Since sockets are accessed through file descriptions, the socket object classes inherit the permissions defined for controlling access to the file object classes. Only the read, write, poll, ioctl, create, lock, getattr, setattr, relabelfrom, relabelto, and transition file permissions are meaningful for sockets.
Table 22 shows additional permissions that are specifically defined for controlling access to the socket object classes. The bind, connect, getopt, setopt, and shutdown permissions control the ability of processes to invoke various socket-specific system calls. For AF_INET sockets, the name_bind permission controls the relationship between a socket and its port number. For AF_UNIX sockets, the name_bind permission controls the relationship between a socket and its file. The recvfrom and sendto permissions control the relationship between the sending socket and the receiving socket for datagrams. The recv_msg and send_msg permissions control the relationship between a datagram message and the receiving or sending socket. These two permissions are implicitly granted if the message SID is equal to the sending socket SID.
|
The connection-oriented service provided by stream sockets requires several additional permissions, as shown in Table 23. The listen and accept permissions control the ability of processes to invoke the corresponding system calls. The newconn permission controls the relationship between the server socket created by a connection and the listening socket. This permission is implicitly granted if the sockets have the same SID. The connectto and acceptfrom permissions control the relationship between the client socket and the server socket.
|
|
The set of permissions for the network interface object class is shown in Table 24. The setattr and getattr permissions control the ability of processes to manipulate the interface parameters. The remaining permissions control the relationship between a message and the network interface on which it is sent or received. Similar permissions are defined for the node object class, as shown in Table 25, to control the relationship between an inbound message and its source address and the relationship between an outbound message and its destination address. The enforce_dest permission for the node object class was defined to support the extended socket calls, as described in Section 8.1.4.
|
Table 26 shows permissions that were added to the system object class for the networking component. The route_control permission controls the ability of a process to manipulate the kernel IP routing table. The arp_control and rarp_control permissions control the ability of a process to manipulate the kernel ARP cache and RARP table, respectively. The net_io_control permission controls the ability of a process to invoke a device-specific ioctl on a network device.