Layer: kernel

Module: mls

Description:

This module contains interfaces for handling multilevel security. The interfaces allow the specified subjects and objects to be allowed certain privileges in the MLS rules.

This module is required to be included in all policies.

Interfaces:

mls_colormap_read_all_levels(
	
		domain
		
	)

Summary

Make specified domain MLS trusted for reading from X colormaps at any level.

Parameters

Parameter:	Description:
domain	Domain allowed access.

mls_colormap_write_all_levels(
	
		domain
		
	)

Summary

Make specified domain MLS trusted for writing to X colormaps at any level.

Parameters

Parameter:	Description:
domain	Domain allowed access.

mls_db_downgrade(
	
		domain
		
	)

Summary

Make specified domain MLS trusted for lowering the level of databases.

Parameters

Parameter:	Description:
domain	Domain allowed access.

mls_db_read_all_levels(
	
		domain
		
	)

Summary

Make specified domain MLS trusted for reading from databases at any level.

Parameters

Parameter:	Description:
domain	Domain allowed access.

mls_db_upgrade(
	
		domain
		
	)

Summary

Make specified domain MLS trusted for raising the level of databases.

Parameters

Parameter:	Description:
domain	Domain allowed access.

mls_db_write_all_levels(
	
		domain
		
	)

Summary

Make specified domain MLS trusted for writing to databases at any level.

Parameters

Parameter:	Description:
domain	Domain allowed access.

mls_dbus_recv_all_levels(
	
		domain
		
	)

Summary

Make specified domain MLS trusted for receiving dbus messages from all levels.

Parameters

Parameter:	Description:
domain	Domain allowed access.

mls_dbus_send_all_levels(
	
		domain
		
	)

Summary

Make specified domain MLS trusted for sending dbus messages to all levels.

Parameters

Parameter:	Description:
domain	Domain allowed access.

mls_fd_share_all_levels(
	
		domain
		
	)

Summary

Make the file descriptors from the specified domain inheritable by all levels.

Parameters

Parameter:	Description:
domain	Domain allowed access.

mls_fd_use_all_levels(
	
		domain
		
	)

Summary

Make the specified domain trusted to inherit and use file descriptors from all levels.

Parameters

Parameter:	Description:
domain	Domain allowed access.

mls_file_downgrade(
	
		domain
		
	)

Summary

Make specified domain MLS trusted for lowering the level of files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

mls_file_read_all_levels(
	
		domain
		
	)

Summary

Make specified domain MLS trusted for reading from files at all levels.

Parameters

Parameter:	Description:
domain	Domain allowed access.

mls_file_read_to_clearance(
	
		domain
		
	)

Summary

Make specified domain MLS trusted for reading from files up to its clearance.

Parameters

Parameter:	Description:
domain	Domain allowed access.

mls_file_relabel(
	
		domain
		
	)

Summary

Make specified domain MLS trusted for relabelto to files at all levels.

Parameters

Parameter:	Description:
domain	Domain allowed access.

mls_file_relabel_to_clearance(
	
		domain
		
	)

Summary

Make specified domain MLS trusted for relabelto to files up to its clearance.

Parameters

Parameter:	Description:
domain	Domain allowed access.

mls_file_upgrade(
	
		domain
		
	)

Summary

Make specified domain MLS trusted for raising the level of files.

Parameters

Parameter:	Description:
domain	Domain allowed access.

mls_file_write_all_levels(
	
		domain
		
	)

Summary

Make specified domain MLS trusted for writing to files at all levels.

Parameters

Parameter:	Description:
domain	Domain allowed access.

mls_file_write_to_clearance(
	
		domain
		
	)

Summary

Make specified domain MLS trusted for write to files up to its clearance.

Parameters

Parameter:	Description:
domain	Domain allowed access.

mls_file_write_within_range(
	
		domain
		
	)

Summary

Make specified domain trusted to be written to within its MLS range. The subject's MLS range must be a proper subset of the object's MLS range.

Parameters

Parameter:	Description:
domain	Domain allowed access.

mls_key_write_all_levels(
	
		domain
		
	)

Summary

Make specified domain MLS trusted for writing to keys at all levels.

Parameters

Parameter:	Description:
domain	Domain allowed access.

mls_key_write_to_clearance(
	
		domain
		
	)

Summary

Make specified domain MLS trusted for writing to keys up to its clearance.

Parameters

Parameter:	Description:
domain	Domain allowed access.

mls_net_inbound_all_levels(
	
		domain
		
	)

Summary

Make specified domain trusted to write inbound packets regardless of the network's or node's MLS range.

Parameters

Parameter:	Description:
domain	Domain allowed access.

mls_net_outbound_all_levels(
	
		domain
		
	)

Summary

Make specified domain trusted to write outbound packets regardless of the network's or node's MLS range.

Parameters

Parameter:	Description:
domain	Domain allowed access.

mls_net_receive_all_levels(
	
		domain
		
	)

Summary

Make specified domain MLS trusted for receiving network data from network interfaces or hosts at any level.

