From: Joshua Brindle <brindle@quarksecurity.com>
To: selinux@tycho.nsa.gov
Subject: Re: Announcing SPAN: SELinux Policy Analysis Notebook
Date: Sun, 07 May 2017 15:42:50 -0400 [thread overview]
Message-ID: <590F78BA.5040800@quarksecurity.com> (raw)
In-Reply-To: <20170507154759.GA31890@julius>
Dominick Grift wrote:
> On Sun, May 07, 2017 at 11:22:00AM -0400, Joshua Brindle wrote:the
>> Dominick Grift wrote:
>> <snip>
>>
>>> The idea is nice, unfortunately its inflexible and it has hard-references to reference policy all-over. It has potential but it is still rough.
>>>
>> Of course, it is an analysis of a refpolicy-based policy. If you want to
>> analyze a different policy (e.g., Android or home-rolled) you will have to
>> change out all of the type sets, etc.
>>
>> You can't make a magic generic analysis script without knowing how key parts
>> of the system work and what types are associated with those components.
>
> What do you mean? that for example that hard-coded array of "trusted" types. Is that not just redundant.
>
you mean the example trusted types? I'm not sure I understand your concern.
> Can't i just create that array myself and use it to exlude rules with types in that array? That was one does not have to hard-code it.
>
It is python, you can do anything you want. The example notebook is a
starting point, anyone doing an analysis would probably make major
changes for their analysis, which is the point. You modify the notebook
to build a usable analysis between the starting policy and the policy
you are analyzing.
I've thought about trying this on an Android policy but haven't made it
a priority.
> Also with regard to hardcoding the refpolicy file system (ps.load_policy_source). I mean if youre just going to `grep -r` then why do we have to assume anything there and hard code file suffixed, directory structures etc etc?
next prev parent reply other threads:[~2017-05-07 19:43 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-05 18:27 Announcing SPAN: SELinux Policy Analysis Notebook Karl MacMillan
2017-05-06 14:03 ` Dominick Grift
2017-05-06 16:19 ` Dominick Grift
2017-05-06 17:19 ` Dominick Grift
2017-05-07 9:39 ` Dominick Grift
2017-05-08 19:23 ` Karl MacMillan
2017-05-08 19:32 ` Dominick Grift
2017-05-08 19:40 ` Karl MacMillan
2017-05-07 15:22 ` Joshua Brindle
2017-05-07 15:47 ` Dominick Grift
2017-05-07 19:42 ` Joshua Brindle [this message]
2017-05-07 19:53 ` Dominick Grift
2017-05-08 19:41 ` Karl MacMillan
2017-05-08 8:55 ` Dominick Grift
2017-05-08 9:32 ` Dominick Grift
2017-05-08 19:36 ` Karl MacMillan
2017-05-08 19:49 ` Dominick Grift
2017-05-08 20:09 ` Karl MacMillan
2017-05-08 20:40 ` Dominick Grift
2017-05-08 21:47 ` Dominick Grift
2017-05-08 22:01 ` Dominick Grift
2017-05-09 15:25 ` Karl MacMillan
2017-05-09 16:12 ` Joshua Brindle
2017-05-09 15:21 ` Karl MacMillan
2017-05-09 16:15 ` Dominick Grift
2017-05-09 16:47 ` Dominick Grift
2017-05-09 17:45 ` Dominick Grift
2017-05-07 16:24 ` Dominick Grift
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=590F78BA.5040800@quarksecurity.com \
--to=brindle@quarksecurity.com \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.