TD0435: Alternative to SELinux for FPT_AEX_EXT.1.3
FPT_AEX_EXT.1.3 requires a TOE to be compatible with the security features provided for a platform vendor. The Assurance Activity for Linux-based TOEs requires an evaluator to verify that the TOE is compatible with SELinux. Some common Linux distributions do not use SELinux by default. Ubuntu Linux for example comes with the AppArmor security module pre-installed instead. Since AppArmor cannot be run alongside SELinux, an Ubuntu-based TOE would have to disable one of the the security features provided by the platform vendor and then install SELinux in order to satisfy the Assurance Activity.
For PP_APP_v1.3, the Linux Assurance Activity under FPT_AEX_EXT.1.3 is modified as follows:
For Linux: The evaluator shall ensure that the application can successfully run on a system with either SELinux or AppArmor enabled and enforcing in enforce mode.
See issue description.