selinux-refpolicy/policy/modules/kernel/mls.if
Chad Hanson 5a4f511ff4 Fix implementation of MLS file relabel attributes
This patch properly completes the implementation of the MLS file relabel attributes. In the previous patch [http://oss.tresys.com/pipermail/refpolicy/2016-July/008038.html], a new attribute, mlsfilerelabetoclr, was created. There should have been a second attribute, mlsfilerelabel, created instead of overloading mlsfilewrite for this privilege. I concur with creating new attributes for this situation. I have created the patch below.

Signed-off-by: Chad Hanson <dahchanson@gmail.com>
2017-12-12 20:07:57 -05:00

989 lines
18 KiB
Plaintext

## <summary>Multilevel security policy</summary>
## <desc>
## <p>
## This module contains interfaces for handling multilevel
## security. The interfaces allow the specified subjects
## and objects to be allowed certain privileges in the
## MLS rules.
## </p>
## </desc>
## <required val="true">
## Contains attributes used in MLS policy.
## </required>
########################################
## <summary>
## Make specified domain MLS trusted
## for reading from files up to its clearance.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`mls_file_read_to_clearance',`
gen_require(`
attribute mlsfilereadtoclr;
')
typeattribute $1 mlsfilereadtoclr;
')
########################################
## <summary>
## Make specified domain MLS trusted
## for reading from files at all levels.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`mls_file_read_all_levels',`
gen_require(`
attribute mlsfileread;
')
typeattribute $1 mlsfileread;
')
########################################
## <summary>
## Make specified domain MLS trusted
## for write to files up to its clearance.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`mls_file_write_to_clearance',`
gen_require(`
attribute mlsfilewritetoclr;
')
typeattribute $1 mlsfilewritetoclr;
')
########################################
## <summary>
## Make specified domain MLS trusted
## for writing to files at all levels.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`mls_file_write_all_levels',`
gen_require(`
attribute mlsfilewrite;
')
typeattribute $1 mlsfilewrite;
')
########################################
## <summary>
## Make specified domain MLS trusted
## for relabelto to files up to its clearance.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`mls_file_relabel_to_clearance',`
gen_require(`
attribute mlsfilerelabeltoclr;
')
typeattribute $1 mlsfilerelabeltoclr;
')
########################################
## <summary>
## Make specified domain MLS trusted
## for relabelto to files at all levels.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`mls_file_relabel',`
gen_require(`
attribute mlsfilerelabel;
')
typeattribute $1 mlsfilerelabel;
')
########################################
## <summary>
## Make specified domain MLS trusted
## for raising the level of files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`mls_file_upgrade',`
gen_require(`
attribute mlsfileupgrade;
')
typeattribute $1 mlsfileupgrade;
')
########################################
## <summary>
## Make specified domain MLS trusted
## for lowering the level of files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`mls_file_downgrade',`
gen_require(`
attribute mlsfiledowngrade;
')
typeattribute $1 mlsfiledowngrade;
')
########################################
## <summary>
## Make specified domain trusted to
## be written to within its MLS range.
## The subject's MLS range must be a
## proper subset of the object's MLS range.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`mls_file_write_within_range',`
gen_require(`
attribute mlsfilewriteinrange;
')
typeattribute $1 mlsfilewriteinrange;
')
########################################
## <summary>
## Make specified domain MLS trusted
## for reading from sockets at any level.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`mls_socket_read_all_levels',`
gen_require(`
attribute mlsnetread;
')
typeattribute $1 mlsnetread;
')
########################################
## <summary>
## Make specified domain MLS trusted
## for reading from sockets at any level
## that is dominated by the process clearance.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`mls_socket_read_to_clearance',`
gen_require(`
attribute mlsnetreadtoclr;
')
typeattribute $1 mlsnetreadtoclr;
')
########################################
## <summary>
## Make specified domain MLS trusted
## for writing to sockets up to
## its clearance.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`mls_socket_write_to_clearance',`
gen_require(`
attribute mlsnetwritetoclr;
')
typeattribute $1 mlsnetwritetoclr;
')
########################################
## <summary>
## Make specified domain MLS trusted
## for writing to sockets at any level.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`mls_socket_write_all_levels',`
gen_require(`
attribute mlsnetwrite;
')
typeattribute $1 mlsnetwrite;
')
########################################
## <summary>
## Make specified domain MLS trusted
## for receiving network data from
## network interfaces or hosts at any level.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`mls_net_receive_all_levels',`
gen_require(`
attribute mlsnetrecvall;
')
typeattribute $1 mlsnetrecvall;
')
