From: Jin-gyu Kim <jin-gyu.kim@samsung.com>
Date: Tue, 19 Jul 2022 02:04:37 +0000 (+0900)
Subject: Read link before setting capability to /usr/sbin/insmod
X-Git-Tag: submit/tizen/20220719.031510^0
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=a812c3c65142a58e88ec3030424d5569dd695f2c;p=platform%2Fcore%2Fsecurity%2Fsecurity-config.git

Read link before setting capability to /usr/sbin/insmod

Consideration : It would be better to read link for every cases.

Change-Id: I96ad4fc378200f54ae9e6fd6bf92e925eda2d4cf
---

diff --git a/config/set_capability b/config/set_capability
index f4e9c87..8189fb8 100755
--- a/config/set_capability
+++ b/config/set_capability
@@ -951,9 +951,10 @@ fi
 # Required		/usr/sbin/insmod : cap_sys_module : ei
 # cap_sys_module	To use insmod
 # This is requested by telephony module, to be used in telephony-dongle.service.
+# /usr/sbin/insmod can be a symlink of /usr/bin/kmod. Therefore, use a readlink before setting a capability.
 
 if [ -e "/usr/sbin/insmod" ]
-then /usr/sbin/setcap cap_sys_module=ei /usr/sbin/insmod
+then /usr/sbin/setcap cap_sys_module=ei $(/usr/bin/readlink -f /usr/sbin/insmod)
 fi
 
 # Package		platform/core/system/pass