From: jin-gyu.kim <jin-gyu.kim@samsung.com>
Date: Wed, 15 Jul 2020 09:01:36 +0000 (+0900)
Subject: Add capabilities to pkg_recovery & unified-backend
X-Git-Tag: submit/tizen/20200716.021757^0
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fchanges%2F88%2F238588%2F1;p=platform%2Fcore%2Fsecurity%2Fsecurity-config.git

Add capabilities to pkg_recovery & unified-backend

- cap_chown, cap_dac_override and cap_fowner are added.

Change-Id: I196e985101b4b24ec59f12b4541dff4be0511645
---

diff --git a/config/set_capability b/config/set_capability
index 2d7bf7a..2fe9cac 100755
--- a/config/set_capability
+++ b/config/set_capability
@@ -856,6 +856,29 @@ if [ -e "/usr/bin/nan-manager" ]
 then /usr/sbin/setcap cap_net_admin,cap_net_raw=ei /usr/bin/nan-manager
 fi
 
+# Package               platform/core/appfw/unified-backend
+# Date                  Jul 15, 2020
+# Required		cap_dac_override, cap_chown, cap_fowner
+# cap_dac_override	access to /home/$USER/apps_rw
+# cap_chown		use chown API
+# cap_fowner		use chmod API
+
+if [ -e "/usr/bin/unified-backend" ]
+then /usr/sbin/setcap cap_dac_override,cap_chown,cap_fowner=ei /usr/bin/unified-backend
+fi
+
+# Package		app-installers
+# Date                  Jul 15, 2020
+# Required		cap_dac_override, cap_chown, cap_fowner
+# cap_dac_override	To restore user data
+# cap_chown		use chown API
+# cap_fowner		use chmod API
+
+if [ -e "/usr/bin/pkg_recovery" ]
+then /usr/sbin/setcap cap_dac_override,cap_chown,cap_fowner=ei /usr/bin/pkg_recovery
+fi
+
+
 # TODO: MOVE TO OTHER SCRIPT OR REMOVE
 # Requested by sooyeon.kim@samsung.com (.voice) and dalton.lee@samsung.com (.multiassistant)
 dir_list=(".voice" ".multiassistant")
diff --git a/test/capability_test/new_capabilities_exception.list b/test/capability_test/new_capabilities_exception.list
index 6caef3a..7057e30 100755
--- a/test/capability_test/new_capabilities_exception.list
+++ b/test/capability_test/new_capabilities_exception.list
@@ -17,7 +17,8 @@
 /usr/bin/muse-server = cap_dac_override+ei
 /usr/bin/amd = cap_dac_override,cap_kill,cap_setgid,cap_setuid,cap_sys_admin,cap_mac_admin+ei
 /usr/bin/amd = cap_dac_override,cap_kill,cap_sys_admin+ei
-/usr/bin/wrt-loader = cap_setgid,cap_sys_admin+ei/usr/bin/tpk-backend = cap_chown,cap_dac_override,cap_fowner+ei
+/usr/bin/wrt-loader = cap_setgid,cap_sys_admin+ei
+/usr/bin/tpk-backend = cap_chown,cap_dac_override,cap_fowner+ei
 /usr/bin/launchpad-loader = cap_setgid,cap_sys_admin,cap_sys_nice+ei
 /usr/bin/app-defined-loader = cap_setgid,cap_sys_admin,cap_sys_nice+ei
 /usr/bin/email-service = cap_chown+eip
@@ -84,3 +85,5 @@
 /usr/bin/nan-manager = cap_net_admin,cap_net_raw+ei
 /usr/sbin/stability-monitor = cap_kill,cap_sys_module,cap_sys_ptrace+ei
 /usr/libexec/bluetooth/bluetooth-meshd = cap_dac_override,cap_net_bind_service,cap_net_admin+ei
+/usr/bin/unified-backend = cap_chown,cap_dac_override,cap_fowner+ei
+/usr/bin/pkg_recovery = cap_chown,cap_dac_override,cap_fowner+ei