lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 6 Jun 2017 17:45:24 -0700
From:   John Stultz <john.stultz@...aro.org>
To:     Stephen Smalley <sds@...ho.nsa.gov>,
        Paul Moore <paul@...l-moore.com>
Cc:     Jeffrey Vander Stoep <jeffv@...gle.com>,
        Android Kernel Team <kernel-team@...roid.com>,
        Nick Kralevich <nnk@...gle.com>,
        lkml <linux-kernel@...r.kernel.org>,
        Satish Patel <satish.patel@...aro.org>,
        Rob Herring <rob.herring@...aro.org>
Subject: "selinux: support distinctions among all network address families"
 causing existing bluetooth sepolicies to not work properly with Android?

Hey folks,

Recently I was working to validate/enable a new bluetooth HAL on HiKey
with Android, and after getting it working properly with a 4.9 based
kernel, I found that I was seeing failures trying to run with an
upstream (4.12-rc3 based) kernel.

It seemed a call to:
   socket(AF_BLUETOOTH, SOCK_RAW, BTPROTO_HCI);

was suddenly failing, and running "setenforce 0" would allow it to
continue properly.

I chased the issue down to  da69a5306ab9 ("selinux: support
distinctions among all network address families"). And work around it
with the following (whitespace corrupted, sorry) hack:

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index e67a526..42dfd0f 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1379,8 +1379,8 @@ static inline u16
socket_type_to_security_class(int family, int type, int protoc
                        return SECCLASS_CAN_SOCKET;
                case PF_TIPC:
                        return SECCLASS_TIPC_SOCKET;
-               case PF_BLUETOOTH:
-                       return SECCLASS_BLUETOOTH_SOCKET;
+//             case PF_BLUETOOTH:
+//                     return SECCLASS_BLUETOOTH_SOCKET;
                case PF_IUCV:
                        return SECCLASS_IUCV_SOCKET;
                case PF_RXRPC:

Obviously this isn't ideal. The commit message claims that " Backward
compatibility is provided by only enabling the finer-grained socket
classes if a new policy capability is set in the policy; older
policies will behave as before."

Which makes it seem like the older sepolicy should be fine with newer
kernels, but this doesn't seem to be the case here? Am I missing
something? Is Android doing something odd with their POLICYDB that is
causing the kernel to think the sepolicy is newer?

thanks
-john

Powered by blists - more mailing lists