SELinux, Arm Tech Symposia 2017 Taiwan, golang, IoT

Week44 (11/03)

網路資源

Firmware Updates over Low-Power Wide Area Networks
Enabling firmware updates over LPWAN
ARMmbed/lorawan-fota-demo
滿有趣的問題, IoT建置會預期device要能長達10年的壽命, 但10年間的變化是很大的.

Week45 (11/10)

網路文章

Android SELinux Treble
Android O 為了加速產品開發, 在framework上有重大的改變, 使用了Treble.
Vender, ODM, OEM有各自需要維護的partitions.

Week46 (11/17)

網路文章

Neural fuzzing: applying DNN to software security testing
好奇其它的nural networks的應用, 常看到CNN.

網路資源

hacdias/filemanager
感覺不錯用的web filemanager, 目前很有活力, 送了一個PR不到1天就被merge了.

讀書心得

因為把玩hacdias/filemanager看了一下A Tour of Go在語法上還不太能適應, 不過還滿容易上手的, Method跟Interface的用法還要再研究一下, Concurrency也要花一點時間了解, 必竟concurrency是最大的賣點吧!
還有python使用上會有package dependency問題有點頭痛, golang編成binray的方式可以省掉這個麻煩, but 要如何方便的debug web front-end? 這可能要看一下go.rice.
但魚與熊掌仍不可兼得…package dependency, cross-platform, realtime debug.

Policy Configuration of SELinux and SEAndroid

Week47 (11/24)

網路文章

Bundle HTML, CSS, And JavaScript To Be Served In A Golang Application
The 6 Simple Steps Elon Musk Uses to Solve Any Problem

  1. Ask a question.
  2. Gather as much evidence as possible about it.
  3. Develop hypotheses based on the evidence.
  4. Draw a conclusion.
  5. Attempt to disprove the conclusion.
  6. If nobody can invalidate your conclusion, then you’re probably right.

讀書心得

What is domain transitions?

SELinux/Tutorials/How does a process get into a certain context

SELinux by default inherits contexts, be it from processes (on fork) or parent files/directories
Contexts of processes can change on execute of a command from that process’ context, but only under the conditions that

  • the target file context is executable for the source domain
  • the target file context is marked as an entrypoint for the target domain
  • the source domain is allowed to transition to the target domain

What are xxx_contexts??

securty context file. file_contexts, labeling files in filesystem. property_contexts, labeling android system/vendor properties
genfs_contexts, Pre-file labeling for /proc files, generic filesystem security contexts.
seapp_contexts, used by zygote and installd via libselinux, mapping app UID and seinfo for /data/data directory
hwservice_contexts, for hwservicemanager to check
vndservice_contestx, for vndservicemanager to check
*.te, Type Enforcement configuration, define policy for file type, process domain