From: Tomasz Swierczek <t.swierczek@samsung.com>
Date: Wed, 29 Jan 2025 09:32:43 +0000 (+0100)
Subject: Add cap_setuid to launchpad-process-pool in dev_wos mode
X-Git-Tag: accepted/tizen/unified/20250217.155043^0
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=f461506681537d767d4638e5ecbfef3a30b1e262;p=platform%2Fcore%2Fsecurity%2Fsecurity-config.git

Add cap_setuid to launchpad-process-pool in dev_wos mode

Added outside set_capability script as its a dev_wos-only
modification, so far only for PoC.

Change-Id: I86fe560d2ed5a34455d92577ce846f6dc47738e1
---

diff --git a/config/generate_configure_wos b/config/generate_configure_wos
index ccdb0de..8b3512c 100755
--- a/config/generate_configure_wos
+++ b/config/generate_configure_wos
@@ -3,6 +3,15 @@ set -euo pipefail
 
 PATH=/bin:/usr/bin:/sbin:/usr/sbin
 
+function add_missing_caps {
+	# launchpad needs additional caps, re-setting them here with additional cap_setuid
+	if [ -e "/usr/bin/launchpad-process-pool" ]
+	then
+		existing_caps=`/usr/sbin/getcap /usr/bin/launchpad-process-pool | cut -f2- -d" "`
+		/usr/sbin/setcap "${existing_caps} cap_setuid=eip" /usr/bin/launchpad-process-pool
+	fi
+}
+
 function add_groups {
 	groupadd --force system_access
 	groupadd --force app_access
@@ -28,3 +37,4 @@ echo ')'
 
 echo 'add_groups'
 echo 'add_services_to_system_access_group "${services[@]}"'
+echo 'add_missing_caps'