From: Jakub Kicinski <kuba@kernel.org>
To: Li Li <dualli@chromium.org>
Cc: dualli@google.com, corbet@lwn.net, davem@davemloft.net,
edumazet@google.com, pabeni@redhat.com, donald.hunter@gmail.com,
gregkh@linuxfoundation.org, arve@android.com, tkjos@android.com,
maco@android.com, joel@joelfernandes.org, brauner@kernel.org,
cmllamas@google.com, surenb@google.com, arnd@arndb.de,
masahiroy@kernel.org, bagasdotme@gmail.com, horms@kernel.org,
linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org,
netdev@vger.kernel.org, hridya@google.com, smoreland@google.com,
kernel-team@android.com
Subject: Re: [PATCH net-next v7 2/2] binder: report txn errors via generic netlink
Date: Mon, 4 Nov 2024 08:19:28 -0800 [thread overview]
Message-ID: <20241104081928.7e383c93@kernel.org> (raw)
In-Reply-To: <CANBPYPj4VCYuhOTxPSHBGNtpRyG5wRzuMxRB49eSDXXjrxb7TA@mail.gmail.com>
On Sun, 3 Nov 2024 22:25:44 -0800 Li Li wrote:
> > You're trying to register multiple families with different names?
> > The family defines the language / protocol. If you have multiple
> > entities to multiplex you should do that based on attributes inside
> > the messages.
>
> My initial plan was to use a single "binder" family, which was more
> straightforward and cleaner. As Android uses multiple binder contexts
> to isolate system framework and vendor domains[1], Grek KH suggested
> the netlink messages from different binder contexts should also be
> isolated for security reason[2]. Personally I'm fine with either
> approach. Please kindly advice which implementation is better.
>
> And I'll fix other issues you mentioned above.
Greg is obviously right, but using different family names will not help
you in any way. There is no action of "opening" a socket for a generic
netlink family, one generic netlink socket can talk to all families.
The only built in checking netlink provides is that you can declare
an operation as requiring admin privileges, or network capability
(namespaced or global).
Unless those are good enough for you - I think you should do all
the security isolation within your code, manually.
next prev parent reply other threads:[~2024-11-04 16:19 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-31 9:25 [PATCH net-next v7 0/2] binder: report txn errors via generic netlink Li Li
2024-10-31 9:25 ` [PATCH net-next v7 1/2] tools: ynl-gen: allow uapi headers in sub-dirs Li Li
2024-10-31 9:25 ` [PATCH net-next v7 2/2] binder: report txn errors via generic netlink Li Li
2024-11-03 23:15 ` Jakub Kicinski
2024-11-04 6:25 ` Li Li
2024-11-04 16:19 ` Jakub Kicinski [this message]
2024-11-04 17:12 ` Li Li
2024-11-05 2:41 ` Jakub Kicinski
2024-11-05 21:00 ` Li Li
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241104081928.7e383c93@kernel.org \
--to=kuba@kernel.org \
--cc=arnd@arndb.de \
--cc=arve@android.com \
--cc=bagasdotme@gmail.com \
--cc=brauner@kernel.org \
--cc=cmllamas@google.com \
--cc=corbet@lwn.net \
--cc=davem@davemloft.net \
--cc=donald.hunter@gmail.com \
--cc=dualli@chromium.org \
--cc=dualli@google.com \
--cc=edumazet@google.com \
--cc=gregkh@linuxfoundation.org \
--cc=horms@kernel.org \
--cc=hridya@google.com \
--cc=joel@joelfernandes.org \
--cc=kernel-team@android.com \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=maco@android.com \
--cc=masahiroy@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=smoreland@google.com \
--cc=surenb@google.com \
--cc=tkjos@android.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).