From: jooseong lee <jooseong.lee@samsung.com>
Date: Tue, 19 Jul 2016 01:31:33 +0000 (+0900)
Subject: Enable Smack onlycap feature
X-Git-Tag: submit/tizen/20160719.020621^2
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=6c3df581bde4b77ee8b6b577e02e36649c379e67;p=platform%2Fcore%2Fsecurity%2Fsecurity-config.git

Enable Smack onlycap feature

We are ready to enable onlycap feature. Onlycap label is 'System::Privileged'.

* Add new sub domain ('System::Privileged')
 : https://review.tizen.org/gerrit/#/c/80083/
* Add proper Smack rules and Cynara permission
 : https://review.tizen.org/gerrit/#/c/80084/
* Give execute label
 - systemd : https://review.tizen.org/gerrit/#/c/80375/
 - launchpad : https://review.tizen.org/gerrit/#/c/80216/
 - debug-launchpad : https://review.tizen.org/gerrit/#/c/80221/
 - serveral service : https://review.tizen.org/gerrit/#/c/80272/
   (This is a temporary patch. WE WILL USE 'SmackProcessLabel' option
    IN EACH SERVICE FILES)

Change-Id: I105e5433f1411fcd26a109c4e29d526c27e8f72d
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
---

diff --git a/smack/smack_default_labeling b/smack/smack_default_labeling
index a529390..19cd5be 100644
--- a/smack/smack_default_labeling
+++ b/smack/smack_default_labeling
@@ -25,3 +25,5 @@ if [ "$?" == 1 ] # Init boot case
 then
 	set_smack_label
 fi
+
+echo "System::Privileged" > /sys/fs/smackfs/onlycap