Received: by 2002:a05:6358:51dd:b0:131:369:b2a3 with SMTP id 29csp866014rwl; Thu, 10 Aug 2023 02:55:24 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFbeUlel5htyaFB7HbrXGov2OzkkInhddjpg223SK3HEeFuwZhuT7TeYI5mb+yhiUwWM5Gs X-Received: by 2002:a54:410f:0:b0:3a7:1d29:67af with SMTP id l15-20020a54410f000000b003a71d2967afmr1826738oic.55.1691661324681; Thu, 10 Aug 2023 02:55:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1691661324; cv=none; d=google.com; s=arc-20160816; b=JS8oA13jEalk9Usf9z1ydhlLwNpvUGaBOnGgeC8DMOZD65SgOw6FoRhmBDjdGvmgh0 2fb+I7+u6DotRxMLJ8HfIRwdXPtxnPb1+j+uJhaaNW1iv2HVkTCZNZqxrsEh/jWFlqZ8 X4tCych2cXsXiNzvGnPkfYNbzDb8E2YOlOfULARwxf+wIR7JkP9mXRfdqSPNGbvZMWxR zPZbEns++uPbueVV7LiLp784v9VV+WgPyXOCyXioGTbzG46Ii8MdNyQDbl0x1QEoQRyb ypoNWArLAbSatydH9KsDOhv14Ah6ApbmdUbaciHUrnhABAOFYgwXNp/h8G7tdoHbXay5 ww1w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:references :cc:to:from:content-language:subject:user-agent:mime-version:date :message-id:dkim-signature; bh=Xol/W+TvwhMd6CwwK6yrJqAS9Tv78RNFD7MRPU7oFb8=; fh=kVYEGvVNIUTyJxKHvaVDQK/dTQ3AKCpd45juY7/jjhw=; b=kj/WmMg/YNcPDLu6TO2YOqUK9a8uvxHkPAE6KChAdjS/gnqpDxMYixXV4V6Td77y8g RWWod03Kw++TB5woCnnD+cz+W8PHm9nkDq8Cj3AJr2peZ4YvmtnDrwIjdzr2b7SU79vW jOm/be9KFOLA3pwPnTb4VjSMaPkc/nGY9Sgh+auqbGfgKejZGuIbbm25jVpN3iWZHaJH XBtRMfTajlKt5eofPhdilLOFQZZvIZqeGSH6Yajcw1Gi+N9VyVX/B4cyAsymCLN7ayD5 mduGYvxSE6hm3B33YOspi1E56i2/F2b2XBsgqNsIVOBS3D7SC6NMcqOQ5YATbNuuBboW vrEg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@semihalf.com header.s=google header.b=ZRu0XiA9; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=semihalf.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id nu14-20020a17090b1b0e00b00262f7d7d2dfsi3499758pjb.40.2023.08.10.02.55.12; Thu, 10 Aug 2023 02:55:24 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@semihalf.com header.s=google header.b=ZRu0XiA9; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=semihalf.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233216AbjHJJJN (ORCPT + 99 others); Thu, 10 Aug 2023 05:09:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33248 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233485AbjHJJIj (ORCPT ); Thu, 10 Aug 2023 05:08:39 -0400 Received: from mail-lf1-x136.google.com (mail-lf1-x136.google.com [IPv6:2a00:1450:4864:20::136]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CB85D2103 for ; Thu, 10 Aug 2023 02:08:38 -0700 (PDT) Received: by mail-lf1-x136.google.com with SMTP id 2adb3069b0e04-4fe0c566788so956201e87.0 for ; Thu, 10 Aug 2023 02:08:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=semihalf.com; s=google; t=1691658517; x=1692263317; h=content-transfer-encoding:in-reply-to:references:cc:to:from :content-language:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date:message-id:reply-to; bh=Xol/W+TvwhMd6CwwK6yrJqAS9Tv78RNFD7MRPU7oFb8=; b=ZRu0XiA9V0IseCnwRNvEo1LfISeMdXM1UxAINjtcjxJhEfoYn84di4Vf4feEnvyjQr