#!/bin/bash

PATH=/bin:/usr/bin:/sbin:/usr/sbin

## Setting capability in binary image creation stage(via mic)

# Package		sdbd
# Owner 		Jeeho Yoo(jeeho.yoo@samsung.com)
# Date			May 24, 2016
# Required		cap_setuid, cap_setgid
# cap_setuid		set user id per each user logged in
# cap_setgid		set group id following user id

# Owner			Changseok Oh(seok.oh@samsung.com)
# Date			June 23, 2016
# Required		cap_setuid, cap_dac_override, cap_sys_admin
# cap_setuid		set child process's uid to root
# cap_dac_override	bypass permission check at pull/push
# cap_sys_admin		remount at rpm installation

if [ -e "/usr/sbin/sdbd" ]
then /usr/sbin/setcap cap_setuid,cap_setgid,cap_dac_override,cap_sys_admin=eip /usr/sbin/sdbd
fi

# Package		alarm-server
# Owner 		Jiwoong Im(jiwoong.im@samsung.com)
# Date			May 24, 2016
# Required		cap_sys_time
# cap_sys_time		settimeofday() system call and rtc setting time need privilege; CAP_SYS_TIME

if [ -e "/usr/bin/alarm-server" ]
then /usr/sbin/setcap cap_sys_time=eip /usr/bin/alarm-server
fi

# Package		download-provider
# Owner 		Jaekuk Lee(juku1999@samsung.com)
# Date			May 24, 2016
# Required		cap_chown, cap_dac_override
# cap_chown		needs to change owner of downloaded file from download-provider to application
# cap_dac_override	needs to access directory which user id is different (override DAC permission)

if [ -e "/usr/bin/download-provider" ]
then /usr/sbin/setcap cap_chown,cap_dac_override=eip /usr/bin/download-provider
fi

# Package		media-server
# Owner 		Minje Ahn(minje.ahn@samsung.com)
# Date			May 27, 2016
# Required		cap_dac_override
# cap_dac_override	media-server needs to access client's directory	defined as each client's uid and gid
#			in case of providing its capi; thumbnail_util_extract() (providing thumbnail requested by client)
#			client would be another service daemon and application

if [ -e "/usr/bin/media-server" ]
then /usr/sbin/setcap cap_dac_override=eip /usr/bin/media-server
fi

# Package		csr-server
# Owner 		Kyungwook Tak(k.tak@samsung.com)
# Date			June 17, 2016
# Required		cap_dac_override, cap_fowner
# cap_dac_override	csr-server needs to access application's directory for scanning and removing file
# cap_fowner		csr-server needs to remove files set with sticky bit in /tmp (rwxrwxrwt)

if [ -e "/usr/bin/csr-server" ]
then /usr/sbin/setcap cap_dac_override,cap_fowner=eip /usr/bin/csr-server
fi

# Package        	msg-server
# Owner        		Kyeonghun Lee(kh9090.lee@samsung.com)
# Date            	June 28, 2016
# Required        	cap_chown, cap_dac_override, cap_lease, cap_net_admin, cap_net_raw
# cap_net_admin    	Interface binding in case of using curl api (mms sending/receiving)
# cap_net_raw        	Bind to any address for proxying in using RAW and PACKET sockets (mms sending/receiving)
# cap_chown		For change uid or gid chown file
# cap_dac_override	For access fstat file operation
# cap_lease		Establish leases on arbitrary files

if [ -e "/usr/bin/msg-server" ]
then /usr/sbin/setcap cap_chown,cap_dac_override,cap_lease,cap_net_admin,cap_net_raw=eip /usr/bin/msg-server
fi

# Package        	pkgmgr-server
# Owner        		Jongmyeong Ko(jongmyeong.ko@samsung.com)
# Date            	June 30, 2016
# Required        	cap_chown, cap_dac_override, cap_fsetid, cap_kill, cap_setgid, cap_setuid
# cap_chown		fchown : change owner
# cap_dac_override	Access user and global database file of package manager
# cap_fsetid		fchmod : change mode
# cap_kill		killpg function
# cap_setgid		setgid and setgroups function
# cap_setuid		setuid function

if [ -e "/usr/bin/pkgmgr-server" ]
then /usr/sbin/setcap cap_chown,cap_dac_override,cap_fsetid,cap_kill,cap_setgid,cap_setuid=eip /usr/bin/pkgmgr-server
fi

# Package		app-installers
# Owner			Sangyoun Jang(s89.jang@samsung.com)
# Date			Jul 04, 2016
# Required		cap_dac_override, cap_chown, cap_fowner
# cap_dac_override	access to /home/$USER/apps_rw
# cap_chown		use chown API
# cap_fowner		use chmod API

if [ -e "/usr/bin/pkgdir-tool" ]
then /usr/sbin/setcap cap_dac_override,cap_chown,cap_fowner=eip /usr/bin/pkgdir-tool
fi

