|
|
DTE model
Domain and Type Enforcement model
-
considers domains associated with subjects
(processes) and types associated with objects (file,
directory, device, ..)
-
defines
-
Domain Definition Table (DDT) - represents allowed access modes between domain and types (e.g. read, write,
execute)
-
Domain Interaction Table (DIT) - represents allowed access modes between domains (e.g. signal, create, ..)
-
all acccess is denied unless explicitly allowed
- 8. SELinux TE
- 9. Access modes
- 10. Type declaration
- 11. AV rules
- 12. Transitions
- 13. Change rules
- 14. Assertions
|