[prev in list] [next in list] [prev in thread] [next in thread] 

List:       seandroid-list
Subject:    Re: [PATCH external/sepolicy] allow apps access to the keystore
From:       Stephen Smalley <sds () tycho ! nsa ! gov>
Date:       2012-09-28 13:14:51
Message-ID: 1348838091.30877.1.camel () moss-pluto ! epoch ! ncsc ! mil
[Download RAW message or body]

On Thu, 2012-09-27 at 22:46 -0400, Joshua Brindle wrote:
> Stephen Smalley wrote:
> > On Wed, 2012-09-26 at 22:35 -0400, Joshua Brindle wrote:
> >> Change-Id: Ie58cf3a8c6680a2f7bbf163601d52e5db0d4d87a
> >> ---
> >>   app.te      |    3 +++
> >>   1 files changed, 3 insertions(+)
> >>
> >> diff --git a/app.te b/app.te
> >> index 6ceddef..0ddff9e 100644
> >> --- a/app.te
> >> +++ b/app.te
> >> @@ -140,6 +140,9 @@ allow untrusted_app log_device:chr_file read;
> >>   # Rules for all app domains.
> >>   #
> >>
> >> +# Allow apps to connect to the keystore
> >> +unix_socket_connect(appdomain, keystore, keystore)
> >> +
> >>   # Receive and use open file descriptors inherited from zygote.
> >>   allow appdomain zygote:fd use;
> >
> > ACK.  Technically you should amend the commit with a -s to get your
> > Signed-off-by line in it.  Then upload to AOSP and add the usual set of
> > reviewers.   All development of sepolicy, libselinux, etc is being done
> > directly against AOSP now.  You might want to aggregate several of your
> > patches into one upload to reduce the number of discrete changes that
> > they need to approve.
> >
> 
> Upon further testing it looks like keystore_socket will have to be an 
> mlstrustedobject in order for this to work. Do you think it qualifies?
> 
> It seems that any system-level service that uses non-binder IPC is going 
> to eventually have an mlstrustedobject to facilitate that...

Presently only required if a third party app needs to communicate with
it, as we disabled levelFromUid for platform apps a while ago (based on
CTS testing showing that they must be able to share files in various
ways, even via direct open by pathname due to the way in which
shared_prefs work).

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the seandroid-list mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe seandroid-list" without quotes as the message.

[prev in list] [next in list] [prev in thread] [next in thread]