NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0103:  Access Control Policy Prohibiting Apps Write/Exe Permissions

Publication Date
2016.09.23

Protection Profiles
PP_MD_v2.0, PP_MD_v3.0

Other References
FDP_ACF_EXT.1.3

Issue Description

The MDFPPv2 does not grant the "application's private data folder" to be both write and excute.

MDFPPv2: FDP_ACF_EXT.1.3: The TSF shall enforce an access control policy that prohibits an application from granting both write and execute permission to a file on the device.

MDFPPv3: FDP_ACF_EXT.1.3: The TSF shall enforce an access control policy that prohibits an application from granting both write and execute permission to a file on the device except for [assignment: list of exceptions].

The Assurance Activities needs to be updated to allow for "application's private data folder" testing.

In addition, the assignment for the "list of exceptions" is open-ended and could allow the vendor to add broad exceptions to allow a pass of the requirement.

 

 

Resolution

Change to:

MDFPPv3:

FDP_ACF_EXT.1.3: The TSF shall enforce an access control policy that prohibits an application from granting both write and execute permission to a file on the device except for [selection: files stored in the application's private data folder, no exceptions].

Assurance Activity:

Test 1: The evaluator shall write, or the developer shall provide, an application that attempts to store a file with both write and execute permissions. If the selection is "no exceptions", then the evaluator shall verify that this action fails and that the permissions on the file are not simultaneously write and execute.  If the selection is "application's private data folder", then the evaluator shall ensure that the attempt to store the file is outside of the application's private data folder.

Test 2: The evaluator shall traverse the file system examining the permission on each TSF file to verify that no file has both write and execute permissions set.  If the selection is "application's private data folder", then only files outside of this folder need to be examined by the evaluator for this test.

 

MDFPPv2:

FDP_ACF_EXT.1.3: The TSF shall enforce an access control policy that prohibits an application from granting both write and execute permission to a file on the device except for [selection: files stored in the application's private data folder, no exceptions].

Assurance Activity:

Test 1: The evaluator shall write, or the developer shall provide, an application that attempts to store a file with both write and execute permissions. If the selection is "no exceptions", then the evaluator shall verify that this action fails and that the permissions on the file are not simultaneously write and execute.  If the selection is "application's private data folder", then the evaluator shall ensure that the attempt to store the file is outside of the application's private data folder.

Test 2: The evaluator shall traverse the file system examining the permission on each TSF file to verify that no file has both write and execute permissions set.  If the selection is "application's private data folder", then only files outside of this folder need to be examined by the evaluator for this test.

Justification

Changing MDFPPv2 requirement to match MDFPPv3 requirement.  In addtion, the assignment for the "list of exceptions" was too open-ended and needed to have boundaries, therefore have added "application's private data folder" as the only exception.

 
 
Site Map              Contact Us              Home