On Tue, Jul 24, 2012 at 6:04 AM, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote:
On Mon, 2012-07-23 at 15:05 -0700, Haiqing Jiang wrote:It may be legitimate, but I want to understand why and how it happens
> If in that case, I don't think it's a good idea to allow permission to
> mediaserver over rild. Thanks for your comments.
before allowing it.
>
> On Mon, Jul 23, 2012 at 6:26 AM, Stephen Smalley <sds@xxxxxxxxxxxxx>
> wrote:
> On Thu, 2012-07-19 at 16:07 -0700, Haiqing Jiang wrote:
> > ---
> > mediaserver.te | 3 +++
> > 1 files changed, 3 insertions(+), 0 deletions(-)
> >
> > diff --git a/mediaserver.te b/mediaserver.te
> > index d3f0334..6dd4d4a 100644
> > --- a/mediaserver.te
> > +++ b/mediaserver.te
> > @@ -40,3 +40,6 @@ allow mediaserver
> camera_calibration_file:file r_file_perms;
> > # Read/[write] to /proc/net/xt_qtaguid/ctrl
> and /dev/xt_qtaguid
> > allow mediaserver qtaguid_proc:file rw_file_perms;
> > allow mediaserver qtaguid_device:chr_file r_file_perms;
> > +
> > +# Talk to rild via socket
> > +unix_socket_connect(mediaserver, rild, rild)
>
>
> Hmm...it used to be that only radio could connect to rild.
> socket perms are 660 root radio, and mediaserver runs as
> media.
> Doesn't seem like this is possible even under DAC.
> Clarification
> requested?
>
> --
> Stephen Smalley
> National Security Agency
>
>
>
>
>
> --
> -----------------------------------
> Haiqing Jiang, PH.D student
>
>
> Computer Science Department, North Carolina State University
>
>
>
--
Stephen Smalley
National Security Agency
-----------------------------------
Haiqing Jiang, PH.D studentComputer Science Department, North Carolina State University
