On 10/20/2016 08:02 AM, peng fei wrote:
> I want to model the security protection ability of SEAndroid.
> I suppose to establish the model by extracting subjects which perform
> action on the same object.
> OR extracting object which can be performed action by the same subject.
> For example, /data/anr(/.*)?u:object_r:anr_data_file:s0
>
> allow system_server anr_data_file:dir create_dir_perms;
> allow shell anr_data_file:dir r_dir_perms;
> allow dumpstate anr_data_file:dir { rw_dir_perms relabelto };
> toward the anr_data_file:, the subject perform action on it is shell,
> system_server, dumpstate and so on.
>
> Is it a good method to model SEAndroid security capability?
> If I use the method to extract the subject and object, I also confuse
> how to analyse the extracting result.
> Please give me some suggesstion about how to model the security
> capability, and If I use the method above, how to analyse the
> extracting result.
> Thanks advance.
That's already done for you in the SELinux policy; domain types are
subjects and all types can be objects; each type is a security
equivalence class (i.e. all processes with the same domain type have the
same permissions to the same objects; all objects with the same type can
be accessed by the same subjects in the same way).
setools already provides SELinux policy analysis tools, and the Android
tree includes prebuilt versions of sesearch and friends that will work
with that Android version's policy format.
_______________________________________________
Seandroid-list mailing list
Seandroid-list@tycho.nsa.gov
To unsubscribe, send email to seandroid-list-le...@tycho.nsa.gov.
To get help, send an email containing "help" to
seandroid-list-requ...@tycho.nsa.gov.
