#!/bin/bash

PATH=/bin:/usr/bin:/sbin:/usr/sbin

## Setting capability in binary image creation stage(via mic)

# Package		sdbd
# Owner 		Jeeho Yoo(jeeho.yoo@samsung.com)
# Date			May 24, 2016
# Required		cap_setuid, cap_setgid
# cap_setuid		set user id per each user logged in
# cap_setgid		set group id following user id

# Owner			Changseok Oh(seok.oh@samsung.com)
# Date			June 23, 2016
# Required		cap_setuid, cap_dac_override, cap_sys_admin
# cap_setuid		set child process's uid to root
# cap_dac_override	bypass permission check at pull/push
# cap_sys_admin		remount at rpm installation

if [ -e "/usr/sbin/sdbd" ]
then /usr/sbin/setcap cap_setuid,cap_setgid,cap_dac_override,cap_sys_admin=eip /usr/sbin/sdbd
fi

# Package		alarm-server
# Owner 		Jiwoong Im(jiwoong.im@samsung.com)
# Date			May 24, 2016
# Required		cap_sys_time
# cap_sys_time		settimeofday() system call and rtc setting time need privilege; CAP_SYS_TIME

if [ -e "/usr/bin/alarm-server" ]
then /usr/sbin/setcap cap_sys_time=eip /usr/bin/alarm-server
fi

# Package		download-provider
# Owner 		Jaekuk Lee(juku1999@samsung.com)
# Date			May 24, 2016
# Required		cap_chown, cap_dac_override
# cap_chown		needs to change owner of downloaded file from download-provider to application
# cap_dac_override	needs to access directory which user id is different (override DAC permission)

if [ -e "/usr/bin/download-provider" ]
then /usr/sbin/setcap cap_chown,cap_dac_override=eip /usr/bin/download-provider
fi

# Package		media-server
# Owner 		Minje Ahn(minje.ahn@samsung.com)
# Date			May 27, 2016
# Required		cap_dac_override
# cap_dac_read_search	media-server needs to access client's directory	defined as each client's uid and gid
#			in case of providing its capi; thumbnail_util_extract() (providing thumbnail requested by client)
#			client would be another service daemon and application

if [ -e "/usr/bin/media-server" ]
then /usr/sbin/setcap cap_dac_read_search=eip /usr/bin/media-server
fi

# Package		csr-server
# Owner 		Kyungwook Tak(k.tak@samsung.com)
# Date			June 17, 2016
# Required		cap_dac_override, cap_fowner
# cap_dac_override	csr-server needs to access application's directory for scanning and removing file
# cap_fowner		csr-server needs to remove files set with sticky bit in /tmp (rwxrwxrwt)

if [ -e "/usr/bin/csr-server" ]
then /usr/sbin/setcap cap_dac_override,cap_fowner=eip /usr/bin/csr-server
fi

# Package        	msg-server
# Owner        		Kyeonghun Lee(kh9090.lee@samsung.com)
# Date            	June 28, 2016
# Required        	cap_chown, cap_dac_override, cap_lease, cap_net_admin, cap_net_raw
# cap_net_admin    	Interface binding in case of using curl api (mms sending/receiving)
# cap_net_raw        	Bind to any address for proxying in using RAW and PACKET sockets (mms sending/receiving)
# cap_chown		For change uid or gid chown file
# cap_lease		Establish leases on arbitrary files

if [ -e "/usr/bin/msg-server" ]
then /usr/sbin/setcap cap_chown,cap_lease,cap_net_admin,cap_net_raw=eip /usr/bin/msg-server
fi

# Package        	pkgmgr-server
# Owner        		Jongmyeong Ko(jongmyeong.ko@samsung.com)
# Date            	June 30, 2016
# Required        	cap_chown, cap_dac_override, cap_fsetid, cap_kill, cap_setgid, cap_setuid
# cap_chown		fchown : change owner
# cap_dac_override	Access user and global database file of package manager
# cap_fsetid		fchmod : change mode
# cap_kill		killpg function
# cap_setgid		setgid and setgroups function
# cap_setuid		setuid function

if [ -e "/usr/bin/pkgmgr-server" ]
then /usr/sbin/setcap cap_chown,cap_dac_override,cap_fsetid,cap_kill,cap_setgid,cap_setuid=eip /usr/bin/pkgmgr-server
fi

