Hi, Any thoughts on this? I would guess every system with active databases would need to address this somehow? -- Janne On Fri, Apr 5, 2019 at 3:46 PM Janne Karhunen <janne.karhunen@xxxxxxxxx> wrote: > > Hi, > > I've setup an android based mobile device with pretty complete ima/evm > setup that covers just about all the standard use cases (imasig based > filesystems, ota support, factory reset support etc). All that is fine > and ima runs like a clock. > > Since this is a mobile device, running out of battery or getting shot > in the head by something is always a realistic option. The random > resets seem to be leading into random appraisal failures as android > seems to be keeping surprisingly many files constantly open for > writing. So many actually, that I feel somewhat uneasy starting to > whitelist these files from the ima policy. That sounds like a viable > route only when it comes to the log files as those files primarily > move data only one way. > > Now, is there any prior art on this how to make this work right? The > improvements that I can instantly think of are, > 1) whitelist everything that can be, > 2) reduce the vfs flush delays, > 3) make it detect the reset condition and fix the known files when > that happened. Unsafe and requires a patch (but that seems easy). > > Anything else? > > > -- > Janne
