diff for duplicates of <4D01F7A4.90708@ak.jp.nec.com> diff --git a/a/1.txt b/N1/1.txt index 39d1de2..77f6f28 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -95,3 +95,10 @@ only MLS side. Sorry. Thanks, -- KaiGai Kohei <kaigai@ak.jp.nec.com> +-------------- next part -------------- +A non-text attachment was scrubbed... +Name: refpolicy-sepgsql.1.patch +Type: text/x-patch +Size: 30699 bytes +Desc: not available +Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20101210/06e9b492/attachment-0001.bin diff --git a/a/2.hdr b/a/2.hdr deleted file mode 100644 index 42c05d2..0000000 --- a/a/2.hdr +++ /dev/null @@ -1,5 +0,0 @@ -Content-Type: text/x-patch; - name="refpolicy-sepgsql.1.patch" -Content-Transfer-Encoding: 7bit -Content-Disposition: attachment; - filename="refpolicy-sepgsql.1.patch" diff --git a/a/2.txt b/a/2.txt deleted file mode 100644 index 0c22a3d..0000000 --- a/a/2.txt +++ /dev/null @@ -1,737 +0,0 @@ - policy/flask/access_vectors | 29 ++++++++ - policy/flask/security_classes | 6 ++ - policy/mcs | 16 ++++- - policy/mls | 58 ++++++++++++++- - policy/modules/kernel/kernel.if | 8 ++ - policy/modules/services/postgresql.if | 125 +++++++++++++++++++++++++++++++-- - policy/modules/services/postgresql.te | 116 +++++++++++++++++++++++++++++- - 7 files changed, 342 insertions(+), 16 deletions(-) - -diff --git a/policy/flask/access_vectors b/policy/flask/access_vectors -index 6760c95..ae29de3 100644 ---- a/policy/flask/access_vectors -+++ b/policy/flask/access_vectors -@@ -816,3 +816,32 @@ inherits x_device - - class x_keyboard - inherits x_device -+ -+class db_schema -+inherits database -+{ -+ search -+ add_name -+ remove_name -+} -+ -+class db_view -+inherits database -+{ -+ expand -+} -+ -+class db_sequence -+inherits database -+{ -+ get_value -+ next_value -+ set_value -+} -+ -+class db_language -+inherits database -+{ -+ implement -+ execute -+} -diff --git a/policy/flask/security_classes b/policy/flask/security_classes -index fa65db2..14a4799 100644 ---- a/policy/flask/security_classes -+++ b/policy/flask/security_classes -@@ -125,4 +125,10 @@ class tun_socket - class x_pointer # userspace - class x_keyboard # userspace - -+# More Database stuff -+class db_schema # userspace -+class db_view # userspace -+class db_sequence # userspace -+class db_language # userspace -+ - # FLASK -diff --git a/policy/mcs b/policy/mcs -index af90ef2..358ce7c 100644 ---- a/policy/mcs -+++ b/policy/mcs -@@ -107,7 +107,7 @@ mlsconstrain process { sigkill sigstop } - - # Any database object must be dominated by the relabeling subject - # clearance, also the objects are single-level. --mlsconstrain { db_database db_table db_procedure db_column db_blob } { create relabelto } -+mlsconstrain { db_database db_schema db_table db_sequence db_view db_procedure db_language db_column db_blob } { create relabelto } - (( h1 dom h2 ) and ( l2 eq h2 )); - - mlsconstrain { db_tuple } { insert relabelto } -@@ -117,6 +117,9 @@ mlsconstrain { db_tuple } { insert relabelto } - mlsconstrain db_database { drop getattr setattr relabelfrom access install_module load_module get_param set_param } - ( h1 dom h2 ); - -+mlsconstrain db_language { drop getattr setattr relabelfrom execute } -+ ( h1 dom h2 ); -+ - mlsconstrain db_table { drop getattr setattr relabelfrom select update insert delete use lock } - ( h1 dom h2 ); - -@@ -126,7 +129,16 @@ mlsconstrain db_column { drop getattr setattr relabelfrom select update insert u - mlsconstrain db_tuple { relabelfrom select update delete use } - ( h1 dom h2 ); - --mlsconstrain db_procedure { drop getattr setattr execute install } -+mlsconstrain db_sequence { drop getattr setattr