Set SMACK label of netlabel as 'System'

- Previously, it was set as System::Privileged by systemd.
- Basically, network is controlled by Nether with the privilege.
- Therefore, it does not have to be set as System::Privileged.
- Overwrite it as 'System', but in the future, the more smarter
  change will be needed.

Change-Id: I5b2e00c1e729b0f404d0ce8e428824bfe260823f

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 3d3eda8a7b8a32a51a9b89af8e8a14aca54d47a7..5422877de983c10cc1e0d604cd950a7352307e10 100755 (executable)
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -20,6 +20,7 @@ INSTALL(FILES ${CMAKE_SOURCE_DIR}/upgrade/201.security_upgrade.sh DESTINATION /u
 INSTALL(FILES ${CMAKE_SOURCE_DIR}/upgrade/711.security_privacy_package_migration.sh DESTINATION /usr/share/upgrade/scripts)
 INSTALL(FILES ${CMAKE_SOURCE_DIR}/smack/onlycap DESTINATION /etc/smack)
 INSTALL(FILES ${CMAKE_SOURCE_DIR}/smack/smack_default_labeling DESTINATION /usr/share/security-config)
+INSTALL(FILES ${CMAKE_SOURCE_DIR}/smack/netlabel_config DESTINATION /etc/smack/netlabel.d)
 
 INSTALL(FILES
     ${CMAKE_SOURCE_DIR}/packaging/security-config.manifest

diff --git a/packaging/security-config.spec b/packaging/security-config.spec
index 68a297c9e19b7947c080e8dd45479924ba77e5cf..a6c36fa0ca3f11ed8496cbe7564d1ae3b7b2d84d 100755 (executable)
--- a/packaging/security-config.spec
+++ b/packaging/security-config.spec
@@ -109,6 +109,7 @@ rm /opt/share/security-config/test/capability_test/*
 %attr(755,root,root) /usr/share/upgrade/scripts/711.security_privacy_package_migration.sh
 %attr(755,root,root) %{_sysconfdir}/gumd/useradd.d/90_user-content-permissions.post
 %attr(755,root,root) %{_sysconfdir}/gumd/useradd.d/91_user-dbspace-permissions.post
+%attr(644,root,root) /etc/smack/netlabel.d/netlabel_config
 
 %files profile_mobile
 %license LICENSE

diff --git a/smack/netlabel_config b/smack/netlabel_config
new file mode 100644 (file)
index 0000000..8ff474f
--- /dev/null
+++ b/smack/netlabel_config
@@ -0,0 +1 @@
+0.0.0.0/0 System