[redhat-lspp] MLS security context invariants
Stephen Smalley
sds at tycho.nsa.gov
Mon Jun 27 16:18:55 UTC 2005
On Mon, 2005-06-27 at 12:03 -0400, Frank Mayer wrote:
> I'm trying to get my head wrapped around the "invariants" for security
> contexts in the MLS policy. Given that we are implementing these invariants
> via state transition constraints makes it all the more challenging.
>
> What I'm trying to convince myself is that we have the simple invariant in
> place that says "For all security contexts C, hi(C) dom low(C)." Seems like
> an straightforward necessity to me.
That is a hardcoded check, not a constraint. See mls_context_isvalid()
in mls.c. Constraints are just for the MLS relationships between two
different contexts, not for an intra-context validity test.
--
Stephen Smalley
National Security Agency
More information about the redhat-lspp
mailing list