SELinux Support for Userspace Object Managers

Eamon Walsh

NSA

Table of Contents
Introduction
Architecture
Tips
Example Usage

Introduction

The Security-Enhanced Linux project has long focused on implementing mandatory access control using the Flask architecture in the Linux kernel. The sample security server in the kernel is aware of a wide variety of object classes, including processes, files, and sockets. Policy can be written governing access to these objects.

Modern Linux systems, however, have a number of security-relevant userspace daemons and utilities which manage objects and provide services independently of the kernel. Examples include the X Window System server, which manages the display, and the D-BUS daemon, a message-passing utility. Recent research has focused on making these programs "SELinux aware" by having them label internal objects with security contexts and enforce policy over them, querying the kernel to obtain policy decisions.

Starting with version 1.9, libselinux includes a userspace AVC which provides supporting functionality for userspace object managers. This paper gives an overview of its architecture and includes sample code showing proper usage of the library.

The full API for the userspace AVC is documented in the header file selinux/avc.h. Additionally, man pages are included with libselinux starting with version 1.13. avc_init(3) is a good starting point when using the man pages.