From: jooseong lee <jooseong.lee@samsung.com>
Date: Tue, 22 Nov 2016 08:42:33 +0000 (+0900)
Subject: Set TZ_USER_APP directory permission in gumd script
X-Git-Tag: submit/tizen/20161124.010415~2
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=e6ed12ea584b9063cdabb46438ff67a1d5d4f2e3;p=platform%2Fcore%2Fsecurity%2Fsecurity-config.git

Set TZ_USER_APP directory permission in gumd script

Some service daemons, non root, access to application data directory.
In case, they have cap_dac_override. We will change file permission
to access app data directory for service daemon and remove their
cap_dac_override.

Change-Id: I0d007f9277229b9be889d9cb01c3c79e82f8b1db
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
---

diff --git a/config/91_user-dbspace-permissions.post b/config/91_user-dbspace-permissions.post
index 055ebd8..eb5dcf2 100644
--- a/config/91_user-dbspace-permissions.post
+++ b/config/91_user-dbspace-permissions.post
@@ -3,9 +3,16 @@
 PATH=/bin:/usr/bin:/sbin:/usr/sbin
 
 NEW_USER=$1
+export `tzplatform-get --user $NEW_USER TZ_USER_HOME`
+export `tzplatform-get --user $NEW_USER TZ_USER_APP`
 export `tzplatform-get --user $NEW_USER TZ_USER_APPROOT`
 export `tzplatform-get --user $NEW_USER TZ_USER_DB`
-export `tzplatform-get --user $NEW_USER TZ_USER_HOME`
+
+chown $NEW_USER:system_share $TZ_USER_HOME
+chmod 750 $TZ_USER_HOME
+
+chown $NEW_USER:system_share $TZ_USER_APP
+chmod 750 $TZ_USER_APP
 
 chown $NEW_USER:system_share $TZ_USER_APPROOT
 chmod 750 $TZ_USER_APPROOT
@@ -13,9 +20,6 @@ chmod 750 $TZ_USER_APPROOT
 chown $NEW_USER:system_share $TZ_USER_DB
 chmod 770 $TZ_USER_DB
 
-chown $NEW_USER:system_share $TZ_USER_HOME
-chmod 750 $TZ_USER_HOME
-
 if [ ! -d $TZ_USER_DB/privacy ]
 then
     mkdir -p $TZ_USER_DB/privacy