Layer: kernel

Module: mls

Description:

This module contains interfaces for handling multilevel security. The interfaces allow the specified subjects and objects to be allowed certain privileges in the MLS rules.

This module is required to be included in all policies.

Interfaces:

mls_colormap_read_all_levels( domain )
Summary

Make specified domain MLS trusted for reading from X colormaps at any level.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
mls_colormap_write_all_levels( domain )
Summary

Make specified domain MLS trusted for writing to X colormaps at any level.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
mls_context_translate_all_levels( domain )
Summary

Make specified domain MLS trusted for translating contexts at all levels.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
mls_fd_share_all_levels( domain )
Summary

Make the file descriptors from the specifed domain inheritable by all levels.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
mls_fd_use_all_levels( domain )
Summary

Make the specified domain trusted to inherit and use file descriptors from all levels.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
mls_file_downgrade( domain )
Summary

Make specified domain MLS trusted for lowering the level of files.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
mls_file_read_up( domain )
Summary

Make specified domain MLS trusted for reading from files at higher levels.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
mls_file_upgrade( domain )
Summary

Make specified domain MLS trusted for raising the level of files.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
mls_file_writable_within_range( domain )
Summary

Make specified domain trusted to be written to within its MLS range. The subject's MLS range must be a proper subset of the object's MLS range.

Parameters
Parameter:Description:Optional:
domain

Object domain granting ranged access.

No
mls_file_write_down( domain )
Summary

Make specified domain MLS trusted for writing to files at lower levels.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
mls_net_receive_all_levels( domain )
Summary

Make specified domain MLS trusted for receiving network data from network interfaces or hosts at any level.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
mls_process_read_up( domain )
Summary

Make specified domain MLS trusted for reading from processes at higher levels.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
mls_process_set_level( domain )
Summary

Make specified domain MLS trusted for setting the level of processes it executes.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
mls_process_write_down( domain )
Summary

Make specified domain MLS trusted for writing to processes at lower levels.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
mls_rangetrans_source( domain )
Summary

Allow the specified domain to do a MLS range transition that changes the current level.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
mls_rangetrans_target( domain )
Summary

Make specified domain a target domain for MLS range transitions that change the current level.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
mls_socket_read_all_levels( domain )
Summary

Make specified domain MLS trusted for reading from sockets at any level.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
mls_socket_read_to_clearance( domain )
Summary

Make specified domain MLS trusted for reading from sockets at any level that is dominated by the process clearance.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
mls_socket_write_all_levels( domain )
Summary

Make specified domain MLS trusted for writing to sockets at any level.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
mls_socket_write_to_clearance( domain )
Summary

Make specified domain MLS trusted for writing to sockets at any level that is dominated by the process clearance.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
mls_sysvipc_read_all_levels( domain )
Summary

Make specified domain MLS trusted for reading from System V IPC objects at any level.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
mls_sysvipc_write_all_levels( domain )
Summary

Make specified domain MLS trusted for writing to System V IPC objects at any level.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
mls_trusted_object( domain )
Summary

Make specified object MLS trusted.

Description

Make specified object MLS trusted. This allows all levels to read and write the object.

This currently only applies to filesystem objects, for example, files and directories.

Parameters
Parameter:Description:Optional:
domain

The type of the object.

No
mls_xwin_read_all_levels( domain )
Summary

Make specified domain MLS trusted for reading from X objects at any level.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
mls_xwin_write_all_levels( domain )
Summary

Make specified domain MLS trusted for writing to X objects at any level.

Parameters
Parameter:Description:Optional:
domain

Domain allowed access.

No
Return