From: Sungbae Yoo <sungbae.yoo@samsung.com>
Date: Tue, 23 May 2017 06:59:34 +0000 (+0900)
Subject: Add smackfsroot, smackfsdef in mount options of ecryptfs
X-Git-Tag: submit/tizen/20170523.073824^0
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=8f7f71bda2fd81ff50b3e01e347c2fe2bb887c31;p=platform%2Fcore%2Fsecurity%2Fode.git

Add smackfsroot, smackfsdef in mount options of ecryptfs

Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Change-Id: If72c1205806111897a357bcd9f9fa6002d1ae6b7
---

diff --git a/server/engine/encryption/ecryptfs-engine.cpp b/server/engine/encryption/ecryptfs-engine.cpp
index 51fb925..5c087cf 100644
--- a/server/engine/encryption/ecryptfs-engine.cpp
+++ b/server/engine/encryption/ecryptfs-engine.cpp
@@ -303,6 +303,7 @@ void ecryptfsMount(const std::string &source, const std::string &destination, co
 
 	mountOption = "ecryptfs_passthrough"
 		",ecryptfs_cipher=" CIPHER_MODE
+		",smackfsroot=*,smackfsdef=*"
 		",ecryptfs_sig=" + std::string((char *)payload.token.password.signature) +
 		",ecryptfs_key_bytes=" + std::to_string(payload.token.password.sessionKeyEncryptionKeySize);
 
diff --git a/server/systemd/ode.service.in b/server/systemd/ode.service.in
index 2080c19..85e19c6 100644
--- a/server/systemd/ode.service.in
+++ b/server/systemd/ode.service.in
@@ -4,11 +4,10 @@ Before=deviced.service
 
 [Service]
 Type=simple
-SmackProcessLabel=System
+SmackProcessLabel=System::Privileged
 ExecStart=@BIN_DIR@/@PROJECT_NAME@d
 Restart=on-failure
 ExecReload=/bin/kill -HUP $MAINPID
-CapabilityBoundingSet=~CAP_MAC_ADMIN
 CapabilityBoundingSet=~CAP_MAC_OVERRIDE
 EnvironmentFile=/run/tizen-system-env
 EnvironmentFile=/run/xdg-root-env