From: Hyotaek Shim <hyotaek.shim@samsung.com>
Date: Tue, 19 Apr 2022 05:28:11 +0000 (+0900)
Subject: Fix DAC permission for board commands not to use SETUID
X-Git-Tag: accepted/tizen/unified/20220505.134703~4
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fchanges%2F62%2F273962%2F1;p=platform%2Fcore%2Fsystem%2Fdeviced.git

Fix DAC permission for board commands not to use SETUID

Instead, board user modules including booting-done.service
will have privileged credentials.

Change-Id: I9d838bc266fbb40d67ad61083254a7a527ae9ea3
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
---

diff --git a/packaging/deviced.spec b/packaging/deviced.spec
index 91cc598..debab7d 100644
--- a/packaging/deviced.spec
+++ b/packaging/deviced.spec
@@ -321,15 +321,15 @@ mv %{_libdir}/iot-headless-battery.so %{_libdir}/deviced/battery.so
 %{_bindir}/direct_set_debug.sh
 #endif
 %{TZ_SYS_DUMPGEN}/dump_pmstate_log.sh
-%attr(4554,root,system_fw) %{_bindir}/device_board_set_boot_success
-%attr(4554,root,system_fw) %{_bindir}/device_board_clear_boot_mode
-%attr(4555,root,system_fw) %{_bindir}/device_board_get_boot_mode
-%attr(4554,root,system_fw) %{_bindir}/device_board_switch_partition
-%attr(4554,root,system_fw) %{_bindir}/device_board_set_partition_ab_cloned
-%attr(4554,root,system_fw) %{_bindir}/device_board_clear_partition_ab_cloned
-%attr(4555,root,system_fw) %{_bindir}/device_board_get_partition_ab_cloned
-%attr(4554,root,system_fw) %{_bindir}/device_board_set_upgrade_status
-%attr(4555,root,system_fw) %{_bindir}/device_board_get_upgrade_status
+%attr(0554,system_fw,system_fw) %{_bindir}/device_board_set_boot_success
+%attr(0554,system_fw,system_fw) %{_bindir}/device_board_clear_boot_mode
+%attr(0555,system_fw,system_fw) %{_bindir}/device_board_get_boot_mode
+%attr(0554,system_fw,system_fw) %{_bindir}/device_board_switch_partition
+%attr(0554,system_fw,system_fw) %{_bindir}/device_board_set_partition_ab_cloned
+%attr(0554,system_fw,system_fw) %{_bindir}/device_board_clear_partition_ab_cloned
+%attr(0555,system_fw,system_fw) %{_bindir}/device_board_get_partition_ab_cloned
+%attr(0554,system_fw,system_fw) %{_bindir}/device_board_set_upgrade_status
+%attr(0555,system_fw,system_fw) %{_bindir}/device_board_get_upgrade_status
 
 %files auto-test
 %manifest deviced.manifest