Good evening,
I'm experiencing something which is making me doubting completely about my understanding of compartments through BIBA and MLS models.
I've used colours and bold style in the attempt to make the following grade:compartments declarations more readable.
I'm working in /home/shared
drwxrwxrwt 2 root wheel biba/equal,mls/equal 512 Feb 1 16:43 shared
......
playing with file "class2" within "shared"
total 24
-rw-rw-r-- 1 lld wheel biba/10:1+2,mls/10:1+2 42 Jan 30 20:56 class0
-rw-rw-r-- 1 asv wheel biba/10:1+2+3,mls/10:1+2+3 31 Jan 31 10:49 class1
-rw-rw-r-- 1 asv wheel biba/10:1+2+3,mls/10:1+2+3 106 Feb 1 17:05 class2
which contains a line for testing
classified content
working as user asv
biba/10:1+2+3(8:1+2-12:1+2+3+4),mls/10:1+2+3(8:1+2-12:1+2+3+4),partition/5
biba/12:1+2+3,mls/8:1+2+3+4+5: Operation not permitted (ok as subject isn’t in compartment 5)
biba/12:1,mls/8:1+2+3+4: Operation not permitted (WHY?! if "biba/12:1+2" worked why "12:1" failed?)
biba/12:1+2,mls/8:1: Operation not permitted (again, why?)
biba/12:1+2+3,mls/8:1: Operation not permitted (?)
biba/12:1+2+3+4,mls/8:1: Operation not permitted (?)
I feel like blind. The idea of the LABEL:GRADE it's fine, I see consistency with the "no write up" and "no read down" for BIBA and the "no read up" and "no write down" for MLS according to the assigned subject and grade. But this compartmentalization still looks like a mystery to me. As documentation on this subject (especially compartments) and its implementation on FreeBSD is largely insufficient (to be very politically correct) I need to try to bother somebody around here.
Some of mine highly likely wrong assumptions:
1) numbers in compartments are not representing an order of importance (2>1, 3<4) but are only identifiers
2) an object which is labeled "biba/10:1+2,mls/10:1+2+3" should be accessed by a subject which not only matches the r/w requirements dictated by the GRADE but which belongs to at least one of the respective BIBA/MLS compartments the object belongs to. So subject
"biba/9:1+2,mls/11:1+2+3"
should be able to read objects labeled as follows:
"biba/10:1+2,mls/10:1+2+3"
"biba/10:1+2,mls/10:3"
"biba/10:1,mls/10:1+2"
"biba/10:1+2,mls/10:1"
3) the BIBA declaration "biba/10:1+2+3(8:1+2-12:1+2+3+4)" states that:
- biba grade is 10 and has default access for compartments 1, 2 and 3
- biba grade 8 has access to compartments 1 and 2
- biba grade from 9 to 11 (which aren't explicitly declared) fall back to default compartments 1,2 and 3
- the above biba declaration allows to access an object which is at least in one of the compartments of the respective labels, if the GRADE actually allows that
I know it's a tricky matter and MAC on FreeBSD is kind of a very niche topic but I have to try.
MANY thanks in advance to whoever would give me a hint on this.
I'm experiencing something which is making me doubting completely about my understanding of compartments through BIBA and MLS models.
I've used colours and bold style in the attempt to make the following grade:compartments declarations more readable.
I'm working in /home/shared
# setpmac biba/[B][COLOR=#ff4d4d]equal[/COLOR][/B],mls/[B][COLOR=#b3b300]equal[/COLOR][/B] ls -lZ /home/drwxrwxrwt 2 root wheel biba/equal,mls/equal 512 Feb 1 16:43 shared
......
