On Fri, Apr 07, 2017 at 11:39:55AM -0700, Nick Kralevich wrote: > When a file is created in a directory, the default label for the file > is based on the label of the enclosing directory (unless something > like setfscreatecon is used). For example: > > bullhead:/ # cd /data/misc/zoneinfo/ > > bullhead:/data/misc/zoneinfo # ls -ladZ . > drwxrwxr-x 2 system system u:object_r:zoneinfo_data_file:s0 4096 > 1971-06-19 17:07 . > bullhead:/data/misc/zoneinfo # touch asdf > bullhead:/data/misc/zoneinfo # ls -ladZ . asdf > > drwxrwxr-x 2 system system u:object_r:zoneinfo_data_file:s0 4096 > 2017-04-07 18:32 . > -rw-rw-rw- 1 root root u:object_r:zoneinfo_data_file:s0 0 > 2017-04-07 18:32 asdf > > note how the label of the "asdf" file matches the label of the > enclosing directory. > > However, that's not true when the directory uses categories. In that > case, the newly created file inherits the label, but not the > categories. For example: > > bullhead:/data/data # cd /data/data/com.android.chrome > bullhead:/data/data/com.android.chrome # ls -ladZ . > drwx------ 6 u0_a60 u0_a60 u:object_r:app_data_file:s0:c512,c768 4096 > 1971-07-15 15:31 . > bullhead:/data/data/com.android.chrome # touch asdf > bullhead:/data/data/com.android.chrome # ls -laZd . asdf > drwx------ 6 u0_a60 u0_a60 u:object_r:app_data_file:s0:c512,c768 4096 > 2017-04-07 18:35 . > -rw-rw-rw- 1 root root u:object_r:app_data_file:s0 0 > 2017-04-07 18:35 asdf > > Note how the label is maintained, but the "c512,c768" portion is not > maintained. While this example occurs when I'm running in a permissive > domain, it also occurs in an enforcing domain. > > The inconsistency seems weird, and I'm sure there's a good reason why > this occurs that I'm not familiar with. Can someone help me understand > if this is expected, and if so, why? I think that is actually a sane default (defaultrange source) as opposed to default range target because if a process associated with s0:c123,c456 creates a file, then i would expect that file to inherit s0:c123,c456 from the source and not s0 from the target for example RedHat, i think, overrides this default as well and uses defaultrange target and I think that is a strange decision. If I have qemu instance with s0:c123,c456 that for example creates a pty, then I would want to have that pty constrained by s0:c123,c456 as well > > -- > Nick Kralevich | Android Security | nnk@xxxxxxxxxx | 650.214.4037 > _______________________________________________ > Selinux mailing list > Selinux@xxxxxxxxxxxxx > To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. > To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx. -- Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02 https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02 Dominick Grift
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