# Package		app-installers
# Owner			Sangyoun Jang(s89.jang@samsung.com)
# Date			Jul 04, 2016
# Required		cap_dac_override, cap_chown, cap_fowner
# cap_dac_override	access to /home/$USER/apps_rw
# cap_chown		use chown API
# cap_fowner		use chmod API

if [ -e "/usr/bin/pkgdir-tool" ]
then /usr/sbin/setcap cap_dac_override,cap_chown,cap_fowner=eip /usr/bin/pkgdir-tool
fi

# Package		mused
# Owner			Younghoon Kim(yh8004.kim@samsung.com)
# Date			Jul 07, 2016
# Required		cap_dac_override
# cap_dac_override	access to directories of applications

if [ -e "/usr/bin/muse-server" ]
then /usr/sbin/setcap cap_dac_override=eip /usr/bin/muse-server
fi

# Package		gpsd
# Owner			kyoungjun sung(kj7.sung@samsung.com)
# Date			Aug 03, 2016
# Required		cap_dac_override
# cap_dac_override	access to /dev/ directory

if [ -e "/usr/bin/gpsd" ]
then /usr/sbin/setcap cap_dac_override=eip /usr/bin/gpsd
fi

# Package		tpk-backend
# Owner			Jongmyeong Ko(jongmyeong.ko@samsung.com)
# Date			Aug 10, 2016
# Required		cap_dac_override, cap_chown, cap_fowner
# cap_dac_override	access to /home/$USER/apps_rw
# cap_chown		use chown API
# cap_fowner		use chmod API

if [ -e "/usr/bin/tpk-backend" ]
then /usr/sbin/setcap cap_dac_override,cap_chown,cap_fowner=eip /usr/bin/tpk-backend
fi

# Package		wgt-backend
# Owner			Jongmyeong Ko(jongmyeong.ko@samsung.com)
# Date			Aug 10, 2016
# Required		cap_dac_override, cap_chown, cap_fowner
# cap_dac_override	access to /home/$USER/apps_rw
# cap_chown		use chown API
# cap_fowner		use chmod API

if [ -e "/usr/bin/wgt-backend" ]
then /usr/sbin/setcap cap_dac_override,cap_chown,cap_fowner=eip /usr/bin/wgt-backend
fi

# Package		xdelta3
# Owner			Jongmyeong Ko(jongmyeong.ko@samsung.com)
# Date			Aug 10, 2016
# Required		cap_dac_override
# cap_dac_override	access to /home/$USER/apps_rw

if [ -e "/usr/bin/xdelta3" ]
then /usr/sbin/setcap cap_dac_override=ei /usr/bin/xdelta3
fi

# Package               feedbackd
# Owner                 Pureum Jung(pr.jung@samsung.com)
# Date                  Sep 2, 2016
# Required              cap_dac_override
# cap_dac_override      to access input event node => removed as feedbackd has input gid.

#if [ -e "/usr/bin/feedbackd" ]
#then /usr/sbin/setcap cap_dac_override=eip /usr/bin/feedbackd
#fi

# Package		connmand
# Owner			Hyunuk Tak(hyunuk.tak@samsung.com)
# Date			Oct 7, 2016
# Required		cap_dac_override,cap_net_admin,cap_net_bind_service,cap_net_broadcast,cap_net_raw
# cap_net_admin		to add interface flags and make the interface UP/DOWN using ioctl
# cap_net_bind_service	to execute bind() function
# cap_net_broadcast	to make socket broadcasts, and listen to multicasts
# cap_net_raw		to use RAW socket

if [ -e "/usr/bin/connmand" ]
then /usr/sbin/setcap cap_net_admin,cap_net_bind_service,cap_net_broadcast,cap_net_raw=ei /usr/bin/connmand
fi

# Package		net-config
# Owner			Hyunuk Tak(hyunuk.tak@samsung.com)
# Date			Oct 7, 2016
# Required		cap_dac_override, cap_net_admin
# cap_dac_override	create log file inside /var/log directory
# cap_net_admin		scan wifi AP and interface control using ioctl

if [ -e "/usr/bin/net-config" ]
then /usr/sbin/setcap cap_net_admin,cap_net_raw=ei /usr/bin/net-config
fi

