On Apr 30, 2015 2:45 AM, "Inamdar Sharif" <[email protected]> wrote: > > Hi Guys, > > I just came across the change https://android.googlesource.com/kernel/common/+/ba733f9857b966459316d0cd33b8da2e22f62d7d > > > > These are some of the questions: > > 1)What level of security this can provide?? Can anyone explain me with an example?
Suppose an ioctl takes a flag value of 1 to get the driver version and has a debug flag 2 that mmaps all of kernel space into the requestor. If the device ships allowing ioctl 2 we would have an issue. > > > > 2)Also do we have any policy changes which would be required?? You'll need to start allowing specific ioctl values. I'm assuming its whitelist, as that's the only one that makes sense. > > > > > > Currently we have “ioctl” as the generic permission , so this means that with this we have to specify which ioctl which source can access??(correct me if I am wrong) > > > > Also doing this will not add to the policy ?? Do you mean compiled policy size? > > > > > > Thanks. > > ________________________________ > This email message is for the sole use of the intended recipient(s) and may contain confidential information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. > ________________________________ > > _______________________________________________ > Seandroid-list mailing list > [email protected] > To unsubscribe, send email to [email protected]. > To get help, send an email containing "help" to [email protected].
_______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
