Do we have similar issue if we use shell to run other system process in init?
On 5/9/13 10:24 AM, "Stephen Smalley" <s...@tycho.nsa.gov> wrote: >On 05/09/2013 10:21 AM, Stephen Smalley wrote: >> On 05/08/2013 11:38 PM, William Roberts wrote: >>> So I looked into some abandoned patches I had in my repo and non of >>>them >>> were applicable, or really any good :-P. I really think the cleanest >>> way to >>> solve this is just set seclabel for anything that uses logwrapper. >>> That way >>> you avoid the compute context issue. >> >> Hmm...I was trying to avoid the need to manually specify a seclabel for >> anything that runs from the system partition, as that is both prone to >> accidental omission and hardcodes some policy information (the security >> context) in the init.*.rc files that could get out of sync with the >> actual policy. We only do it for the rootfs daemons (adbd and ueventd) >> because those files are not individually labeled and that seemed >> manageable as there are only a few such daemons. >> >> I guess the question is what is worse: >> - to require developers to remember to specify a seclabel whenever they >> use logwrapper for a service, or >> - to hardcode some knowledge in init about logwrapper and to adjust its >> context computation in that case to be based on the program launched by >> logwrapper. >> >> Sample patch for the latter attached to help make it concrete. > >Note that this approach also avoids the need to make logwrapper an >entrypoint for the domains. > > > >-- >This message was distributed to subscribers of the seandroid-list mailing >list. >If you no longer wish to subscribe, send mail to majord...@tycho.nsa.gov >with >the words "unsubscribe seandroid-list" without quotes as the message. -- This message was distributed to subscribers of the seandroid-list mailing list. If you no longer wish to subscribe, send mail to majord...@tycho.nsa.gov with the words "unsubscribe seandroid-list" without quotes as the message.
