From: Hwankyu Jhun <h.jhun@samsung.com>
Date: Thu, 19 Sep 2024 01:46:36 +0000 (+0900)
Subject: Add capability for the lux
X-Git-Tag: accepted/tizen/unified/20240920.050212^0
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fheads%2Faccepted%2Ftizen_unified_toolchain;p=platform%2Fcore%2Fsecurity%2Fsecurity-config.git

Add capability for the lux

Currently, the launchpad-process-pool has a problem about creating
children processes. Because, there are many threads in the launchpad-process-pool.
If the sub thread tries to allocate the memory or calling getenv() when
the main thread is calling fork(), it makes the deadlock issue of
the children processes. The lux is a children process of
the launchpad-process-pool to create children processes for applications.
(The lux is a single thread process.)

Change-Id: I20d7ce82b77af226bda0e59b8690896245b64580
Signed-off-by: Hwankyu Jhun <h.jhun@samsung.com>
---

diff --git a/config/set_capability b/config/set_capability
index 3fbc0d5..216a22e 100755
--- a/config/set_capability
+++ b/config/set_capability
@@ -1007,3 +1007,18 @@ if [ -e /usr/share/security-config/update_privacy_mount_list.sh ] && [ -e /usr/s
 then
 	/usr/share/security-config/update_privacy_mount_list.sh
 fi
+
+# Package               platform/core/appfw/launchpad
+# Owner                 Junghoon Park(jh9216.park@samsung.com)
+# Date                  Sep 19, 2024
+# Required              /usr/bin/lux : cap_mac_admin, cap_dac_override, cap_setgid, cap_sys_admin, cap_sys_nice, cap_sys_chroot : ei
+# cap_mac_admin		to use security_manager_prepare_app2()
+# cap_dac_override      fd redirection in debug mode of app running
+# cap_setgid		to use security_manager_prepare_app()
+# cap_sys_admin		to split mount namespace
+# cap_sys_nice		to change scheduling priority
+# cap_sys_chroot	to use setns()
+
+if [ -e "/usr/bin/lux" ]
+then /usr/sbin/setcap cap_sys_admin,cap_sys_nice,cap_mac_admin,cap_dac_override,cap_setgid,cap_sys_chroot=ei /usr/bin/lux
+fi