]> git.ipfire.org Git - people/stevee/selinux-policy.git/blame - policy/mls
projects / people / stevee / selinux-policy.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Add httpd_can_connect_ldap() interface
[people/stevee/selinux-policy.git] / policy / mls
CommitLineData
134191be
CP		 1ifdef(`enable_mls',`
2#
3# Define sensitivities
4#
e070dd2d
CP		 5# Domination of sensitivities is in increasin
6# numerical order, with s0 being the lowest
134191be 7
e070dd2d 8gen_sens(mls_num_sens)
2705f9a0 9
134191be
CP		 10#
11# Define the categories
12#
e070dd2d 13# Generate declarations
134191be 14
e070dd2d 15gen_cats(mls_num_cats)
134191be
CP		 16
17#
18# Each MLS level specifies a sensitivity and zero or more categories which may
19# be associated with that sensitivity.
20#
e070dd2d
CP		 21# Generate levels from all sensitivities
22# with all categories
134191be 23
e070dd2d 24gen_levels(mls_num_sens,mls_num_cats)
134191be
CP		 25
26#
27# Define the MLS policy
28#
29# mlsconstrain class_set perm_set expression ;
30#
31# mlsvalidatetrans class_set expression ;
32#
33# expression : ( expression )
34# | not expression
35# | expression and expression
36# | expression or expression
37# | u1 op u2
38# | r1 role_mls_op r2
39# | t1 op t2
40# | l1 role_mls_op l2
41# | l1 role_mls_op h2
42# | h1 role_mls_op l2
43# | h1 role_mls_op h2
44# | l1 role_mls_op h1
45# | l2 role_mls_op h2
46# | u1 op names
47# | u2 op names
48# | r1 op names
49# | r2 op names
50# | t1 op names
51# | t2 op names
52# | u3 op names (NOTE: this is only available for mlsvalidatetrans)
53# | r3 op names (NOTE: this is only available for mlsvalidatetrans)
54# | t3 op names (NOTE: this is only available for mlsvalidatetrans)
55#
56# op : == | !=
57# role_mls_op : == | != | eq | dom | domby | incomp
58#
59# names : name | { name_list }
2705f9a0 60# name_list : name | name_list name
134191be
CP		 61#
62
63#
64# MLS policy for the file classes
65#
66
67# make sure these file classes are "single level"
68mlsconstrain { file lnk_file fifo_file } { create relabelto }
69 ( l2 eq h2 );
70
bf080a46 71# new file labels must be dominated by the relabeling subjects clearance
134191be
CP		 72mlsconstrain { dir file lnk_file chr_file blk_file sock_file fifo_file } relabelto
73 ( h1 dom h2 );
74
75# the file "read" ops (note the check is dominance of the low level)
76mlsconstrain { dir file lnk_file chr_file blk_file sock_file fifo_file } { read getattr execute }
77 (( l1 dom l2 ) or
78 (( t1 == mlsfilereadtoclr ) and ( h1 dom l2 )) or
79 ( t1 == mlsfileread ) or
80 ( t2 == mlstrustedobject ));
81
82mlsconstrain dir search
83 (( l1 dom l2 ) or
84 (( t1 == mlsfilereadtoclr ) and ( h1 dom l2 )) or
85 ( t1 == mlsfileread ) or
86 ( t2 == mlstrustedobject ));
87
88# the "single level" file "write" ops
a5e2133b 89mlsconstrain { file lnk_file fifo_file dir chr_file blk_file sock_file } { write create setattr relabelfrom append unlink link rename mounton }
134191be
CP		 90 (( l1 eq l2 ) or
91 (( t1 == mlsfilewritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
f497b8df 92 (( t2 == mlsfilewriteinrange ) and ( l1 dom l2 ) and ( h1 domby h2 )) or
134191be
CP		 93 ( t1 == mlsfilewrite ) or
94 ( t2 == mlstrustedobject ));
95
d62c0881 96# Directory "write" ops
134191be 97mlsconstrain dir { add_name remove_name reparent rmdir }
d62c0881
CP		 98 (( l1 eq l2 ) or
99 (( t1 == mlsfilewriteinrange ) and ( l1 dom l2 ) and ( l1 domby h2 )) or
134191be
CP		 100 (( t1 == mlsfilewritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
101 ( t1 == mlsfilewrite ) or
102 ( t2 == mlstrustedobject ));
103
104# these access vectors have no MLS restrictions
105# { dir file lnk_file chr_file blk_file sock_file fifo_file } { ioctl lock swapon quotaon }
106#
2705f9a0 107# { file chr_file } { execute_no_trans entrypoint execmod }
134191be
CP		 108
109# the file upgrade/downgrade rule
