fbpx
维基百科

强制访问控制

一月 12, 2023

强制访问控制(英語:mandatory access control,缩写MAC)在计算机安全领域指一种由操作系统约束的存取控制,目标是限制主体或发起者访问或对对象或目标执行某种操作的能力。在实践中,主体通常是一个进程线程,对象可能是文件目录TCP/UDP端口、共享内存段、I/O设备等。主体和对象各自具有一组安全属性。每当主体尝试访问对象时,都会由操作系统内核强制施行授权规则——检查安全属性并决定是否可进行访问。任何主體对任何物件的任何操作都将根据一组授权规则(也称策略)进行测试,决定操作是否允许。在数据库管理系统中也存在访问控制机制,因而也可以应用强制访问控制;在此环境下,对象为表、视图、过程等。

通过强制访问控制,安全策略由安全策略管理员集中控制;用户无权覆盖策略,例如不能给被否决而受到限制的文件授予访问权限。相比而言,自主访问控制(DAC)也控制主体访问对象的能力,但允许用户进行策略决策和/或分配安全属性。(传统Unix系统的用户、组和读-写-执行就是一种DAC。)启用MAC的系统允许策略管理员实现组织范围的安全策略。在MAC(不同于DAC)下,用户不能覆盖或修改策略,无论为意外或故意。这使安全管理员定义的中央策略得以在原则上保证向所有用户强制实施。

在历史上和传统上,MAC与多层安全英语Multi-level security(MLS)和专业的军用系统密切相关。在此环境中,MAC意味着高度严格以满足MLS系统的约束。但在最近,MAC已从MLS本身中发展出来,并变得更加主流。最近的MAC实现有诸如面向Linux的SELinuxAppArmor,以及面向Windows的强制完整性控制,它们使管理员得以关注没有严格或MLS约束时遇到的如网络攻击或恶意软件等问题。

历史背景和对多层安全的影响

历史上,MAC与作为保护美国機密信息的多层安全英语Multi-Level Security(MLS)手段密切相关。可信计算机系统评估标准英语Trusted Computer System Evaluation Criteria(TCSEC)就是就这一主题的开创性工作,其中将MAC定义为“基于对象中包含信息的敏感性(由标签表示)来显示对对象的访问途径以及对象访问这种敏感信息的授权”。MAC的早期实现有Honeywell的SCOMP、USAF SACDIN、NSA Blacker,以及的波音MLS LAN。

术语MAC中的“强制性”已经因其在军事系统中的使用而获得了特殊含义。在这方面,MAC意味着非常高的抵抗性,确保控制机制能够抵抗任何类型的破坏,从而使他们能够执行由政府命令授权的访问控制,诸如面向美国等级信息的第12958號行政命令 。强制施行的保证性要求要高于商业应用,因此这不允许采用“尽力而为”的机制。MAC只接受能够绝对或者几乎绝对地保证任务执行的机制。这点对于不熟悉高保证策略的人来说可能很困难或者被假定为不切实际。

系统强度

强度等级

在某些系统中,用户有权决定是否向其他任何用户授予访问权限。为允许这点,所有用户都必须有所有数据的审查许可。这不是MLS系统所需必要条件。如果个人或进程可能被拒绝访问系统环境中的任何数据,则系统必须可信以强制执行MAC。由于可能存在各种级别的数据等级和用户许可,这也显示了健壮性的量化指标。例如,一个包含等级为最高机密的信息和等级为未批准的用户的系统相较于一个包含等级为绝密的信息和等级为秘密的用户的系统具有更高的健壮性。为了维持健壮性量化指标的一致性以及尽可能地消除主观人为因素,一项针对该问题的大规模科学分析和风险评估提出了标志性的测试标准,用以量化系统的安全健壮性,并根据其能够保证的安全等级为其分级。该结果记录于CSC-STD-004-85。[1]健壮性的两个相对独立的组成部分可以被定义为保障等级和功能性,两者都可以被阐述为一个系统在特定标准下能够保证的其审查的精确性。

