On 10/07/2013 04:18 PM, Tai Nguyen (tainguye) wrote: > Using domain can restrict access to system_data_file, but it still give > access to processes' private files. > Is there a way to tag an attribute to all /proc files that I can use > instead of domain?
If you want to restrict the server to only specific client domains, then as I said before, define a macro that you use to allow the client to connect to the server domain and as part of that macro assign a new attribute to all of the client domains that you can use in an allow rule. For example, in te_macros, you can add: define(`client_domain', ` typeattribute $1 clientdomain; # any allow rules needed to connect to the server ') And in attributes, you can add: attribute clientdomain; Then in each client domain's .te file, you can add: client_domain(<insert-name-of-client-domain-here>) And in the server's .te file, you can add: r_dir_file(<insert-name-of-server-domain>, clientdomain) Then your server can only read /proc/pid files of its clients, not of all domains. If you are worried about being able to read files under /proc/pid other than /proc/pid/cmdline even for the client domains, then note that private information files are often already gated by an additional ptrace check, so if the server is not allowed ptrace permission to the client domain, it won't be able to read those files even with the allow rule above. But no, you can't currently label different files under /proc/pid with different labels; they all get the domain of the associated process presently and there isn't a way to change that without a kernel change. -- This message was distributed to subscribers of the seandroid-list mailing list. If you no longer wish to subscribe, send mail to [email protected] with the words "unsubscribe seandroid-list" without quotes as the message.
