]>
Commit | Line | Data |
---|---|---|
a0824843 CP |
1 | ifdef(`enable_mcs',` |
2 | # | |
3 | # Define sensitivities | |
4 | # | |
a0824843 | 5 | # MCS is single-sensitivity. |
a0824843 | 6 | |
e070dd2d | 7 | gen_sens(1) |
a0824843 CP |
8 | |
9 | # | |
10 | # Define the categories | |
11 | # | |
e070dd2d | 12 | # Generate declarations |
a9e03b37 | 13 | |
e070dd2d | 14 | gen_cats(mcs_num_cats) |
a0824843 CP |
15 | |
16 | # | |
17 | # Each MCS level specifies a sensitivity and zero or more categories which may | |
18 | # be associated with that sensitivity. | |
19 | # | |
e070dd2d CP |
20 | |
21 | gen_levels(1,mcs_num_cats) | |
a0824843 CP |
22 | |
23 | # | |
24 | # Define the MCS policy | |
25 | # | |
26 | # mlsconstrain class_set perm_set expression ; | |
27 | # | |
28 | # mlsvalidatetrans class_set expression ; | |
29 | # | |
30 | # expression : ( expression ) | |
31 | # | not expression | |
32 | # | expression and expression | |
33 | # | expression or expression | |
34 | # | u1 op u2 | |
35 | # | r1 role_mls_op r2 | |
36 | # | t1 op t2 | |
37 | # | l1 role_mls_op l2 | |
38 | # | l1 role_mls_op h2 | |
39 | # | h1 role_mls_op l2 | |
40 | # | h1 role_mls_op h2 | |
41 | # | l1 role_mls_op h1 | |
42 | # | l2 role_mls_op h2 | |
43 | # | u1 op names | |
44 | # | u2 op names | |
45 | # | r1 op names | |
46 | # | r2 op names | |
47 | # | t1 op names | |
48 | # | t2 op names | |
49 | # | u3 op names (NOTE: this is only available for mlsvalidatetrans) | |
50 | # | r3 op names (NOTE: this is only available for mlsvalidatetrans) | |
51 | # | t3 op names (NOTE: this is only available for mlsvalidatetrans) | |
52 | # | |
53 | # op : == | != | |
54 | # role_mls_op : == | != | eq | dom | domby | incomp | |
55 | # | |
56 | # names : name | { name_list } | |
57 | # name_list : name | name_list name | |
58 | # | |
59 | ||
60 | # | |
61 | # MCS policy for the file classes | |
62 | # | |
63 | # Constrain file access so that the high range of the process dominates | |
64 | # the high range of the file. We use the high range of the process so | |
65 | # that processes can always simply run at s0. | |
66 | # | |
cdc86ee5 | 67 | # Note that getattr on files is always permitted. |
a0824843 | 68 | # |
8e788ed2 CP |
69 | mlsconstrain file { write setattr append unlink link rename ioctl lock execute relabelfrom } |
70 | ( h1 dom h2 ); | |
8cf67141 | 71 | |
8708d9be CP |
72 | mlsconstrain dir { create getattr setattr read write link unlink rename search add_name remove_name reparent rmdir lock ioctl } |
73 | (( h1 dom h2 ) or ( t2 == domain ) or ( t1 == mlsfileread )); | |
74 | ||
cdc86ee5 CP |
75 | # New filesystem object labels must be dominated by the relabeling subject |
76 | # clearance, also the objects are single-level. | |
8e788ed2 CP |
77 | mlsconstrain file { create relabelto } |
78 | (( h1 dom h2 ) and ( l2 eq h2 )); | |
a0824843 | 79 | |
cdc86ee5 CP |
80 | # At this time we do not restrict "ps" type operations via MCS. This |
81 | # will probably change in future. | |
8e788ed2 CP |
82 | mlsconstrain file { read } |
83 | (( h1 dom h2 ) or ( t2 == domain ) or ( t1 == mlsfileread )); | |
77f6e2cd CP |
84 | |
85 | # new file labels must be dominated by the relabeling subject clearance | |
8cf67141 | 86 | mlsconstrain { dir lnk_file chr_file blk_file sock_file fifo_file } { relabelfrom } |
77f6e2cd | 87 | ( h1 dom h2 ); |
8e788ed2 | 88 | |
8cf67141 CP |
89 | mlsconstrain { dir lnk_file chr_file blk_file sock_file fifo_file } { create relabelto } |
90 | (( h1 dom h2 ) and ( l2 eq h2 )); | |
91 | ||
9779f092 CP |
92 | mlsconstrain process { transition dyntransition } |
93 | (( h1 dom h2 ) or ( t1 == mcssetcats )); | |
94 | ||
8e788ed2 | 95 | mlsconstrain process { ptrace } |
46551033 | 96 | (( h1 dom h2) or ( t1 == mcsptraceall )); |
a0824843 | 97 | |
8e788ed2 CP |
98 | mlsconstrain process { sigkill sigstop } |
99 | (( h1 dom h2 ) or ( t1 == mcskillall )); | |
a0824843 | 100 | |
9760cbec CP |
101 | # |
102 | # MCS policy for SELinux-enabled databases | |
103 | # | |
104 | ||
105 | # Any database object must be dominated by the relabeling subject | |
106 | # clearance, also the objects are single-level. | |
107 | mlsconstrain { db_database db_table db_procedure db_column db_blob } { create relabelto } | |
108 | (( h1 dom h2 ) and ( l2 eq h2 )); | |
109 | ||
110 | mlsconstrain { db_tuple } { insert relabelto } | |
111 | (( h1 dom h2 ) and ( l2 eq h2 )); | |
112 | ||
113 | # Access control for any database objects based on MCS rules. | |
114 | mlsconstrain db_database { drop setattr relabelfrom access install_module load_module get_param set_param } | |
115 | ( h1 dom h2 ); | |
116 | ||
117 | mlsconstrain db_table { drop setattr relabelfrom select update insert delete use } | |
118 | ( h1 dom h2 ); | |
119 | ||
120 | mlsconstrain db_column { drop setattr relabelfrom select update insert use } | |
121 | ( h1 dom h2 ); | |
122 | ||
123 | mlsconstrain db_tuple { relabelfrom select update delete use } | |
124 | ( h1 dom h2 ); | |
125 | ||
126 | mlsconstrain db_procedure { execute } | |
127 | ( h1 dom h2 ); | |
128 | ||
129 | mlsconstrain db_blob { drop setattr relabelfrom read write } | |
130 | ( h1 dom h2 ); | |
131 | ||
a0824843 | 132 | ') dnl end enable_mcs |