强度评估

实现

参见

  • Bell–LaPadula model英语Bell–LaPadula model
  • 存取控制串列
  • 基于属性的访问控制英语Attribute-Based Access Control(ABAC)
  • 基于上下文的访问控制英语Context-based access control(CBAC)
  • 自主访问控制(DAC)
  • 基于格的访问控制英语Lattice-based access control(LBAC)
  • 基于组织的访问控制英语Organisation-based access control(OrBAC)
  • 以角色為基礎的存取控制(RBAC)
  • 以規則集為基礎的存取控制(RSBAC)
  • 基于能力的安全性英语Capability-based security
  • 基于位置的身份验证英语Location-based authentication
  • 基于风险的身份验证英语Risk-based authentication
  • Clark–Wilson model英语Clark–Wilson model
  • 国家机密
  • Graham–Denning model英语Graham-Denning model
  • 强制完整性控制
  • Multiple single-level英语Multiple single-level
  • 安全模型英语Security modes
  • Smack (software)英语Smack (software)
  • Systrace英语Systrace
  • 授权保护模型英语Take-grant protection model
  • 类型强制英语Type enforcement

脚注

  1. ^ . 1985-06-25 [2008-03-15]. (原始内容存档于July 15, 2007). 
  2. ^ . [2008-03-15]. (原始内容存档于2006-07-18). 
  3. ^ US Department of Defense. DoD 5200.28-STD: Trusted Computer System Evaluation Criteria. December 1985 [2008-03-15]. (原始内容于2008-03-17). 
  4. ^ . National Security Agency. 1999-10-08 [2008-03-15]. (原始内容存档于2012-02-07). 
  5. ^ . National Security Agency. 2001-05-23 [2008-03-15]. (原始内容存档于2009-03-30). 
  6. ^ National Information Assurance Partnership. . [2008-03-15]. (原始内容存档于2008-03-14). 
  7. ^ TOMOYO Linux, an alternative Mandatory Access Control. Linux 2 6 30. Linux Kernel Newbies. [2017-02-12]. (原始内容存档于2012-04-05). 
  8. ^ Linux 2.6.36 released 20 October 2010. Linux 2.6.36. Linux Kernel Newbies. [2017-02-12]. (原始内容于2018-06-10). 
  9. ^ . [2017-02-12]. (原始内容存档于2016-07-22). 
  10. ^ Matthew Conover. . 赛门铁克. [2007-10-08]. (原始内容存档于2008-03-25). 
  11. ^ Steve Riley. . [2007-10-08]. (原始内容存档于2007-09-29). 
  12. ^ Mark Russinovich英语Mark Russinovich. . [2007-10-08]. (原始内容存档于2010-04-15). 
  13. ^ TrustedBSD Project. . [2008-03-15]. (原始内容存档于2010-01-23). 
  14. ^ sandbox_init(3) man page. 2007-07-07 [2008-03-15]. (原始内容于2008-07-25). 
  15. ^ . [2017-02-12]. (原始内容存档于2017-02-13). 
  16. ^ Security Enhanced PostgreSQL. [2017-02-12]. (原始内容于2009-02-07). 
  17. ^ . (原始内容存档于2008年11月21日). 
  18. ^ (俄文) Ключевые особенности Astra Linux Special Edition по реализации требований безопасности информации (页面存档备份,存于互联网档案馆
  19. ^ Official SMACK documentation from the Linux source tree. (原始内容存档于2012-09-21). 
  20. ^ Jonathan Corbet. More stuff for 2.6.25. (原始内容存档于2012-09-21). 

参考资料

  • P. A. Loscocco, S. D. Smalley, P. A. Muckelbauer, R. C. Taylor, S. J. Turner, and J. F. Farrell. . In Proceedings of the 21st National Information Systems Security Conference, pages 303–314, Oct. 1998.
  • P. A. Loscocco, S. D. Smalley, Meeting Critical Security Objectives with Security-Enhanced Linux (页面存档备份,存于互联网档案馆 Proceedings of the 2001 Ottawa Linux Symposium.
  • ISO/IEC DIS 10181-3, Information Technology, OSI Security Model, Security FrameWorks, Part 3: Access Control, 1993
  • Robert N. M. Watson. "A decade of OS access-control extensibility (页面存档备份,存于互联网档案馆)". Commun. ACM 56, 2 (February 2013), 52-63.

外部链接

  • (英文):有关如何使用虚拟化实现强制访问控制。
  • (英文)微软员工详细描述强制完整性控制以及它如何与其他MAC实现的差异。
  • GWV Formal Security Policy Model (页面存档备份,存于互联网档案馆) A Separation Kernel Formal Security Policy, David Greve, Matthew Wilding, and W. Mark Vanfleet.

