You are here SELinux / SELinux Object Labeling

SELinux Object Labeling

When a DBMS object is created by Trusted RUBIX (e.g., with the INSERT command), the new object's context is calculated using SELinux rules and assigned to the new object. Because this context will later be used to control access to the object using the Type Enforcement and MLS policies, the ability to calculate the context provides a powerful access control tool. The components of the new object's SELinux context are chosen as follows:


SELinux User: Set to the SELinux User component of the creating user's session context. Useful to determine which SELinux User created the object.


Role: Always set to the object_r role. The role component of an object's context is not meaningful.


Type: If an applicable type_transition rule exists, the new object's Type is calculated from the creating user's session context Type and the parent object's Type (e.g., the table is the parent object of a row). If no applicable rule exists then the new object takes the Type of the parent object. The new object's Type will be used to determine future Type Enforcement policy decisions for the object.


Level: Set to the Level component of the creating user's session context. The new object's Level will be used to determine future MLS policy decisions for the object.


The following diagram shows two examples of new row objects being labeled along with relevant SELinux rules. Bob and Nancy both insert a row into the MyTab table. Note that the new rows have different SELinux Types (rxrow1_t and rxrow2_t) due to different session contexts and SELinux type_transition rules. This allows individual Type Enforcement rules for each row to provide distinct access control behavior.


SELinux Object Labeling Diagram