The role of Roles, theroleofroles

The role of Roles, theroleofroles

SELinux also provides Role-based access control ). The RBAC Feature of SELinux is based on TE. In SELinux, the access control is basically TE, that is, type-based mandatory access policy. A role can restrict the type converted by a process. This type is converted based on the role identifier in the process security context. In this way, a policy definer can create a role that is allowed to be converted into a series of domain types (assuming that the TE rule allows this conversion), so as to define the role restrictions. Similarly, we use the example of the password program in the 2-5 graph. Although the password program is allowed to convert from the user_t domain type to the new passwd_t Domain According to the Type-based mandatory access policy rules, the joe role must be allowed to switch. To be clear, we have expanded the password program example.

We have added the role section describing the security context of the process (user_r ). We also added a new rule with the role statement:

role user_r type passwd_t

The role statement declares the role identifier and associates the declared role with the type. The previous description declares the role user_r (if it is not declared in the Policy) and associates the identifier passwd_t with the role user_r. This connection means that the passwd_t type is allowed to coexist with the role user_r in the security context. Without this role declaration, the new context joe: user_r: user_t cannot be created, and the execve () System Call will also fail, even if the TE policy permits all necessary accesses of the joe type (user_t.

A policy definer can define constrained roles and associate these roles with specific users. For example, imagine that in our policy, we also created a role named retricted_user_r, which is the same in all aspects as user_r except that it is not associated with the passwd_t type. Therefore, if joe's role is restricted_user_r rather than user_r, joe cannot run the password program.
Even if the TE rule allows access to the domain ID.

In chapter 6, "role and user" discusses in detail the significance of the role in SELinux, especially how the role is created and how it is associated with the user.