Tutorial: Build a system that uses a security policy
The steps for developing a QNX Neutrino system that uses a
security policy include adding security types and generating a policy using the
secpolgenerate utility.
Booting the system for the first time
After you add security types to your system, a security policy is required to boot it. The secpolgenerate utility provides an easy method for creating this policy.
The generated security policy
The generated security policy contains a set of rules that describes the abilities that processes used and where they attached themselves in the path space, as observed by secpolgenerate.
Compiling the security policy
You compile the security policy provided by secpolgenerate using the secpolcompile utility.
Booting securely
To boot the system securely, remove the lines that run secpolgenerate from the startup script, rebuild the OS image, and reboot.
Developing systems with a security policy
In most development environments, security policies will need to be revised or updated. For example, your initial attempt at a policy may not account for all desired behavior, or you might add a new program or new version of a program. Although you can capture any new rules that are required by running secpolgenerate again in an unrestricted manner, in most cases it's better to selectively remove restrictions using the configuration file.
The error file
The secpolgenerate utility provides the file /dev/secpolgenerate/errors to help you debug broken systems.
Security policy maintenance
Maintenance tasks for your security policy can include determining whether any generated rules should be edited or removed, manually editing policies for efficiency and simplicity, and reviewing the contents of /dev/secpolgenerate/unused.
Reviewing for unnecessary rules
Although secpolgenerate generates policy rules based on what was needed when the system was run, these are not necessarily appropriate. QNX recommends that you review the security policy specifically to locate processes with abilities that they don't need.
procmgr_ability() calls and the security policy
The secpol-preload.so library allows the security policy that secpolgenerate generates to account for resource managers that use procmgr_ability() to retain any abilities.
Event and state files
The secpolgenerate utility provides a mechanism that saves and loads data about abilities and paths that types used or failed to use.