• KaiGai Kohei's avatar
    SELinux: add boundary support and thread context assignment · d9250dea
    KaiGai Kohei authored
    The purpose of this patch is to assign per-thread security context
    under a constraint. It enables multi-threaded server application
    to kick a request handler with its fair security context, and
    helps some of userspace object managers to handle user's request.
    
    When we assign a per-thread security context, it must not have wider
    permissions than the original one. Because a multi-threaded process
    shares a single local memory, an arbitary per-thread security context
    also means another thread can easily refer violated information.
    
    The constraint on a per-thread security context requires a new domain
    has to be equal or weaker than its original one, when it tries to assign
    a per-thread security context.
    
    Bounds relationship between two types is a way to ensure a domain can
    never have wider permission than its bounds. We can define it in two
    explicit or implicit ways.
    
    The first way is using new TYPEBOUNDS statement. It enables to define
    a boundary of types explicitly. The other one expand the concept of
    existing named based hierarchy. If we defines a type with "." separated
    name like "httpd_t.php", toolchain implicitly set its bounds on "httpd_t".
    
    This feature requires a new policy version.
    The 24th version (POLICYDB_VERSION_BOUNDARY) enables to ship them into
    kernel space, and the following patch enables to handle it.
    Signed-off-by: default avatarKaiGai Kohei <kaigai@ak.jp.nec.com>
    Acked-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
    Signed-off-by: default avatarJames Morris <jmorris@namei.org>
    d9250dea
security.h 4.84 KB