• Casey Schaufler's avatar
    Smack: Signal delivery as an append operation · c60b9066
    Casey Schaufler authored
    Under a strict subject/object security policy delivering a
    signal or delivering network IPC could be considered either
    a write or an append operation. The original choice to make
    both write operations leads to an issue where IPC delivery
    is desired under policy, but delivery of signals is not.
    This patch provides the option of making signal delivery
    an append operation, allowing Smack rules that deny signal
    delivery while allowing IPC. This was requested for Tizen.
    Signed-off-by: default avatarCasey Schaufler <casey@schaufler-ca.com>
    c60b9066
smack_lsm.c 116 KB