summary |
shortlog | log |
commit |
commitdiff |
tree
first ⋅ prev ⋅ next
Rafal Krypa [Thu, 10 Jan 2013 18:42:00 +0000 (19:42 +0100)]
Smack: add support for modification of existing rules
commit
e05b6f982a049113a88a1750e13fdb15298cbed4 upstream
Rule modifications are enabled via /smack/change-rule. Format is as follows:
"Subject Object rwaxt rwaxt"
First two strings are subject and object labels up to 255 characters.
Third string contains permissions to enable.
Fourth string contains permissions to disable.
All unmentioned permissions will be left unchanged.
If no rule previously existed, it will be created.
Targeted for git://git.gitorious.org/smack-next/kernel.git
Change-Id: If70a8b8a88ce2abc6b10bdd7bc7791996e70c8cd
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Reviewed-on: http://165.213.202.130:8080/53906
Reviewed-by: Kyungmin Park <kyungmin.park@samsung.com>
Tested-by: Kyungmin Park <kyungmin.park@samsung.com>
Rafal Krypa [Thu, 13 Dec 2012 18:02:09 +0000 (19:02 +0100)]
Revert "Smack: add support for modification of existing rules"
This reverts commit
3cf5b164d32a648a627506a21d2fc6a6c24a2808.
Change-Id: Ia099ccd24faf7556771e0fd08184bc6065db92a8
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Reviewed-on: http://165.213.202.130:8080/53905
Reviewed-by: Kyungmin Park <kyungmin.park@samsung.com>
Tested-by: Kyungmin Park <kyungmin.park@samsung.com>
Rafal Krypa [Mon, 17 Sep 2012 13:38:30 +0000 (15:38 +0200)]
Smack: prevent revoke-subject from failing when unseen label is written to it
commit
d15d9fad16f6aa459cf4926a1d3aba36b004e9a2 upstream
Special file /smack/revoke-subject will silently accept labels, that are not
present on the subject label list. Nothing has to be done for such labels,
as there are no rules for them to revoke.
Change-Id: I326e1fad79a99a48839de8c35abfe709391e0f30
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Reviewed-on: http://165.213.202.130:8080/53903
Reviewed-by: Kyungmin Park <kyungmin.park@samsung.com>
Tested-by: Kyungmin Park <kyungmin.park@samsung.com>
Casey Schaufler [Fri, 2 Nov 2012 01:14:32 +0000 (18:14 -0700)]
Smack: create a sysfs mount point for smackfs
commit
e93072374112db9dc86635934ee761249be28370 upstream
There are a number of "conventions" for where to put LSM filesystems.
Smack adheres to none of them. Create a mount point at /sys/fs/smackfs
for mounting smackfs so that Smack can be conventional.
Targeted for git://git.gitorious.org/smack-next/kernel.git
Change-Id: Ibdb521f61147545376f3e62b80905c8751ea0fc8
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Reviewed-on: http://165.213.202.130:8080/53902
Reviewed-by: Kyungmin Park <kyungmin.park@samsung.com>
Tested-by: Kyungmin Park <kyungmin.park@samsung.com>
Casey Schaufler [Fri, 2 Nov 2012 18:28:11 +0000 (11:28 -0700)]
Smack: use select not depends in Kconfig
commit
111fe8bd65e473d5fc6a0478cf1e2c8c6a77489a upstream
The components NETLABEL and SECURITY_NETWORK are required by
Smack. Using "depends" in Kconfig hides the Smack option
if the user hasn't figured out that they need to be enabled
while using make menuconfig. Using select is a better choice.
Because select is not recursive depends on NET and SECURITY
are added. The reflects similar usage in TOMOYO and AppArmor.
Targeted for git://git.gitorious.org/smack-next/kernel.git
Change-Id: I375867a1c1ec6958ae4b579823f651b6431e5cc6
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-on: http://165.213.202.130:8080/53901
Reviewed-by: Kyungmin Park <kyungmin.park@samsung.com>
Tested-by: Kyungmin Park <kyungmin.park@samsung.com>
Casey Schaufler [Wed, 22 Aug 2012 18:44:03 +0000 (11:44 -0700)]
Smack: setprocattr memory leak fix
commit
46a2f3b9e99353cc63e15563e8abee71162330f7 upstream
The data structure allocations being done in prepare_creds
are duplicated in smack_setprocattr. This results in the
structure allocated in prepare_creds being orphaned and
never freed. The duplicate code is removed from
smack_setprocattr.
