selinux policy for encrypted files
Roberto Sassu
roberto.sassu at polito.it
Thu Dec 9 10:48:17 UTC 2010
Hi all
i want to write a policy for encrypted files.
In order to do this i created some new types which have the
name of the correspondent type used for non encrypted files,
with the prefix 'encrypted_'.
Then i need to define the policy for applications that need to
use these new types which is very similar to this defined
for original types, except that i want to take rules only
for the 'dir' and 'file' class.
What this the best way to define the policy? Do i have
to duplicate all required interfaces/templates or can i reuse
the existent code, for instance by adding a new parameter?
I will show an example of what i'm trying to define.
New type: encrypted_etc_t;
Example interface:
interface(`files_list_etc',`
gen_require(`
type etc_t;
')
allow $1 etc_t:dir list_dir_perms;
')
Added interface:
interface(`files_list_encrypted_etc',`
gen_require(`
type encrypted_etc_t;
')
allow $1 encrypted_etc_t:dir list_dir_perms;
')
More information about the selinux
mailing list