Suppose a process is in domain "CurrDom". Now the process invokes a program with type "Type".
Following is my understanding of whether the execution can succeed, can anyone help me to see if it's correct?
(1) If "CurrDom" does not have "execute" permission on "Type" with security class "file"(or variations), access is denied.
(2) If there is a type_transition rule says that "CurrDom" should transition to "NewDom" after executing type "Type", then
(2.1) If "CurrDom" does not have "transition" permission on "Type" with security class "file" (or variations), access is denied.
(2.2) If "NewDom" does not have "entrypoint" permission on "Type" with security class "file" (or variations), access is denied.
(2.3) Access is granted if both (2.1) and (2.2) are passed.
(3) There is no type_transition rules says anything about new domain for "CurrDom" when executing "Type"
Access is granted only when "CurrDom" has "execute_no_trans" permission on "Type" with security class "file" (or variations).
I am not sure about following questions:
(A) In (2), if multiple type_transition rules specify a new domain for "CurrDom", what'll happen?
(B) In (1), what if CurrDom has permission "execute_no_trans"?
(C) If a process fails to transition to another domain in (2), and if CurrDom has permission "execute_no_trans", can it execute the program and stay in the current domain?
Is there any documentation I can refer to so I can see how the access decision is made? Or where in the kernel source code above logic is implement?
Thanks!
Following is my understanding of whether the execution can succeed, can anyone help me to see if it's correct?
(1) If "CurrDom" does not have "execute" permission on "Type" with security class "file"(or variations), access is denied.
(2) If there is a type_transition rule says that "CurrDom" should transition to "NewDom" after executing type "Type", then
(2.1) If "CurrDom" does not have "transition" permission on "Type" with security class "file" (or variations), access is denied.
(2.2) If "NewDom" does not have "entrypoint" permission on "Type" with security class "file" (or variations), access is denied.
(2.3) Access is granted if both (2.1) and (2.2) are passed.
(3) There is no type_transition rules says anything about new domain for "CurrDom" when executing "Type"
Access is granted only when "CurrDom" has "execute_no_trans" permission on "Type" with security class "file" (or variations).
I am not sure about following questions:
(A) In (2), if multiple type_transition rules specify a new domain for "CurrDom", what'll happen?
(B) In (1), what if CurrDom has permission "execute_no_trans"?
(C) If a process fails to transition to another domain in (2), and if CurrDom has permission "execute_no_trans", can it execute the program and stay in the current domain?
Is there any documentation I can refer to so I can see how the access decision is made? Or where in the kernel source code above logic is implement?
Thanks!
