Linux Multi-security policy and dynamic Security Policy framework demonstration Verification scheme and result analysis

3 Demonstration Verification scheme and result analysis
3.1 Demonstration Validation Scenarios
3.1.1 Verifying targets

This scheme is mainly used to verify the system protection process and the corresponding protection principle of selinux implemented by flask architecture.
3.1.2 Verifying the environment

Operating system: centos6.3 with SELinux enabled

Kernel version: 2.6.32-279.e16.i686

Policy type: Targeted

Policy version: policy.24

Necessary packages: Setools, Policycoreutil
3.1.3 Technical principle

Because the targeted policy only protects the network service, the authentication scenario takes the WWW server as an example to illustrate the SELinux protection process for network services. For the WWW server, where the directory of operations is/var/www/html, when a new HTML file is created in the directory, the file system on the server then passes the SID of the process that created the file, the SID of the directory where the file resides, and the class to which the file belongs, to the secure server. The secure server processes the data after it receives it, generates a security context for the new file and maps it to the appropriate SID, and then returns the SID to the file system, which is then bound to the new HTML file after the file system obtains the SID. Then, if a user needs to access a data on the WWW server, it first sends a request to the server, and when the server discovers the user's request, it reads the data requested by the user through the httpd process, and the file system on the server is based on the SID of the httpd process, The SID of the file requested by the user and the type of the file query access vector cache, if found, is processed according to the appropriate security decision, whereas the file system passes the SID of the httpd process, the SID of the file requested by the user, and the type of file to the secure server. Based on these data and the corresponding security policy, the security server obtains the corresponding access vector, then returns it to the file system, and then stores the access vector in the AVC, and the file system processes the corresponding operation according to the access vector.
3.1.4 Operation Steps
For this validation scenario, the detailed procedure is as follows:
1. Start the WWW service and view the security context for the httpd process.
2. Create an HTML file named index.html in the qkxue.net/var/www/html directory.
3. Access the file via the browser and enter http://127.0.0.1 in the Address bar, as shown in result 3-1.
4. Modify the Type property of the 1216.www.qixoo.qixoo.com/index.html to user_home_t.
5. Access the file via the browser and enter http://127.0.0.1 in the Address bar, as shown in result 3-2.
6. Use the Restorecon command to revert the security context of the index.html file to the default security contexts.
7. Access the file via the browser and enter http://127.0.0.1 in the Address bar, as shown in result 3-3.

3.2 Demonstrating validation results

Following the steps above, the execution results are as follows:



Figure 3-1 Direct Access results for index.html


Figure 3-2 index.html type modified access results


Figure 3-3 Access results after restoring default values for index.html type

The following results are analyzed in conjunction with the execution steps:

1. When the httpd service is started, the PS command learns that the domain of the httpd process is httpd_t.



2. When the corresponding string is redirected to the index.html file through the echo command, if the index.html file does not exist, the file is created. When a file is created, the security server generates a security context for the file, maps it to the appropriate SID, and then passes the SID to the file system, which is bound to the newly created file after it receives the SID. For a detailed description of the process and the functions and functions involved in the process, refer to the 2.3.2.2 section, which is not described here.



3. When accessing the index.html file through a browser, the httpd process is triggered to read the file. For the index.html file, the second step shows that its type is httpd_sys_content_t, the Policy Analysis tool Apol find the subject is httpd_t, the object is httpd_sys_content_t rule, the result is as follows:




From the above results, it is shown that the object of the httpd_t type and the httpd_ss_content_t type only define 11 conditional rules in the Strategy library, and in the current state, enable the body of the httpd_t type to Httpd_sys_content_ The access rules for files of type T, which are known by this rule, allow the body of the httpd_t type to perform read operations on files of type httpd_sys_content_t, so that when a user accesses index.html files through a browser, the results of Figure 3-1 appear.

4. Modify the type of index.html file to user_home_t by using the Chcon command


5. When reading the index.html file through the browser, as shown in result 3-2, through the Policy Analysis tool Apol find the subject as httpd_t, the object is the user_home_t rule, the result is as follows:



From the above results, it is shown that the object of the httpd_t type and httpd_sys_content_t type only define 6 conditional rules in the Strategy library, and in the current state, the body of the httpd_t type is forbidden Httpd_sys_content_ The access rule for a file of type T, that is, there is no rule granting the httpd type a principal to access a file of type user_home_t, so that when the user accesses the index.html file through a browser, the result of Figure 3-2 appears.

6. Restore the security context of the index.html to its default value through the Restorecon command.


7. Access to the index.html file via a browser, as shown in result 3-3, as in the third step, the policy in SELinux granted the appropriate Read permission through the Allow command, so the access was successful.

For the above procedures used in the command, such as Echo, Sesearch, Chcon, etc., see the Man manual, here no longer repeat; for SELinux policy configuration rules and how to use the Policy Analysis tool Apol, see "SELinux instances: Using Secure enhanced Linux" A book.
4. Issues to be resolved

This paper takes SELinux as an example to analyze the flask architecture in detail, and verifies the system protection of SELinux, however, due to the time problem, the verification scenario is only tested based on the Linux-2.6.32 version of kernel, and is not tested in the Linux-3.5.4 kernel.

Linux Multi-security policy and dynamic security Policy framework demonstration validation scenarios and results analysis