review.tizen.org Git - sdk/emulator/emulator-kernel.git/commit

author	Rafal Krypa <r.krypa@samsung.com>
	Fri, 15 May 2015 19:22:01 +0000 (21:22 +0200)
committer	SeokYeon Hwang <syeon.hwang@samsung.com>
	Wed, 24 Jun 2015 02:56:49 +0000 (11:56 +0900)
commit	5e9fb47d26adf710f0da11462204f9bbba302fd9
tree	aeea4ca06b6a98e64ecaeedd7cafd8f1b93029b3	tree \| snapshot
parent	803a7544a7e36b5e4e978cfa005c638ac32f497a	commit \| diff

Smack: allow multiple labels in onlycap

Smack onlycap allows limiting of CAP_MAC_ADMIN and CAP_MAC_OVERRIDE to
processes running with the configured label. But having single privileged
label is not enough in some real use cases. On a complex system like Tizen,
there maybe few programs that need to configure Smack policy in run-time
and running them all with a single label is not always practical.
This patch extends onlycap feature for multiple labels. They are configured
in the same smackfs "onlycap" interface, separated by spaces.

Change-Id: Ia95b93b4474669b7fd02926926e10b814b78405c
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
(cherry picked from commit c0a3794dfc6a153294fa90f6499a43c78a608047)

Documentation/security/Smack.txt		diff \| blob \| history
security/smack/smack.h		diff \| blob \| history
security/smack/smack_access.c		diff \| blob \| history
security/smack/smackfs.c		diff \| blob \| history