diff for duplicates of <49D1DA85.1030902@ak.jp.nec.com> diff --git a/a/1.txt b/N1/1.txt index 2a57181..3f8de71 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -150,3 +150,10 @@ Thanks, -- OSS Platform Development Division, NEC KaiGai Kohei <kaigai@ak.jp.nec.com> +-------------- next part -------------- +A non-text attachment was scrubbed... +Name: refpolicy-sepgsql-rework.2.patch +Type: text/x-patch +Size: 24841 bytes +Desc: not available +Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20090331/9d0579be/attachment-0001.bin diff --git a/a/2.hdr b/a/2.hdr deleted file mode 100644 index 7585f2d..0000000 --- a/a/2.hdr +++ /dev/null @@ -1,5 +0,0 @@ -Content-Type: text/x-patch; - name="refpolicy-sepgsql-rework.2.patch" -Content-Transfer-Encoding: 7bit -Content-Disposition: inline; - filename="refpolicy-sepgsql-rework.2.patch" diff --git a/a/2.txt b/a/2.txt deleted file mode 100644 index 7b35e18..0000000 --- a/a/2.txt +++ /dev/null @@ -1,672 +0,0 @@ -Index: policy/flask/security_classes -=================================================================== ---- policy/flask/security_classes (revision 2936) -+++ policy/flask/security_classes (working copy) -@@ -119,4 +119,9 @@ - # kernel services that need to override task security, e.g. cachefiles - class kernel_service - -+# More Database stuff -+class db_catalog # userspace -+class db_schema # userspace -+class db_sequence # userspace -+ - # FLASK -Index: policy/flask/access_vectors -=================================================================== ---- policy/flask/access_vectors (revision 2936) -+++ policy/flask/access_vectors (working copy) -@@ -723,14 +723,12 @@ - access - install_module - load_module -- get_param -- set_param -+ superuser - } - - class db_table - inherits database - { -- use - select - update - insert -@@ -749,7 +747,6 @@ - class db_column - inherits database - { -- use - select - update - insert -@@ -759,7 +756,6 @@ - { - relabelfrom - relabelto -- use - select - update - insert -@@ -793,3 +789,29 @@ - use_as_override - create_files_as - } -+ -+# More database stuff -+class db_catalog -+inherits database -+{ -+ search -+ add_object -+ remove_object -+ associate -+} -+ -+class db_schema -+inherits database -+{ -+ search -+ add_object -+ remove_object -+ associate -+} -+ -+class db_sequence -+inherits database -+{ -+ get_value -+ set_value -+} -Index: policy/modules/kernel/kernel.if -=================================================================== ---- policy/modules/kernel/kernel.if (revision 2936) -+++ policy/modules/kernel/kernel.if (working copy) -@@ -2563,18 +2563,22 @@ - gen_require(` - type unlabeled_t; - class db_database { setattr relabelfrom }; -+ class db_schema { setattr relabelfrom }; - class db_table { setattr relabelfrom }; - class db_procedure { setattr relabelfrom }; - class db_column { setattr relabelfrom }; - class db_tuple { update relabelfrom }; -+ class db_sequence { setattr relabelfrom }; - class db_blob { setattr relabelfrom }; - ') - - allow $1 unlabeled_t:db_database { setattr relabelfrom }; -+ allow $1 unlabeled_t:db_schema { setattr relabelfrom }; - allow $1 unlabeled_t:db_table { setattr relabelfrom }; - allow $1 unlabeled_t:db_procedure { setattr relabelfrom }; - allow $1 unlabeled_t:db_column { setattr relabelfrom }; - allow $1 unlabeled_t:db_tuple { update relabelfrom }; -+ allow $1 unlabeled_t:db_sequence { setattr relabelfrom }; - allow $1 unlabeled_t:db_blob { setattr relabelfrom }; - ') - -Index: policy/modules/services/postgresql.if -=================================================================== ---- policy/modules/services/postgresql.if (revision 2936) -+++ policy/modules/services/postgresql.if (working copy) -@@ -17,57 +17,12 @@ - # - interface(`postgresql_role',` - gen_require(` -- class db_database all_db_database_perms; -- class db_table all_db_table_perms; -- class db_procedure all_db_procedure_perms; -- class db_column all_db_column_perms; -- class db_tuple all_db_tuple_perms; -- class db_blob all_db_blob_perms; -- -- attribute sepgsql_client_type, sepgsql_database_type; -- attribute sepgsql_sysobj_table_type; -- -- type sepgsql_trusted_proc_exec_t, sepgsql_trusted_proc_t; -- type user_sepgsql_blob_t, user_sepgsql_proc_exec_t; -- type user_sepgsql_sysobj_t, user_sepgsql_table_t; -+ type sepgsql_trusted_proc_t; - ') - -- ######################################## -- # -- # Declarations -- # -- -- typeattribute $2 sepgsql_client_type; - role $1 types sepgsql_trusted_proc_t; - -- ############################## -- # -- # Client local policy -- # -- -- tunable_policy(`sepgsql_enable_users_ddl',` -- allow $2 user_sepgsql_table_t:db_table { create drop }; -- type_transition $2 sepgsql_database_type:db_table user_sepgsql_table_t; -- -- allow $2 user_sepgsql_table_t:db_column { create drop }; -- -- allow $2 user_sepgsql_sysobj_t:db_tuple { update insert delete }; -- type_transition $2 sepgsql_sysobj_table_type:db_tuple user_sepgsql_sysobj_t; -- ') -- -- allow $2 user_sepgsql_table_t:db_table { getattr setattr use select update insert delete }; -- allow $2 user_sepgsql_table_t:db_column { getattr setattr use select update insert }; -- allow $2 user_sepgsql_table_t:db_tuple { use select update insert delete }; -- allow $2 user_sepgsql_sysobj_t:db_tuple { use select }; -- -- allow $2 user_sepgsql_proc_exec_t:db_procedure { create drop getattr setattr execute }; -- type_transition $2 sepgsql_database_type:db_procedure user_sepgsql_proc_exec_t; -- -- allow $2 user_sepgsql_blob_t:db_blob { create drop getattr setattr read write }; -- type_transition $2 sepgsql_database_type:db_blob user_sepgsql_blob_t; -- -- allow $2 sepgsql_trusted_proc_t:process transition; -- type_transition $2 sepgsql_trusted_proc_exec_t:process sepgsql_trusted_proc_t; -+ postgresql_unpriv_client($2) - ') - - ######################################## -@@ -108,6 +63,24 @@ - - ######################################## - ## <summary> -+## Marks as a SE-PostgreSQL schema object type -+## </summary> -+## <param name="type"> -+## <summary> -+## Type marked as a schema object type. -+## </summary> -+## </param> -+# -+interface(`postgresql_schema_object',` -+ gen_require(` -+ attribute sepgsql_schema_type; -+ ') -+ -+ typeattribute $1 sepgsql_schema_type; -+') -+ -+######################################## -+## <summary> - ## Marks as a SE-PostgreSQL table/column/tuple object type - ## </summary> - ## <param name="type"> -@@ -163,6 +136,24 @@ - - ######################################## - ## <summary> -+## Marks as a SE-PostgreSQL sequence object type -+## </summary> -+## <param name="type"> -+## <summary> -+## Type marked as a sequence object type. -+## </summary> -+## </param> -+# -+interface(`postgresql_sequence_object',` -+ gen_require(` -+ attribute sepgsql_sequence_type; -+ ') -+ -+ typeattribute $1 sepgsql_sequence_type; -+') -+ -+######################################## -+## <summary> - ## Marks as a SE-PostgreSQL binary large object type - ## </summary> - ## <param name="type"> -@@ -181,6 +172,24 @@ - - ######################################## - ## <summary> -+## Marks as a SE-PostgreSQL object