review.tizen.org Git - profile/mobile/platform/kernel/linux-3.10-sc7730.git/commit

author	Rafal Krypa <r.krypa@samsung.com>
	Tue, 12 Apr 2016 01:48:51 +0000 (10:48 +0900)
committer	Inki Dae <inki.dae@samsung.com>
	Thu, 19 May 2016 07:03:57 +0000 (00:03 -0700)
commit	bee6771c062d465e13072a1d8a8577960c505759
tree	0dc1990c31c3aa3c2cca6d4a44c6a49206a87c75	tree \| snapshot
parent	c78fd1a737d6a3a3eaa1b03f34e3db68fc66cc70	commit \| diff

Smack: allow multiple labels in onlycap

Smack onlycap allows limiting of CAP_MAC_ADMIN and CAP_MAC_OVERRIDE to
processes running with the configured label. But having single privileged
label is not enough in some real use cases. On a complex system like Tizen,
there maybe few programs that need to configure Smack policy in run-time
and running them all with a single label is not always practical.
This patch extends onlycap feature for multiple labels. They are configured
in the same smackfs "onlycap" interface, separated by spaces.

Signed-off-by: Rafal Krypa <r.krypa@samsung.com>
[jooseong.lee: We applied this patch before but some codes are missed]
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
Change-Id: I4a312874be5b88d43f8af146ecde9552731dc454

Documentation/security/Smack.txt		diff \| blob \| history
security/smack/smackfs.c		diff \| blob \| history