Revision as of 03:50, 13 February 2013 (view source) Kaigai (Talk | contribs) (→‎List of object classes and permissions) ← Older edit		Revision as of 04:00, 13 February 2013 (view source) Kaigai (Talk | contribs) (→‎db_schema class) Newer edit →
Line 188:		Line 188:
	= db_schema class =		= db_schema class =
−	== introduction ==	+
		+	An object of db_schema class represents an entry of pg_namespace system catalog.
		+	Its default security label shall inherit the label being assigned on the database that owns the schema, unless type_transition rule didn't here.
		+
	== permissions ==		== permissions ==
		+	db_schema object class inherits common database permissions, thus, it has basic create, drop, getattr, setattr, relabelfrom and relabelto permissions.
		+
		+	;search
		+	:It shall be checked when client tries to solve object name underlying the schema.
		+	:It is an equivalent check with SCHEMA USE permission in database acl, thus client cannot lookup any object underlying the schema without this permission.
		+	;add_name
		+	:It shall be checked when client tries to add an object name entry into a particular schema, due to object creation, rename or set schema
		+	;remove_name
		+	:It shall be checked when client tries to remove an object name entry into a particular schema, due to object deletion, rename or set schema
	= db_table class =		= db_table class =

---

Revision as of 04:00, 13 February 2013

Contents 1 Overview 1.1 History of Updates 1.2 List of object classes and permissions 2 common database 2.1 permissions 3 db_database class 3.1 permissions 4 db_schema class 4.1 permissions 5 db_table class 5.1 introduction 5.2 permissions 6 db_sequence class 6.1 introduction 6.2 permissions 7 db_view class 7.1 introduction 7.2 permissions 8 db_procedure class 8.1 introduction 8.2 permissions 9 db_column class 9.1 introduction 9.2 permissions 10 db_tuple class 10.1 introduction 10.2 permissions 11 db_language class 11.1 introduction 11.2 permissions 12 db_blob class 12.1 introduction 12.2 permissions 13 process class 13.1 introduction 13.2 permissions 14 file class 14.1 introduction 14.2 permissions

Overview

History of Updates

The initial description of the definition of object classes are permissions are based on SELinux community's reference policy 20120725 revision. In case of newer policy adds or redefines them, we at least add a notation which revision is the minimum valid policy towards this description.

20120725

The initial description of the definition of object classes are permissions.

2013xxxx

db_materialized_view object class will be added.

List of object classes and permissions

common database
create	to be checked when a new object is created
drop	to be checked when an existing object is dropped
getattr	to be checked when properties of a particular object is referenced
setattr	to be checked when properties of a particular object is modified
relabelfrom	to be checked on the older one when security label of a particular object is changed
relabelto	to be checked on the newer one when security label of a particular object is changed
db_database class
access	to be checked when session is connected to the database. It is an equivalent check with DATABASE CONNECT permission in database acl.
db_schema class
search	to be checked when client tries to solve object name underlying the schema. It is an equivalent check with SCHEMA USE permission in database acl.
add_name	to be checked when client tries to add an object name entry into a particular schema, due to object creation, rename or set schema
remove_name	to be checked when client tries to remove an object name entry into a particular schema, due to object deletion, rename or set schema
db_table class
select	to be checked when client tries to reference tables.
update	to be checked when client tries to update rows of tables.
insert	to be checked when client tries to insert rows into table.
delete	to be checked when client tries to delete rows of table, including case of TRUNCATE command.
lock	to be checked when explicit LOCK command that takes neither read nor write operations.
db_sequence class
get_value	to be checked when client tries to get current value of a sequence
next_value	to be checked when client tries to increment value of a sequence.
set_value	to be checked when client tries to set arbitrary value onto a sequence.
db_view class
expand	to be checked when client references a view in the query.
db_procedure class
execute	to be checked when client tries to invoke a procedure. It is an equivalent check with FUNCTION EXECUTE permission in database acl.
entrypoint	to be checked when procedure performs as an entry-point of trusted procedure.
install	to be checked when an object is constructed that takes procedures being invoked internally with no permission checks. Like type input/output functions.
db_column class
select	to be checked when value of column is referenced
update	to be checked when value of column is updated
insert	to be checked when a particular value is given to the column on insertion of new row
db_tuple class
(*) Note that db_tuple does not inherits common database permissions
relabelfrom	to be checked on the older one when security label of row is changed
relabelto	to be checked on the newer one when security label of row is changed
select	to be checked when row is selected
update	to be checked when row is updated
insert	to be checked when row is inserted
delete	to be checked when row is deleted
db_language class
implement	to be checked when a procedure is constructed using this language
execute	to be checked when DO command run a script without definition of procedure
db_blob class
read	to be checked when contents of large object is read
write	to be checked when contents of large object is written; updated, appended, removed or truncated
import	to be checked when contents of local file-system is imported to large-object
export	to be checked when contents of large-object is exported to local file-system.
db_materialized_view class
select	to be checked when client tries to reference materialized view
update	to be checked when client tries to update rows of materialized view (in the future)
insert	to be checked when client tries to insert rows into materialized view (in the future)
delete	to be checked when client tries to delete rows of materialized view (in the future)
lock	to be checked when explicit LOCK command that takes neither read nor write operations
refresh	to be checked when client tries to refresh materialized view into the latest status
(operating system) process class
transition	to be checked when client's label is switched via trusted procedure
dyntransition	to be checked between older and newer label of client when its label is switched via sepgsql_setcon()
setcurrent	to be checked on the current label of client when its label is switched via sepgsql_setcon()
(operating system) file class
(*) Note that object class may be either of dir, lnk_file, chr_file, blk_file, sock_file or filo_file, instead of file, depending on the type of file node being referenced.
read	to be checked when user's operation requires to read contents of a particular file on local file-system
write	to be checked when user's operation requires to write contents of a particular file on local file-system
create	to be checked when user's operation requires to create a particular file on local file-system
getattr	to be checked when user's operation requires to reference properties of a particular file on local file-system
unlink	to be checked when user's operation requires to unlink a particular file on local file-system
rename	to be checked when user's operation requires to rename a particular file on local file-system

