From: Mateusz Moscicki Date: Thu, 20 Aug 2020 10:18:44 +0000 (+0200) Subject: Change Smack label fro crash-service to System::Privileged X-Git-Tag: submit/tizen/20200821.053252^2 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=55e1203194f11034d13ae4eaead0cf2a99578ea6;p=platform%2Fcore%2Fsecurity%2Fsecurity-config.git Change Smack label fro crash-service to System::Privileged The System::Privileged label is needed because on newer kernels (>= 4.20) it's not possible to read/ptrace processes listed in onlycap set. Crash-service needs the right to do ptrace to correctly generate reports. Change-Id: Iad849f0b11eb3eece8d537fd2856daf59ffe757c --- diff --git a/test/new_service_test/emulator/common/systemd_service.list b/test/new_service_test/emulator/common/systemd_service.list index dba256c..392b781 100755 --- a/test/new_service_test/emulator/common/systemd_service.list +++ b/test/new_service_test/emulator/common/systemd_service.list @@ -42,7 +42,7 @@ ;console-shell.service;root;root;System; ;container-getty@.service;root;root;System; ;contextd.service;service_fw;service_fw;System; -;crash-service.service;crash_worker;crash_worker;System; +;crash-service.service;crash_worker;crash_worker;System::Privileged; ;csr.service;security_fw;security_fw;System; ;cynara.service;cynara;cynara;System; ;data-provider-master.service;app_fw;app_fw;System; diff --git a/test/new_service_test/emulator/iot/systemd_service.list b/test/new_service_test/emulator/iot/systemd_service.list index dba256c..392b781 100755 --- a/test/new_service_test/emulator/iot/systemd_service.list +++ b/test/new_service_test/emulator/iot/systemd_service.list @@ -42,7 +42,7 @@ ;console-shell.service;root;root;System; ;container-getty@.service;root;root;System; ;contextd.service;service_fw;service_fw;System; -;crash-service.service;crash_worker;crash_worker;System; +;crash-service.service;crash_worker;crash_worker;System::Privileged; ;csr.service;security_fw;security_fw;System; ;cynara.service;cynara;cynara;System; ;data-provider-master.service;app_fw;app_fw;System; diff --git a/test/new_service_test/emulator/mobile/systemd_service.list b/test/new_service_test/emulator/mobile/systemd_service.list index dba256c..392b781 100755 --- a/test/new_service_test/emulator/mobile/systemd_service.list +++ b/test/new_service_test/emulator/mobile/systemd_service.list @@ -42,7 +42,7 @@ ;console-shell.service;root;root;System; ;container-getty@.service;root;root;System; ;contextd.service;service_fw;service_fw;System; -;crash-service.service;crash_worker;crash_worker;System; +;crash-service.service;crash_worker;crash_worker;System::Privileged; ;csr.service;security_fw;security_fw;System; ;cynara.service;cynara;cynara;System; ;data-provider-master.service;app_fw;app_fw;System; diff --git a/test/new_service_test/emulator/wearable/systemd_service.list b/test/new_service_test/emulator/wearable/systemd_service.list index 10a9b42..d179257 100644 --- a/test/new_service_test/emulator/wearable/systemd_service.list +++ b/test/new_service_test/emulator/wearable/systemd_service.list @@ -35,7 +35,7 @@ ;console-shell.service;root;root;System; ;container-getty@.service;root;root;System; ;contextd.service;service_fw;service_fw;System; -;crash-service.service;crash_worker;crash_worker;System; +;crash-service.service;crash_worker;crash_worker;System::Privileged; ;csr.service;security_fw;security_fw;System; ;cynara.service;cynara;cynara;System; ;data-provider-master.service;app_fw;app_fw;System; diff --git a/test/new_service_test/target/common/systemd_service.list b/test/new_service_test/target/common/systemd_service.list index 7252340..a7c3101 100644 --- a/test/new_service_test/target/common/systemd_service.list +++ b/test/new_service_test/target/common/systemd_service.list @@ -47,7 +47,7 @@ ;console-shell.service;root;root;System; ;container-getty@.service;root;root;System; ;contextd.service;service_fw;service_fw;System; -;crash-service.service;crash_worker;crash_worker;System; +;crash-service.service;crash_worker;crash_worker;System::Privileged; ;csr.service;security_fw;security_fw;System; ;cynara.service;cynara;cynara;System; ;data-provider-master.service;app_fw;app_fw;System; diff --git a/test/new_service_test/target/iot/systemd_service.list b/test/new_service_test/target/iot/systemd_service.list index 1a8d160..37e2b27 100644 --- a/test/new_service_test/target/iot/systemd_service.list +++ b/test/new_service_test/target/iot/systemd_service.list @@ -47,7 +47,7 @@ ;console-shell.service;root;root;System; ;container-getty@.service;root;root;System; ;contextd.service;service_fw;service_fw;System; -;crash-service.service;crash_worker;crash_worker;System; +;crash-service.service;crash_worker;crash_worker;System::Privileged; ;csr.service;security_fw;security_fw;System; ;cynara.service;cynara;cynara;System; ;data-provider-master.service;app_fw;app_fw;System; diff --git a/test/new_service_test/target/mobile/systemd_service.list b/test/new_service_test/target/mobile/systemd_service.list index 8b96196..db1211a 100644 --- a/test/new_service_test/target/mobile/systemd_service.list +++ b/test/new_service_test/target/mobile/systemd_service.list @@ -47,7 +47,7 @@ ;console-shell.service;root;root;System; ;container-getty@.service;root;root;System; ;contextd.service;service_fw;service_fw;System; -;crash-service.service;crash_worker;crash_worker;System; +;crash-service.service;crash_worker;crash_worker;System::Privileged; ;csr.service;security_fw;security_fw;System; ;cynara.service;cynara;cynara;System; ;data-provider-master.service;app_fw;app_fw;System; diff --git a/test/new_service_test/target/tv/systemd_service.list b/test/new_service_test/target/tv/systemd_service.list index b5651c8..77fc4a8 100644 --- a/test/new_service_test/target/tv/systemd_service.list +++ b/test/new_service_test/target/tv/systemd_service.list @@ -36,7 +36,7 @@ ;console-getty.service;root;root;System; ;console-shell.service;root;root;System; ;container-getty@.service;root;root;System; -;crash-service.service;crash_worker;crash_worker;System; +;crash-service.service;crash_worker;crash_worker;System::Privileged; ;csr.service;security_fw;security_fw;System; ;cynara.service;cynara;cynara;System; ;data-provider-master.service;app_fw;app_fw;System; diff --git a/test/new_service_test/target/wearable/systemd_service.list b/test/new_service_test/target/wearable/systemd_service.list index 8858b03..775f709 100755 --- a/test/new_service_test/target/wearable/systemd_service.list +++ b/test/new_service_test/target/wearable/systemd_service.list @@ -42,7 +42,7 @@ ;console-shell.service;root;root;System; ;container-getty@.service;root;root;System; ;contextd.service;service_fw;service_fw;System; -;crash-service.service;crash_worker;crash_worker;System; +;crash-service.service;crash_worker;crash_worker;System::Privileged; ;csr.service;security_fw;security_fw;System; ;cynara.service;cynara;cynara;System; ;data-provider-master.service;app_fw;app_fw;System;