Drop Posix Capabilities

The following patch against the 4.54 codebase drops posix capabilities
after startup so that the bluetooth daemon is less of a threat to the
system should there be any way to compromise it. The retained
capabilities was compared to selinux policy to make sure that its
roughly the same. It uses the libcap-ng library which allows patches
for dropping capabilities to be much smaller.
diff --git a/Makefile.am b/Makefile.am
index 642affc..7de359b 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -191,7 +191,8 @@
 			src/device.h src/device.c \
 			src/dbus-common.c src/dbus-common.h \
 			src/dbus-hci.h src/dbus-hci.c
-src_bluetoothd_LDADD = lib/libbluetooth.la @GLIB_LIBS@ @DBUS_LIBS@ -ldl
+src_bluetoothd_LDADD = lib/libbluetooth.la @GLIB_LIBS@ @DBUS_LIBS@ \
+							@CAPNG_LIBS@ -ldl
 src_bluetoothd_LDFLAGS = -Wl,--export-dynamic \
 					-Wl,--version-script=src/bluetooth.ver
 src_bluetoothd_DEPENDENCIES = src/bluetooth.ver lib/libbluetooth.la
diff --git a/src/main.c b/src/main.c
index 655bda3..9626081 100644
--- a/src/main.c
+++ b/src/main.c
@@ -55,6 +55,9 @@
 #include "dbus-common.h"
 #include "agent.h"
 #include "manager.h"
+#ifdef HAVE_CAPNG
+#include <cap-ng.h>
+#endif
 
 #define LAST_ADAPTER_EXIT_TIMEOUT 30
 
@@ -343,6 +346,14 @@
 	GKeyFile *config;
 
 	init_defaults();
+#ifdef HAVE_CAPNG
+	/* Drop capabilities */
+	capng_clear(CAPNG_SELECT_BOTH);
+	capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED,
+			CAP_NET_BIND_SERVICE, CAP_NET_ADMIN, CAP_NET_RAW,
+			CAP_IPC_LOCK, -1);
+	capng_apply(CAPNG_SELECT_BOTH);
+#endif
 
 	context = g_option_context_new(NULL);
 	g_option_context_add_main_entries(context, options, NULL);