Commit a9ac1262 authored Nov 17, 2015 by John Stultz Committed by Mark Salyzyn Nov 17, 2015

ANDROID: exec_domains: Disable request_module() call for personalities

With Android M, Android environments use a separate execution
domain for 32bit processes.
See:
https://android-review.googlesource.com/#/c/122131/



This results in systems that use kernel modules to see selinux
audit noise like:
  type=1400 audit(28.989:15): avc: denied { module_request } for
  pid=1622 comm="app_process32" kmod="personality-8"
  scontext=u:r:zygote:s0 tcontext=u:r:kernel:s0 tclass=system

While using kernel modules is unadvised, some systems do require
them.

Thus to avoid developers adding sepolicy exceptions to allow for
request_module calls, this patch disables the logic which tries
to call request_module for the 32bit personality (ie:
personality-8), which doesn't actually exist.

Change-Id: I6885347e69d5778e69ad5312f56f389be7bb4883
Signed-off-by: John Stultz <john.stultz@linaro.org>

parent 0549ddb9

kernel/exec_domain.c

+8 −1

Original line number	Diff line number	Diff line
		@@ -68,7 +68,14 @@ lookup_exec_domain(unsigned int personality)
		goto out;
		}

		#ifdef CONFIG_MODULES
		/*
		* Disable the request_module here to avoid trying to
		* load the personality-8 module, which doesn't exist,
		* and results in selinux audit noise.
		* Disabling this here avoids folks adding module_request
		* to their sepolicy, which is maybe too generous
		*/
		#if 0
		read_unlock(&exec_domains_lock);
		request_module("personality-%d", pers);
		read_lock(&exec_domains_lock);