# Package		wpa_supplicant
# Onwer			Hyunuk Tak(hyunuk.tak@samsung.com)
# Date			Oct 7, 2016
# Required		cap_net_admin, cap_net_raw
# cap_net_admin		to add interface flags and configure the interface using ioctl and driver commands
# cap_net_raw		to use RAW socket

if [ -e "/usr/bin/wpa_supplicant" ]
then /usr/sbin/setcap cap_net_admin,cap_net_raw=ei /usr/bin/wpa_supplicant
fi

# Package		mobileap-agent
# Owner			Seonah Moon(seonah1.moon@samsung.com)
# Date			Oct 7, 2016
# Required		cap_dac_override, cap_fowner, cap_net_admin, cap_net_bind_service
# cap_fowner		network interface configruration
# cap_net_admin		to use ioctl socket
# cap_net_bind_service	to call bind

if [ -e "/usr/bin/mobileap-agent" ]
then /usr/sbin/setcap cap_fowner,cap_net_admin,cap_net_bind_service=eip /usr/bin/mobileap-agent
fi

# route is using by mobileap-agent 
if [ -e "/usr/sbin/route" ]
then /usr/sbin/setcap cap_net_admin=ei /usr/sbin/route
fi

# Package		wpa_supplicant
# Owner			Seonah Moon(seonah1.moon@samsung.com)
# Date			Oct 7, 2016
# Required		cap_dac_override, cap_net_admin, cap_net_bind_service, cap_net_raw, cap_fowner
# cap_net_admin		to use ioctl socket
# cap_net_bind_service 	to call bind
# cap_net_raw		to use RAW socket
# cap_fowner		network interface configruration

if [ -e "/usr/bin/hostapd" ]
then /usr/sbin/setcap cap_net_admin,cap_net_bind_service,cap_net_raw,cap_fowner=eip /usr/bin/hostapd
fi

# Package		dnsmasq
# Owner			Seonah Moon(seonah1.moon@samsung.com)
# Date			Oct 7, 2016
# Required		cap_dac_override, cap_net_bind_service, cap_net_broadcast, cap_net_admin
# Capability Bit	only effective and inheriable
# cap_net_admin		to use ioctl socket
# cap_net_bind_service	to call bind
# cap_net_broadcast	to make socket broadcasts, and listen to multicasts
# cap_net_raw		to make socket permission(ICMPv6)

if [ -e "/usr/bin/dnsmasq" ]
then /usr/sbin/setcap cap_net_admin,cap_net_bind_service,cap_net_broadcast,cap_net_raw=ei /usr/bin/dnsmasq
fi

# Package		iproute2
# Owner			Seonah Moon(seonah1.moon@samsung.com)
# Date			Oct 7, 2016
# Required		cap_net_admin
# Capability Bit	only effective and inheriable
# cap_net_admin		to use ioctl socket

if [ -e "/usr/sbin/ip" ]
then /usr/sbin/setcap cap_net_admin=ei /usr/sbin/ip
fi

# Package		iptables
# Owner			Seonah Moon(seonah1.moon@samsung.com)
# Date			Oct 7, 2016
# Required		cap_dac_override, cap_sys_admin, cap_net_admin, cap_net_raw
# Capability Bit	only effective and inheriable
# cap_net_admin		to use ioctl socket
# cap_net_raw		to use RAW socket
# cap_sys_admin		to initialize iptables table => removed as it is not needed.

if [ -e "/usr/sbin/xtables-multi" ]
then /usr/sbin/setcap cap_net_admin,cap_net_raw=ei /usr/sbin/xtables-multi
fi

# Package		tayga
# Owner			Seonah Moon(seonah1.moon@samsung.com)
# Date			April 11, 2016
# Required		cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw
# Capability Bit	only effective and inheriable
# cap_net_bind_service	to call bind
# cap_net_broadcast	to make socket broadcasts, and listen to multicasts
# cap_net_admin		to use ioctl socket
# cap_net_raw		to use RAW socket

if [ -e "/usr/sbin/tayga" ]
then /usr/sbin/setcap cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw=ei /usr/sbin/tayga
fi

