diff for duplicates of <49CC8BEF.507@ak.jp.nec.com> diff --git a/a/1.txt b/N1/1.txt index f5ae8f9..fea26d3 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -92,3 +92,10 @@ Thanks, -- OSS Platform Development Division, NEC KaiGai Kohei <kaigai@ak.jp.nec.com> +-------------- next part -------------- +A non-text attachment was scrubbed... +Name: refpolicy-sepgsql-rework.1.patch +Type: text/x-patch +Size: 17303 bytes +Desc: not available +Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20090327/133fa094/attachment.bin diff --git a/a/2.hdr b/a/2.hdr deleted file mode 100644 index ff3aab9..0000000 --- a/a/2.hdr +++ /dev/null @@ -1,5 +0,0 @@ -Content-Type: text/x-patch; - name="refpolicy-sepgsql-rework.1.patch" -Content-Transfer-Encoding: 7bit -Content-Disposition: inline; - filename="refpolicy-sepgsql-rework.1.patch" diff --git a/a/2.txt b/a/2.txt deleted file mode 100644 index 628ba18..0000000 --- a/a/2.txt +++ /dev/null @@ -1,453 +0,0 @@ -Index: policy/flask/security_classes -=================================================================== ---- policy/flask/security_classes (revision 2936) -+++ policy/flask/security_classes (working copy) -@@ -119,4 +119,9 @@ - # kernel services that need to override task security, e.g. cachefiles - class kernel_service - -+# More Database stuff -+class db_catalog # userspace -+class db_schema # userspace -+class db_sequence # userspace -+ - # FLASK -Index: policy/flask/access_vectors -=================================================================== ---- policy/flask/access_vectors (revision 2936) -+++ policy/flask/access_vectors (working copy) -@@ -723,14 +723,12 @@ - access - install_module - load_module -- get_param -- set_param -+ superuser - } - - class db_table - inherits database - { -- use - select - update - insert -@@ -749,7 +747,6 @@ - class db_column - inherits database - { -- use - select - update - insert -@@ -759,7 +756,6 @@ - { - relabelfrom - relabelto -- use - select - update - insert -@@ -793,3 +789,27 @@ - use_as_override - create_files_as - } -+ -+# More database stuff -+class db_catalog -+inherits database -+{ -+ search -+ add_object -+ remove_object -+} -+ -+class db_schema -+inherits database -+{ -+ search -+ add_object -+ remove_object -+} -+ -+class db_sequence -+inherits database -+{ -+ get_value -+ set_value -+} -Index: policy/modules/kernel/kernel.if -=================================================================== ---- policy/modules/kernel/kernel.if (revision 2936) -+++ policy/modules/kernel/kernel.if (working copy) -@@ -2563,18 +2563,22 @@ - gen_require(` - type unlabeled_t; - class db_database { setattr relabelfrom }; -+ class db_schema { setattr relabelfrom }; - class db_table { setattr relabelfrom }; - class db_procedure { setattr relabelfrom }; - class db_column { setattr relabelfrom }; - class db_tuple { update relabelfrom }; -+ class db_sequence { setattr relabelfrom }; - class db_blob { setattr relabelfrom }; - ') - - allow $1 unlabeled_t:db_database { setattr relabelfrom }; -+ allow $1 unlabeled_t:db_schema { setattr relabelfrom }; - allow $1 unlabeled_t:db_table { setattr relabelfrom }; - allow $1 unlabeled_t:db_procedure { setattr relabelfrom }; - allow $1 unlabeled_t:db_column { setattr relabelfrom }; - allow $1 unlabeled_t:db_tuple { update relabelfrom }; -+ allow $1 unlabeled_t:db_sequence { setattr relabelfrom }; - allow $1 unlabeled_t:db_blob { setattr relabelfrom }; - ') - -Index: policy/modules/services/postgresql.if -=================================================================== ---- policy/modules/services/postgresql.if (revision 2936) -+++ policy/modules/services/postgresql.if (working copy) -@@ -24,7 +24,9 @@ - class db_tuple all_db_tuple_perms; - class db_blob all_db_blob_perms; - -- attribute sepgsql_client_type, sepgsql_database_type; -+ attribute sepgsql_client_type; -+ attribute sepgsql_database_type; -+ attribute sepgsql_schema_type; - attribute sepgsql_sysobj_table_type; - - type sepgsql_trusted_proc_exec_t, sepgsql_trusted_proc_t; -@@ -45,26 +47,28 @@ - # Client local policy - # - -+ type_transition $2 sepgsql_schema_type:db_table user_sepgsql_table_t; -+ type_transition $2 sepgsql_sysobj_t:db_tuple user_sepgsql_sysobj_t; -+ type_transition $2 sepgsql_schema_type:db_procedure user_sepgsql_proc_exec_t; -+ type_transition $2 sepgsql_schema_type:db_sequence user_sepgsql_sequence_t; -+ type_transition $2 sepgsql_database_type:db_blob user_sepgsql_blob_t; -+ - tunable_policy(`sepgsql_enable_users_ddl',` -- allow $2 user_sepgsql_table_t:db_table { create drop }; -- type_transition $2 sepgsql_database_type:db_table user_sepgsql_table_t; -- -- allow $2 user_sepgsql_table_t:db_column { create drop }; -- -- allow $2 user_sepgsql_sysobj_t:db_tuple { update insert delete }; -- type_transition $2 sepgsql_sysobj_table_type:db_tuple user_sepgsql_sysobj_t; -+ allow $2 user_sepgsql_table_t:db_table { create drop setattr }; -+ allow $2 user_sepgsql_table_t:db_column { create drop setattr }; -+ allow $2 user_sepgsql_proc_exec_t:db_procedure { create drop setattr }; -+ allow $2 user_sepgsql_sequence_t:db_sequence { create drop setattr }; - ') -+ allow $2 user_sepgsql_table_t:db_table { getattr select update insert delete }; -+ allow $2 user_sepgsql_table_t:db_column { getattr select update insert }; -+ allow $2 user_sepgsql_table_t:db_tuple { select update insert delete }; -+ allow $2 user_sepgsql_sysobj_t:db_tuple { select update insert delete }; - -- allow $2 user_sepgsql_table_t:db_table { getattr setattr use select update insert delete }; -- allow $2 user_sepgsql_table_t:db_column { getattr setattr use select update insert }; -- allow $2 user_sepgsql_table_t:db_tuple { use select update insert delete }; -- allow $2 user_sepgsql_sysobj_t:db_tuple { use select }; -+ allow $2 user_sepgsql_proc_exec_t:db_procedure { getattr execute }; - -- allow $2 user_sepgsql_proc_exec_t:db_procedure { create drop getattr setattr execute }; -- type_transition $2 sepgsql_database_type:db_procedure user_sepgsql_proc_exec_t; -+ allow $2 user_sepgsql_sequence_t:db_sequence { getattr get_value set_value }; - -- allow $2 user_sepgsql_blob_t:db_blob { create drop getattr setattr read write }; -- type_transition $2 sepgsql_database_type:db_blob user_sepgsql_blob_t; -+ allow $2 user_sepgsql_blob_t:db_blob { create drop getattr setattr read write import export }; - - allow $2 sepgsql_trusted_proc_t:process transition; - type_transition $2 sepgsql_trusted_proc_exec_t:process sepgsql_trusted_proc_t; -@@ -108,6 +112,24 @@ - - ######################################## - ## <summary> -+## Marks as a SE-PostgreSQL schema object type -+## </summary> -+## <param name="type"> -+## <summary> -+## Type marked as a schema object type. -+## </summary> -+## </param> -+# -+interface(`postgresql_schema_object',` -+ gen_require(` -+ attribute sepgsql_schema_type; -+ ') -+ -+ typeattribute $1 sepgsql_schema_type; -+') -+ -+######################################## -+## <summary> - ## Marks as a SE-PostgreSQL table/column/tuple object type - ## </summary> - ## <param name="type"> -@@ -163,6 +185,24 @@ - - ######################################## - ## <summary> -+## Marks as a SE-PostgreSQL sequence object type -+## </summary> -+## <param name="type"> -+## <summary> -+## Type marked as a sequence object type. -+## </summary> -+## </param> -+# -+interface(`postgresql_sequence_object',` -+ gen_require(` -+ attribute sepgsql_sequence_type; -+ ') -+ -+ typeattribute $1 sepgsql_sequence_type; -+') -+ -+######################################## -+## <summary> - ## Marks as a SE-PostgreSQL binary large object type - ## </summary> - ## <param name="type"> -@@ -319,14 +359,16 @@ - - attribute sepgsql_client_type; - -- type sepgsql_db_t, sepgsql_table_t, sepgsql_proc_t, sepgsql_blob_t; -+ type sepgsql_db_t, sepgsql_schema_t; -+ type sepgsql_table_t, sepgsql_proc_t, sepgsql_sequence_t, sepgsql_blob_t; - type sepgsql_trusted_proc_t, sepgsql_trusted_proc_exec_t; - ') - - typeattribute $1 sepgsql_client_type; - -- type_transition $1 sepgsql_db_t:db_table sepgsql_table_t; -- type_transition $1 sepgsql_db_t:db_procedure sepgsql_proc_t; -+ type_transition $1 sepgsql_schema_t:db_table sepgsql_table_t; -+ type_transition $1 sepgsql_schema_t:db_procedure sepgsql_proc_t; -+ type_transition $1 sepgsql_schema_t:db_sequence sepgsql_sequence_t; - type_transition $1 sepgsql_db_t:db_blob sepgsql_blob_t; - - type_transition $1 sepgsql_trusted_proc_exec_t:process sepgsql_trusted_proc_t; -@@ -346,8 +388,30 @@ - # - interface(`postgresql_unconfined',` - gen_require(` -+ class db_database { superuser }; -+ - attribute sepgsql_unconfined_type; - ') - - typeattribute $1 sepgsql_unconfined_type; -+ allow $1 $1 : db_database superuser; - ') -+ -+######################################## -+## <summary> -+## Allow the specified domain unconfined accesses without superuser -+## to any database objects managed by SE-PostgreSQL, -+## </summary> -+## <param name="domain"> -+## <summary> -+## Domain allowed access. -+## </summary> -+## </param> -+# -+interface(`postgresql_unconfined_without_superuser',` -+ gen_require(` -+ attribute sepgsql_unconfined_type; -+ ') -+ -+ typeattribute $1 sepgsql_unconfined_type; -+') -Index: policy/modules/services/postgresql.te -=================================================================== ---- policy/modules/services/postgresql.te (revision 2936) -+++ policy/modules/services/postgresql.te (working copy) -@@ -1,12 +1,14 @@ - --policy_module(postgresql, 1.8.3) -+policy_module(postgresql, 1.9.1) - - gen_require(` - class db_database all_db_database_perms; -+ class db_schema all_db_schema_perms; - class db_table all_db_table_perms; - class db_procedure all_db_procedure_perms; - class db_column all_db_column_perms; - class db_tuple all_db_tuple_perms; -+ class db_sequence all_db_sequence_perms; - class db_blob all_db_blob_perms; - ') - -@@ -50,9 +52,11 @@ - - # database objects attribute - attribute sepgsql_database_type; -+attribute sepgsql_schema_type; - attribute sepgsql_table_type; - attribute sepgsql_sysobj_table_type; - attribute sepgsql_procedure_type; -+attribute