On 06/19/2018 07:36 AM, Vivek Goyal wrote:
On Mon, Jun 18, 2018 at 02:59:50PM -0700, Mark Salyzyn wrote:
So in this system all callers are priviliged and have the capability to
mknod and set trusted xattrs.
This is true of the callers that make adjustments (in Android's Case
this is an su context provided to the adb tool for sync and push). More
importantly the large variety of callers have the passive/read MAC
credentials for their domain set of files; where the mounter/creator
does not.
(Amir mentioned the reason why we switch
creds). If not, then file unlink (Should do mknod), lower non-empty directory
rename (should set trusted REDIRECT) and bunch of other operations should fail.
Hmmm, neither was part of my test plan b/c these operations are more
esoteric for development ... need to add them and address them.
Thanks all (You, Eric, Amir and private) for your comments, will
regroup, test and address concerns!
-- Mark
--
To unsubscribe from this list: send the line "unsubscribe linux-doc" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