一月 12, 2023
强制访问控制, 此條目目前正依照其他维基百科上的内容进行翻译, 2017年2月12日, 如果您擅长翻译, 並清楚本條目的領域, 欢迎协助翻譯, 改善或校对本條目, 此外, 长期闲置, 未翻譯或影響閱讀的内容可能会被移除, 目前的翻译进度为, 英語, mandatory, access, control, 缩写mac, 在计算机安全领域指一种由操作系统约束的存取控制, 目标是限制主体或发起者访问或对对象或目标执行某种操作的能力, 在实践中, 主体通常是一个进程或线程, 对象可能是文件, 目录, udp端口, 共享内存. 此條目目前正依照其他维基百科上的内容进行翻译 2017年2月12日 如果您擅长翻译 並清楚本條目的領域 欢迎协助翻譯 改善或校对本條目 此外 长期闲置 未翻譯或影響閱讀的内容可能会被移除 目前的翻译进度为 50 强制访问控制 英語 mandatory access control 缩写MAC 在计算机安全领域指一种由操作系统约束的存取控制 目标是限制主体或发起者访问或对对象或目标执行某种操作的能力 在实践中 主体通常是一个进程或线程 对象可能是文件 目录 TCP UDP端口 共享内存段 I O设备等 主体和对象各自具有一组安全属性 每当主体尝试访问对象时 都会由操作系统内核强制施行授权规则 检查安全属性并决定是否可进行访问 任何主體对任何物件的任何操作都将根据一组授权规则 也称策略 进行测试 决定操作是否允许 在数据库管理系统中也存在访问控制机制 因而也可以应用强制访问控制 在此环境下 对象为表 视图 过程等 通过强制访问控制 安全策略由安全策略管理员集中控制 用户无权覆盖策略 例如不能给被否决而受到限制的文件授予访问权限 相比而言 自主访问控制 DAC 也控制主体访问对象的能力 但允许用户进行策略决策和 或分配安全属性 传统Unix系统的用户 组和读 写 执行就是一种DAC 启用MAC的系统允许策略管理员实现组织范围的安全策略 在MAC 不同于DAC 下 用户不能覆盖或修改策略 无论为意外或故意 这使安全管理员定义的中央策略得以在原则上保证向所有用户强制实施 在历史上和传统上 MAC与多层安全 英语 Multi level security MLS 和专业的军用系统密切相关 在此环境中 MAC意味着高度严格以满足MLS系统的约束 但在最近 MAC已从MLS本身中发展出来 并变得更加主流 最近的MAC实现有诸如面向Linux的SELinux和AppArmor 以及面向Windows的强制完整性控制 它们使管理员得以关注没有严格或MLS约束时遇到的如网络攻击或恶意软件等问题 目录 1 历史背景和对多层安全的影响 2 系统强度 2 1 强度等级 2 2 强度评估 3 实现 4 参见 5 脚注 6 参考资料 7 外部链接历史背景和对多层安全的影响 编辑历史上 MAC与作为保护美国機密信息的多层安全 英语 Multi Level Security MLS 手段密切相关 可信计算机系统评估标准 英语 Trusted Computer System Evaluation Criteria TCSEC 就是就这一主题的开创性工作 其中将MAC定义为 基于对象中包含信息的敏感性 由标签表示 来显示对对象的访问途径以及对象访问这种敏感信息的授权 MAC的早期实现有Honeywell的SCOMP USAF SACDIN NSA Blacker 以及的波音MLS LAN 术语MAC中的 强制性 已经因其在军事系统中的使用而获得了特殊含义 在这方面 MAC意味着非常高的抵抗性 确保控制机制能够抵抗任何类型的破坏 从而使他们能够执行由政府命令授权的访问控制 诸如面向美国等级信息的第12958號行政命令 强制施行的保证性要求要高于商业应用 因此这不允许采用 尽力而为 的机制 MAC只接受能够绝对或者几乎绝对地保证任务执行的机制 这点对于不熟悉高保证策略的人来说可能很困难或者被假定为不切实际 系统强度 编辑强度等级 编辑 在某些系统中 用户有权决定是否向其他任何用户授予访问权限 为允许这点 所有用户都必须有所有数据的审查许可 这不是MLS系统所需必要条件 如果个人或进程可能被拒绝访问系统环境中的任何数据 则系统必须可信以强制执行MAC 由于可能存在各种级别的数据等级和用户许可 这也显示了健壮性的量化指标 例如 一个包含等级为最高机密的信息和等级为未批准的用户的系统相较于一个包含等级为绝密的信息和等级为秘密的用户的系统具有更高的健壮性 为了维持健壮性量化指标的一致性以及尽可能地消除主观人为因素 一项针对该问题的大规模科学分析和风险评估提出了标志性的测试标准 用以量化系统的安全健壮性 并根据其能够保证的安全等级为其分级 该结果记录于CSC STD 004 85 1 健壮性的两个相对独立的组成部分可以被定义为保障等级和功能性 两者都可以被阐述为一个系统在特定标准下能够保证的其审查的精确性 强度评估 编辑 已隱藏部分未翻譯内容 歡迎參與翻譯 The Common Criteria 2 is based on this science and it intended to preserve the Assurance Level as EAL levels 英语 Evaluation Assurance Level and the functionality specifications as Protection Profile 英语 Protection Profile s Of these two essential components of objective robustness benchmarks only EAL levels were faithfully preserved In one case TCSEC 英语 TCSEC level C2 3 not a MAC capable category was fairly faithfully preserved in the Common Criteria as the Controlled Access Protection Profile 英语 Controlled Access Protection Profile CAPP 4 Multilevel security 英语 Multilevel security MLS Protection Profiles such as MLSOSPP similar to B2 5 is more general than B2 They are pursuant to MLS but lack the detailed implementation requirements of their Orange Book 英语 Trusted Computer System Evaluation Criteria predecessors focusing more on objectives This gives certifiers more subjective flexibility in deciding whether the evaluated product s technical features adequately achieve the objective potentially eroding consistency of evaluated products and making it easier to attain certification for less trustworthy products For these reasons the importance of the technical details of the Protection Profile is critical to determining the suitability of a product Such an architecture prevents an authenticated user or process at a specific classification or trust level from accessing information processes or devices in a different level This provides a containment mechanism of users and processes both known