trunk: Database userspace object manager classes from KaiGai Kohei.

2007-08-09 13:15:07 +00:00 · 2007-08-09 13:15:07 +00:00 · 9760cbec2d
parent 3d6e962dfa
commit 9760cbec2d
7 changed files with 287 additions and 1 deletions
--- a/1
+++ b/1
@ -1,3 +1,4 @@
+- Database userspace object manager classes from KaiGai Kohei.
 - Add third-party interface for Apache CGI.
 - Add getserv and shmemserv nscd permissions.
 - Add debian apcupsd binary location, from Stefan Schulze Frielinghaus.
--- a/policy/flask/access_vectors
+++ b/policy/flask/access_vectors
@ -79,6 +79,20 @@ common ipc
 	unix_write
 }

+#
+#  Define a common prefix for userspace database object access vectors.
+#
+
+common database
+{
+	create
+	drop
+	getattr
+	setattr
+	relabelfrom
+	relabelto
+}
+
 #
 # Define the access vectors.
 #
@ -655,3 +669,60 @@ class memprotect
 {
 	mmap_zero
 }
+
+class db_database
+inherits database
+{
+	access
+	install_module
+	load_module
+	get_param
+	set_param
+}
+
+class db_table
+inherits database
+{
+	use
+	select
+	update
+	insert
+	delete
+	lock
+}
+
+class db_procedure
+inherits database
+{
+	execute
+	entrypoint
+}
+
+class db_column
+inherits database
+{
+	use
+	select
+	update
+	insert
+}
+
+class db_tuple
+{
+	relabelfrom
+	relabelto
+	use
+	select
+	update
+	insert
+	delete
+}
+
+class db_blob
+inherits database
+{
+	read
+	write
+	import
+	export
+}
--- a/policy/flask/security_classes
+++ b/policy/flask/security_classes
@ -99,4 +99,11 @@ class dccp_socket

 class memprotect

+class db_database		# userspace
+class db_table			# userspace
+class db_procedure		# userspace
+class db_column			# userspace
+class db_tuple			# userspace
+class db_blob			# userspace
+
 # FLASK
--- a/policy/mcs
+++ b/policy/mcs
@ -98,4 +98,35 @@ mlsconstrain process { ptrace }
 mlsconstrain process { sigkill sigstop }
 	(( h1 dom h2 ) or ( t1 == mcskillall ));

+#
+# MCS policy for SELinux-enabled databases
+#
+
+# Any database object must be dominated by the relabeling subject
+# clearance, also the objects are single-level.
+mlsconstrain { db_database db_table db_procedure db_column db_blob } { create relabelto }
+	(( h1 dom h2 ) and ( l2 eq h2 ));
+
+mlsconstrain { db_tuple } { insert relabelto }
+	(( h1 dom h2 ) and ( l2 eq h2 ));
+
+# Access control for any database objects based on MCS rules.
+mlsconstrain db_database { drop setattr relabelfrom access install_module load_module get_param set_param }
+	( h1 dom h2 );
+
+mlsconstrain db_table { drop setattr relabelfrom select update insert delete use }
+	( h1 dom h2 );
+
+mlsconstrain db_column { drop setattr relabelfrom select update insert use }
+	( h1 dom h2 );
+
+mlsconstrain db_tuple { relabelfrom select update delete use }
+	( h1 dom h2 );
+
+mlsconstrain db_procedure { execute }
+	( h1 dom h2 );
+
+mlsconstrain db_blob { drop setattr relabelfrom read write }
+	( h1 dom h2 );
+
 ') dnl end enable_mcs
--- a/policy/mls
+++ b/policy/mls
@ -600,4 +600,96 @@ mlsconstrain context translate
 mlsconstrain context contains
 	( h1 dom h2 );

