|
The security server prototype defines a security class with a set of permissions to control the ability of applications to use the security server system calls, as shown in Table 1. The predefined security initial SID is used as the target SID for most of these permission checks. The load_policy permission check uses the SID of the configuration file as the target SID to permit control over the files used for policy configurations. The sid_to_context permission check uses the SID parameter as the target SID to permit individual control over access to security contexts. The permissions currently required to invoke each system call are shown in Table 2. These permission checks are implemented in the system call functions in syscalls.c.
The context_to_sid permission check could be changed to similarly use the SID associated with the context parameter as the target SID. However, this is not currently useful, since the SID has already been allocated at that point. If SID descriptors are implemented, then this check should be changed to use the SID descriptor. In that case, the SID descriptor can be released if the check fails.