[selinux-policy: 1784/3172] trunk: Database userspace object manager classes from KaiGai Kohei.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 21:39:11 UTC 2010
commit 9760cbec2da5a396ed3e8cc478cc04fceab65765
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Thu Aug 9 13:15:07 2007 +0000
trunk: Database userspace object manager classes from KaiGai Kohei.
Changelog | 1 +
policy/flask/access_vectors | 71 +++++++++++++++++++++++++++++++
policy/flask/security_classes | 7 +++
policy/mcs | 31 ++++++++++++++
policy/mls | 92 +++++++++++++++++++++++++++++++++++++++++
policy/modules/kernel/mls.if | 76 +++++++++++++++++++++++++++++++++
policy/modules/kernel/mls.te | 10 ++++-
7 files changed, 287 insertions(+), 1 deletions(-)
---
diff --git a/Changelog b/Changelog
index 677f0c4..549274c 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,4 @@
+- Database userspace object manager classes from KaiGai Kohei.
- Add third-party interface for Apache CGI.
- Add getserv and shmemserv nscd permissions.
- Add debian apcupsd binary location, from Stefan Schulze Frielinghaus.
diff --git a/policy/flask/access_vectors b/policy/flask/access_vectors
index 5f68fcc..3150be6 100644
--- a/policy/flask/access_vectors
+++ b/policy/flask/access_vectors
@@ -80,6 +80,20 @@ common ipc
}
#
+# Define a common prefix for userspace database object access vectors.
+#
+
+common database
+{
+ create
+ drop
+ getattr
+ setattr
+ relabelfrom
+ relabelto
+}
+
+#
# Define the access vectors.
#
# class class_name [ inherits common_name ] { permission_name ... }
@@ -655,3 +669,60 @@ class memprotect
{
mmap_zero
}
+
+class db_database
+inherits database
+{
+ access
+ install_module
+ load_module
+ get_param
+ set_param
+}
+
+class db_table
+inherits database
+{
+ use
+ select
+ update
+ insert
+ delete
+ lock
+}
+
+class db_procedure
+inherits database
+{
+ execute
+ entrypoint
+}
+
+class db_column
+inherits database
+{
+ use
+ select
+ update
+ insert
+}
+
+class db_tuple
+{
+ relabelfrom
+ relabelto
+ use
+ select
+ update
+ insert
+ delete
+}
+
+class db_blob
+inherits database
+{
+ read
+ write
+ import
+ export
+}
diff --git a/policy/flask/security_classes b/policy/flask/security_classes
index c681855..1a3ff7b 100644
--- a/policy/flask/security_classes
+++ b/policy/flask/security_classes
@@ -99,4 +99,11 @@ class dccp_socket
class memprotect
+class db_database # userspace
+class db_table # userspace
+class db_procedure # userspace
+class db_column # userspace
+class db_tuple # userspace
+class db_blob # userspace
+
# FLASK
diff --git a/policy/mcs b/policy/mcs
index aeb24bd..99d66c2 100644
--- a/policy/mcs
+++ b/policy/mcs
@@ -98,4 +98,35 @@ mlsconstrain process { ptrace }
mlsconstrain process { sigkill sigstop }
(( h1 dom h2 ) or ( t1 == mcskillall ));
+#
+# MCS policy for SELinux-enabled databases
+#
+
+# Any database object must be dominated by the relabeling subject
+# clearance, also the objects are single-level.
+mlsconstrain { db_database db_table db_procedure db_column db_blob } { create relabelto }
+ (( h1 dom h2 ) and ( l2 eq h2 ));
+
+mlsconstrain { db_tuple } { insert relabelto }
+ (( h1 dom h2 ) and ( l2 eq h2 ));
+
+# Access control for any database objects based on MCS rules.