2705f9a0 110mlsvalidatetrans { dir file lnk_file chr_file blk_file sock_file fifo_file }
134191be
CP		 111 ((( l1 eq l2 ) or
112 (( t3 == mlsfileupgrade ) and ( l1 domby l2 )) or
113 (( t3 == mlsfiledowngrade ) and ( l1 dom l2 )) or
114 (( t3 == mlsfiledowngrade ) and ( l1 incomp l2 ))) and
115 (( h1 eq h2 ) or
116 (( t3 == mlsfileupgrade ) and ( h1 domby h2 )) or
117 (( t3 == mlsfiledowngrade ) and ( h1 dom h2 )) or
118 (( t3 == mlsfiledowngrade ) and ( h1 incomp h2 ))));
119
120# create can also require the upgrade/downgrade checks if the creating process
121# has used setfscreate (note that both the high and low level of the object
122# default to the process sensitivity level)
123mlsconstrain { dir file lnk_file chr_file blk_file sock_file fifo_file } create
124 ((( l1 eq l2 ) or
125 (( t1 == mlsfileupgrade ) and ( l1 domby l2 )) or
126 (( t1 == mlsfiledowngrade ) and ( l1 dom l2 )) or
127 (( t1 == mlsfiledowngrade ) and ( l1 incomp l2 ))) and
128 (( l1 eq h2 ) or
129 (( t1 == mlsfileupgrade ) and ( l1 domby h2 )) or
130 (( t1 == mlsfiledowngrade ) and ( l1 dom h2 )) or
131 (( t1 == mlsfiledowngrade ) and ( l1 incomp h2 ))));
132
133
2705f9a0
CP		 134
135
134191be
CP		 136#
137# MLS policy for the filesystem class
138#
139
bf080a46 140# new filesystem labels must be dominated by the relabeling subjects clearance
134191be
CP		 141mlsconstrain filesystem relabelto
142 ( h1 dom h2 );
143
144# the filesystem "read" ops (implicit single level)
145mlsconstrain filesystem { getattr quotaget }
146 (( l1 dom l2 ) or
147 (( t1 == mlsfilereadtoclr ) and ( h1 dom l2 )) or
148 ( t1 == mlsfileread ));
149
150# all the filesystem "write" ops (implicit single level)
151mlsconstrain filesystem { mount remount unmount relabelfrom quotamod }
152 (( l1 eq l2 ) or
153 (( t1 == mlsfilewritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
154 ( t1 == mlsfilewrite ));
155
156# these access vectors have no MLS restrictions
157# filesystem { transition associate }
158
159
2705f9a0
CP		 160
161
134191be
CP		 162#
163# MLS policy for the socket classes
164#
165
bf080a46 166# new socket labels must be dominated by the relabeling subjects clearance
134191be
CP		 167mlsconstrain { socket tcp_socket udp_socket rawip_socket netlink_socket packet_socket key_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_socket netlink_audit_socket netlink_ip6fw_socket netlink_dnrt_socket } relabelto
168 ( h1 dom h2 );
169
d62c0881
CP		 170# the socket "read+write" ops
171# (Socket FDs are generally bidirectional, equivalent to open(..., O_RDWR),
172# require equal levels for unprivileged subjects, or read *and* write overrides)
173mlsconstrain { socket tcp_socket udp_socket rawip_socket netlink_socket packet_socket key_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_socket netlink_audit_socket netlink_ip6fw_socket netlink_dnrt_socket } { accept connect }
174 (( l1 eq l2 ) or
175 (((( t1 == mlsnetreadtoclr ) and ( h1 dom l2 )) or
176 ( t1 == mlsnetread )) and
177 ((( t1 == mlsnetwriteranged ) and ( l1 dom l2 ) and ( l1 domby h2 )) or
178 (( t1 == mlsnetwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
179 ( t1 == mlsnetwrite ))));
180
181
2705f9a0 182# the socket "read" ops (note the check is dominance of the low level)
130f8a4a 183mlsconstrain { socket tcp_socket udp_socket rawip_socket netlink_socket packet_socket key_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_socket netlink_audit_socket netlink_ip6fw_socket netlink_dnrt_socket } { read getattr listen accept getopt recv_msg }
134191be
CP		 184 (( l1 dom l2 ) or
185 (( t1 == mlsnetreadtoclr ) and ( h1 dom l2 )) or
186 ( t1 == mlsnetread ));
187
134191be
CP		 188mlsconstrain { netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_xfrm_socket netlink_audit_socket netlink_ip6fw_socket } nlmsg_read
189 (( l1 dom l2 ) or
190 (( t1 == mlsnetreadtoclr ) and ( h1 dom l2 )) or
191 ( t1 == mlsnetread ));
192
193# the socket "write" ops
