Initial Roles

If an initial role has been assigned to a program file, it is set as current role of every process that executes this program. However, the role can be changed at any time by all implicit or explicit mechanisms mentioned above, e.g. by changing the process owner. Initial roles are typically used for login programs, which need special privileges for authentication, but have to switch to a new owner's default role afterwards.

Two special initial role values affect implicit role transitions:

role_inherit_parent (default value):

Get initial role setting from filesystem parent object. If there is no parent object, use root dir default value role_use_forced_role. This default value allows to set an initial role for whole directory trees.

role_use_forced_role (root dir default value):

Only use the forced role setting.

As usual, the inheritance implies the notion of effective values:

• initialrole$_{tn}$(f:file):role := initial role value of file f at time t
• effinitialrole$_{tn}$(f:file):role := effective initial role of file f at time n, including inheritance from parent filesystem objects

The effective initial role is derived as follows:

$${\mathrm{effinitialrole}_{tn}(\mathrm{f}):=}$$

$$\left\{ \begin{array}{r@{\ :\ }l} \mathrm{if\ initialrole}_{tn}(\... ...hrm{inherit\_parent} & \mathrm{initialrole}_{tn}(\mathrm{f}) \end{array}\right.$$ (17)

Initial roles for program files change the implicit role transition on execution from rule 4 as follows:

$${\mathrm{execute}_{tn}(\mathrm{p,f}) \Rightarrow\ \mathrm{currentrole}_{tn+1}(\mathrm{p}) :=}$$

$$\left\{ \begin{array}{r@{\ :\ }l} \ma... ...se\_forced\_role} & \mathrm{effinitialrole}_{tn}(\mathrm{f}) \end{array}\right.$$ (18)