All of lore.kernel.org
 help / color / mirror / Atom feed
* Add two device-specific labelings to target CSR GPS Chips.
@ 2012-07-12 22:37 hqjiang
  2012-07-12 22:37 ` [PATCH 1/2] GPS chip accesses to uart driver when locationmanager launched hqjiang
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: hqjiang @ 2012-07-12 22:37 UTC (permalink / raw)
  To: selinux; +Cc: sds, bill.c.roberts

Hi, all

Today AOSP has updated the patches of targeting denies of GpsLocationManager.
But the correspoinding labeling parts are not updated in device-specific sepolicy. 
We submit the labels to complement the functions. 

If you update the patches from William Robert, you can find that the genfscon syntax
finally can be simply achieved in sepolicy.fc which is device-specific.  


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 4+ messages in thread
* [PATCH 1/2] GPS chip accesses to uart driver when locationmanager launched.
  2012-07-12 22:37 Add two device-specific labelings to target CSR GPS Chips hqjiang
@ 2012-07-12 22:37 ` hqjiang
  2012-07-12 22:37 ` [PATCH 2/2] label gps proc entry as device-specific (instead of in ocontexts) hqjiang
  2012-07-13 12:03 ` Add two device-specific labelings to target CSR GPS Chips Stephen Smalley
  2 siblings, 0 replies; 4+ messages in thread
From: hqjiang @ 2012-07-12 22:37 UTC (permalink / raw)
  To: selinux; +Cc: sds, bill.c.roberts, hqjiang

---
 sepolicy.fc |    4 +++-
 1 files changed, 3 insertions(+), 1 deletions(-)

diff --git a/sepolicy.fc b/sepolicy.fc
index 599ff92..066f4fb 100644
--- a/sepolicy.fc
+++ b/sepolicy.fc
@@ -9,7 +9,6 @@
 /dev/tiler	u:object_r:video_device:s0
 /dev/ttyGS0	u:object_r:radio_device:s0
 /dev/ttyGS1	u:object_r:radio_device:s0
-/dev/ttyO0	u:object_r:radio_device:s0
 /dev/umts_boot0 u:object_r:radio_device:s0
 /dev/umts_boot1 u:object_r:radio_device:s0
 /dev/umts_ipc0	u:object_r:radio_device:s0
@@ -25,3 +24,6 @@
 #The devices and files used by the hciattach service are device specific
 /system/bin/brcm_patchram_plus     u:object_r:hci_attach_exec:s0
 /dev/ttyO1     u:object_r:hci_attach_dev:s0
+
+# In Samsung Tuna Board, ttyO0 is for uart driver. gps_device is device specific
+/dev/ttyO0	u:object_r:gps_device:s0
-- 
1.7.0.4


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply related	[flat|nested] 4+ messages in thread
* [PATCH 2/2] label gps proc entry as device-specific (instead of in ocontexts)
  2012-07-12 22:37 Add two device-specific labelings to target CSR GPS Chips hqjiang
  2012-07-12 22:37 ` [PATCH 1/2] GPS chip accesses to uart driver when locationmanager launched hqjiang
@ 2012-07-12 22:37 ` hqjiang
  2012-07-13 12:03 ` Add two device-specific labelings to target CSR GPS Chips Stephen Smalley
  2 siblings, 0 replies; 4+ messages in thread
From: hqjiang @ 2012-07-12 22:37 UTC (permalink / raw)
  To: selinux; +Cc: sds, bill.c.roberts, hqjiang

---
 sepolicy.fc |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/sepolicy.fc b/sepolicy.fc
index 066f4fb..759ef03 100644
--- a/sepolicy.fc
+++ b/sepolicy.fc
@@ -27,3 +27,6 @@
 
 # In Samsung Tuna Board, ttyO0 is for uart driver. gps_device is device specific
 /dev/ttyO0	u:object_r:gps_device:s0
+
+# These proc entries are for the CSR GPS chip
+genfscon proc /mcspi1_cs3_ctrl u:object_r:gps_control:s0
-- 
1.7.0.4


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: Add two device-specific labelings to target CSR GPS Chips.
  2012-07-12 22:37 Add two device-specific labelings to target CSR GPS Chips hqjiang
  2012-07-12 22:37 ` [PATCH 1/2] GPS chip accesses to uart driver when locationmanager launched hqjiang
  2012-07-12 22:37 ` [PATCH 2/2] label gps proc entry as device-specific (instead of in ocontexts) hqjiang
@ 2012-07-13 12:03 ` Stephen Smalley
  2 siblings, 0 replies; 4+ messages in thread
From: Stephen Smalley @ 2012-07-13 12:03 UTC (permalink / raw)
  To: hqjiang; +Cc: selinux, bill.c.roberts

On Thu, 2012-07-12 at 15:37 -0700, hqjiang wrote:
> Hi, all
> 
> Today AOSP has updated the patches of targeting denies of GpsLocationManager.

Clarification: We merged those patches into our tree, but AOSP has not
yet refreshed from our tree (at least as far as I can tell).

> But the correspoinding labeling parts are not updated in device-specific sepolicy. 
> We submit the labels to complement the functions. 

I applied the first patch already on our seandroid branch, and have now
cherry-picked it to seandroid-4.0.4 and seandroid-4.1.1.  You need to
specify what branch(es) you want your patches applied.

> If you update the patches from William Robert, you can find that the genfscon syntax
> finally can be simply achieved in sepolicy.fc which is device-specific.

I don't understand this, as the patches I have from him require genfscon
entries to go into sepolicy.genfs_contexts, not sepolicy.fc, and putting
them into a .fc file will not get them merged into the kernel policy.
The file contexts configuration (file_contexts and *.fc) files are not
part of the kernel policy; they are only used by userspace components
like init, ueventd, restorecon, etc.  Even if he has new patches that
allow you to mingle them in sepolicy.fc, I don't like that approach.  If
you want to create a single sepolicy.oc (ocontexts) file and split it as
part of the build process, I can support that.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2012-07-13 12:03 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-07-12 22:37 Add two device-specific labelings to target CSR GPS Chips hqjiang
2012-07-12 22:37 ` [PATCH 1/2] GPS chip accesses to uart driver when locationmanager launched hqjiang
2012-07-12 22:37 ` [PATCH 2/2] label gps proc entry as device-specific (instead of in ocontexts) hqjiang
2012-07-13 12:03 ` Add two device-specific labelings to target CSR GPS Chips Stephen Smalley

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.