relabelfrom get_value next_value set_value } -+ ( h1 dom h2 ); -+ -+mlsconstrain db_view { drop getattr setattr relabelfrom expand } -+ ( h1 dom h2 ); -+ -+mlsconstrain db_procedure { drop getattr setattr relabelfrom execute install } -+ ( h1 dom h2 ); -+ -+mlsconstrain db_language { drop getattr setattr relabelfrom execute } - ( h1 dom h2 ); - - mlsconstrain db_blob { drop getattr setattr relabelfrom read write import export } -diff --git a/policy/mls b/policy/mls -index b9f0a3e..13151ad 100644 ---- a/policy/mls -+++ b/policy/mls -@@ -727,13 +727,13 @@ mlsconstrain context contains - # - - # make sure these database classes are "single level" --mlsconstrain { db_database db_table db_procedure db_column db_blob } { create relabelto } -+mlsconstrain { db_database db_schema db_table db_sequence db_view db_procedure db_language db_column db_blob } { create relabelto } - ( l2 eq h2 ); - mlsconstrain { db_tuple } { insert relabelto } - ( l2 eq h2 ); - - # new database labels must be dominated by the relabeling subjects clearance --mlsconstrain { db_database db_table db_procedure db_column db_tuple db_blob } { relabelto } -+mlsconstrain { db_database db_schema db_table db_sequence db_view db_procedure db_language db_column db_tuple db_blob } { relabelto } - ( h1 dom h2 ); - - # the database "read" ops (note the check is dominance of the low level) -@@ -743,6 +743,12 @@ mlsconstrain { db_database } { getattr access get_param } - ( t1 == mlsdbread ) or - ( t2 == mlstrustedobject )); - -+mlsconstrain { db_schema } { getattr search } -+ (( l1 dom l2 ) or -+ (( t1 == mlsdbreadtoclr ) and ( h1 dom l2 )) or -+ ( t1 == mlsdbread ) or -+ ( t2 == mlstrustedobject )); -+ - mlsconstrain { db_table } { getattr use select lock } - (( l1 dom l2 ) or - (( t1 == mlsdbreadtoclr ) and ( h1 dom l2 )) or -@@ -755,12 +761,30 @@ mlsconstrain { db_column } { getattr use select } - ( t1 == mlsdbread ) or - ( t2 == mlstrustedobject )); - -+mlsconstrain { db_sequence } { getattr get_value next_value } -+ (( l1 dom l2 ) or -+ (( t1 == mlsdbreadtoclr ) and ( h1 dom l2 )) or -+ ( t1 == mlsdbread ) or -+ ( t2 == mlstrustedobject )); -+ -+mlsconstrain { db_view } { getattr expand } -+ (( l1 dom l2 ) or -+ (( t1 == mlsdbreadtoclr ) and ( h1 dom l2 )) or -+ ( t1 == mlsdbread ) or -+ ( t2 == mlstrustedobject )); -+ - mlsconstrain { db_procedure } { getattr execute install } - (( l1 dom l2 ) or - (( t1 == mlsdbreadtoclr ) and ( h1 dom l2 )) or - ( t1 == mlsdbread ) or - ( t2 == mlstrustedobject )); - -+mlsconstrain { db_language } { getattr execute } -+ (( l1 dom l2 ) or -+ (( t1 == mlsdbreadtoclr ) and ( h1 dom l2 )) or -+ ( t1 == mlsdbread ) or -+ ( t2 == mlstrustedobject )); -+ - mlsconstrain { db_blob } { getattr read export } - (( l1 dom l2 ) or - (( t1 == mlsdbreadtoclr ) and ( h1 dom l2 )) or -@@ -781,6 +805,13 @@ mlsconstrain { db_database } { create drop setattr relabelfrom install_module lo - ( t1 == mlsdbwrite ) or - ( t2 == mlstrustedobject )); - -+mlsconstrain { db_schema } { create drop setattr relabelfrom add_name remove_name } -+ (( l1 eq l2 ) or -+ (( t1 == mlsdbwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or -+ (( t2 == mlsdbwriteinrange ) and ( l1 dom l2 ) and ( h1 domby h2 )) or -+ ( t1 == mlsdbwrite ) or -+ ( t2 == mlstrustedobject )); -+ - mlsconstrain { db_table } { create drop setattr relabelfrom update insert delete } - (( l1 eq l2 ) or - (( t1 == mlsdbwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or -@@ -795,6 +826,20 @@ mlsconstrain { db_column } { create drop setattr relabelfrom update insert } - ( t1 == mlsdbwrite ) or - ( t2 == mlstrustedobject )); - -+mlsconstrain { db_sequence } { create drop setattr relabelfrom set_value } -+ (( l1 eq l2 ) or -+ (( t1 == mlsdbwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or -+ (( t2 == mlsdbwriteinrange ) and ( l1 dom l2 ) and ( h1 domby h2 )) or -+ ( t1 == mlsdbwrite ) or -+ ( t2 == mlstrustedobject )); -+ -+mlsconstrain { db_view } { create drop setattr relabelfrom } -+ (( l1 eq l2 ) or -+ (( t1 == mlsdbwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or -+ (( t2 == mlsdbwriteinrange ) and ( l1 dom l2 ) and ( h1 domby h2 )) or -+ ( t1 == mlsdbwrite ) or -+ ( t2 == mlstrustedobject )); -+ - mlsconstrain { db_procedure } { create drop setattr relabelfrom } - (( l1 eq l2 ) or - (( t1 == mlsdbwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or -@@ -802,6 +847,13 @@ mlsconstrain { db_procedure } { create drop setattr relabelfrom } - ( t1 == mlsdbwrite ) or - ( t2 == mlstrustedobject )); - -+mlsconstrain { db_language } { create drop setattr relabelfrom } -+ (( l1 eq l2 ) or -+ (( t1 == mlsdbwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or -+ (( t2 == mlsdbwriteinrange ) and ( l1 dom l2 ) and ( h1 domby h2 )) or -+ ( t1 == mlsdbwrite ) or -+ ( t2 == mlstrustedobject )); -+ - mlsconstrain { db_blob } { create drop setattr relabelfrom write import } - (( l1 eq l2 ) or - (( t1 == mlsdbwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or -@@ -817,7 +869,7 @@ mlsconstrain { db_tuple } { relabelfrom update insert delete } - ( t2 == mlstrustedobject )); - - # the database upgrade/downgrade rule --mlsvalidatetrans { db_database db_table db_procedure db_column db_tuple db_blob } -+mlsvalidatetrans { db_database db_schema db_table db_sequence db_view db_procedure db_language db_column db_tuple db_blob } - ((( l1 eq l2 ) or - (( t3 == mlsdbupgrade ) and ( l1 domby l2 )) or - (( t3 == mlsdbdowngrade ) and ( l1 dom l2 )) or -diff --git a/policy/modules/kernel/kernel.if b/policy/modules/kernel/kernel.if -index b4ad6d7..d7468b3 100644 ---- a/policy/modules/kernel/kernel.if -+++ b/policy/modules/kernel/kernel.if -@@ -2865,16 +2865,24 @@ interface(`kernel_relabelfrom_unlabeled_database',` - gen_require(` - type unlabeled_t; - class db_database { setattr relabelfrom }; -+ class db_schema { setattr relabelfrom }; - class db_table { setattr relabelfrom }; -+ class db_sequence { setattr relabelfrom }; -+ class db_view { setattr relabelfrom }; - class db_procedure { setattr relabelfrom }; -+ class db_language { setattr relabelfrom }; - class db_column { setattr relabelfrom }; - class db_tuple { update relabelfrom }; - class db_blob { setattr relabelfrom }; - ') - - allow $1 unlabeled_t:db_database { setattr relabelfrom }; -+ allow $1 unlabeled_t:db_schema { setattr relabelfrom }; - allow $1 unlabeled_t:db_table { setattr relabelfrom }; -+ allow $1 unlabeled_t:db_sequence { setattr relabelfrom }; -+ allow $1 unlabeled_t:db_view { setattr relabelfrom }; - allow $1 unlabeled_t:db_procedure { setattr relabelfrom }; -+ allow $1 unlabeled_t:db_language { setattr relabelfrom }; - allow $1 unlabeled_t:db_column { setattr relabelfrom }; - allow $1 unlabeled_t:db_tuple { update relabelfrom }; - allow $1 unlabeled_t:db_blob { setattr relabelfrom }; -diff --git a/policy/modules/services/postgresql.if b/policy/modules/services/postgresql.if -index 539a7c9..09aeffa 100644 ---- a/policy/modules/services/postgresql.if -+++ b/policy/modules/services/postgresql.if -@@ -18,18 +18,24 @@ - interface(`postgresql_role',` - gen_require(` - class db_database all_db_database_perms; -+ class db_schema all_db_schema_perms; - class db_table all_db_table_perms; -+ class db_sequence all_db_sequence_perms; -+ class db_view all_db_view_perms; - class