Re: [PATCH 2/3] security: add symbol namespace for reading file data

From: Luis Chamberlain
Date: Wed May 13 2020 - 12:16:27 EST


On Wed, May 13, 2020 at 10:40:31AM -0500, Eric W. Biederman wrote:
> Luis Chamberlain <mcgrof@xxxxxxxxxx> writes:
>
> > Certain symbols are not meant to be used by everybody, the security
> > helpers for reading files directly is one such case. Use a symbol
> > namespace for them.
> >
> > This will prevent abuse of use of these symbols in places they were
> > not inteded to be used, and provides an easy way to audit where these
> > types of operations happen as a whole.
>
> Why not just remove the ability for the firmware loader to be a module?
>
> Is there some important use case that requires the firmware loader
> to be a module?
>
> We already compile the code in by default. So it is probably just
> easier to remove the modular support all together. Which would allow
> the export of the security hooks to be removed as well.

Yeah, that's a better solution. The only constaint I am aware of is
we *cannot* change the name of the module from firmware_class since the
old fallback sysfs loader depends on the module name. So, so long as we
take care with that on built-in and document this very well, I think
we should be good.

I checked the commit logs and this was tristate since the code was added
upstream, so I cannot see any good reason it was enabled as modular.

Speaking with a *backports experience* hat on, we did have a use case
to use a module for it in case a new feature was added upstream which
was not present on older kernels. However I think that using a separate
symbol prefix would help with that.

Would any Android stakeholders / small / embedded folks whave any issue
with this?

Luis