From 2db9fa8d18328e2f21f1b5a7ca7ac0f33bedf6d9 Mon Sep 17 00:00:00 2001
From: Roman Kubiak <r.kubiak@samsung.com>
Date: Mon, 24 Aug 2015 16:34:11 +0900
Subject: [PATCH] Kernel threads excluded from smack checks

Adds an ignore case for kernel tasks,
so that they can access all resources.

Since kernel worker threads are spawned with
floor label, they are severely restricted by
Smack policy. It is not an issue without onlycap,
as these processes also run with root,
so CAP_MAC_OVERRIDE kicks in. But with onlycap
turned on, there is no way to change the label
for these processes.

Change-Id: Ic0b9c0d9d5874f0299e0aba74d01c180e2722d48
Signed-off-by: Roman Kubiak <r.kubiak@samsung.com>
---
 security/smack/smack_access.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c
index b80d49bbf1cb..970400934d42 100644
--- a/security/smack/smack_access.c
+++ b/security/smack/smack_access.c
@@ -669,6 +669,12 @@ int smack_privileged(int cap)
 	struct smack_known *skp = smk_of_current();
 	struct smack_onlycap *sop;
 
+	/*
+	 * All kernel tasks are privileged
+	 */
+	if (unlikely(current->flags & PF_KTHREAD))
+		return 1;
+
 	if (!capable(cap))
 		return 0;
 
-- 
2.34.1