type stored within temporary schema -+## </summary> -+## <param name="type"> -+## <summary> -+## Type marked as a temporary database object type. -+## </summary> -+## </param> -+# -+interface(`postgresql_temporary_object',` -+ gen_require(` -+ attribute sepgsql_temporary_type; -+ ') -+ -+ typeattribute $1 sepgsql_temporary_type; -+') -+ -+######################################## -+## <summary> - ## Allow the specified domain to search postgresql's database directory. - ## </summary> - ## <param name="domain"> -@@ -313,22 +322,46 @@ - # - interface(`postgresql_unpriv_client',` - gen_require(` -+ class db_database all_db_database_perms; -+ class db_schema all_db_schema_perms; - class db_table all_db_table_perms; - class db_procedure all_db_procedure_perms; -+ class db_column all_db_column_perms; -+ class db_tuple all_db_tuple_perms; -+ class db_sequence all_db_sequence_perms; - class db_blob all_db_blob_perms; - -- attribute sepgsql_client_type; -+ attribute sepgsql_client_type, sepgsql_database_type; - -- type sepgsql_db_t, sepgsql_table_t, sepgsql_proc_t, sepgsql_blob_t; -+ type sepgsql_schema_t, sepgsql_temp_schema_t; -+ type user_sepgsql_table_t, user_sepgsql_proc_exec_t; -+ type user_sepgsql_sequence_t, user_sepgsql_blob_t; -+ type sepgsql_temp_table_t, sepgsql_temp_proc_exec_t, sepgsql_temp_sequence_t; - type sepgsql_trusted_proc_t, sepgsql_trusted_proc_exec_t; - ') - -+ ######################################## -+ # -+ # Declarations -+ # -+ - typeattribute $1 sepgsql_client_type; - -- type_transition $1 sepgsql_db_t:db_table sepgsql_table_t; -- type_transition $1 sepgsql_db_t:db_procedure sepgsql_proc_t; -- type_transition $1 sepgsql_db_t:db_blob sepgsql_blob_t; -+ ############################## -+ # -+ # Type transitions -+ # -+ type_transition $1 sepgsql_schema_t:db_table user_sepgsql_table_t; -+ type_transition $1 sepgsql_schema_t:db_procedure user_sepgsql_proc_exec_t; -+ type_transition $1 sepgsql_schema_t:db_sequence user_sepgsql_sequence_t; - -+ type_transition $1 sepgsql_temp_schema_t:db_table sepgsql_temp_table_t; -+ type_transition $1 sepgsql_temp_schema_t:db_procedure sepgsql_temp_proc_exec_t; -+ type_transition $1 sepgsql_temp_schema_t:db_sequence sepgsql_temp_sequence_t; -+ -+ type_transition $1 sepgsql_database_type:db_blob user_sepgsql_blob_t; -+ -+ # Trusted procedure invocation - type_transition $1 sepgsql_trusted_proc_exec_t:process sepgsql_trusted_proc_t; - allow $1 sepgsql_trusted_proc_t:process transition; - ') -@@ -346,8 +379,31 @@ - # - interface(`postgresql_unconfined',` - gen_require(` -+ class db_database {superuser}; -+ - attribute sepgsql_unconfined_type; - ') - - typeattribute $1 sepgsql_unconfined_type; -+ -+ allow $1 $1 : db_database {superuser}; - ') -+ -+######################################## -+## <summary> -+## Allow the specified domain unconfined accesses to any database objects -+## managed by SE-PostgreSQL, without db_database:{superuser} privilege. -+## </summary> -+## <param name="domain"> -+## <summary> -+## Domain allowed access. -+## </summary> -+## </param> -+# -+interface(`postgresql_unconfined_without_superuser',` -+ gen_require(` -+ attribute sepgsql_unconfined_type; -+ ') -+ -+ typeattribute $1 sepgsql_unconfined_type; -+') -Index: policy/modules/services/postgresql.te -=================================================================== ---- policy/modules/services/postgresql.te (revision 2936) -+++ policy/modules/services/postgresql.te (working copy) -@@ -1,12 +1,14 @@ - --policy_module(postgresql, 1.8.3) -+policy_module(postgresql, 1.9.1) - - gen_require(` - class db_database all_db_database_perms; -+ class db_schema all_db_schema_perms; - class db_table all_db_table_perms; - class db_procedure all_db_procedure_perms; - class db_column all_db_column_perms; - class db_tuple all_db_tuple_perms; -+ class db_sequence all_db_sequence_perms; - class db_blob all_db_blob_perms; - ') - -@@ -50,10 +52,13 @@ - - # database objects attribute - attribute sepgsql_database_type; -+attribute sepgsql_schema_type; - attribute sepgsql_table_type; - attribute sepgsql_sysobj_table_type; - attribute sepgsql_procedure_type; - attribute sepgsql_blob_type; -+attribute sepgsql_sequence_type; -+attribute sepgsql_temporary_type; - attribute sepgsql_module_type; - - # database object types -@@ -66,8 +71,9 @@ - type sepgsql_fixed_table_t; - postgresql_table_object(sepgsql_fixed_table_t) - --type sepgsql_proc_t; --postgresql_procedure_object(sepgsql_proc_t) -+type sepgsql_proc_exec_t; -+typealias sepgsql_proc_exec_t alias { sepgsql_proc_t }; -+postgresql_procedure_object(sepgsql_proc_exec_t) - - type sepgsql_ro_blob_t; - postgresql_blob_object(sepgsql_ro_blob_t) -@@ -75,25 +81,46 @@ - type sepgsql_ro_table_t; - postgresql_table_object(sepgsql_ro_table_t) - -+type sepgsql_schema_t; -+postgresql_schema_object(sepgsql_schema_t) -+ - type sepgsql_secret_blob_t; - postgresql_blob_object(sepgsql_secret_blob_t) - - type sepgsql_secret_table_t; - postgresql_table_object(sepgsql_secret_table_t) - -+type sepgsql_sequence_t; -+postgresql_sequence_object(sepgsql_sequence_t) -+ - type sepgsql_sysobj_t; - postgresql_system_table_object(sepgsql_sysobj_t) - - type sepgsql_table_t; - postgresql_table_object(sepgsql_table_t) - -+type sepgsql_temp_proc_exec_t; -+postgresql_procedure_object(sepgsql_temp_proc_exec_t) -+postgresql_temporary_object(sepgsql_temp_proc_exec_t) -+ -+type sepgsql_temp_schema_t; -+postgresql_schema_object(sepgsql_temp_schema_t) -+ -+type sepgsql_temp_sequence_t; -+postgresql_sequence_object(sepgsql_temp_sequence_t) -+postgresql_temporary_object(sepgsql_temp_sequence_t) -+ -+type sepgsql_temp_table_t; -+postgresql_table_object(sepgsql_temp_table_t) -+postgresql_temporary_object(sepgsql_temp_table_t) -+ - type sepgsql_trusted_proc_exec_t; - postgresql_procedure_object(sepgsql_trusted_proc_exec_t) - - # Trusted Procedure Domain - type sepgsql_trusted_proc_t; - domain_type(sepgsql_trusted_proc_t) --postgresql_unconfined(sepgsql_trusted_proc_t) -+postgresql_unconfined_without_superuser(sepgsql_trusted_proc_t) - role system_r types sepgsql_trusted_proc_t; - - type user_sepgsql_blob_t; -@@ -106,6 +133,10 @@ - typealias user_sepgsql_proc_exec_t alias { auditadm_sepgsql_proc_exec_t secadm_sepgsql_proc_exec_t }; - postgresql_procedure_object(user_sepgsql_proc_exec_t) - -+type user_sepgsql_sequence_t; -+typealias user_sepgsql_sequence_t alias { staff_sepgsql_sequence_t sysadm_sepgsql_sequence_t }; -+typealias user_sepgsql_sequence_t alias { auditadm_sepgsql_sequence_t secadm_sepgsql_sequence_t }; -+ - type user_sepgsql_sysobj_t; - typealias user_sepgsql_sysobj_t alias { staff_sepgsql_sysobj_t sysadm_sepgsql_sysobj_t }; - typealias user_sepgsql_sysobj_t alias { auditadm_sepgsql_sysobj_t secadm_sepgsql_sysobj_t }; -@@ -116,11 +147,17 @@ - typealias user_sepgsql_table_t alias { auditadm_sepgsql_table_t secadm_sepgsql_table_t }; - postgresql_table_object(user_sepgsql_table_t) - -+# Relationship between schema and database objects -+allow { sepgsql_table_type - sepgsql_temporary_type } sepgsql_schema_t : db_schema { associate }; -+allow { sepgsql_procedure_type - sepgsql_temporary_type } sepgsql_schema_t : db_schema { associate }; -+allow { sepgsql_sequence_type - sepgsql_temporary_type } sepgsql_schema_t : db_schema { associate }; -+allow { sepgsql_temporary_type } sepgsql_temp_schema_t : db_schema { associate }; -+ - ######################################## - # - # postgresql Local policy - # --allow postgresql_t self:capability { kill dac_override dac_read_search chown fowner fsetid setuid setgid sys_nice sys_tty_config sys_admin }; -+allow postgresql_t self:capability { kill dac_override dac_read_search chown fowner fsetid setuid setgid sys_nice sys_tty_config sys_admin audit_write }; - dontaudit postgresql_t self:capability { sys_tty_config sys_admin }; - allow postgresql_t self:process signal_perms; - allow postgresql_t self:fifo_file rw_fifo_file_perms; -@@ -130,6 +167,7 @@ - allow postgresql_t self:udp_socket create_stream_socket_perms; - allow postgresql_t self:unix_dgram_socket create_socket_perms; - allow postgresql_t self:unix_stream_socket create_stream_socket_perms; -+allow postgresql_t self:netlink_audit_socket create_socket_perms; - allow postgresql_t self:netlink_selinux_socket create_socket_perms; - - allow postgresql_t sepgsql_database_type:db_database *; -@@ -139,11 +177,14 @@ - # Database/Loadable module - allow sepgsql_database_type sepgsql_module_type:db_database load_module; - -+allow postgresql_t sepgsql_schema_type:db_schema *; -+type_transition postgresql_t sepgsql_schema_type:db_schema sepgsql_schema_t; -+ - allow postgresql_t sepgsql_table_type:{ db_table db_column db_tuple } *; --type_transition postgresql_t sepgsql_database_type:db_table sepgsql_sysobj_t; -+type_transition postgresql_t sepgsql_schema_type:db_table sepgsql_sysobj_t; - - allow postgresql_t sepgsql_procedure_type:db_procedure *; --type_transition postgresql_t sepgsql_database_type:db_procedure sepgsql_proc_t; -+type_transition postgresql_t sepgsql_schema_type:db_procedure sepgsql_proc_exec_t; - - allow postgresql_t sepgsql_blob_type:db_blob *; - type_transition postgresql_t sepgsql_database_type:db_blob sepgsql_blob_t; -@@ -281,35 +322,56 @@ - # Rules common to all clients - # - --allow sepgsql_client_type sepgsql_db_t:db_database { getattr access get_param set_param }; --type_transition sepgsql_client_type sepgsql_client_type:db_database sepgsql_db_t; -+allow sepgsql_client_type sepgsql_db_t:db_database { getattr access }; -+type_transition sepgsql_client_type postgresql_t:db_database sepgsql_db_t; - --allow sepgsql_client_type sepgsql_fixed_table_t:db_table { getattr use select insert }; --allow sepgsql_client_type sepgsql_fixed_table_t:db_column { getattr use select insert }; --allow sepgsql_client_type sepgsql_fixed_table_t:db_tuple { use select insert }; -+allow sepgsql_client_type sepgsql_schema_t:db_schema { search }; -+allow sepgsql_client_type sepgsql_temp_schema_t:db_schema { search add_object remove_object }; - --allow sepgsql_client_type sepgsql_table_t:db_table { getattr use select update insert delete }; --allow sepgsql_client_type sepgsql_table_t:db_column { getattr use select update insert }; --allow sepgsql_client_type sepgsql_table_t:db_tuple { use select update insert delete }; -+allow sepgsql_client_type sepgsql_fixed_table_t:db_table { getattr select insert lock }; -+allow sepgsql_client_type sepgsql_fixed_table_t:db_column { getattr select insert }; -+allow sepgsql_client_type sepgsql_fixed_table_t:db_tuple { select insert }; - --allow sepgsql_client_type sepgsql_ro_table_t:db_table { getattr use select }; --allow sepgsql_client_type sepgsql_ro_table_t:db_column { getattr use select }; --allow sepgsql_client_type sepgsql_ro_table_t:db_tuple { use select }; -+allow sepgsql_client_type sepgsql_table_t:db_table { getattr select update insert delete lock }; -+allow sepgsql_client_type sepgsql_table_t:db_column { getattr select update insert }; -+allow sepgsql_client_type sepgsql_table_t:db_tuple { select update insert delete }; - -+allow sepgsql_client_type sepgsql_ro_table_t:db_table { getattr select lock }; -+allow sepgsql_client_type sepgsql_ro_table_t:db_column { getattr select }; -+allow sepgsql_client_type sepgsql_ro_table_t:db_tuple { select }; -+ - allow sepgsql_client_type sepgsql_secret_table_t:db_table getattr; - allow sepgsql_client_type sepgsql_secret_table_t:db_column getattr; - --allow sepgsql_client_type sepgsql_sysobj_t:db_table { getattr use select }; --allow sepgsql_client_type sepgsql_sysobj_t:db_column { getattr use select }; --allow sepgsql_client_type sepgsql_sysobj_t:db_tuple { use select }; -+allow sepgsql_client_type sepgsql_sysobj_t:db_table { getattr select lock }; -+allow sepgsql_client_type sepgsql_sysobj_t:db_column { getattr select }; -+allow sepgsql_client_type sepgsql_sysobj_t:db_tuple { select update insert delete }; - - allow sepgsql_client_type sepgsql_proc_t:db_procedure { getattr execute install }; - allow sepgsql_client_type sepgsql_trusted_proc_t:db_procedure { getattr execute entrypoint }; - -+allow sepgsql_client_type sepgsql_sequence_t:db_sequence { getattr get_value }; -+ - allow sepgsql_client_type sepgsql_blob_t:db_blob { create drop getattr setattr read write }; - allow sepgsql_client_type sepgsql_ro_blob_t:db_blob { getattr read }; - allow sepgsql_client_type sepgsql_secret_blob_t:db_blob getattr; - -+allow sepgsql_client_type sepgsql_temp_table_t:db_table { create drop getattr setattr select update insert delete lock }; -+allow sepgsql_client_type sepgsql_temp_table_t:db_column { create drop getattr setattr select update insert }; -+allow sepgsql_client_type sepgsql_temp_table_t:db_tuple { select update insert delete }; -+ -+allow sepgsql_client_type sepgsql_temp_proc_exec_t:db_procedure { create drop getattr setattr execute }; -+ -+allow sepgsql_client_type sepgsql_temp_sequence_t:db_sequence { create drop getattr setattr get_value set_value }; -+ -+allow sepgsql_client_type user_sepgsql_table_t:db_table { getattr select update insert delete lock }; -+allow sepgsql_client_type user_sepgsql_table_t:db_column { getattr select update insert }; -+allow sepgsql_client_type user_sepgsql_table_t:db_tuple { select update insert delete }; -+ -+allow sepgsql_client_type user_sepgsql_proc_exec_t:db_procedure { getattr execute }; -+ -+allow sepgsql_client_type user_sepgsql_sequence_t:db_sequence { getattr get_value set_value }; -+ - # The purpose of the dontaudit rule in row-level access control is to prevent a flood of logs. - # If a client tries to SELECT a table including violated tuples, these are filtered from - # the result set as if not exist, but its access denied longs can be recorded within log files. -@@ -321,12 +383,14 @@ - # to access classified tuples and can make a audit record. - # - # Therefore, the following rule is applied for any domains which can connect SE-PostgreSQL. --dontaudit { postgresql_t sepgsql_client_type sepgsql_unconfined_type } { sepgsql_table_type -sepgsql_sysobj_table_type }:db_tuple { use select update insert delete }; -+dontaudit { postgresql_t sepgsql_client_type sepgsql_unconfined_type } { sepgsql_table_type -sepgsql_sysobj_table_type }:db_tuple { select update insert delete }; - - tunable_policy(`sepgsql_enable_users_ddl',` -- allow sepgsql_client_type sepgsql_table_t:db_table { create drop setattr }; -- allow sepgsql_client_type sepgsql_table_t:db_column { create drop setattr }; -- allow sepgsql_client_type sepgsql_sysobj_t:db_tuple { update insert delete }; -+ allow sepgsql_client_type sepgsql_schema_t:db_schema { add_object remove_object }; -+ allow sepgsql_client_type user_sepgsql_table_t:db_table { create drop setattr }; -+ allow sepgsql_client_type user_sepgsql_table_t:db_column { create drop setattr }; -+ allow sepgsql_client_type user_sepgsql_proc_exec_t:db_procedure { create drop setattr }; -+ allow sepgsql_client_type user_sepgsql_sequence_t:db_sequence { create drop setattr }; - ') - - ######################################## -@@ -334,20 +398,33 @@ - # Unconfined access to this module - # - --allow sepgsql_unconfined_type sepgsql_database_type:db_database *; --type_transition sepgsql_unconfined_type sepgsql_unconfined_type:db_database sepgsql_db_t; -+allow sepgsql_unconfined_type sepgsql_database_type:db_database ~{superuser}; -+type_transition sepgsql_unconfined_type postgresql_t:db_database sepgsql_db_t; - --type_transition sepgsql_unconfined_type sepgsql_database_type:db_table sepgsql_table_t; --type_transition sepgsql_unconfined_type sepgsql_database_type:db_procedure sepgsql_proc_t; -+allow sepgsql_unconfined_type sepgsql_schema_type:db_schema *; -+type_transition sepgsql_unconfined_type sepgsql_database_type:db_schema sepgsql_schema_t; -+ -+type_transition sepgsql_unconfined_type sepgsql_schema_t:db_table sepgsql_table_t; -+type_transition sepgsql_unconfined_type sepgsql_schema_t:db_procedure sepgsql_proc_exec_t; -+type_transition sepgsql_unconfined_type sepgsql_schema_t:db_sequence sepgsql_sequence_t; -+ -+type_transition sepgsql_unconfined_type sepgsql_temp_schema_t:db_table sepgsql_temp_table_t; -+type_transition sepgsql_unconfined_type sepgsql_temp_schema_t:db_procedure sepgsql_temp_proc_exec_t; -+type_transition sepgsql_unconfined_type sepgsql_temp_schema_t:db_sequence sepgsql_temp_sequence_t; -+ - type_transition sepgsql_unconfined_type sepgsql_database_type:db_blob sepgsql_blob_t; - - allow sepgsql_unconfined_type sepgsql_table_type:{ db_table db_column db_tuple } *; - - # unconfined domain is not allowed to invoke user defined procedure directly. - # They have to confirm and relabel it at first. --allow sepgsql_unconfined_type { sepgsql_proc_t sepgsql_trusted_proc_t }:db_procedure *; --allow sepgsql_unconfined_type sepgsql_procedure_type:db_procedure { create drop getattr setattr relabelfrom relabelto }; -+# In addition, trusted procedure is not allowed to install. -+allow sepgsql_unconfined_type sepgsql_proc_t:db_procedure *; -+allow sepgsql_unconfined_type sepgsql_trusted_proc_t:db_procedure ~{ install }; -+allow sepgsql_unconfined_type sepgsql_procedure_type:db_procedure ~{ execute install }; - -+allow sepgsql_unconfined_type sepgsql_sequence_type:db_sequence *; -+ - allow sepgsql_unconfined_type sepgsql_blob_type:db_blob *; - - allow sepgsql_unconfined_type sepgsql_module_type:db_database install_module; -Index: config/appconfig-mls/db_contexts -=================================================================== ---- config/appconfig-mls/db_contexts (revision 0) -+++ config/appconfig-mls/db_contexts (revision 0) -@@ -0,0 +1,16 @@ -+# -+# Config file for SE-PostgreSQL extension -+# -+ -+# -+# db_database object -+# ------------------ -+database * system_u:object_r:sepgsql_db_t:s0 -+ -+# -+# db_schema object -+# ---------------- -+schema pg_temp_* system_u:object_r:sepgsql_temp_schema_t:s0 -+ -+# NOTE: all the database objects stored in pg_temp_* namespace is -+# released at end of the session. -Index: config/appconfig-standard/db_contexts -=================================================================== ---- config/appconfig-standard/db_contexts (revision 0) -+++ config/appconfig-standard/db_contexts (revision 0) -@@ -0,0 +1,16 @@ -+# -+# Config file for SE-PostgreSQL extension -+# -+ -+# -+# db_database object -+# ------------------ -+database * system_u:object_r:sepgsql_db_t -+ -+# -+# db_schema object -+# ---------------- -+schema pg_temp_* system_u:object_r:sepgsql_temp_schema_t -+ -+# NOTE: all the database objects stored in pg_temp_* namespace is -+# released at end of the session. -Index: config/appconfig-mcs/db_contexts -=================================================================== ---- config/appconfig-mcs/db_contexts (revision 0) -+++ config/appconfig-mcs/db_contexts (revision 0) -@@ -0,0 +1,16 @@ -+# -+# Config file for SE-PostgreSQL extension -+# -+ -+# -+# db_database object -+# ------------------ -+database * system_u:object_r:sepgsql_db_t:s0 -+ -+# -+# db_schema object -+# ---------------- -+schema pg_temp_* system_u:object_r:sepgsql_temp_schema_t:s0 -+ -+# NOTE: all the database objects stored in pg_temp_* namespace is -+# released at end of the session. diff --git a/a/content_digest b/N1/content_digest index 3091263..ce0c840 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -1,12 +1,8 @@ - "From\0KaiGai Kohei <kaigai@ak.jp.nec.com>\0" - "Subject\0[RFC] Security policy reworks for SE-PostgreSQL\0" + "From\0kaigai@ak.jp.nec.com (KaiGai Kohei)\0" + "Subject\0[refpolicy] [RFC] Security policy reworks for SE-PostgreSQL\0" "Date\0Tue, 31 Mar 2009 17:55:33 +0900\0" - "To\0cpebenito@tresys.com\0" - "Cc\0method@manicmethod.com" - warner@rubix.com - selinux@tycho.nsa.gov - " refpolicy@oss.tresys.com\0" - "\01:1\0" + "To\0refpolicy@oss.tresys.com\0" + "\00:1\0" "b\0" "As we have discussed for the recent week, I have a plan to rework\n" "some of security policy for SE-PostgreSQL.\n" @@ -159,681 +155,13 @@ "Thanks,\n" "-- \n" "OSS Platform Development Division, NEC\n" - KaiGai Kohei <kaigai@ak.jp.nec.com> - "\01:2\0" - "fn\0refpolicy-sepgsql-rework.2.patch\0" - "b\0" - "Index: policy/flask/security_classes\n" - "===================================================================\n" - "--- policy/flask/security_classes\t(revision 2936)\n" - "+++ policy/flask/security_classes\t(working copy)\n" - "@@ -119,4 +119,9 @@\n" - " # kernel services that need to override task security, e.g. cachefiles\n" - " class kernel_service \n" - " \n" - "+# More Database stuff\n" - "+class db_catalog\t\t# userspace\n" - "+class db_schema\t\t\t# userspace\n" - "+class db_sequence\t\t# userspace\n" - "+\n" - " # FLASK\n" - "Index: policy/flask/access_vectors\n" - "===================================================================\n" - "--- policy/flask/access_vectors\t(revision 2936)\n" - "+++ policy/flask/access_vectors\t(working copy)\n" - "@@ -723,14 +723,12 @@\n" - " \taccess\n" - " \tinstall_module\n" - " \tload_module\n" - "-\tget_param\n" - "-\tset_param\n" - "+\tsuperuser\n" - " }\n" - " \n" - " class db_table\n" - " inherits database\n" - " {\n" - "-\tuse\n" - " \tselect\n" - " \tupdate\n" - " \tinsert\n" - "@@ -749,7 +747,6 @@\n" - " class db_column\n" - " inherits database\n" - " {\n" - "-\tuse\n" - " \tselect\n" - " \tupdate\n" - " \tinsert\n" - "@@ -759,7 +756,6 @@\n" - " {\n" - " \trelabelfrom\n" - " \trelabelto\n" - "-\tuse\n" - " \tselect\n" - " \tupdate\n" - " \tinsert\n" - "@@ -793,3 +789,29 @@\n" - " \tuse_as_override\n" - " \tcreate_files_as\t\n" - " }\n" - "+\n" - "+# More database stuff\n" - "+class db_catalog\n" - "+inherits database\n" - "+{\n" - "+\tsearch\n" - "+\tadd_object\n" - "+\tremove_object\n" - "+\tassociate\n" - "+}\n" - "+\n" - "+class db_schema\n" - "+inherits database\n" - "+{\n" - "+\tsearch\n" - "+\tadd_object\n" - "+\tremove_object\n" - "+\tassociate\n" - "+}\n" - "+\n" - "+class db_sequence\n" - "+inherits database\n" - "+{\n" - "+\tget_value\n" - "+\tset_value\n" - "+}\n" - "Index: policy/modules/kernel/kernel.if\n" - "===================================================================\n" - "--- policy/modules/kernel/kernel.if\t(revision 2936)\n" - "+++ policy/modules/kernel/kernel.if\t(working copy)\n" - "@@ -2563,18 +2563,22 @@\n" - " \tgen_require(`\n" - " \t\ttype unlabeled_t;\n" - " \t\tclass db_database { setattr relabelfrom };\n" - "+\t\tclass db_schema { setattr relabelfrom };\n" - " \t\tclass db_table { setattr relabelfrom };\n" - " \t\tclass db_procedure { setattr relabelfrom };\n" - " \t\tclass db_column { setattr relabelfrom };\n" - " \t\tclass db_tuple { update relabelfrom };\n" - "+\t\tclass db_sequence { setattr relabelfrom };\n" - " \t\tclass db_blob { setattr relabelfrom };\n" - " \t')\n" - " \n" - " \tallow $1 unlabeled_t:db_database { setattr relabelfrom };\n" - "+\tallow $1 unlabeled_t:db_schema { setattr relabelfrom };\n" - " \tallow $1 unlabeled_t:db_table { setattr relabelfrom };\n" - " \tallow $1 unlabeled_t:db_procedure { setattr relabelfrom };\n" - " \tallow $1 unlabeled_t:db_column { setattr relabelfrom };\n" - " \tallow $1 unlabeled_t:db_tuple { update relabelfrom };\n" - "+\tallow $1 unlabeled_t:db_sequence { setattr relabelfrom };\n" - " \tallow $1 unlabeled_t:db_blob { setattr relabelfrom };\n" - " ')\n" - " \n" - "Index: policy/modules/services/postgresql.if\n" - "===================================================================\n" - "--- policy/modules/services/postgresql.if\t(revision 2936)\n" - "+++ policy/modules/services/postgresql.if\t(working copy)\n" - "@@ -17,57 +17,12 @@\n" - " #\n" - " interface(`postgresql_role',`\n" - " \tgen_require(`\n" - "-\t\tclass db_database all_db_database_perms;\n" - "-\t\tclass db_table all_db_table_perms;\n" - "-\t\tclass db_procedure all_db_procedure_perms;\n" - "-\t\tclass db_column all_db_column_perms;\n" - "-\t\tclass db_tuple all_db_tuple_perms;\n" - "-\t\tclass db_blob all_db_blob_perms;\n" - "-\n" - "-\t\tattribute sepgsql_client_type, sepgsql_database_type;\n" - "-\t\tattribute sepgsql_sysobj_table_type;\n" - "-\n" - "-\t\ttype sepgsql_trusted_proc_exec_t, sepgsql_trusted_proc_t;\n" - "-\t\ttype user_sepgsql_blob_t, user_sepgsql_proc_exec_t;\n" - "-\t\ttype user_sepgsql_sysobj_t, user_sepgsql_table_t;\n" - "+\t\ttype sepgsql_trusted_proc_t;\n" - " \t')\n" - " \n" - "-\t########################################\n" - "-\t#\n" - "-\t# Declarations\n" - "-\t#\n" - "-\n" - "-\ttypeattribute $2 sepgsql_client_type;\n" - " \trole $1 types sepgsql_trusted_proc_t;\n" - " \n" - "-\t##############################\n" - "-\t#\n" - "-\t# Client local policy\n" - "-\t#\n" - "-\n" - "-\ttunable_policy(`sepgsql_enable_users_ddl',`\n" - "-\t\tallow $2 user_sepgsql_table_t:db_table { create drop };\n" - "-\t\ttype_transition $2 sepgsql_database_type:db_table user_sepgsql_table_t;\n" - "-\n" - "-\t\tallow $2 user_sepgsql_table_t:db_column { create drop };\n" - "-\n" - "-\t\tallow $2 user_sepgsql_sysobj_t:db_tuple { update insert delete };\n" - "-\t\ttype_transition $2 sepgsql_sysobj_table_type:db_tuple user_sepgsql_sysobj_t;\n" - "-\t')\n" - "-\n" - "-\tallow $2 user_sepgsql_table_t:db_table { getattr setattr use select update insert delete };\n" - "-\tallow $2 user_sepgsql_table_t:db_column { getattr setattr use select update insert };\n" - "-\tallow $2 user_sepgsql_table_t:db_tuple\t{ use select update insert delete };\n" - "-\tallow $2 user_sepgsql_sysobj_t:db_tuple\t{ use select };\n" - "-\n" - "-\tallow $2 user_sepgsql_proc_exec_t:db_procedure { create drop getattr setattr execute };\n" - "-\ttype_transition $2 sepgsql_database_type:db_procedure user_sepgsql_proc_exec_t;\n" - "-\n" - "-\tallow $2 user_sepgsql_blob_t:db_blob { create drop getattr setattr read write };\n" - "-\ttype_transition $2 sepgsql_database_type:db_blob user_sepgsql_blob_t;\n" - "-\n" - "-\tallow $2 sepgsql_trusted_proc_t:process transition;\n" - "-\ttype_transition $2 sepgsql_trusted_proc_exec_t:process sepgsql_trusted_proc_t;\n" - "+\tpostgresql_unpriv_client($2)\n" - " ')\n" - " \n" - " ########################################\n" - "@@ -108,6 +63,24 @@\n" - " \n" - " ########################################\n" - " ## <summary>\n" - "+##\tMarks as a SE-PostgreSQL schema object type\n" - "+## </summary>\n" - "+## <param name=\"type\">\n" - "+##\t<summary>\n" - "+##\tType marked as a schema object type.\n" - "+##\t</summary>\n" - "+## </param>\n" - "+#\n" - "+interface(`postgresql_schema_object',`\n" - "+\tgen_require(`\n" - "+\t\tattribute sepgsql_schema_type;\n" - "+\t')\n" - "+\n" - "+\ttypeattribute $1 sepgsql_schema_type;\n" - "+')\n" - "+\n" - "+########################################\n" - "+## <summary>\n" - " ##\tMarks as a SE-PostgreSQL table/column/tuple object type\n" - " ## </summary>\n" - " ## <param name=\"type\">\n" - "@@ -163,6 +136,24 @@\n" - " \n" - " ########################################\n" - " ## <summary>\n" - "+##\tMarks as a SE-PostgreSQL sequence object type\n" - "+## </summary>\n" - "+## <param name=\"type\">\n" - "+##\t<summary>\n" - "+##\tType marked as a sequence object type.\n" - "+##\t</summary>\n" - "+## </param>\n" - "+#\n" - "+interface(`postgresql_sequence_object',`\n" - "+\tgen_require(`\n" - "+\t\tattribute sepgsql_sequence_type;\n" - "+\t')\n" - "+\n" - "+\ttypeattribute $1 sepgsql_sequence_type;\n" - "+')\n" - "+\n" - "+########################################\n" - "+## <summary>\n" - " ##\tMarks as a SE-PostgreSQL binary large object type\n" - " ## </summary>\n" - " ## <param name=\"type\">\n" - "@@ -181,6 +172,24 @@\n" - " \n" - " ########################################\n" - " ## <summary>\n" - "+##\tMarks as a SE-PostgreSQL object type stored within temporary schema\n" - "+## </summary>\n" - "+## <param name=\"type\">\n" - "+##\t<summary>\n" - "+##\tType marked as a temporary database object type.\n" - "+##\t</summary>\n" - "+## </param>\n" - "+#\n" - "+interface(`postgresql_temporary_object',`\n" - "+\tgen_require(`\n" - "+\t\tattribute sepgsql_temporary_type;\n" - "+\t')\n" - "+\n" - "+\ttypeattribute $1 sepgsql_temporary_type;\n" - "+')\n" - "+\n" - "+########################################\n" - "+## <summary>\n" - " ##\tAllow the specified domain to search postgresql's database directory.