We've addressed this concern with a simple translation of pids per namespace.
Thanks, Cliff On May 1, 2015 9:42 AM, "Stephen Smalley" <s...@tycho.nsa.gov> wrote: > On 04/30/2015 11:23 AM, Stephen Smalley wrote: > > On 04/29/2015 10:37 PM, Clifford Liem wrote: > >> > >> > >> On Apr 29, 2015, at 11:22 AM, Stephen Smalley <s...@tycho.nsa.gov > >> <mailto:s...@tycho.nsa.gov>> wrote: > >> > >>> On 04/29/2015 10:53 AM, Stephen Smalley wrote: > >>>> On 04/29/2015 10:10 AM, Clifford Liem wrote: > >>>>> Background: > >>>>> > >>>>> We are using eCryptfs as a way to encrypt directories as well as PID > >>>>> namespaces as a way to isolate processes. > >>>> > >>>> I believe Samsung has been using ecryptfs as well, not sure how they > are > >>>> addressing it, but perhaps they can do all of the mounting from vold > or > >>>> zygote. > >>>> > >>>> Wondering how use of PID namespaces might affect binder services that > >>>> rely on the sender PID information provided by the kernel binder > driver > >>>> and those that rely on getpidcon(), e.g. servicemanager and keystore. > >>> > >>> BTW, what do you see as the security benefit of PID namespaces? They > >>> are primarily advertised as a way to support process > >>> suspend/resume/migration, not a security feature. > >>> > >> > >> I think that suspend/resume/migration is just an example, but the > >> collection of different types of namespaces as a whole is for security > >> purposes. With PID namespaces we can isolate visibility of processes, as > >> well as restrict signals (e.g. kill) along different namespace > hierarchies. > >> https://lwn.net/Articles/531114/ > > > > I really don't believe there is anything you can do via PID namespaces > > that you can't already do via SELinux, e.g. it can already isolate > > /proc/pid directories, signals, etc. And for signals and a subset of > > the /proc/pid files, you already get isolation by virtue of the per-app > > UIDs. Just not sure it is worth using PID namespaces for this purpose... > > Also, have you checked whether the use of PID namespaces in Android > might break use of Binder.getCallingPid() throughout the Android > frameworks as a way to reliably and uniquely identify callers? > >
_______________________________________________ Seandroid-list mailing list Seandroid-list@tycho.nsa.gov To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov. To get help, send an email containing "help" to seandroid-list-requ...@tycho.nsa.gov.
