From: jin-gyu.kim <jin-gyu.kim@samsung.com>
Date: Mon, 18 Dec 2017 06:12:31 +0000 (+0900)
Subject: Remove the redundant capability.
X-Git-Tag: submit/tizen/20171218.101143~1
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=6b44d0cb6ebd8910570ef2483980374ebab8957b;p=platform%2Fcore%2Fsecurity%2Fsecurity-config.git

Remove the redundant capability.

: cap_mac_admin is not required to dotnet-launcher
: scd-launcher is not existed anymore.
: oded is running as a root.

Change-Id: Ic137a9ce76281d42a20a04838d7ab62131604469
---

diff --git a/config/set_capability b/config/set_capability
index 0355ed5..b700c29 100755
--- a/config/set_capability
+++ b/config/set_capability
@@ -438,16 +438,11 @@ fi
 # Owner                 Pius Lee(pius.lee@samsung.com)
 # Date                  July 4, 2017
 # Required              cap_mac_admin, cap_setgid
-# cap_mac_admin		to change app process smack label (need for VD)
 # cap_setgid		to change app process gid
 # cap_sys_admin		to split mount namespace
 
 if [ -e "/usr/bin/dotnet-launcher" ]
-then /usr/sbin/setcap cap_mac_admin,cap_setgid,cap_sys_admin=ei /usr/bin/dotnet-launcher
-fi
-
-if [ -e "/usr/bin/scd-launcher" ]
-then /usr/sbin/setcap cap_mac_admin,cap_setgid,cap_sys_admin=ei /usr/bin/scd-launcher
+then /usr/sbin/setcap cap_setgid,cap_sys_admin=ei /usr/bin/dotnet-launcher
 fi
 
 # Package               platform/core/telephony/telephony-daemon
@@ -575,9 +570,10 @@ fi
 # cap_sys_ptrace	to know process for storage encryption
 # cap_kill		to kill the process
 
-if [ -e "/usr/bin/oded" ]
-then /usr/sbin/setcap cap_dac_override,cap_sys_admin,cap_sys_boot,cap_sys_ptrace,cap_kill=ei /usr/bin/oded
-fi
+# Currently, oded is running as a root.
+#if [ -e "/usr/bin/oded" ]
+#then /usr/sbin/setcap cap_dac_override,cap_sys_admin,cap_sys_boot,cap_sys_ptrace,cap_kill=ei /usr/bin/oded
+#fi
 
 # Package               platform/upstream/bluez
 # Owner                 Saerome Kim(saerome.kim@samsung.com saerome.kim@samsung.com )