and unknown an unknown program for example might comprise an untrusted application where the system should monitor and or control accesses to devices and files 实现 编辑已隱藏部分未翻譯内容 歡迎參與翻譯 A few MAC implementations such as 優利系統 Blacker 英语 Blacker security project were certified robust enough to separate Top Secret from Unclassified late in the last millennium Their underlying technology became obsolete and they were not refreshed Today there are no current implementations certified by TCSEC 英语 TCSEC to that level of robust implementation However some less robust products exist Amon Ott s RSBAC Rule Set Based Access Control provides a framework for Linux kernels that allows several different security policy decision modules One of the models implemented is Mandatory Access Control model A general goal of RSBAC design was to try to reach obsolete Orange Book TCSEC B1 level The model of mandatory access control used in RSBAC is mostly the same as in Unix System V MLS Version 1 2 1 developed in 1989 by the National Computer Security Center of the USA with classification B1 TCSEC RSBAC requires a set of patches to the stock kernel which are maintained quite well by the project owner An 美国国家安全局 research project called SELinux added a Mandatory Access Control architecture to the Linux内核 which was merged into the mainline version of Linux in August 2003 It utilizes a Linux 2 6 kernel feature called LSM Linux Security Modules interface Red Hat Enterprise Linux version 4 and later versions come with an SELinux enabled kernel Although SELinux is capable of restricting all processes in the system the default targeted policy in RHEL confines the most vulnerable programs from the unconfined domain in which all other programs run RHEL 5 ships 2 other binary policy types strict which attempts to implement 最小权限原则 and MLS which is based on strict and adds MLS labels RHEL 5 contains additional MLS enhancements and received 2 LSPP 英语 Labeled Security Protection Profile RBACPP CAPP EAL4 certifications in June 2007 6 TOMOYO Linux 英语 TOMOYO Linux is a lightweight MAC implementation for Linux and 嵌入式Linux developed by NTT Data Corporation 英语 NTT Data Corporation It has been merged in Linux Kernel mainline version 2 6 30 in June 2009 7 Differently from the label based approach used by 安全增强式Linux TOMOYO Linux performs a pathname based Mandatory Access Control separating security domains according to process invocation history which describes the system behavior Policy are described in terms of pathnames A security domain is simply defined by a process call chain and represented as a string There are 4 modes disabled learning permissive enforcing Administrators can assign different modes for different domains TOMOYO Linux introduced the learning mode in which the accesses occurred in the kernel are automatically analyzed and stored to generate MAC policy this mode can be used as first step of policy writing making it easy to customize later SUSE now update supported by Novell and Ubuntu 7 10 have added a MAC implementation called AppArmor AppArmor utilizes a Linux 2 6 kernel feature called LSM Linux Security Modules interface LSM provides a kernel API that allows modules of kernel code to govern ACL DAC ACL access control lists AppArmor is not capable of restricting all programs and is optionally in the Linux kernel as of version 2 6 36 8 Linux and many other Unix distributions have MAC for CPU multi ring disk and memory while OS software may not manage privileges well Linux became famous during the 1990s as being more secure and far more stable than non Unix alternatives Linux