2705f9a0 194mlsconstrain { socket tcp_socket udp_socket rawip_socket netlink_socket packet_socket key_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_socket netlink_audit_socket netlink_ip6fw_socket netlink_dnrt_socket } { write setattr relabelfrom connect setopt shutdown }
d62c0881
CP		 195 (( l1 eq l2 ) or
196 (( t1 == mlsnetwriteranged ) and ( l1 dom l2 ) and ( l1 domby h2 )) or
134191be
CP		 197 (( t1 == mlsnetwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
198 ( t1 == mlsnetwrite ));
199
d62c0881 200# used by netlabel to restrict normal domains to same level connections
b50f2ee4 201mlsconstrain { tcp_socket udp_socket rawip_socket } recvfrom
130f8a4a
CP		 202 (( l1 eq l2 ) or
203 (( t1 == mlsnetreadtoclr ) and ( h1 dom l2 )) or
d62c0881 204 ( t1 == mlsnetread ));
130f8a4a 205
4af2b3fb
CP		 206# UNIX domain socket ops
207mlsconstrain unix_stream_socket connectto
208 (( l1 eq l2 ) or
209 (( t1 == mlsnetwriteranged ) and ( l1 dom l2 ) and ( l1 domby h2 )) or
210 (( t1 == mlsnetwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
3b727860
CP		 211 ( t1 == mlsnetwrite ) or
212 ( t2 == mlstrustedobject ));
4af2b3fb
CP		 213
214mlsconstrain unix_dgram_socket sendto
215 (( l1 eq l2 ) or
216 (( t1 == mlsnetwriteranged ) and ( l1 dom l2 ) and ( l1 domby h2 )) or
217 (( t1 == mlsnetwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
3b727860
CP		 218 ( t1 == mlsnetwrite ) or
219 ( t2 == mlstrustedobject ));
4af2b3fb 220
134191be 221# these access vectors have no MLS restrictions
2705f9a0 222# { socket tcp_socket udp_socket rawip_socket netlink_socket packet_socket key_socket unix_stream_socket unix_dgram_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_socket netlink_audit_socket netlink_ip6fw_socket netlink_dnrt_socket } { ioctl create lock append bind sendto send_msg name_bind }
134191be
CP		 223#
224# { tcp_socket udp_socket rawip_socket } node_bind
225#
2705f9a0
CP		 226# { tcp_socket unix_stream_socket } { connectto newconn acceptfrom }
227#
63e0a1e0
CP		 228# tcp_socket name_connect
229#
134191be
CP		 230# { netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_xfrm_socket netlink_audit_socket netlink_ip6fw_socket } nlmsg_write
231#
63e0a1e0
CP		 232# netlink_audit_socket { nlmsg_relay nlmsg_readpriv }
233#
234# netlink_kobject_uevent_socket *
235#
134191be
CP		 236
237
2705f9a0
CP		 238
239
134191be
CP		 240#
241# MLS policy for the ipc classes
242#
243
244# the ipc "read" ops (implicit single level)
245mlsconstrain { ipc sem msgq shm } { getattr read unix_read }
246 (( l1 dom l2 ) or
247 (( t1 == mlsipcreadtoclr ) and ( h1 dom l2 )) or
248 ( t1 == mlsipcread ));
249
250mlsconstrain msg receive
251 (( l1 dom l2 ) or
252 (( t1 == mlsipcreadtoclr ) and ( h1 dom l2 )) or
253 ( t1 == mlsipcread ));
254
255# the ipc "write" ops (implicit single level)
256mlsconstrain { ipc sem msgq shm } { create destroy setattr write unix_write }
257 (( l1 eq l2 ) or
258 (( t1 == mlsipcwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
259 ( t1 == mlsipcwrite ));
260
261mlsconstrain msgq enqueue
262 (( l1 eq l2 ) or
263 (( t1 == mlsipcwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
264 ( t1 == mlsipcwrite ));
265
266mlsconstrain shm lock
267 (( l1 eq l2 ) or
268 (( t1 == mlsipcwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
269 ( t1 == mlsipcwrite ));
270
271mlsconstrain msg send
272 (( l1 eq l2 ) or
273 (( t1 == mlsipcwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
274 ( t1 == mlsipcwrite ));
275
276# these access vectors have no MLS restrictions
277# { ipc sem msgq shm } associate
278
279
2705f9a0
CP		 280
281
134191be
CP		 282#
283# MLS policy for the fd class
284#
285
cf7af137
CP		 286# No sharing of open file descriptors between levels unless
287# the process type is authorized to use fds created by
288# other levels (mlsfduse) or the fd type is authorized to
289# shared among levels (mlsfdshare).
