diff options
Diffstat (limited to 'apol/file_relabel_help.txt')
| -rw-r--r-- | apol/file_relabel_help.txt | 68 |
1 files changed, 68 insertions, 0 deletions
diff --git a/apol/file_relabel_help.txt b/apol/file_relabel_help.txt new file mode 100644 index 0000000..39f26c6 --- /dev/null +++ b/apol/file_relabel_help.txt @@ -0,0 +1,68 @@ +An overview of direct file relabel analysis + + +Understanding file relabel analysis +----------------------------------- +The permission to relabel objects in a mandatory access control system +is an important privilege. In SELinux, this privilege is controlled +by the relabelto and relabelfrom permissions. Understanding the net +effect of these policy rules is complex because it requires the +examination of multiple rules potentially spanning dozens of files. +To be able to successfully relabel an object, a subject must be able +to: + + - relabelfrom the starting type + - relabelto at least one other type + +For example, consider the following rules: + + allow sysadm_t filea_t : file relabelfrom; + allow sysadm_t { fileb_t filec_t } : file relabelto; + +If these rules are the only relabel rules present in the policy, +sysadm_t would be allowed to relabel files of type filea_t to fileb_t +or filec_t. Both a relabelfrom and a relabelto rule for a single +subject must be present for a relabel to be possible. + +Determining the potential ending types to which a starting type can be +relabeled requires examining all subjects for relabel rules from the +starting type to one or more ending types. Determining the relabel +privileges of a subject type requires examining all of the relabel +rules containing the subject type. The direct file relabel analysis +in apol automates both of these analyses. + + +Using direct file relabel analysis in apol +------------------------------------------ +Direct file relabel analysis is designed to facilitate querying a +policy for both potential changes to object labels and relabel +privileges granted to a subject. These two modes are respectively +called Object Mode and Subject Mode. + + +Object Mode +----------- +In Object Mode, the user specifies a starting or ending type and +either to, from or both. When To is selected, all types to which the +starting type can be relabeled will be displayed. When From is +selected, all types from which the ending type can be relabeled will +be displayed. If both options are selected, the analysis performs +both. + + +Subject Mode +------------ +In Subject Mode, the user specifies only a subject type. Two lists of +types will be displayed corresponding to all of the types to which the +subject can relabel and from which the subject can relabel. + + +Optional result filters +----------------------- +Results may be filtered in several ways. The end types resulting from +a query may be filtered by regular expression. Advanced Filters +provide the option of selecting which object classes to include in the +analysis and which types to include as subjects of relabeling +operations. The subject types filter is disabled in subject mode +because all types are excluded as subjects except the type specified as +the required parameter. |