LSM policy options for new GPIO kernel driver interface
Weber, Matthew L Collins
Matthew.Weber at collins.com
Mon Aug 2 17:08:14 UTC 2021
Since the 5.10 kernel, the GPIO subsystem has migrated from a sysfs based GPIO export method  (everything is a file) to a character device + library. The new framework provides users with signal debouncing and other features that benefit embedded products. The legacy method allowed fine policy control of who can export / set / get the GPIO state. We have not found a similar security policy path with the new approach. Has anyone brainstormed strategies for the new character device-based interface without adding a userspace broker to enforce another level of rules? The ideal case would be to keep all the controls within the SELinux refpolicy such that testing can be all-inclusive.
I'd be interested in what people think, such that I can prepare a university research project submission for Fall 2021 to build a prototype.
More information about the Linux-security-module-archive