########################################
## <summary>
## Make specified domain trusted to
## write to network objects within its MLS range.
## The subject's MLS range must be a
## proper subset of the object's MLS range.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`mls_net_write_within_range',`
gen_require(`
attribute mlsnetwriteranged;
')
typeattribute $1 mlsnetwriteranged;
')
########################################
## <summary>
## Make specified domain trusted to
## write inbound packets regardless of the
## network's or node's MLS range.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`mls_net_inbound_all_levels',`
gen_require(`
attribute mlsnetinbound;
')
typeattribute $1 mlsnetinbound;
')
########################################
## <summary>
## Make specified domain trusted to
## write outbound packets regardless of the
## network's or node's MLS range.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`mls_net_outbound_all_levels',`
gen_require(`
attribute mlsnetoutbound;
')
typeattribute $1 mlsnetoutbound;
')
########################################
## <summary>
## Make specified domain MLS trusted
## for reading from System V IPC objects
## up to its clearance.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`mls_sysvipc_read_to_clearance',`
gen_require(`
attribute mlsipcreadtoclr;
')
typeattribute $1 mlsipcreadtoclr;
')
########################################
## <summary>
## Make specified domain MLS trusted
## for reading from System V IPC objects
## at any level.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`mls_sysvipc_read_all_levels',`
gen_require(`
attribute mlsipcread;
')
typeattribute $1 mlsipcread;
')
########################################
## <summary>
## Make specified domain MLS trusted
## for writing to System V IPC objects
## up to its clearance.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`mls_sysvipc_write_to_clearance',`
gen_require(`
attribute mlsipcwritetoclr;
')
typeattribute $1 mlsipcwritetoclr;
')
########################################
## <summary>
## Make specified domain MLS trusted
## for writing to System V IPC objects
## at any level.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`mls_sysvipc_write_all_levels',`
gen_require(`
attribute mlsipcwrite;
')
typeattribute $1 mlsipcwrite;
')
########################################
## <summary>
## Make specified domain MLS trusted
## for writing to keys up to
## its clearance.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`mls_key_write_to_clearance',`
gen_require(`
attribute mlskeywritetoclr;
')
typeattribute $1 mlskeywritetoclr;
')
########################################
## <summary>
## Make specified domain MLS trusted
## for writing to keys at all levels.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`mls_key_write_all_levels',`
gen_require(`
attribute mlskeywrite;
')
typeattribute $1 mlskeywrite;
')
########################################
## <summary>
## Allow the specified domain to do a MLS
## range transition that changes
## the current level.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`mls_rangetrans_source',`
gen_require(`
attribute privrangetrans;
')
typeattribute $1 privrangetrans;
')
########################################
## <summary>
## Make specified domain a target domain
## for MLS range transitions that change
## the current level.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`mls_rangetrans_target',`
gen_require(`
attribute mlsrangetrans;
')
typeattribute $1 mlsrangetrans;
')
########################################
## <summary>
## Make specified domain MLS trusted
## for reading from processes up to
## its clearance.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`mls_process_read_to_clearance',`
gen_require(`
attribute mlsprocreadtoclr;
')
typeattribute $1 mlsprocreadtoclr;
')
########################################
## <summary>
## Make specified domain MLS trusted
## for reading from processes at all levels.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`mls_process_read_all_levels',`
gen_require(`
attribute mlsprocread;
')
typeattribute $1 mlsprocread;
')
########################################
## <summary>
## Make specified domain MLS trusted
## for writing to processes up to
## its clearance.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`mls_process_write_to_clearance',`
gen_require(`
attribute mlsprocwritetoclr;
')
typeattribute $1 mlsprocwritetoclr;
')
########################################
## <summary>
## Make specified domain MLS trusted
## for writing to processes at all levels.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`mls_process_write_all_levels',`
gen_require(`
attribute mlsprocwrite;
')
typeattribute $1 mlsprocwrite;
')
########################################
## <summary>
## Make specified domain MLS trusted
## for setting the level of processes
## it executes.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`mls_process_set_level',`
gen_require(`
attribute mlsprocsetsl;
')
typeattribute $1 mlsprocsetsl;
')
########################################
## <summary>
## Make specified domain MLS trusted
## for reading from X objects up to its clearance.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`mls_xwin_read_to_clearance',`
gen_require(`
attribute mlsxwinreadtoclr;
')
typeattribute $1 mlsxwinreadtoclr;
')
########################################
## <summary>
## Make specified domain MLS trusted
## for reading from X objects at any level.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`mls_xwin_read_all_levels',`
gen_require(`
attribute mlsxwinread;
')
typeattribute $1 mlsxwinread;
')
########################################
## <summary>
## Make specified domain MLS trusted
## for write to X objects up to its clearance.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`mls_xwin_write_to_clearance',`
gen_require(`
attribute mlsxwinwritetoclr;
')
typeattribute $1 mlsxwinwritetoclr;
')
########################################
## <summary>
## Make specified domain MLS trusted
## for writing to X objects at any level.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`mls_xwin_write_all_levels',`
gen_require(`
attribute mlsxwinwrite;
')
typeattribute $1 mlsxwinwrite;
')
########################################
## <summary>
## Make specified domain MLS trusted
## for reading from X colormaps at any level.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`mls_colormap_read_all_levels',`
gen_require(`
attribute mlsxwinreadcolormap;
')
typeattribute $1 mlsxwinreadcolormap;
')
########################################
## <summary>
## Make specified domain MLS trusted
## for writing to X colormaps at any level.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`mls_colormap_write_all_levels',`
gen_require(`
attribute mlsxwinwritecolormap;
')
typeattribute $1 mlsxwinwritecolormap;
')
