From af7dd4619b57a34103c697d38a10e70fab4c93ef Mon Sep 17 00:00:00 2001 From: "jin-gyu.kim" Date: Mon, 10 Jul 2017 15:02:12 +0900 Subject: [PATCH] Retrieve unnecessary capabilities. A. CAP_DAC_OVERRIDE on feedbackd - Add "input" gid to feedbackd to access "/dev/input". B. CAP_DAC_OVERRIDE on amixer - Add 'audio' gid to emul-setup-audio-volume to access "/dev/snd". C. CAP_SYS_ADMIN on xtables-multi - This is not necessary. D. CAP_SYS_ADMIN on wrt-loader - This is not necessary. Change-Id: I67d2587ffaa53ff9f1fd381b319f0b4513c5ea87 --- config/set_capability | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/config/set_capability b/config/set_capability index aece105..87f6b2b 100755 --- a/config/set_capability +++ b/config/set_capability @@ -164,11 +164,11 @@ fi # Owner Pureum Jung(pr.jung@samsung.com) # Date Sep 2, 2016 # Required cap_dac_override -# cap_dac_override to access input event node +# cap_dac_override to access input event node => removed as feedbackd has input gid. -if [ -e "/usr/bin/feedbackd" ] -then /usr/sbin/setcap cap_dac_override=eip /usr/bin/feedbackd -fi +#if [ -e "/usr/bin/feedbackd" ] +#then /usr/sbin/setcap cap_dac_override=eip /usr/bin/feedbackd +#fi # Package connmand # Owner Hyunuk Tak(hyunuk.tak@samsung.com) @@ -265,10 +265,10 @@ fi # Capability Bit only effective and inheriable # cap_net_admin to use ioctl socket # cap_net_raw to use RAW socket -# cap_sys_admin to initialize iptables table +# cap_sys_admin to initialize iptables table => removed as it is not needed. if [ -e "/usr/sbin/xtables-multi" ] -then /usr/sbin/setcap cap_net_admin,cap_net_raw,cap_sys_admin=ei /usr/sbin/xtables-multi +then /usr/sbin/setcap cap_net_admin,cap_net_raw=ei /usr/sbin/xtables-multi fi # Package tayga @@ -336,11 +336,11 @@ fi # Date Oct 13, 2016 # Required cap_dac_override # Capability Bit only effective and inheriable -# cap_dac_override to access file +# cap_dac_override to access file => removed as calling process has audio gid. -if [ -e "/usr/bin/amixer" ] -then /usr/sbin/setcap cap_dac_override=ei /usr/bin/amixer -fi +#if [ -e "/usr/bin/amixer" ] +#then /usr/sbin/setcap cap_dac_override=ei /usr/bin/amixer +#fi # Package data-provider-master # Owner Myung-ki Lee (mk5004.lee@samsung.com) @@ -485,11 +485,11 @@ fi # Owner Jaekuk Lee(juku1999@samsung.com) # Date July 4, 2017 # Required cap_sys_admin, cap_setgid -# cap_sys_admin to mount ( TODO : need to be checked) +# cap_sys_admin to mount ( TODO : need to be checked) => removed as it is not needed. # cap_setgid to change process gid if [ -e "/usr/bin/wrt-loader" ] -then /usr/sbin/setcap cap_sys_admin,cap_setgid=ei /usr/bin/wrt-loader +then /usr/sbin/setcap cap_setgid=ei /usr/bin/wrt-loader fi # TODO: MOVE TO OTHER SCRIPT OR REMOVE -- 2.34.1