next up previous contents
Next: Access Vector Cache Up: Prototype Implementation Previous: Other interfaces   Contents

System Call Controls


Table: Permissions for the security object class.
PERMISSION(S) DESCRIPTION
compute_av Compute access vectors
notify_perm Notify about permissions
transition_sid Compute new object SID
member_sid Compute member SID
change_sid Compute relabel SID
sid_to_context Obtain context
context_to_sid Obtain SID
load_policy Load new policy
get_sids Get active SIDs



Table 2: Control requirements for security calls.
  CONTROL REQUIREMENT(S)
CALL(S) CLASS PERM SSID TSID
compute_av security compute_av current security
notify_perm security notify_perm current security
transition_sid security transition_sid current security
member_sid security member_sid current security
change_sid security change_sid current security
sid_to_context security sid_to_context current sid
context_to_sid security context_to_sid current security
load_policy security load_policy current file
get_sids security get_sids current security


The security server prototype defines a security class with a set of permissions to control the ability of applications to use the security server system calls, as shown in Table 1. The predefined security initial SID is used as the target SID for most of these permission checks. The load_policy permission check uses the SID of the configuration file as the target SID to permit control over the files used for policy configurations. The sid_to_context permission check uses the SID parameter as the target SID to permit individual control over access to security contexts. The permissions currently required to invoke each system call are shown in Table 2. These permission checks are implemented in the system call functions in syscalls.c.

The context_to_sid permission check could be changed to similarly use the SID associated with the context parameter as the target SID. However, this is not currently useful, since the SID has already been allocated at that point. If SID descriptors are implemented, then this check should be changed to use the SID descriptor. In that case, the SID descriptor can be released if the check fails.


next up previous contents
Next: Access Vector Cache Up: Prototype Implementation Previous: Other interfaces   Contents