Dear Mr.Handa, How feasible is it to extend Tomoyo (either version 1.8 or version 2.4) in its present form for run-time mandatory access control? The assumption is that there is a module outside of Tomoyo that is capable of taking decisions based on certain information it has at run-time. Tomoyo then delegates the decision to allow/deny a particular permission (in the case the Tomoyo policy does not cover it already) to this module at run-time. The module then sends its decision to Tomoyo when then adds this to its policy file, all at run-time.
Thanks and Regards, Bhargava On Thu, Jul 7, 2011 at 4:09 PM, Tetsuo Handa < [email protected]> wrote: > Bhargava Shastry wrote: > > Firstly, congratulations on the latest release of Tomoyo, Tomoyo 2.4 . > > Thank you. > > > I am happy to see a page dedicated to Android already :) > > Though that page includes keywords which are not yet accepted. > > > I am also happy to inform you that I have managed to deploy Tomoyo (CCS > 1.8) > > on an actual Android phone (Nexus one) and it is seen to work quite > smoothly > > so far. > > Great. > > > I had one lingering question on Tomoyo though, and it is the following: > > The standard Android IPC (Inter-Process Communication) mechanism is based > on > > a custom version of OpenBinder, which uses shared memory for IPC. I'm > aware > > that SELinux can enforce MAC policies on shared memory thus also > addressing > > the Binder IPC (probably because of the LSM hooks). I'm now wondering if > > Tomoyo 2.4 is also capable of addressing this additional IPC (based on > the > > binder library) or only the default Linux IPC, e.g., UNIX domain sockets > or > > so? > > Patchset for restricting UNIX domain sockets will be proposed after > currently > proposing conditional ACL patchset is accepted. > > But in general, label based MAC (e.g. SELinux and SMACK) can restrict IPC > better than name based MAC (e.g. TOMOYO and AppArmor). You can consider > using > SMACK (where some significant improvements primarily oriented toward the > security requirements of embedded and mobile systems are made) and TOMOYO > in > parallel. Currently you need to use TOMOYO 1.8 when you use SMACK in > parallel, > but multiple LSM modules can be run in parallel in the near future. > -- Bhargava Shastry -- Bhargava Shastry
_______________________________________________ tomoyo-users-en mailing list [email protected] http://lists.sourceforge.jp/mailman/listinfo/tomoyo-users-en
