On 08/26/2013 12:22 PM, William Roberts wrote: > I started a thread with Stephen about implementing a way to adjust the > sensitivity portion of the MLS field in seapp_contexts. We have differing > ideologies on the implementation (I should have put this public from day > one): > > Below is the thread in detail, Ill summarize here though: > > Goal: > Given a policy that supports multiple sensitivities, be able to place apps > in different sensitivities while preserving a way to maintain the categorie > assignments as originally designed. > > Constraints: > Backwards compatible > > Implementation 1: > > We keep the level and levelFrom keywords mutually exclusive, as is the > current design. > > We allow the following expressions in the level keyword: > 1. level = <cats> > 2. level = <sens:cats> > 3. level = keyword > 4. level = <sens:cats> > > Pros: > 1. We could actually deprecate level from > 2. Reduces the amount of output selectors, or minimally keeps it the same. > 3. allows us to set a sens and still preserve category mappings > > Cons: > 1. Adds complexity to the level keyword > > Implementation 2: > We add a new sens category > > Sense would be a new field that can work with either level OR levelFrom but > not Both (XOR) > > in this case doing: > sens=s1 > level=c0,c87 > > would result in s1:c0,c87
This isn't quite right. Currently if you specify level=, it uses the value as the entire level. It does not assume it is just a category set and inherit sensitivity from the zygote in that case. So what you have above would be incompatible. level= is to fully specify a complete level (or even a range, e.g. you could say level=s0:c0-s15:c0.c10 and it would work just fine presently). That's why I suggested just adding a sens= output selector that could be combined with levelFrom= but not with level=. If you want to fully specify both sensitivity and categories, you use level=. If you want to explicitly specify sensitivity and automatically generate categories, you use sens= and levelFrom=. If you want to leave sensitivity alone and automatically generate categories, you use levelFrom=. At present there is no interpretation of the level= value at all by the libselinux code, and it can contain anything that valid as a MLS range in a SELinux security context. > > doing: > sens=s1 > levelFrom=app > > s1:(app cat mapping) > > Pros: > 1. allows us to set a sens and still preserve category mappings > 2. Keeps level usage exactly the same > > Cons: > 1. adds a new output selector, which means more of specified sens over > unspecified sens...etc > > > So the point of this is, what do people prefer and why, and what other > things should be considered? -- This message was distributed to subscribers of the seandroid-list mailing list. If you no longer wish to subscribe, send mail to [email protected] with the words "unsubscribe seandroid-list" without quotes as the message.
