On Fri, Jun 12, 2015 at 4:49 PM, Jeffrey Vander Stoep <jeffv@xxxxxxxxxx> wrote: > Go ahead and just remove them. I normally do, but forgot. They're just > tracking tags for android. Okay, thanks. > On Fri, Jun 12, 2015 at 1:46 PM, Paul Moore <paul@xxxxxxxxxxxxxx> wrote: >> >> On Fri, Jun 12, 2015 at 12:02 PM, Jeff Vander Stoep <jeffv@xxxxxxxxxx> >> wrote: >> > Add extended permissions logic to selinux. Extended permissions >> > provides additional permissions in 256 bit increments. Extend the >> > generic ioctl permission check to use the extended permissions for >> > per-command filtering. Source/target/class sets including the ioctl >> > permission may additionally include a set of commands. Example: >> > >> > allowxperm <source> <target>:<class> ioctl unpriv_app_socket_cmds >> > auditallowxperm <source> <target>:<class> ioctl priv_gpu_cmds >> > >> > Where unpriv_app_socket_cmds and priv_gpu_cmds are macros >> > representing commonly granted sets of ioctl commands. >> > >> > When ioctl commands are omitted only the permissions are checked. >> > This feature is intended to provide finer granularity for the ioctl >> > permission that may be too imprecise. For example, the same driver >> > may use ioctls to provide important and benign functionality such as >> > driver version or socket type as well as dangerous capabilities such >> > as debugging features, read/write/execute to physical memory or >> > access to sensitive data. Per-command filtering provides a mechanism >> > to reduce the attack surface of the kernel, and limit applications >> > to the subset of commands required. >> > >> > The format of the policy binary has been modified to include ioctl >> > commands, and the policy version number has been incremented to >> > POLICYDB_VERSION_XPERMS_IOCTL=30 to account for the format >> > change. >> > >> > The extended permissions logic is deliberately generic to allow >> > components to be reused e.g. netlink filters >> > >> > Bug: 19416735 >> > Change-Id: Ibd462f12ba5748cf5dd91f28e5795764363121a2 >> > Signed-off-by: Jeff Vander Stoep <jeffv@xxxxxxxxxx> >> > --- >> > v6 adds ommitted function comment header entries for avc_update_node >> > >> > security/selinux/avc.c | 415 >> > ++++++++++++++++++++++++++++++++++-- >> > security/selinux/hooks.c | 42 +++- >> > security/selinux/include/avc.h | 6 + >> > security/selinux/include/security.h | 32 ++- >> > security/selinux/ss/avtab.c | 104 +++++++-- >> > security/selinux/ss/avtab.h | 33 ++- >> > security/selinux/ss/conditional.c | 32 ++- >> > security/selinux/ss/conditional.h | 6 +- >> > security/selinux/ss/policydb.c | 5 + >> > security/selinux/ss/services.c | 213 ++++++++++++++++-- >> > security/selinux/ss/services.h | 6 + >> > 11 files changed, 834 insertions(+), 60 deletions(-) >> >> Also applied to the SELinux next-queue, thank you. >> >> However, can you explain the "Bug" and "Change-Id" headers in your >> patch description above? They are horribly generic and I'd like to >> remove them from the sign-off or at least provide a more descriptive >> name in order to limit the confusion. For example, could we provide a >> URL instead of a bug ID#? Could it be an Android-Change-Id (or >> similar)? >> >> -- >> paul moore >> www.paul-moore.com > > -- paul moore www.paul-moore.com _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
