Re: [GIT 4.9] LSM,security,selinux,smack: Backport of LSM changes

[Alexander Grund <theflamefire89@gmail.com>]

On 10.07.22 14:48, Greg KH wrote:
>>> What 4.4.y Android devices are still supported by their vendors?  And
>>> are they still getting kernel updates?
>>
>> Actually the issue is that those devices are not supported by their vendors anymore, so they may only get updates through LineageOS.
>> That is a third-party Android build where maintainers rely on proprietary binaries from the original phone which are tied to a specific kernel.
>> Hence when the device falls out of support having a 4.4 kernel in the last release there is no way for those maintainers to switch to a newer kernel.
>> That's the situation e.g. I am in right now: Providing (mostly) security updates for a good phone that fell out of vendor support
>> by using LineageOS for an updated Android system and e.g. the CIP maintained SLTS 4.4 kernel.
>> And I know of at least 2 other devices using the same kernel as they share the platform.
> 
> All of those devices that wish to keep working should just forward port
> their tree to newer kernel versions so that they can stay secure and
> working properly.  It is far easier to do that than to attempt to keep
> older kernel trees alive over time.  I've done both in the past and it's
> always simpler to move forward.
> 
> So why not just do that instead of attempting to keep these old kernels
> alive?  Do the effort once and then you can rely on the community's
> help.  Otherwise you are stuck on your own for forever.

Because forward porting is not possible.
As mentioned the original device vendor does no longer support those devices
so what the community has is a blob of binaries compiled against a specific
kernel version with no access to their sources.
As those binaries (mostly hardware "drivers") are required to use the device,
recompilation isn't possible and they are likely coupled to the kernel version
specific API/ABI "we" (me and maintainers of similar devices) have to stick to that kernel.
And given that a community supported/maintained 4.4 kernel exists
(as a SLTS kernel maintained under CIP) the situation seems to be common.

So I'm already relying on the community's help, CIP in this case.
And they rely on the 4.9 stable kernel and suggested that they only accept changes already present in 4.9.
So here I am with work I did for a specific 4.4 kernel giving that back to the wider community (4.9 and all downstream kernels).

Alex