#include <linux/sched.h>
#include "smack.h"
-struct smack_known smack_known_unset = {
- .smk_next = NULL,
- .smk_known = "UNSET",
- .smk_secid = 1,
- .smk_cipso = NULL,
-};
-
struct smack_known smack_known_huh = {
- .smk_next = &smack_known_unset,
+ .smk_next = NULL,
.smk_known = "?",
.smk_secid = 2,
.smk_cipso = NULL,
.smk_cipso = NULL,
};
-struct smack_known *smack_known = &smack_known_invalid;
+struct smack_known smack_known_web = {
+ .smk_next = &smack_known_invalid,
+ .smk_known = "@",
+ .smk_secid = 7,
+ .smk_cipso = NULL,
+};
+
+struct smack_known *smack_known = &smack_known_web;
/*
* The initial value needs to be bigger than any of the
if (subject_label == smack_known_star.smk_known ||
strcmp(subject_label, smack_known_star.smk_known) == 0)
return -EACCES;
+ /*
+ * An internet object can be accessed by any subject.
+ * Tasks cannot be assigned the internet label.
+ * An internet subject can access any object.
+ */
+ if (object_label == smack_known_web.smk_known ||
+ subject_label == smack_known_web.smk_known ||
+ strcmp(object_label, smack_known_web.smk_known) == 0 ||
+ strcmp(subject_label, smack_known_web.smk_known) == 0)
+ return 0;
/*
* A star object can be accessed by any subject.
*/
git.openpandora.org / pandora-kernel.git / blobdiff