From: jin-gyu.kim Date: Mon, 18 Dec 2017 06:12:31 +0000 (+0900) Subject: Remove the redundant capability. X-Git-Tag: submit/tizen_4.0/20171218.071255~1 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=aae287ca091473ff69d701700bb8fa966cc7eaa0;p=platform%2Fcore%2Fsecurity%2Fsecurity-config.git Remove the redundant capability. : cap_mac_admin is not required to dotnet-launcher : scd-launcher is not existed anymore. : oded is running as a root. Change-Id: Ic137a9ce76281d42a20a04838d7ab62131604469 --- diff --git a/config/set_capability b/config/set_capability index 57ea798..fa9743d 100755 --- a/config/set_capability +++ b/config/set_capability @@ -414,16 +414,11 @@ fi # Owner Pius Lee(pius.lee@samsung.com) # Date July 4, 2017 # Required cap_mac_admin, cap_setgid -# cap_mac_admin to change app process smack label (need for VD) # cap_setgid to change app process gid # cap_sys_admin to split mount namespace if [ -e "/usr/bin/dotnet-launcher" ] -then /usr/sbin/setcap cap_mac_admin,cap_setgid,cap_sys_admin=ei /usr/bin/dotnet-launcher -fi - -if [ -e "/usr/bin/scd-launcher" ] -then /usr/sbin/setcap cap_mac_admin,cap_setgid,cap_sys_admin=ei /usr/bin/scd-launcher +then /usr/sbin/setcap cap_setgid,cap_sys_admin=ei /usr/bin/dotnet-launcher fi # Package platform/core/telephony/telephony-daemon @@ -551,9 +546,10 @@ fi # cap_sys_ptrace to know process for storage encryption # cap_kill to kill the process -if [ -e "/usr/bin/oded" ] -then /usr/sbin/setcap cap_dac_override,cap_sys_admin,cap_sys_boot,cap_sys_ptrace,cap_kill=ei /usr/bin/oded -fi +# Currently, oded is running as a root. +#if [ -e "/usr/bin/oded" ] +#then /usr/sbin/setcap cap_dac_override,cap_sys_admin,cap_sys_boot,cap_sys_ptrace,cap_kill=ei /usr/bin/oded +#fi # Package platform/upstream/bluez # Owner Saerome Kim(saerome.kim@samsung.com saerome.kim@samsung.com )