Day 1

Fuschia/Zephyr talk:

What SELinux concept is based on

Q&A
- What is the security testing of this? Some sanitizers in use and some fuzzing

compiler flag -Wvla ?? to catch guard page overflow for variable length arrays
CWE-484 -Wimplicit-fallthrough
```
 /* fall through */
```
CWE-200 and CWE-457 Can use gcc -finit-local-vars (not upstream) or clang -fsanitize=init-local (not upstream)
-Wswitch-unreachable
gcc -fsanitize=signed-integer-oveflow comes with UBSAN
clang -fsanitize=cfi for forward-edge control flow integrity checks
clang -fsanitize=safe-stack or -fsanitize=shadow-call-stack
Interesting hardware protection to allow writing of stacks only in call and ret instructions
Arm v8.3a has pointer signing?
CFI works in Android now

Specifically for IoT stuff
They created an LSM
OTA updates they can update within 24 hours How do they ensure this is successful? Q&A

Apps define their own policy..?!

app_manifest.json
bin
  |_ curl_ssl_test
test_root_cert.pem

They then parse a manifest and map that to some linux security technologies cgroups, namespaces
Have they considered a dynamic DAC for that manifest?
Cannot select spefic features in `sysfs

Merkle-tree approach similar in Android's dm-verity

super boring

CVE-2017-14140 (to review) blocked by seccomp filter addition in Android Oreo
CFI only protects forward-edges (indirect branches) LLVM's shadow call stack helps with back-edges

Issues with knowing which container to log issues against. ContainerID vs collection of NamespaceIDs

List of bugs found
syzkaller and syzbot automate the fuzzing and filing of these bugs (Google continuous kernel fuzzer)
KTSAN, KBSAN, KMSAN tools
"Bug nest" <3 that term

see positive security blog, mostly around how messed up the linux patch submission process is

Q. ll-map? Q. How does that fswalk handle deep paths?