# Package		named
# Owner			Seonah Moon(seonah1.moon@samsung.com)
# Date			April 11, 2016
# Required		cap_fowner,cap_net_bind_service,cap_net_admin,cap_sys_chroot
# cap_fowner		network interface configruration
# cap_net_bind_service	to call bind
# cap_net_admin		to use ioctl socket
# cap_sys_chroot	to use root permission in spacific location

if [ -e "/usr/sbin/named" ]
then /usr/sbin/setcap cap_fowner,cap_net_bind_service,cap_net_admin,cap_sys_chroot=eip /usr/sbin/named
fi

# Package               chmod
# Owner                 Changyeon Lee(cyeon.lee@samsung.com)
# Date                  Oct 11, 2016
# Required              cap_fowner
# Capability Bit        only effective and inheriable
# cap_fowner		to pass permisstion check

if [ -e "/usr/bin/chmod" ]
then /usr/sbin/setcap cap_fowner=ei /usr/bin/chmod
fi

# Package               chgrp
# Owner                 Changyeon Lee(cyeon.lee@samsung.com)
# Date                  Oct 11, 2016
# Required              cap_chown
# Capability Bit        only effective and inheriable
# cap_fowner		to change files UIDs and GID

if [ -e "/usr/bin/chgrp" ]
then /usr/sbin/setcap cap_chown=ei /usr/bin/chgrp
fi

# Package               touch
# Owner                 SooYoung Ha(yoosah.ha@samsung.com)
# Date                  Oct 13, 2016
# Required              cap_dac_override
# Capability Bit        only effective and inheriable
# cap_dac_override      to access file

if [ -e "/bin/touch" ]
then /usr/sbin/setcap cap_dac_override=ei /bin/touch
fi

# Package               amixer
# Owner                 SooYoung Ha(yoosah.ha@samsung.com)
# Date                  Oct 13, 2016
# Required              cap_dac_override
# Capability Bit        only effective and inheriable
# cap_dac_override	to access file => removed as calling process has audio gid.

#if [ -e "/usr/bin/amixer" ]
#then /usr/sbin/setcap cap_dac_override=ei /usr/bin/amixer
#fi

# Package               data-provider-master
# Owner                 Myung-ki Lee (mk5004.lee@samsung.com)
# Date                  Nov 21, 2016
# Required              cap_dac_override
# cap_dac_override	to override dac permission for accessing to app's po files.

if [ -e "/usr/bin/data-provider-master" ]
then /usr/sbin/setcap cap_dac_override=ei /usr/bin/data-provider-master
fi

# Package               platform/coer/appfw/pkgmgr-tool
# Owner                 Sangyoon Jang(s89.jang@samsung.com)
# Date                  Nov 28, 2016
# Required              cap_dac_read_search
# cap_dac_read_search   to access pkg directory

if [ -e "/usr/bin/pkg_getsize" ]
then /usr/sbin/setcap cap_dac_read_search=eip /usr/bin/pkg_getsize
fi

# Package		platform/core/messaging/email-service
# Owner			Intae Jeon(intae.jeon@samsung.com)
# Date			Dec 13, 2016
# Required		cap_chown
# cap_chown		To change permission of DB file.

if [ -e "/usr/bin/email-service" ]
then /usr/sbin/setcap cap_chown=eip /usr/bin/email-service
fi

# Package               platform/coer/appfw/pkgmgr-tool
# Owner                 JongMyeong Ko(jongmyeong.ko@samsung.com)
# Date                  Jan 23, 2017
# Required              cap_dac_override
# cap_dac_override      to remove application resources in pkg directory
# TODO: REMOVED IN TIZEN 4.0

if [ -e "/usr/bin/pkg_cleardata" ]
then /usr/sbin/setcap cap_dac_override=eip /usr/bin/pkg_cleardata
fi

# launchpad package checks build option before giving capability.
# Therefore, caps will be given in spec file.
# Package               platform/core/appfw/launchpad
# Owner                 Junghoon Park(jh9216.park@samsung.com)
# Date                  July 4, 2017
# Required              cap_mac_admin, cap_dac_override, cap_setgid
# cap_mac_admin		to use security_manager_prepare_app()
# cap_dac_override      fd redirection in debug mode of app running
# cap_setgid		to use security_manager_prepare_app()

