what I need, is to ask the security server if a data residing in userspace owning a context, can be written to a file in OS.
does it make sense if I do it in this way :
avc_has_perm(data_sid ,file_sid, SECLASS_FILE , null, null)
I am confused, because I guessed using such a syntax means if a process is able to write to file, but here we are going to check if data can be written to file.
if everything ok, how the action is specified, that is write?
Regards.
On Wed, Jan 27, 2010 at 10:03 PM, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote:
On Wed, 2010-01-27 at 18:10 +0330, michel m wrote:
> thanks for guidance, but here I am with a question. what should beYes, the avc_has_perm() or security_compute_av() decision takes into
> used as object class in avc_has_perm(3) when using it for
> inter-object. is there any sample for inter-object access decision?
> can it be null?
>
> on the other hand, access decision taken by avc_has_perm(), does it
> include MLS too?
account all policy models implemented within the security server,
including RBAC, TE, and MLS.
--
Stephen Smalley
National Security Agency
