Re: About Domain Transition

[Hong <kindloaf@xxxxxxxxx>]

Thanks Dominick, your comments are very helpful.

I have another question.  Suppose there is a rule:
type_transition  domain1_type  app_exec_t: process domain2_type;

but domain1_type only has execute_no_trans over over app_exec_t:
allow domain1_type app_exec_t: file execute_no_trans;

Then what'll happen when a process within domain1_type executes a program with type app_exec_t?  Will it stay in domain1_type or the access is denied?


Hong

On Thu, Aug 28, 2008 at 5:11 PM, Dominick Grift <domg472@xxxxxxxxx> wrote:

On Thu, 2008-08-28 at 16:33 -0400, Hong wrote:

> Is there any documentation I can refer to so I can see how the access
> decision is made? Or where in the kernel source code above logic is
> implement?
>
> Thanks!
>

Hello and welcome, There is a separate mailing list for (ref)policy.
You can subscribe here: http://oss.tresys.com/mailman/listinfo/refpolicy

You can browse policy source code here:
http://oss.tresys.com/projects/refpolicy/browser/trunk

I Think your explanation looks good.

1. cannot execute (access is denied by default)

2. can execute but not transition to new domain (run executable file in
the caller domain) for example: if domain_type_6_t tries to execute
application_executable_files_type_1_t then run that process in the
domain_type_6_t domain

3. can execute and and transition to a predefined domain ( for example:
if domain_type_1_t tries to executes
application_executable_files_type_1_t then transition to domain_type_2_t

You can easily test these with policy like can_exec() and
domain_auto_trans()

Another good resource for knowledge is the #selinux and #fedora-selinux
irc channel on irc.freenode.org.



if domain_type_3_t tries to execute
application_executable_files_type_1_t then transition to domain_type_3_t

--
Dominick Grift <domg472@xxxxxxxxx>