Use of mandatory access control mechanism in FreeBSD 5.0 and Source code Analysis (2)

This article mainly describes the new important security mechanism in the FreeBSD 5.0 operating system, that is, the use of mandatory access control mechanism (MAC) and source code analysis, including mandatory access control framework and multilevel security (MLS) strategy. This part is a more systematic analysis of the MAC framework and the source code of MLS strategy.

2 Mac framework and MLS strategy source code Analysis

The source code files related to this article are mainly two, namely/USR/SRC/SYS/KERN/KERN_MAC.C and/USR/SRC/SYS/SECURITY/MAC_MLS/MAC_MLS.C. In addition, there are some header files such as mac.h, Mac_policy.h and so on.

2.1 Mac Frame Overall structure

The following is a schematic diagram of the MAC framework, where the user console or user program accesses a kernel object through a system call, and as the corresponding location in the kernel code is inserted into the MAC framework's check function, the kernel invokes the corresponding check function of the MAC framework for security checks. The MAC framework calls every security policy attached to the MAC framework in turn to determine whether access is secure. In addition, other system events that may involve security issues, such as initializing various security tokens, initializing various kernel objects, and so on, also notify the MAC framework, which is handled accordingly.

We can also see from the diagram that security policy, as a stand-alone kld module, can be compiled independently of the kernel and then hooked up to the MAC framework when used. To determine whether one access is secure, the MAC framework invokes all security policies and the MAC framework authorizes this access only if all security policies agree.

2.2 Safety Mark

A security token is a set of data defined by the MAC framework and each security policy to describe the security information of the subject or object, which is stored in the kernel with the other data of the kernel's description of the main object. To enforce access control, you must first define security tokens for the main object. Different policies may be defined differently because they differ in their basis of judgment. As a Mac framework, when a security policy registers with it, it must attach the security tags used by that policy to the individual kernel objects, so that when the policy is called for security checks, the policy can be provided with security tags that they define and understand. We first give the MAC framework and the MLS policy definition of security tags, and then to further explain.