I like that, but I wonder at its scope. Would an update to the OS be allowed to update the policy? For example, Microsoft ships updates to the Windows O/S 2 times (at least) per month. Would that type of update to Android allow policy updates?
Another question involves the list of authoritative CSPs. That can now be updated in most O/S available on the market. Is that still allowed to be updated, or is that already allowed by policy? ..tom On Fri, Apr 7, 2017 at 10:34 AM, Nick Kralevich <n...@google.com> wrote: > I wanted to draw people's attention to the following proposed change: > > https://android-review.googlesource.com/367695 > > In the case of Android, it's common for security policy to be loaded once, > and never reloaded again. In that case, the locking / unlocking surrounding > the in-kernel policy is unnecessary and can be avoided. The patch above > turns the locks into no-ops and ensures that the kernel cannot load a > policy more than once. End result is that locking and preemption overhead > is avoided and there's less attack surface / code compiled into the kernel. > > I would appreciate comments on the change. This feels like a worthwhile > change for the entire SELinux community. > > -- Nick > > -- > Nick Kralevich | Android Security | n...@google.com | 650.214.4037 > <(650)%20214-4037> > > _______________________________________________ > Seandroid-list mailing list > Seandroid-list@tycho.nsa.gov > To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. > To get help, send an email containing "help" to > seandroid-list-requ...@tycho.nsa.gov. > -- ..tom
_______________________________________________ Seandroid-list mailing list Seandroid-list@tycho.nsa.gov To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. To get help, send an email containing "help" to seandroid-list-requ...@tycho.nsa.gov.