Embed Size (px)
Citation preview
© 2005 Tresys Technology, LLC (www.tresys.com/selinux, [email protected])
Setools Package: Tools for Understanding SELinux Policies
2005 SELinux Symposium
Frank Mayer <[email protected]>Tresys Technologyhttp://www.tresys.com
© 2005 Tresys Technology, LLC (www.tresys.com/selinux, [email protected])
The Origins
Challenge of Evaluating TE Policies Basic cross-reference was practically impossible“What are the types with Domain attribute?”Needed to support security certification
Starting writing a little tool on the side in 2001First released “apolicy” v0.1 in October 2001Basic command line tool Was a powerful analysis aide
policy stats types & attributesdump rules (grep) search rules (by type)
Evolved into “Setools” package
© 2005 Tresys Technology, LLC (www.tresys.com/selinux, [email protected])
Current Setools Overview
Package of software tools for SELinux policiesUnderstanding and analyzing policiesOver 10 distinct tools and four librariesOver 20 releases to date
Current v2.0, released February 2005~75K SLOC (~45K C plus TCL/others)
Version 0.1: 2.4K SLOCFreely available, GPL license (www.tresys.com/selinux)
Strong analysis and debug toolsDriven by need and innovationAlso policy management/editing
© 2005 Tresys Technology, LLC (www.tresys.com/selinux, [email protected])
Setools Package ContentsApol: comprehensive policy analysisSediff: semantic policy difference analysisSeaudit: audit analyzer/monitor
Seaudit-report: audit report formatterSecmd sub-package: command line tools
Replcon & findcon: search/edit file contextIndexcon & searchcon: index and search file system contextSeinfo & sesearch: command line policy analysis
Seuser & wrappers: policy management (users)Sepcut: policy editor/configuration (deprecated)Libraries:
Libapol: analysis and policy storeLibseaudit: audit analysisLibsefs: file context indexing and analysisLibseuser: user management
© 2005 Tresys Technology, LLC (www.tresys.com/selinux, [email protected])
Libapol architecture: analysis core
source parser• pre v11-current
binary parser• v15-current
policy store• integer indexed• in-memory• extremely fast
search & query• rapid policy selection
automated analyses• complex “canned”
analysis• captured experience
DTA
info flowanalysisengine
info flow
assert
re-label
typerelate
semantic diff• semantic comparison
of two policies• binary & source• differing versions
selinux policies
policy tools
© 2005 Tresys Technology, LLC (www.tresys.com/selinux, [email protected])
Setools Architecture
liapol-tcl
sourcepolicy
binarypolicy
apol(tcl/tk)
seuserx(GUI)
seuser(cmd)
seaudit(gtk)sediff
(gtk)
source parser• pre v11-current
binary parser• v15-current
policy store• integer indexed• in-memory• extremely fast
search & query• rapid policy selection
automated analyses• complex “canned”
analysis• captured experience
DTA
info flowanalysisengine
info flow
assert
re-label
typerelate
semantic diff• semantic comparison
of two policies• binary & source• differing versions
source parser• pre v11-current
source parser• pre v11-current
binary parser• v15-current
binary parser• v15-current
policy store• integer indexed• in-memory• extremely fast
policy store• integer indexed• in-memory• extremely fast
search & query• rapid policy selection
search & query• rapid policy selection
automated analyses• complex “canned”
analysis• captured experience
automated analyses• complex “canned”
analysis• captured experience
DTA
DTA
info flowanalysisengine
info flowanalysisengine
info flow
assert
info flow
assert
re-labelre-
labeltyperelatetyperelate
semantic diff• semantic comparison
of two policies• binary & source• differing versions
semantic diff• semantic comparison
of two policies• binary & source• differing versions
libapollibsefslibseaudit
libseuser
© 2005 Tresys Technology, LLC (www.tresys.com/selinux, [email protected])
Sediff: semantic policy compare
New tool released in version 2.0Long-time goal of differencing two policies
Simple diffs don’t workNeed semantic comparison
Resolve effective permissionDealing with duplicate rules, attributes, etc.
New library extension and GUIShows semantic differences Can handle binary and/or source policiesCan compare different policy versions
© 2005 Tresys Technology, LLC (www.tresys.com/selinux, [email protected])
Sediff: semantic policy compare
© 2005 Tresys Technology, LLC (www.tresys.com/selinux, [email protected])
Sediff: difference summary
© 2005 Tresys Technology, LLC (www.tresys.com/selinux, [email protected])
Sediff: attribute differences
© 2005 Tresys Technology, LLC (www.tresys.com/selinux, [email protected])
Sediff: type enforcement differences
© 2005 Tresys Technology, LLC (www.tresys.com/selinux, [email protected])
Apol: Policy analysis tool
Grandfather and largest of all SetoolsExtensive analysis and debug toolFrom basic to highly innovative capabilities
Search & correlate policy elementsPowerful rule search and select capabilitiesCorrelation with on-disk file labelsComplex, automated analyses domain transition analysis relabel analysisinformation flow (several) type relationship
© 2005 Tresys Technology, LLC (www.tresys.com/selinux, [email protected])
Apol: Policy analysis tool
© 2005 Tresys Technology, LLC (www.tresys.com/selinux, [email protected])
Apol: Policy analysis tool
© 2005 Tresys Technology, LLC (www.tresys.com/selinux, [email protected])
Apol: Policy Components (types)
© 2005 Tresys Technology, LLC (www.tresys.com/selinux, [email protected])
Apol: Policy Rules (TE Rules)
© 2005 Tresys Technology, LLC (www.tresys.com/selinux, [email protected])
Apol: Policy Rules (TE Rules)
© 2005 Tresys Technology, LLC (www.tresys.com/selinux, [email protected])
Apol: Policy Rules (TE Rules)
© 2005 Tresys Technology, LLC (www.tresys.com/selinux, [email protected])
Apol: Policy Rules (TE Rules)
© 2005 Tresys Technology, LLC (www.tresys.com/selinux, [email protected])
Apol: Policy Analyses (types relate)
© 2005 Tresys Technology, LLC (www.tresys.com/selinux, [email protected])
Apol: Policy Analyses (types relate)
© 2005 Tresys Technology, LLC (www.tresys.com/selinux, [email protected])
Apol: Policy Analyses (types relate)
© 2005 Tresys Technology, LLC (www.tresys.com/selinux, [email protected])
Apol: Policy Analyses (types relate)
© 2005 Tresys Technology, LLC (www.tresys.com/selinux, [email protected])
Apol: Policy Analyses (types relate)
© 2005 Tresys Technology, LLC (www.tresys.com/selinux, [email protected])
Setools: Future and PlansComplete and expand libapol
Policy store and parsingConstraints, security context, & MLSBinary module parser
Further use of file contexts in analysesComplete existing and invent new analyses
Batched information flow (security modeling)Greater knowledge capture and extensibility
Continue to apply to real-world problemsGreater support for certification and testingMore direct use for debug and managementPolicy quality checkerCompletion of sediffEtc.
© 2005 Tresys Technology, LLC (www.tresys.com/selinux, [email protected])
Setools Overview
QUESTIONS??
