From: Seungyoun Ju Date: Thu, 9 Mar 2017 09:18:04 +0000 (+0900) Subject: Modify user / group id for HCI logging X-Git-Tag: accepted/tizen/4.0/unified/20170816.013919~2 X-Git-Url: http://review.tizen.org/git/?p=platform%2Fcore%2Fconnectivity%2Fbluetooth-tools.git;a=commitdiff_plain;h=393abcb24c81a8d68e1600506038149fc7ebd0a9 Modify user / group id for HCI logging [Model] COMMON [BinType] AP [Customer] OPEN [Issue#] N/A [Request] Internal [Occurrence Version] N/A [Problem] Invalid user was used for HCI logging [Cause & Measure] As per security team guide, network_fw is used as uid and gid for HCI logging [Checking Method] Check UID of btmon / hcidump process [Team] Basic connection [Developer] Seungyoun Ju [Solution company] Samsung [Change Type] Specification change Change-Id: I6aee61f3b1ea4a73ebf752ddd802876c13416dae --- diff --git a/packaging/bluetooth-force-hci-logger.service b/packaging/bluetooth-force-hci-logger.service index 4d60e6f..1722d3c 100644 --- a/packaging/bluetooth-force-hci-logger.service +++ b/packaging/bluetooth-force-hci-logger.service @@ -3,8 +3,9 @@ Description=Service to run BT HCI logger forcefully [Service] Type=oneshot -User=root -Group=root +User=network_fw +Group=network_fw +SmackProcessLabel=System ExecStart=/usr/etc/bluetooth/bt-run-hci-logger.sh force start hcidump ExecStop=/usr/etc/bluetooth/bt-run-hci-logger.sh force stop RemainAfterExit=yes diff --git a/packaging/bluetooth-hci-dump@.service b/packaging/bluetooth-hci-dump@.service index ebba1a6..4d52723 100644 --- a/packaging/bluetooth-hci-dump@.service +++ b/packaging/bluetooth-hci-dump@.service @@ -2,8 +2,9 @@ Description=Service to run BT HCI logdump [Service] -User=system -Group=system +User=network_fw +Group=network_fw +SmackProcessLabel=System Type=oneshot ExecStart=/usr/etc/bluetooth/bt-hci-logdump.sh %I StandardOutput=journal+console diff --git a/packaging/bluetooth-hci-logger.service b/packaging/bluetooth-hci-logger.service index 5ca528d..f677940 100644 --- a/packaging/bluetooth-hci-logger.service +++ b/packaging/bluetooth-hci-logger.service @@ -3,8 +3,9 @@ Description=Service to run BT HCI logger normally [Service] Type=oneshot -User=root -Group=root +User=network_fw +Group=network_fw +SmackProcessLabel=System ExecStart=/usr/etc/bluetooth/bt-run-hci-logger.sh normal start btmon ExecStop=/usr/etc/bluetooth/bt-run-hci-logger.sh normal stop RemainAfterExit=yes diff --git a/scripts/bt-run-hci-logger.sh.in b/scripts/bt-run-hci-logger.sh.in index 30bb7da..0b8653f 100644 --- a/scripts/bt-run-hci-logger.sh.in +++ b/scripts/bt-run-hci-logger.sh.in @@ -138,8 +138,8 @@ fi if [ ! -e ${LOG_DIR}/old_hcidump ] then ${MKDIR} -p ${LOG_DIR}/old_hcidump - #Make system owner/group to allow systemd.service logging service - ${CHOWN} -R 200:200 ${LOG_DIR} + # Make network_fw owner/group to allow systemd.service logging service + ${CHOWN} -R 551:551 ${LOG_DIR} fi if [ ${KEEP_OLD_DUMP} = '0' ]