diff options
| author | John Stultz <john.stultz@linaro.org> | 2015-11-17 08:35:54 -0800 |
|---|---|---|
| committer | Mister Oyster <oysterized@gmail.com> | 2017-04-11 10:57:32 +0200 |
| commit | c9447cffbb3d428d821d29e5f6836464fdb6b5bf (patch) | |
| tree | ddaa99e4af54220559b93e117b2a240ec9ab534e /kernel/exec_domain.c | |
| parent | 5c7d95865a18e7e159ce4c4dddfd72bd049ff41d (diff) | |
ANDROID: exec_domains: Disable request_module() call for personalities
With Android M, Android environments use a separate execution
domain for 32bit processes.
See:
https://android-review.googlesource.com/#/c/122131/
This results in systems that use kernel modules to see selinux
audit noise like:
type=1400 audit(28.989:15): avc: denied { module_request } for
pid=1622 comm="app_process32" kmod="personality-8"
scontext=u:r:zygote:s0 tcontext=u:r:kernel:s0 tclass=system
While using kernel modules is unadvised, some systems do require
them.
Thus to avoid developers adding sepolicy exceptions to allow for
request_module calls, this patch disables the logic which tries
to call request_module for the 32bit personality (ie:
personality-8), which doesn't actually exist.
Change-Id: I6885347e69d5778e69ad5312f56f389be7bb4883
Signed-off-by: John Stultz <john.stultz@linaro.org>
Diffstat (limited to 'kernel/exec_domain.c')
| -rw-r--r-- | kernel/exec_domain.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/kernel/exec_domain.c b/kernel/exec_domain.c index 0dbeae374..36cc21da4 100644 --- a/kernel/exec_domain.c +++ b/kernel/exec_domain.c @@ -68,7 +68,14 @@ lookup_exec_domain(unsigned int personality) goto out; } -#ifdef CONFIG_MODULES +/* + * Disable the request_module here to avoid trying to + * load the personality-8 module, which doesn't exist, + * and results in selinux audit noise. + * Disabling this here avoids folks adding module_request + * to their sepolicy, which is maybe too generous + */ +#if 0 read_unlock(&exec_domains_lock); request_module("personality-%d", pers); read_lock(&exec_domains_lock); |