Index: refpolicy/policy/flask/security_classes
===================================================================
--- refpolicy/policy/flask/security_classes (revision 2204)
+++ refpolicy/policy/flask/security_classes (working copy)
@@ -97,4 +97,12 @@
class dccp_socket
+# SE-PostgreSQL relation
+class database # userspace
+class table # userspace
+class procedure # userspace
+class column # userspace
+class tuple # userspace
+class blob # userspace
+
# FLASK
Index: refpolicy/policy/flask/access_vectors
===================================================================
--- refpolicy/policy/flask/access_vectors (revision 2204)
+++ refpolicy/policy/flask/access_vectors (working copy)
@@ -80,6 +80,20 @@
}
#
+# Define a common prefix for userspace database object access vectors.
+#
+
+common database
+{
+ create
+ drop
+ getattr
+ setattr
+ relabelfrom
+ relabelto
+}
+
+#
# Define the access vectors.
#
# class class_name [ inherits common_name ] { permission_name ... }
@@ -648,3 +662,58 @@
node_bind
name_connect
}
+
+# definition for SE-PostgreSQL
+class database
+inherits database
+{
+ access
+ install_module
+ load_module
+ get_param
+ set_param
+}
+
+class table
+inherits database
+{
+ select
+ update
+ insert
+ delete
+ lock
+}
+
+class procedure
+inherits database
+{
+ execute
+ entrypoint
+}
+
+class column
+inherits database
+{
+ select
+ update
+ insert
+}
+
+class tuple
+{
+ relabelfrom
+ relabelto
+ select
+ update
+ insert
+ delete
+}
+
+class blob
+inherits database
+{
+ read
+ write
+ import
+ export
+}
Index: refpolicy/policy/mcs
===================================================================
--- refpolicy/policy/mcs (revision 2204)
+++ refpolicy/policy/mcs (working copy)
@@ -98,4 +98,28 @@
mlsconstrain process { sigkill sigstop }
(( h1 dom h2 ) or ( t1 == mcskillall ));
+# MCS policy for SE-PostgreSQL
+#-------------------------------
+
+# Any database object must be dominated by the relabeling subject
+# clearance, also the objects are single-level.
+mlsconstrain { database table procedure column blob } { create relabelto }
+ ((h1 dom h2) and ( l1 domby h2 ) and ( l2 eq h2 ));
+mlsconstrain tuple { insert relabelto }
+ (( h1 dom h2 ) and ( l1 domby h2 ) and ( l2 eq h2 ));
+
+# Access control for any database objects based on MCS rules.
+mlsconstrain database { drop setattr relabelfrom access install_module load_module get_param set_param }
+ ( h1 dom h2 );
+mlsconstrain table { drop setattr relabelfrom select update insert delete }
+ ( h1 dom h2 );
+mlsconstrain column { drop setattr relabelfrom select update insert }
+ ( h1 dom h2 );
+mlsconstrain tuple { relabelfrom select update delete }
+ ( h1 dom h2 );
+mlsconstrain procedure { execute }
+ ( h1 dom h2 );
+mlsconstrain blob { drop setattr relabelfrom read write }
+ ( h1 dom h2 );
+
') dnl end enable_mcs
Index: refpolicy/policy/global_tunables
===================================================================
--- refpolicy/policy/global_tunables (revision 2204)
+++ refpolicy/policy/global_tunables (working copy)
@@ -11,6 +11,27 @@
##
##
+## Enable to output SE-PostgreSQL allowed audit message
+##
+##
+gen_tunable(sepgsql_enable_auditallow, false)
+
+##
+##
+## Disable to output SE-PostgreSQL denied audit messages
+##
+##
+gen_tunable(sepgsql_enable_auditdeny, true)
+
+##
+##
+## Disable to output SE-PostgreSQL audit message per tuple
+##
+##
+gen_tunable(sepgsql_enable_audittuple, false)
+
+##
+##
## Allow cvs daemon to read shadow
##
##