Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing ListRe: [PATCH 3/3] Thread/Child-Domain Assignment (rev.6)
From: KaiGai Kohei <kaigai_at_kaigai.gr.jp>
Date: Sat, 13 Sep 2008 08:20:22 +0900
>> The attached patch for libsepol add suport for a new policy version >> named as (MOD_)POLICYDB_VERSION_BOUNDARY. >> Userspace hierarchy checks are reworked in this revision. >> >> FEATURES: >> >> - Boundary feature support: >> The upcoming kernel has a feature to define boundary relationship >> between two users, roles and types. It enables to restrict a bounded >> one can never have wider permissions than its bounds one. >> Any XXXX_datum_t structure have "u32 bounds" member to indicate its >> bounds, and we can handle it with the latest version of policy format >> provided by this patch. >> >> - Loading attributes into kernel space: >> The upcoming kernel also allows to load entries of attribute. >> The attached patch turn off to drop them, when it tries to write >> kernel policy with its version is equal or greater than >> POLICYDB_VERSION_BOUNDARY. >> Any entries of attribute has a property of TYPEDATUM_PROPERTY_ATTRIBUTE. >> >> - Improvement of type_datum format on kernel/modular policy. >> The type_datum entry has several its attribute fields like "primary", >> "flavor" and "flags", and these are stored within separated fields >> on-disk format. This patch enables to pack them into a single field. >> Currently four bits are defined, and rest of them are reserved. >> #define TYPEDATUM_PROPERTY_PRIMARY 0x0001 >> #define TYPEDATUM_PROPERTY_ATTRIBUTE 0x0002 >> #define TYPEDATUM_PROPERTY_ALIAS 0x0004 /* userspace only */ >> #define TYPEDATUM_PROPERTY_PERMISSIVE 0x0008 /* userspace only */ >> >> - Hierarchy checks are reworked >> The existing userspace hierarchy checks are reworked for the upcoming >> boundary feature. It can handle parent one based on both newer bounds >> relationship and existing name-based hierarchy. >> >> In addition, I put a trick to evaluate conditional rules correctly. >> The following example shows a confusable case. A_t is the bounds of B_t, >> so B_t can never has wider permission than A_t. >> >> Example) >> allow B_t X_t : file { read_file_perms }; >> if (A_can_write_X) { >> allow A_t X_t : file { write_file_perms }; >> } else { >> allow A_t X_t : file { read_file_perms }; >> } >> >> A_t's permissions on X_t is depend on the 'A_can_write_X', however, >> a part of them, like 'read', are unconditionally allowed. >> If we can find common permission on both of true/false lists, these >> are pulled up to unconditional rules. >> Thus, B_t's read permission on X_t is not hierarchy violated in the >> above example. It also matches the upcoming kernel behavior no need >> to say. >> > > Was this the latest patch? I can't seem to apply it either to the latest > git HEAD or to the last svn revision: Sorry, my Thunderbird translated any tabs into spaces. The patch is made based on the latest subversion repository. Can you apply the attached one correctly? Thanks,
> [root@misterfreeze trunk]# patch -p0 --dry-run -F5< /root/selinux/patch -- KaiGai Kohei <kaigai@kaigai.gr.jp>Received on Fri 12 Sep 2008 - 19:20:48 EDT |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |