Tetsuo Handa
from-****@I-lov*****
Wed Feb 23 23:10:10 JST 2011
Jamie Nguyen wrote: > I've come across some rather unusual behaviour. I decided to delete > everything in exception policy, save and reboot. However, two entries > are automatically re-added without user intervention: > > initialize_domain /sbin/hotplug from any > initialize_domain /sbin/modprobe from any > Yes, these entries are built-in policy configured via CONFIG_CCSECURITY_BUILTIN_INITIALIZERS and loaded by ccs_mm_init(). /sbin/hotplug and /sbin/modprobe might be executed before /sbin/init starts and these programs might execute other programs such as /bin/sh . By the moment /sbin/ccs-init is executed and MAC is activated, these programs and/or their descendent programs might be running. If these programs run in the <kernel> domain, it can result in executing /bin/sh from the <kernel> domain (this is not a good thing). Thus, the built-in policy chases these programs away from the <kernel> domain so that we don't need to give "file execute /bin/sh" to the <kernel> domain. On android, /sbin/hotplug and /sbin/modprobe and /sbin/init do not exist. Thus, we do sed -i -e 's:/sbin/modprobe /sbin/hotplug::' -e 's:/sbin/ccs-start:/init:' -- security/ccsecurity/Kconfig at http://tomoyo.sourceforge.jp/1.8/android-arm.html . Recent distributions might be using /sbin/udevd instead. You can modify CONFIG_CCSECURITY_BUILTIN_INITIALIZERS in your kernel config. Regards.
TOMOYO
Fork