From 16dc06897abcfd8cbf433e5a22e9b24f130a6fa0 Mon Sep 17 00:00:00 2001
From: "jin-gyu.kim" <jin-gyu.kim@samsung.com>
Date: Wed, 4 Jan 2017 14:36:12 +0900
Subject: [PATCH] Change askuser to non-root daemon.

- Use '/run/user_ext' for askuser-notification.socket
- Set uid and gid for askuser service.

Change-Id: If709f1e5d5e20e9a3863bed6ee54a12b23d074a7
---
 src/common/config/Path.cpp          | 2 +-
 systemd/askuser-notification.socket | 3 ++-
 systemd/askuser.service             | 2 ++
 3 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/common/config/Path.cpp b/src/common/config/Path.cpp
index c6f6869..fece8df 100644
--- a/src/common/config/Path.cpp
+++ b/src/common/config/Path.cpp
@@ -32,7 +32,7 @@ const std::string &getSocketPath() {
     return socketPath;
 }
 
-const std::string userPathFormatPrefix = "/run/user/";
+const std::string userPathFormatPrefix = "/run/user_ext/";
 const std::string userPathFormatSuffix = "/askuser-notification.socket";
 
 std::string getUserSocketPath(uid_t uid) {
diff --git a/systemd/askuser-notification.socket b/systemd/askuser-notification.socket
index 0df0696..194ab60 100644
--- a/systemd/askuser-notification.socket
+++ b/systemd/askuser-notification.socket
@@ -1,8 +1,9 @@
 [Socket]
-ListenStream=/run/user/%U/askuser-notification.socket
+ListenStream=/run/user_ext/%U/askuser-notification.socket
 SocketMode=0770
 
 Service=askuser-notification.service
+ExecStartPost=/usr/bin/chmod 0666 /run/user_ext/%U/askuser-notification.socket
 
 [Install]
 WantedBy=sockets.target
diff --git a/systemd/askuser.service b/systemd/askuser.service
index b3e863f..2e36470 100644
--- a/systemd/askuser.service
+++ b/systemd/askuser.service
@@ -12,6 +12,8 @@ TimeoutStopSec=3
 Restart=always
 
 UMask=0000
+User=security_fw
+Group=security_fw
 
 #Environment="ASKUSER_LOG_LEVEL=LOG_DEBUG"
 
-- 
2.7.4