290mlsconstrain fd use (
291 l1 eq l2
292 or t1 == mlsfduse
293 or t2 == mlsfdshare
294);
134191be
CP		 295
296#
2705f9a0 297# MLS policy for the network object classes
134191be
CP		 298#
299
2705f9a0
CP		 300# the netif/node "read" ops (implicit single level socket doing the read)
301# (note the check is dominance of the low level)
302mlsconstrain { node netif } { tcp_recv udp_recv rawip_recv }
303 (( l1 dom l2 ) or ( t1 == mlsnetrecvall ));
304
305# the netif/node "write" ops (implicit single level socket doing the write)
306mlsconstrain { netif node } { tcp_send udp_send rawip_send }
d62c0881
CP		 307 (( l1 eq l2 ) or
308 (( t1 == mlsnetwriteranged ) and ( l1 dom l2 ) and ( l1 domby h2 )));
2705f9a0 309
134191be 310# these access vectors have no MLS restrictions
63e0a1e0 311# node enforce_dest
2705f9a0
CP		 312
313
134191be
CP		 314
315
e1a70f1d
CP		 316#
317# MLS policy for the network ingress/egress controls
318#
319
320# the netif ingress/egress ops, the ingress permission is a "write" operation
321# because the subject in this particular case is the remote domain which is
322# writing data out the network interface which is acting as the object
323mlsconstrain { netif } { ingress }
324 ((( l1 dom l2 ) and ( l1 domby h2 )) or
325 ( t1 == mlsnetinbound ) or
326 ( t1 == unlabeled_t ));
327mlsconstrain { netif } { egress }
328 ((( l1 dom l2 ) and ( l1 domby h2 )) or
329 ( t1 == mlsnetoutbound ));
330
331# the node recvfrom/sendto ops, the recvfrom permission is a "write" operation
332# because the subject in this particular case is the remote domain which is
333# writing data out the network node which is acting as the object
334mlsconstrain { node } { recvfrom }
335 ((( l1 dom l2 ) and ( l1 domby h2 )) or
336 ( t1 == mlsnetinbound ) or
337 ( t1 == unlabeled_t ));
338mlsconstrain { node } { sendto }
339 ((( l1 dom l2 ) and ( l1 domby h2 )) or
340 ( t1 == mlsnetoutbound ));
341
342# the forward ops, the forward_in permission is a "write" operation because the
343# subject in this particular case is the remote domain which is writing data
344# to the network with a secmark label, the object in this case
345mlsconstrain { packet } { forward_in }
346 ((( l1 dom l2 ) and ( l1 domby h2 )) or
347 ( t1 == mlsnetinbound ) or
348 ( t1 == unlabeled_t ));
349mlsconstrain { packet } { forward_out }
350 ((( l1 dom l2 ) and ( l1 domby h2 )) or
351 ( t1 == mlsnetoutbound ) or
352 ( t1 == unlabeled_t ));
353
354#
355# MLS policy for the secmark and peer controls
356#
357
358# the peer/packet recv op
359mlsconstrain { peer packet } { recv }
360 (( l1 dom l2 ) or
361 (( t1 == mlsnetreadtoclr ) and ( h1 dom l2 )) or
362 ( t1 == mlsnetread ));
363
364
365
366
134191be
CP		 367#
368# MLS policy for the process class
369#
370
bf080a46 371# new process labels must be dominated by the relabeling subjects clearance
2705f9a0
CP		 372# and sensitivity level changes require privilege
373mlsconstrain process transition
374 (( h1 dom h2 ) and
375 (( l1 eq l2 ) or ( t1 == mlsprocsetsl ) or
376 (( t1 == privrangetrans ) and ( t2 == mlsrangetrans ))));
377mlsconstrain process dyntransition
134191be
CP		 378 (( h1 dom h2 ) and
379 (( l1 eq l2 ) or ( t1 == mlsprocsetsl )));
380
381# all the process "read" ops
382mlsconstrain process { getsched getsession getpgid getcap getattr ptrace share }
383 (( l1 dom l2 ) or
384 (( t1 == mlsprocreadtoclr ) and ( h1 dom l2 )) or
385 ( t1 == mlsprocread ));
386
387# all the process "write" ops (note the check is equality on the low level)
388mlsconstrain process { sigkill sigstop signal setsched setpgid setcap setexec setfscreate setcurrent ptrace share }
389 (( l1 eq l2 ) or
390 (( t1 == mlsprocwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
391 ( t1 == mlsprocwrite ));
392
393# these access vectors have no MLS restrictions
63e0a1e0 394# process { fork sigchld signull noatsecure siginh setrlimit rlimitinh execmem execstack execheap }
2705f9a0
CP		 395
396
134191be
CP		 397
398
399#
400# MLS policy for the security class
401#
402
403# these access vectors have no MLS restrictions
