Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp21935367ybl; Mon, 6 Jan 2020 14:27:54 -0800 (PST) X-Google-Smtp-Source: APXvYqz5IcRkuiHnNjDgRjwiWNH7GedhlYh6rObvM21qTKRMW//4eVju53vKLQ45vAXbv0U9vmLf X-Received: by 2002:a9d:6f0d:: with SMTP id n13mr122756862otq.165.1578349674644; Mon, 06 Jan 2020 14:27:54 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1578349674; cv=none; d=google.com; s=arc-20160816; b=B27Db6oHLhE7MK5xUzOkPwNP3S+RvqZWbYRkZRVniFsSaMACWUskYb83/y7Q2H1/Re gO73m563BL6GTxTiTb54fHoVX86oyNz2Tjz41I16NhMiw8z3hdAYbTL1sVidNibB930P sCh9DvcARDs9i5YtvJjKZ5LQyH8P1UKCC/GgZoL0FmEPDKDATGNbZO02P4fv9cSnlOY0 kN0Ls1B6NA7kEpZnJ8IGo2DCiZnkxVAfv5bgl4w2Mhxlbcs8CkPh7+uQMk7K7SoDswK8 znut2223M+6bE8SD+MYoFWoStRDwNZS6gxJPsawZRTKsuBzZZZ5MfQG4tQAtNZD9yOzd kaOg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=mxfnlzR8Z4ts/JAYctHXiWfBXAVi4Rg1+RqTkuxcXH0=; b=y/UX0570IuwVFmZqJdQ32HTWOjMhXAZBviQJdIGn17RIP1ePwo6HDZ0VW6QBTE+up2 yP4+lJMXO07LhLOgbcddtmVNUzL8c2zOHjymXl2kWKJKfzPHc7UGD4Nv0s28Kc254vqj fh6gWhkmKo/EAb/FLQbYJChfVZ1ozQCi72jYVXdBs9ycFpvW9+1oWOt2oyuzBZqdWKZ7 2SjryQ16oRp4RZHiZARWO9Zf7A7RFGlcJN67eXzvl4QnbfG5WbRaMocjPQKnH4MBq+8e j+rl1shc618LVoMlQWcRNHOCfQrE1g4p/pxatBLgLeWjcAzB3+xCXUO8hcjY2Bhg9hbT VtBg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=KT3zTq13; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t7si38628363otl.133.2020.01.06.14.27.42; Mon, 06 Jan 2020 14:27:54 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=KT3zTq13; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726930AbgAFW0g (ORCPT + 99 others); Mon, 6 Jan 2020 17:26:36 -0500 Received: from mail-ot1-f66.google.com ([209.85.210.66]:41732 "EHLO mail-ot1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726721AbgAFW0f (ORCPT ); Mon, 6 Jan 2020 17:26:35 -0500 Received: by mail-ot1-f66.google.com with SMTP id r27so73612211otc.8 for ; Mon, 06 Jan 2020 14:26:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=mxfnlzR8Z4ts/JAYctHXiWfBXAVi4Rg1+RqTkuxcXH0=; b=KT3zTq13pwos3lUHyrco2lsAUWV1EAmrdS4rtw5xveHovt/+6pDL09kW9Ah4vhaDtm WaQoZdUA+TVRoB+VboEKRwhnRBaQMTgHSyDlkebw8+92WLTfEQY0TeE6KMtVMNma75FZ /0Su8D2L8COpd1ADE6dvVNrFzuyR+9tbIewVaht1E2oyZHlbk2jXZzU8FU9owkSMLs/7 wyftUApIEdV5rYxtUByhbx1ASniTjeUDluhBGktPAD7sXfuMCezwUvt3XnWmK3YZofCV rTXKaN4t9D2CHuh6wPGSvza01dPbi8pWHrrcPR93JbwiFAihEESqZrIMuZBbAYLTJjvj eyfw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=mxfnlzR8Z4ts/JAYctHXiWfBXAVi4Rg1+RqTkuxcXH0=; b=UVBMm+Swfmp+MadFlKtDXVMAQ1R9aAXrL9C9VSBPCFaErT/EXRiio8Pgm7Y5HkcCdV ZmO//US1fm4B6G687YItpfxvd7+Ipiu65h6ZR7LaK5gB+Do4qiiKyvddnKBomsIV9prx NSCdAPou0TWBO1nsWcZ/BMl1iMD8V7MeGj3jzFWxgtpvJrIqk+2eZxdHQdtD4RVwckqY 