# Package		mused
# Owner			Younghoon Kim(yh8004.kim@samsung.com)
# Date			Jul 07, 2016
# Required		cap_dac_override
# cap_dac_override	access to directories of applications

if [ -e "/usr/bin/muse-server" ]
then /usr/sbin/setcap cap_dac_override=eip /usr/bin/muse-server
fi

# Package		gpsd
# Owner			kyoungjun sung(kj7.sung@samsung.com)
# Date			Aug 03, 2016
# Required		cap_dac_override
# cap_dac_override	access to /dev/ directory

if [ -e "/usr/bin/gpsd" ]
then /usr/sbin/setcap cap_dac_override=eip /usr/bin/gpsd
fi

# Package		tpk-backend
# Owner			Jongmyeong Ko(jongmyeong.ko@samsung.com)
# Date			Aug 10, 2016
# Required		cap_dac_override, cap_chown, cap_fowner
# cap_dac_override	access to /home/$USER/apps_rw
# cap_chown		use chown API
# cap_fowner		use chmod API

if [ -e "/usr/bin/tpk-backend" ]
then /usr/sbin/setcap cap_dac_override,cap_chown,cap_fowner=eip /usr/bin/tpk-backend
fi

# Package		wgt-backend
# Owner			Jongmyeong Ko(jongmyeong.ko@samsung.com)
# Date			Aug 10, 2016
# Required		cap_dac_override, cap_chown, cap_fowner
# cap_dac_override	access to /home/$USER/apps_rw
# cap_chown		use chown API
# cap_fowner		use chmod API

if [ -e "/usr/bin/wgt-backend" ]
then /usr/sbin/setcap cap_dac_override,cap_chown,cap_fowner=eip /usr/bin/wgt-backend
fi

# Package		xdelta3
# Owner			Jongmyeong Ko(jongmyeong.ko@samsung.com)
# Date			Aug 10, 2016
# Required		cap_dac_override
# cap_dac_override	access to /home/$USER/apps_rw

if [ -e "/usr/bin/xdelta3" ]
then /usr/sbin/setcap cap_dac_override=eip /usr/bin/xdelta3
fi

# Package               deviced-vibrator
# Owner                 Pureum Jung(pr.jung@samsung.com)
# Date                  Sep 2, 2016
# Required              cap_dac_override
# cap_dac_override      to access input event node

if [ -e "/usr/bin/deviced-vibrator" ]
then /usr/sbin/setcap cap_dac_override=eip /usr/bin/deviced-vibrator
fi

# Package		connmand
# Owner			Hyunuk Tak(hyunuk.tak@samsung.com)
# Date			Oct 7, 2016
# Required		cap_dac_override,cap_net_admin,cap_net_bind_service,cap_net_broadcast,cap_net_raw
# cap_dac_override	to access ip address files in sys and proc file system
# cap_net_admin		network interface configruration
# cap_net_bind_service	to execute bind() function
# cap_net_broadcast	to make socket broadcasts, and listen to multicasts
# cap_net_raw		to use RAW socket

if [ -e "/usr/sbin/connmand" ]
then /usr/sbin/setcap cap_dac_override,cap_net_admin,cap_net_bind_service,cap_net_broadcast,cap_net_raw=eip /usr/sbin/connmand
fi

# Package		net-config
# Owner			Hyunuk Tak(hyunuk.tak@samsung.com)
# Date			Oct 7, 2016
# Required		cap_dac_override, cap_net_admin
# cap_dac_override	create log file inside /var/log directory
# cap_net_admin		scan wifi AP

if [ -e "/usr/sbin/net-config" ]
then /usr/sbin/setcap cap_dac_override,cap_net_admin=eip /usr/sbin/net-config
fi

# Package		wpa_supplicant
# Onwer			Hyunuk Tak(hyunuk.tak@samsung.com)
# Date			Oct 7, 2016
# Required		cap_net_admin, cap_net_raw
# cap_net_admin		network interface configruration
# cap_net_raw		to use RAW socket

if [ -e "/usr/sbin/wpa_supplicant" ]
then /usr/sbin/setcap cap_net_admin,cap_net_raw=eip /usr/sbin/wpa_supplicant
fi

