On 04/30/2015 11:23 AM, Stephen Smalley wrote: > On 04/29/2015 10:37 PM, Clifford Liem wrote: >> >> >> On Apr 29, 2015, at 11:22 AM, Stephen Smalley <[email protected] >> <mailto:[email protected]>> wrote: >> >>> On 04/29/2015 10:53 AM, Stephen Smalley wrote: >>>> On 04/29/2015 10:10 AM, Clifford Liem wrote: >>>>> Background: >>>>> >>>>> We are using eCryptfs as a way to encrypt directories as well as PID >>>>> namespaces as a way to isolate processes. >>>> >>>> I believe Samsung has been using ecryptfs as well, not sure how they are >>>> addressing it, but perhaps they can do all of the mounting from vold or >>>> zygote. >>>> >>>> Wondering how use of PID namespaces might affect binder services that >>>> rely on the sender PID information provided by the kernel binder driver >>>> and those that rely on getpidcon(), e.g. servicemanager and keystore. >>> >>> BTW, what do you see as the security benefit of PID namespaces? They >>> are primarily advertised as a way to support process >>> suspend/resume/migration, not a security feature. >>> >> >> I think that suspend/resume/migration is just an example, but the >> collection of different types of namespaces as a whole is for security >> purposes. With PID namespaces we can isolate visibility of processes, as >> well as restrict signals (e.g. kill) along different namespace hierarchies. >> https://lwn.net/Articles/531114/ > > I really don't believe there is anything you can do via PID namespaces > that you can't already do via SELinux, e.g. it can already isolate > /proc/pid directories, signals, etc. And for signals and a subset of > the /proc/pid files, you already get isolation by virtue of the per-app > UIDs. Just not sure it is worth using PID namespaces for this purpose...
Also, have you checked whether the use of PID namespaces in Android might break use of Binder.getCallingPid() throughout the Android frameworks as a way to reliably and uniquely identify callers? _______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
