f497b8df50
> We could add another 'or' on the above constraint: > > or ( (t2 == mlsfilewrite_in_range) and (l1 dom l2) and (h1 domby h2) ) > > I believe that would be the constraint you were looking for. I don't > like the name of that attribute, but I couldn't come up with a better > one off the top of my head. :) > Attached is a patch which I've tested against selinux-policy-2.4.2-1 that implements this additional constraint. The name is still a bit forced, but it works. -matt <mra at hp dot com>
494 lines
9.3 KiB
Plaintext
494 lines
9.3 KiB
Plaintext
## <summary>Multilevel security policy</summary>
|
|
## <desc>
|
|
## <p>
|
|
## This module contains interfaces for handling multilevel
|
|
## security. The interfaces allow the specified subjects
|
|
## and objects to be allowed certain privileges in the
|
|
## MLS rules.
|
|
## </p>
|
|
## </desc>
|
|
## <required val="true">
|
|
## Contains attributes used in MLS policy.
|
|
## </required>
|
|
|
|
########################################
|
|
## <summary>
|
|
## Make specified domain MLS trusted
|
|
## for reading from files at higher levels.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
interface(`mls_file_read_up',`
|
|
gen_require(`
|
|
attribute mlsfileread;
|
|
')
|
|
|
|
typeattribute $1 mlsfileread;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Make specified domain MLS trusted
|
|
## for writing to files at lower levels.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
interface(`mls_file_write_down',`
|
|
gen_require(`
|
|
attribute mlsfilewrite;
|
|
')
|
|
|
|
typeattribute $1 mlsfilewrite;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Make specified domain MLS trusted
|
|
## for raising the level of files.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
interface(`mls_file_upgrade',`
|
|
gen_require(`
|
|
attribute mlsfileupgrade;
|
|
')
|
|
|
|
typeattribute $1 mlsfileupgrade;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Make specified domain MLS trusted
|
|
## for lowering the level of files.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
## <rolecap/>
|
|
#
|
|
interface(`mls_file_downgrade',`
|
|
gen_require(`
|
|
attribute mlsfiledowngrade;
|
|
')
|
|
|
|
typeattribute $1 mlsfiledowngrade;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Make specified domain trusted to
|
|
## be written to within its MLS range.
|
|
## The subject's MLS range must be a
|
|
## proper subset of the object's MLS range.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`mls_file_write_within_range',`
|
|
gen_require(`
|
|
attribute mlsfilewriteinrange;
|
|
')
|
|
|
|
typeattribute $1 mlsfilewriteinrange;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Make specified domain MLS trusted
|
|
## for reading from sockets at any level.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`mls_socket_read_all_levels',`
|
|
gen_require(`
|
|
attribute mlsnetread;
|
|
')
|
|
|
|
typeattribute $1 mlsnetread;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Make specified domain MLS trusted
|
|
## for reading from sockets at any level
|
|
## that is dominated by the process clearance.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`mls_socket_read_to_clearance',`
|
|
gen_require(`
|
|
attribute mlsnetreadtoclr;
|
|
')
|
|
|
|
typeattribute $1 mlsnetreadtoclr;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Make specified domain MLS trusted
|
|
## for writing to sockets at any level.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`mls_socket_write_all_levels',`
|
|
gen_require(`
|
|
attribute mlsnetwrite;
|
|
')
|
|
|
|
typeattribute $1 mlsnetwrite;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Make specified domain MLS trusted
|
|
## for receiving network data from
|
|
## network interfaces or hosts at any level.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`mls_net_receive_all_levels',`
|
|
gen_require(`
|
|
attribute mlsnetrecvall;
|
|
')
|
|
|
|
typeattribute $1 mlsnetrecvall;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Make specified domain MLS trusted
|
|
## for reading from System V IPC objects
|
|
## at any level.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`mls_sysvipc_read_all_levels',`
|
|
gen_require(`
|
|
attribute mlsipcread;
|
|
')
|
|
|
|
typeattribute $1 mlsipcread;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Make specified domain MLS trusted
|
|
## for writing to System V IPC objects
|
|
## at any level.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`mls_sysvipc_write_all_levels',`
|
|
gen_require(`
|
|
attribute mlsipcwrite;
|
|
')
|
|
|
|