Targeted for git://git.gitorious.org/smack-next/kernel.git
Change-Id: I192cdad82cbdb3a57cb8f4df06d5df9a5ac36c82
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Reviewed-on: http://165.213.202.130:8080/53900
Reviewed-by: Kyungmin Park <kyungmin.park@samsung.com>
Tested-by: Kyungmin Park <kyungmin.park@samsung.com>
Casey Schaufler [Fri, 10 Aug 2012 00:46:38 +0000 (17:46 -0700)]
Smack: remove task_wait() hook.
commit
c00bedb368ae02a066aed8a888afc286c1df2e60 upstream
On 12/20/2011 11:20 PM, Jarkko Sakkinen wrote:
> Allow SIGCHLD to be passed to child process without
> explicit policy. This will help to keep the access
> control policy simple and easily maintainable with
> complex applications that require use of multiple
> security contexts. It will also help to keep them
> as isolated as possible.
>
> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@intel.com>
I have a slightly different version that applies to the
current smack-next tree.
Allow SIGCHLD to be passed to child process without
explicit policy. This will help to keep the access
control policy simple and easily maintainable with
complex applications that require use of multiple
security contexts. It will also help to keep them
as isolated as possible.
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
security/smack/smack_lsm.c | 37 ++++++++-----------------------------
1 files changed, 8 insertions(+), 29 deletions(-)
Change-Id: If37564a178a336b0097d314f4915c65a19c29c91
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Reviewed-on: http://165.213.202.130:8080/53899
Reviewed-by: Kyungmin Park <kyungmin.park@samsung.com>
Tested-by: Kyungmin Park <kyungmin.park@samsung.com>
Alan Cox [Thu, 26 Jul 2012 21:47:11 +0000 (14:47 -0700)]
smack: off by one error
commit
3b9fc37280c521b086943f9aedda767f5bf3b2d3 upstream
Consider the input case of a rule that consists entirely of non space
symbols followed by a \0. Say 64 + \0
In this case strlen(data) = 64
kzalloc of subject and object are 64 byte objects
sscanfdata, "%s %s %s", subject, ...)
will put 65 bytes into subject.
Change-Id: I23f9eddde5747bb1dde6e3fd5a4fbe08fd152ff2
Signed-off-by: Alan Cox <alan@linux.intel.com>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Cc: stable@vger.kernel.org
Signed-off-by: James Morris <james.l.morris@oracle.com>
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
Reviewed-on: http://165.213.202.130:8080/53898
Reviewed-by: Kyungmin Park <kyungmin.park@samsung.com>
Tested-by: Kyungmin Park <kyungmin.park@samsung.com>
Dongsu Kim [Fri, 8 Mar 2013 05:20:39 +0000 (14:20 +0900)]
Fix common_audit_data type for smack_inode_unlink() and smack_inode_rmdir()
Change-Id: I39afcae6eeff869733b820f8f654fae5bf47f7e7
Signed-off-by: Dongsu Kim <dongsu17.kim@samsung.com>
Reviewed-on: http://165.213.202.130:8080/52126
Reviewed-by: Kyungmin Park <kyungmin.park@samsung.com>
Tested-by: Kyungmin Park <kyungmin.park@samsung.com>
sungmin ha [Tue, 14 May 2013 08:51:26 +0000 (17:51 +0900)]
sync with latest
Sooyoung Ha [Tue, 16 Apr 2013 12:25:23 +0000 (21:25 +0900)]
sync with latest
Sooyoung Ha [Wed, 3 Apr 2013 02:26:32 +0000 (11:26 +0900)]
update source for tizen_2.1
Jinkun Jang [Thu, 14 Mar 2013 07:27:35 +0000 (16:27 +0900)]
sync
Jinkun Jang [Tue, 12 Mar 2013 17:15:49 +0000 (02:15 +0900)]
Tizen 2.1 base
Sungho Park [Mon, 27 Feb 2012 12:16:02 +0000 (21:16 +0900)]
Initialize
projects / sdk / emulator / emulator-kernel.git / log