+#
+# MLS policy for database classes
+#
+
+# make sure these database classes are "single level"
+mlsconstrain { db_database db_table db_procedure db_column db_blob } { create relabelto }
+	( l2 eq h2 );
+mlsconstrain { db_tuple } { insert relabelto }
+	( l2 eq h2 );
+
+# new database labels must be dominated by the relabeling subjects clearance
+mlsconstrain { db_database db_table db_procedure db_column db_tuple db_blob } { relabelto }
+	( h1 dom h2 );
+
+# the database "read" ops (note the check is dominance of the low level)
+mlsconstrain { db_database } { getattr access get_param }
+	(( l1 dom l2 ) or
+	 (( t1 == mlsdbreadtoclr ) and ( h1 dom l2 )) or
+	 ( t1 == mlsdbread ) or
+	 ( t2 == mlstrustedobject ));
+
+mlsconstrain { db_table db_column } { getattr use select }
+	(( l1 dom l2 ) or
+	 (( t1 == mlsdbreadtoclr ) and ( h1 dom l2 )) or
+	 ( t1 == mlsdbread ) or
+	 ( t2 == mlstrustedobject ));
+
+mlsconstrain { db_procedure } { getattr execute }
+	(( l1 dom l2 ) or
+	 (( t1 == mlsdbreadtoclr ) and ( h1 dom l2 )) or
+	 ( t1 == mlsdbread ) or
+	 ( t2 == mlstrustedobject ));
+
+mlsconstrain { db_blob } { getattr read }
+	(( l1 dom l2 ) or
+	 (( t1 == mlsdbreadtoclr ) and ( h1 dom l2 )) or
+	 ( t1 == mlsdbread ) or
+	 ( t2 == mlstrustedobject ));
+
+mlsconstrain { db_tuple } { use select }
+	(( l1 dom l2 ) or
+	 (( t1 == mlsdbreadtoclr ) and ( h1 dom l2 )) or
+	 ( t1 == mlsdbread ) or
+	 ( t2 == mlstrustedobject ));
+
+# the "single level" file "write" ops
+mlsconstrain { db_database } { create drop setattr relabelfrom install_module load_module set_param }
+	(( l1 eq l2 ) or
+	 (( t1 == mlsdbwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
+	 (( t2 == mlsdbwriteinrange ) and ( l1 dom l2 ) and ( h1 domby h2 )) or
+	 ( t1 == mlsdbwrite ) or
+	 ( t2 == mlstrustedobject ));
+
+mlsconstrain { db_table } { create drop setattr relabelfrom update insert delete lock }
+	(( l1 eq l2 ) or
+	 (( t1 == mlsdbwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
+	 (( t2 == mlsdbwriteinrange ) and ( l1 dom l2 ) and ( h1 domby h2 )) or
+	 ( t1 == mlsdbwrite ) or
+	 ( t2 == mlstrustedobject ));
+
+mlsconstrain { db_column } { create drop setattr relabelfrom update insert }
+	(( l1 eq l2 ) or
+	 (( t1 == mlsdbwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
+	 (( t2 == mlsdbwriteinrange ) and ( l1 dom l2 ) and ( h1 domby h2 )) or
+	 ( t1 == mlsdbwrite ) or
+	 ( t2 == mlstrustedobject ));
+
+mlsconstrain { db_blob } { create drop setattr relabelfrom write import export }
+	(( l1 eq l2 ) or
+	 (( t1 == mlsdbwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
+	 (( t2 == mlsdbwriteinrange ) and ( l1 dom l2 ) and ( h1 domby h2 )) or
+	 ( t1 == mlsdbwrite ) or
+	 ( t2 == mlstrustedobject ));
+
+mlsconstrain { db_tuple } { relabelfrom update insert delete }
+	(( l1 eq l2 ) or
+	 (( t1 == mlsdbwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
+	 (( t2 == mlsdbwriteinrange ) and ( l1 dom l2 ) and ( h1 domby h2 )) or
+	 ( t1 == mlsdbwrite ) or
+	 ( t2 == mlstrustedobject ));
+
+# the database upgrade/downgrade rule
+mlsvalidatetrans { db_database db_table db_procedure db_column db_tuple db_blob }
+	((( l1 eq l2 ) or
+	  (( t3 == mlsdbupgrade ) and ( l1 domby l2 )) or
+	  (( t3 == mlsdbdowngrade ) and ( l1 dom l2 )) or
+	  (( t3 == mlsdbdowngrade ) and ( l1 incomp l2 ))) and
+	 (( l1 eq h2 ) or
+	  (( t3 == mlsdbupgrade ) and ( h1 domby h2 )) or
+	  (( t3 == mlsdbdowngrade ) and ( h1 dom h2 )) or
+	  (( t3 == mlsdbdowngrade ) and ( h1 incomp h2 ))));
+
 ') dnl end enable_mls
--- a/policy/modules/kernel/mls.if
+++ b/policy/modules/kernel/mls.if
@ -491,3 +491,79 @@ interface(`mls_context_translate_all_levels',`

 	typeattribute $1 mlstranslate;
 ')
+
+########################################
+## <summary>
+##      Make specified domain MLS trusted
+##      for reading from databases at any level.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+interface(`mls_db_read_all_levels',`
+	gen_require(`
+		attribute mlsdbread;
+	')
+
+	typeattribute $1 mlsdbread;
+')
+
+########################################
+## <summary>
+##       Make specified domain MLS trusted
+##       for writing to databases at any level.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+interface(`mls_db_write_all_levels',`
+	gen_require(`
+		attribute mlsdbwrite;
+	')
+
+	typeattribute $1 mlsdbwrite;
+')
+
+########################################
+## <summary>
+##      Make specified domain MLS trusted
+##      for raising the level of databases.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+interface(`mls_db_upgrade',`
+	gen_require(`
+		attribute mlsdbupgrade;
+	')
+
+	typeattribute $1 mlsdbupgrade;
+')
+
+########################################
+## <summary>
+##      Make specified domain MLS trusted
+##      for lowering the level of databases.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+interface(`mls_db_downgrade',`
+	gen_require(`
+		attribute mlsdbdowngrade;
+	')
+
+	typeattribute $1 mlsdbdowngrade;
+')
--- a/policy/modules/kernel/mls.te
+++ b/policy/modules/kernel/mls.te
@ -1,5 +1,5 @@

-policy_module(mls,1.5.0)
+policy_module(mls,1.5.1)

 ########################################
 #
@ -43,6 +43,14 @@ attribute mlsxwinreadcolormap;
 attribute mlsxwinwritecolormap;
 attribute mlsxwinwritexinput;

+attribute mlsdbread;
+attribute mlsdbreadtoclr;
+attribute mlsdbwrite;
+attribute mlsdbwritetoclr;
+attribute mlsdbwriteinrange;
+attribute mlsdbupgrade;
+attribute mlsdbdowngrade;
+
 attribute mlstrustedobject;

 attribute privrangetrans;