Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing ListTE Policy Modules for SELinux policies
From: Serge Hallyn <serge.hallyn_at_gmail.com>
Date: Mon, 10 Jan 2005 22:35:42 -0600
Three or four years ago I started using "policy modules" to write DTE policies. A year or two ago I considered porting/extending the policy modules to support selinux. I've played on and off, and finally decided this weekend to get it to a state where I could send it out.
The attached tarball contains sel_pc.py (and supporting code), which
converts policy modules to an selinux policy. A sample module is in
selinux_policy_modules/modules/basic, which compiled to bootable
policies - under enforcing mode. I have not added sufficient permisssions
One way in which this differs from writing selinux policy by hand, is that access rules are actually grants and requests (and denials) by specific domains and types. As such, priorities can be used to resolve conflicts in intuitive ways. For instance, if we have type etc_t access boot_d f:r access user_d none end domain user_d
type etc_t f:r
Then domain user_d will not receive the f:r to etc_t, because the "incoming" permission grant (into etc_t) trumps the "outgoing" permission request (from user_d). Of course this example isn't very useful, but it becomes useful with grouping, ie domain user_d can simply ask for 'f:r' to 'bin.*" or "all", even if etc_t is defined as "bin.etc_t". The DTE module compiler code had support for automatic policy analysis. I have not yet tested this under sel_pc, but will do plan to do so. One class which I had written, for instance, checked for maintenance of Bell-LaPadula dominates relations among pre-existing types when a new module was applied to a policy. (an idea I took from TIS' live policy extension paper) Usage:
tar jxf selinux_policy_modules.03.tar.bz2
cd selinux_policy_modules/modules
TODO: general debugging write better policies test under enforcing test policy consistency classes (blp, mod_blp, etc) incorporate booleans into module language
thanks,
PS - For more information, usenix members can read http://www.usenix.org/events/usenix04/tech/freenix/hallyn.html. Sorry it's not publically available...
-- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Mon 10 Jan 2005 - 23:35:48 EST |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |