[refpolicy] udisks2 and /dev/mem

All of lore.kernel.org
 help / color / mirror / Atom feed

From: russell@coker.com.au (Russell Coker)
To: refpolicy@oss.tresys.com
Subject: [refpolicy] udisks2 and /dev/mem
Date: Fri, 16 Feb 2018 16:59:27 +1100	[thread overview]
Message-ID: <2090583.M0PCVYQvNm@liv> (raw)
In-Reply-To: <2164891.hfskaxh8Hi@liv>

On Thursday, 15 February 2018 11:36:51 PM AEDT Russell Coker wrote:
> > Therefore I can only make a blind guess that a udisksd component is
> > crawling /dev and performs a call to access("/dev/mem") to test
> > whether this file is readable. Did you have a "type=SYSCALL" entry
> > next to the AVC in audit.log, which would tell whether the denied
> > access was caused by access() or open()?
> 
> It's openat.  Thanks for suggesting looking for the syscall, it explains why
> my grep for /dev/mem in udisks2 and all the shared objects it loads didn't
> turn up any matches.  I'll try and get udisks2 to run under gdb and see
> what that reveals.

In the source file parted-3.2/libparted/labels/gpt.c from libparted we have 
the function ped_disk_gpt_init() which calls the function 
dmi_system_manufacturer() that calls the mem_chunk() function to get access to 
system memory for EFI data.  Access to system memory is via /dev/mem.

That function is called from call_init() so it looks like a libparted init 
issue, so udisks2 probably isn't even requesting that data.

It's strange that my laptop is the only one of my systems to trigger this as 
it only has a 180G disk that uses the old PC partition table.

dev_rx_raw_memory(devicekit_disk_t)

I'll submit a patch to add the above in a later message.

-- 
My Main Blog         http://etbe.coker.com.au/
My Documents Blog    http://doc.coker.com.au/

next prev parent reply	other threads:[~2018-02-16  5:59 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-02-14  4:03 [refpolicy] udisks2 and /dev/mem Russell Coker
2018-02-15 11:40 ` Nicolas Iooss
2018-02-15 12:36   ` Russell Coker
2018-02-16  5:59     ` Russell Coker [this message]
2018-02-16 10:04       ` Nicolas Iooss
2018-02-16 11:05         ` Russell Coker

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=2090583.M0PCVYQvNm@liv \
    --to=russell@coker.com.au \
    --cc=refpolicy@oss.tresys.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.