distributors disable MAC to being at best DAC for some devices although this is true for any consumer electronics available today grsecurity 英语 grsecurity is a patch for the Linux kernel providing a MAC implementation precisely it is a RBAC implementation Hardened Gentoo 英语 Hardened Gentoo offers a pre patched kernel with grsecurity grsecurity is not implemented via the LSM API 9 微软 Starting with Windows Vista and Server 2008 Windows incorporates 强制完整性控制 which adds Integrity Levels IL to processes running in a login session MIC restricts the access permissions of applications that are running under the same user account and which may be less trustworthy Five integrity levels are defined Low Medium High System and Trusted Installer 10 Processes started by a regular user gain a Medium IL elevated processes have High IL 11 While processes inherit the integrity level of the process that spawned it the integrity level can be customized on a per process basis e g IE7 and downloaded executables run with Low IL Windows controls access to objects based on ILs as well as for defining the boundary for window messages via 用户界面特权隔离 Named objects including files registry keys or other processes and threads have an entry in the ACL governing access to them that defines the minimum IL of the process that can use the object MIC enforces that a process can write to or delete an object only when its IL is equal to or higher than the object s IL Furthermore to prevent access to sensitive data in memory processes can t open processes with a higher IL for read access 12 FreeBSD supports Mandatory Access Control implemented as part of the TrustedBSD project It was introduced in FreeBSD 5 0 Since FreeBSD 7 2 MAC support is enabled by default The framework is extensible various MAC modules implement policies such as Biba 英语 Biba Integrity Model and Multi Level Security 英语 Multi Level Security Sun s Trusted Solaris 英语 Trusted Solaris uses a mandatory and system enforced access control mechanism MAC where clearances and labels are used to enforce a security policy However note that the capability to manage labels does not imply the kernel strength to operate in Multi Level Security 英语 Multi Level Security mode 來源請求 Access to the labels and control mechanisms are not 來源請求 robustly protected from corruption in protected domain maintained by a kernel The applications a user runs are combined with the security label at which the user works in the session Access to information programs and devices are only weakly controlled 來源請求 Apple s Mac OS X MAC framework is an implementation of the FreeBSD MAC framework 13 A limited high level sandboxing interface is provided by the command line function sandbox init See the sandbox init manual page for documentation 14 Oracle Label Security 英语 Oracle Label Security is an implementation of mandatory access control in the Oracle数据库 SE PostgreSQL 英语 SE PostgreSQL is a work in progress as of 2008 01 27 15 16 providing integration into SE Linux It aims for integration into version 8 4 together with row level restrictions Trusted RUBIX 英语 Trusted RUBIX is a mandatory access control enforcing DBMS that fully integrates with SE Linux to restrict access to all database objects 17 Astra Linux OS developed for 俄罗斯陆军 has its own mandatory access control 18 Smack 英语 Smack software Simplified Mandatory Access Control Kernel is a Linux内核 security module that protects data and process interaction from malicious manipulation using a set of custom mandatory access control rules with simplicity as its main design goal 19 It has been officially merged since the Linux 2 6 25 