# Package		mobileap-agent
# Onwer			Seonah Moon(seonah1.moon@samsung.com)
# Date			Oct 7, 2016
# Required		cap_dac_override, cap_fowner, cap_net_admin, cap_net_bind_service
# cap_dac_override	network interface configruration
# cap_fowner		network interface configruration
# cap_net_admin		to use ioctl socket
# cap_net_bind_service	to call bind

if [ -e "/usr/bin/mobileap-agent" ]
then /usr/sbin/setcap cap_dac_override,cap_fowner,cap_net_admin,cap_net_bind_service=eip /usr/bin/mobileap-agent
fi

# Package		wpa_supplicant
# Onwer			Seonah Moon(seonah1.moon@samsung.com)
# Date			Oct 7, 2016
# Required		cap_dac_override, cap_net_admin, cap_net_bind_service, cap_net_raw, cap_fowner
# cap_dac_override	network interface configruration
# cap_net_admin		to use ioctl socket
# cap_net_bind_service 	to call bind
# cap_net_raw		to use RAW socket
# cap_fowner		network interface configruration

if [ -e "/usr/sbin/hostapd" ]
then /usr/sbin/setcap cap_dac_override,cap_net_admin,cap_net_bind_service,cap_net_raw,cap_fowner=eip /usr/sbin/hostapd
fi

# Package		dnsmasq
# Onwer			Seonah Moon(seonah1.moon@samsung.com)
# Date			Oct 7, 2016
# Required		cap_dac_override, cap_net_bind_service, cap_net_broadcast, cap_net_admin
# Capability Bit	only effective and inheriable
# cap_dac_override	network interface configruration
# cap_net_admin		to use ioctl socket
# cap_net_bind_service	to call bind
# cap_net_broadcast	to make socket broadcasts, and listen to multicasts

if [ -e "/usr/bin/dnsmasq" ]
then /usr/sbin/setcap cap_dac_override,cap_net_admin,cap_net_bind_service,cap_net_broadcast=ei /usr/bin/dnsmasq
fi

# Package		iproute2
# Onwer			Seonah Moon(seonah1.moon@samsung.com)
# Date			Oct 7, 2016
# Required		cap_net_admin
# Capability Bit	only effective and inheriable
# cap_net_admin		to use ioctl socket

if [ -e "/usr/sbin/ip" ]
then /usr/sbin/setcap cap_net_admin=ei /usr/sbin/ip
fi

# Package		iptables
# Onwer			Seonah Moon(seonah1.moon@samsung.com)
# Date			Oct 7, 2016
# Required		cap_dac_override, cap_sys_admin, cap_net_admin, cap_net_raw
# Capability Bit	only effective and inheriable
# cap_dac_override	network interface configruration
# cap_net_admin		to use ioctl socket
# cap_net_raw		to use RAW socket
# cap_sys_admin		to initialize iptables table

if [ -e "/usr/sbin/xtables-multi" ]
then /usr/sbin/setcap cap_dac_override,cap_net_admin,cap_net_raw,cap_sys_admin=ei /usr/sbin/xtables-multi
fi

# Package               chmod
# Onwer                 Changyeon Lee(cyeon.lee@samsung.com)
# Date                  Oct 11, 2016
# Required              cap_fowner
# Capability Bit        only effective and inheriable
# cap_fowner		to pass permisstion check

if [ -e "/usr/bin/chmod" ]
then /usr/sbin/setcap cap_fowner=ei /usr/bin/chmod
fi

# Package               chgrp
# Onwer                 Changyeon Lee(cyeon.lee@samsung.com)
# Date                  Oct 11, 2016
# Required              cap_chown
# Capability Bit        only effective and inheriable
# cap_fowner		to change files UIDs and GID

if [ -e "/usr/bin/chgrp" ]
then /usr/sbin/setcap cap_chown=ei /usr/bin/chgrp
fi

# Package               touch
# Onwer                 SooYoung Ha(yoosah.ha@samsung.com)
# Date                  Oct 13, 2016
# Required              cap_dac_override
# Capability Bit        only effective and inheriable
# cap_dac_override      to access file

if [ -e "/bin/touch" ]
then /usr/sbin/setcap cap_dac_override=ei /bin/touch
fi

# Package               amixer
# Onwer                 SooYoung Ha(yoosah.ha@samsung.com)
# Date                  Oct 13, 2016
# Required              cap_dac_override
# Capability Bit        only effective and inheriable
# cap_dac_override	to access file

if [ -e "/usr/bin/amixer" ]
then /usr/sbin/setcap cap_dac_override=ei /usr/bin/amixer
fi

# Package               boot-animation
# Onwer                 Junkyu Han(junkyu.han@samsung.net)
# Date                  Aug 16, 2016
# Required              cap_dac_override
# cap_dac_override	to override dac permission for accessing to display group

if [ -e "/usr/bin/boot-animation" ]
then /usr/sbin/setcap cap_dac_override=eip /usr/bin/boot-animation
fi
