Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp3016956ybv;
        Mon, 24 Feb 2020 16:27:58 -0800 (PST)
X-Google-Smtp-Source: APXvYqytubQrUqkZ/cwuVV11d1QRIZiXrZNjZmV1HVRP8LRbwlkP1XHGtMFFdIXv1RvgwpOIQs1v
X-Received: by 2002:a9d:6ac2:: with SMTP id m2mr42791053otq.191.1582590478061;
        Mon, 24 Feb 2020 16:27:58 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1582590478; cv=none;
        d=google.com; s=arc-20160816;
        b=T2pzrqBW+o2xXevJ1WGuFAHcv4AUGWdT87QFkfQFp/wNO+vVEkNAemQoKvcugFb8Hn
         G+hxBA8CDLY3+rsPPkGWyBxB8hCfnPsDe3y4Z8QQr545w4LHWmHZW8lSnTNC8THpKWTV
         7UNY/cd1Lozto83czTPMsGuJdvyOmAyoVtrRZILT1cYD4fM+FXwoZdWrrSwjrASmOLpC
         aEa4XIF+ITFzCvmliBchZQ+U+OjyWGsBlGClCw4kE94ZJNkMe5/U/i6y/TgrM6af0pA8
         4rmTSro2GaHVZUTneUTKqjbRCIR+HLnuEOgW/KSNgzq2MPoJ4Ziaz1kcgBhp7KrMGq9r
         qn4g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:reply-to:to:from
         :dkim-signature:dkim-signature;
        bh=ApwbTZB/C11qX5HqFQ4IvPwNBqFziP4M+aftgsXr/Bs=;
        b=YBWUeXgwOeCg9bUi5XAcahRlOX6cIljGz18fA+gexrLibt1MssHOh8eRc357uMUO9E
         fCGMyGSvATDjOo65181ULVDaQhzi/DDdqWH0SsGez2r5Q9lGbmz1lrkAxqccWQi1+LXG
         QSIN6uNQYBGrUis5FH3dx6BX5FGlXH8Tf6x6CqTD/o45SUPNnKfoBvXWywNaoxQf3Xcf
         GHN0Eu2TMWezqVDLHUNqumCeWtKHKYEPjNnhZeQeiUqLjDts1SAIpM0UJXmE/eZM6Cnu
         QhK8+jpNSBk3yXATLXaHr5SuauSd523VJEOza7EAc32tNjlHWewykrjZMh57dHSa8Twe
         yyLw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@coker.com.au header.s=2008 header.b=S9xCI8zS;
       dkim=pass header.i=@coker.com.au header.s=2008 header.b=sCsKQMDQ;
       spf=pass (google.com: best guess record for domain of selinux-refpolicy-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=coker.com.au
Return-Path: <selinux-refpolicy-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id m25si6908510otn.208.2020.02.24.16.27.52;
        Mon, 24 Feb 2020 16:27:58 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of selinux-refpolicy-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@coker.com.au header.s=2008 header.b=S9xCI8zS;
       dkim=pass header.i=@coker.com.au header.s=2008 header.b=sCsKQMDQ;
       spf=pass (google.com: best guess record for domain of selinux-refpolicy-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=coker.com.au
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728578AbgBYA1a (ORCPT <rfc822;toiwoton@gmail.com> + 14 others);
        Mon, 24 Feb 2020 19:27:30 -0500
Received: from smtp.sws.net.au ([46.4.88.250]:34170 "EHLO smtp.sws.net.au"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1728087AbgBYA1a (ORCPT
        <rfc822;selinux-refpolicy@vger.kernel.org>);
        Mon, 24 Feb 2020 19:27:30 -0500
Received: by smtp.sws.net.au (Postfix, from userid 116)
        id 1B71CEC82; Tue, 25 Feb 2020 11:27:28 +1100 (AEDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=coker.com.au;
        s=2008; t=1582590449;
        bh=ApwbTZB/C11qX5HqFQ4IvPwNBqFziP4M+aftgsXr/Bs=; l=1836;
        h=From:To:Reply-To:Cc:Subject:Date:In-Reply-To:References:From;
        b=S9xCI8zSQ5x/VSSAX5AstPbr5j3OmE8JQNvpP6sGGYGlg+cTO6EM+VnebakGcoRCu
         uUExUojq2x/qNSpRJ6hNA3r4gvBmN3i+2eBECo8KDkTxAjueVLhkbhx7ArSWzSy7kO
         tlboGm2lO42qtN+G+Qfrxd3jh1Rv38u1JK9hUljc=
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on swssmtp
X-Spam-Level: 
X-Spam-ASN:  
X-Spam-Status: No, score=-101.1 required=5.0 tests=ALL_TRUSTED=-1,
        DKIM_SIGNED=0.1,DKIM_VALID=-0.1,DKIM_VALID_AU=-0.1,
        USER_IN_WHITELIST=-100 autolearn=disabled version=3.4.2
X-Spam-Languages: en
Received: from xev.coker.com.au (localhost [127.0.0.1])
        by smtp.sws.net.au (Postfix) with ESMTP id 682E0EC82;
        Tue, 25 Feb 2020 11:27:27 +1100 (AEDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=coker.com.au;
        s=2008; t=1582590447;
        bh=ApwbTZB/C11qX5HqFQ4IvPwNBqFziP4M+aftgsXr/Bs=; l=1836;
        h=From:To:Reply-To:Cc:Subject:Date:In-Reply-To:References:From;
        b=sCsKQMDQtb4DLfimk46vEoyky0Bsbt4jslcAGUDgdPygHsS9UUdVx8hLCfGiU2H1x
         9/vH0hTQa9+22MTtmNEYDVJ0lrvys+ASfF6lkPT+tXbg2bJZkL+i6JYmTSon/eFfaW
         rcdtfBVcJVKE6c27BN35I79OJg0BpcYQOf7i6Xok=
Received: by xev.coker.com.au (Postfix, from userid 1001)
        id 011C6F37865; Tue, 25 Feb 2020 11:27:22 +1100 (AEDT)
From:   Russell Coker <russell@coker.com.au>
To:     Topi Miettinen <toiwoton@gmail.com>
Reply-To: russell@coker.com.au
Cc:     selinux-refpolicy@vger.kernel.org
Subject: Re: Access to raw memory: remove or make boolean?
Date:   Tue, 25 Feb 2020 11:27:22 +1100
Message-ID: <2012273.jey3ENlaR0@xev>
In-Reply-To: <710a52cc-5b72-e833-9ac6-4289b1bc0b61@gmail.com>
References: <11011d01-844e-c526-a85f-92a7fc985d16@gmail.com> <2111138.8pYWFqxgyc@xev> <710a52cc-5b72-e833-9ac6-4289b1bc0b61@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 7Bit
Content-Type: text/plain; charset="us-ascii"
Sender: selinux-refpolicy-owner@vger.kernel.org
Precedence: bulk
List-ID: <selinux-refpolicy.vger.kernel.org>
X-Mailing-List: selinux-refpolicy@vger.kernel.org

