|Main Archive Page > Month Archives > selinux archives|
as the last question,
what I need, is to ask the security server if a data residing in userspace owning a context, can be written to a file in OS. does it make sense if I do it in this way :
avc_has_perm(data_sid ,file_sid, SECLASS_FILE , null, null)
I am confused, because I guessed using such a syntax means if a process is able to write to file, but here we are going to check if data can be *written *to file.
if everything ok, how the action is specified, that is write? Regards.
On Wed, Jan 27, 2010 at 10:03 PM, Stephen Smalley <email@example.com> wrote:
> On Wed, 2010-01-27 at 18:10 +0330, michel m wrote:
> > thanks for guidance, but here I am with a question. what should be
> > used as object class in avc_has_perm(3) when using it for
> > inter-object. is there any sample for inter-object access decision?
> > can it be null?
> > on the other hand, access decision taken by avc_has_perm(), does it
> > include MLS too?
> Yes, the avc_has_perm() or security_compute_av() decision takes into
> account all policy models implemented within the security server,
> including RBAC, TE, and MLS.
> Stephen Smalley
> National Security Agency
-- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to firstname.lastname@example.org with the words "unsubscribe selinux" without quotes as the message.