Thanks Stephen and Roberts. It is pretty clear to me now. Thanks again for the additional reading materials.
-----Original Message----- From: Roberts, William C [mailto:[email protected]] Sent: Friday, July 17, 2015 1:11 PM To: Stephen Smalley; Enfeng Huang Cc: [email protected] Subject: RE: New Categories on Non System App of Android M Preview > -----Original Message----- > From: Seandroid-list [mailto:[email protected]] On > Behalf Of Stephen Smalley > Sent: Friday, July 17, 2015 11:55 AM > To: Enfeng Huang > Cc: [email protected] > Subject: Re: New Categories on Non System App of Android M Preview > > See https://android-review.googlesource.com/#/c/107443/ > > On Fri, Jul 17, 2015 at 2:33 PM, Enfeng Huang <[email protected]> wrote: > > Hi all, > > > > > > > > Recently, I found that there are 2 new SEAndroid categories > > (c512,c768) added to the non system app. > > > > Why should there be such a change? On the previous Android version, > > there is no category at all. > > > > Another question is why 2 categories are used instead of 1? I think > > that 1 category may be enough. If you look into external/libselinux/src/android.c at function seapp_context_lookup() it should Become apparent (hopefully) the underpinnings of this. You don't want collisions between various levelFrom options in seapp_contexts between category sets. IE you don't want levelFrom=user and levelFrom=app to collide and thus defeat MLS separation. levelFrom=app gets a category set where one might be from 0-255 and the other form 256-511 levelFrom=user gets a category set where one might be from 512-767 and the other form 768-1023 levelFrom=all is the above two and thus has 4 categories in the set. levelFrom user will provide MLS isolation between physical Android users (not the uid sandboxing mechanism that is internal to a user) levelFrom app will provide MLS isolation between apps and this reinforce the app sandboxing, however IIRC breaks inter app file sharing on open(). levelFrom all does both inter-user and inter-application This is all based on the current MLS rules as I can best remember offhand. To understand category sets, make sure you understand the MLS syntax and domby, etc statements. I found this reference handy for that (its terse but I found that to be the most helpful): http://selinuxproject.org/page/NB_MLS Another resource is the SELinux notebook: http://www.freetechbooks.com/the-selinux-notebook-the-foundations-t785.html Relevant code: if (cur->levelFrom != LEVELFROM_NONE) { char level[255]; switch (cur->levelFrom) { case LEVELFROM_APP: snprintf(level, sizeof level, "s0:c%u,c%u", appid & 0xff, 256 + (appid>>8 & 0xff)); break; case LEVELFROM_USER: snprintf(level, sizeof level, "s0:c%u,c%u", 512 + (userid & 0xff), 768 + (userid>>8 & 0xff)); break; case LEVELFROM_ALL: snprintf(level, sizeof level, "s0:c%u,c%u,c%u,c%u", appid & 0xff, 256 + (appid>>8 & 0xff), 512 + (userid & 0xff), 768 + (userid>>8 & 0xff)); > > > > > > > > Thanks, > > > > Enfeng Huang, software engineer @ Samsung Research America > > > > > > _______________________________________________ > > Seandroid-list mailing list > > [email protected] > > To unsubscribe, send email to [email protected]. > > To get help, send an email containing "help" to > > [email protected]. > _______________________________________________ > Seandroid-list mailing list > [email protected] > To unsubscribe, send email to [email protected]. > To get help, send an email containing "help" to Seandroid-list- > [email protected]. _______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