404# security *
405
406
2705f9a0
CP		 407
408
134191be
CP		 409#
410# MLS policy for the system class
411#
412
413# these access vectors have no MLS restrictions
414# system *
415
416
2705f9a0
CP		 417
418
134191be
CP		 419#
420# MLS policy for the capability class
421#
422
423# these access vectors have no MLS restrictions
424# capability *
425
426
427
2705f9a0 428
134191be
CP		 429#
430# MLS policy for the passwd class
431#
432
433# these access vectors have no MLS restrictions
434# passwd *
435
436
2705f9a0
CP		 437
438
134191be 439#
2c12b471 440# MLS policy for the x_drawable class
134191be
CP		 441#
442
2c12b471
CP		 443# the x_drawable "read" ops (implicit single level)
444mlsconstrain x_drawable { read blend getattr list_child list_property get_property receive }
134191be
CP		 445 (( l1 dom l2 ) or
446 (( t1 == mlsxwinreadtoclr ) and ( h1 dom l2 )) or
447 ( t1 == mlsxwinread ));
448
2c12b471
CP		 449# the x_drawable "write" ops (implicit single level)
450mlsconstrain x_drawable { create destroy write setattr add_child remove_child send manage }
134191be
CP		 451 (( l1 eq l2 ) or
452 (( t1 == mlsxwinwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
453 ( t1 == mlsxwinwrite ));
454
2c12b471 455# No MLS restrictions: x_drawable { show hide override }
2705f9a0
CP		 456
457
134191be 458#
2c12b471 459# MLS policy for the x_gc class
134191be
CP		 460#
461
2c12b471
CP		 462# the x_gc "read" ops (implicit single level)
463mlsconstrain x_gc { getattr use }
134191be
CP		 464 (( l1 dom l2 ) or
465 (( t1 == mlsxwinreadtoclr ) and ( h1 dom l2 )) or
466 ( t1 == mlsxwinread ));
467
2c12b471
CP		 468# the x_gc "write" ops (implicit single level)
469mlsconstrain x_gc { create destroy setattr }
134191be
CP		 470 (( l1 eq l2 ) or
471 (( t1 == mlsxwinwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
472 ( t1 == mlsxwinwrite ));
473
474
475#
2c12b471 476# MLS policy for the x_font class
134191be
CP		 477#
478
2c12b471
CP		 479# the x_font "read" ops (implicit single level)
480mlsconstrain x_font { use }
134191be
CP		 481 (( l1 dom l2 ) or
482 (( t1 == mlsxwinreadtoclr ) and ( h1 dom l2 )) or
483 ( t1 == mlsxwinread ));
484
2c12b471
CP		 485# the x_font "write" ops (implicit single level)
486mlsconstrain x_font { create destroy add_glyph remove_glyph }
134191be
CP		 487 (( l1 eq l2 ) or
488 (( t1 == mlsxwinwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
489 ( t1 == mlsxwinwrite ));
490
491# these access vectors have no MLS restrictions
492# font use
493
494
495#
2c12b471 496# MLS policy for the x_colormap class
134191be
CP		 497#
498
2c12b471
CP		 499# the x_colormap "read" ops (implicit single level)
500mlsconstrain x_colormap { read getattr use }
134191be
CP		 501 (( l1 dom l2 ) or
502 (( t1 == mlsxwinreadtoclr ) and ( h1 dom l2 )) or
bf080a46 503 ( t1 == mlsxwinreadcolormap ) or
134191be
CP		 504 ( t1 == mlsxwinread ));
505
2c12b471
CP		 506# the x_colormap "write" ops (implicit single level)
507mlsconstrain x_colormap { create destroy write add_color remove_color install uninstall }
134191be
CP		 508 (( l1 eq l2 ) or
509 (( t1 == mlsxwinwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
bf080a46 510 ( t1 == mlsxwinwritecolormap ) or
134191be
CP		 511 ( t1 == mlsxwinwrite ));
512
513
514#
2c12b471 515# MLS policy for the x_property class
134191be
CP		 516#
517
2c12b471
CP		 518# the x_property "read" ops (implicit single level)
519mlsconstrain x_property { read getattr }
134191be
CP		 520 (( l1 dom l2 ) or
521 (( t1 == mlsxwinreadtoclr ) and ( h1 dom l2 )) or
bf080a46 522 ( t1 == mlsxwinreadproperty ) or
134191be
CP		 523 ( t1 == mlsxwinread ));
524
2c12b471
CP		 525# the x_property "write" ops (implicit single level)
526mlsconstrain x_property { create destroy write append setattr }
134191be
CP		 527 (( l1 eq l2 ) or
528 (( t1 == mlsxwinwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
bf080a46 529 ( t1 == mlsxwinwriteproperty ) or
134191be
CP		 530 ( t1 == mlsxwinwrite ));
531
2705f9a0 532
16fd1fd8
CP		 533#
534# MLS policy for the x_selection class
535#
536
