[v2] Smack: improves the documentation

Message ID	1478249977-4022-1-git-send-email-jobol@nonadev.net (mailing list archive)
State	New, archived
Headers	show Return-Path: <linux-security-module-owner@kernel.org> From: jobol@nonadev.net To: linux-security-module@vger.kernel.org, casey@schaufler-ca.com Cc: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jose.bollo@iot.bzh>, =?UTF-8?q?Jos=C3=A9=20Bollo?= <jobol@nonadev.net> Subject: [PATCH v2] Smack: improves the documentation Date: Fri, 4 Nov 2016 09:59:37 +0100 Message-Id: <1478249977-4022-1-git-send-email-jobol@nonadev.net> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk

Message ID

1478249977-4022-1-git-send-email-jobol@nonadev.net (mailing list archive)

State

New, archived

Headers

From: jobol@nonadev.net
To: linux-security-module@vger.kernel.org, casey@schaufler-ca.com
Cc: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jose.bollo@iot.bzh>,
	=?UTF-8?q?Jos=C3=A9=20Bollo?= <jobol@nonadev.net>
Subject: [PATCH v2] Smack: improves the documentation
Date: Fri,  4 Nov 2016 09:59:37 +0100
Message-Id: <1478249977-4022-1-git-send-email-jobol@nonadev.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Sender: owner-linux-security-module@vger.kernel.org
Precedence: bulk

Commit Message

José Bollo Nov. 4, 2016, 8:59 a.m. UTC

From: José Bollo <jose.bollo@iot.bzh>

Update the documentation to reflect the processing
made in function 'smk_access' of smack_access.c

Signed-off-by: José Bollo <jobol@nonadev.net>
---
 Documentation/security/Smack.txt | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/Documentation/security/Smack.txt b/Documentation/security/Smack.txt
index 945cc63..dccdb34 100644
--- a/Documentation/security/Smack.txt
+++ b/Documentation/security/Smack.txt
@@ -405,16 +405,17 @@  attached to the object it is trying to access. The rules enforced are, in
 order:
 
 	1. Any access requested by a task labeled "*" is denied.
-	2. A read or execute access requested by a task labeled "^"
+	2. Any access requested on an object labeled "@" is permitted.
+	3. Any access requested on an object labeled "*" is permitted.
+	4. Any access requested by a task on an object with the same
+	   label is permitted.
+	5. A read, execute or lock access requested on an object labeled "_"
 	   is permitted.
-	3. A read or execute access requested on an object labeled "_"
+	6. A read, execute or lock access requested by a task labeled "^"
 	   is permitted.
-	4. Any access requested on an object labeled "*" is permitted.
-	5. Any access requested by a task on an object with the same
-	   label is permitted.
-	6. Any access requested that is explicitly defined in the loaded
+	7. Any access requested that is explicitly defined in the loaded
 	   rule set is permitted.
-	7. Any other access is denied.
+	8. Any other access is denied.
 
 Smack Access Rules

[v2] Smack: improves the documentation

Commit Message

Patch