db_procedure all_db_procedure_perms; -+ class db_language all_db_language_perms; - class db_column all_db_column_perms; - class db_tuple all_db_tuple_perms; - class db_blob all_db_blob_perms; - - attribute sepgsql_client_type, sepgsql_database_type; -- attribute sepgsql_sysobj_table_type; -+ attribute sepgsql_schema_type, sepgsql_sysobj_table_type; - - type sepgsql_trusted_proc_exec_t, sepgsql_trusted_proc_t; - type user_sepgsql_blob_t, user_sepgsql_proc_exec_t; -+ type user_sepgsql_schema_t, user_sepgsql_seq_t; - type user_sepgsql_sysobj_t, user_sepgsql_table_t; -+ type user_sepgsql_view_t; - ') - - ######################################## -@@ -46,23 +52,36 @@ interface(`postgresql_role',` - # - - tunable_policy(`sepgsql_enable_users_ddl',` -+ allow $2 user_sepgsql_schema_t:db_schema { create drop setattr }; - allow $2 user_sepgsql_table_t:db_table { create drop setattr }; - allow $2 user_sepgsql_table_t:db_column { create drop setattr }; -- - allow $2 user_sepgsql_sysobj_t:db_tuple { update insert delete }; -+ allow $2 user_sepgsql_seq_t:db_sequence { create drop setattr set_value }; -+ allow $2 user_sepgsql_view_t:db_view { create drop setattr }; - allow $2 user_sepgsql_proc_exec_t:db_procedure { create drop setattr }; - ') - -+ allow $2 user_sepgsql_schema_t:db_schema { getattr search add_name remove_name }; -+ type_transition $2 sepgsql_database_type:db_schema user_sepgsql_schema_t; -+ - allow $2 user_sepgsql_table_t:db_table { getattr use select update insert delete lock }; - allow $2 user_sepgsql_table_t:db_column { getattr use select update insert }; - allow $2 user_sepgsql_table_t:db_tuple { use select update insert delete }; -- type_transition $2 sepgsql_database_type:db_table user_sepgsql_table_t; -+ type_transition $2 sepgsql_database_type:db_table user_sepgsql_table_t; # deprecated -+ type_transition $2 sepgsql_schema_type:db_table user_sepgsql_table_t; - - allow $2 user_sepgsql_sysobj_t:db_tuple { use select }; - type_transition $2 sepgsql_sysobj_table_type:db_tuple user_sepgsql_sysobj_t; - -+ allow $2 user_sepgsql_seq_t:db_sequence { getattr get_value next_value }; -+ type_transition $2 sepgsql_schema_type:db_sequence user_sepgsql_seq_t; -+ -+ allow $2 user_sepgsql_view_t:db_view { getattr expand }; -+ type_transition $2 sepgsql_schema_type:db_view user_sepgsql_view_t; -+ - allow $2 user_sepgsql_proc_exec_t:db_procedure { getattr execute }; -- type_transition $2 sepgsql_database_type:db_procedure user_sepgsql_proc_exec_t; -+ type_transition $2 sepgsql_database_type:db_procedure user_sepgsql_proc_exec_t; # deprecated -+ type_transition $2 sepgsql_schema_type:db_procedure user_sepgsql_proc_exec_t; - - allow $2 user_sepgsql_blob_t:db_blob { create drop getattr setattr read write import export }; - type_transition $2 sepgsql_database_type:db_blob user_sepgsql_blob_t; -@@ -109,6 +128,24 @@ interface(`postgresql_database_object',` - - ######################################## - ## <summary> -+## Marks as a SE-PostgreSQL schema object type -+## </summary> -+## <param name="type"> -+## <summary> -+## Type marked as a schema object type. -+## </summary> -+## </param> -+# -+interface(`postgresql_schema_object',` -+ gen_require(` -+ attribute sepgsql_schema_type; -+ ') -+ -+ typeattribute $1 sepgsql_schema_type; -+') -+ -+######################################## -+## <summary> - ## Marks as a SE-PostgreSQL table/column/tuple object type - ## </summary> - ## <param name="type"> -@@ -146,6 +183,42 @@ interface(`postgresql_system_table_object',` - - ######################################## - ## <summary> -+## Marks as a SE-PostgreSQL sequence type -+## </summary> -+## <param