playing with file "class2" within "shared"
# setpmac biba/[B][COLOR=#ff4d4d]equal[/COLOR][/B],mls/[B][COLOR=#b3b300]equal[/COLOR][/B] ls -lZ /home/shared/total 24
-rw-rw-r-- 1 lld wheel biba/10:1+2,mls/10:1+2 42 Jan 30 20:56 class0
-rw-rw-r-- 1 asv wheel biba/10:1+2+3,mls/10:1+2+3 31 Jan 31 10:49 class1
-rw-rw-r-- 1 asv wheel biba/10:1+2+3,mls/10:1+2+3 106 Feb 1 17:05 class2
which contains a line for testing
# setpmac biba/[B][COLOR=#ff4d4d]equal[/COLOR][/B],mls/[B][COLOR=#b3b300]equal[/COLOR][/B] cat /home/shared/class2 classified content
working as user asv
$ getpmacbiba/10:1+2+3(8:1+2-12:1+2+3+4),mls/10:1+2+3(8:1+2-12:1+2+3+4),partition/5
$ setpmac biba/[B][COLOR=#ff4d4d]12:1+2+3[/COLOR][/B],mls/[B][COLOR=#b3b300]8:1+2[/COLOR][/B] echo "blablabla2" >> shared/class2 $ setpmac biba/[B][COLOR=#ff4d4d]12:1+2+3[/COLOR][/B],mls/[B][COLOR=#b3b300]8:1+2+3[/COLOR][/B] echo "blablabla3" >> shared/class2 $ setpmac biba/[B][COLOR=#ff4d4d]12:1+2+3[/COLOR][/B],mls/[B][COLOR=#b3b300]8:1+2+3+4[/COLOR][/B] echo "blablabla4" >> shared/class2 $ setpmac biba/[B][COLOR=#ff4d4d]12:1+2+3[/COLOR][/B],mls/[B][COLOR=#b3b300]8:1+2+3+4+5[/COLOR][/B] echo "blablabla5" >> shared/class2biba/12:1+2+3,mls/8:1+2+3+4+5: Operation not permitted (ok as subject isn’t in compartment 5)
$ setpmac biba/[B][COLOR=#ff4d4d]12:1+2+3+4[/COLOR][/B],mls/[B][COLOR=#b3b300]8:1+2+3+4[/COLOR][/B] echo "blablabla5" >> shared/class2 $ setpmac biba/[B][COLOR=#ff4d4d]12:1+2[/COLOR][/B],mls/[B][COLOR=#b3b300]8:1+2+3+4[/COLOR][/B] echo "blablabla6" >> shared/class2 $ setpmac biba/[B][COLOR=#ff4d4d]12:1[/COLOR][/B],mls/[B][COLOR=#b3b300]8:1+2+3+4[/COLOR][/B] echo "blablabla7" >> shared/class2biba/12:1,mls/8:1+2+3+4: Operation not permitted (WHY?! if "biba/12:1+2" worked why "12:1" failed?)
$ setpmac biba/[B][COLOR=#ff4d4d]12:1+2[/COLOR][/B],mls/[B][COLOR=#b3b300]8:1+2+3+4[/COLOR][/B] echo "blablabla7" >> shared/class2 $ setpmac biba/[B][COLOR=#ff4d4d]12:1+2[/COLOR][/B],mls/[B][COLOR=#b3b300]8:1+2+3[/COLOR][/B] echo "blablabla8" >> shared/class2 $ setpmac biba/[B][COLOR=#ff4d4d]12:1+2[/COLOR][/B],mls/[B][COLOR=#b3b300]8:1+2[/COLOR][/B] echo "blablabla9" >> shared/class2 $ setpmac biba/[B][COLOR=#ff4d4d]12:1+2[/COLOR][/B],mls/[B][COLOR=#b3b300]8:1[/COLOR][/B] echo "blablabla10" >> shared/class2biba/12:1+2,mls/8:1: Operation not permitted (again, why?)
$ setpmac biba/[B][COLOR=#ff4d4d]12:1+2+3[/COLOR][/B],mls/[B][COLOR=#b3b300]8:1[/COLOR][/B] echo "blablabla10" >> shared/class2biba/12:1+2+3,mls/8:1: Operation not permitted (?)
$ setpmac biba/[B][COLOR=#ff4d4d]12:1+2+3+4[/COLOR][/B],mls/[B][COLOR=#b3b300]8:1[/COLOR][/B] echo "blablabla10" >> shared/class2biba/12:1+2+3+4,mls/8:1: Operation not permitted (?)
I feel like blind. The idea of the LABEL:GRADE it's fine, I see consistency with the "no write up" and "no read down" for BIBA and the "no read up" and "no write down" for MLS according to the assigned subject and grade. But this compartmentalization still looks like a mystery to me. As documentation on this subject (especially compartments) and its implementation on FreeBSD is largely insufficient (to be very politically correct) I need to try to bother somebody around here.
Some of mine highly likely wrong assumptions:
1) numbers in compartments are not representing an order of importance (2>1, 3<4) but are only identifiers
2) an object which is labeled "biba/10:1+2,mls/10:1+2+3" should be accessed by a subject which not only matches the r/w requirements dictated by the GRADE but which belongs to at least one of the respective BIBA/MLS compartments the object belongs to. So subject
"biba/9:1+2,mls/11:1+2+3"
should be able to read objects labeled as follows:
"biba/10:1+2,mls/10:1+2+3"
"biba/10:1+2,mls/10:3"
"biba/10:1,mls/10:1+2"
"biba/10:1+2,mls/10:1"
3) the BIBA declaration "biba/10:1+2+3(8:1+2-12:1+2+3+4)" states that:
- biba grade is 10 and has default access for compartments 1, 2 and 3
- biba grade 8 has access to compartments 1 and 2
- biba grade from 9 to 11 (which aren't explicitly declared) fall back to default compartments 1,2 and 3
- the above biba declaration allows to access an object which is at least in one of the compartments of the respective labels, if the GRADE actually allows that
I know it's a tricky matter and MAC on FreeBSD is kind of a very niche topic but I have to try.
MANY thanks in advance to whoever would give me a hint on this.