On 04/23/2016 09:55 AM, Joshua Brindle wrote: > Jeffrey Vander Stoep wrote: >> AOSP now provides a quick start guide for writing policy for new devices! >> Please take a look. I've had a couple of selinux newbs run through it >> during device bringup with good results (and helpful feedback). Your >> feedback is appreciated. >> >> http://source.android.com/security/selinux/device-policy.html > > Nice. Some comments: > > Is getenforce an adb command now or should that be adb shell getenforce? > > Overuse of negation actually means overuse of attributes, I think. The > bad thing in that rule is the use of domain, not the use of negation.
Not sure about that, as the fundamental mistake is that they are trying to write a blacklist-style policy via type negation rather than a true whitelist policy. That's undesirable both because it can easily end up allowing undesirable/unintentional access and because it also produces larger policy since checkpolicy has to expand the type set in that situation. > The device example is good but there are sometimes good reasons to split > out a device type like kgl_devices or something that needs to be > accessed by other domains. > > Definitely emphasizing that no devices should be labeled device is good, > I've seen that a lot. The same goes for generically labeled properties. > > Label new services does not cover labeling things running from ramdisk > (e.g., using seclabel in init.rc) > > There should probably also be a section on mitigating assertion > violations. One very unfortunate thing about the AOSP policy is that the > assertions actually make it hard to lock down the policy more than > upstream has. _______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