9hviGcEwO+XHwPlxuwjzOqEKGeGmPXfH+XmXhCSGnBjbDUhnGRw3A6FVtVIdloj6Y60m TKXQUv3VNrGCmJ1OhTBtx7pa5tNrSDcyAKAV0yWyjXYf7KDOBbj2+bfqOrd9T7flffcv DQ8w== X-Gm-Message-State: APjAAAXAwLRh4SCf5cNdX39mHqDe0UckwHizqPuZu5wMIJBoX3UlcfbF NwBuOjlvB9vPBmPCfDb6mX7RGWwLkSXyJfn2lWb1fA== X-Received: by 2002:a9d:644a:: with SMTP id m10mr14535027otl.97.1578349594831; Mon, 06 Jan 2020 14:26:34 -0800 (PST) MIME-Version: 1.0 References: <20200106181329.167322-1-hridya@google.com> In-Reply-To: From: Hridya Valsaraju Date: Mon, 6 Jan 2020 14:25:58 -0800 Message-ID: Subject: Re: [PATCH] security: selinux: allow per-file labelling for binderfs To: Stephen Smalley Cc: Paul Moore , Eric Paris , selinux@vger.kernel.org, LKML , Android Kernel Team , Jeff Vander Stoep , Mark Salyzyn Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jan 6, 2020 at 11:33 AM Stephen Smalley wrote: > > On 1/6/20 2:06 PM, Hridya Valsaraju wrote: > > On Mon, Jan 6, 2020 at 10:33 AM 'Stephen Smalley' via kernel-team > > wrote: > >> > >> On 1/6/20 1:13 PM, Hridya Valsaraju wrote: > >>> This patch allows genfscon per-file labeling for binderfs. > >>> This is required to have separate permissions to allow > >>> access to binder, hwbinder and vndbinder devices which are > >>> relocating to binderfs. > >>> > >>> Acked-by: Jeff Vander Stoep > >>> Acked-by: Mark Salyzyn > >>> Signed-off-by: Hridya Valsaraju > >> > >> Do you want binderfs to also support userspace labeling of files via > >> setxattr()? If so, you'll want to also add it to > >> selinux_is_genfs_special_handling() as well. > > > > Thank you for the quick response Stephen :) I cannot think of a > > use-case for the userspace labelling of files in binderfs via > > setxattr() as of now. I > > will make the change if one comes up! > > Ok, then you can include my: > Acked-by: Stephen Smalley Great! Thank you for reviewing my patch Stephen! Regards, Hridya > > > > > Thanks, > > Hridya > > > > > >> > >>> --- > >>> security/selinux/hooks.c | 1 + > >>> 1 file changed, 1 insertion(+) > >>> > >>> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c > >>> index 116b4d644f68..3f0669a708e9 100644 > >>> --- a/security/selinux/hooks.c > >>> +++ b/security/selinux/hooks.c > >>> @@ -752,6 +752,7 @@ static int selinux_set_mnt_opts(struct super_block *sb, > >>> > >>> if (!strcmp(sb->s_type->name, "debugfs") || > >>> !strcmp(sb->s_type->name, "tracefs") || > >>> + !strcmp(sb->s_type->name, "binderfs") || > >>> !strcmp(sb->s_type->name, "pstore")) > >>> sbsec->flags |= SE_SBGENFS; > >>> > >>> > >> > >> -- > >> To unsubscribe from this group and stop receiving emails from it, send an email to kernel-team+unsubscribe@android.com. > >> >