typeattribute $1 mlsipcwrite;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Allow the specified domain to do a MLS
|
|
## range transition that changes
|
|
## the current level.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`mls_rangetrans_source',`
|
|
gen_require(`
|
|
attribute privrangetrans;
|
|
')
|
|
|
|
typeattribute $1 privrangetrans;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Make specified domain a target domain
|
|
## for MLS range transitions that change
|
|
## the current level.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`mls_rangetrans_target',`
|
|
gen_require(`
|
|
attribute mlsrangetrans;
|
|
')
|
|
|
|
typeattribute $1 mlsrangetrans;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Make specified domain MLS trusted
|
|
## for reading from processes at higher levels.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`mls_process_read_up',`
|
|
gen_require(`
|
|
attribute mlsprocread;
|
|
')
|
|
|
|
typeattribute $1 mlsprocread;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Make specified domain MLS trusted
|
|
## for writing to processes at lower levels.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`mls_process_write_down',`
|
|
gen_require(`
|
|
attribute mlsprocwrite;
|
|
')
|
|
|
|
typeattribute $1 mlsprocwrite;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Make specified domain MLS trusted
|
|
## for setting the level of processes
|
|
## it executes.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`mls_process_set_level',`
|
|
gen_require(`
|
|
attribute mlsprocsetsl;
|
|
')
|
|
|
|
typeattribute $1 mlsprocsetsl;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Make specified domain MLS trusted
|
|
## for reading from X objects at any level.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`mls_xwin_read_all_levels',`
|
|
gen_require(`
|
|
attribute mlsxwinread;
|
|
')
|
|
|
|
typeattribute $1 mlsxwinread;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Make specified domain MLS trusted
|
|
## for writing to X objects at any level.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`mls_xwin_write_all_levels',`
|
|
gen_require(`
|
|
attribute mlsxwinwrite;
|
|
')
|
|
|
|
typeattribute $1 mlsxwinwrite;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Make specified domain MLS trusted
|
|
## for reading from X colormaps at any level.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`mls_colormap_read_all_levels',`
|
|
gen_require(`
|
|
attribute mlsxwinreadcolormap;
|
|
')
|
|
|
|
typeattribute $1 mlsxwinreadcolormap;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Make specified domain MLS trusted
|
|
## for writing to X colormaps at any level.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`mls_colormap_write_all_levels',`
|
|
gen_require(`
|
|
attribute mlsxwinwritecolormap;
|
|
')
|
|
|
|
typeattribute $1 mlsxwinwritecolormap;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Make specified object MLS trusted.
|
|
## </summary>
|
|
## <desc>
|
|
## <p>
|
|
## Make specified object MLS trusted. This
|
|
## allows all levels to read and write the
|
|
## object.
|
|
## </p>
|
|
## <p>
|
|
## This currently only applies to filesystem
|
|
## objects, for example, files and directories.
|
|
## </p>
|
|
## </desc>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## The type of the object.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`mls_trusted_object',`
|
|
gen_require(`
|
|
attribute mlstrustedobject;
|
|
')
|
|
|
|
typeattribute $1 mlstrustedobject;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Make the specified domain trusted
|
|
## to inherit and use file descriptors
|
|
## from all levels.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`mls_fd_use_all_levels',`
|
|
gen_require(`
|
|
attribute mlsfduse;
|
|
')
|
|
|
|
typeattribute $1 mlsfduse;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Make the file descriptors from the
|
|
## specifed domain inheritable by
|
|
## all levels.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`mls_fd_share_all_levels',`
|
|
gen_require(`
|
|
attribute mlsfdshare;
|
|
')
|
|
|
|
typeattribute $1 mlsfdshare;
|
|
')
|
|
|
|
########################################
|
|
## <summary>
|
|
## Make specified domain MLS trusted
|
|
## for translating contexts at all levels.
|
|
## </summary>
|
|
## <param name="domain">
|
|
## <summary>
|
|
## Domain allowed access.
|
|
## </summary>
|
|
## </param>
|
|
#
|
|
interface(`mls_context_translate_all_levels',`
|
|
gen_require(`
|
|
attribute mlstranslate;
|
|
')
|
|
|
|
typeattribute $1 mlstranslate;
|
|
')
|