Hello,
I have been thinking of how to best implement a feature called read only
categories. That is, if we have a file with say c2, then c2 folks would
have full access (given by TE rules), but also there would be a category
called r2 (or c512+2 = c514 or whatever), that would be given read only
access to the file.
It seems to me that an implementation would ideally deal with a simple
MLS constrain or constrain relaxation. The reference policy constrains
file reading thus:
mlsconstrain file { read ioctl lock execute execute_no_trans }
(( h1 dom h2 ) or ( t1 == mcsreadall ) or ( t2 == domain ));
How would one say 'also allow rN if file is cN'? So far I only came up
with an enumeration like so:
(h1 dom r0 and h2 == c0)
or (h1 dom r1 and h2 == c1)
or (...1022 more)
Which seems ugly and perhaps such a mammoth expression would hog the
system too much. Moreover it seems it would be very difficult to
accomodate this enumeration for h2 == { c0, c1 } and beyond.
Does anyone have any better tips?
Michal Svoboda
Attachment:
pgpqdrys0Kysx.pgp
Description: PGP signature
