From: seolheui kim Date: Wed, 27 Jun 2018 08:59:41 +0000 (+0900) Subject: Modify the permission of token file X-Git-Tag: submit/tizen_4.0/20180628.060131^0 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=aaf6dcecc4f166fa69062dd6398362f659636f46;p=platform%2Fcore%2Fsecurity%2Fode.git Modify the permission of token file - fota is running as system_share user and group. Change-Id: Ia79cdf471b0e82a0773e8af9f96dab6aa907095c Signed-off-by: seolheui kim --- diff --git a/packaging/ode.spec b/packaging/ode.spec index 3fbc762..3ba6cd9 100755 --- a/packaging/ode.spec +++ b/packaging/ode.spec @@ -32,7 +32,7 @@ The ode package provides a daemon which is responsible for encrypting/decryption %{_unitdir}/ode.service %{_unitdir}/multi-user.target.wants/ode.service %attr(700,root,root) %{TZ_SYS_SBIN}/ode-admin-cli -%attr(700,root,root) %{TZ_SYS_SBIN}/ode-fota +%attr(750,root,system_share) %{TZ_SYS_SBIN}/ode-fota %{_datadir}/%{name} %dir %{key_storage_plugin_dir} diff --git a/server/systemd/ode.service.in b/server/systemd/ode.service.in index 85e19c6..02aca38 100644 --- a/server/systemd/ode.service.in +++ b/server/systemd/ode.service.in @@ -4,6 +4,7 @@ Before=deviced.service [Service] Type=simple +Group=system_share SmackProcessLabel=System::Privileged ExecStart=@BIN_DIR@/@PROJECT_NAME@d Restart=on-failure diff --git a/server/upgrade-support.cpp b/server/upgrade-support.cpp index 11c49b8..35898cf 100644 --- a/server/upgrade-support.cpp +++ b/server/upgrade-support.cpp @@ -184,7 +184,7 @@ void writeToken(runtime::File &file, const BinaryData& token) { size_t tokenSize(token.size()); - file.create(0600); + file.create(0640); file.write(&tokenSize, sizeof(tokenSize)); file.write(token.data(), token.size());