• C
    Subject: [PATCH] Smack: mmap controls for library containment · 7898e1f8
    Casey Schaufler 提交于
      In the embedded world there are often situations
      where libraries are updated from a variety of sources,
      for a variety of reasons, and with any number of
      security characteristics. These differences
      might include privilege required for a given library
      provided interface to function properly, as occurs
      from time to time in graphics libraries. There are
      also cases where it is important to limit use of
      libraries based on the provider of the library and
      the security aware application may make choices
      based on that criteria.
    
      These issues are addressed by providing an additional
      Smack label that may optionally be assigned to an object,
      the SMACK64MMAP attribute. An mmap operation is allowed
      if there is no such attribute.
    
      If there is a SMACK64MMAP attribute the mmap is permitted
      only if a subject with that label has all of the access
      permitted a subject with the current task label.
    
      Security aware applications may from time to time
      wish to reduce their "privilege" to avoid accidental use
      of privilege. One case where this arises is the
      environment in which multiple sources provide libraries
      to perform the same functions. An application may know
      that it should eschew services made available from a
      particular vendor, or of a particular version.
    
      In support of this a secondary list of Smack rules has
      been added that is local to the task. This list is
      consulted only in the case where the global list has
      approved access. It can only further restrict access.
      Unlike the global last, if no entry is found on the
      local list access is granted. An application can add
      entries to its own list by writing to /smack/load-self.
    
      The changes appear large as they involve refactoring
      the list handling to accomodate there being more
      than one rule list.
    Signed-off-by: NCasey Schaufler <casey@schaufler-ca.com>
    7898e1f8
smack_access.c 14.0 KB