rebase - https://review.tizen.org/gerrit/#/c/139065/
Change-Id: I1506bd31c8ed8d737612bb560094ddce559b4491
Signed-off-by: Taesub Kim <taesub.kim@samsung.com>
PROJECT(net-config C)
SET(PACKAGE ${PROJECT_NAME})
SET(PREFIX ${CMAKE_INSTALL_PREFIX})
PROJECT(net-config C)
SET(PACKAGE ${PROJECT_NAME})
SET(PREFIX ${CMAKE_INSTALL_PREFIX})
-SET(BINDIR "${PREFIX}/sbin")
+SET(BINDIR "${PREFIX}/bin")
SET(DATADIR "${PREFIX}/share")
SET(LIBDIR "${PREFIX}/${LIB_PATH}")
SET(INTERFACES "${CMAKE_SOURCE_DIR}/interfaces")
SET(DATADIR "${PREFIX}/share")
SET(LIBDIR "${PREFIX}/${LIB_PATH}")
SET(INTERFACES "${CMAKE_SOURCE_DIR}/interfaces")
TARGET_LINK_LIBRARIES(${PROJECT_NAME} ${pkgs_LDFLAGS} ${PCAP_LIB} "-ldl")
INSTALL(TARGETS ${PROJECT_NAME} DESTINATION ${BINDIR})
TARGET_LINK_LIBRARIES(${PROJECT_NAME} ${pkgs_LDFLAGS} ${PCAP_LIB} "-ldl")
INSTALL(TARGETS ${PROJECT_NAME} DESTINATION ${BINDIR})
+INSTALL(FILES ${CMAKE_SOURCE_DIR}/config/security-network-config.conf DESTINATION /usr/lib/tmpfiles.d/)
ADD_SUBDIRECTORY(plugin/headed)
ADD_SUBDIRECTORY(plugin/headed)
--- /dev/null
+z /sys/module/dhd/parameters/firmware_path 0660 root network_fw -
+z /sys/module/dhd/parameters/nvram_path 0660 root network_fw -
chsmack -a 'System::Shared' %{TZ_SYS_ETC}/resolv.conf
#Network logs
chsmack -a 'System::Shared' %{TZ_SYS_ETC}/resolv.conf
#Network logs
-#mkdir -p /opt/usr/data/network
-#chmod 755 /opt/usr/data/network
+mkdir -p /opt/usr/data/network
+chmod 755 /opt/usr/data/network
+chown network_fw:network_fw /opt/usr/data/network
#chsmack -a 'System' /opt/usr/data/network
#Add net-config.service to systemd extra default dependency ignore list
#chsmack -a 'System' /opt/usr/data/network
#Add net-config.service to systemd extra default dependency ignore list
%files
%manifest net-config.manifest
%files
%manifest net-config.manifest
-%attr(500,root,root) %{_sbindir}/*
-%attr(644,root,root) %{_sysconfdir}/resolv.conf
-%attr(644,root,root) %{TZ_SYS_ETC}/resolv.conf
-%attr(644,root,root) /usr/share/upgrade/data/resolv.conf
-%attr(644,root,root) %{_datadir}/dbus-1/system-services/*
+%attr(500,network_fw,network_fw) %{_bindir}/*
+%attr(644,network_fw,network_fw) %{_sysconfdir}/resolv.conf
+%attr(644,network_fw,network_fw) %{TZ_SYS_ETC}/resolv.conf
+%attr(644,network_fw,network_fw) /usr/share/upgrade/data/resolv.conf
+%attr(644,network_fw,network_fw) %{_datadir}/dbus-1/system-services/*
-%attr(644,root,root) %{_sysconfdir}/dbus-1/system.d/*
-%attr(644,root,root) %{_libdir}/systemd/system/net-config.service
-%attr(644,root,root) %{_libdir}/systemd/system/multi-user.target.wants/net-config.service
+%attr(644,network_fw,network_fw) %{_sysconfdir}/dbus-1/system.d/*
+%attr(644,network_fw,network_fw) %{_libdir}/systemd/system/net-config.service
+%attr(644,network_fw,network_fw) %{_libdir}/systemd/system/multi-user.target.wants/net-config.service
%if "%{?_lib}" == "lib64"
%if "%{?_lib}" == "lib64"
-%attr(644,root,root) %{_unitdir}/net-config.service
-%attr(644,root,root) %{_unitdir}/multi-user.target.wants/net-config.service
+%attr(644,network_fw,network_fw) %{_unitdir}/net-config.service
+%attr(644,network_fw,network_fw) %{_unitdir}/multi-user.target.wants/net-config.service
%endif
%license LICENSE
%if 0%{?model_build_feature_wlan_wearable} == 1
%endif
%license LICENSE
%if 0%{?model_build_feature_wlan_wearable} == 1
-%attr(700,root,root) /usr/system/RestoreDir/softreset/network_softreset.sh
+%attr(700,network_fw,network_fw) /usr/system/RestoreDir/softreset/network_softreset.sh
%endif
%{upgrade_script_path}/500.netconfig_upgrade.sh
%endif
%{upgrade_script_path}/500.netconfig_upgrade.sh
mv %{_unitdir}/net-config.service.tv %{_unitdir}/net-config.service
%endif
%files profile_tv
mv %{_unitdir}/net-config.service.tv %{_unitdir}/net-config.service
%endif
%files profile_tv
-%attr(644,root,root) %{_libdir}/udev/rules.d/99-wifiusb-dev.rules
-%attr(644,root,root) %{_libdir}/systemd/system/net-config.service.tv
+%attr(644,network_fw,network_fw) %{_libdir}/udev/rules.d/99-wifiusb-dev.rules
+%attr(644,network_fw,network_fw) %{_libdir}/systemd/system/net-config.service.tv
