MLS concepts, relational question

MLS concepts, relational question

[Michael C Thompson]

OK, so assume there are two labels:
Label A -- s2:c1 - s15:c0.c1023
Label B -- s0:c1,c3,c5,...,c1021,c1023 (odd repeating)

What is the relationship between A and B?

As my understanding goes, and from a definition I found:

A dom B, iff:
level(A) >= level(B) and cat(A) <super set of> cat(B)

A domby B, iff:
level(A) <= level(B) and cat(A) <subset of> cat(B)

A eq B, iff:
level(A) == level(B) and cat(A) == cat(b)

A incomp B, iff:
cat(A) not <subset of> cat(B) AND
cat(B) not <subset of> cat(A)

Assuming all of those are accurate, label A does not DOM, DOMBY, or EQ 
B, yet they are not INCOMP...

Assuming all of the above is true, what do we call this relationship?

Thanks,
Mike


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: MLS concepts, relational question

[Joe Nall]

On Feb 7, 2007, at 2:28 PM, Michael C Thompson wrote:

> OK, so assume there are two labels:
> Label A -- s2:c1 - s15:c0.c1023
> Label B -- s0:c1,c3,c5,...,c1021,c1023 (odd repeating)

'Label' A is a range of two labels
'Label' B is what I think of as a label.

A(LOW) is incomparable with B
A(HIGH) dominates B

Your definition of incomp leaves out the level.

joe

>
> What is the relationship between A and B?
>
> As my understanding goes, and from a definition I found:
>
> A dom B, iff:
> level(A) >= level(B) and cat(A) <super set of> cat(B)
>
> A domby B, iff:
> level(A) <= level(B) and cat(A) <subset of> cat(B)
>
> A eq B, iff:
> level(A) == level(B) and cat(A) == cat(b)
>
> A incomp B, iff:
> cat(A) not <subset of> cat(B) AND
> cat(B) not <subset of> cat(A)
>
> Assuming all of those are accurate, label A does not DOM, DOMBY, or  
> EQ B, yet they are not INCOMP...
>
> Assuming all of the above is true, what do we call this relationship?
>
> Thanks,
> Mike
>
>
> --
> This message was distributed to subscribers of the selinux mailing  
> list.
> If you no longer wish to subscribe, send mail to  
> majordomo@tycho.nsa.gov with
> the words "unsubscribe selinux" without quotes as the message.


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: MLS concepts, relational question

[Casey Schaufler]

--- Michael C Thompson <thompsmc@us.ibm.com> wrote:

> OK, so assume there are two labels:
> Label A -- s2:c1 - s15:c0.c1023

This is an SELinux MLS range label. It
will not fit in the definitions you have
below because the definitions you have
are for discrete value labels. 

> Label B -- s0:c1,c3,c5,...,c1021,c1023 (odd
> repeating)
> 
> What is the relationship between A and B?
> 
> As my understanding goes, and from a definition I
> found:
> 
> A dom B, iff:
> level(A) >= level(B) and cat(A) <super set of>
> cat(B)
> 
> A domby B, iff:
> level(A) <= level(B) and cat(A) <subset of> cat(B)
> 
> A eq B, iff:
> level(A) == level(B) and cat(A) == cat(b)
> 
> A incomp B, iff:
> cat(A) not <subset of> cat(B) AND
> cat(B) not <subset of> cat(A)


The definition I always used for incomp was
A incomp B if not (A dom B) and not (B dom A)

> Assuming all of those are accurate, label A does not
> DOM, DOMBY, or EQ 
> B, yet they are not INCOMP...
> 
> Assuming all of the above is true, what do we call
> this relationship?

Illegal, except in Sweden?

I don't know that it makes sense to apply
descrete label terminology to vector label
values.


Casey Schaufler
casey@schaufler-ca.com

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: MLS concepts, relational question

[Michael C Thompson]

Joe Nall wrote:
> 
> On Feb 7, 2007, at 2:28 PM, Michael C Thompson wrote:
> 
>> OK, so assume there are two labels:
>> Label A -- s2:c1 - s15:c0.c1023
>> Label B -- s0:c1,c3,c5,...,c1021,c1023 (odd repeating)
> 
> 'Label' A is a range of two labels

Ah yes, I failed to clarify what I meant... my interest was in the low 
(active) label.

> 'Label' B is what I think of as a label.
> 
> A(LOW) is incomparable with B
> A(HIGH) dominates B
> 
> Your definition of incomp leaves out the level.

So my source if faulty :)

Thanks,
Mike


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: MLS concepts, relational question

[Stephen Smalley]

On Wed, 2007-02-07 at 15:07 -0600, Joe Nall wrote:
> On Feb 7, 2007, at 2:28 PM, Michael C Thompson wrote:
> 
> > OK, so assume there are two labels:
> > Label A -- s2:c1 - s15:c0.c1023
> > Label B -- s0:c1,c3,c5,...,c1021,c1023 (odd repeating)
> 
> 'Label' A is a range of two labels
> 'Label' B is what I think of as a label.

Yes.  Dominance is a function of two levels, not two ranges.
Note that you only express relationships between levels in the
constraint language used to express the MLS policy.  You can also see
the definitions of mls_level_eq, _dom, and _incomp in the SELinux code
and their use in constraint_expr_eval().

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: MLS concepts, relational question

[Stephen Smalley]

On Wed, 2007-02-07 at 13:14 -0800, Casey Schaufler wrote:
> The definition I always used for incomp was
> A incomp B if not (A dom B) and not (B dom A)

Yes, that is how SELinux defines it too:

mls_types.h:
#define mls_level_incomp(l1, l2) \
(!mls_level_dom((l1), (l2)) && !mls_level_dom((l2), (l1)))

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: MLS concepts, relational question

[Michael C Thompson]

Casey Schaufler wrote:
> --- Michael C Thompson <thompsmc@us.ibm.com> wrote:
> 
>> OK, so assume there are two labels:
>> Label A -- s2:c1 - s15:c0.c1023
> 
> This is an SELinux MLS range label. It
> will not fit in the definitions you have
> below because the definitions you have
> are for discrete value labels. 

>> Label B -- s0:c1,c3,c5,...,c1021,c1023 (odd
>> repeating)
>>
>> What is the relationship between A and B?
>>
>> As my understanding goes, and from a definition I
>> found:
>>
>> A dom B, iff:
>> level(A) >= level(B) and cat(A) <super set of>
>> cat(B)
>>
>> A domby B, iff:
>> level(A) <= level(B) and cat(A) <subset of> cat(B)
>>
>> A eq B, iff:
>> level(A) == level(B) and cat(A) == cat(b)
>>
>> A incomp B, iff:
>> cat(A) not <subset of> cat(B) AND
>> cat(B) not <subset of> cat(A)
> 
> 
> The definition I always used for incomp was
> A incomp B if not (A dom B) and not (B dom A)

That makes sense, the source I was getting my definition from only 
included categories... is the above definition widely used?

>> Assuming all of those are accurate, label A does not
>> DOM, DOMBY, or EQ 
>> B, yet they are not INCOMP...
>>
>> Assuming all of the above is true, what do we call
>> this relationship?
> 
> Illegal, except in Sweden?

So then, using Joe's notation:
A(LOW) incomp B
A(HIGH) dom B
A illegal B ? :)

Guess I need to explain what I'm looking for better next time...
Mike


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.