William Roberts wrote:
Picking up on this:
> Yeah I have ran into this before. In Samsung we just sent an OTA, as
it was no big deal. We either need something like relabeld or a way for
the kernel to set the security attribute at file open based on the
policy, rather than needing to label.... I'm not a huge fan of labeling.
>> Labeling may be painful at times, but all the alternatives are far
>> worse. And setting the security attribute at file open would defeat the
>> entire purpose. Anyway, that's rather off-topic.
>>> Can we start another thread on this, I would love to hear what you
know on this.
How would consulting the policy before the descriptor being handed out
be a security issue?
I could see their being performance issues, but considering we have
named type transitions for files, isn't this really an extension of that?
We assume that policies are never modified, and if someone can change
the policy or the
secuirty xattr, then they have won anyways.
http://securityblog.org/2006/04/19/security-anti-pattern-path-based-access-control/
Most of those are applicable, particularly namespaces, etc.
named type transitions are only the filename, not the path. It is also
only a labeling hint, policy still has to allow the creator to create
files of that type.
--
This message was distributed to subscribers of the seandroid-list mailing list.
If you no longer wish to subscribe, send mail to [email protected] with
the words "unsubscribe seandroid-list" without quotes as the message.
