Closed Bug 1221799 Opened 9 years ago Closed 7 years ago

[META] Tracking bug for tightening the generic B2G SELinux policies

Categories

(Firefox OS Graveyard :: GonkIntegration, defect)

Product:
Firefox OS Graveyard
Component:
GonkIntegration
Platform:
ARM
Gonk (Firefox OS)
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: tedd, Unassigned)

References

Details

So far SELinux rules on B2G are created by converting the denials in the log file to rules using audit2allow. This approach results in a long list of allow statements [1] which leads to a very loose restriction and therefore a weak sandbox.

This bug should be used to track all the efforts to tighten the generic b2g policies (device independent) which are located in gonk-misc/sepolicy [2]

[1] https://github.com/mozilla-b2g/gonk-misc/blob/cc2d4f76e25677edb9016ce8c36b8ef24338489d/sepolicy/b2g.te
[2] https://github.com/mozilla-b2g/gonk-misc/tree/cc2d4f76e25677edb9016ce8c36b8ef24338489d/sepolicy
Depends on: 1221803
Depends on: 1224248
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.