537# the x_selection "read" ops (implicit single level)
538mlsconstrain x_selection { read getattr }
539 (( l1 dom l2 ) or
540 (( t1 == mlsxwinreadtoclr ) and ( h1 dom l2 )) or
541 ( t1 == mlsxwinreadselection ) or
542 ( t1 == mlsxwinread ));
543
544# the x_selection "write" ops (implicit single level)
545mlsconstrain x_selection { write setattr }
546 (( l1 eq l2 ) or
547 (( t1 == mlsxwinwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
548 ( t1 == mlsxwinwriteselection ) or
549 ( t1 == mlsxwinwrite ));
550
551
134191be 552#
2c12b471 553# MLS policy for the x_cursor class
134191be
CP		 554#
555
2c12b471
CP		 556# the x_cursor "read" ops (implicit single level)
557mlsconstrain x_cursor { read getattr use }
558 (( l1 dom l2 ) or
559 (( t1 == mlsxwinreadtoclr ) and ( h1 dom l2 )) or
560 ( t1 == mlsxwinread ));
561
562# the x_cursor "write" ops (implicit single level)
563mlsconstrain x_cursor { create destroy write setattr }
134191be
CP		 564 (( l1 eq l2 ) or
565 (( t1 == mlsxwinwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
566 ( t1 == mlsxwinwrite ));
567
568
569#
2c12b471 570# MLS policy for the x_client class
134191be
CP		 571#
572
2c12b471
CP		 573# the x_client "read" ops (implicit single level)
574mlsconstrain x_client { getattr }
575 (( l1 dom l2 ) or
576 (( t1 == mlsxwinreadtoclr ) and ( h1 dom l2 )) or
577 ( t1 == mlsxwinread ));
578
579# the x_client "write" ops (implicit single level)
580mlsconstrain x_client { destroy setattr manage }
134191be
CP		 581 (( l1 eq l2 ) or
582 (( t1 == mlsxwinwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
583 ( t1 == mlsxwinwrite ));
584
585
586#
2c12b471 587# MLS policy for the x_device class
134191be
CP		 588#
589
2c12b471
CP		 590# the x_device "read" ops (implicit single level)
591mlsconstrain x_device { getattr use read getfocus grab }
592 (( l1 dom l2 ) or
593 (( t1 == mlsxwinreadtoclr ) and ( h1 dom l2 )) or
594 ( t1 == mlsxwinread ));
134191be 595
2c12b471
CP		 596# the x_device "write" ops (implicit single level)
597mlsconstrain x_device { setattr write setfocus bell force_cursor freeze manage }
134191be
CP		 598 (( l1 eq l2 ) or
599 (( t1 == mlsxwinwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
bf080a46 600 ( t1 == mlsxwinwritexinput ) or
134191be
CP		 601 ( t1 == mlsxwinwrite ));
602
603
2c12b471
CP		 604#
605# MLS policy for the x_server class
606#
607
608# these access vectors have no MLS restrictions
609# x_server *
134191be
CP		 610
611
612#
2c12b471 613# MLS policy for the x_extension class
134191be
CP		 614#
615
bf080a46 616# these access vectors have no MLS restrictions
2c12b471
CP		 617# x_extension { query use }
618
134191be 619
2c12b471
CP		 620#
621# MLS policy for the x_resource class
622#
623
624# the x_resource "read" ops (implicit single level)
625mlsconstrain x_resource { read }
626 (( l1 dom l2 ) or
627 (( t1 == mlsxwinreadtoclr ) and ( h1 dom l2 )) or
628 ( t1 == mlsxwinread ));
134191be 629
2c12b471
CP		 630# the x_resource "write" ops (implicit single level)
631mlsconstrain x_resource { write }
632 (( l1 eq l2 ) or
633 (( t1 == mlsxwinwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
634 ( t1 == mlsxwinwritexinput ) or
635 ( t1 == mlsxwinwrite ));
2705f9a0
CP		 636
637
134191be 638#
2c12b471 639# MLS policy for the x_event class
134191be
CP		 640#
641
2c12b471
CP		 642# the x_event "read" ops (implicit single level)
643mlsconstrain x_event { receive }
644 (( l1 dom l2 ) or
645 (( t1 == mlsxwinreadtoclr ) and ( h1 dom l2 )) or
646 ( t1 == mlsxwinread ));
647
648# the x_event "write" ops (implicit single level)
649mlsconstrain x_event { send }
650 (( l1 eq l2 ) or
651 (( t1 == mlsxwinwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
652 ( t1 == mlsxwinwritexinput ) or
653 ( t1 == mlsxwinwrite ));
654
134191be 655
d923d54c
CP		 656#
657# MLS policy for the x_application_data class
658#
659
6a824f63 660# the x_application_data "paste" ops
d923d54c 661mlsconstrain x_application_data { paste }
6a824f63 662 ( l1 domby l2 );
d923d54c 663
6a824f63 664# the x_application_data "paste_after_confirm" ops