common database

Several basic permissions are common for any database object classes, expect for db_tuple class that represent rows in user tables. Please also see the section of individual object classes regarding to definition of object class.

permissions

create

It shall be checked when user's operation tries to create a new database object being classified according to database object class.

A default security label shall be assigned on the new database object, then create permission shall be checked on the default label.

drop

It shall be checked when user's operation tries to drop an existing database object being classified according to database object class.

Unlike DAC checks, it shall be also applied on database objects being dropped in cascade.

getattr

It shall be checked when user's operation tries to read one or more properties of a particular database object being classified according to database object class.

Note that it does not intends to control operations that consumes all the referenced properties without disclosure. In other words, it needs to be checked on SELECT FROM system catalogs, but internal syscache reference is not a case, for example.

setattr

It shall be checked when user's operation tries to modify one or more properties of database object being classified according to database object class.

relabelfrom

It shall be checked towards the older security label when user's operation tries to change security label of a particular database object being classified according to database object class.

relabelto

It shall be checked towards the newder security label when user's operation tries to change security label of a particular database object being classified according to database object class.

db_database class

An object of db_database class represents an entry of pg_database system catalog. Its default security label shall inherit the label being assigned on the database used as template of new one, unless type_transition rule did not here.

permissions

db_database object class inherits common database permissions, thus, it has basic create, drop, getattr, setattr, relabelfrom and relabelto permissions.

access

It shall be checked when client tries to connect to the database. It is an equivalent check with DATABASE CONNECT permission in database acl.

db_schema class

An object of db_schema class represents an entry of pg_namespace system catalog. Its default security label shall inherit the label being assigned on the database that owns the schema, unless type_transition rule didn't here.

permissions

db_schema object class inherits common database permissions, thus, it has basic create, drop, getattr, setattr, relabelfrom and relabelto permissions.

search

It shall be checked when client tries to solve object name underlying the schema.

It is an equivalent check with SCHEMA USE permission in database acl, thus client cannot lookup any object underlying the schema without this permission.

add_name

It shall be checked when client tries to add an object name entry into a particular schema, due to object creation, rename or set schema

remove_name

It shall be checked when client tries to remove an object name entry into a particular schema, due to object deletion, rename or set schema

db_table class

introduction

permissions

db_sequence class

introduction

permissions

db_view class

introduction

permissions

db_procedure class

introduction

permissions

db_column class

introduction

permissions

db_tuple class

introduction

permissions

db_language class

introduction

permissions

db_blob class

introduction

permissions

process class

introduction

permissions

file class

introduction

permissions