Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp22101611ybl; Mon, 6 Jan 2020 18:14:51 -0800 (PST) X-Google-Smtp-Source: APXvYqxZcRUgY8YApS7SgGxSH/4u+MRgxA7YyUfQ9xudEgW3ViWNOQobwFhunDcdY0bl1bNom1vo X-Received: by 2002:a9d:65cb:: with SMTP id z11mr95572367oth.348.1578363291252; Mon, 06 Jan 2020 18:14:51 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1578363291; cv=none; d=google.com; s=arc-20160816; b=ON7TUPAhBWw+AkpgWIR4wEUIa7j9CMLY4cWakOhGWiIxHKzG8BRvWWoqo5oZURtHik tfpUSVsFfaXQyEZEsylAsNhuiLeC4rccrKnUGMIhOXlgkagNbLjVstLzMQEkYvKw2CGG /UajlyBuQsojeXHUXxEB4Kix2Xe3quwW6h8cMZAsL1f+Kea+QtXHTWd6KzLTRaMMnd4i xZ8L8R4hn3HS5ordkLXcQ5qqrGuASt6UcBJNqyvoDc1oXEYVVFnE+DNn1djrzrvPfnaL tWyRkxRBokvYVksYhfP6ivzeaZFkKyjlDxj5BXKPXVmcsfClqmCXOejKN59yex3AOpRR XqWg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=DTvmZAi1eNtjs4sTxVjFLMcqqiQSeyyEiy8ncU1xv3c=; b=SDlF5utZsMMvRZx44wgGTezwkKDrK2nd2clxGVQVANC6W9LdKjDkRJlXuZ1BEVNtYy aIRcczIDf8ST3PXJ7aioCT9YtRogTbcZjOk4nUIcQN4qWZ/F2dHsksHE1qgeB6tCH9+/ ItNvC+OvXsfij1bjHm8YEhBNHl0O4OmBu7r8VnfHxtpL1XwK/pB0inCr/znnlPV7zUI0 0TP0f4s2eiFGS/BO0nW3HWlPcu0JeZ335PTH+lvRXutoWZFVmztFKCMlDQ88XszbRjBk 94u2Vn/nyzex7I99jXt1wS/NXRH5ErrZPvIlUjh6yRCFTO4C8XGngV4AFAjzIVmvLaMT Q58g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=Zn1NnICI; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id l20si37237348otd.292.2020.01.06.18.14.36; Mon, 06 Jan 2020 18:14:51 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=Zn1NnICI; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727406AbgAGCN4 (ORCPT + 99 others); Mon, 6 Jan 2020 21:13:56 -0500 Received: from mail-lj1-f196.google.com ([209.85.208.196]:41612 "EHLO mail-lj1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727332AbgAGCNz (ORCPT ); Mon, 6 Jan 2020 21:13:55 -0500 Received: by mail-lj1-f196.google.com with SMTP id h23so53034709ljc.8 for ; Mon, 06 Jan 2020 18:13:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=DTvmZAi1eNtjs4sTxVjFLMcqqiQSeyyEiy8ncU1xv3c=; b=Zn1NnICIh7lw8ft++YJmU02ouc0v+mOdsmw7apgl7TkbZ9TWfzwAttkBAtYDRjvzcB 0uuBeRMX0aWKBC62OXnUNzftxLu+D0uGv7MS/09TFIBrWbotFpSeQQj64ppCCQqGGGHq hEGs6IdFjVNgCd1foX04IktMibEMlqB7u2OWZ2Cwqp295IM/iVyHR8DFM+b29YtgDCO+ BJdQD4QWH+GvoWlUDNUKBX9VOTz0W3F615/hlOBLTKgRbT/YmGzvVOx2OSclhNFNkDEk J3DGseUoOHN/+efVYeq5SBYJmuCvVGNCxVk5uZGzXgxHSH37qhFkrr4A8M0MsnYpmm7V 8yow== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=DTvmZAi1eNtjs4sTxVjFLMcqqiQSeyyEiy8ncU1xv3c=; b=ZSfbQQraYGUdCnyYZDeVNwBqBCb/LoqpAEBhxxqcRF9DFNMv0py2/oUrIZ44i0nbxV Q7+UuWzG93Yx0uxTP/3tLJa62yGjNhB2Eau8b6p8/8HzZNDVoava+kiM2VzTe8eQfkQd umOWTmzxbyW9y74c0oP+i+nNUkIqAi2UbpLZNZBSqMnt2sCfIMXUcaW2PBK1tQXe6P6w 3bptxgEzdaQ6pMquZQ/HegJgcvOU2lW4CnmULZo0sb4tXW+q/EKCTYMZx+soDZDToVPh L7nZ/N3qQPbdYFrVItX9tcqx4U8jRd8f8L9WYkWFKvhcj7eE6Y85kKVeGal9m4/SZphR Y2kw== X-Gm-Message-State: APjAAAVpV+rHEfos71p7Ib+BeUV9TTIBWL68UDxHBpo6MCMOuqScjbzU qaL3KzMZgZxLSKsJJxQ2WBRuZ8w5CnWMMPO7s4wO X-Received: by 2002:a2e:96c4:: with SMTP id d4mr54540424ljj.225.1578363233725; Mon, 06 Jan 2020 18:13:53 -0800 (PST) MIME-Version: 1.0 References: <20200106181329.167322-1-hridya@google.com> In-Reply-To: From: Paul Moore Date: Mon, 6 Jan 2020 21:13:42 -0500 Message-ID: Subject: Re: [PATCH] security: selinux: allow per-file labelling for binderfs To: Hridya Valsaraju Cc: Eric Paris , selinux@vger.kernel.org, LKML , Android Kernel Team , Jeff Vander Stoep , Mark Salyzyn , Stephen Smalley Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jan 6, 2020 at 2:33 PM Stephen Smalley wrote: > On 1/6/20 2:06 PM, Hridya Valsaraju wrote: > > On Mon, Jan 6, 2020 at 10:33 AM 'Stephen Smalley' via kernel-team > > wrote: > >> > >> On 1/6/20 1:13 PM, Hridya Valsaraju wrote: > >>> This patch allows genfscon per-file labeling for binderfs. > >>> This is required to have separate permissions to allow > >>> access to binder, hwbinder and vndbinder devices which are > >>> relocating to binderfs. > >>> > >>> Acked-by: Jeff Vander Stoep > >>> Acked-by: Mark Salyzyn > >>> Signed-off-by: Hridya Valsaraju > >> > >> Do you want binderfs to also support userspace labeling of files via > >> setxattr()? If so, you'll want to also add it to > >> selinux_is_genfs_special_handling() as well. > > > > Thank you for the quick response Stephen :) I cannot think of a > > use-case for the userspace labelling of files in binderfs via > > setxattr() as of now. I > > will make the change if one comes up! > > Ok, then you can include my: > Acked-by: Stephen Smalley Merged into selinux/next, thanks everyone! -- paul moore www.paul-moore.com