sepgsql_sequence_type; - attribute sepgsql_blob_type; - attribute sepgsql_module_type; - -@@ -75,12 +79,18 @@ - type sepgsql_ro_table_t; - postgresql_table_object(sepgsql_ro_table_t) - -+type sepgsql_schema_t; -+postgresql_schema_object(sepgsql_schema_t) -+ - type sepgsql_secret_blob_t; - postgresql_blob_object(sepgsql_secret_blob_t) - - type sepgsql_secret_table_t; - postgresql_table_object(sepgsql_secret_table_t) - -+type sepgsql_sequence_t; -+postgresql_sequence_object(sepgsql_sequence_t) -+ - type sepgsql_sysobj_t; - postgresql_system_table_object(sepgsql_sysobj_t) - -@@ -93,7 +103,7 @@ - # Trusted Procedure Domain - type sepgsql_trusted_proc_t; - domain_type(sepgsql_trusted_proc_t) --postgresql_unconfined(sepgsql_trusted_proc_t) -+postgresql_unconfined_without_superuser(sepgsql_trusted_proc_t) - role system_r types sepgsql_trusted_proc_t; - - type user_sepgsql_blob_t; -@@ -106,6 +116,11 @@ - typealias user_sepgsql_proc_exec_t alias { auditadm_sepgsql_proc_exec_t secadm_sepgsql_proc_exec_t }; - postgresql_procedure_object(user_sepgsql_proc_exec_t) - -+type user_sepgsql_sequence_t; -+typealias user_sepgsql_sequence_t alias { staff_sepgsql_sequence_t sysadm_sepgsql_sequence_t }; -+typealias user_sepgsql_sequence_t alias { auditadm_sepgsql_sequence_t secadm_sepgsql_sequence_t }; -+postgresql_sequence_object(user_sepgsql_sequence_t) -+ - type user_sepgsql_sysobj_t; - typealias user_sepgsql_sysobj_t alias { staff_sepgsql_sysobj_t sysadm_sepgsql_sysobj_t }; - typealias user_sepgsql_sysobj_t alias { auditadm_sepgsql_sysobj_t secadm_sepgsql_sysobj_t }; -@@ -135,16 +150,22 @@ - allow postgresql_t sepgsql_database_type:db_database *; - type_transition postgresql_t postgresql_t:db_database sepgsql_db_t; - -+allow postgresql_t sepgsql_schema_type:db_schema *; -+type_transition postgresql_t sepgsql_database_type:db_schema sepgsql_schema_t; -+ - allow postgresql_t sepgsql_module_type:db_database install_module; - # Database/Loadable module - allow sepgsql_database_type sepgsql_module_type:db_database load_module; - - allow postgresql_t sepgsql_table_type:{ db_table db_column db_tuple } *; --type_transition postgresql_t sepgsql_database_type:db_table sepgsql_sysobj_t; -+type_transition postgresql_t sepgsql_schema_type:db_table sepgsql_sysobj_t; - - allow postgresql_t sepgsql_procedure_type:db_procedure *; --type_transition postgresql_t sepgsql_database_type:db_procedure sepgsql_proc_t; -+type_transition postgresql_t sepgsql_schema_type:db_procedure sepgsql_proc_t; - -+allow postgresql_t sepgsql_sequence_type:db_sequence *; -+type_transition postgresql_t sepgsql_schema_type:db_sequence sepgsql_sequence_t; -+ - allow postgresql_t sepgsql_blob_type:db_blob *; - type_transition postgresql_t sepgsql_database_type:db_blob sepgsql_blob_t; - -@@ -281,27 +302,30 @@ - # Rules common to all clients - # - --allow sepgsql_client_type sepgsql_db_t:db_database { getattr access get_param set_param }; -+allow sepgsql_client_type sepgsql_db_t:db_database { getattr access }; - type_transition sepgsql_client_type sepgsql_client_type:db_database sepgsql_db_t; - --allow sepgsql_client_type sepgsql_fixed_table_t:db_table { getattr use select insert }; --allow sepgsql_client_type sepgsql_fixed_table_t:db_column { getattr use select insert }; --allow sepgsql_client_type sepgsql_fixed_table_t:db_tuple { use select insert }; -+allow sepgsql_client_type sepgsql_schema_t:db_schema { search }; -+type_transition sepgsql_client_type sepgsql_schema_type:db_schema sepgsql_schema_t; - --allow sepgsql_client_type sepgsql_table_t:db_table { getattr use select update insert delete }; --allow sepgsql_client_type sepgsql_table_t:db_column { getattr use select update insert }; --allow sepgsql_client_type sepgsql_table_t:db_tuple { use select update insert delete }; -+allow sepgsql_client_type sepgsql_fixed_table_t:db_table { getattr select insert lock }; -+allow sepgsql_client_type sepgsql_fixed_table_t:db_column { getattr select insert }; -+allow sepgsql_client_type sepgsql_fixed_table_t:db_tuple { select insert }; - --allow sepgsql_client_type sepgsql_ro_table_t:db_table { getattr use select }; --allow sepgsql_client_type sepgsql_ro_table_t:db_column { getattr use select }; --allow sepgsql_client_type sepgsql_ro_table_t:db_tuple { use select }; -+allow sepgsql_client_type sepgsql_table_t:db_table { getattr select update insert delete lock }; -+allow sepgsql_client_type sepgsql_table_t:db_column { getattr select update insert }; -+allow sepgsql_client_type sepgsql_table_t:db_tuple { select update insert delete }; - -+allow sepgsql_client_type sepgsql_ro_table_t:db_table { getattr select lock }; -+allow sepgsql_client_type sepgsql_ro_table_t:db_column { getattr select }; -+allow sepgsql_client_type sepgsql_ro_table_t:db_tuple { select }; -+ - allow sepgsql_client_type sepgsql_secret_table_t:db_table getattr; - allow sepgsql_client_type sepgsql_secret_table_t:db_column getattr; - --allow sepgsql_client_type sepgsql_sysobj_t:db_table { getattr use select }; --allow sepgsql_client_type sepgsql_sysobj_t:db_column { getattr use select }; --allow sepgsql_client_type sepgsql_sysobj_t:db_tuple { use select }; -+allow sepgsql_client_type sepgsql_sysobj_t:db_table { getattr select }; -+allow sepgsql_client_type sepgsql_sysobj_t:db_column { getattr select }; -+allow sepgsql_client_type sepgsql_sysobj_t:db_tuple { select }; - - allow sepgsql_client_type sepgsql_proc_t:db_procedure { getattr execute install }; - allow sepgsql_client_type sepgsql_trusted_proc_t:db_procedure { getattr execute entrypoint }; -@@ -321,9 +345,10 @@ - # to access classified tuples and can make a audit record. - # - # Therefore, the following rule is applied for any domains which can connect SE-PostgreSQL. --dontaudit { postgresql_t sepgsql_client_type sepgsql_unconfined_type } { sepgsql_table_type -sepgsql_sysobj_table_type }:db_tuple { use select update insert delete }; -+dontaudit { postgresql_t sepgsql_client_type sepgsql_unconfined_type } { sepgsql_table_type -sepgsql_sysobj_table_type }:db_tuple { select update insert delete }; - - tunable_policy(`sepgsql_enable_users_ddl',` -+ allow sepgsql_client_type sepgsql_schema_t:db_schema { add_object remove_object }; - allow sepgsql_client_type sepgsql_table_t:db_table { create drop setattr }; - allow sepgsql_client_type sepgsql_table_t:db_column { create drop setattr }; - allow sepgsql_client_type sepgsql_sysobj_t:db_tuple { update insert delete }; -@@ -334,20 +359,29 @@ - # Unconfined access to this module - # - --allow sepgsql_unconfined_type sepgsql_database_type:db_database *; -+allow sepgsql_unconfined_type sepgsql_database_type:db_database ~{ superuser }; - type_transition sepgsql_unconfined_type sepgsql_unconfined_type:db_database sepgsql_db_t; - --type_transition sepgsql_unconfined_type sepgsql_database_type:db_table sepgsql_table_t; --type_transition sepgsql_unconfined_type sepgsql_database_type:db_procedure sepgsql_proc_t; -+allow sepgsql_unconfined_type sepgsql_schema_type:db_schema *; -+type_transition sepgsql_unconfined_type sepgsql_database_type:db_schema sepgsql_schema_t; -+ -+type_transition sepgsql_unconfined_type sepgsql_schema_type:db_table sepgsql_table_t; -+type_transition sepgsql_unconfined_type sepgsql_schema_type:db_procedure sepgsql_proc_t; -+type_transition sepgsql_unconfined_type sepgsql_schema_type:db_sequence sepgsql_sequence_t; - type_transition sepgsql_unconfined_type sepgsql_database_type:db_blob sepgsql_blob_t; - - allow sepgsql_unconfined_type sepgsql_table_type:{ db_table db_column db_tuple } *; - - # unconfined domain is not allowed to invoke user defined procedure directly. - # They have to confirm and relabel it at first. --allow sepgsql_unconfined_type { sepgsql_proc_t sepgsql_trusted_proc_t }:db_procedure *; --allow sepgsql_unconfined_type sepgsql_procedure_type:db_procedure { create drop getattr setattr relabelfrom relabelto }; -+# In addition, trusted procedure should not installed as system internal procedure, -+# because it can be implicitly invoked. -+allow sepgsql_unconfined_type sepgsql_proc_t:db_procedure *; -+allow sepgsql_unconfined_type sepgsql_trusted_proc_t:db_procedure ~{ install }; -+allow sepgsql_unconfined_type sepgsql_procedure_type:db_procedure ~{ execute install }; - -+allow sepgsql_unconfined_type sepgsql_sequence_type:db_sequence *; -+ - allow sepgsql_unconfined_type sepgsql_blob_type:db_blob *; - - allow sepgsql_unconfined_type sepgsql_module_type:db_database install_module; diff --git a/a/content_digest b/N1/content_digest index 6c93b73..b61cf14 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -2,13 +2,11 @@ "ref\049C7A88E.4020408@rubix.com\0" "ref\049C84200.9090107@ak.jp.nec.com\0" "ref\049C9D524.9050208@ak.jp.nec.com\0" - "From\0KaiGai Kohei <kaigai@ak.jp.nec.com>\0" - "Subject\0[PATCH] Policy rework for SE-PostgreSQL (Re: Some ideas in SE-PostgreSQL enhancement)\0" + "From\0kaigai@ak.jp.nec.com (KaiGai Kohei)\0" + "Subject\0[refpolicy] [PATCH] Policy rework for SE-PostgreSQL (Re: Some ideas in SE-PostgreSQL enhancement)\0" "Date\0Fri, 27 Mar 2009 17:18:55 +0900\0" - "To\0cpebenito@tresys.com\0" - "Cc\0selinux <selinux@tycho.nsa.gov>" - " refpolicy@oss.tresys.com\0" - "\01:1\0" + "To\0refpolicy@oss.tresys.com\0" + "\00:1\0" "b\0" "The attached patch is the first one in the series of reworks for\n" "the SE-PostgreSQL security policy.