On Mon, Oct 09, 2017 at 05:10:37PM -0700, Laura Abbott wrote: > On 10/09/2017 03:08 PM, Mark Brown wrote: > > On Mon, Oct 09, 2017 at 02:25:47PM -0700, Laura Abbott wrote: > >> Anyway, to move this forward I think we need to see a proof of concept > >> of using selinux to protect access to specific heaps. > > Aren't Unix permissions enough with separate files or am I > > misunderstanding what you're looking to see a proof of concept for? > The goal is to be able to restrict heap access to certain services > and selinux groups on Android so straight unix permissions aren't > sufficient. Oh, there's Android users for this? The users I was aware of were non-Android. Though even so I'd have thought that given that SELinux is a superset of Unix file permissions it ought to be sufficient to be able to use them. I'd been thinking people were suggesting SELinux as a replacement for file permissions, using the single file and the greater capabilities of SELinux.
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ dri-devel mailing list dri-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/dri-devel