[Model] COMMON
[BinType] AP
[Customer] OPEN
[Issue#] N/A
[Request] Internal
[Occurrence Version] N/A
[Problem] Invalid user was used for HCI logging
[Cause & Measure] As per security team guide, network_fw is used as uid
and gid for HCI logging
[Checking Method] Check UID of btmon / hcidump process
[Team] Basic connection
[Developer] Seungyoun Ju
[Solution company] Samsung
[Change Type] Specification change
Change-Id: I6aee61f3b1ea4a73ebf752ddd802876c13416dae
[Service]
Type=oneshot
-User=root
-Group=root
+User=network_fw
+Group=network_fw
+SmackProcessLabel=System
ExecStart=/usr/etc/bluetooth/bt-run-hci-logger.sh force start hcidump
ExecStop=/usr/etc/bluetooth/bt-run-hci-logger.sh force stop
RemainAfterExit=yes
Description=Service to run BT HCI logdump
[Service]
-User=system
-Group=system
+User=network_fw
+Group=network_fw
+SmackProcessLabel=System
Type=oneshot
ExecStart=/usr/etc/bluetooth/bt-hci-logdump.sh %I
StandardOutput=journal+console
[Service]
Type=oneshot
-User=root
-Group=root
+User=network_fw
+Group=network_fw
+SmackProcessLabel=System
ExecStart=/usr/etc/bluetooth/bt-run-hci-logger.sh normal start btmon
ExecStop=/usr/etc/bluetooth/bt-run-hci-logger.sh normal stop
RemainAfterExit=yes
if [ ! -e ${LOG_DIR}/old_hcidump ]
then
${MKDIR} -p ${LOG_DIR}/old_hcidump
- #Make system owner/group to allow systemd.service logging service
- ${CHOWN} -R 200:200 ${LOG_DIR}
+ # Make network_fw owner/group to allow systemd.service logging service
+ ${CHOWN} -R 551:551 ${LOG_DIR}
fi
if [ ${KEEP_OLD_DUMP} = '0' ]