\n" @@ -103,462 +101,13 @@ "Thanks,\n" "-- \n" "OSS Platform Development Division, NEC\n" - KaiGai Kohei <kaigai@ak.jp.nec.com> - "\01:2\0" - "fn\0refpolicy-sepgsql-rework.1.patch\0" - "b\0" - "Index: policy/flask/security_classes\n" - "===================================================================\n" - "--- policy/flask/security_classes\t(revision 2936)\n" - "+++ policy/flask/security_classes\t(working copy)\n" - "@@ -119,4 +119,9 @@\n" - " # kernel services that need to override task security, e.g. cachefiles\n" - " class kernel_service \n" - " \n" - "+# More Database stuff\n" - "+class db_catalog\t\t# userspace\n" - "+class db_schema\t\t\t# userspace\n" - "+class db_sequence\t\t# userspace\n" - "+\n" - " # FLASK\n" - "Index: policy/flask/access_vectors\n" - "===================================================================\n" - "--- policy/flask/access_vectors\t(revision 2936)\n" - "+++ policy/flask/access_vectors\t(working copy)\n" - "@@ -723,14 +723,12 @@\n" - " \taccess\n" - " \tinstall_module\n" - " \tload_module\n" - "-\tget_param\n" - "-\tset_param\n" - "+\tsuperuser\n" - " }\n" - " \n" - " class db_table\n" - " inherits database\n" - " {\n" - "-\tuse\n" - " \tselect\n" - " \tupdate\n" - " \tinsert\n" - "@@ -749,7 +747,6 @@\n" - " class db_column\n" - " inherits database\n" - " {\n" - "-\tuse\n" - " \tselect\n" - " \tupdate\n" - " \tinsert\n" - "@@ -759,7 +756,6 @@\n" - " {\n" - " \trelabelfrom\n" - " \trelabelto\n" - "-\tuse\n" - " \tselect\n" - " \tupdate\n" - " \tinsert\n" - "@@ -793,3 +789,27 @@\n" - " \tuse_as_override\n" - " \tcreate_files_as\t\n" - " }\n" - "+\n" - "+# More database stuff\n" - "+class db_catalog\n" - "+inherits database\n" - "+{\n" - "+\tsearch\n" - "+\tadd_object\n" - "+\tremove_object\n" - "+}\n" - "+\n" - "+class db_schema\n" - "+inherits database\n" - "+{\n" - "+\tsearch\n" - "+\tadd_object\n" - "+\tremove_object\n" - "+}\n" - "+\n" - "+class db_sequence\n" - "+inherits database\n" - "+{\n" - "+\tget_value\n" - "+\tset_value\n" - "+}\n" - "Index: policy/modules/kernel/kernel.if\n" - "===================================================================\n" - "--- policy/modules/kernel/kernel.if\t(revision 2936)\n" - "+++ policy/modules/kernel/kernel.if\t(working copy)\n" - "@@ -2563,18 +2563,22 @@\n" - " \tgen_require(`\n" - " \t\ttype unlabeled_t;\n" - " \t\tclass db_database { setattr relabelfrom };\n" - "+\t\tclass db_schema { setattr relabelfrom };\n" - " \t\tclass db_table { setattr relabelfrom };\n" - " \t\tclass db_procedure { setattr relabelfrom };\n" - " \t\tclass db_column { setattr relabelfrom };\n" - " \t\tclass db_tuple { update relabelfrom };\n" - "+\t\tclass db_sequence { setattr relabelfrom };\n" - " \t\tclass db_blob { setattr relabelfrom };\n" - " \t')\n" - " \n" - " \tallow $1 unlabeled_t:db_database { setattr relabelfrom };\n" - "+\tallow $1 unlabeled_t:db_schema { setattr relabelfrom };\n" - " \tallow $1 unlabeled_t:db_table { setattr relabelfrom };\n" - " \tallow $1 unlabeled_t:db_procedure { setattr relabelfrom };\n" - " \tallow $1 unlabeled_t:db_column { setattr relabelfrom };\n" - " \tallow $1 unlabeled_t:db_tuple { update relabelfrom };\n" - "+\tallow $1 unlabeled_t:db_sequence { setattr relabelfrom };\n" - " \tallow $1 unlabeled_t:db_blob { setattr relabelfrom };\n" - " ')\n" - " \n" - "Index: policy/modules/services/postgresql.if\n" - "===================================================================\n" - "--- policy/modules/services/postgresql.if\t(revision 2936)\n" - "+++ policy/modules/services/postgresql.if\t(working copy)\n" - "@@ -24,7 +24,9 @@\n" - " \t\tclass db_tuple all_db_tuple_perms;\n" - " \t\tclass db_blob all_db_blob_perms;\n" - " \n" - "-\t\tattribute sepgsql_client_type, sepgsql_database_type;\n" - "+\t\tattribute sepgsql_client_type;\n" - "+\t\tattribute sepgsql_database_type;\n" - "+\t\tattribute sepgsql_schema_type;\n" - " \t\tattribute sepgsql_sysobj_table_type;\n" - " \n" - " \t\ttype sepgsql_trusted_proc_exec_t, sepgsql_trusted_proc_t;\n" - "@@ -45,26 +47,28 @@\n" - " \t# Client local policy\n" - " \t#\n" - " \n" - "+\ttype_transition $2 sepgsql_schema_type:db_table user_sepgsql_table_t;\n" - "+\ttype_transition $2 sepgsql_sysobj_t:db_tuple user_sepgsql_sysobj_t;\n" - "+\ttype_transition $2 sepgsql_schema_type:db_procedure user_sepgsql_proc_exec_t;\n" - "+\ttype_transition $2 sepgsql_schema_type:db_sequence user_sepgsql_sequence_t;\n" - "+\ttype_transition $2 sepgsql_database_type:db_blob user_sepgsql_blob_t;\n" - "+\n" - " \ttunable_policy(`sepgsql_enable_users_ddl',`\n" - "-\t\tallow $2 user_sepgsql_table_t:db_table { create drop };\n" - "-\t\ttype_transition $2 sepgsql_database_type:db_table user_sepgsql_table_t;\n" - "-\n" - "-\t\tallow $2 user_sepgsql_table_t:db_column { create drop };\n" - "-\n" - "-\t\tallow $2 user_sepgsql_sysobj_t:db_tuple { update insert delete };\n" - "-\t\ttype_transition $2 sepgsql_sysobj_table_type:db_tuple user_sepgsql_sysobj_t;\n" - "+\t\tallow $2 user_sepgsql_table_t:db_table { create drop setattr };\n" - "+\t\tallow $2 user_sepgsql_table_t:db_column { create drop setattr };\n" - "+\t\tallow $2 user_sepgsql_proc_exec_t:db_procedure { create drop setattr };\n" - "+\t\tallow $2 user_sepgsql_sequence_t:db_sequence { create drop setattr };\n" - " \t')\n" - "+\tallow $2 user_sepgsql_table_t:db_table { getattr select update insert delete };\n" - "+\tallow $2 user_sepgsql_table_t:db_column { getattr select update insert };\n" - "+\tallow $2 user_sepgsql_table_t:db_tuple\t{ select update insert delete };\n" - "+\tallow $2 user_sepgsql_sysobj_t:db_tuple\t{ select update insert delete };\n" - " \n" - "-\tallow $2 user_sepgsql_table_t:db_table { getattr setattr use select update insert delete };\n" - "-\tallow $2 user_sepgsql_table_t:db_column { getattr setattr use select update