On Thu, Apr 23, 2015 at 01:42:25PM -0400, Stephen Smalley wrote: > On 04/23/2015 01:16 PM, Greg Kroah-Hartman wrote: > > The binder developers at Samsung have stated that the implementation we > > have here works for their model as well, so I guess that is some kind of > > verification it's not entirely tied to D-Bus. They have plans on > > dropping the existing binder kernel code and using the kdbus code > > instead when it is merged. > > Where do things stand wrt LSM hooks for kdbus? I don't see any security > hook calls in the kdbus tree except for the purpose of metadata > collection of process security labels. But nothing for enforcing MAC > over kdbus IPC. binder has a set of security hooks for that purpose, so > it would be a regression wrt MAC enforcement to switch from binder to > kdbus without equivalent checking there.
There was a set of LSM hooks proposed for kdbus posted by Karol Lewandowsk last October, and it also included SELinux and Smack patches. They were going to be refreshed based on the latest code changes, but I haven't seen them posted, or I can't seem to find them in my limited email archive. Karol, what's the status of them? thanks, greg k-h -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
