On 02/23/2016 04:22 PM, Nick Kralevich wrote:
Thanks for proposing this patch Dan. As you said, the current API feels error prone, as it has two entirely different behaviors depending on whether the pid is zero or non-zero. Your patch corrects this error prone API and clearly separates out a query by PID vs a query of the process itself. This patch helps provide robustness against bugs similar to: https://code.google.com/p/google-security-research/issues/detail?id=727 https://code.google.com/p/android/issues/detail?id=200617 (note that the Android code in question was reviewed by Stephen, myself, and others within Google, and we all missed this particular bug) I would recommend the upstream SELinux community accept the patch, even at the potential expense of breaking compatibility with other apps.
As I haven't heard or seen of anything that would break with this change, I've merged this patch. You'll need to apply it separately to Android libselinux since that is still a fork.
_______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
