Jamie Nguyen
jamie****@tomoy*****
Sat Aug 27 06:19:54 JST 2011
TOMOYO
ForkTetsuo Handa wrote:
> I got an opinion that it is difficult to use exception policy's domain
> transition control directives because they need to match the pathname specified
> to "file execute" directives when selectively pick up. For example, if
> "file execute /bin/\*\-ls\-cat" is given, corresponding domain transition
> control directive needs to be like "no_keep_domain /bin/\*\-ls\-cat from any".
Just need to make sure I understand correctly.
The aim in the example you gave is to prevent executions of /bin/ls
and /bin/cat from undergoing domain transition, but allowing
executions of everything else in /bin/ to undergo domain transition.
The current situation is that in domain policy we can have:
file execute /bin/cat
file execute /bin/ls
file execute /bin/\*\-ls\-cat
and in exception policy we can have:
keep_domain /bin/cat from any
keep_domain /bin/ls from any
no_initialize_domain /bin/\*\-ls\-cat from any
no_keep_domain /bin/\*\-ls\-cat from any
no_reset_domain /bin/\*\-ls\-cat from any
and the domain tree will look like:
<kernel>
/usr/bin/foo
/bin/\*\-ls\-cat
If we apply the suggested changes, in domain policy we then can have:
file execute /bin/ls keep
file execute /bin/cat keep
file execute /bin/\*\-ls\-cat child
and there is no need to add anything to exception policy, and the
domain tree will look exactly like above.
Is my understanding correct?