en Copyright 2015 Java http://172.16.0.5:8080/history/linux-6.15/security/smack/Makefile#ec8f24b7 treewide: Add SPDX license identifier - Makefile/KconfigAdd SPDX license identifiers to all Make/Kconfig files which: - Have no license information of any formThese files fall under the project license, GPL v2 only. The resulting SPDXlicense identifier is: GPL-2.0-onlySigned-off-by: Thomas Gleixner <tglx@linutronix.de>Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> List of files: /linux-6.15/security/smack/Makefile Sun, 19 May 2019 12:07:45 +0000 Thomas Gleixner <tglx@linutronix.de> http://172.16.0.5:8080/history/linux-6.15/security/smack/Makefile#82b0b2c2 Smack: Repair netfilter dependencyOn 1/23/2015 8:20 AM, Jim Davis wrote:> Building with the attached random configuration file,>> security/smack/smack_netfilter.c: In function ‘smack_ipv4_output’:> security/smack/smack_netfilter.c:55:6: error: ‘struct sk_buff’ has no> member named ‘secmark’> skb->secmark = skp->smk_secid;> ^> make[2]: *** [security/smack/smack_netfilter.o] Error 1The existing Makefile used the wrong configuration option todetermine if smack_netfilter should be built. This sets it right.Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> List of files: /linux-6.15/security/smack/Makefile Fri, 23 Jan 2015 17:31:01 +0000 Casey Schaufler <casey@schaufler-ca.com> http://172.16.0.5:8080/history/linux-6.15/security/smack/Makefile#69f287ae Smack: secmark support for netfilterSmack uses CIPSO to label internet packets and thus providefor access control on delivery of packets. The netfilter facilitywas not used to allow for Smack to work properly without netfilterconfiguration. Smack does not need netfilter, however there arecases where it would be handy.As a side effect, the labeling of local IPv4 packets can be optimizedand the handling of local IPv6 packets is just all out better.The best part is that the netfilter tools use "contexts" thatare just strings, and they work just as well for Smack as theydo for SELinux.All of the conditional compilation for IPv6 was implementedby Rafal Krypa <r.krypa@samsung.com>Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> List of files: /linux-6.15/security/smack/Makefile Sat, 13 Dec 2014 01:08:40 +0000 Casey Schaufler <casey@schaufler-ca.com> http://172.16.0.5:8080/history/linux-6.15/security/smack/Makefile#e114e473 Smack: Simplified Mandatory Access Control KernelSmack is the Simplified Mandatory Access Control Kernel.Smack implements mandatory access control (MAC) using labelsattached to tasks and data containers, including files, SVIPC,and other tasks. Smack is a kernel based scheme that requiresan absolute minimum of application support and a very smallamount of configuration data.Smack uses extended attributes andprovides a set of general mount options, borrowing technics usedelsewhere. Smack uses netlabel for CIPSO labeling. Smack providesa pseudo-filesystem smackfs that is used for manipulation ofsystem Smack attributes.The patch, patches for ls and sshd, a README, a startup script,and x86 binaries for ls and sshd are also available on http://www.schaufler-ca.comDevelopment has been done using Fedora Core 7 in a virtual machineenvironment and on an old Sony laptop.Smack provides mandatory access controls based on the label attachedto a task and the label attached to the object it is attempting toaccess. Smack labels are deliberately short (1-23 characters) textstrings. Single character labels using special characters are reservedfor system use. The only operation applied to Smack labels is equalitycomparison. No wildcards or expressions, regular or otherwise, areused. Smack labels are composed of printable characters and may notinclude "/".A file always gets the Smack label of the task that created it.Smack defines and uses these labels: "*" - pronounced "star" "_" - pronounced "floor" "^" - pronounced "hat" "?" - pronounced "huh"The access rules enforced by Smack are, in order:1. Any access requested by a task labeled "*" is denied.2. A read or execute access requested by a task labeled "^" is permitted.3. A read or execute access requested on an object labeled "_" is permitted.4. Any access requested on an object labeled "*" is permitted.5. Any access requested by a task on an object with the same label is permitted.6. Any access requested that is explicitly defined in the loaded rule set is permitted.7. Any other access is denied.Rules may be explicitly defined by writing subject,object,accesstriples to /smack/load.Smack rule sets can be easily defined that describe Bell&LaPadulasensitivity, Biba integrity, and a variety of interestingconfigurations. Smack rule sets can be modified on the fly toaccommodate changes in the operating environment or even the timeof day.Some practical use cases:Hierarchical levels. The less common of the two usual usesfor MLS systems is to define hierarchical levels, oftenunclassified, confidential, secret, and so on. To set up smackto support this, these rules could be defined: C Unclass rx S C rx S Unclass rx TS S rx TS C rx TS Unclass rxA TS process can read S, C, and Unclass data, but cannot write it.An S process can read C and Unclass. Note that specifying thatTS can read S and S can read C does not imply TS can read C, ithas to be explicitly stated.Non-hierarchical categories. This is the more common of theusual uses for an MLS system. Since the default rule is that asubject cannot access an object with a different label noaccess rules are required to implement compartmentalization.A case that the Bell & LaPadula policy does not allow is demonstratedwith this Smack access rule:A case that Bell&LaPadula does not allow that Smack does: ESPN ABC r ABC ESPN rOn my portable video device I have two applications, one thatshows ABC programming and the other ESPN programming. ESPN wantsto show me sport stories that show up as news, and ABC willonly provide minimal information about a sports story if ESPNis covering it. Each side can look at the other's info, neithercan change the other. Neither can see what FOX is up to, whichis just as well all things considered.Another case that I especially like: SatData Guard w Guard Publish wA program running with the Guard label opens a UDP socket andaccepts messages sent by a program running with a SatData label.The Guard program inspects the message to ensure it is wholesomeand if it is sends it to a program running with the Publish label.This program then puts the information passed in an appropriateplace. Note that the Guard program cannot write to a Publishfile system object because file system semanitic require read aswell as write.The four cases (categories, levels, mutual read, guardbox) hereare all quite real, and problems I've been asked to solve overthe years. The first two are easy to do with traditonal MLS systemswhile the last two you can't without invoking privilege, at leastfor a while.Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>Cc: Joshua Brindle <method@manicmethod.com>Cc: Paul Moore <paul.moore@hp.com>Cc: Stephen Smalley <sds@tycho.nsa.gov>Cc: Chris Wright <chrisw@sous-sol.org>Cc: James Morris <jmorris@namei.org>Cc: "Ahmed S. Darwish" <darwish.07@gmail.com>Cc: Andrew G. Morgan <morgan@kernel.org>Signed-off-by: Andrew Morton <akpm@linux-foundation.org>Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> List of files: /linux-6.15/security/smack/Makefile Tue, 05 Feb 2008 06:29:50 +0000 Casey Schaufler <casey@schaufler-ca.com>