Allow only trusted applications to access private data
Hello, Fedora! It seems that you are the only one who cares about security. So I will ask my question to you.
I am starting to write my own LSM. But before I drown in this, I want to make triple sure my goals can't be achieved using SELinux or other existing LSMs.
In SELinux every file and every process has security label attached. And we need to write rules like: "I want to allow process labelled with LABEL1 to read files labelled with LABEL2". Also we can write domain transition rules like: "If process labelled with LABEL1 starts executable labelled with LABEL2, I wan't new process to be labelled as LABEL3, not LABEL1". This is good if you want to confine some untrusted (or potentially vulnerable) applications.
But my goal is different. I need ability to mark some files as PRIVATE and no application should be able to access these files without permissive rule. Using SELinux, I can't allow transition to more permissive domain (for good reasons). And I don't want to use sudo to switch to more permissive domain. Furthermore, I need ability to mark files with multiple labels (like "Photos" + "Holly"). And only processes that are allowed to read all labels, should be able to read such file.
Is it possible?
UPDATE
I started to develop my own LSM (SELinux replacement). It seems like no one here is interested. But, just in case, you can find me here:
https://gitlab.com/mogryph/chariot
or here: