diff options
| author | Eamon Walsh <ewalsh@tycho.nsa.gov> | 2010-03-15 18:38:35 -0400 |
|---|---|---|
| committer | Eamon Walsh <ewalsh@tycho.nsa.gov> | 2010-03-15 19:01:30 -0400 |
| commit | 70aeeb918aa721ad90ed8e1b433a55c8ecf2cb83 (patch) | |
| tree | 4db755e9b6dc6835d2c472da62f2d023b439900b /libselinux/src/label_internal.h | |
| parent | 78bc1a58bc14c3f3af1ba88cb496c09bbd3f5365 (diff) | |
| download | android_external_selinux-70aeeb918aa721ad90ed8e1b433a55c8ecf2cb83.tar.gz android_external_selinux-70aeeb918aa721ad90ed8e1b433a55c8ecf2cb83.tar.bz2 android_external_selinux-70aeeb918aa721ad90ed8e1b433a55c8ecf2cb83.zip | |
This patch allows selabel_*() interfaces to provide an expected security context
for the given database object identified by its name and object class.
It is necessary to implement a feature something like the restorecon on databases.
The specfile shall be described as follows:
------------------------
#
# The specfile for database objects
# (for SE-PostgreSQL)
#
# <object class> <object name> <security context>
#
db_database * system_u:object_r:sepgsql_db_t:s0
db_schema *.pg_catalog system_u:obejct_r:sepgsql_sys_schema_t:s0
db_schema *.* system_u:object_r:sepgsql_schema_t:s0
db_table *.pg_catalog.* system_u:object_r:sepgsql_sysobj_t:s0
db_table *.*.* system_u:object_r:sepgsql_table_t:s0
------------------------
- All the characters after the '#' are ignored.
- Wildcards ('*' and '?') are available.
- It returns the first match security context.
Note that hierarchy of the namespace of database objects depends on RDBMS.
So, author of the specfile needs to write correct patterns which are suitable
for the target RDBMS. The patched selabel_*() interfaces don't have any
heuristics for the namespace hierarchy to be suitable for widespread RDBMSs.
In the case of SE-PgSQL, when we lookup an expected security context for the
'my_table' table in the 'public' schema and 'postgres' database, the caller
shall provide 'postgres.public.my_table' as a key.
In the default, it tries to read a specfile which maps database objects and security
context from the /etc/selinux/$POLICYTYPE/contexts/sepgsql_contexts.
Note that when another RDBMS uses this interface, it needs to give an explicit
SELABEL_OPT_PATH option on the selabel_open().
Signed-off-by: KaiGai Kohei <kaigai@ak.jp.nec.com>
Acked-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
Diffstat (limited to 'libselinux/src/label_internal.h')
| -rw-r--r-- | libselinux/src/label_internal.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/libselinux/src/label_internal.h b/libselinux/src/label_internal.h index 27a1f06a..99af93e8 100644 --- a/libselinux/src/label_internal.h +++ b/libselinux/src/label_internal.h @@ -23,6 +23,8 @@ int selabel_media_init(struct selabel_handle *rec, struct selinux_opt *opts, unsigned nopts) hidden; int selabel_x_init(struct selabel_handle *rec, struct selinux_opt *opts, unsigned nopts) hidden; +int selabel_db_init(struct selabel_handle *rec, + struct selinux_opt *opts, unsigned nopts) hidden; /* * Labeling internal structures |