- Exploring SE for Android
- William Confer William Roberts
- 372字
- 2021-07-23 20:37:35
Chapter 2. Mandatory Access Controls and SELinux
In Chapter 1, Linux Access Controls, we introduced some of the shortcomings of a discretionary access control system. In these systems, the owner of an object has full control over its permissions flags and can demonstrate greater capabilities (for example, the ability to chown) when executing as root or with certain capabilities. In this chapter, we will:
- Examine the fundamentals of MAC
- Introduce some industry drivers for SELinux
- Discuss labels, users, roles, and types
- Explore the implementation of tangible policy to allow and constrain object interaction
Ideal MAC systems maintain the property of providing definitive access controls on kernel resources, such as files, irrespective of an object's owner. For instance, with a MAC system, the owner of an object might not have full control of its permissions. In Linux, the MAC framework works orthogonally to the current DAC controls. This means that the MAC controls do not interfere with the DAC controls. In other words, to avoid potential conflicts between the MAC and DAC systems, the kernel validates access using the DAC permissions before checking the MAC permissions. If the DAC permissions result in a permissions violation, then the MAC permissions are never checked. The kernel will validate access against the MAC permissions provider only when the DAC permissions pass. Failure at either level will result in a return of EACCESS. If the DAC and the MAC permissions pass, then the kernel resource (for example, a file descriptor) is sent back to user space.
In Linux, a framework called the Linux Security Module (LSM) framework was merged during the Linux 2.6.x series of kernels. This framework allows you to enable the mandatory access control systems in a build time selection by tethering the LSM hooks to the security provider. Security Enhanced Linux (SELinux) is the first consumer of this MAC security framework within the kernel and is an implementation of a mandatory access control system. SELinux ships in a wide variety of Linux systems, such as Red Hat Enterprise Linux (RHEL) and consequently Fedora. Recently, it has begun shipping with Android. The source code for SELinux can be found in the Linux source code tree under kernel/security/selinux for those wishing to review it.