review.tizen.org Git - kernel/linux-3.0.git/commit

author	Casey Schaufler <casey@schaufler-ca.com>
	Fri, 28 Jun 2013 20:47:07 +0000 (13:47 -0700)
committer	Jan Cybulski <j.cybulski@samsung.com>
	Mon, 7 Oct 2013 13:46:08 +0000 (15:46 +0200)
commit	694f8fc3be75b62da792d98bb04cc6371fdac9ef
tree	e9758573f4380aed5ad5376be7d73884b57e0ccc	tree \| snapshot
parent	1d9bb9c73420f2073a6438ed664916d91317a74d	commit \| diff

Smack: network label match fix

The Smack code that matches incoming CIPSO tags with Smack labels
reaches through the NetLabel interfaces and compares the network
data with the CIPSO header associated with a Smack label. This was
done in a ill advised attempt to optimize performance. It works
so long as the categories fit in a single capset, but this isn't
always the case.

This patch changes the Smack code to use the appropriate NetLabel
interfaces to compare the incoming CIPSO header with the CIPSO
header associated with a label. It will always match the CIPSO
headers correctly.

Targeted for git://git.gitorious.org/smack-next/kernel.git

Change-Id: I069813496900cc56cf79502df9dd98cbd2cda908
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>

security/smack/smack.h		diff \| blob \| history
security/smack/smack_lsm.c		diff \| blob \| history
security/smack/smackfs.c		diff \| blob \| history