#if [ -e "/usr/bin/launchpad-process-pool" ]
#then /usr/sbin/setcap cap_mac_admin,cap_dac_override,cap_setgid=ei /usr/bin/launchpad-process-pool
#fi

#if [ -e "/usr/bin/launchpad-loader" ]
#then /usr/sbin/setcap cap_setgid=ei /usr/bin/launchpad-loader
#fi

# Package               platform/core/dotnet/launcher
# Owner                 Pius Lee(pius.lee@samsung.com)
# Date                  July 4, 2017
# Required              cap_mac_admin, cap_setgid
# cap_mac_admin		to change app process smack label (need for VD)
# cap_setgid		to change app process gid
# cap_sys_admin		to split mount namespace

if [ -e "/usr/bin/dotnet-launcher" ]
then /usr/sbin/setcap cap_mac_admin,cap_setgid,cap_sys_admin=ei /usr/bin/dotnet-launcher
fi

if [ -e "/usr/bin/scd-launcher" ]
then /usr/sbin/setcap cap_mac_admin,cap_setgid,cap_sys_admin=ei /usr/bin/scd-launcher
fi

# Package               platform/core/telephony/telephony-daemon
# Owner                 Shinhui Kang(sinikang@samsung.com)
# Date                  July 4, 2017
# Required              cap_net_admin, cap_net_raw
# cap_net_admin		for network interface up/down
# cap_net_raw		to use raw socket

# some profiles create the symlink to telephony-daemon
if [ -e "/usr/bin/telephony-daemon" ]
then /usr/sbin/setcap cap_net_admin,cap_net_raw=ei $(/usr/bin/readlink -f /usr/bin/telephony-daemon)
fi

# Package               platform/core/system/session-utils
# Owner                 Kunhoon Baik(knhoon.baik@samsung.com)
# Date                  July 4, 2017
# Required              cap_sys_admin, cap_mac_admin, cap_dac_override, cap_setgid
# cap_sys_admin		to use mount
# cap_mac_admin		to change smack label (System::Privileged -> User)
# cap_dac_override	to mount user_ext
# cap_setgid		currently checking (reviewing to remove this)

if [ -e "/usr/bin/systemd-user-helper" ]
then /usr/sbin/setcap cap_sys_admin,cap_mac_admin,cap_dac_override,cap_setgid=ei /usr/bin/systemd-user-helper
fi

# Package               platform/core/multimedia/libmm-sound
# Owner                 Seungbae Shin(seungbae.shin@samsung.com)
# Date                  July 4, 2017
# Required              cap_chown, cap_fowner, cap_lease
# TODO : check the reason

if [ -e "/usr/bin/focus_server" ]
then /usr/sbin/setcap cap_chown,cap_fowner,cap_lease=eip /usr/bin/focus_server
fi

if [ -e "/usr/bin/sound_server" ]
then /usr/sbin/setcap cap_chown,cap_fowner,cap_lease=eip /usr/bin/sound_server
fi

# Package               platform/core/security/nether
# Owner                 Kim Kidong(kd0228.kim@samsung.com)
# Date                  July 4, 2017
# Required              cap_net_admin, cap_net_raw
# cap_net_admin		for netfilter work

if [ -e "/usr/bin/nether" ]
then /usr/sbin/setcap cap_net_admin=ei /usr/bin/nether
fi

# Package               platform/core/appfw/amd
# Owner                 Junghoon Park(jh9216.park@samsung.com)
# Date                  July 4, 2017
# Required              cap_kill, cap_dac_override
# cap_kill		to kill app process
# cap_dac_override	to access wayland and app socket, to check private sharing path

if [ -e "/usr/bin/amd" ] && [ "$(/usr/bin/rpm -qa | /usr/bin/grep amd-mod-launchpad)" == "" ]
then /usr/sbin/setcap cap_kill,cap_dac_override=ep /usr/bin/amd
fi

# This is needed for headless profile.
if [ -e "/usr/bin/amd" ] && [ "$(/usr/bin/rpm -qa | /usr/bin/grep amd-mod-launchpad)" != "" ]
then /usr/sbin/setcap cap_setuid,cap_setgid,cap_mac_admin,cap_kill,cap_dac_override=eip /usr/bin/amd
fi

