projects / platform / core / connectivity / bluetooth-tools.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1202382)
Modify user / group id for HCI logging 45/118245/1
authorSeungyoun Ju <sy39.ju@samsung.com>
Thu, 9 Mar 2017 09:18:04 +0000 (18:18 +0900)
committerSeungyoun Ju <sy39.ju@samsung.com>
Thu, 9 Mar 2017 09:18:04 +0000 (18:18 +0900)
[Model] COMMON
[BinType] AP
[Customer] OPEN

[Issue#] N/A
[Request] Internal
[Occurrence Version] N/A

[Problem] Invalid user was used for HCI logging
[Cause & Measure] As per security team guide, network_fw is used as uid
and gid for HCI logging
[Checking Method] Check UID of btmon / hcidump process

[Team] Basic connection
[Developer] Seungyoun Ju
[Solution company] Samsung
[Change Type] Specification change

Change-Id: I6aee61f3b1ea4a73ebf752ddd802876c13416dae

packaging/bluetooth-force-hci-logger.service patch | blob | history
packaging/bluetooth-hci-dump@.service patch | blob | history
packaging/bluetooth-hci-logger.service patch | blob | history
scripts/bt-run-hci-logger.sh.in patch | blob | history

diff --git a/packaging/bluetooth-force-hci-logger.service b/packaging/bluetooth-force-hci-logger.service
index 4d60e6f..1722d3c 100644 (file)
--- a/packaging/bluetooth-force-hci-logger.service
+++ b/packaging/bluetooth-force-hci-logger.service
@@ -3,8 +3,9 @@ Description=Service to run BT HCI logger forcefully
 
 [Service]
 Type=oneshot
-User=root
-Group=root
+User=network_fw
+Group=network_fw
+SmackProcessLabel=System
 ExecStart=/usr/etc/bluetooth/bt-run-hci-logger.sh force start hcidump
 ExecStop=/usr/etc/bluetooth/bt-run-hci-logger.sh force stop
 RemainAfterExit=yes
diff --git a/packaging/bluetooth-hci-dump@.service b/packaging/bluetooth-hci-dump@.service
index ebba1a6..4d52723 100644 (file)
--- a/packaging/bluetooth-hci-dump@.service
+++ b/packaging/bluetooth-hci-dump@.service
@@ -2,8 +2,9 @@
 Description=Service to run BT HCI logdump
 
 [Service]
-User=system
-Group=system
+User=network_fw
+Group=network_fw
+SmackProcessLabel=System
 Type=oneshot
 ExecStart=/usr/etc/bluetooth/bt-hci-logdump.sh %I
 StandardOutput=journal+console
diff --git a/packaging/bluetooth-hci-logger.service b/packaging/bluetooth-hci-logger.service
index 5ca528d..f677940 100644 (file)
--- a/packaging/bluetooth-hci-logger.service
+++ b/packaging/bluetooth-hci-logger.service
@@ -3,8 +3,9 @@ Description=Service to run BT HCI logger normally
 
 [Service]
 Type=oneshot
-User=root
-Group=root
+User=network_fw
+Group=network_fw
+SmackProcessLabel=System
 ExecStart=/usr/etc/bluetooth/bt-run-hci-logger.sh normal start btmon
 ExecStop=/usr/etc/bluetooth/bt-run-hci-logger.sh normal stop
 RemainAfterExit=yes
diff --git a/scripts/bt-run-hci-logger.sh.in b/scripts/bt-run-hci-logger.sh.in
index 30bb7da..0b8653f 100644 (file)
--- a/scripts/bt-run-hci-logger.sh.in
+++ b/scripts/bt-run-hci-logger.sh.in
@@ -138,8 +138,8 @@ fi
 if [ ! -e ${LOG_DIR}/old_hcidump ]
 then
    ${MKDIR} -p ${LOG_DIR}/old_hcidump
-   #Make system owner/group to allow systemd.service logging service
-   ${CHOWN} -R 200:200 ${LOG_DIR}
+   # Make network_fw owner/group to allow systemd.service logging service
+   ${CHOWN} -R 551:551 ${LOG_DIR}
 fi
 
 if [ ${KEEP_OLD_DUMP} = '0' ]
Domain: Network & Connectivity / Bluetooth;