trunk: Database userspace object manager classes from KaiGai Kohei.

2007-08-09 13:15:07 +00:00 · 2007-08-09 13:15:07 +00:00 · 9760cbec2d
commit 9760cbec2d
parent 3d6e962dfa
7 changed files with 287 additions and 1 deletions
--- a/1
+++ b/1
@ -1,3 +1,4 @@
 - Database userspace object manager classes from KaiGai Kohei.
 - Add third-party interface for Apache CGI.
 - Add getserv and shmemserv nscd permissions.
 - Add debian apcupsd binary location, from Stefan Schulze Frielinghaus.
--- a/policy/flask/access_vectors
+++ b/policy/flask/access_vectors
@ -79,6 +79,20 @@ common ipc
 	unix_write
 }
 #
 #  Define a common prefix for userspace database object access vectors.
 #
 common database
 {
 	create
 	drop
 	getattr
 	setattr
 	relabelfrom
 	relabelto
 }
 #
 # Define the access vectors.
 #
@ -655,3 +669,60 @@ class memprotect
 {
 	mmap_zero
 }
 class db_database
 inherits database
 {
 	access
 	install_module
 	load_module
 	get_param
 	set_param
 }
 class db_table
 inherits database
 {
 	use
 	select
 	update
 	insert
 	delete
 	lock
 }
 class db_procedure
 inherits database
 {
 	execute
 	entrypoint
 }
 class db_column
 inherits database
 {
 	use
 	select
 	update
 	insert
 }
 class db_tuple
 {
 	relabelfrom
 	relabelto
 	use
 	select
 	update
 	insert
 	delete
 }
 class db_blob
 inherits database
 {
 	read
 	write
 	import
 	export
 }
--- a/policy/flask/security_classes
+++ b/policy/flask/security_classes
@ -99,4 +99,11 @@ class dccp_socket
 class memprotect
 class db_database		# userspace
 class db_table			# userspace
 class db_procedure		# userspace
 class db_column			# userspace
 class db_tuple			# userspace
 class db_blob			# userspace
 # FLASK
--- a/policy/mcs
+++ b/policy/mcs
@ -98,4 +98,35 @@ mlsconstrain process { ptrace }
 mlsconstrain process { sigkill sigstop }
 	(( h1 dom h2 ) or ( t1 == mcskillall ));
 #
 # MCS policy for SELinux-enabled databases
 #
 # Any database object must be dominated by the relabeling subject
 # clearance, also the objects are single-level.
 mlsconstrain { db_database db_table db_procedure db_column db_blob } { create relabelto }
 	(( h1 dom h2 ) and ( l2 eq h2 ));
 mlsconstrain { db_tuple } { insert relabelto }
 	(( h1 dom h2 ) and ( l2 eq h2 ));
 # Access control for any database objects based on MCS rules.
 mlsconstrain db_database { drop setattr relabelfrom access install_module load_module get_param set_param }
 	( h1 dom h2 );
 mlsconstrain db_table { drop setattr relabelfrom select update insert delete use }
 	( h1 dom h2 );
 mlsconstrain db_column { drop setattr relabelfrom select update insert use }
 	( h1 dom h2 );
 mlsconstrain db_tuple { relabelfrom select update delete use }
 	( h1 dom h2 );
 mlsconstrain db_procedure { execute }
 	( h1 dom h2 );
 mlsconstrain db_blob { drop setattr relabelfrom read write }
 	( h1 dom h2 );
 ') dnl end enable_mcs
--- a/policy/mls
+++ b/policy/mls
@ -600,4 +600,96 @@ mlsconstrain context translate
 mlsconstrain context contains
 	( h1 dom h2 );
 #
 # MLS policy for database classes
 #
 # make sure these database classes are "single level"
 mlsconstrain { db_database db_table db_procedure db_column db_blob } { create relabelto }
 	( l2 eq h2 );
 mlsconstrain { db_tuple } { insert relabelto }
 	( l2 eq h2 );
 # new database labels must be dominated by the relabeling subjects clearance
 mlsconstrain { db_database db_table db_procedure db_column db_tuple db_blob } { relabelto }
 	( h1 dom h2 );
 # the database "read" ops (note the check is dominance of the low level)
 mlsconstrain { db_database } { getattr access get_param }
 	(( l1 dom l2 ) or
 	 (( t1 == mlsdbreadtoclr ) and ( h1 dom l2 )) or
 	 ( t1 == mlsdbread ) or
 	 ( t2 == mlstrustedobject ));
 mlsconstrain { db_table db_column } { getattr use select }
 	(( l1 dom l2 ) or
 	 (( t1 == mlsdbreadtoclr ) and ( h1 dom l2 )) or
 	 ( t1 == mlsdbread ) or
 	 ( t2 == mlstrustedobject ));
 mlsconstrain { db_procedure } { getattr execute }
 	(( l1 dom l2 ) or
 	 (( t1 == mlsdbreadtoclr ) and ( h1 dom l2 )) or
 	 ( t1 == mlsdbread ) or
 	 ( t2 == mlstrustedobject ));
 mlsconstrain { db_blob } { getattr read }
 	(( l1 dom l2 ) or
 	 (( t1 == mlsdbreadtoclr ) and ( h1 dom l2 )) or
 	 ( t1 == mlsdbread ) or
 	 ( t2 == mlstrustedobject ));
 mlsconstrain { db_tuple } { use select }
 	(( l1 dom l2 ) or
 	 (( t1 == mlsdbreadtoclr ) and ( h1 dom l2 )) or
 	 ( t1 == mlsdbread ) or