\n" - " ## </summary>\n" - " ## <param name=\"domain\">\n" - "@@ -313,22 +322,46 @@\n" - " #\n" - " interface(`postgresql_unpriv_client',`\n" - " \tgen_require(`\n" - "+\t\tclass db_database all_db_database_perms;\n" - "+\t\tclass db_schema all_db_schema_perms;\n" - " \t\tclass db_table all_db_table_perms;\n" - " \t\tclass db_procedure all_db_procedure_perms;\n" - "+\t\tclass db_column all_db_column_perms;\n" - "+\t\tclass db_tuple all_db_tuple_perms;\n" - "+\t\tclass db_sequence all_db_sequence_perms;\n" - " \t\tclass db_blob all_db_blob_perms;\n" - " \n" - "-\t\tattribute sepgsql_client_type;\n" - "+\t\tattribute sepgsql_client_type, sepgsql_database_type;\n" - " \n" - "-\t\ttype sepgsql_db_t, sepgsql_table_t, sepgsql_proc_t, sepgsql_blob_t;\n" - "+\t\ttype sepgsql_schema_t, sepgsql_temp_schema_t;\n" - "+\t\ttype user_sepgsql_table_t, user_sepgsql_proc_exec_t;\n" - "+\t\ttype user_sepgsql_sequence_t, user_sepgsql_blob_t;\n" - "+\t\ttype sepgsql_temp_table_t, sepgsql_temp_proc_exec_t, sepgsql_temp_sequence_t;\n" - " \t\ttype sepgsql_trusted_proc_t, sepgsql_trusted_proc_exec_t;\n" - " \t')\n" - " \n" - "+\t########################################\n" - "+\t#\n" - "+\t# Declarations\n" - "+\t#\n" - "+\n" - " \ttypeattribute $1 sepgsql_client_type;\n" - " \n" - "-\ttype_transition $1 sepgsql_db_t:db_table sepgsql_table_t;\n" - "-\ttype_transition $1 sepgsql_db_t:db_procedure sepgsql_proc_t;\n" - "-\ttype_transition $1 sepgsql_db_t:db_blob sepgsql_blob_t;\n" - "+\t##############################\n" - "+\t#\n" - "+\t# Type transitions\n" - "+\t#\n" - "+\ttype_transition $1 sepgsql_schema_t:db_table user_sepgsql_table_t;\n" - "+\ttype_transition $1 sepgsql_schema_t:db_procedure user_sepgsql_proc_exec_t;\n" - "+\ttype_transition $1 sepgsql_schema_t:db_sequence user_sepgsql_sequence_t;\n" - " \n" - "+\ttype_transition $1 sepgsql_temp_schema_t:db_table sepgsql_temp_table_t;\n" - "+\ttype_transition $1 sepgsql_temp_schema_t:db_procedure sepgsql_temp_proc_exec_t;\n" - "+\ttype_transition $1 sepgsql_temp_schema_t:db_sequence sepgsql_temp_sequence_t;\n" - "+\n" - "+\ttype_transition $1 sepgsql_database_type:db_blob user_sepgsql_blob_t;\n" - "+\n" - "+\t# Trusted procedure invocation\n" - " \ttype_transition $1 sepgsql_trusted_proc_exec_t:process sepgsql_trusted_proc_t;\n" - " \tallow $1 sepgsql_trusted_proc_t:process transition;\n" - " ')\n" - "@@ -346,8 +379,31 @@\n" - " #\n" - " interface(`postgresql_unconfined',`\n" - " \tgen_require(`\n" - "+\t\tclass db_database {superuser};\n" - "+\n" - " \t\tattribute sepgsql_unconfined_type;\n" - " \t')\n" - " \n" - " \ttypeattribute $1 sepgsql_unconfined_type;\n" - "+\n" - "+\tallow $1 $1 : db_database {superuser};\n" - " ')\n" - "+\n" - "+########################################\n" - "+## <summary>\n" - "+##\tAllow the specified domain unconfined accesses to any database objects\n" - "+##\tmanaged by SE-PostgreSQL, without db_database:{superuser} privilege.\n" - "+## </summary>\n" - "+## <param name=\"domain\">\n" - "+##\t<summary>\n" - "+##\tDomain allowed access.\n" - "+##\t</summary>\n" - "+## </param>\n" - "+#\n" - "+interface(`postgresql_unconfined_without_superuser',`\n" - "+\tgen_require(`\n" - "+\t\tattribute sepgsql_unconfined_type;\n" - "+\t')\n" - "+\n" - "+\ttypeattribute $1 sepgsql_unconfined_type;\n" - "+')\n" - "Index: policy/modules/services/postgresql.te\n" - "===================================================================\n" - "--- policy/modules/services/postgresql.te\t(revision 2936)\n" - "+++ policy/modules/services/postgresql.te\t(working copy)\n" - "@@ -1,12 +1,14 @@\n" - " \n" - "-policy_module(postgresql, 1.8.3)\n" - "+policy_module(postgresql, 1.9.1)\n" - " \n" - " gen_require(`\n" - " \tclass db_database all_db_database_perms;\n" - "+\tclass db_schema all_db_schema_perms;\n" - " \tclass db_table all_db_table_perms;\n" - " \tclass db_procedure all_db_procedure_perms;\n" - " \tclass db_column all_db_column_perms;\n" - " \tclass db_tuple all_db_tuple_perms;\n" - "+\tclass db_sequence all_db_sequence_perms;\n" - " \tclass db_blob all_db_blob_perms;\n" - " ')\n" - " \n" - "@@ -50,10 +52,13 @@\n" - " \n" - " # database objects attribute\n" - " attribute sepgsql_database_type;\n" - "+attribute sepgsql_schema_type;\n" - " attribute sepgsql_table_type;\n" - " attribute sepgsql_sysobj_table_type;\n" - " attribute sepgsql_procedure_type;\n" - " attribute sepgsql_blob_type;\n" - "+attribute sepgsql_sequence_type;\n" - "+attribute sepgsql_temporary_type;\n" - " attribute sepgsql_module_type;\n" - " \n" - " # database object types\n" - "@@ -66,8 +71,9 @@\n" - " type sepgsql_fixed_table_t;\n" - " postgresql_table_object(sepgsql_fixed_table_t)\n" - " \n" - "-type sepgsql_proc_t;\n" - "-postgresql_procedure_object(sepgsql_proc_t)\n" - "+type sepgsql_proc_exec_t;\n" - "+typealias sepgsql_proc_exec_t alias { sepgsql_proc_t };\n" - "+postgresql_procedure_object(sepgsql_proc_exec_t)\n" - " \n" - " type sepgsql_ro_blob_t;\n" - " postgresql_blob_object(sepgsql_ro_blob_t)\n" - "@@ -75,25 +81,46 @@\n" - " type sepgsql_ro_table_t;\n" - " postgresql_table_object(sepgsql_ro_table_t)\n" - " \n" - "+type sepgsql_schema_t;\n" - "+postgresql_schema_object(sepgsql_schema_t)\n" - "+\n" - " type sepgsql_secret_blob_t;\n" - " postgresql_blob_object(sepgsql_secret_blob_t)\n" - " \n" - " type sepgsql_secret_table_t;\n" - " postgresql_table_object(sepgsql_secret_table_t)\n" - " \n" - "+type sepgsql_sequence_t;\n" - "+postgresql_sequence_object(sepgsql_sequence_t)\n" - "+\n" - " type sepgsql_sysobj_t;\n" - " postgresql_system_table_object(sepgsql_sysobj_t)\n" - " \n" - " type sepgsql_table_t;\n" - " postgresql_table_object(sepgsql_table_t)\n" - " \n" - "+type sepgsql_temp_proc_exec_t;\n" - "+postgresql_procedure_object(sepgsql_temp_proc_exec_t)\n" - "+postgresql_temporary_object(sepgsql_temp_proc_exec_t)\n" - "+\n" - "+type sepgsql_temp_schema_t;\n" - "+postgresql_schema_object(sepgsql_temp_schema_t)\n" - "+\n" - "+type sepgsql_temp_sequence_t;\n" - "+postgresql_sequence_object(sepgsql_temp_sequence_t)\n" - "+postgresql_temporary_object(sepgsql_temp_sequence_t)\n" - "+\n" - "+type sepgsql_temp_table_t;\n" - "+postgresql_table_object(sepgsql_temp_table_t)\n" - "+postgresql_temporary_object(sepgsql_temp_table_t)\n" - "+\n" - " type sepgsql_trusted_proc_exec_t;\n" - " postgresql_procedure_object(sepgsql_trusted_proc_exec_t)\n" - " \n" - " # Trusted Procedure Domain\n" - " type sepgsql_trusted_proc_t;\n" - " domain_type(sepgsql_trusted_proc_t)\n" - "-postgresql_unconfined(sepgsql_trusted_proc_t)\n" - "+postgresql_unconfined_without_superuser(sepgsql_trusted_proc_t)\n" - " role system_r types sepgsql_trusted_proc_t;\n" - " \n" - " type user_sepgsql_blob_t;\n" - "@@ -106,6 +133,10 @@\n" - " typealias user_sepgsql_proc_exec_t alias { auditadm_sepgsql_proc_exec_t secadm_sepgsql_proc_exec_t };\n" - " postgresql_procedure_object(user_sepgsql_proc_exec_t)\n" - " \n" - "+type user_sepgsql_sequence_t;\n" - "+typealias user_sepgsql_sequence_t alias { staff_sepgsql_sequence_t sysadm_sepgsql_sequence_t };\n" - "+typealias user_sepgsql_sequence_t alias { auditadm_sepgsql_sequence_t secadm_sepgsql_sequence_t };\n" - "+\n" - " type user_sepgsql_sysobj_t;\n" - " typealias user_sepgsql_sysobj_t alias { staff_sepgsql_sysobj_t sysadm_sepgsql_sysobj_t };\n" - " typealias user_sepgsql_sysobj_t alias { auditadm_sepgsql_sysobj_t