From 1b1abde46a2bc151d2e2a238e19e7d01f45790e3 Mon Sep 17 00:00:00 2001
From: "jin-gyu.kim" <jin-gyu.kim@samsung.com>
Date: Thu, 12 Apr 2018 16:59:50 +0900
Subject: [PATCH] Give capabilities to stc-iptables

- To change non-root daemon, give network related capabilities.

Change-Id: I2385cf7c696eaa297f0ce935625ae1357fb0f987
---
 config/set_capability | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/config/set_capability b/config/set_capability
index 3e545b0..8cad271 100755
--- a/config/set_capability
+++ b/config/set_capability
@@ -192,6 +192,7 @@ if [ -e "/usr/bin/charon" ]
 then /usr/sbin/setcap cap_setgid,cap_net_admin,cap_net_bind_service,cap_net_broadcast,cap_net_raw=ei /usr/bin/charon
 fi
 
+
 # Package		net-config
 # Owner			Hyunuk Tak(hyunuk.tak@samsung.com)
 # Date			Oct 7, 2016
@@ -585,6 +586,16 @@ if [ -e "/usr/bin/dlog_logger" ]
 then /usr/sbin/setcap cap_syslog=ei /usr/bin/dlog_logger
 fi
 
+# Package               platform/core/connectivity/stc-iptables
+# Owner                 Hyunuk Tak(hyunuk.tak@samsung.com)
+# Date                  Apr 12, 2018
+# Required              cap_net_bind_service,cap_net_raw,cap_net_admin
+# cap_net_bind_service,cap_net_raw,cap_net_admin	netlink and ipproto sockets
+
+if [ -e "/usr/bin/stc-iptables" ]
+then /usr/sbin/setcap cap_net_bind_service,cap_net_raw,cap_net_admin=ei /usr/bin/stc-iptables
+fi
+
 # TODO: MOVE TO OTHER SCRIPT OR REMOVE
 # Requested by sooyeon.kim@samsung.com
 if [ -e "/etc/skel/share/.voice" ]
-- 
2.34.1