Google Git
Sign in
fuchsia / fuchsia / 4c45952bd961dfad3a30288040e07acddbbce749
commit4c45952bd961dfad3a30288040e07acddbbce749[log] [tgz]
authorMark Dittmer <markdittmer@google.com>Fri Nov 15 18:11:22 2024 +0000
committerCQ Bot <fuchsia-internal-scoped@luci-project-accounts.iam.gserviceaccount.com>Fri Nov 15 18:11:22 2024 +0000
tree98638e0bf74c418fb2e48262e8c6c8cf2d02421b
parent11b628da03383221f35fa48b06747fdb3babab04 [diff]
[sestarnix] Stash /sys/fs/selinux/null file handle and use it to enforce fd use

This change stashes a `FileHandle` to `/sys/fs/selinux/null` during
selinuxfs initialization. The `FileHandle` is then used to remap file
descriptors to null when they become inaccessible on exec (according to policy).

Follow-up work will directly test the replace-with-null behaviour from
userspace.

Bug: b/322843830
Change-Id: I0ffb21f6bcf4149101d319066beae16be2e681d2
Reviewed-on: https://fuchsia-review.googlesource.com/c/fuchsia/+/1147656
Reviewed-by: Wez <wez@google.com>
Commit-Queue: Auto-Submit <auto-submit@fuchsia-infra.iam.gserviceaccount.com>
Fuchsia-Auto-Submit: Mark Dittmer <markdittmer@google.com>
10 files changed
tree: 98638e0bf74c418fb2e48262e8c6c8cf2d02421b
  1. boards/
  2. build/
  3. bundles/
  4. docs/
  5. examples/
  6. infra/
  7. products/
  8. scripts/
  9. sdk/
  10. src/
  11. third_party/
  12. tools/
  13. zircon/
  14. .clang-format
  15. .clang-tidy
  16. .editorconfig
  17. .git-blame-ignore-revs
  18. .gitattributes
  19. .gitignore
  20. .gitmodules
  21. .gn
  22. .ignore
  23. analysis_options.yaml
  24. AUTHORS
  25. BUILD.gn
  26. CODE_OF_CONDUCT.md
  27. CONTRIBUTING.md
  28. fuchsia.code-workspace
  29. LICENSE
  30. OWNERS
  31. PATENTS
  32. pyproject.toml
  33. pyrightconfig.json
  34. README.md
  35. rustfmt.toml
  36. shac.star
  37. shac.textproto
README.md

Fuchsia

What is Fuchsia?

Fuchsia is an open source, general purpose operating system supporting modern 64-bit Intel and ARM processors.

We expect everyone interacting with our project to respect our code of conduct.

Read more about Fuchsia's principles.

How can I build and run Fuchsia?

See Getting Started.

Where can I learn more about Fuchsia?

See fuchsia.dev.