Changes in Kconfig

ec8f24b7 - treewide: Add SPDX license identifier - Makefile/Kconfig

Sun, 19 May 2019 12:07:45 +0000

treewide: Add SPDX license identifier - Makefile/KconfigAdd SPDX license identifiers to all Make/Kconfig files which: - Have no license information of any formThese files fall under the project license, GPL v2 only. The resulting SPDXlicense identifier is: GPL-2.0-onlySigned-off-by: Thomas Gleixner Signed-off-by: Greg Kroah-Hartman List of files: /linux-6.15/security/smack/Kconfig

c60b9066 - Smack: Signal delivery as an append operation

Tue, 30 Aug 2016 17:31:39 +0000

Smack: Signal delivery as an append operationUnder a strict subject/object security policy delivering asignal or delivering network IPC could be considered eithera write or an append operation. The original choice to makeboth write operations leads to an issue where IPC deliveryis desired under policy, but delivery of signals is not.This patch provides the option of making signal deliveryan append operation, allowing Smack rules that deny signaldelivery while allowing IPC. This was requested for Tizen.Signed-off-by: Casey Schaufler List of files: /linux-6.15/security/smack/Kconfig

69f287ae - Smack: secmark support for netfilter

Sat, 13 Dec 2014 01:08:40 +0000

Smack: secmark support for netfilterSmack uses CIPSO to label internet packets and thus providefor access control on delivery of packets. The netfilter facilitywas not used to allow for Smack to work properly without netfilterconfiguration. Smack does not need netfilter, however there arecases where it would be handy.As a side effect, the labeling of local IPv4 packets can be optimizedand the handling of local IPv6 packets is just all out better.The best part is that the netfilter tools use "contexts" thatare just strings, and they work just as well for Smack as theydo for SELinux.All of the conditional compilation for IPv6 was implementedby Rafal Krypa Signed-off-by: Casey Schaufler List of files: /linux-6.15/security/smack/Kconfig

d166c802 - Smack: Bring-up access mode

Wed, 27 Aug 2014 21:51:27 +0000

Smack: Bring-up access modePeople keep asking me for permissive mode, and I keep saying "no".Permissive mode is wrong for more reasons than I can enumerate,but the compelling one is that it's once on, never off.Nonetheless, there is an argument to be made for running aprocess with lots of permissions, logging which are required,and then locking the process down. There wasn't a way to dothat with Smack, but this provides it.The notion is that you start out by giving the process anappropriate Smack label, such as "ATBirds". You create ruleswith a wide range of access and the "b" mode. On Tizen itmight be: ATBirds System rwxalb ATBirds User rwxalb ATBirds _ rwxalb User ATBirds wb System ATBirds wbAccesses that fail will generate audit records. Accessesthat succeed because of rules marked with a "b" generatelog messages identifying the rule, the program and as muchobject information as is convenient.When the system is properly configured and the programsbrought in line with the labeling scheme the "b" mode canbe removed from the rules. When the system is ready forproduction the facility can be configured out.This provides the developer the convenience of permissivemode without creating a system that looks like it isenforcing a policy while it is not.Signed-off-by: Casey Schaufler List of files: /linux-6.15/security/smack/Kconfig

111fe8bd - Smack: use select not depends in Kconfig

Fri, 02 Nov 2012 18:28:11 +0000

Smack: use select not depends in KconfigThe components NETLABEL and SECURITY_NETWORK are required bySmack. Using "depends" in Kconfig hides the Smack optionif the user hasn't figured out that they need to be enabledwhile using make menuconfig. Using select is a better choice.Because select is not recursive depends on NET and SECURITYare added. The reflects similar usage in TOMOYO and AppArmor.Targeted for git://git.gitorious.org/smack-next/kernel.gitSigned-off-by: Casey Schaufler List of files: /linux-6.15/security/smack/Kconfig

