On early boot, Android's init process copies random bytes from the hw rng device to /dev/random. After doing so, /dev/random contains all the entropy from the hw rng, plus it's own internal entropy, and is strictly safer to use than a hw rng itself.
The neverallow rule ensures that all processes are using the most random data we have available. There are no strong guarantees about hw rngs; implementation details differ and could be good or bad, and no source code availability. -- Nick On Mon, Jun 8, 2015 at 2:25 AM, Jaeik Cho <[email protected]> wrote: > Hi, > > I'm curious about a neverallow rule in domain.te, why hw rng device access > is neverallow? > Is there any security reason or the device usability reason? > > Thanks > > Jake. > _______________________________________________ > Seandroid-list mailing list > [email protected] > To unsubscribe, send email to [email protected]. > To get help, send an email containing "help" to > [email protected]. > -- Nick Kralevich | Android Security | [email protected] | 650.214.4037
_______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
