Set SMACK label of netlabel as 'System'

- Previously, it was set as System::Privileged by systemd.
- Basically, network is controlled by Nether with the privilege.
- Therefore, it does not have to be set as System::Privileged.
- Overwrite it as 'System', but in the future, the more smarter
  change will be needed.

Change-Id: I5b2e00c1e729b0f404d0ce8e428824bfe260823f

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 4b885f5a3ef4d75b63945aeddbe0b40402b50dbb..3252ac9a6d483279417f148ce14859944cd3c921 100755 (executable)
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -19,6 +19,7 @@ INSTALL(FILES ${CMAKE_SOURCE_DIR}/config/91_user-dbspace-permissions.post DESTIN
 INSTALL(FILES ${CMAKE_SOURCE_DIR}/upgrade/201.security_upgrade.sh DESTINATION /usr/share/upgrade/scripts)
 INSTALL(FILES ${CMAKE_SOURCE_DIR}/smack/onlycap DESTINATION /etc/smack)
 INSTALL(FILES ${CMAKE_SOURCE_DIR}/smack/smack_default_labeling DESTINATION /usr/share/security-config)
+INSTALL(FILES ${CMAKE_SOURCE_DIR}/smack/netlabel_config DESTINATION /etc/smack/netlabel.d)
 
 INSTALL(FILES
     ${CMAKE_SOURCE_DIR}/packaging/security-config.manifest

diff --git a/packaging/security-config.spec b/packaging/security-config.spec
index f2737d2ec83324b1938f5f2273c1e45f3afb2469..e38e23d28a89aeed32323e0436a705189aac06f1 100755 (executable)
--- a/packaging/security-config.spec
+++ b/packaging/security-config.spec
@@ -132,6 +132,7 @@ rm %{SECURITY_TEST_DIR}/new_service_test/*
 %attr(755,root,root) /usr/share/upgrade/scripts/201.security_upgrade.sh
 %attr(755,root,root) %{_sysconfdir}/gumd/useradd.d/90_user-content-permissions.post
 %attr(755,root,root) %{_sysconfdir}/gumd/useradd.d/91_user-dbspace-permissions.post
+%attr(644,root,root) /etc/smack/netlabel.d/netlabel_config
 
 %files profile_mobile
 %license LICENSE

diff --git a/smack/netlabel_config b/smack/netlabel_config
new file mode 100644 (file)
index 0000000..8ff474f
--- /dev/null
+++ b/smack/netlabel_config
@@ -0,0 +1 @@
+0.0.0.0/0 System