projects / platform / core / security / security-config.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7371c67)
Enable Smack onlycap feature 72/80572/1
authorjooseong lee <jooseong.lee@samsung.com>
Tue, 19 Jul 2016 01:31:33 +0000 (10:31 +0900)
committerjooseong lee <jooseong.lee@samsung.com>
Tue, 19 Jul 2016 01:31:33 +0000 (10:31 +0900)
We are ready to enable onlycap feature. Onlycap label is 'System::Privileged'.

* Add new sub domain ('System::Privileged')
 : https://review.tizen.org/gerrit/#/c/80083/
* Add proper Smack rules and Cynara permission
 : https://review.tizen.org/gerrit/#/c/80084/
* Give execute label
 - systemd : https://review.tizen.org/gerrit/#/c/80375/
 - launchpad : https://review.tizen.org/gerrit/#/c/80216/
 - debug-launchpad : https://review.tizen.org/gerrit/#/c/80221/
 - serveral service : https://review.tizen.org/gerrit/#/c/80272/
   (This is a temporary patch. WE WILL USE 'SmackProcessLabel' option
    IN EACH SERVICE FILES)

Change-Id: I105e5433f1411fcd26a109c4e29d526c27e8f72d
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
smack/smack_default_labeling patch | blob | history

diff --git a/smack/smack_default_labeling b/smack/smack_default_labeling
index a5293909beb3e2289e2532ff7bba327c15f8b3b5..19cd5be26e4cf7b4b58f598b93e1a7c026873151 100644 (file)
--- a/smack/smack_default_labeling
+++ b/smack/smack_default_labeling
@@ -25,3 +25,5 @@ if [ "$?" == 1 ] # Init boot case
 then
        set_smack_label
 fi
+
+echo "System::Privileged" > /sys/fs/smackfs/onlycap
Domain: Security / Access Control;