+mlsconstrain db_database { drop setattr relabelfrom access install_module load_module get_param set_param }
+ ( h1 dom h2 );
+
+mlsconstrain db_table { drop setattr relabelfrom select update insert delete use }
+ ( h1 dom h2 );
+
+mlsconstrain db_column { drop setattr relabelfrom select update insert use }
+ ( h1 dom h2 );
+
+mlsconstrain db_tuple { relabelfrom select update delete use }
+ ( h1 dom h2 );
+
+mlsconstrain db_procedure { execute }
+ ( h1 dom h2 );
+
+mlsconstrain db_blob { drop setattr relabelfrom read write }
+ ( h1 dom h2 );
+
') dnl end enable_mcs
diff --git a/policy/mls b/policy/mls
index 16bd1df..3ce227b 100644
--- a/policy/mls
+++ b/policy/mls
@@ -600,4 +600,96 @@ mlsconstrain context translate
mlsconstrain context contains
( h1 dom h2 );
+#
+# MLS policy for database classes
+#
+
+# make sure these database classes are "single level"
+mlsconstrain { db_database db_table db_procedure db_column db_blob } { create relabelto }
+ ( l2 eq h2 );
+mlsconstrain { db_tuple } { insert relabelto }
+ ( l2 eq h2 );
+
+# new database labels must be dominated by the relabeling subjects clearance
+mlsconstrain { db_database db_table db_procedure db_column db_tuple db_blob } { relabelto }
+ ( h1 dom h2 );
+
+# the database "read" ops (note the check is dominance of the low level)
+mlsconstrain { db_database } { getattr access get_param }
+ (( l1 dom l2 ) or
+ (( t1 == mlsdbreadtoclr ) and ( h1 dom l2 )) or
+ ( t1 == mlsdbread ) or
+ ( t2 == mlstrustedobject ));
+
+mlsconstrain { db_table db_column } { getattr use select }
+ (( l1 dom l2 ) or
+ (( t1 == mlsdbreadtoclr ) and ( h1 dom l2 )) or
+ ( t1 == mlsdbread ) or
+ ( t2 == mlstrustedobject ));
+
+mlsconstrain { db_procedure } { getattr execute }
+ (( l1 dom l2 ) or
+ (( t1 == mlsdbreadtoclr ) and ( h1 dom l2 )) or
+ ( t1 == mlsdbread ) or
+ ( t2 == mlstrustedobject ));
+
+mlsconstrain { db_blob } { getattr read }
+ (( l1 dom l2 ) or
+ (( t1 == mlsdbreadtoclr ) and ( h1 dom l2 )) or
+ ( t1 == mlsdbread ) or
+ ( t2 == mlstrustedobject ));
+
+mlsconstrain { db_tuple } { use select }
+ (( l1 dom l2 ) or
+ (( t1 == mlsdbreadtoclr ) and ( h1 dom l2 )) or
+ ( t1 == mlsdbread ) or
+ ( t2 == mlstrustedobject ));
+
+# the "single level" file "write" ops
+mlsconstrain { db_database } { create drop setattr relabelfrom install_module load_module set_param }
+ (( l1 eq l2 ) or
+ (( t1 == mlsdbwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
+ (( t2 == mlsdbwriteinrange ) and ( l1 dom l2 ) and ( h1 domby h2 )) or
+ ( t1 == mlsdbwrite ) or
+ ( t2 == mlstrustedobject ));
+
+mlsconstrain { db_table } { create drop setattr relabelfrom update insert delete lock }
+ (( l1 eq l2 ) or
+ (( t1 == mlsdbwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
+ (( t2 == mlsdbwriteinrange ) and ( l1 dom l2 ) and ( h1 domby h2 )) or
+ ( t1 == mlsdbwrite ) or
+ ( t2 == mlstrustedobject ));
+
+mlsconstrain { db_column } { create drop setattr relabelfrom update insert }
+ (( l1 eq l2 ) or
+ (( t1 == mlsdbwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
+ (( t2 == mlsdbwriteinrange ) and ( l1 dom l2 ) and ( h1 domby h2 )) or
+ ( t1 == mlsdbwrite ) or
+ ( t2 == mlstrustedobject ));
+
