From: Sungbae Yoo <sungbae.yoo@samsung.com>
Date: Wed, 9 Aug 2017 07:13:09 +0000 (+0900)
Subject: Revert "Add smackfsroot, smackfsdef in mount options of ecryptfs"
X-Git-Tag: submit/tizen/20170816.100224~1
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=647c1500d3d39bc87b3ead905d0ffba541917a2f;p=platform%2Fcore%2Fsecurity%2Fode.git

Revert "Add smackfsroot, smackfsdef in mount options of ecryptfs"

This reverts commit 8f7f71bda2fd81ff50b3e01e347c2fe2bb887c31.
Change-Id: I4bb2a2f6dcde3f0769232a0478f53abe6e3a3c6e
---

diff --git a/server/engine/encryption/ecryptfs-engine.cpp b/server/engine/encryption/ecryptfs-engine.cpp
index 682bbdd..e0c5371 100644
--- a/server/engine/encryption/ecryptfs-engine.cpp
+++ b/server/engine/encryption/ecryptfs-engine.cpp
@@ -303,7 +303,6 @@ void ecryptfsMount(const std::string &source, const std::string &destination, co
 
 	mountOption = "ecryptfs_passthrough"
 		",ecryptfs_cipher=" CIPHER_MODE
-		",smackfsroot=*,smackfsdef=*"
 		",ecryptfs_sig=" + std::string((char *)payload.token.password.signature) +
 		",ecryptfs_key_bytes=" + std::to_string(payload.token.password.sessionKeyEncryptionKeySize);
 
diff --git a/server/systemd/ode.service.in b/server/systemd/ode.service.in
index 85e19c6..2080c19 100644
--- a/server/systemd/ode.service.in
+++ b/server/systemd/ode.service.in
@@ -4,10 +4,11 @@ Before=deviced.service
 
 [Service]
 Type=simple
-SmackProcessLabel=System::Privileged
+SmackProcessLabel=System
 ExecStart=@BIN_DIR@/@PROJECT_NAME@d
 Restart=on-failure
 ExecReload=/bin/kill -HUP $MAINPID
+CapabilityBoundingSet=~CAP_MAC_ADMIN
 CapabilityBoundingSet=~CAP_MAC_OVERRIDE
 EnvironmentFile=/run/tizen-system-env
 EnvironmentFile=/run/xdg-root-env