Parameters

Parameter:	Description:
domain	Domain allowed access.

mls_net_write_within_range(
	
		domain
		
	)

Summary

Make specified domain trusted to write to network objects within its MLS range. The subject's MLS range must be a proper subset of the object's MLS range.

Parameters

Parameter:	Description:
domain	Domain allowed access.

mls_process_read_all_levels(
	
		domain
		
	)

Summary

Make specified domain MLS trusted for reading from processes at all levels.

Parameters

Parameter:	Description:
domain	Domain allowed access.

mls_process_read_to_clearance(
	
		domain
		
	)

Summary

Make specified domain MLS trusted for reading from processes up to its clearance.

Parameters

Parameter:	Description:
domain	Domain allowed access.

mls_process_set_level(
	
		domain
		
	)

Summary

Make specified domain MLS trusted for setting the level of processes it executes.

Parameters

Parameter:	Description:
domain	Domain allowed access.

mls_process_write_all_levels(
	
		domain
		
	)

Summary

Make specified domain MLS trusted for writing to processes at all levels.

Parameters

Parameter:	Description:
domain	Domain allowed access.

mls_process_write_to_clearance(
	
		domain
		
	)

Summary

Make specified domain MLS trusted for writing to processes up to its clearance.

Parameters

Parameter:	Description:
domain	Domain allowed access.

mls_rangetrans_source(
	
		domain
		
	)

Summary

Allow the specified domain to do a MLS range transition that changes the current level.

Parameters

Parameter:	Description:
domain	Domain allowed access.

mls_rangetrans_target(
	
		domain
		
	)

Summary

Make specified domain a target domain for MLS range transitions that change the current level.

Parameters

Parameter:	Description:
domain	Domain allowed access.

mls_socket_read_all_levels(
	
		domain
		
	)

Summary

Make specified domain MLS trusted for reading from sockets at any level.

Parameters

Parameter:	Description:
domain	Domain allowed access.

mls_socket_read_to_clearance(
	
		domain
		
	)

Summary

Make specified domain MLS trusted for reading from sockets at any level that is dominated by the process clearance.

Parameters

Parameter:	Description:
domain	Domain allowed access.

mls_socket_write_all_levels(
	
		domain
		
	)

Summary

Make specified domain MLS trusted for writing to sockets at any level.

Parameters

Parameter:	Description:
domain	Domain allowed access.

mls_socket_write_to_clearance(
	
		domain
		
	)

Summary

Make specified domain MLS trusted for writing to sockets up to its clearance.

Parameters

Parameter:	Description:
domain	Domain allowed access.

mls_sysvipc_read_all_levels(
	
		domain
		
	)

Summary

Make specified domain MLS trusted for reading from System V IPC objects at any level.

Parameters

Parameter:	Description:
domain	Domain allowed access.

mls_sysvipc_read_to_clearance(
	
		domain
		
	)

Summary

Make specified domain MLS trusted for reading from System V IPC objects up to its clearance.

Parameters

Parameter:	Description:
domain	Domain allowed access.

mls_sysvipc_write_all_levels(
	
		domain
		
	)

Summary

Make specified domain MLS trusted for writing to System V IPC objects at any level.

Parameters

Parameter:	Description:
domain	Domain allowed access.

mls_sysvipc_write_to_clearance(
	
		domain
		
	)

Summary

Make specified domain MLS trusted for writing to System V IPC objects up to its clearance.

Parameters

Parameter:	Description:
domain	Domain allowed access.

mls_trusted_object(
	
		domain
		
	)

Summary

Make specified object MLS trusted.

Description

Make specified object MLS trusted. This allows all levels to read and write the object.

This currently only applies to filesystem objects, for example, files and directories.

Parameters

Parameter:	Description:
domain	The type of the object.

mls_trusted_socket(
	
		domain
		
	)

Summary

Make specified socket MLS trusted.

Description

Make specified socket MLS trusted. For sockets marked as such, this allows all levels to: * sendto to unix_dgram_sockets * connectto to unix_stream_sockets respectively.

Parameters

Parameter:	Description:
domain	The type of the object.

mls_xwin_read_all_levels(
	
		domain
		
	)

Summary

Make specified domain MLS trusted for reading from X objects at any level.

Parameters

Parameter:	Description:
domain	Domain allowed access.

mls_xwin_read_to_clearance(
	
		domain
		
	)

Summary

Make specified domain MLS trusted for reading from X objects up to its clearance.

Parameters

Parameter:	Description:
domain	Domain allowed access.

mls_xwin_write_all_levels(
	
		domain
		
	)

Summary

Make specified domain MLS trusted for writing to X objects at any level.

Parameters

Parameter:	Description:
domain	Domain allowed access.

mls_xwin_write_to_clearance(
	
		domain
		
	)

Summary

Make specified domain MLS trusted for write to X objects up to its clearance.

Parameters

Parameter:	Description:
domain	Domain allowed access.

Return