Question

In: Computer Science

A security analyst is validating the Mac policy on a set of android devices. The policy...

A security analyst is validating the Mac policy on a set of android devices. The policy was written to ensure non-critical applications are unable to access certain resources. When reviewing dmesg, Dallas notes many inches is such as:

Avc: defined { open } for pid=1018 comm=”irc” path=”/dev/if0” dev=”tmpfs” scontext=u:r:irc:sc:s0 tcontext=u:objective_r:default:s0tclass=chr_file permissive=1

Despite the deny message, this action was still permitted. Which of the following is the most likely fix for this issue?

  1. add the objects of concern to default context

  2. set the devices to enforcing mode

  3. create separate domain and context file

  4. Rebuild the sepolicy, reinstall, and test

Solutions

Expert Solution

Initally when a subject eg. a Process make a request to an object( a file) kernel looks into AVC ( Access vector cache).In case the data in the Avc is not able to suggest any decision then the Request is then sent to Security server which then displays denied or grant permission based on the installed policy.Now SElinux (Security enhanced Architecture) runs in permissive mode where denials are not applied but only logged.It is important from the perspective that it assures that policy may not delay other early device bringup tasks.Permissible mode is suitable for troubleshooting and debugging . In permissive mode, majority of the denials are logged and not applied as subjects can continue with actions that are denied by the policy but are denied in the enforced mode.For example, traversing a directory tree in permissive mode produces avc: denied messages for every directory level read.. In enforcing mode, SELinux would have stopped the initial traversal and kept further denial messages from occurring.In this case also the same thing is happening inspite of denials policy the action was allowed.

Hence In Enforcing mode denials are both logged and enforced.The likely fix is to set the devices to enforcing mode

After then the bugs are analysed and if the need arises the objects of concern are added to default context.Separate domains are created and the sepolicy is rebuild and reinstalled and tested.

In order to put your device into enforcing mode you ned to use  SELinux Switch app, it is easier to toggle between Enforcing and Permissive SELinux modes.


Related Solutions

Research and set up a mock-up IT policy pertaining to the use of mobile devices covering...
Research and set up a mock-up IT policy pertaining to the use of mobile devices covering personal cell phones, wearables, and company laptops and tablets. Please give the following: cover sheet IT strategy Physical map of area coverage end user usage policy minimum requirements local, state and Federal laws and guidelines ( if applicable) an example of the policy
1. Is it a security policy? 2. What type of security policy is described?
1. Is it a security policy? The textbook defines a security policy as, "... an overall general statement produced by senior management (or a selected policy board or committee) that dictates what role security plays within the organization". Is your selected document a security policy per this definition? If not then describe its purpose. Note that some items on this list may not really be security policies per this definition.2. What type of security policy is described? Assuming the document is...
The devices designed for the purpose of addressing security in the network generate a number of...
The devices designed for the purpose of addressing security in the network generate a number of logs during the continuous monitoring of the network. Discuss in detail the different types of logs created and how the security professional can use this information for analysing security in the network.
The devices designed for the purpose of addressing security in the network generate a number of...
The devices designed for the purpose of addressing security in the network generate a number of logs during the continuous monitoring of the network. Discuss in detail the different types of logs created and how the security professional can use this information for analysing security in the network.
The devices designed for the purpose of addressing security in the network generate a number of...
The devices designed for the purpose of addressing security in the network generate a number of logs during the continuous monitoring of the network. Discuss in detail the different types of logs created and how the security professional can use this information for analysing security in the network.
The devices designed for the purpose of addressing security in the network generate a number of...
The devices designed for the purpose of addressing security in the network generate a number of logs during the continuous monitoring of the network. Discuss in detail the different types of logs created and how the security professional can use this information for analysing security in the network.
The devices designed for the purpose of addressing security in the network generate a number of...
The devices designed for the purpose of addressing security in the network generate a number of logs during the continuous monitoring of the network. Discuss in detail the different types of logs created and how the security professional can use this information for analysing security in the network.
The devices designed for the purpose of addressing security in the network generate a number of...
The devices designed for the purpose of addressing security in the network generate a number of logs during the continuous monitoring of the network. Discuss in detail the different types of logs created and how the security professional can use this information for analysing security in the network.
The devices designed for the purpose of addressing security in the network generate a number of...
The devices designed for the purpose of addressing security in the network generate a number of logs during the continuous monitoring of the network. Discuss in detail the different types of logs created and how the security professional can use this information for analysing security in the network.
The devices designed for the purpose of addressing security in the network generate a number of...
The devices designed for the purpose of addressing security in the network generate a number of logs during the continuous monitoring of the network. Discuss in detail the different types of logs created and how the security professional can use this information for analysing security in the network.
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT