I see I misread domain.te, only urandom is allowed by domain. Isn't random world readable though, won't we run into a compatibility issue with those that need it? Perhaps adding this into a boolean is the right way to go. People shouldn't have to re-write their seapp contexts to get apps to work.
On Mon, Jan 28, 2013 at 2:57 PM, William Roberts <[email protected]> wrote: > random and urandom are allowed by domain, this is an MLS issue. > > Try applying this patch: > > diff --git a/device.te b/device.te > index 7818ce8..72c3e54 100644 > --- a/device.te > +++ b/device.te > @@ -29,11 +29,11 @@ type ptmx_device, dev_type, mlstrustedobject; > type qemu_device, dev_type; > type kmsg_device, dev_type; > type null_device, dev_type, mlstrustedobject; > -type random_device, dev_type; > +type random_device, dev_type, mlstrustedobject; > type serial_device, dev_type; > type socket_device, dev_type; > type tty_device, dev_type; > -type urandom_device, dev_type; > +type urandom_device, dev_type, mlstrustedobject; > type video_device, dev_type; > type vcs_device, dev_type; > type zero_device, dev_type; > > > > On Mon, Jan 28, 2013 at 2:30 PM, Peck, Michael A <[email protected]> wrote: >> A crypto (secure voice) app I am testing fails to start – it is trying to >> read /dev/random: >> >> <5>[ 2951.029571] type=1400 audit(1359410942.187:32): avc: denied { read } >> for >> >> pid=2435 comm=4173796E635461736B202331 name="random" dev=tmpfs ino=4012 >> scontext=u:r:untrusted_app:s0:c50,c256 tcontext=u:object_r:random_device:s0 >> tclass=chr_file >> >> >> >> Would it be reasonable to add a “allow domain random_device:chr_file >> r_file_perms;” rule to allow all apps to read /dev/random? >> >> >> >> I think the main threat is that a malicious app could potentially keep >> reading from /dev/random and use up the entropy pool (preventing others from >> reading /dev/random). >> >> >> >> Some might say the app should use /dev/urandom instead. At which time >> others would probably then complain that /dev/urandom is “not good enough”. >> Not sure that I personally want to take sides on /dev/random vs. >> /dev/urandom. J >> >> >> >> -- >> >> Michael Peck >> >> The MITRE Corporation >> >> > > > > -- > Respectfully, > > William C Roberts -- Respectfully, William C Roberts -- This message was distributed to subscribers of the seandroid-list mailing list. If you no longer wish to subscribe, send mail to [email protected] with the words "unsubscribe seandroid-list" without quotes as the message.
