For enterprise devices, we need to be able to support our customer troubleshooting issues. Thus, we need to have shell access to do exploring tasks like - ps - grep - exec diagnostic tools
However, we have different independent teams working on the products and they, except security team, are not aware of security policies. Likewise, security team will not know all the changes made by other teams (e.g., troubleshooting tools) to maintain the policies. So, we are looking for a solution that minimize the dependencies across teams and minimize the burden of security policy to other development teams. Tai On 11/29/12 8:27 AM, "Stephen Smalley" <[email protected]> wrote: >On 11/28/2012 05:27 PM, Tai Nguyen (tainguye) wrote: >> All, >> >> Currently, shell has very limited permission (i.e., can't do ps) and we >> have to move to su domain to do those commands. >> On our devices, su is not available, thus, we can't use the su >> transition rule. Can we do type transition based on the shell id ? >> Since seandroid uses both DAC and MAC, I think it make sense to have >> unconfined_domain for account with low privilege so that it can't cause >> much damage to the system. > >I'm not sure what you mean by a type transition based on the shell id. >But making the shell on a production device unconfined would certainly >not be a good idea, as it would remove any SELinux protection against >root exploits launched from an adb shell. That said, if you can >enumerate exactly what accesses you think should be possible from an >(unprivileged) user shell on a production device, we can certainly >extend the shell domain along those lines. And there might be different >sets of rules for different target devices (e.g. consumer vs corporate), >either controllable by policy boolean or by using different policy >variants. > -- This message was distributed to subscribers of the seandroid-list mailing list. If you no longer wish to subscribe, send mail to [email protected] with the words "unsubscribe seandroid-list" without quotes as the message.