secadm_sepgsql_sysobj_t };\n" - "@@ -116,11 +147,17 @@\n" - " typealias user_sepgsql_table_t alias { auditadm_sepgsql_table_t secadm_sepgsql_table_t };\n" - " postgresql_table_object(user_sepgsql_table_t)\n" - " \n" - "+# Relationship between schema and database objects\n" - "+allow { sepgsql_table_type - sepgsql_temporary_type } sepgsql_schema_t : db_schema { associate };\n" - "+allow { sepgsql_procedure_type - sepgsql_temporary_type } sepgsql_schema_t : db_schema { associate };\n" - "+allow { sepgsql_sequence_type - sepgsql_temporary_type } sepgsql_schema_t : db_schema { associate };\n" - "+allow { sepgsql_temporary_type } sepgsql_temp_schema_t : db_schema { associate };\n" - "+\n" - " ########################################\n" - " #\n" - " # postgresql Local policy\n" - " #\n" - "-allow postgresql_t self:capability { kill dac_override dac_read_search chown fowner fsetid setuid setgid sys_nice sys_tty_config sys_admin };\n" - "+allow postgresql_t self:capability { kill dac_override dac_read_search chown fowner fsetid setuid setgid sys_nice sys_tty_config sys_admin audit_write };\n" - " dontaudit postgresql_t self:capability { sys_tty_config sys_admin };\n" - " allow postgresql_t self:process signal_perms;\n" - " allow postgresql_t self:fifo_file rw_fifo_file_perms;\n" - "@@ -130,6 +167,7 @@\n" - " allow postgresql_t self:udp_socket create_stream_socket_perms;\n" - " allow postgresql_t self:unix_dgram_socket create_socket_perms;\n" - " allow postgresql_t self:unix_stream_socket create_stream_socket_perms;\n" - "+allow postgresql_t self:netlink_audit_socket create_socket_perms;\n" - " allow postgresql_t self:netlink_selinux_socket create_socket_perms;\n" - " \n" - " allow postgresql_t sepgsql_database_type:db_database *;\n" - "@@ -139,11 +177,14 @@\n" - " # Database/Loadable module\n" - " allow sepgsql_database_type sepgsql_module_type:db_database load_module;\n" - " \n" - "+allow postgresql_t sepgsql_schema_type:db_schema *;\n" - "+type_transition postgresql_t sepgsql_schema_type:db_schema sepgsql_schema_t;\n" - "+\n" - " allow postgresql_t sepgsql_table_type:{ db_table db_column db_tuple } *;\n" - "-type_transition postgresql_t sepgsql_database_type:db_table sepgsql_sysobj_t;\n" - "+type_transition postgresql_t sepgsql_schema_type:db_table sepgsql_sysobj_t;\n" - " \n" - " allow postgresql_t sepgsql_procedure_type:db_procedure *;\n" - "-type_transition postgresql_t sepgsql_database_type:db_procedure sepgsql_proc_t;\n" - "+type_transition postgresql_t sepgsql_schema_type:db_procedure sepgsql_proc_exec_t;\n" - " \n" - " allow postgresql_t sepgsql_blob_type:db_blob *;\n" - " type_transition postgresql_t sepgsql_database_type:db_blob sepgsql_blob_t;\n" - "@@ -281,35 +322,56 @@\n" - " # Rules common to all clients\n" - " #\n" - " \n" - "-allow sepgsql_client_type sepgsql_db_t:db_database { getattr access get_param set_param };\n" - "-type_transition sepgsql_client_type sepgsql_client_type:db_database sepgsql_db_t;\n" - "+allow sepgsql_client_type sepgsql_db_t:db_database { getattr access };\n" - "+type_transition sepgsql_client_type postgresql_t:db_database sepgsql_db_t;\n" - " \n" - "-allow sepgsql_client_type sepgsql_fixed_table_t:db_table { getattr use select insert };\n" - "-allow sepgsql_client_type sepgsql_fixed_table_t:db_column { getattr use select insert };\n" - "-allow sepgsql_client_type sepgsql_fixed_table_t:db_tuple { use select insert };\n" - "+allow sepgsql_client_type sepgsql_schema_t:db_schema { search };\n" - "+allow sepgsql_client_type sepgsql_temp_schema_t:db_schema { search add_object remove_object };\n" - " \n" - "-allow sepgsql_client_type sepgsql_table_t:db_table { getattr use select update insert delete };\n" - "-allow sepgsql_client_type sepgsql_table_t:db_column { getattr use select update insert };\n" - "-allow sepgsql_client_type sepgsql_table_t:db_tuple { use select update insert delete };\n" - "+allow sepgsql_client_type sepgsql_fixed_table_t:db_table { getattr select insert lock };\n" - "+allow sepgsql_client_type sepgsql_fixed_table_t:db_column { getattr select insert };\n" - "+allow sepgsql_client_type sepgsql_fixed_table_t:db_tuple { select insert };\n" - " \n" - "-allow sepgsql_client_type sepgsql_ro_table_t:db_table { getattr use select };\n" - "-allow sepgsql_client_type sepgsql_ro_table_t:db_column { getattr use select };\n" - "-allow sepgsql_client_type sepgsql_ro_table_t:db_tuple { use select };\n" - "+allow sepgsql_client_type sepgsql_table_t:db_table { getattr select update insert delete lock };\n" - "+allow sepgsql_client_type sepgsql_table_t:db_column { getattr select update insert };\n" - "+allow sepgsql_client_type sepgsql_table_t:db_tuple { select update insert delete };\n" - " \n" - "+allow sepgsql_client_type sepgsql_ro_table_t:db_table { getattr select lock };\n" - "+allow sepgsql_client_type sepgsql_ro_table_t:db_column { getattr select };\n" - "+allow sepgsql_client_type sepgsql_ro_table_t:db_tuple { select };\n" - "+\n" - " allow sepgsql_client_type sepgsql_secret_table_t:db_table getattr;\n" - " allow sepgsql_client_type sepgsql_secret_table_t:db_column getattr;\n" - " \n" - "-allow sepgsql_client_type sepgsql_sysobj_t:db_table { getattr use select };\n" - "-allow sepgsql_client_type sepgsql_sysobj_t:db_column { getattr use select };\n" - "-allow sepgsql_client_type sepgsql_sysobj_t:db_tuple { use select };\n" - "+allow sepgsql_client_type sepgsql_sysobj_t:db_table { getattr select lock };\n" - "+allow sepgsql_client_type sepgsql_sysobj_t:db_column { getattr select };\n" - "+allow sepgsql_client_type sepgsql_sysobj_t:db_tuple { select update insert delete };\n" - " \n" - " allow sepgsql_client_type sepgsql_proc_t:db_procedure { getattr execute install };\n" - " allow sepgsql_client_type sepgsql_trusted_proc_t:db_procedure { getattr execute entrypoint };\n" - " \n" - "+allow sepgsql_client_type sepgsql_sequence_t:db_sequence { getattr get_value };\n" - "+\n" - " allow sepgsql_client_type sepgsql_blob_t:db_blob { create drop getattr setattr read write };\n" - " allow sepgsql_client_type sepgsql_ro_blob_t:db_blob { getattr read };\n" - " allow sepgsql_client_type sepgsql_secret_blob_t:db_blob getattr;\n" - " \n" - "+allow sepgsql_client_type sepgsql_temp_table_t:db_table { create drop getattr setattr select update insert delete lock };\n" - "+allow sepgsql_client_type sepgsql_temp_table_t:db_column { create drop getattr setattr select update insert };\n" - "+allow sepgsql_client_type sepgsql_temp_table_t:db_tuple { select update insert delete };\n" - "+\n" - "+allow sepgsql_client_type sepgsql_temp_proc_exec_t:db_procedure { create drop getattr setattr execute };\n" - "+\n" - "+allow sepgsql_client_type sepgsql_temp_sequence_t:db_sequence { create drop getattr setattr get_value set_value };\n" - "+\n" - "+allow sepgsql_client_type user_sepgsql_table_t:db_table { getattr select update insert delete lock };\n" - "+allow sepgsql_client_type user_sepgsql_table_t:db_column { getattr select update insert };\n" - "+allow sepgsql_client_type user_sepgsql_table_t:db_tuple { select update insert delete };\n" - "+\n" - "+allow sepgsql_client_type user_sepgsql_proc_exec_t:db_procedure { getattr execute };\n" - "+\n" - "+allow sepgsql_client_type user_sepgsql_sequence_t:db_sequence { getattr get_value set_value };\n" - "+\n" - " # The purpose of the dontaudit rule in row-level access control is to prevent a flood of logs.