d923d54c 665mlsconstrain x_application_data { paste_after_confirm }
6a824f63 666 ( l1 dom l2 );
d923d54c 667
134191be 668
2705f9a0 669
134191be
CP		 670#
671# MLS policy for the dbus class
672#
673
936f286c
CP		 674mlsconstrain dbus { send_msg }
675 (( l1 eq l2 ) or
676 ( t1 == mlsdbussend ) or
677 ( t2 == mlsdbusrecv ));
678
134191be 679# these access vectors have no MLS restrictions
936f286c 680# dbus { acquire_svc }
134191be
CP		 681
682
2705f9a0
CP		 683
684
134191be
CP		 685#
686# MLS policy for the nscd class
687#
688
689# these access vectors have no MLS restrictions
690# nscd { getpwd getgrp gethost getstat admin shmempwd shmemgrp shmemhost }
691
692
2705f9a0
CP		 693
694
134191be
CP		 695#
696# MLS policy for the association class
697#
698
9b45c603
CP		 699mlsconstrain association { recvfrom }
700 ((( l1 dom l2 ) and ( l1 domby h2 )) or
701 (( t1 == mlsnetreadtoclr ) and ( h1 dom l2 )) or
702 ( t1 == mlsnetread ) or
703 ( t2 == unlabeled_t ));
704
705mlsconstrain association { sendto }
d62c0881
CP		 706 (( l1 eq l2 ) or
707 (( t1 == mlsnetwriteranged ) and ( l1 dom l2 ) and ( l1 domby h2 )) or
9b45c603
CP		 708 ( t2 == unlabeled_t ));
709
710mlsconstrain association { polmatch }
d31d3c15 711 (( l1 dom l2 ) and ( h1 domby h2 ));
134191be 712
a8671ae5
CP		 713
714
715#
716# MLS policy for the context class
717#
718
719mlsconstrain context translate
720 (( h1 dom h2 ) or ( t1 == mlstranslate ));
721
c6a60bb2 722mlsconstrain context contains
4c365f4a 723 (( h1 dom h2 ) and ( l1 domby l2));
c6a60bb2 724
9760cbec
CP		 725#
726# MLS policy for database classes
727#
728
729# make sure these database classes are "single level"
82c32d5c 730mlsconstrain { db_database db_schema db_table db_sequence db_view db_procedure db_language db_column db_blob } { create relabelto }
9760cbec
CP		 731 ( l2 eq h2 );
732mlsconstrain { db_tuple } { insert relabelto }
733 ( l2 eq h2 );
734
735# new database labels must be dominated by the relabeling subjects clearance
82c32d5c 736mlsconstrain { db_database db_schema db_table db_sequence db_view db_procedure db_language db_column db_tuple db_blob } { relabelto }
9760cbec
CP		 737 ( h1 dom h2 );
738
739# the database "read" ops (note the check is dominance of the low level)
740mlsconstrain { db_database } { getattr access get_param }
741 (( l1 dom l2 ) or
742 (( t1 == mlsdbreadtoclr ) and ( h1 dom l2 )) or
743 ( t1 == mlsdbread ) or
744 ( t2 == mlstrustedobject ));
745
82c32d5c
KK		 746mlsconstrain { db_schema } { getattr search }
747 (( l1 dom l2 ) or
748 (( t1 == mlsdbreadtoclr ) and ( h1 dom l2 )) or
749 ( t1 == mlsdbread ) or
750 ( t2 == mlstrustedobject ));
751
350ed891
CP		 752mlsconstrain { db_table } { getattr use select lock }
753 (( l1 dom l2 ) or
754 (( t1 == mlsdbreadtoclr ) and ( h1 dom l2 )) or
755 ( t1 == mlsdbread ) or
756 ( t2 == mlstrustedobject ));
757
758mlsconstrain { db_column } { getattr use select }
9760cbec
CP		 759 (( l1 dom l2 ) or
760 (( t1 == mlsdbreadtoclr ) and ( h1 dom l2 )) or
761 ( t1 == mlsdbread ) or
762 ( t2 == mlstrustedobject ));
763
82c32d5c
KK		 764mlsconstrain { db_sequence } { getattr get_value next_value }
765 (( l1 dom l2 ) or
766 (( t1 == mlsdbreadtoclr ) and ( h1 dom l2 )) or
767 ( t1 == mlsdbread ) or
768 ( t2 == mlstrustedobject ));
769
770mlsconstrain { db_view } { getattr expand }
771 (( l1 dom l2 ) or
772 (( t1 == mlsdbreadtoclr ) and ( h1 dom l2 )) or
773 ( t1 == mlsdbread ) or
774 ( t2 == mlstrustedobject ));
775
466e22a8 776mlsconstrain { db_procedure } { getattr execute install }
9760cbec
CP		 777 (( l1 dom l2 ) or
778 (( t1 == mlsdbreadtoclr ) and ( h1 dom l2 )) or
779 ( t1 == mlsdbread ) or
780 ( t2 == mlstrustedobject ));
781
82c32d5c
KK		 782mlsconstrain { db_language } { getattr execute }
783 (( l1 dom l2 ) or
784 (( t1 == mlsdbreadtoclr ) and ( h1 dom l2 )) or
785 ( t1 == mlsdbread ) or
786 ( t2 == mlstrustedobject ));
787
350ed891 788mlsconstrain { db_blob } { getattr read export }
9760cbec
CP		 789 (( l1 dom l2 ) or
790 (( t1 == mlsdbreadtoclr ) and ( h1 dom l2 )) or
791 ( t1 == mlsdbread ) or
792 ( t2 == mlstrustedobject ));
