#!/bin/bash

PATH=/bin:/usr/bin:/sbin:/usr/sbin

## Setting capability in binary image creation stage(via mic)

# Package		sdbd
# Owner 		Jeeho Yoo(jeeho.yoo@samsung.com)
# Date			May 24, 2016
# Required		cap_setuid, cap_setgid
# cap_setuid		set user id per each user logged in
# cap_setgid		set group id following user id

# Owner         Changseok Oh(seok.oh@samsung.com)
# Date          June 23, 2016
# Required      cap_setuid, cap_dac_override, cap_sys_admin
# cap_setuid        set child process's uid to root
# cap_dac_override	bypass permission check at pull/push
# cap_sys_admin		remount at rpm installation

/usr/sbin/setcap cap_setuid,cap_setgid,cap_dac_override,cap_sys_admin=eip /usr/sbin/sdbd

# Package		alarm-server
# Owner 		Jiwoong Im(jiwoong.im@samsung.com)
# Date			May 24, 2016
# Required		cap_sys_time
# cap_sys_time		settimeofday() system call and rtc setting time need privilege; CAP_SYS_TIME

/usr/sbin/setcap cap_sys_time=eip /usr/bin/alarm-server

# Package		download-provider
# Owner 		Jaekuk Lee(juku1999@samsung.com)
# Date			May 24, 2016
# Required		cap_chown, cap_dac_override
# cap_chown		needs to change owner of downloaded file from download-provider to application
# cap_dac_override	needs to access directory which user id is different (override DAC permission)

/usr/sbin/setcap cap_chown,cap_dac_override=eip /usr/bin/download-provider

# Package		media-server
# Owner 		Minje Ahn(minje.ahn@samsung.com)
# Date			May 27, 2016
# Required		cap_dac_override
# cap_dac_override	media-server needs to access client's directory	defined as each client's uid and gid
#			in case of providing its capi; thumbnail_util_extract() (providing thumbnail requested by client)
#			client would be another service daemon and application

/usr/sbin/setcap cap_dac_override=eip /usr/bin/media-server

# Package		csr-server
# Owner 		Kyungwook Tak(k.tak@samsung.com)
# Date			June 17, 2016
# Required		cap_dac_override, cap_fowner
# cap_dac_override	csr-server needs to access application's directory for scanning and removing file
# cap_fowner		csr-server needs to remove files set with sticky bit in /tmp (rwxrwxrwt)

/usr/sbin/setcap cap_dac_override,cap_fowner=eip /usr/bin/csr-server

# Package        	msg-server
# Owner        		Kyeonghun Lee(kh9090.lee@samsung.com)
# Date            	June 28, 2016
# Required        	cap_chown, cap_dac_override, cap_lease, cap_net_admin, cap_net_raw
# cap_net_admin    	Interface binding in case of using curl api (mms sending/receiving)
# cap_net_raw        	Bind to any address for proxying in using RAW and PACKET sockets (mms sending/receiving)
# cap_chown		For change uid or gid chown file
# cap_dac_override	For access fstat file operation
# cap_lease		Establish leases on arbitrary files

/usr/sbin/setcap cap_chown,cap_dac_override,cap_lease,cap_net_admin,cap_net_raw=eip /usr/bin/msg-server

# Package        	pkgmgr-server
# Owner        		Jongmyeong Ko(jongmyeong.ko@samsung.com)
# Date            	June 30, 2016
# Required        	cap_chown, cap_dac_override, cap_fsetid, cap_kill, cap_setgid, cap_setuid
# cap_chown		fchown : change owner
# cap_dac_override	Access user and global database file of package manager
# cap_fsetid		fchmod : change mode
# cap_kill		killpg function
# cap_setgid		setgid and setgroups function
# cap_setuid		setuid function

/usr/sbin/setcap cap_chown,cap_dac_override,cap_fsetid,cap_kill,cap_setgid,cap_setuid=eip /usr/bin/pkgmgr-server

# Package			app-installers
# Owner				Sangyoun Jang(s89.jang@samsung.com)
# Date				Jul 04, 2016
# Required			cap_dac_override, cap_chown, cap_fowner
# cap_dac_override	access to /home/$USER/apps_rw
# cap_chown			use chown API
# cap_fowner		use chmod API

/usr/sbin/setcap cap_dac_override,cap_chown,cap_fowner=eip /usr/bin/pkgdir-tool

# Package			mused
# Owner				Younghoon Kim(yh8004.kim@samsung.com)
# Date				Jul 07, 2016
# Required			cap_dac_override
# cap_dac_override	access to directories of applications

/usr/sbin/setcap cap_dac_override=eip /usr/bin/muse-server


## Smack labeling
# Below lines are executed in end of kick start file

/usr/bin/chsmack -a "System::Shared" /etc/.pwd.lock
/usr/bin/chsmack -a "System::Shared" /etc/passwd*
/usr/bin/chsmack -a "System::Shared" /etc/group*
/usr/bin/chsmack -a "System::Shared" /etc/gshadow*
/usr/bin/chsmack -a "System::Shared" /etc/shadow*