YLWyP3ULvjpqTaVDtUpr8YSQj8NWEHB5oKl8plMtJsPjRwwaRGm8mQRB3ptHSV4m2PRn cSZkXXGe1ODstwlN5h/HNWEu9qHRs5bw+OXYzs94NagW5uvFWziudlA4AsDpey7e/i2q K9Vb6tJKP/AnJ5WorlHIhscNzBnEZZ6rLwPYCTUKKVyy66oMvFpJWNRYVLG+Q7CO+CJr B5iudtNyIzushzY9/Lw2XoudjDo90IAFanrTR4G+Zxis52gBKzGVtA5BaNcgzN6pDjd6 Wr7g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691658517; x=1692263317; h=content-transfer-encoding:in-reply-to:references:cc:to:from :content-language:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Xol/W+TvwhMd6CwwK6yrJqAS9Tv78RNFD7MRPU7oFb8=; b=Dt2FhRsD0nQPTW23b6RDTZjgSjNIygn7VxnqcilCRxqjhEMJ+uqJY0gfV4mVWHHVgD 0qOuxecQNNXbSN6AkjhUKwz8+EBPHRLj3rpp6e3gc6KREwwkndBxNi9mRzKjiSnTkOs7 ilc25lLIyP7QG5HNq8sKxWxXN0SbMJpbge+DBbagNOPXISRL06cxIv41sCozVI6rdwF0 a3nn4ewLuX4xM9tMeTsRjMTw1t8uE31ojSjRiOy3+GOkAh2RXuyVsGkRBpRQDStVWZih hAvdr2UWfqvg4r5Fftj79QxquZxnOCrEDpneBmglPwaBo/CYcvmnb9gDD8txEkYS+pcw GCCw== X-Gm-Message-State: AOJu0Yy+0ub0k7ELoTi55sTH/HerT23s6csVCh+UJdRusIjj4dIVF+Wh CdJxOR+6jQRXRGi5+9W8C5QKzA== X-Received: by 2002:a05:6512:2808:b0:4fe:1f02:e54b with SMTP id cf8-20020a056512280800b004fe1f02e54bmr1743000lfb.56.1691658516875; Thu, 10 Aug 2023 02:08:36 -0700 (PDT) Received: from [10.43.1.246] ([83.142.187.84]) by smtp.gmail.com with ESMTPSA id s7-20020a19ad47000000b004fe83d228e4sm203930lfd.71.2023.08.10.02.08.35 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 10 Aug 2023 02:08:36 -0700 (PDT) Message-ID: <6c5157fd-0feb-bce0-c160-f8d89a06f640@semihalf.com> Date: Thu, 10 Aug 2023 11:08:34 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.13.1 Subject: Re: [PATCH v1 0/2] Add LSM access controls for io_uring_setup Content-Language: en-US From: Dmytro Maluka To: Paul Moore Cc: Jeffrey Vander Stoep , Gil Cukierman , Jens Axboe , Pavel Begunkov , James Morris , "Serge E. Hallyn" , Stephen Smalley , Eric Paris , kernel-team@android.com, linux-kernel@vger.kernel.org, io-uring@vger.kernel.org, linux-security-module@vger.kernel.org, selinux@vger.kernel.org, Joel Granados , Jeff Xu , Takaya Saeki , Tomasz Nowicki , Matteo Rizzo , Andres Freund References: <20221107205754.2635439-1-cukie@google.com> <54c8fd9c-0edd-7fea-fd7a-5618859b0827@semihalf.com> In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-4.3 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 8/9/23 19:28, Dmytro Maluka wrote: > So one of the questions I'm wondering about is: if Android implemented > preventing execution of any io_uring code by non-trusted processes > (via seccomp or any other way), how much would it help to reduce the > risk of attacks, compared to its current SELinux based solution? And why exactly I'm wondering about that: AFAICT, Android folks are concerned about the high likelihood of vulnerabilities in io_uring code just like we (ChromeOS folks) are, and that is the main reason why Android takes care of restricting io_uring usage in the first place.