e114e473 - Smack: Simplified Mandatory Access Control Kernel

Tue, 05 Feb 2008 06:29:50 +0000

Smack: Simplified Mandatory Access Control KernelSmack is the Simplified Mandatory Access Control Kernel.Smack implements mandatory access control (MAC) using labelsattached to tasks and data containers, including files, SVIPC,and other tasks. Smack is a kernel based scheme that requiresan absolute minimum of application support and a very smallamount of configuration data.Smack uses extended attributes andprovides a set of general mount options, borrowing technics usedelsewhere. Smack uses netlabel for CIPSO labeling. Smack providesa pseudo-filesystem smackfs that is used for manipulation ofsystem Smack attributes.The patch, patches for ls and sshd, a README, a startup script,and x86 binaries for ls and sshd are also available on http://www.schaufler-ca.comDevelopment has been done using Fedora Core 7 in a virtual machineenvironment and on an old Sony laptop.Smack provides mandatory access controls based on the label attachedto a task and the label attached to the object it is attempting toaccess. Smack labels are deliberately short (1-23 characters) textstrings. Single character labels using special characters are reservedfor system use. The only operation applied to Smack labels is equalitycomparison. No wildcards or expressions, regular or otherwise, areused. Smack labels are composed of printable characters and may notinclude "/".A file always gets the Smack label of the task that created it.Smack defines and uses these labels: "*" - pronounced "star" "_" - pronounced "floor" "^" - pronounced "hat" "?" - pronounced "huh"The access rules enforced by Smack are, in order:1. Any access requested by a task labeled "*" is denied.2. A read or execute access requested by a task labeled "^" is permitted.3. A read or execute access requested on an object labeled "_" is permitted.4. Any access requested on an object labeled "*" is permitted.5. Any access requested by a task on an object with the same label is permitted.6. Any access requested that is explicitly defined in the loaded rule set is permitted.7. Any other access is denied.Rules may be explicitly defined by writing subject,object,accesstriples to /smack/load.Smack rule sets can be easily defined that describe Bell&LaPadulasensitivity, Biba integrity, and a variety of interestingconfigurations. Smack rule sets can be modified on the fly toaccommodate changes in the operating environment or even the timeof day.Some practical use cases:Hierarchical levels. The less common of the two usual usesfor MLS systems is to define hierarchical levels, oftenunclassified, confidential, secret, and so on. To set up smackto support this, these rules could be defined: C Unclass rx S C rx S Unclass rx TS S rx TS C rx TS Unclass rxA TS process can read S, C, and Unclass data, but cannot write it.An S process can read C and Unclass. Note that specifying thatTS can read S and S can read C does not imply TS can read C, ithas to be explicitly stated.Non-hierarchical categories. This is the more common of theusual uses for an MLS system. Since the default rule is that asubject cannot access an object with a different label noaccess rules are required to implement compartmentalization.A case that the Bell & LaPadula policy does not allow is demonstratedwith this Smack access rule:A case that Bell&LaPadula does not allow that Smack does: ESPN ABC r ABC ESPN rOn my portable video device I have two applications, one thatshows ABC programming and the other ESPN programming. ESPN wantsto show me sport stories that show up as news, and ABC willonly provide minimal information about a sports story if ESPNis covering it. Each side can look at the other's info, neithercan change the other. Neither can see what FOX is up to, whichis just as well all things considered.Another case that I especially like: SatData Guard w Guard Publish wA program running with the Guard label opens a UDP socket andaccepts messages sent by a program running with a SatData label.The Guard program inspects the message to ensure it is wholesomeand if it is sends it to a program running with the Publish label.This program then puts the information passed in an appropriateplace. Note that the Guard program cannot write to a Publishfile system object because file system semanitic require read aswell as write.The four cases (categories, levels, mutual read, guardbox) hereare all quite real, and problems I've been asked to solve overthe years. The first two are easy to do with traditonal MLS systemswhile the last two you can't without invoking privilege, at leastfor a while.Signed-off-by: Casey Schaufler Cc: Joshua Brindle Cc: Paul Moore Cc: Stephen Smalley Cc: Chris Wright Cc: James Morris Cc: "Ahmed S. Darwish" Cc: Andrew G. Morgan Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds List of files: /linux-6.15/security/smack/Kconfig