On 01/16/2013 09:32 AM, Joshua Brindle wrote:
Stephen Smalley wrote:
On 01/15/2013 09:32 PM, Joshua Brindle wrote:
William Roberts wrote:
On Tue, Jan 15, 2013 at 6:06 PM, Joshua Brindle<[email protected]>
wrote:
William Roberts wrote:
In watchdog.te their is:
# because of /dev/__kmsg__ and /dev/__null__
allow watchdogd device:chr_file create_file_perms;
Would a dynamic type transition not work for this?
Transitions are only hints, you still need full privileges to
create the
file type and write to the directory or the type transition will fail.
But would it avoid read/write on device:file?
Oops, missed that that was actually the question. If Robert is right and
they are transient it might be fine to label them watchdog_device and if
they get leaked somehow the next process won't be able to open them.
/dev/__null__ is just a privately created copy (create, open, unlink) of
/dev/null. Created by open_devnull_stdio() in system/core/init/util.c,
called by
init, ueventd, and watchdogd (which btw all share the same
executable). Doesn't
matter if it gets leaked since it is the null device.
But nothing is enforcing that it is the null device, right?
That's right - any process allowed mknod capability and :chr_file create
can create any character device it wants, irrespective of the type on
it. So you aren't preventing a bad watchdogd from accessing arbitrary
devices by putting a particular type on it.
--
This message was distributed to subscribers of the seandroid-list mailing list.
If you no longer wish to subscribe, send mail to [email protected] with
the words "unsubscribe seandroid-list" without quotes as the message.
