2Fsecurity-config.git

Give cap_net_raw to telephony-daemon

- This is required to use raw socket.

Change-Id: I99f3c59a74024f7ebfff0a434abf616cb24a9cf1
---

diff --git a/config/set_capability b/config/set_capability
index e1c9d8e..0533dce 100755
--- a/config/set_capability
+++ b/config/set_capability
@@ -421,12 +421,13 @@ fi
 # Package               platform/core/telephony/telephony-daemon
 # Owner                 Shinhui Kang(sinikang@samsung.com)
 # Date                  July 4, 2017
-# Required              cap_net_admin
+# Required              cap_net_admin, cap_net_raw
 # cap_net_admin		for network interface up/down
+# cap_net_raw		to use raw socket
 
 # some profiles create the symlink to telephony-daemon
 if [ -e "/usr/bin/telephony-daemon" ]
-then /usr/sbin/setcap cap_net_admin=eip $(/usr/bin/readlink -f /usr/bin/telephony-daemon)
+then /usr/sbin/setcap cap_net_admin,cap_net_raw=ei $(/usr/bin/readlink -f /usr/bin/telephony-daemon)
 fi
 
 # Package               platform/core/system/session-utils
diff --git a/test/capability_test/new_capabilities_exception.list b/test/capability_test/new_capabilities_exception.list
index 58fee7a..8192a5d 100644
--- a/test/capability_test/new_capabilities_exception.list
+++ b/test/capability_test/new_capabilities_exception.list
@@ -35,9 +35,9 @@
 /usr/bin/mobileap-agent = cap_fowner,cap_net_bind_service,cap_net_admin+eip
 /usr/bin/chgrp = cap_chown+ei
 /usr/bin/xdelta3 = cap_dac_override+ei
-/usr/bin/telephony-daemon = cap_net_admin+eip
-/usr/bin/telephony-daemon.tv = cap_net_admin+eip
-/usr/bin/telephony-daemon.ivi = cap_net_admin+eip
+/usr/bin/telephony-daemon = cap_net_admin,cap_net_raw+ei
+/usr/bin/telephony-daemon.tv = cap_net_admin,cap_net_raw+ei
+/usr/bin/telephony-daemon.ivi = cap_net_admin,cap_net_raw+ei
 /usr/bin/nether = cap_net_admin+eip
 /usr/bin/dotnet-launcher = cap_setgid,cap_mac_admin+ei
 /usr/bin/wfd-manager = cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw+ei