On Tue, Aug 20, 2013 at 10:25 AM, Stephen Smalley <s...@tycho.nsa.gov> wrote:
> On 08/20/2013 11:22 AM, William Roberts wrote: > > Yeah I have ran into this before. In Samsung we just sent an OTA, as it > was no big deal. We either need something like relabeld or a way for the > kernel to set the security attribute at file open based on the policy, > rather than needing to label.... I'm not a huge fan of labeling. > > Labeling may be painful at times, but all the alternatives are far > worse. And setting the security attribute at file open would defeat the > entire purpose. Anyway, that's rather off-topic. > Can we start another thread on this, I would love to hear what you know on this. > > I think we need to decide whether labeling changes for /system are legal > via the /data/security policy or whether that level of change requires a > new boot image policy and thus a custom load. > I think it should be. Not all OEMs will want to push an OTA to devices. Carrier approval and other things are a PITA. Typically, they can bypass these routes by just pushing a policy file. > > Even if we support a restorecon -R /system as part of policy reload, the > system partition will be mounted before the /data/security policy gets > loaded so those files will all be treated as unlabeled up to that point. > We can have a relabel daemon, that unshares the mount namespace and then mounts it rw for doing updates. > > > > -- > This message was distributed to subscribers of the seandroid-list mailing > list. > If you no longer wish to subscribe, send mail to majord...@tycho.nsa.govwith > the words "unsubscribe seandroid-list" without quotes as the message. > -- Respectfully, William C Roberts