\n" - " # If a client tries to SELECT a table including violated tuples, these are filtered from\n" - " # the result set as if not exist, but its access denied longs can be recorded within log files.\n" - "@@ -321,12 +383,14 @@\n" - " # to access classified tuples and can make a audit record.\n" - " #\n" - " # Therefore, the following rule is applied for any domains which can connect SE-PostgreSQL.\n" - "-dontaudit { postgresql_t sepgsql_client_type sepgsql_unconfined_type } { sepgsql_table_type -sepgsql_sysobj_table_type }:db_tuple { use select update insert delete };\n" - "+dontaudit { postgresql_t sepgsql_client_type sepgsql_unconfined_type } { sepgsql_table_type -sepgsql_sysobj_table_type }:db_tuple { select update insert delete };\n" - " \n" - " tunable_policy(`sepgsql_enable_users_ddl',`\n" - "-\tallow sepgsql_client_type sepgsql_table_t:db_table { create drop setattr };\n" - "-\tallow sepgsql_client_type sepgsql_table_t:db_column { create drop setattr };\n" - "-\tallow sepgsql_client_type sepgsql_sysobj_t:db_tuple { update insert delete };\n" - "+\tallow sepgsql_client_type sepgsql_schema_t:db_schema { add_object remove_object };\n" - "+\tallow sepgsql_client_type user_sepgsql_table_t:db_table { create drop setattr };\n" - "+\tallow sepgsql_client_type user_sepgsql_table_t:db_column { create drop setattr };\n" - "+\tallow sepgsql_client_type user_sepgsql_proc_exec_t:db_procedure { create drop setattr };\n" - "+\tallow sepgsql_client_type user_sepgsql_sequence_t:db_sequence { create drop setattr };\n" - " ')\n" - " \n" - " ########################################\n" - "@@ -334,20 +398,33 @@\n" - " # Unconfined access to this module\n" - " #\n" - " \n" - "-allow sepgsql_unconfined_type sepgsql_database_type:db_database *;\n" - "-type_transition sepgsql_unconfined_type sepgsql_unconfined_type:db_database sepgsql_db_t;\n" - "+allow sepgsql_unconfined_type sepgsql_database_type:db_database ~{superuser};\n" - "+type_transition sepgsql_unconfined_type postgresql_t:db_database sepgsql_db_t;\n" - " \n" - "-type_transition sepgsql_unconfined_type sepgsql_database_type:db_table sepgsql_table_t;\n" - "-type_transition sepgsql_unconfined_type sepgsql_database_type:db_procedure sepgsql_proc_t;\n" - "+allow sepgsql_unconfined_type sepgsql_schema_type:db_schema *;\n" - "+type_transition sepgsql_unconfined_type sepgsql_database_type:db_schema sepgsql_schema_t;\n" - "+\n" - "+type_transition sepgsql_unconfined_type sepgsql_schema_t:db_table sepgsql_table_t;\n" - "+type_transition sepgsql_unconfined_type sepgsql_schema_t:db_procedure sepgsql_proc_exec_t;\n" - "+type_transition sepgsql_unconfined_type sepgsql_schema_t:db_sequence sepgsql_sequence_t;\n" - "+\n" - "+type_transition sepgsql_unconfined_type sepgsql_temp_schema_t:db_table sepgsql_temp_table_t;\n" - "+type_transition sepgsql_unconfined_type sepgsql_temp_schema_t:db_procedure sepgsql_temp_proc_exec_t;\n" - "+type_transition sepgsql_unconfined_type sepgsql_temp_schema_t:db_sequence sepgsql_temp_sequence_t;\n" - "+\n" - " type_transition sepgsql_unconfined_type sepgsql_database_type:db_blob sepgsql_blob_t;\n" - " \n" - " allow sepgsql_unconfined_type sepgsql_table_type:{ db_table db_column db_tuple } *;\n" - " \n" - " # unconfined domain is not allowed to invoke user defined procedure directly.\n" - " # They have to confirm and relabel it at first.\n" - "-allow sepgsql_unconfined_type { sepgsql_proc_t sepgsql_trusted_proc_t }:db_procedure *;\n" - "-allow sepgsql_unconfined_type sepgsql_procedure_type:db_procedure { create drop getattr setattr relabelfrom relabelto };\n" - "+# In addition, trusted procedure is not allowed to install.\n" - "+allow sepgsql_unconfined_type sepgsql_proc_t:db_procedure *;\n" - "+allow sepgsql_unconfined_type sepgsql_trusted_proc_t:db_procedure ~{ install };\n" - "+allow sepgsql_unconfined_type sepgsql_procedure_type:db_procedure ~{ execute install };\n" - " \n" - "+allow sepgsql_unconfined_type sepgsql_sequence_type:db_sequence *;\n" - "+\n" - " allow sepgsql_unconfined_type sepgsql_blob_type:db_blob *;\n" - " \n" - " allow sepgsql_unconfined_type sepgsql_module_type:db_database install_module;\n" - "Index: config/appconfig-mls/db_contexts\n" - "===================================================================\n" - "--- config/appconfig-mls/db_contexts\t(revision 0)\n" - "+++ config/appconfig-mls/db_contexts\t(revision 0)\n" - "@@ -0,0 +1,16 @@\n" - "+#\n" - "+# Config file for SE-PostgreSQL extension\n" - "+#\n" - "+\n" - "+#\n" - "+# db_database object\n" - "+# ------------------\n" - "+database\t*\t\tsystem_u:object_r:sepgsql_db_t:s0\n" - "+\n" - "+#\n" - "+# db_schema object\n" - "+# ----------------\n" - "+schema\t\tpg_temp_*\tsystem_u:object_r:sepgsql_temp_schema_t:s0\n" - "+\n" - "+# NOTE: all the database objects stored in pg_temp_* namespace is\n" - "+# released at end of the session.\n" - "Index: config/appconfig-standard/db_contexts\n" - "===================================================================\n" - "--- config/appconfig-standard/db_contexts\t(revision 0)\n" - "+++ config/appconfig-standard/db_contexts\t(revision 0)\n" - "@@ -0,0 +1,16 @@\n" - "+#\n" - "+# Config file for SE-PostgreSQL extension\n" - "+#\n" - "+\n" - "+#\n" - "+# db_database object\n" - "+# ------------------\n" - "+database\t*\t\tsystem_u:object_r:sepgsql_db_t\n" - "+\n" - "+#\n" - "+# db_schema object\n" - "+# ----------------\n" - "+schema\t\tpg_temp_*\tsystem_u:object_r:sepgsql_temp_schema_t\n" - "+\n" - "+# NOTE: all the database objects stored in pg_temp_* namespace is\n" - "+# released at end of the session.\n" - "Index: config/appconfig-mcs/db_contexts\n" - "===================================================================\n" - "--- config/appconfig-mcs/db_contexts\t(revision 0)\n" - "+++ config/appconfig-mcs/db_contexts\t(revision 0)\n" - "@@ -0,0 +1,16 @@\n" - "+#\n" - "+# Config file for SE-PostgreSQL extension\n" - "+#\n" - "+\n" - "+#\n" - "+# db_database object\n" - "+# ------------------\n" - "+database\t*\t\tsystem_u:object_r:sepgsql_db_t:s0\n" - "+\n" - "+#\n" - "+# db_schema object\n" - "+# ----------------\n" - "+schema\t\tpg_temp_*\tsystem_u:object_r:sepgsql_temp_schema_t:s0\n" - "+\n" - "+# NOTE: all the database objects stored in pg_temp_* namespace is\n" - +# released at end of the session. + "KaiGai Kohei <kaigai@ak.jp.nec.com>\n" + "-------------- next part --------------\n" + "A non-text attachment was scrubbed...\n" + "Name: refpolicy-sepgsql-rework.2.patch\n" + "Type: text/x-patch\n" + "Size: 24841 bytes\n" + "Desc: not available\n" + Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20090331/9d0579be/attachment-0001.bin -bc3f35bd591dc8adc4dddfcbcebb5b84e6be06f68ccaa1e654e7d42172be6b38 +37ad7c3a7d8c8fbeca1415183c07f7b4ff7ef96df904f6de28078c94ada6d551
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.