FreeBSD Developers' Handbook
Prev		Next

Chapter 14 Writing MAC Policies

Table of Contents
14.1 Synopsis
14.2 Introduction
14.3 Kernel Architecture
14.4 Userland Architecture
14.5 Entry Point Framework
14.6 Userland APIs
14.7 Sample Policy Modules
14.8 System Integration
14.9 Conclusion

Chris Costello and Robert Watson.

14.1 Synopsis

Mandatory Access Control (MAC) is a security feature frequently found in commercial trusted operating systems. MAC supplements existing Discretionary Access Control (DAC) protections (such as file system permissions and access control lists) by allowing the security administrator to define mandatory protections for system objects. Mandatory protections may be distinguished from discretionary protections in that DAC is applied at the discretion of the object owner, whereas MAC protections are defined by the administrator and applied to all users and objects in the system and may not be bypassed even by object owners. A variety of MAC policies have been explored in security research literature as well as the commercial trusted operating system space. These include policies such as the Multi-Level Security (MLS) confidentiality policy, used to prevent inappropriate sharing of information on multi-user systems, and the Biba integrity policy, typically used to protect the integrity of system and user services.

The implementation of MAC found in FreeBSD was developed by the TrustedBSD Project, and includes support for both a number of specific MAC policies, and for a flexible and extensible security framework to support the easy creation of new kernel security policies. This framework isolates the internals of specific MAC policies from the implementation of kernel services, and encapsulates the policies in policy modules. Policy modules may be added to the system without changes to the base kernel, and can augment the kernel security policy in a variety of ways. In addition, policies may provide a shared object implementation of common MAC interfaces for userland applications, permitting applications to be easily extended to manage labels for new policies. Support is provided for setting labels on user processes at login, as well as in a number of other locations where user context management occurs.

This chapter introduces the MAC policy userland and kernel policy frameworks and provides documentation for a sample MAC policy module.

Prev	Home	Next
Using Sysinit	Up	Introduction