I want to model the security protection ability of SEAndroid.
I suppose to establish the model by extracting subjects which perform
action on the same object.
OR extracting object which can be performed action by the same subject.
For example, /data/anr(/.*)? u:object_r:anr_data_file:s0
allow system_server anr_data_file:dir create_dir_perms;
allow shell anr_data_file:dir r_dir_perms;
allow dumpstate anr_data_file:dir { rw_dir_perms relabelto };
toward the anr_data_file:, the subject perform action on it is shell,
system_server, dumpstate and so on.
Is it a good method to model SEAndroid security capability?
If I use the method to extract the subject and object, I also confuse how
to analyse the extracting result.
Please give me some suggesstion about how to model the security capability,
and If I use the method above, how to analyse the extracting result.
Thanks advance.
_______________________________________________
Seandroid-list mailing list
Seandroid-list@tycho.nsa.gov
To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov.
To get help, send an email containing "help" to
seandroid-list-requ...@tycho.nsa.gov.