insert };\n" - "-\tallow $2 user_sepgsql_table_t:db_tuple\t{ use select update insert delete };\n" - "-\tallow $2 user_sepgsql_sysobj_t:db_tuple\t{ use select };\n" - "+\tallow $2 user_sepgsql_proc_exec_t:db_procedure { getattr execute };\n" - " \n" - "-\tallow $2 user_sepgsql_proc_exec_t:db_procedure { create drop getattr setattr execute };\n" - "-\ttype_transition $2 sepgsql_database_type:db_procedure user_sepgsql_proc_exec_t;\n" - "+\tallow $2 user_sepgsql_sequence_t:db_sequence { getattr get_value set_value };\n" - " \n" - "-\tallow $2 user_sepgsql_blob_t:db_blob { create drop getattr setattr read write };\n" - "-\ttype_transition $2 sepgsql_database_type:db_blob user_sepgsql_blob_t;\n" - "+\tallow $2 user_sepgsql_blob_t:db_blob { create drop getattr setattr read write import export };\n" - " \n" - " \tallow $2 sepgsql_trusted_proc_t:process transition;\n" - " \ttype_transition $2 sepgsql_trusted_proc_exec_t:process sepgsql_trusted_proc_t;\n" - "@@ -108,6 +112,24 @@\n" - " \n" - " ########################################\n" - " ## <summary>\n" - "+##\tMarks as a SE-PostgreSQL schema object type\n" - "+## </summary>\n" - "+## <param name=\"type\">\n" - "+##\t<summary>\n" - "+##\tType marked as a schema object type.\n" - "+##\t</summary>\n" - "+## </param>\n" - "+#\n" - "+interface(`postgresql_schema_object',`\n" - "+\tgen_require(`\n" - "+\t\tattribute sepgsql_schema_type;\n" - "+\t')\n" - "+\n" - "+\ttypeattribute $1 sepgsql_schema_type;\n" - "+')\n" - "+\n" - "+########################################\n" - "+## <summary>\n" - " ##\tMarks as a SE-PostgreSQL table/column/tuple object type\n" - " ## </summary>\n" - " ## <param name=\"type\">\n" - "@@ -163,6 +185,24 @@\n" - " \n" - " ########################################\n" - " ## <summary>\n" - "+##\tMarks as a SE-PostgreSQL sequence object type\n" - "+## </summary>\n" - "+## <param name=\"type\">\n" - "+##\t<summary>\n" - "+##\tType marked as a sequence object type.\n" - "+##\t</summary>\n" - "+## </param>\n" - "+#\n" - "+interface(`postgresql_sequence_object',`\n" - "+\tgen_require(`\n" - "+\t\tattribute sepgsql_sequence_type;\n" - "+\t')\n" - "+\n" - "+\ttypeattribute $1 sepgsql_sequence_type;\n" - "+')\n" - "+\n" - "+########################################\n" - "+## <summary>\n" - " ##\tMarks as a SE-PostgreSQL binary large object type\n" - " ## </summary>\n" - " ## <param name=\"type\">\n" - "@@ -319,14 +359,16 @@\n" - " \n" - " \t\tattribute sepgsql_client_type;\n" - " \n" - "-\t\ttype sepgsql_db_t, sepgsql_table_t, sepgsql_proc_t, sepgsql_blob_t;\n" - "+\t\ttype sepgsql_db_t, sepgsql_schema_t;\n" - "+\t\ttype sepgsql_table_t, sepgsql_proc_t, sepgsql_sequence_t, sepgsql_blob_t;\n" - " \t\ttype sepgsql_trusted_proc_t, sepgsql_trusted_proc_exec_t;\n" - " \t')\n" - " \n" - " \ttypeattribute $1 sepgsql_client_type;\n" - " \n" - "-\ttype_transition $1 sepgsql_db_t:db_table sepgsql_table_t;\n" - "-\ttype_transition $1 sepgsql_db_t:db_procedure sepgsql_proc_t;\n" - "+\ttype_transition $1 sepgsql_schema_t:db_table sepgsql_table_t;\n" - "+\ttype_transition $1 sepgsql_schema_t:db_procedure sepgsql_proc_t;\n" - "+\ttype_transition $1 sepgsql_schema_t:db_sequence sepgsql_sequence_t;\n" - " \ttype_transition $1 sepgsql_db_t:db_blob sepgsql_blob_t;\n" - " \n" - " \ttype_transition $1 sepgsql_trusted_proc_exec_t:process sepgsql_trusted_proc_t;\n" - "@@ -346,8 +388,30 @@\n" - " #\n" - " interface(`postgresql_unconfined',`\n" - " \tgen_require(`\n" - "+\t\tclass db_database { superuser };\n" - "+\n" - " \t\tattribute sepgsql_unconfined_type;\n" - " \t')\n" - " \n" - " \ttypeattribute $1 sepgsql_unconfined_type;\n" - "+\tallow $1 $1 : db_database superuser;\n" - " ')\n" - "+\n" - "+########################################\n" - "+## <summary>\n" - "+##\tAllow the specified domain unconfined accesses without superuser\n" - "+##\tto any database objects managed by SE-PostgreSQL,\n" - "+## </summary>\n" - "+## <param name=\"domain\">\n" - "+##\t<summary>\n" - "+##\tDomain allowed access.\n" - "+##\t</summary>\n" - "+## </param>\n" - "+#\n" - "+interface(`postgresql_unconfined_without_superuser',`\n" - "+\tgen_require(`\n" - "+\t\tattribute sepgsql_unconfined_type;\n" - "+\t')\n" - "+\n" - "+\ttypeattribute $1 sepgsql_unconfined_type;\n" - "+')\n" - "Index: policy/modules/services/postgresql.te\n" - "===================================================================\n" - "--- policy/modules/services/postgresql.te\t(revision 2936)\n" - "+++ policy/modules/services/postgresql.te\t(working copy)\n" - "@@ -1,12 +1,14 @@\n" - " \n" - "-policy_module(postgresql, 1.8.3)\n" - "+policy_module(postgresql, 1.9.1)\n" - " \n" - " gen_require(`\n" - " \tclass db_database all_db_database_perms;\n" - "+\tclass db_schema all_db_schema_perms;\n" - " \tclass db_table all_db_table_perms;\n" - " \tclass db_procedure all_db_procedure_perms;\n" - " \tclass db_column all_db_column_perms;\n" - " \tclass db_tuple all_db_tuple_perms;\n" - "+\tclass db_sequence all_db_sequence_perms;\n" - " \tclass db_blob all_db_blob_perms;\n" - " ')\n" - " \n" - "@@ -50,9 +52,11 @@\n" - " \n" - " # database objects attribute\n" - " attribute sepgsql_database_type;\n" - "+attribute sepgsql_schema_type;\n" - " attribute sepgsql_table_type;\n" - " attribute sepgsql_sysobj_table_type;\n" - " attribute sepgsql_procedure_type;\n" - "+attribute sepgsql_sequence_type;\n" - " attribute sepgsql_blob_type;\n" - " attribute sepgsql_module_type;\n" - " \n" - "@@ -75,12 +79,18 @@\n" - " type sepgsql_ro_table_t;\n" - " postgresql_table_object(sepgsql_ro_table_t)\n" - " \n" - "+type sepgsql_schema_t;\n" - "+postgresql_schema_object(sepgsql_schema_t)\n" - "+\n" - " type sepgsql_secret_blob_t;\n" - " postgresql_blob_object(sepgsql_secret_blob_t)\n" - " \n" - " type sepgsql_secret_table_t;\n" - " postgresql_table_object(sepgsql_secret_table_t)\n" - " \n" - "+type sepgsql_sequence_t;\n" - "+postgresql_sequence_object(sepgsql_sequence_t)\n" - "+\n" - " type sepgsql_sysobj_t;\n" - " postgresql_system_table_object(sepgsql_sysobj_t)\n" - " \n" - "@@ -93,7 +103,7 @@\n" - " # Trusted Procedure Domain\n" - " type sepgsql_trusted_proc_t;\n" - " domain_type(sepgsql_trusted_proc_t)\n" - "-postgresql_unconfined(sepgsql_trusted_proc_t)\n" - "+postgresql_unconfined_without_superuser(sepgsql_trusted_proc_t)\n" - " role system_r types sepgsql_trusted_proc_t;\n" - " \n" - " type user_sepgsql_blob_t;\n" - "@@ -106,6 +116,11 @@\n" - " typealias user_sepgsql_proc_exec_t alias { auditadm_sepgsql_proc_exec_t secadm_sepgsql_proc_exec_t };\n" - " postgresql_procedure_object(user_sepgsql_proc_exec_t)\n" - " \n" - "+type user_sepgsql_sequence_t;\n" - "+typealias user_sepgsql_sequence_t alias { staff_sepgsql_sequence_t sysadm_sepgsql_sequence_t };\n" - "+typealias user_sepgsql_sequence_t alias { auditadm_sepgsql_sequence_t secadm_sepgsql_sequence_t };\n" - "+postgresql_sequence_object(user_sepgsql_sequence_t)\n" - "+\n" - " type user_sepgsql_sysobj_t;\n" - " typealias user_sepgsql_sysobj_t alias { staff_sepgsql_sysobj_t sysadm_sepgsql_sysobj_t };\n" - " typealias user_sepgsql_sysobj_t alias { auditadm_sepgsql_sysobj_t secadm_sepgsql_sysobj_t };\n" - "@@ -135,16 +150,22 @@\n" - " allow postgresql_t sepgsql_database_type:db_database *;\n" - " type_transition postgresql_t postgresql_t:db_database sepgsql_db_t;\n" - " \n" - "+allow postgresql_t sepgsql_schema_type:db_schema *;\n" - "+type_transition postgresql_t sepgsql_database_type:db_schema sepgsql_schema_t;\n" - "+\n" - " allow postgresql_t sepgsql_module_type:db_database install_module;\n" - " # Database/Loadable module\n" - " allow sepgsql_database_type sepgsql_module_type:db_database load_module;\n" - " \n" - " allow postgresql_t sepgsql_table_type:{ db_table db_column db_tuple } *;\n" - "-type_transition postgresql_t sepgsql_database_type:db_table sepgsql_sysobj_t;\n" - "+type_transition postgresql_t sepgsql_schema_type:db_table sepgsql_sysobj_t;\n" - " \n" - " allow postgresql_t sepgsql_procedure_type:db_procedure *;\n" - "-type_transition postgresql_t sepgsql_database_type:db_procedure sepgsql_proc_t;\n" - "+type_transition postgresql_t sepgsql_schema_type:db_procedure sepgsql_proc_t;\n" - " \n" - "+allow postgresql_t sepgsql_sequence_type:db_sequence *;\n" - "+type_transition postgresql_t sepgsql_schema_type:db_sequence sepgsql_sequence_t;\n" - "+\n" - " allow postgresql_t sepgsql_blob_type:db_blob *;\n" - " type_transition postgresql_t sepgsql_database_type:db_blob sepgsql_blob_t;\n" - " \n" - "@@ -281,27 +302,30 @@\n" - " # Rules common to all clients\n" - " #\n" - " \n" - "-allow sepgsql_client_type sepgsql_db_t:db_database { getattr access get_param set_param };\n" - "+allow sepgsql_client_type sepgsql_db_t:db_database { getattr access };\n" - " type_transition sepgsql_client_type sepgsql_client_type:db_database sepgsql_db_t;\n" - " \n" - "-allow sepgsql_client_type sepgsql_fixed_table_t:db_table { getattr use select insert };\n" - "-allow sepgsql_client_type sepgsql_fixed_table_t:db_column { getattr use select insert };\n" - "-allow sepgsql_client_type sepgsql_fixed_table_t:db_tuple { use select insert };\n" - "+allow sepgsql_client_type sepgsql_schema_t:db_schema { search };\n" - "+type_transition sepgsql_client_type sepgsql_schema_type:db_schema sepgsql_schema_t;\n" - " \n" - "-allow sepgsql_client_type sepgsql_table_t:db_table { getattr use select update insert delete };\n" - "-allow sepgsql_client_type sepgsql_table_t:db_column { getattr use select update insert };\n" - "-allow sepgsql_client_type sepgsql_table_t:db_tuple { use select update insert delete };\n" - "+allow sepgsql_client_type sepgsql_fixed_table_t:db_table { getattr select insert lock };\n" - "+allow sepgsql_client_type sepgsql_fixed_table_t:db_column { getattr select insert };\n" - "+allow sepgsql_client_type sepgsql_fixed_table_t:db_tuple { select insert };\n" - " \n" - "-allow sepgsql_client_type sepgsql_ro_table_t:db_table { getattr use select };\n" - "-allow sepgsql_client_type sepgsql_ro_table_t:db_column { getattr use select };\n" - "-allow sepgsql_client_type sepgsql_ro_table_t:db_tuple { use select };\n" - "+allow