TOMOYO

Fork

[tomoyo-users-en 299] About TOMOYO 1.8.1

• Previous message (by thread): [tomoyo-users-en 297] Re: domains: quota_exceeded
• Next message (by thread): [tomoyo-users-en 300] TOMOYO on twitter
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I'm planning to release TOMOYO 1.8.1 on 1st, April.

TOMOYO 2.2 was based on TOMOYO 1.6.x. TOMOYO 2.3 was based on TOMOYO 1.7.x.
TOMOYO 2.4 will be based on TOMOYO 1.8.x.

In TOMOYO 1.8.1, several bugs were fixed and a new feature targeted for
Android environment was added.

Recently, it seems that "how to protect Android from privilege escalation" is
getting a hot topic. Until now, policy had to be loaded by /sbin/ccs-init , but
the device which stores the policy files is not accessible from the early stage
of the boot procedure. This will increase the possibility of hijacking the boot
procedure and (e.g.) loading a malicious kernel module that disables the
protection. Therefore, I added support for embedding the policy files into the
kernel and activate protection (i.e. start "enforcing mode") without calling
/sbin/ccs-init .

The tutorial page ( http://tomoyo.sourceforge.jp/1.8-tmp/android-arm.html ) was
updated to use this feature. Although "using enforcing mode from the beginning"
does not guarantee that the protection does not get disabled by kernel mode
exploits, this will help protecting Android from privilege escalation.

In order to keep the filesize increment of the kernel by embedding the policy
files smaller, I also added support for packed policy format. Regarding file
and network operations, multiple lines that have the same arguments can be
packed into a single line. For example,

  file read /path/to/file
  file write /path/to/file
  file execute /path/to/file

can be packed into

  file read/write/execute /path/to/file

.

Also, until now, garbage collector was waiting for /proc/ccs/ users. But this
approach was rejected by upstream. Thus, I modified garbage collector not to
wait for /proc/ccs/ users. As a result, memory reclaim can start earlier than
now.



By the way, 2.6.38.2 was released and the pivot_root() deadlock bug was fixed.
You can now upgrade to 2.6.38 kernels.

By the way, binary packages for TOMOYO 1.6.x will be discontinued on 31th,
March. If you are using TOMOYO 1.6.x, you will need to build binary packages
by your hand.

Regards.

• Previous message (by thread): [tomoyo-users-en 297] Re: domains: quota_exceeded
• Next message (by thread): [tomoyo-users-en 300] TOMOYO on twitter
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]