On 05/09/2013 10:21 AM, Stephen Smalley wrote:
On 05/08/2013 11:38 PM, William Roberts wrote:
So I looked into some abandoned patches I had in my repo and non of them
were applicable, or really any good :-P. I really think the cleanest
way to
solve this is just set seclabel for anything that uses logwrapper.
That way
you avoid the compute context issue.
Hmm...I was trying to avoid the need to manually specify a seclabel for
anything that runs from the system partition, as that is both prone to
accidental omission and hardcodes some policy information (the security
context) in the init.*.rc files that could get out of sync with the
actual policy. We only do it for the rootfs daemons (adbd and ueventd)
because those files are not individually labeled and that seemed
manageable as there are only a few such daemons.
I guess the question is what is worse:
- to require developers to remember to specify a seclabel whenever they
use logwrapper for a service, or
- to hardcode some knowledge in init about logwrapper and to adjust its
context computation in that case to be based on the program launched by
logwrapper.
Sample patch for the latter attached to help make it concrete.
Note that this approach also avoids the need to make logwrapper an
entrypoint for the domains.
--
This message was distributed to subscribers of the seandroid-list mailing list.
If you no longer wish to subscribe, send mail to majord...@tycho.nsa.gov with
the words "unsubscribe seandroid-list" without quotes as the message.
