Layer: kernel

Module: mls

Description:

This module contains interfaces for handling multilevel security. The interfaces allow the specified subjects and objects to be allowed certain privileges in the MLS rules.

This module is required to be included in all policies.

Interfaces:

mls_file_downgrade(
	
		domain
		
	)

Summary

Make specified domain MLS trusted for lowering the level of files.

Parameters

Parameter:	Description:	Optional:
domain	The type of the process performing this action.	No

mls_file_read_up(
	
		domain
		
	)

Summary

Make specified domain MLS trusted for reading from files at higher levels.

Parameters

Parameter:	Description:	Optional:
domain	The type of the process performing this action.	No

mls_file_upgrade(
	
		domain
		
	)

Summary

Make specified domain MLS trusted for raising the level of files.

Parameters

Parameter:	Description:	Optional:
domain	The type of the process performing this action.	No

mls_file_write_down(
	
		domain
		
	)

Summary

Make specified domain MLS trusted for writing to files at lower levels.

Parameters

Parameter:	Description:	Optional:
domain	The type of the process performing this action.	No

mls_process_read_up(
	
		domain
		
	)

Summary

Make specified domain MLS trusted for reading from processes at higher levels.

Parameters

Parameter:	Description:	Optional:
domain	The type of the process performing this action.	No

mls_process_set_level(
	
		domain
		
	)

Summary

Make specified domain MLS trusted for setting the level of processes it executes.

Parameters

Parameter:	Description:	Optional:
domain	The type of the process performing this action.	No

mls_process_write_down(
	
		domain
		
	)

Summary

Make specified domain MLS trusted for writing to processes at lower levels.

Parameters

Parameter:	Description:	Optional:
domain	The type of the process performing this action.	No

mls_rangetrans_source(
	
		domain
		
	)

Summary

Allow the specified domain to do a MLS range transition that changes the current level.

Parameters

Parameter:	Description:	Optional:
domain	The type of the process performing this action.	No

mls_rangetrans_target(
	
		domain
		
	)

Summary

Make specified domain a target domain for MLS range transitions that change the current level.

Parameters

Parameter:	Description:	Optional:
domain	The type of the process performing this action.	No

mls_trusted_object(
	
		domain
		
	)

Summary

Make specified object MLS trusted.

Description

Make specified object MLS trusted. This allows all levels to read and write the object.

This currently only applies to filesystem objects, for example, files and directories.

Parameters

Parameter:	Description:	Optional:
domain	The type of the object.	No

Return