No Read Up No Write Down

[chanson at TrustedCS.com]

Hi,
 
The MLS policy is defined via the MLS contraints file
(http://oss.tresys.com/projects/refpolicy/browser/trunk/policy/mls).
The default MLS policy in SELinux a modified Bell-LaPadula that enforces
"no read up, write equal". 
 
The process clearance label isn't going to really come up into play for
these access decisions, the effective SL of process is the key factor
being utilized, as known as "l1" in the mls constraint language.  
 
The type of the process of the process is very important when analyzing
the results. There are certain types, such as sysadm_t, which have mls
privileges, such as mlsfileread
(http://oss.tresys.com/projects/refpolicy/browser/trunk/policy/modules/s
ystem/userdomain.if#L1214).
 
All of this impacts the ability to read and write files on the system.
 
A couple fo slidesets on the MLS implementation are available below....
http://selinux-symposium.org/2005/presentations/session3/3-3-hanson.pdf
http://selinux-symposium.org/2006/slides/08-mls.pdf
 
-Chad 


________________________________

	From: fedora-selinux-list-bounces at redhat.com
[mailto:fedora-selinux-list-bounces at redhat.com] On Behalf Of Mohammad
zoroufi
	Sent: Thursday, April 23, 2009 6:45 AM
	To: fedora-selinux-list at redhat.com
	Subject: No Read Up No Write Down
	
	
	Dear All,
	After switching on SELinux in MLS enforcing mode, I'd like to
know how the slogan of "no read up, no write 
	
	down" works.
	I created some text files with the following descriptions
	TestFile_S0        system_u:object_r:usr_t:s0
	TestFile_S0C2   system_u:object_r:usr_t:s0:c2
	TestFile_S1        system_u:object_r:usr_t:s1
	TestFile_S2        system_u:object_r:usr_t:s2
	TestFile_S2C11  system_u:object_r:usr_t:s2:c11
	TestFile_S2C5    system_u:object_r:usr_t:s2:c5
	TestFile_S3         system_u:object_r:usr_t:s3
	TestFile_S3C14   system_u:object_r:usr_t:s3:c14
	TestFile_S3C5     system_u:object_r:usr_t:s3:c5
	After creating these text file, I went to create users having
different security clearance;
	The clearance of each created user is listed bellow:
	
	Login Name    SELinux User        Role            MLS/MCS Range
	first                    x_first                xguest_r
s0
	second               x_second           sysadm_r
s3-s3:c5.c15
	third                   x_third               sysadm_r
s1:c3.c15-s3:c5.c10
	forth                   x_forth               system_r
s1-s1:c0.c10
	root                    root                   system_r
s0-s15:c0.c1023
	
	having the clearance delegated for each user I expect user first
have read write access to TestFile_S0 and just 
	write access to all other files; user second have read access to
files such as TestFile_S0, TestFile_S0C2, 
	TestFile_S2, TestFile_S2C5, TestFile_S2C11 and only write access
to TestFile_S3, TestFile_S3C14.
	when I switch to MLS enforcing mode I see something else.
	These users have no permission to write to files they expect
they have write access to.
	I'd like to know the where this problem originates
	Moreover when user first wants to take a list of the directory
contents only TestFile_S0, TestFile_S1, 
	TestFile_S2 are listed not else; user second sees TestFile_S0,
TestFile_S1, TestFile2, TestFile3; users 
	third and root sees all files; user forth sees just TestFile_S0
not more.
	I don't know why such lists are taken when I'd like to take a
list.
	Any comment is wellcome
	
	Best Regards
	

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20090423/cf971616/attachment.htm>