> I've seen a lot of this too. Having said that, I'm mildly worried about > introducing yet-another way to allow this connection, since each different > way we introduce raises the SELinux learning curve. If we're going to do > something, I'd want it to be bigger. > > What about something like: > > sets_property(uncrypt, powerctl_prop); > > define(`sets_property', ` > unix_socket_connect($1, property, init) > allow $1 $2:property_service set; > ') > > Then sets_property implicitly grants access to the property space. >
Yes that's fine by me. I was initially thinking in this direction but yielded to the smaller set. I think this is more natural to say, "let me set the property" not "let me connect to property service and then later set the property" When I'll get to this, not sure :-P. I have some sysfs patches i'm getting ready to upstream that deal with transient sysfs nodes not inheriting their parent labels as well (FYI). I've seen a lot of hacks to deal with that issue, so I think we should put it to bed once-and-for-all. > Alternatively, I'd love to see an SELinux lint tool, which looked for > common SELinux misconfigurations and warned on them. For example, a > property_service set without the ability to connect to init would be an > error, as would specifying duplicate allow rules within the same file. > > -- Nick > > On Mon, May 4, 2015 at 2:06 PM, <[email protected]> wrote: > >> I am seeing a lot of this: >> >> unix_socket_connect(uncrypt, property, init) >> allow uncrypt powerctl_prop:property_service set; >> >> I am seeing things where people forget the write on the socket, to >> actually send the set cmd (testing might be missing this, etc) as well >> as >> a failure to neatly macro them like in the base policy. I think the >> unix_socket_connect() can be a bit confusing the first time one >> encounters >> it. >> >> I am proposing a macro that more in line fits with the semantics of >> Android, and aligns to the use_.* (keystore) style macros. Not compile >> tested. >> >> # >> # Allows a domain to connect and write to the property service >> # socket. >> # >> # use_property_service(domain) >> define(`use_property_service', ` >> unix_socket_connect($1, property, init) >> ') >> >> Any hatred over this? Patches welcomed upstream? >> >> >> _______________________________________________ >> Seandroid-list mailing list >> [email protected] >> To unsubscribe, send email to [email protected]. >> To get help, send an email containing "help" to >> [email protected]. >> > > > > -- > Nick Kralevich | Android Security | [email protected] | 650.214.4037 > _______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
