next up previous contents
Next: Implementation Up: Design Previous: Control Requirements   Contents

API extensions

Figure: New Linux process management system calls for security-aware applications.
\begin{figure}\begin{footnotesize}
\begin{center}
\begin{description}
\item[{\tt...
... last \emph{execve}.
\end{description}\end{center}\end{footnotesize}\end{figure}

Figure 15 lists the new process management system calls for security-aware applications. A new call, execve_secure, was added to allow a security-aware application to specify a new SID for the transformed process resulting from the execution of a new program. Currently, this the only way to allow a process to specify a SID to which it will transition. The execve call will be a wrapper around this call that requests the transition SID to be calculated by the security policy. Two other system calls, getsecsid and getosecsid, were added to allow a process to get its SID and its SID prior to the last execve call respectively.