SELinux Security Policy Abstractions

The security architecture of the system is general enough to support many security policy abstractions. The access controls in the implementation currently support a combination of two, type enforcement and role-based access control. This combination was chosen because together they provide powerful tools to construct useful security policies. The specific policy that is enforced by the kernel is dictated by security policy configuration files which include type enforcement and role-based access control components.

The type enforcement component defines an extensible set of domains and types. Each process has an associated domain, and each object has an associated type. The configuration files specify how domains are allowed to access types and to interact with other domains. They specify what types (when applied to programs) can be used to enter each domain and the allowable transitions between domains. They also specify automatic transitions between domains when programs of certain types are executed. Such transitions ensure that system processes and certain programs are placed into their own separate domains automatically when executed.

The role-based access control component defines an extensible set of roles. Each process has an associated role. This ensures that system processes and those used for system administration can be separated from those of ordinary users. The configuration files specify the set of domains that may be entered by each role. Each user role has an initial domain that is associated with the user's login shell. As users execute programs, transitions to other domains may, according to the policy configuration, automatically occur to support changes in privilege.

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
Type Enforcement is a registered trademark of Secure Computing Corporation