From: jin-gyu.kim Date: Mon, 10 Sep 2018 07:13:31 +0000 (+0900) Subject: Add display-manager-monitor.service in the list. X-Git-Tag: submit/tizen/20180910.062956^0 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=638ece1296483e9934a570ebd4375a542c5b9f16;p=platform%2Fcore%2Fsecurity%2Fsecurity-config.git Add display-manager-monitor.service in the list. - "/usr/bin/cat" should has "cap_sys_ptrace" to read "/proc/[pid]/stack". - Working with UID & GID as "graphic_fw" and SMACK label as "System." Change-Id: I0142d8196ac9808351c3bf89ef06f6463f0c1012 --- diff --git a/config/set_capability b/config/set_capability index cf3dd32..52bb1dc 100755 --- a/config/set_capability +++ b/config/set_capability @@ -628,6 +628,16 @@ if [ -e "/usr/bin/session-bind" ] then /usr/sbin/setcap cap_sys_admin=ei /usr/bin/session-bind fi +# Package product/upstream/coreutils +# Date Sep 10, 2018 +# Required cap_sys_ptrace +# cap_sys_ptrace To read /proc/[pid]/stack +# This is requested Display module, to be used in display-manager-monitor service. + +if [ -e "/usr/bin/cat" ] +then /usr/sbin/setcap cap_sys_ptrace=ei /usr/bin/cat +fi + # TODO: MOVE TO OTHER SCRIPT OR REMOVE # Requested by sooyeon.kim@samsung.com if [ -e "/etc/skel/share/.voice" ] diff --git a/test/capability_test/new_capabilities_exception.list b/test/capability_test/new_capabilities_exception.list index b6688c8..cc5fba7 100644 --- a/test/capability_test/new_capabilities_exception.list +++ b/test/capability_test/new_capabilities_exception.list @@ -56,3 +56,4 @@ /usr/bin/charon = cap_setgid,cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw+ei /usr/bin/dlog_logger = cap_syslog+ei /usr/libexec/bluetooth/bluetoothd = cap_dac_override,cap_net_bind_service,cap_net_admin+ei +/usr/bin/cat = cap_sys_ptrace+ei diff --git a/test/new_service_test/target/mobile/systemd_service.list b/test/new_service_test/target/mobile/systemd_service.list index 3f53dea..5dce964 100755 --- a/test/new_service_test/target/mobile/systemd_service.list +++ b/test/new_service_test/target/mobile/systemd_service.list @@ -43,6 +43,7 @@ device-policy-manager.service;security_fw;security_fw;System; device-policy-syspopup.service;security_fw;security_fw;System; deviced.service;root;root;System::Privileged; display-manager.service;root;root;System; +display-manager-monitor.service;graphic_fw;graphic_fw;System; dlog_logger.service;log;log;System; download-provider.service;web_fw;web_fw;System; emergency.service;root;root;System; diff --git a/test/new_service_test/target/wearable/systemd_service.list b/test/new_service_test/target/wearable/systemd_service.list index 9ee103e..6351fa8 100755 --- a/test/new_service_test/target/wearable/systemd_service.list +++ b/test/new_service_test/target/wearable/systemd_service.list @@ -35,6 +35,7 @@ device-policy-manager.service;security_fw;security_fw;System; device-policy-syspopup.service;security_fw;security_fw;System; deviced.service;root;root;System::Privileged; display-manager.service;root;root;System; +display-manager-monitor.service;graphic_fw;graphic_fw;System; dlog_logger.service;log;log;System; download-provider.service;web_fw;web_fw;System; emergency.service;root;root;System;