Tetsuo Handa
from-****@I-lov*****
Sat Mar 5 17:38:25 JST 2011
Jamie Nguyen wrote: > Oh yes, of course. I forgot about this kernel config option! Thanks > for the explanation. I added built-in policy support to TOMOYO 1.8 (revision 4684). The built-in policy support is a superset of CONFIG_CCSECURITY_BUILTIN_INITIALIZERS . The result will look like below. Never mind the kernel panic. This is merely I didn't supply enough built-in policy. [ 2.284858] Trying to unpack rootfs image as initramfs... [ 2.345069] debug: unmapping init memory dfc96000..dfee0000 [ 2.399559] DMA-API: preallocated 32768 debug entries [ 2.400113] DMA-API: debugging enabled by kernel config [ 2.402539] Simple Boot Flag at 0x36 set to 0x1 [ 2.412571] apm: BIOS version 1.2 Flags 0x03 (Driver version 1.16ac) [ 2.413196] apm: disabled - APM is not SMP safe. [ 2.427354] Initializing RT-Tester: OK [ 2.434723] Hook version: 2.6.38-rc7 2011/03/02 [ 2.436127] msgmni has been set to 972 [ 2.438354] CCSecurity: 1.8.0+ 2011/03/01 [ 2.438369] Mandatory Access Control activated. [ 2.442470] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 254) [ 2.443705] io scheduler noop registered [ 2.444442] io scheduler deadline registered [ 2.445716] io scheduler cfq registered (default) [ 2.544181] pci_hotplug: PCI Hot Plug PCI Core version: 0.5 [ 2.725974] Serial: 8250/16550 driver, 4 ports, IRQ sharing enabled [ 3.000402] serial8250: ttyS0 at I/O 0x3f8 (irq = 4) is a 16550A [ 3.278403] serial8250: ttyS1 at I/O 0x2f8 (irq = 3) is a 16550A [ 3.323152] 00:09: ttyS0 at I/O 0x3f8 (irq = 4) is a 16550A [ 3.352324] 00:0a: ttyS1 at I/O 0x2f8 (irq = 3) is a 16550A [ 3.363520] Non-volatile memory driver v1.3 [ 3.363710] Linux agpgart interface v0.103 [ 3.370454] agpgart-intel 0000:00:00.0: Intel 440BX Chipset [ 3.372328] agpgart-intel 0000:00:00.0: AGP aperture is 256M @ 0x0 [ 3.409088] brd: module loaded [ 3.409104] Uniform Multi-Platform E-IDE driver [ 3.411525] ide-gd driver 1.18 [ 3.412280] ide-cd driver 5.00 [ 3.415989] i8042: PNP: PS/2 Controller [PNP0303:KBC,PNP0f13:MOUS] at 0x60,0x64 irq 1,12 [ 3.926337] serio: i8042 KBD port at 0x60,0x64 irq 1 [ 3.926815] serio: i8042 AUX port at 0x60,0x64 irq 12 [ 3.930988] mousedev: PS/2 mouse device common for all mice [ 3.932491] cpuidle: using governor ladder [ 3.935866] TCP bic registered [ 3.936659] NET: Registered protocol family 17 [ 3.939696] Using IPI No-Shortcut mode [ 3.942397] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input0 [ 3.954513] Warning: unable to open an initial console. [ 3.954858] debug: unmapping init memory c084d000..c0d2d000 [ 3.955867] Write protecting the kernel text: 2904k [ 3.956757] Testing CPA: Reverting c0400000-c06d6000 [ 3.957808] Testing CPA: write protecting again [ 3.958876] Write protecting the kernel read-only data: 1196k [ 3.959764] Testing CPA: undo c06d6000-c0801000 [ 3.960810] Testing CPA: write protecting again [ 3.964749] Failed to execute /init [ 3.965536] Kernel panic - not syncing: No init found. Try passing init= option to kernel. See Linux Documentation/init.txt for guidance. [ 3.966844] Pid: 1, comm: swapper Not tainted 2.6.38-rc7-ccs #2 [ 3.966860] Call Trace: [ 3.966876] [<c043f80a>] ? panic+0x5a/0x180 [ 3.966891] [<c0401339>] ? init_post+0xa9/0xb0 [ 3.967807] [<c084db03>] ? kernel_init+0x1b3/0x230 [ 3.967823] [<c084d950>] ? kernel_init+0x0/0x230 [ 3.967838] [<c040317a>] ? kernel_thread_helper+0x6/0x1c Note that MAC is enabled before /init in initramfs is executed. On Android, many operations are done before /system and /data partitions (where the policy would be stored) becomes ready. Currently /sbin/ccs-init and it's dependent libraries and policy files are stored into initramfs. But by using built-in policy, it will become more difficult to hijack the boot process. I think built-in policy support is helpful for using TOMOYO on Android because boot process (e.g. mounting /system and /data partitions) seems to be constify-able.