%if "%{?_lib}" == "lib64"
%if "%{?_lib}" == "lib64"
-%attr(644,root,root) %{_unitdir}/net-config.service.tv
+%attr(644,network_fw,network_fw) %{_unitdir}/net-config.service.tv
%endif
%files plugin-headed
%manifest net-config.manifest
%endif
%files plugin-headed
%manifest net-config.manifest
-%attr(500,root,root) %{_libdir}/net-config-plugin-headed.so
+%attr(500,network_fw,network_fw) %{_libdir}/net-config-plugin-headed.so
+%attr(644,network_fw,network_fw) /usr/lib/tmpfiles.d/security-network-config.conf
<allow own="net.netconfig"/>
<allow send_destination="net.netconfig"/>
</policy>
<allow own="net.netconfig"/>
<allow send_destination="net.netconfig"/>
</policy>
+ <policy user="network_fw">
+ <allow own="net.netconfig"/>
+ <allow send_destination="net.netconfig"/>
+ </policy>
<policy context="default">
<check send_destination="net.netconfig" send_interface="net.netconfig.network" send_member="AddRoute" privilege="http://tizen.org/privilege/network.set" />
<check send_destination="net.netconfig" send_interface="net.netconfig.network" send_member="RemoveRoute" privilege="http://tizen.org/privilege/network.set" />
<policy context="default">
<check send_destination="net.netconfig" send_interface="net.netconfig.network" send_member="AddRoute" privilege="http://tizen.org/privilege/network.set" />
<check send_destination="net.netconfig" send_interface="net.netconfig.network" send_member="RemoveRoute" privilege="http://tizen.org/privilege/network.set" />
+User=network_fw
+Group=network_fw
-ExecStart=/usr/sbin/net-config
+ExecStart=/usr/bin/net-config
-CapabilityBoundingSet=~CAP_MAC_ADMIN
-CapabilityBoundingSet=~CAP_MAC_OVERRIDE
+Capabilities=cap_net_admin,cap_net_raw=i
+SecureBits=keep-caps
[Install]
WantedBy=multi-user.target
[Install]
WantedBy=multi-user.target
+User=network_fw
+Group=network_fw
BusName=net.netconfig
RemainAfterExit=yes
BusName=net.netconfig
RemainAfterExit=yes
-ExecStartPre=-/usr/sbin/net-config.service
-ExecStart=/usr/sbin/net-config
-CapabilityBoundingSet=~CAP_MAC_ADMIN
-CapabilityBoundingSet=~CAP_MAC_OVERRIDE
+ExecStartPre=-/usr/bin/net-config.service
+ExecStart=/usr/bin/net-config
+Capabilities=cap_net_admin,cap_net_raw=i
+SecureBits=keep-caps
[Install]
WantedBy=multi-user.target
[Install]
WantedBy=multi-user.target
[D-BUS Service]
Name=net.netconfig
[D-BUS Service]
Name=net.netconfig
-Exec=/usr/sbin/net-config
-User=root
+Exec=/usr/bin/net-config
+User=network_fw
+Group=network_fw
Name=net.netconfig
Exec=/bin/false
SystemdService=net-config.service
Name=net.netconfig
Exec=/bin/false
SystemdService=net-config.service
+User=network_fw
+Group=network_fw
-#define LOG_FILE_PATH "/var/log/netconfig.log"
+#define LOG_FILE_PATH "/opt/usr/data/network/netconfig.log"
#define MAX_LOG_SIZE 1 * 1024 * 1024
#define MAX_LOG_COUNT 1
#define MAX_LOG_SIZE 1 * 1024 * 1024
#define MAX_LOG_COUNT 1
#include "wifi-background-scan.h"
#include "wifi-background-scan.h"
-#define WLAN_SUPPLICANT_SCRIPT "/usr/sbin/wpa_supp.sh"
-#define P2P_SUPPLICANT_SCRIPT "/usr/sbin/p2p_supp.sh"
+#define WLAN_SUPPLICANT_SCRIPT "/usr/bin/wpa_supp.sh"
+#define P2P_SUPPLICANT_SCRIPT "/usr/bin/p2p_supp.sh"
#define VCONF_WIFI_OFF_STATE_BY_AIRPLANE "file/private/wifi/wifi_off_by_airplane"
#define VCONF_WIFI_OFF_STATE_BY_RESTRICTED "file/private/wifi/wifi_off_by_restricted"
#define VCONF_WIFI_OFF_STATE_BY_AIRPLANE "file/private/wifi/wifi_off_by_airplane"
#define VCONF_WIFI_OFF_STATE_BY_RESTRICTED "file/private/wifi/wifi_off_by_restricted"
{
int rv = 0;
const char *path = WLAN_SUPPLICANT_SCRIPT;
{
int rv = 0;
const char *path = WLAN_SUPPLICANT_SCRIPT;
- char *const args_enable[] = { "/usr/sbin/wpa_supp.sh", "start", NULL };
- char *const args_disable[] = { "/usr/sbin/wpa_supp.sh", "stop", NULL };
+ char *const args_enable[] = { "/usr/bin/wpa_supp.sh", "start", NULL };
+ char *const args_disable[] = { "/usr/bin/wpa_supp.sh", "stop", NULL };
char *const envs[] = { NULL };
static gboolean enabled = FALSE;
char *const envs[] = { NULL };
static gboolean enabled = FALSE;