From SELinux Wiki
Revision as of 16:02, 4 November 2009 by ChrisPeBenito (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Type enforcement is the primary access control mechanism in SELinux. For an access to succeed, it must be allowed by type enforcement rules, at a minimum. The other mechanisms, such as roles, are used to constrain what access is allowed.

Type enforcement is an access control system which makes decisions on if an access is allowed based on the type of the source of the access and type of the target of the access. They are also referred to as the subject and object. The subject is an active entity (a process) performing an access. An object, such as a file, directory, or another process, is an entity being accessed. For example, when vim opens a file to be edited, the subject is the vim process and the object is the file.

As discussed in BasicConcepts, a type is a security attribute. Types are an equivalence class, meaning all subjects and objects in the system which have the same security attributes should have the same type. For example, all shared libraries on the system have the same type, lib_t, since they are all equivalent, in terms of security.

The SELinux security policy contains the type enforcement rules which describe the accesses that are allowed. The SELinux policy is flexible, unlike other systems which have a fixed policy, such as a Bell-LaPadula/Mult-Level security systems. Many security goals can be encoded into the policy, such as integrity and separation. The current Reference Policy primarily protects the integrity of the system, but secondarily provides role separation. The complexity of SELinux policy is not inherent to SELinux or type enforcement, but rather due to Linux being a complex, general purpose operating system.