SELinux Information Gathering & Multi-Level Security (MLS/MCS)

https://drive.google.com/file/d/1OQ_HzvIJP4sSHV6EEiBxKnMTDjf7RTuP/view?usp=sharing

1. SELinux Information Gathering Tools

Core Diagnostic Commands

Command	Purpose
`sestatus`	Show SELinux status, mode, policy type
`id -Z`	Display current user's SELinux context
`ls -Z`	Show file/directory SELinux context
`ps -eZ`	List all processes with SELinux contexts
`seinfo`	Query SELinux policy components
`sesearch`	Search SELinux policy rules
`avcstat`	Show SELinux denial statistics

Advanced Policy Analysis

# Count total domains in policy
seinfo -adomain -x | wc -l

# List all domains
seinfo -adomain

# Search allow rules
sesearch --allow

# Search dontaudit rules (denials that aren't logged)
sesearch --dontaudit

# Search role transitions
sesearch --role_allow -t unconfined_r

💡 Key Insight:

These tools help diagnose denials and understand policy structure without reading raw policy files.

2. Multi-Level Security (MLS) & Multi-Category Security (MCS)

Core Concepts

MLS: Implements Bell-LaPadula model (no read up, no write down)
MCS: Commercial variant using categories instead of classification levels
Security Level Format: sensitivity:category (e.g., s0:c0.c1023)

Sensitivity Levels (MLS)

Level	Numeric	Access
Unclassified	`s0`	Everyone
Confidential	`s1`	Restricted
Secret	`s2-s14`	Highly restricted
Top Secret	`s15`	Extremely restricted

Category Ranges (MCS)

Categories: c0 to c1023 (1024 possible categories)
Used for: Departmental separation (Finance=c0, HR=c1, etc.)

🔍 Context Example:

user_u:staff_r:staff_t:s2:c0.c10 = Secret clearance with Finance+HR access