next up previous contents
Next: Global Macros Up: A Security Policy Configuration Previous: Overview   Contents


TE Configuration

In a traditional Type Enforcement (TE) policy, each subject is labeled with a domain, and each object is labeled with a type. The Flask security server merges the concepts of a domain and a type into a single type abstraction. A ``domain'' in Flask is simply a type that can be associated with a process. A type may be used both as a domain for a process and as a type for an object. For example, in the Linux implementation, the process-specific subdirectories in /proc are labeled with the security context of the corresponding process, so each domain is also used as the type of these pseudo files.

This section describes the Type Enforcement (TE) configuration contained in the all.te file. This file is automatically generated from a collection of files. The section begins by discussing the global macros defined for the TE configuration. It then describes a set of attributes used to group related types and domains together. The types and domains defined in the configuration are then individually discussed. Finally, the assertions that are checked after evaluating the TE configuration are described.



Subsections
next up previous contents
Next: Global Macros Up: A Security Policy Configuration Previous: Overview   Contents