########################################
## <summary>
## Make specified object MLS trusted.
## </summary>
## <desc>
## <p>
## Make specified object MLS trusted. This
## allows all levels to read and write the
## object.
## </p>
## <p>
## This currently only applies to filesystem
## objects, for example, files and directories.
## </p>
## </desc>
## <param name="domain">
## <summary>
## The type of the object.
## </summary>
## </param>
#
interface(`mls_trusted_object',`
gen_require(`
attribute mlstrustedobject;
')
typeattribute $1 mlstrustedobject;
')
########################################
## <summary>
## Make specified socket MLS trusted.
## </summary>
## <desc>
## <p>
## Make specified socket MLS trusted. For sockets
## marked as such, this allows all levels to:
## * sendto to unix_dgram_sockets
## * connectto to unix_stream_sockets
## respectively.
## </p>
## </desc>
## <param name="domain">
## <summary>
## The type of the object.
## </summary>
## </param>
#
interface(`mls_trusted_socket',`
gen_require(`
attribute mlstrustedsocket;
')
typeattribute $1 mlstrustedsocket;
')
########################################
## <summary>
## Make the specified domain trusted
## to inherit and use file descriptors
## from all levels.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`mls_fd_use_all_levels',`
gen_require(`
attribute mlsfduse;
')
typeattribute $1 mlsfduse;
')
########################################
## <summary>
## Make the file descriptors from the
## specifed domain inheritable by
## all levels.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`mls_fd_share_all_levels',`
gen_require(`
attribute mlsfdshare;
')
typeattribute $1 mlsfdshare;
')
########################################
## <summary>
## Make specified domain MLS trusted
## for translating contexts at all levels.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`mls_context_translate_all_levels',`
gen_require(`
attribute mlstranslate;
')
typeattribute $1 mlstranslate;
')
########################################
## <summary>
## Make specified domain MLS trusted
## for reading from databases at any level.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`mls_db_read_all_levels',`
gen_require(`
attribute mlsdbread;
')
typeattribute $1 mlsdbread;
')
########################################
## <summary>
## Make specified domain MLS trusted
## for writing to databases at any level.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`mls_db_write_all_levels',`
gen_require(`
attribute mlsdbwrite;
')
typeattribute $1 mlsdbwrite;
')
########################################
## <summary>
## Make specified domain MLS trusted
## for raising the level of databases.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`mls_db_upgrade',`
gen_require(`
attribute mlsdbupgrade;
')
typeattribute $1 mlsdbupgrade;
')
########################################
## <summary>
## Make specified domain MLS trusted
## for lowering the level of databases.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`mls_db_downgrade',`
gen_require(`
attribute mlsdbdowngrade;
')
typeattribute $1 mlsdbdowngrade;
')
########################################
## <summary>
## Make specified domain MLS trusted
## for sending dbus messages to
## all levels.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`mls_dbus_send_all_levels',`
gen_require(`
attribute mlsdbussend;
')
typeattribute $1 mlsdbussend;
')
########################################
## <summary>
## Make specified domain MLS trusted
## for receiving dbus messages from
## all levels.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`mls_dbus_recv_all_levels',`
gen_require(`
attribute mlsdbusrecv;
')
typeattribute $1 mlsdbusrecv;
')