http://kernsec.org/wiki/index.php?action=history&feed=atom&title=Linux_Security_Summit_2015%2FAbstracts%2FVander_Stoep 2026-04-20T17:01:51Z Revision history for this page on the wiki MediaWiki 1.36.1 http://kernsec.org/wiki/index.php?title=Linux_Security_Summit_2015/Abstracts/Vander_Stoep&diff=3580&oldid=prev 2015-07-01T13:52:38Z

<p>Created page with &quot;== Title == Ioctl Command Whitelisting in SELinux == Presenter == Jeffrey Vander Stoep, Google == Abstract == Ioctls provide many of the capabilities necessary for device...&quot;</p> <p><b>New page</b></p><div>== Title ==<br /> <br /> Ioctl Command Whitelisting in SELinux<br /> <br /> == Presenter ==<br /> <br /> Jeffrey Vander Stoep, Google<br /> <br /> == Abstract ==<br /> <br /> Ioctls provide many of the capabilities necessary for device control,<br /> ranging from benign functionality to critical operations or access to<br /> sensitive information. Some system capabilities, e.g. chown, kill,<br /> setuid, ipc_lock, etc are granted on a per capability basis. Ioctls on<br /> the other hand are granted on a per file descriptor basis, meaning<br /> that the set of ioctl capabilities provided by the file descriptor are<br /> granted all-or-nothing, even when only a subset may be needed. A<br /> single file descriptor may provide access to hundreds of capabilities.<br /> To restrict applications to their needed subset of capabilities,<br /> selinux permissions have been extended to allow per-command<br /> whitelisting of ioctls. The discussion will include demonstration of<br /> attack surface reduction, bugs made unreachable, and improvements for<br /> user privacy. We will also share challenges and findings from<br /> deployment in Android M-preview.</div>

JamesMorris