From: Laura Abbott <labbott@redhat.com>
To: Benjamin Gaignard <benjamin.gaignard@linaro.org>,
Mark Brown <broonie@kernel.org>
Cc: "Sandeep Patil" <sspatil@google.com>,
driverdevel <devel@driverdev.osuosl.org>,
"Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
"Arve Hjønnevåg" <arve@android.com>,
"dri-devel@lists.freedesktop.org"
<dri-devel@lists.freedesktop.org>,
"Linux Kernel Mailing List" <linux-kernel@vger.kernel.org>,
"Riley Andrews" <riandrews@android.com>,
linux-api@vger.kernel.org,
"Sumit Semwal" <sumit.semwal@linaro.org>,
"Dan Carpenter" <dan.carpenter@oracle.com>
Subject: Re: [PATCH v5 2/2] staging: ion: create one device entry per heap
Date: Mon, 9 Oct 2017 14:25:47 -0700 [thread overview]
Message-ID: <e3f91eff-df33-e203-2ce2-1f1dc98236ef@redhat.com> (raw)
In-Reply-To: <CA+M3ks5ZCUdTU5qU=Xi-MXXJQS6X-x=7qqs-5Myi7zeAAi8mJg@mail.gmail.com>
On 10/05/2017 06:06 AM, Benjamin Gaignard wrote:
> 2017-10-04 12:17 GMT+02:00 Mark Brown <broonie@kernel.org>:
>> On Tue, Oct 03, 2017 at 04:08:30PM -0700, Sandeep Patil wrote:
>>
>>> It is entirely possible and easy in android/ueventd to create those nodes
>>> under "/dev/ion/". (assuming the heap 'subsystem' for these new devices will
>>> point to 'ion').
>
> I think it is the same problem than for webcam under v4l framework.
> Each time you plug a webcam you got a v4l node but android/uevent rules
> the plug order doesn't have impact.
> The same think will happen for ion nodes it may be even easier because
> the heap will always being created in the smae order for a given product
> configuration.
>
Relying on the heap being created in the same order seems troublesome.
If for some reason it changes in the kernel we might break something
in userspace.
Anyway, to move this forward I think we need to see a proof of concept
of using selinux to protect access to specific heaps.
Thanks,
Laura
>>
>> The reason I didn't say /dev/ion/foo initially is that if people want to
>> keep the existing /dev/ion around for compatibility reasons then the
>> /dev/ion name isn't available which might cause issues. Otherwise just
>> dumping everything under a directory (perhaps with a different name) was
>> my first thought as well.
>>
>>> (Also FWIW, the SELinux permissions are also possible with the current ion
>>> implementation by adding rules to disallow specific ioctls instead of adding
>>> permissions to access device node as this change would do)
>>
>> AIUI the request is to limit access to specific heaps, and obviously not
>> everyone wants to deal with SELinux at all.
next prev parent reply other threads:[~2017-10-09 21:25 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-09-27 13:20 [PATCH v5 0/2] staging: ion: get one device per heap Benjamin Gaignard
2017-09-27 13:20 ` [PATCH v5 1/2] staging: ion: simplify ioctl args checking function Benjamin Gaignard
2017-10-09 9:21 ` Benjamin Gaignard
2017-10-09 16:45 ` Laura Abbott
2017-09-27 13:20 ` [PATCH v5 2/2] staging: ion: create one device entry per heap Benjamin Gaignard
[not found] ` <1506518409-16887-3-git-send-email-benjamin.gaignard-QSEj5FYQhm4dnm+yROfE0A@public.gmane.org>
2017-10-02 18:07 ` Laura Abbott
2017-10-03 16:48 ` Mark Brown
2017-10-03 21:42 ` Laura Abbott
[not found] ` <2417c969-357f-d5d9-153a-2180d09b0dc6-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2017-10-03 23:08 ` Sandeep Patil
[not found] ` <20171003230830.GA132839-MgWQydg8T0mvj1b/ULB3ZwqCisvMvsWYTsK6IJ4gZTFBDgjK7y7TUQ@public.gmane.org>
2017-10-03 23:37 ` Laura Abbott
2017-10-04 10:17 ` Mark Brown
2017-10-05 13:06 ` Benjamin Gaignard
2017-10-09 21:25 ` Laura Abbott [this message]
2017-10-09 22:08 ` Mark Brown
2017-10-10 0:10 ` Laura Abbott
2017-10-10 9:11 ` Mark Brown
2017-10-16 22:09 ` Laura Abbott
[not found] ` <2a9246e0-eafa-7812-6cf4-2482ff1ed158-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2017-10-17 12:39 ` Benjamin Gaignard
2017-10-18 20:07 ` Laura Abbott
[not found] ` <bff3d0c7-110d-d702-165b-855daaca6382-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2017-10-23 15:19 ` Benjamin Gaignard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e3f91eff-df33-e203-2ce2-1f1dc98236ef@redhat.com \
--to=labbott@redhat.com \
--cc=arve@android.com \
--cc=benjamin.gaignard@linaro.org \
--cc=broonie@kernel.org \
--cc=dan.carpenter@oracle.com \
--cc=devel@driverdev.osuosl.org \
--cc=dri-devel@lists.freedesktop.org \
--cc=gregkh@linuxfoundation.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=riandrews@android.com \
--cc=sspatil@google.com \
--cc=sumit.semwal@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).