- Exploring SE for Android
- William Confer William Roberts
- 472字
- 2021-07-23 20:37:35
Labels
SELinux provides semantics for describing policies related to the targets and subjects using labels. Labels are the metadata associated with an object that maintains the subject's and target's access information. The data associated with this object is a string. Returning to the debugger example, the gdb process might have a subject label string of debugger, and the target might have a label of debugee. Then in the security policy, some semantic could be used to express that processes with the subject label debugger are allowed to debug applications with target label debugee.
Fortunately, and perhaps unfortunately, SELinux does not use such simple labels. In fact, the labels are made up of four colon-delimited fields: user, role, type, and level. This additional complexity affords very flexible control options.
Users
The very first field in a label identifies the user. The user field is used as part of the design for user-based access controls (UBAC). However, this is not typically associated with human users as it is with the concept of users in DAC. SELinux users typically define a group of traditional users. A common example is to identify all normal users as the SELinux user, user_u. Perhaps a separate user for system processes, such as system_u. By convention in the desktop SELinux community, user portions of the string are suffixed with a _u.
Roles
The second field in a label is role. The role is used as part of the design for role-based access controls (RBAC). Roles are used to provide additional granularity to the user. For instance, suppose we have the user field, sysadm_u, reserved for administrators. The administrator might be in separate tasks, and depending on the tasks, the role (and therefore, privileges) of users in sysadm_u may change. For example, when an administrator needs to mount and unmount file systems, the role field might change to mount_admin_r. When an administrator is setting the iptables rules, the role might change to net_admin_r. Roles allow the isolation of privileges within the scope of the tasks being performed.
Types
Type is the third field of the colon-delimited label. The type field is evaluated during the type enforcement (TE) portion of SELinux's access control model. TE is the major component that drives SELinux's security capabilities, and it is at this point where the policy starts to take effect.
SELinux is based on a whitelist system where everything is denied by default and requires explicit approval from the policy for an interaction to occur. This approval is initially determined from the policy via an allow rule that references both the subject's and target's type. SELinux types can also be assigned attributes. Attributes allow you to give numerous types a common set of rules. Attributes can help minimize the amount of types, and can be used in fashion similar to that of an inheritance model.
- Learning Cython Programming
- Testing with JUnit
- 軟件測試項目實戰(zhàn)之性能測試篇
- R語言數(shù)據(jù)可視化實戰(zhàn)
- 精通API架構(gòu):設(shè)計、運維與演進
- Learn Scala Programming
- Building a Recommendation Engine with Scala
- Mastering Kali Linux for Web Penetration Testing
- C語言從入門到精通(第4版)
- Magento 1.8 Development Cookbook
- 深入淺出PostgreSQL
- Android玩家必備
- D3.js By Example
- 打開Go語言之門:入門、實戰(zhàn)與進階
- 軟硬件綜合系統(tǒng)軟件需求建模及可靠性綜合試驗、分析、評價技術(shù)