diff options
| author | taesub kim <taesub.kim@samsung.com> | 2017-06-22 17:49:20 +0900 |
|---|---|---|
| committer | taesub kim <taesub.kim@samsung.com> | 2017-07-20 15:51:29 +0900 |
| commit | e4544ee49501928e15c2174d1e4936dc6ff7d97e (patch) | |
| tree | fc25dab6d28a737344467b8924e0667bcb5adae7 /src | |
| parent | ce407f97aed0fdba65b5d881ef19cd7ee5e7abeb (diff) | |
| download | connman-e4544ee49501928e15c2174d1e4936dc6ff7d97e.tar.gz connman-e4544ee49501928e15c2174d1e4936dc6ff7d97e.tar.bz2 connman-e4544ee49501928e15c2174d1e4936dc6ff7d97e.zip | |
Migrate root daemon to non rootsubmit/tizen/20170724.063335
Change-Id: I0d0afacc8a11fadc8128f6eef3f64f7a4ca8675b
Signed-off-by: Taesub Kim <taesub.kim@samsung.com>
Diffstat (limited to 'src')
| -rwxr-xr-x | src/connman-dbus.conf | 13 | ||||
| -rwxr-xr-x | src/connman-polkit.conf | 6 | ||||
| -rw-r--r-- | src/connman.conf | 6 | ||||
| -rwxr-xr-x | src/connman.service.in | 8 | ||||
| -rw-r--r-- | src/connman_tv.service.in | 8 | ||||
| -rwxr-xr-x | src/log.c | 2 | ||||
| -rwxr-xr-x | src/net.connman.service.in | 3 |
7 files changed, 38 insertions, 8 deletions
diff --git a/src/connman-dbus.conf b/src/connman-dbus.conf index 98a773ea..29106dc7 100755 --- a/src/connman-dbus.conf +++ b/src/connman-dbus.conf @@ -6,6 +6,19 @@ <allow send_destination="net.connman"/> <allow send_interface="net.connman.Agent"/> <allow send_interface="net.connman.Counter"/> + <allow send_interface="net.connman.Manager"/> + <allow send_interface="net.connman.Service"/> + <allow send_interface="net.connman.Technology"/> + <allow send_interface="net.connman.Notification"/> + </policy> + <policy user="network_fw"> + <allow own="net.connman"/> + <allow send_destination="net.connman"/> + <allow send_interface="net.connman.Agent"/> + <allow send_interface="net.connman.Counter"/> + <allow send_interface="net.connman.Manager"/> + <allow send_interface="net.connman.Service"/> + <allow send_interface="net.connman.Technology"/> <allow send_interface="net.connman.Notification"/> </policy> <policy at_console="true"> diff --git a/src/connman-polkit.conf b/src/connman-polkit.conf index b13d339b..03154faf 100755 --- a/src/connman-polkit.conf +++ b/src/connman-polkit.conf @@ -7,6 +7,12 @@ <allow send_interface="net.connman.Counter"/> <allow send_interface="net.connman.Notification"/> </policy> + <policy user="network_fw"> + <allow own="net.connman"/> + <allow send_interface="net.connman.Agent"/> + <allow send_interface="net.connman.Counter"/> + <allow send_interface="net.connman.Notification"/> + </policy> <policy context="default"> <allow send_destination="net.connman"/> </policy> diff --git a/src/connman.conf b/src/connman.conf index 0aa2ed20..f3bde768 100644 --- a/src/connman.conf +++ b/src/connman.conf @@ -4,6 +4,12 @@ <policy user="root"> <allow own="net.connman"/> <allow send_destination="net.connman"/> + <allow send_type="signal"/> + </policy> + <policy user="network_fw"> + <allow own="net.connman"/> + <allow send_destination="net.connman"/> + <allow send_type="signal"/> </policy> <policy context="default"> <check send_destination="net.connman" send_interface="net.connman.Manager" send_member="GetTechnologies" privilege="http://tizen.org/privilege/network.get" /> diff --git a/src/connman.service.in b/src/connman.service.in index 3bc442a5..cc964e25 100755 --- a/src/connman.service.in +++ b/src/connman.service.in @@ -5,13 +5,15 @@ DefaultDependencies=no [Service] Type=dbus +User=network_fw +Group=network_fw BusName=net.connman Restart=on-failure SmackProcessLabel=System -ExecStart=@sbindir@/connmand -n --noplugin vpn +ExecStart=@bindir@/connmand -n --noplugin vpn StandardOutput=null -CapabilityBoundingSet=~CAP_MAC_ADMIN -CapabilityBoundingSet=~CAP_MAC_OVERRIDE +Capabilities=cap_net_admin,cap_net_bind_service,cap_net_broadcast,cap_net_raw=i +SecureBits=keep-caps [Install] WantedBy=multi-user.target diff --git a/src/connman_tv.service.in b/src/connman_tv.service.in index 3bc442a5..cc964e25 100644 --- a/src/connman_tv.service.in +++ b/src/connman_tv.service.in @@ -5,13 +5,15 @@ DefaultDependencies=no [Service] Type=dbus +User=network_fw +Group=network_fw BusName=net.connman Restart=on-failure SmackProcessLabel=System -ExecStart=@sbindir@/connmand -n --noplugin vpn +ExecStart=@bindir@/connmand -n --noplugin vpn StandardOutput=null -CapabilityBoundingSet=~CAP_MAC_ADMIN -CapabilityBoundingSet=~CAP_MAC_OVERRIDE +Capabilities=cap_net_admin,cap_net_bind_service,cap_net_broadcast,cap_net_raw=i +SecureBits=keep-caps [Install] WantedBy=multi-user.target @@ -42,7 +42,7 @@ static const char *program_path; #include <sys/stat.h> #include <sys/time.h> -#define LOG_FILE_PATH "/var/log/connman.log" +#define LOG_FILE_PATH "/opt/usr/data/network/connman.log" #define MAX_LOG_SIZE 1 * 1024 * 1024 #define MAX_LOG_COUNT 1 diff --git a/src/net.connman.service.in b/src/net.connman.service.in index 9679c1be..990eb66b 100755 --- a/src/net.connman.service.in +++ b/src/net.connman.service.in @@ -1,5 +1,6 @@ [D-BUS Service] Name=net.connman Exec=/bin/false -User=root +User=network_fw +Group=network_fw SystemdService=connman.service |