From: jin-gyu.kim Date: Wed, 10 Apr 2019 01:55:16 +0000 (+0900) Subject: Set SMACK label of netlabel as 'System' X-Git-Tag: submit/tizen/20190410.055848^0 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=1c1e9fdcb6e0a122bb7c0adc3fd47dacf0e0f869;p=platform%2Fcore%2Fsecurity%2Fsecurity-config.git Set SMACK label of netlabel as 'System' - Previously, it was set as System::Privileged by systemd. - Basically, network is controlled by Nether with the privilege. - Therefore, it does not have to be set as System::Privileged. - Overwrite it as 'System', but in the future, the more smarter change will be needed. Change-Id: I5b2e00c1e729b0f404d0ce8e428824bfe260823f --- diff --git a/CMakeLists.txt b/CMakeLists.txt index 4b885f5..3252ac9 100755 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -19,6 +19,7 @@ INSTALL(FILES ${CMAKE_SOURCE_DIR}/config/91_user-dbspace-permissions.post DESTIN INSTALL(FILES ${CMAKE_SOURCE_DIR}/upgrade/201.security_upgrade.sh DESTINATION /usr/share/upgrade/scripts) INSTALL(FILES ${CMAKE_SOURCE_DIR}/smack/onlycap DESTINATION /etc/smack) INSTALL(FILES ${CMAKE_SOURCE_DIR}/smack/smack_default_labeling DESTINATION /usr/share/security-config) +INSTALL(FILES ${CMAKE_SOURCE_DIR}/smack/netlabel_config DESTINATION /etc/smack/netlabel.d) INSTALL(FILES ${CMAKE_SOURCE_DIR}/packaging/security-config.manifest diff --git a/packaging/security-config.spec b/packaging/security-config.spec index a7d75bc..a9bf30f 100755 --- a/packaging/security-config.spec +++ b/packaging/security-config.spec @@ -135,6 +135,7 @@ rm %{SECURITY_TEST_DIR}/new_service_test/* %attr(755,root,root) /usr/share/upgrade/scripts/201.security_upgrade.sh %attr(755,root,root) %{_sysconfdir}/gumd/useradd.d/90_user-content-permissions.post %attr(755,root,root) %{_sysconfdir}/gumd/useradd.d/91_user-dbspace-permissions.post +%attr(644,root,root) /etc/smack/netlabel.d/netlabel_config %files profile_mobile %license LICENSE diff --git a/smack/netlabel_config b/smack/netlabel_config new file mode 100644 index 0000000..8ff474f --- /dev/null +++ b/smack/netlabel_config @@ -0,0 +1 @@ +0.0.0.0/0 System