# Package               platform/framework/web/crosswalk-tizen
# Owner                 Jaekuk Lee(juku1999@samsung.com)
# Date                  July 4, 2017
# Required              cap_sys_admin, cap_setgid
# cap_sys_admin		to mount ( TODO : need to be checked) => removed as it is not needed.
# cap_setgid		to change process gid
# cap_sys_admin		to split mount namespace

if [ -e "/usr/bin/wrt-loader" ]
then /usr/sbin/setcap cap_setgid,cap_sys_admin=ei /usr/bin/wrt-loader
fi

# Package               platform/core/connectivity/wifi-direct-manager
# Owner                 Jaehyun Kim(jeik01.kim@samsung.com)
# Date                  July 18, 2017
# Required              cap_net_bind_service, cap_net_admin, cap_net_broadcast, cap_net_raw
# cap_net_bind_service	using DHCP port
# cap_net_admin		interface IP address configuration
# cap_net_broadcast	DHCP packet broadcasting
# cap_net_raw		open raw socket for DHCP

if [ -e "/usr/bin/wfd-manager" ]
then /usr/sbin/setcap cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw=ei $(/usr/bin/readlink -f /usr/bin/wfd-manager)
fi

# Belows are tools which wfd manager service is using.
if [ -e "/usr/bin/toybox" ]
then /usr/sbin/setcap cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw=ei /usr/bin/toybox
fi

if [ -e "/usr/bin/pkill" ]
then /usr/sbin/setcap cap_kill=ei /usr/bin/pkill
fi

if [ -e "/usr/sbin/ifconfig" ]
then /usr/sbin/setcap cap_net_admin=ei /usr/sbin/ifconfig
fi

# Package               platform/core/connectivity/wifi-mesh-manager
# Owner                 Saerome Kim(saerome.kim@samsung.com)
# Date                  Aug 11, 2017
# Required              cap_net_raw, cap_net_admin

if [ -e "/usr/bin/wmeshd" ]
then /usr/sbin/setcap cap_net_raw,cap_net_admin=ei /usr/bin/wmeshd
fi

# Package               platform/core/security/ode
# Owner                 Jaemin Ryu(jm77.ryu@samsung.com)
# Date                  Aug 23, 2017
# Required              cap_dac_override, cap_sys_admin, cap_sys_boot, cap_sys_ptrace, cap_kill
# cap_dac_override	to access /dev/mmcblk* and /dev/mapper/control
#			=> To remove this cap, (1. include security_fw to disk gid) and (2. change the permission of /dev/mapper/control)
# cap_sys_admin		to use ioctl system call
# cap_sys_boot		after encryption, reboot is required
# cap_sys_ptrace	to know process for storage encryption
# cap_kill		to kill the process

if [ -e "/usr/bin/oded" ]
then /usr/sbin/setcap cap_dac_override,cap_sys_admin,cap_sys_boot,cap_sys_ptrace,cap_kill=ei /usr/bin/oded
fi

# TODO: MOVE TO OTHER SCRIPT OR REMOVE
# Requested by sooyeon.kim@samsung.com
if [ -e "/etc/skel/share/.voice" ]
then
find /etc/skel/share/.voice -print0 | xargs -0 chown app_fw:app_fw
find /etc/skel/share/.voice -print0 | xargs -0 chsmack -a 'User::App::Shared'
find /etc/skel/share/.voice -type d -print0 | xargs -0 chsmack -t
fi

for line in `find /opt/usr/home -maxdepth 1 -type d`
do
        if [ -e "$line/share/.voice" ]; then
                user=$(echo $line | cut -d"/" -f5);
                find "$line/share/.voice" -print0 | xargs -0 chown $user:users
                find "$line/share/.voice" -print0 | xargs -0 chsmack -a 'User::App::Shared'
                find "$line/share/.voice" -type d -print0 | xargs -0 chsmack -t
        fi
done

# Set SMACK label as "System::Privileged" in /opt/var/security-manager/rules
chsmack -r -a "System::Privileged" /opt/var/security-manager/rules

# change permission to /opt/var/lib/misc
# This is needed to retrieve CAP_DAC_OVERRIDE from mobileap-agent & dnsmasq.
if [ -e /opt/var/lib/misc ]
then
	chown root:system_share /opt/var/lib/misc
	chmod 0775 /opt/var/lib/misc
fi