793
794mlsconstrain { db_tuple } { use select }
795 (( l1 dom l2 ) or
796 (( t1 == mlsdbreadtoclr ) and ( h1 dom l2 )) or
797 ( t1 == mlsdbread ) or
798 ( t2 == mlstrustedobject ));
799
800# the "single level" file "write" ops
801mlsconstrain { db_database } { create drop setattr relabelfrom install_module load_module set_param }
802 (( l1 eq l2 ) or
803 (( t1 == mlsdbwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
804 (( t2 == mlsdbwriteinrange ) and ( l1 dom l2 ) and ( h1 domby h2 )) or
805 ( t1 == mlsdbwrite ) or
806 ( t2 == mlstrustedobject ));
807
82c32d5c
KK		 808mlsconstrain { db_schema } { create drop setattr relabelfrom add_name remove_name }
809 (( l1 eq l2 ) or
810 (( t1 == mlsdbwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
811 (( t2 == mlsdbwriteinrange ) and ( l1 dom l2 ) and ( h1 domby h2 )) or
812 ( t1 == mlsdbwrite ) or
813 ( t2 == mlstrustedobject ));
814
350ed891 815mlsconstrain { db_table } { create drop setattr relabelfrom update insert delete }
9760cbec
CP		 816 (( l1 eq l2 ) or
817 (( t1 == mlsdbwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
818 (( t2 == mlsdbwriteinrange ) and ( l1 dom l2 ) and ( h1 domby h2 )) or
819 ( t1 == mlsdbwrite ) or
820 ( t2 == mlstrustedobject ));
821
822mlsconstrain { db_column } { create drop setattr relabelfrom update insert }
823 (( l1 eq l2 ) or
824 (( t1 == mlsdbwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
825 (( t2 == mlsdbwriteinrange ) and ( l1 dom l2 ) and ( h1 domby h2 )) or
826 ( t1 == mlsdbwrite ) or
827 ( t2 == mlstrustedobject ));
828
82c32d5c
KK		 829mlsconstrain { db_sequence } { create drop setattr relabelfrom set_value }
830 (( l1 eq l2 ) or
831 (( t1 == mlsdbwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
832 (( t2 == mlsdbwriteinrange ) and ( l1 dom l2 ) and ( h1 domby h2 )) or
833 ( t1 == mlsdbwrite ) or
834 ( t2 == mlstrustedobject ));
835
836mlsconstrain { db_view } { create drop setattr relabelfrom }
837 (( l1 eq l2 ) or
838 (( t1 == mlsdbwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
839 (( t2 == mlsdbwriteinrange ) and ( l1 dom l2 ) and ( h1 domby h2 )) or
840 ( t1 == mlsdbwrite ) or
841 ( t2 == mlstrustedobject ));
842
350ed891
CP		 843mlsconstrain { db_procedure } { create drop setattr relabelfrom }
844 (( l1 eq l2 ) or
845 (( t1 == mlsdbwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
846 (( t2 == mlsdbwriteinrange ) and ( l1 dom l2 ) and ( h1 domby h2 )) or
847 ( t1 == mlsdbwrite ) or
848 ( t2 == mlstrustedobject ));
849
82c32d5c
KK		 850mlsconstrain { db_language } { create drop setattr relabelfrom }
851 (( l1 eq l2 ) or
852 (( t1 == mlsdbwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
853 (( t2 == mlsdbwriteinrange ) and ( l1 dom l2 ) and ( h1 domby h2 )) or
854 ( t1 == mlsdbwrite ) or
855 ( t2 == mlstrustedobject ));
856
350ed891 857mlsconstrain { db_blob } { create drop setattr relabelfrom write import }
9760cbec
CP		 858 (( l1 eq l2 ) or
859 (( t1 == mlsdbwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
860 (( t2 == mlsdbwriteinrange ) and ( l1 dom l2 ) and ( h1 domby h2 )) or
861 ( t1 == mlsdbwrite ) or
862 ( t2 == mlstrustedobject ));
863
864mlsconstrain { db_tuple } { relabelfrom update insert delete }
865 (( l1 eq l2 ) or
866 (( t1 == mlsdbwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
867 (( t2 == mlsdbwriteinrange ) and ( l1 dom l2 ) and ( h1 domby h2 )) or
868 ( t1 == mlsdbwrite ) or
869 ( t2 == mlstrustedobject ));
870
871# the database upgrade/downgrade rule
82c32d5c 872mlsvalidatetrans { db_database db_schema db_table db_sequence db_view db_procedure db_language db_column db_tuple db_blob }
9760cbec
CP		 873 ((( l1 eq l2 ) or
874 (( t3 == mlsdbupgrade ) and ( l1 domby l2 )) or
875 (( t3 == mlsdbdowngrade ) and ( l1 dom l2 )) or
876 (( t3 == mlsdbdowngrade ) and ( l1 incomp l2 ))) and
877 (( l1 eq h2 ) or
878 (( t3 == mlsdbupgrade ) and ( h1 domby h2 )) or
879 (( t3 == mlsdbdowngrade ) and ( h1 dom h2 )) or
880 (( t3 == mlsdbdowngrade ) and ( h1 incomp h2 ))));
881
134191be 882') dnl end enable_mls
The IPFire selinux policy.