sepgsql_client_type sepgsql_table_t:db_table { getattr select update insert delete lock };\n" - "+allow sepgsql_client_type sepgsql_table_t:db_column { getattr select update insert };\n" - "+allow sepgsql_client_type sepgsql_table_t:db_tuple { select update insert delete };\n" - " \n" - "+allow sepgsql_client_type sepgsql_ro_table_t:db_table { getattr select lock };\n" - "+allow sepgsql_client_type sepgsql_ro_table_t:db_column { getattr select };\n" - "+allow sepgsql_client_type sepgsql_ro_table_t:db_tuple { select };\n" - "+\n" - " allow sepgsql_client_type sepgsql_secret_table_t:db_table getattr;\n" - " allow sepgsql_client_type sepgsql_secret_table_t:db_column getattr;\n" - " \n" - "-allow sepgsql_client_type sepgsql_sysobj_t:db_table { getattr use select };\n" - "-allow sepgsql_client_type sepgsql_sysobj_t:db_column { getattr use select };\n" - "-allow sepgsql_client_type sepgsql_sysobj_t:db_tuple { use select };\n" - "+allow sepgsql_client_type sepgsql_sysobj_t:db_table { getattr select };\n" - "+allow sepgsql_client_type sepgsql_sysobj_t:db_column { getattr select };\n" - "+allow sepgsql_client_type sepgsql_sysobj_t:db_tuple { select };\n" - " \n" - " allow sepgsql_client_type sepgsql_proc_t:db_procedure { getattr execute install };\n" - " allow sepgsql_client_type sepgsql_trusted_proc_t:db_procedure { getattr execute entrypoint };\n" - "@@ -321,9 +345,10 @@\n" - " # to access classified tuples and can make a audit record.\n" - " #\n" - " # Therefore, the following rule is applied for any domains which can connect SE-PostgreSQL.\n" - "-dontaudit { postgresql_t sepgsql_client_type sepgsql_unconfined_type } { sepgsql_table_type -sepgsql_sysobj_table_type }:db_tuple { use select update insert delete };\n" - "+dontaudit { postgresql_t sepgsql_client_type sepgsql_unconfined_type } { sepgsql_table_type -sepgsql_sysobj_table_type }:db_tuple { select update insert delete };\n" - " \n" - " tunable_policy(`sepgsql_enable_users_ddl',`\n" - "+\tallow sepgsql_client_type sepgsql_schema_t:db_schema { add_object remove_object };\n" - " \tallow sepgsql_client_type sepgsql_table_t:db_table { create drop setattr };\n" - " \tallow sepgsql_client_type sepgsql_table_t:db_column { create drop setattr };\n" - " \tallow sepgsql_client_type sepgsql_sysobj_t:db_tuple { update insert delete };\n" - "@@ -334,20 +359,29 @@\n" - " # Unconfined access to this module\n" - " #\n" - " \n" - "-allow sepgsql_unconfined_type sepgsql_database_type:db_database *;\n" - "+allow sepgsql_unconfined_type sepgsql_database_type:db_database ~{ superuser };\n" - " type_transition sepgsql_unconfined_type sepgsql_unconfined_type:db_database sepgsql_db_t;\n" - " \n" - "-type_transition sepgsql_unconfined_type sepgsql_database_type:db_table sepgsql_table_t;\n" - "-type_transition sepgsql_unconfined_type sepgsql_database_type:db_procedure sepgsql_proc_t;\n" - "+allow sepgsql_unconfined_type sepgsql_schema_type:db_schema *;\n" - "+type_transition sepgsql_unconfined_type sepgsql_database_type:db_schema sepgsql_schema_t;\n" - "+\n" - "+type_transition sepgsql_unconfined_type sepgsql_schema_type:db_table sepgsql_table_t;\n" - "+type_transition sepgsql_unconfined_type sepgsql_schema_type:db_procedure sepgsql_proc_t;\n" - "+type_transition sepgsql_unconfined_type sepgsql_schema_type:db_sequence sepgsql_sequence_t;\n" - " type_transition sepgsql_unconfined_type sepgsql_database_type:db_blob sepgsql_blob_t;\n" - " \n" - " allow sepgsql_unconfined_type sepgsql_table_type:{ db_table db_column db_tuple } *;\n" - " \n" - " # unconfined domain is not allowed to invoke user defined procedure directly.\n" - " # They have to confirm and relabel it at first.\n" - "-allow sepgsql_unconfined_type { sepgsql_proc_t sepgsql_trusted_proc_t }:db_procedure *;\n" - "-allow sepgsql_unconfined_type sepgsql_procedure_type:db_procedure { create drop getattr setattr relabelfrom relabelto };\n" - "+# In addition, trusted procedure should not installed as system internal procedure,\n" - "+# because it can be implicitly invoked.\n" - "+allow sepgsql_unconfined_type sepgsql_proc_t:db_procedure *;\n" - "+allow sepgsql_unconfined_type sepgsql_trusted_proc_t:db_procedure ~{ install };\n" - "+allow sepgsql_unconfined_type sepgsql_procedure_type:db_procedure ~{ execute install };\n" - " \n" - "+allow sepgsql_unconfined_type sepgsql_sequence_type:db_sequence *;\n" - "+\n" - " allow sepgsql_unconfined_type sepgsql_blob_type:db_blob *;\n" - " \n" - allow sepgsql_unconfined_type sepgsql_module_type:db_database install_module; + "KaiGai Kohei <kaigai@ak.jp.nec.com>\n" + "-------------- next part --------------\n" + "A non-text attachment was scrubbed...\n" + "Name: refpolicy-sepgsql-rework.1.patch\n" + "Type: text/x-patch\n" + "Size: 17303 bytes\n" + "Desc: not available\n" + Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20090327/133fa094/attachment.bin -8e84ea0a2bc8250dfd9c289a50abd7824cbfffe7098207ed07171fd918026e25 +22bee7500554293e678421e2c27848ba6b54a40c3d0ae286191926950ae56562
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.