+mlsconstrain { db_blob } { create drop setattr relabelfrom write import export }
+ (( l1 eq l2 ) or
+ (( t1 == mlsdbwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
+ (( t2 == mlsdbwriteinrange ) and ( l1 dom l2 ) and ( h1 domby h2 )) or
+ ( t1 == mlsdbwrite ) or
+ ( t2 == mlstrustedobject ));
+
+mlsconstrain { db_tuple } { relabelfrom update insert delete }
+ (( l1 eq l2 ) or
+ (( t1 == mlsdbwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
+ (( t2 == mlsdbwriteinrange ) and ( l1 dom l2 ) and ( h1 domby h2 )) or
+ ( t1 == mlsdbwrite ) or
+ ( t2 == mlstrustedobject ));
+
+# the database upgrade/downgrade rule
+mlsvalidatetrans { db_database db_table db_procedure db_column db_tuple db_blob }
+ ((( l1 eq l2 ) or
+ (( t3 == mlsdbupgrade ) and ( l1 domby l2 )) or
+ (( t3 == mlsdbdowngrade ) and ( l1 dom l2 )) or
+ (( t3 == mlsdbdowngrade ) and ( l1 incomp l2 ))) and
+ (( l1 eq h2 ) or
+ (( t3 == mlsdbupgrade ) and ( h1 domby h2 )) or
+ (( t3 == mlsdbdowngrade ) and ( h1 dom h2 )) or
+ (( t3 == mlsdbdowngrade ) and ( h1 incomp h2 ))));
+
') dnl end enable_mls
diff --git a/policy/modules/kernel/mls.if b/policy/modules/kernel/mls.if
index 769ef1f..6606745 100644
--- a/policy/modules/kernel/mls.if
+++ b/policy/modules/kernel/mls.if
@@ -491,3 +491,79 @@ interface(`mls_context_translate_all_levels',`
typeattribute $1 mlstranslate;
')
+
+########################################
+## <summary>
+## Make specified domain MLS trusted
+## for reading from databases at any level.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`mls_db_read_all_levels',`
+ gen_require(`
+ attribute mlsdbread;
+ ')
+
+ typeattribute $1 mlsdbread;
+')
+
+########################################
+## <summary>
+## Make specified domain MLS trusted
+## for writing to databases at any level.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`mls_db_write_all_levels',`
+ gen_require(`
+ attribute mlsdbwrite;
+ ')
+
+ typeattribute $1 mlsdbwrite;
+')
+
+########################################
+## <summary>
+## Make specified domain MLS trusted
+## for raising the level of databases.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`mls_db_upgrade',`
+ gen_require(`
+ attribute mlsdbupgrade;
+ ')
+
+ typeattribute $1 mlsdbupgrade;
+')
+
+########################################
+## <summary>
+## Make specified domain MLS trusted
+## for lowering the level of databases.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`mls_db_downgrade',`
+ gen_require(`
+ attribute mlsdbdowngrade;
+ ')
+
+ typeattribute $1 mlsdbdowngrade;
+')
diff --git a/policy/modules/kernel/mls.te b/policy/modules/kernel/mls.te
index bd5f393..da0d2a0 100644
--- a/policy/modules/kernel/mls.te
+++ b/policy/modules/kernel/mls.te
@@ -1,5 +1,5 @@
-policy_module(mls,1.5.0)
+policy_module(mls,1.5.1)
########################################
#
@@ -43,6 +43,14 @@ attribute mlsxwinreadcolormap;
attribute mlsxwinwritecolormap;
attribute mlsxwinwritexinput;
+attribute mlsdbread;
+attribute mlsdbreadtoclr;
+attribute mlsdbwrite;
+attribute mlsdbwritetoclr;
+attribute mlsdbwriteinrange;
+attribute mlsdbupgrade;
+attribute mlsdbdowngrade;
+
attribute mlstrustedobject;
attribute privrangetrans;
More information about the scm-commits
mailing list