From: Yunjin Lee <yunjin-.lee@samsung.com>
Date: Wed, 1 Sep 2021 08:59:30 +0000 (+0900)
Subject: Add capabilities for res-copy
X-Git-Tag: submit/tizen_6.0/20210910.052738~1
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=7fc968bb0fbb4f837015bad544f95189c3a968b1;p=platform%2Fcore%2Fsecurity%2Fsecurity-config.git

Add capabilities for res-copy

- cap_chown,cap_dac_override,cap_fowner is required to changed
  copied resources ownership(root:priv_platform). pkgmgr-server
  fork execs it hence give cap_fowner to pkgmgr-server and give
  ie for those caps to res-copy.

Change-Id: I951d5bfe4b17a66f871ec60ff935da8670850d18
Signed-off-by: Yunjin Lee <yunjin-.lee@samsung.com>
---

diff --git a/config/set_capability b/config/set_capability
index edcfc9b..4d17968 100755
--- a/config/set_capability
+++ b/config/set_capability
@@ -89,16 +89,17 @@ fi
 # Package        	pkgmgr-server
 # Owner        		Jongmyeong Ko(jongmyeong.ko@samsung.com)
 # Date            	June 30, 2016
-# Required        	/usr/bin/pkgmgr-server : cap_chown, cap_dac_override, cap_fsetid, cap_kill, cap_setgid, cap_setuid : ei
+# Required        	/usr/bin/pkgmgr-server : cap_chown, cap_dac_override, cap_fsetid, cap_kill, cap_setgid, cap_setuid, cap_fowner : ei
 # cap_chown		fchown : change owner
 # cap_dac_override	Access user and global database file of package manager
 # cap_fsetid		fchmod : change mode
 # cap_kill		killpg function
 # cap_setgid		setgid and setgroups function
 # cap_setuid		setuid function
+# cap_fowner		to change copied resources' ownership (for /usr/bin/res-copy)
 
 if [ -e "/usr/bin/pkgmgr-server" ]
-then /usr/sbin/setcap cap_chown,cap_dac_override,cap_fsetid,cap_kill,cap_setgid,cap_setuid=ei /usr/bin/pkgmgr-server
+then /usr/sbin/setcap cap_chown,cap_dac_override,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_fowner=ei /usr/bin/pkgmgr-server
 fi
 
 # Package		app-installers
@@ -364,7 +365,7 @@ if [ -e "/usr/bin/data-provider-master" ]
 then /usr/sbin/setcap cap_dac_override=ei /usr/bin/data-provider-master
 fi
 
-# Package               platform/coer/appfw/pkgmgr-tool
+# Package               platform/core/appfw/pkgmgr-tool
 # Owner                 Sangyoon Jang(s89.jang@samsung.com)
 # Date                  Nov 28, 2016
 # Required              /usr/bin/pkg_getsize : cap_dac_read_search : ei
@@ -898,6 +899,18 @@ then /usr/sbin/setcap cap_mac_admin=eip /usr/bin/wrt-service
 fi
 
 
+# Package		platform/core/appfw/pkgmgr-tool
+# Date			Sep 01, 2021
+# Required		/usr/bin/res-copy : cap_chown, cap_dac_override, cap_fowner : ei
+# cap_chown			To change copied file's ownership(root:priv_platform)
+# cap_dac_override	To change copied file's ownership(root:priv_platform)
+# cap_fowner		To change copied file's ownership(root:priv_platform)
+
+if [ -e "/usr/bin/res-copy" ]
+then /usr/sbin/setcap cap_chown,cap_dac_override,cap_fowner=ei /usr/bin/res-copy
+fi
+
+
 # These are not related with the capability, but place here to run in generic-security.post
 # It would be better to run this separately in generic-security.post future.
 /usr/share/security-config/change_permission