next up previous
Next: Flexibility in Access Decisions Up: Security Architecture Previous: Encapsulation of Security Labels


Flexibility in Labeling Decisions

Figure: Interface and example call to obtain a security label. The input parameters are the subject SID, the SID of a related object (e.g. the parent directory), and the class of the new object. The SID for the new object is returned as an output parameter.
\begin{figure}\begin{center}
\begin{footnotesize}
\begin{verbatim}int security...
...
SECCLASS_FILE,
&sid);\end{verbatim}\end{footnotesize}\end{center}\end{figure}

When a Flask object manager requires a label for a new object, it consults the security server to obtain a labeling decision based on the label of the creating subject, the label of a related object, and the class of the new object. For program execution, the Flask process manager obtains the label for the transformed process based on the current label of the process and the label of the program executable. For file creation, the Flask file system object manager obtains the label for the new file based on the label of the creating process, the label of the parent directory, and the kind of file being created. The security server may compute the new label based on these inputs and may also use other external information. Figure 1 shows the security server's security_transition_sid interface for obtaining a label and an example call to this interface to obtain the label of a new file.

The SELinux example security server may be configured to automatically cause changes in the role or domain attributes of a process based on the role and domain of the process and the type of the program. By default, the role and domain of a process is not changed by program execution. The SELinux security server may also be configured to use specified types for new files based on the domain of the process, the type of the parent directory, and the kind of file. A new file inherits the same type as its parent directory by default. For objects where there is only one relevant SID, object managers typically do not consult the security server. Instead, they merely use this SID as the SID for the new object. Pipes, file descriptions, and sockets inherit the SID of the creating process, and output messages inherit the SID of the sending socket.


next up previous
Next: Flexibility in Access Decisions Up: Security Architecture Previous: Encapsulation of Security Labels