On Tuesday, 25 February 2020 2:56:01 AM AEDT Topi Miettinen wrote:
> The PR would make all these conditional to new boolean,
> allow_raw_memory_access.

So if someone needs one of those many accesses (klogd_t or hald_t seems 
likely) then they also get access for things that aren't needed on most 
systems nowadays (EG xserver_t) and things that never made any sense (such as 
colord_t).

I think it would be best to remove most of those /dev/mem access rules and add 
them back only after testing with recent software and comments about why they 
are needed.

> > A quick grep of the latest policy turned up the above access to /dev/mem. 
> > Do ddcprobe_t, vbetool_t, and the X server still do that?  mcelog_t, and
> > klogd_t might have good uses, as might sosreport_t (don't even know what
> > it does but guessing it's like klogd_t).  rpm_t should maybe transition
> > to a different domain for whatever it was doing and the same for kudzo_t.
> >  Vmware  is a bit ugly, so vmware_t might actually do that.  iscsi_t,
> > mdadm_t, colord_t, and initrc_t should never have needed that.  hald_t,
> > hald_mac_t and
> > devicekit_disk_t might have needed it, but hopefully that was fixed a long
> > time ago.
> > 
> > Interestingly bootloader_t doesn't have such access even though a quick
> > inspection of the LILO source code shows that it still probes the boot
> > order by directly reading the BIOS memory.  I guess no-one uses LILO with
> > SE Linux.
> I also don't know most of these programs. Direct memory access was
> probably needed for X server during SVGA times, at least NVIDIA driver
> on my system does not seem to need it.

I think it was needed before KMS.  Is it even possible to run without KMS 
nowadays?

-- 
My Main Blog         http://etbe.coker.com.au/
My Documents Blog    http://doc.coker.com.au/