review.tizen.org Git - platform/kernel/linux-arm64.git/commit

author	Casey Schaufler <casey@schaufler-ca.com>
	Fri, 28 Jun 2013 20:47:07 +0000 (13:47 -0700)
committer	Chanho Park <parkch98@gmail.com>
	Fri, 23 Jan 2015 14:23:16 +0000 (23:23 +0900)
commit	0e388e782c7e57dd42cdfc4f48f340ccf9e6f5dd
tree	6a7ff4afbafe9251dc7dc263500ca76378274c0e	tree \| snapshot
parent	43b937fbbf65ffa390afb283382c5230c9816104	commit \| diff

Smack: network label match fix

The Smack code that matches incoming CIPSO tags with Smack labels
reaches through the NetLabel interfaces and compares the network
data with the CIPSO header associated with a Smack label. This was
done in a ill advised attempt to optimize performance. It works
so long as the categories fit in a single capset, but this isn't
always the case.

This patch changes the Smack code to use the appropriate NetLabel
interfaces to compare the incoming CIPSO header with the CIPSO
header associated with a label. It will always match the CIPSO
headers correctly.

Targeted for git://git.gitorious.org/smack-next/kernel.git

Change-Id: I22a2fd758b5a7764cbeb3ebf9f4dadd12d5b170b
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>

security/smack/smack.h		diff \| blob \| history
security/smack/smack_lsm.c		diff \| blob \| history
security/smack/smackfs.c		diff \| blob \| history