release 20 参见 编辑Bell LaPadula model 英语 Bell LaPadula model 存取控制串列 基于属性的访问控制 英语 Attribute Based Access Control ABAC 基于上下文的访问控制 英语 Context based access control CBAC 自主访问控制 DAC 基于格的访问控制 英语 Lattice based access control LBAC 基于组织的访问控制 英语 Organisation based access control OrBAC 以角色為基礎的存取控制 RBAC 以規則集為基礎的存取控制 RSBAC 基于能力的安全性 英语 Capability based security 基于位置的身份验证 英语 Location based authentication 基于风险的身份验证 英语 Risk based authentication Clark Wilson model 英语 Clark Wilson model 国家机密 Graham Denning model 英语 Graham Denning model 强制完整性控制 Multiple single level 英语 Multiple single level 安全模型 英语 Security modes Smack software 英语 Smack software Systrace 英语 Systrace 授权保护模型 英语 Take grant protection model 类型强制 英语 Type enforcement 脚注 编辑 Technical Rational Behind CSC STD 003 85 Computer Security Requirements 1985 06 25 2008 03 15 原始内容存档于July 15 2007 The Common Criteria Portal 2008 03 15 原始内容存档于2006 07 18 US Department of Defense DoD 5200 28 STD Trusted Computer System Evaluation Criteria December 1985 2008 03 15 原始内容存档于2008 03 17 Controlled Access Protection Profile Version 1 d National Security Agency 1999 10 08 2008 03 15 原始内容存档于2012 02 07 Protection Profile for Multi Level Operating Systems in Environments Requiring Medium Robustness Version 1 22 National Security Agency 2001 05 23 2008 03 15 原始内容存档于2009 03 30 National Information Assurance Partnership The Common Criteria Evaluation and Validation Scheme Validated Products List 2008 03 15 原始内容存档于2008 03 14 TOMOYO Linux an alternative Mandatory Access Control Linux 2 6 30 Linux Kernel Newbies 2017 02 12 原始内容存档于2012 04 05 Linux 2 6 36 released 20 October 2010 Linux 2 6 36 Linux Kernel Newbies 2017 02 12 原始内容存档于2018 06 10 Why doesn t grsecurity use LSM 2017 02 12 原始内容存档于2016 07 22 Matthew Conover Analysis of the Windows Vista Security Model 赛门铁克 2007 10 08 原始内容存档于2008 03 25 Steve Riley Mandatory Integrity Control in Windows Vista 2007 10 08 原始内容存档于2007 09 29 Mark Russinovich 英语 Mark Russinovich PsExec User Account Control and Security Boundaries 2007 10 08 原始内容存档于2010 04 15 TrustedBSD Project TrustedBSD Mandatory Access Control MAC Framework 2008 03 15 原始内容存档于2010 01 23 sandbox init 3 man page 2007 07 07 2008 03 15 原始内容存档于2008 07 25 SEPostgreSQL patch 2017 02 12 原始内容存档于2017 02 13 Security Enhanced PostgreSQL 2017 02 12 原始内容存档于2009 02 07 Trusted RUBIX 原始内容存档于2008年11月21日 俄文 Klyuchevye osobennosti Astra Linux Special Edition po realizacii trebovanij bezopasnosti informacii 页面存档备份 存于互联网档案馆 Official SMACK documentation from the Linux source tree 原始内容存档于2012 09 21 Jonathan Corbet More stuff for 2 6 25 原始内容存档于2012 09 21 参考资料 编辑P A Loscocco S D Smalley P A Muckelbauer R C Taylor S J Turner and J F Farrell The Inevitability of Failure The Flawed Assumption of Security in Modern Computing Environments In Proceedings of the 21st National Information Systems Security Conference pages 303 314 Oct 1998 P A Loscocco S D Smalley Meeting Critical Security Objectives with Security Enhanced Linux 页面存档备份 存于互联网档案馆 Proceedings of the 2001 Ottawa Linux Symposium ISO IEC DIS 10181 3 Information Technology OSI Security Model Security FrameWorks Part 3 Access Control 1993 Robert N M Watson A decade of OS access control extensibility 页面存档备份 存于互联网档案馆 Commun ACM 56 2 February 2013 52 63 外部链接 编辑网络博客 英文 有关如何使用虚拟化实现强制访问控制 网络博客 英文 微软员工详细描述强制完整性控制以及它如何与其他MAC实现的差异 GWV Formal Security Policy Model 页面存档备份 存于互联网档案馆 A Separation Kernel Formal Security Policy David Greve Matthew Wilding and W Mark Vanfleet 取自 https zh wikipedia org w index php title 强制访问控制 amp oldid 70592468, 维基百科,wiki,书籍,书籍,图书馆,

文章

,阅读,下载,免费,免费下载,mp3,视频,mp4,3gp, jpg,jpeg,gif,png,图片,音乐,歌曲,电影,书籍,游戏,游戏。