On 04/25/2016 09:49 AM, Stephen Smalley wrote: > On 04/23/2016 09:55 AM, Joshua Brindle wrote: >> Jeffrey Vander Stoep wrote: >>> AOSP now provides a quick start guide for writing policy for new devices! >>> Please take a look. I've had a couple of selinux newbs run through it >>> during device bringup with good results (and helpful feedback). Your >>> feedback is appreciated. >>> >>> http://source.android.com/security/selinux/device-policy.html >> >> Nice. Some comments: >> >> Is getenforce an adb command now or should that be adb shell getenforce? >> >> Overuse of negation actually means overuse of attributes, I think. The >> bad thing in that rule is the use of domain, not the use of negation. > > Not sure about that, as the fundamental mistake is that they are trying > to write a blacklist-style policy via type negation rather than a true > whitelist policy. That's undesirable both because it can easily end up > allowing undesirable/unintentional access and because it also produces > larger policy since checkpolicy has to expand the type set in that > situation.
BTW, switching to the CIL compiler would eliminate the latter problem by synthesizing attributes as needed, but I have some residual concerns about doing that, see: https://android-review.googlesource.com/#/q/I010923a9b01a806c79a2ca11c0595bc04507d773 _______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
