Hi,
I want to enforce temporal role base access control to Fedora10 platform. Therefore, I have written a piece of code which receives simple temporal policy rules and updates a file in which disallowed roles are being kept. In order to attach the code to the fedora core, I am making use of SELinux modules. I wonder if avc_has_perm(...) function in /libselinex/src/avc.c can be the right place for using my code where requests will be granted or denied access. Actually, I had thought about getting the role field from the security_id_t (@ssid) and compare it with the denied roles that my code computes. If I`m wrong and this will not work out, is there any other suggestions for attaching my code to SELinux?
Best regards,
Behnaz
I want to enforce temporal role base access control to Fedora10 platform. Therefore, I have written a piece of code which receives simple temporal policy rules and updates a file in which disallowed roles are being kept. In order to attach the code to the fedora core, I am making use of SELinux modules. I wonder if avc_has_perm(...) function in /libselinex/src/avc.c can be the right place for using my code where requests will be granted or denied access. Actually, I had thought about getting the role field from the security_id_t (@ssid) and compare it with the denied roles that my code computes. If I`m wrong and this will not work out, is there any other suggestions for attaching my code to SELinux?
Best regards,
Behnaz
