From add7549f057b9147f5cd64f60917d47dc8eb209d Mon Sep 17 00:00:00 2001
From: Seung-Woo Kim <sw0312.kim@samsung.com>
Date: Thu, 25 Aug 2016 17:16:03 +0900
Subject: [PATCH] arm64: defconfig: tm2: enable SMACK and AUDIT options for
 NETFILTER

To support security check of network packet from Tizen platform,
it is required to enable the configs for SMACK_NETFILTER dependent
on NETWORK_SECMARK and AUDIT of NETFILTER.

Change-Id: I684ce5771dbd6e52ee529ede647d36c6561e549e
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>
---
 arch/arm64/configs/tizen_tm2_defconfig | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/arch/arm64/configs/tizen_tm2_defconfig b/arch/arm64/configs/tizen_tm2_defconfig
index 7978f81..dedc842 100644
--- a/arch/arm64/configs/tizen_tm2_defconfig
+++ b/arch/arm64/configs/tizen_tm2_defconfig
@@ -607,7 +607,7 @@ CONFIG_IPV6_MULTIPLE_TABLES=y
 # CONFIG_IPV6_SUBTREES is not set
 # CONFIG_IPV6_MROUTE is not set
 CONFIG_NETLABEL=y
-# CONFIG_NETWORK_SECMARK is not set
+CONFIG_NETWORK_SECMARK=y
 # CONFIG_NET_PTP_CLASSIFY is not set
 # CONFIG_NETWORK_PHY_TIMESTAMPING is not set
 CONFIG_NETFILTER=y
@@ -625,6 +625,7 @@ CONFIG_NETFILTER_NETLINK_LOG=y
 CONFIG_NF_CONNTRACK=y
 CONFIG_NF_LOG_COMMON=y
 CONFIG_NF_CONNTRACK_MARK=y
+# CONFIG_NF_CONNTRACK_SECMARK is not set
 CONFIG_NF_CONNTRACK_PROCFS=y
 CONFIG_NF_CONNTRACK_EVENTS=y
 # CONFIG_NF_CONNTRACK_TIMEOUT is not set
@@ -686,7 +687,7 @@ CONFIG_NETFILTER_XT_CONNMARK=y
 #
 # Xtables targets
 #
-# CONFIG_NETFILTER_XT_TARGET_AUDIT is not set
+CONFIG_NETFILTER_XT_TARGET_AUDIT=y
 CONFIG_NETFILTER_XT_TARGET_CHECKSUM=y
 CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y
 CONFIG_NETFILTER_XT_TARGET_CONNMARK=y
@@ -708,6 +709,7 @@ CONFIG_NETFILTER_XT_TARGET_REDIRECT=y
 # CONFIG_NETFILTER_XT_TARGET_TEE is not set
 # CONFIG_NETFILTER_XT_TARGET_TPROXY is not set
 # CONFIG_NETFILTER_XT_TARGET_TRACE is not set
+# CONFIG_NETFILTER_XT_TARGET_SECMARK is not set
 # CONFIG_NETFILTER_XT_TARGET_TCPMSS is not set
 # CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set
 
@@ -4485,6 +4487,7 @@ CONFIG_SECURITY_NETWORK=y
 # CONFIG_SECURITY_SELINUX is not set
 CONFIG_SECURITY_SMACK=y
 # CONFIG_SECURITY_SMACK_BRINGUP is not set
+CONFIG_SECURITY_SMACK_NETFILTER=y
 # CONFIG_SECURITY_SMACK_PERMISSIVE_MODE is not set
 # CONFIG_SECURITY_TOMOYO is not set
 # CONFIG_SECURITY_APPARMOR is not set
-- 
2.7.4