On Apr 29, 2015 8:27 AM, "Stephen Smalley" <s...@tycho.nsa.gov> wrote: > > On 04/29/2015 10:53 AM, Stephen Smalley wrote: > > On 04/29/2015 10:10 AM, Clifford Liem wrote: > >> Background: > >> > >> We are using eCryptfs as a way to encrypt directories as well as PID namespaces as a way to isolate processes. > > > > I believe Samsung has been using ecryptfs as well, not sure how they are > > addressing it, but perhaps they can do all of the mounting from vold or > > zygote. > > > > Wondering how use of PID namespaces might affect binder services that > > rely on the sender PID information provided by the kernel binder driver > > and those that rely on getpidcon(), e.g. servicemanager and keystore. > > BTW, what do you see as the security benefit of PID namespaces? They > are primarily advertised as a way to support process > suspend/resume/migration, not a security feature.
Yes network and mount table name (IIRC clone_netns and clone_ns) flags are handy for isolation but not pid. > > If you just want to prevent accessing another process' /proc/pid files, > you can already do that via SELinux (if you run them in different > security contexts, either using different domains or levelFrom=), or by > using hidepid. > As far as cdd recourse, their is a waiver process however im more in the mindset of fixing limitations on master or the design causing the issue, and frown on waivers. _______________________________________________ > Seandroid-list mailing list > Seandroid-list@tycho.nsa.gov > To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. > To get help, send an email containing "help" to seandroid-list-requ...@tycho.nsa.gov.
_______________________________________________ Seandroid-list mailing list Seandroid-list@tycho.nsa.gov To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. To get help, send an email containing "help" to seandroid-list-requ...@tycho.nsa.gov.