 	 ( t2 == mlstrustedobject ));
 # the "single level" file "write" ops
 mlsconstrain { db_database } { create drop setattr relabelfrom install_module load_module set_param }
 	(( l1 eq l2 ) or
 	 (( t1 == mlsdbwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
 	 (( t2 == mlsdbwriteinrange ) and ( l1 dom l2 ) and ( h1 domby h2 )) or
 	 ( t1 == mlsdbwrite ) or
 	 ( t2 == mlstrustedobject ));
 mlsconstrain { db_table } { create drop setattr relabelfrom update insert delete lock }
 	(( l1 eq l2 ) or
 	 (( t1 == mlsdbwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
 	 (( t2 == mlsdbwriteinrange ) and ( l1 dom l2 ) and ( h1 domby h2 )) or
 	 ( t1 == mlsdbwrite ) or
 	 ( t2 == mlstrustedobject ));
 mlsconstrain { db_column } { create drop setattr relabelfrom update insert }
 	(( l1 eq l2 ) or
 	 (( t1 == mlsdbwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
 	 (( t2 == mlsdbwriteinrange ) and ( l1 dom l2 ) and ( h1 domby h2 )) or
 	 ( t1 == mlsdbwrite ) or
 	 ( t2 == mlstrustedobject ));
 mlsconstrain { db_blob } { create drop setattr relabelfrom write import export }
 	(( l1 eq l2 ) or
 	 (( t1 == mlsdbwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
 	 (( t2 == mlsdbwriteinrange ) and ( l1 dom l2 ) and ( h1 domby h2 )) or
 	 ( t1 == mlsdbwrite ) or
 	 ( t2 == mlstrustedobject ));
 mlsconstrain { db_tuple } { relabelfrom update insert delete }
 	(( l1 eq l2 ) or
 	 (( t1 == mlsdbwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
 	 (( t2 == mlsdbwriteinrange ) and ( l1 dom l2 ) and ( h1 domby h2 )) or
 	 ( t1 == mlsdbwrite ) or
 	 ( t2 == mlstrustedobject ));
 # the database upgrade/downgrade rule
 mlsvalidatetrans { db_database db_table db_procedure db_column db_tuple db_blob }
 	((( l1 eq l2 ) or
 	  (( t3 == mlsdbupgrade ) and ( l1 domby l2 )) or
 	  (( t3 == mlsdbdowngrade ) and ( l1 dom l2 )) or
 	  (( t3 == mlsdbdowngrade ) and ( l1 incomp l2 ))) and
 	 (( l1 eq h2 ) or
 	  (( t3 == mlsdbupgrade ) and ( h1 domby h2 )) or
 	  (( t3 == mlsdbdowngrade ) and ( h1 dom h2 )) or
 	  (( t3 == mlsdbdowngrade ) and ( h1 incomp h2 ))));
 ') dnl end enable_mls
--- a/policy/modules/kernel/mls.if
+++ b/policy/modules/kernel/mls.if
@ -491,3 +491,79 @@ interface(`mls_context_translate_all_levels',`
 	typeattribute $1 mlstranslate;
 ')
 ########################################
 ## <summary>
 ##      Make specified domain MLS trusted
 ##      for reading from databases at any level.
 ## </summary>
 ## <param name="domain">
 ##      <summary>
 ##      Domain allowed access.
 ##      </summary>
 ## </param>
 #
 interface(`mls_db_read_all_levels',`
 	gen_require(`
 		attribute mlsdbread;
 	')
 	typeattribute $1 mlsdbread;
 ')
 ########################################
 ## <summary>
 ##       Make specified domain MLS trusted
 ##       for writing to databases at any level.
 ## </summary>
 ## <param name="domain">
 ##      <summary>
 ##      Domain allowed access.
 ##      </summary>
 ## </param>
 #
 interface(`mls_db_write_all_levels',`
 	gen_require(`
 		attribute mlsdbwrite;
 	')
 	typeattribute $1 mlsdbwrite;
 ')
 ########################################
 ## <summary>
 ##      Make specified domain MLS trusted
 ##      for raising the level of databases.
 ## </summary>
 ## <param name="domain">
 ##      <summary>
 ##      Domain allowed access.
 ##      </summary>
 ## </param>
 #
 interface(`mls_db_upgrade',`
 	gen_require(`
 		attribute mlsdbupgrade;
 	')
 	typeattribute $1 mlsdbupgrade;
 ')
 ########################################
 ## <summary>
 ##      Make specified domain MLS trusted
 ##      for lowering the level of databases.
 ## </summary>
 ## <param name="domain">
 ##      <summary>
 ##      Domain allowed access.
 ##      </summary>
 ## </param>
 #
 interface(`mls_db_downgrade',`
 	gen_require(`
 		attribute mlsdbdowngrade;
 	')
 	typeattribute $1 mlsdbdowngrade;
 ')
--- a/policy/modules/kernel/mls.te
+++ b/policy/modules/kernel/mls.te
@ -1,5 +1,5 @@
-policy_module(mls,1.5.0)
+policy_module(mls,1.5.1)
 ########################################
 #
@ -43,6 +43,14 @@ attribute mlsxwinreadcolormap;
 attribute mlsxwinwritecolormap;
 attribute mlsxwinwritexinput;
 attribute mlsdbread;
 attribute mlsdbreadtoclr;
 attribute mlsdbwrite;
 attribute mlsdbwritetoclr;
 attribute mlsdbwriteinrange;
 attribute mlsdbupgrade;
 attribute mlsdbdowngrade;
 attribute mlstrustedobject;
 attribute privrangetrans;