This patch allows selabel_*() interfaces to provide an expected security context

for the given database object identified by its name and object class.
It is necessary to implement a feature something like the restorecon on databases.

The specfile shall be described as follows:
  ------------------------
  #
  # The specfile for database objects
  # (for SE-PostgreSQL)
  #
  # <object class> <object name> <security context>
  #
  db_database     *               system_u:object_r:sepgsql_db_t:s0

  db_schema       *.pg_catalog    system_u:obejct_r:sepgsql_sys_schema_t:s0
  db_schema       *.*             system_u:object_r:sepgsql_schema_t:s0

  db_table        *.pg_catalog.*  system_u:object_r:sepgsql_sysobj_t:s0
  db_table        *.*.*           system_u:object_r:sepgsql_table_t:s0
  ------------------------

- All the characters after the '#' are ignored.
- Wildcards ('*' and '?') are available.
- It returns the first match security context.

Note that hierarchy of the namespace of database objects depends on RDBMS.
So, author of the specfile needs to write correct patterns which are suitable
for the target RDBMS. The patched selabel_*() interfaces don't have any
heuristics for the namespace hierarchy to be suitable for widespread RDBMSs.
In the case of SE-PgSQL, when we lookup an expected security context for the
'my_table' table in the 'public' schema and 'postgres' database, the caller
shall provide 'postgres.public.my_table' as a key.

In the default, it tries to read a specfile which maps database objects and security
context from the /etc/selinux/$POLICYTYPE/contexts/sepgsql_contexts.
Note that when another RDBMS uses this interface, it needs to give an explicit
SELABEL_OPT_PATH option on the selabel_open().

Signed-off-by: KaiGai Kohei <kaigai@ak.jp.nec.com>
Acked-by: Eamon Walsh <ewalsh@tycho.nsa.gov>

2 files changed, 11 insertions, 3 deletions

diff --git a/libselinux/man/man3/selabel_open.3 b/libselinux/man/man3/selabel_open.3
index 1af2ec02..8674e377 100644
--- a/libselinux/man/man3/selabel_open.3
+++ b/libselinux/man/man3/selabel_open.3
@@ -72,15 +72,19 @@ Note that an invalid context may not be treated as an error unless it is actuall
 .TP
 .B SELABEL_CTX_FILE
 File contexts backend, described in 
-.BR selabel_file (3).
+.BR selabel_file (5).
 .TP
 .B SELABEL_CTX_MEDIA
 Media contexts backend, described in 
-.BR selabel_media (3).
+.BR selabel_media (5).
 .TP
 .B SELABEL_CTX_X
 X Windows contexts backend, described in 
-.BR selabel_x (3).
+.BR selabel_x (5).
+.TP
+.B SELABEL_CTX_DB
+Database objects contexts backend, described in
+.BR selabel_db (5).
 
 .SH "RETURN VALUE"
 A non-NULL handle value is returned on success.  On error, NULL is returned and
diff --git a/libselinux/man/man3/selinux_binary_policy_path.3 b/libselinux/man/man3/selinux_binary_policy_path.3
index 61909576..8ead1a44 100644
--- a/libselinux/man/man3/selinux_binary_policy_path.3
+++ b/libselinux/man/man3/selinux_binary_policy_path.3
@@ -29,6 +29,8 @@ extern const char *selinux_usersconf_path(void);
 
 extern const char *selinux_x_context_path(void);
 
+extern const char *selinux_sepgsql_context_path(void);
+
 extern const char *selinux_file_context_path(void);
 
 extern const char *selinux_media_context_path(void);
@@ -66,6 +68,8 @@ selinux_usersconf_path() - file containing mapping between Linux Users and SELin
 .sp
 selinux_x_context_path() - file containing configuration for XSELinux extension
 .sp
+selinux_sepgsql_context_path() - file containing configuration for SE-PostgreSQL
+.sp
 selinux_netfilter_context_path - default netfilter context 
 .sp
 selinux_file_context_path() - default system file contexts configuration