Tetsuo Handa wrote: > Jamie Nguyen wrote: >> I've come across some rather unusual behaviour. I decided to delete >> everything in exception policy, save and reboot. However, two entries >> are automatically re-added without user intervention: >> >> initialize_domain /sbin/hotplug from any >> initialize_domain /sbin/modprobe from any >> > Yes, these entries are built-in policy configured via > CONFIG_CCSECURITY_BUILTIN_INITIALIZERS and loaded by ccs_mm_init(). > > /sbin/hotplug and /sbin/modprobe might be executed before /sbin/init starts > and > these programs might execute other programs such as /bin/sh . By the moment > /sbin/ccs-init is executed and MAC is activated, these programs and/or their > descendent programs might be running. If these programs run in the <kernel> > domain, it can result in executing /bin/sh from the <kernel> domain (this is > not a good thing). Thus, the built-in policy chases these programs away from > the <kernel> domain so that we don't need to give "file execute /bin/sh" to > the > <kernel> domain. > > On android, /sbin/hotplug and /sbin/modprobe and /sbin/init do not exist. > Thus, we do > > sed -i -e 's:/sbin/modprobe /sbin/hotplug::' -e 's:/sbin/ccs-start:/init:' > -- security/ccsecurity/Kconfig > > at http://tomoyo.sourceforge.jp/1.8/android-arm.html . > > Recent distributions might be using /sbin/udevd instead. > You can modify CONFIG_CCSECURITY_BUILTIN_INITIALIZERS in your kernel config.
Oh yes, of course. I forgot about this kernel config option! Thanks for the explanation. _______________________________________________ tomoyo-dev-en mailing list tomoyo-dev-en@lists.sourceforge.jp http://lists.sourceforge.jp/mailman/listinfo/tomoyo-dev-en
