review.tizen.org Git - profile/mobile/platform/kernel/linux-3.10-sc7730.git/commit

author	Casey Schaufler <casey@schaufler-ca.com>
	Tue, 26 Apr 2016 07:28:27 +0000 (16:28 +0900)
committer	Seung-Woo Kim <sw0312.kim@samsung.com>
	Thu, 25 Aug 2016 04:56:58 +0000 (21:56 -0700)
commit	d587ffac0e6b0849334d575bca4e9e1caa48f891
tree	bc8b6cfb0892ec8327e7abc1560630b85163e166	tree \| snapshot
parent	624da3bf8b24ef974c0e7386f3ed8dc572511ab9	commit \| diff

Smack: secmark support for netfilter

Smack uses CIPSO to label internet packets and thus provide
for access control on delivery of packets. The netfilter facility
was not used to allow for Smack to work properly without netfilter
configuration. Smack does not need netfilter, however there are
cases where it would be handy.

As a side effect, the labeling of local IPv4 packets can be optimized
and the handling of local IPv6 packets is just all out better.

The best part is that the netfilter tools use "contexts" that
are just strings, and they work just as well for Smack as they
do for SELinux.

All of the conditional compilation for IPv6 was implemented
by Rafal Krypa <r.krypa@samsung.com>

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
[jooseong.lee: Backported from mainline]
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
Change-Id: Ia4cf70850795c50ab9f2d58f4d1b42cca7411c21

security/smack/Kconfig		diff \| blob \| history
security/smack/Makefile		diff \| blob \| history
security/smack/smack.h		diff \| blob \| history
security/smack/smack_lsm.c		diff \| blob \| history
security/smack/smack_netfilter.c	[new file with mode: 0644]	blob