I like that, but I wonder at its scope. Would an update to the OS be allowed to update the policy? For example, Microsoft ships updates to the Windows O/S 2 times (at least) per month. Would that type of update to Android allow policy updates?
Another question involves the list of authoritative CSPs. That can now be updated in most O/S available on the market. Is that still allowed to be updated, or is that already allowed by policy? ..tom On Fri, Apr 7, 2017 at 10:34 AM, Nick Kralevich <[email protected]> wrote: > I wanted to draw people's attention to the following proposed change: > > https://android-review.googlesource.com/367695 > > In the case of Android, it's common for security policy to be loaded once, > and never reloaded again. In that case, the locking / unlocking surrounding > the in-kernel policy is unnecessary and can be avoided. The patch above > turns the locks into no-ops and ensures that the kernel cannot load a > policy more than once. End result is that locking and preemption overhead > is avoided and there's less attack surface / code compiled into the kernel. > > I would appreciate comments on the change. This feels like a worthwhile > change for the entire SELinux community. > > -- Nick > > -- > Nick Kralevich | Android Security | [email protected] | 650.214.4037 > <(650)%20214-4037> > > _______________________________________________ > Seandroid-list mailing list > [email protected] > To unsubscribe, send email to [email protected]. > To get help, send an email containing "help" to > [email protected]. > -- ..tom
_______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