name="type"> -+## <summary> -+## Type marked as a sequence type. -+## </summary> -+## </param> -+# -+interface(`postgresql_sequence_object',` -+ gen_require(` -+ attribute sepgsql_sequence_type; -+ ') -+ -+ typeattribute $1 sepgsql_sequence_type; -+') -+ -+######################################## -+## <summary> -+## Marks as a SE-PostgreSQL view object type -+## </summary> -+## <param name="type"> -+## <summary> -+## Type marked as a view object type. -+## </summary> -+## </param> -+# -+interface(`postgresql_view_object',` -+ gen_require(` -+ attribute sepgsql_view_type; -+ ') -+ -+ typeattribute $1 sepgsql_view_type; -+') -+ -+######################################## -+## <summary> - ## Marks as a SE-PostgreSQL procedure object type - ## </summary> - ## <param name="type"> -@@ -164,6 +237,24 @@ interface(`postgresql_procedure_object',` - - ######################################## - ## <summary> -+## Marks as a SE-PostgreSQL procedural language object type -+## </summary> -+## <param name="type"> -+## <summary> -+## Type marked as a procedural language object type. -+## </summary> -+## </param> -+# -+interface(`postgresql_language_object',` -+ gen_require(` -+ attribute sepgsql_language_type; -+ ') -+ -+ typeattribute $1 sepgsql_language_type; -+') -+ -+######################################## -+## <summary> - ## Marks as a SE-PostgreSQL binary large object type - ## </summary> - ## <param name="type"> -@@ -332,18 +423,25 @@ interface(`postgresql_stream_connect',` - interface(`postgresql_unpriv_client',` - gen_require(` - class db_database all_db_database_perms; -+ class db_schema all_db_schema_perms; - class db_table all_db_table_perms; -+ class db_sequence all_db_sequence_perms; -+ class db_view all_db_view_perms; - class db_procedure all_db_procedure_perms; -+ class db_language all_db_language_perms; - class db_column all_db_column_perms; - class db_tuple all_db_tuple_perms; - class db_blob all_db_blob_perms; - - attribute sepgsql_client_type; -- attribute sepgsql_database_type, sepgsql_sysobj_table_type; -+ attribute sepgsql_database_type, sepgsql_schema_type; -+ attribute sepgsql_sysobj_table_type; - - type sepgsql_trusted_proc_t, sepgsql_trusted_proc_exec_t; - type unpriv_sepgsql_blob_t, unpriv_sepgsql_proc_exec_t; -+ type unpriv_sepgsql_schema_t, unpriv_sepgsql_seq_t; - type unpriv_sepgsql_sysobj_t, unpriv_sepgsql_table_t; -+ type unpriv_sepgsql_view_t; - ') - - ######################################## -@@ -362,22 +460,35 @@ interface(`postgresql_unpriv_client',` - allow $1 sepgsql_trusted_proc_t:process transition; - - tunable_policy(`sepgsql_enable_users_ddl',` -+ allow $1 unpriv_sepgsql_schema_t:db_schema { create drop setattr }; - allow $1 unpriv_sepgsql_table_t:db_table { create drop setattr }; - allow $1 unpriv_sepgsql_table_t:db_column { create drop setattr }; - allow $1 unpriv_sepgsql_sysobj_t:db_tuple { update insert delete }; -+ allow $1 unpriv_sepgsql_seq_t:db_sequence { create drop setattr }; -+ allow $1 unpriv_sepgsql_view_t:db_view { create drop setattr }; - allow $1 unpriv_sepgsql_proc_exec_t:db_procedure { create drop setattr }; - ') -+ allow $1 unpriv_sepgsql_schema_t:db_schema { getattr add_name remove_name }; -+ type_transition $1 sepgsql_database_type:db_schema unpriv_sepgsql_schema_t; - - allow $1 unpriv_sepgsql_table_t:db_table { getattr use select update insert delete lock }; - allow $1 unpriv_sepgsql_table_t:db_column { getattr use select update insert }; - allow $1 unpriv_sepgsql_table_t:db_tuple { use select update insert delete }; -- type_transition $1 sepgsql_database_type:db_table unpriv_sepgsql_table_t; -+ type_transition $1 sepgsql_database_type:db_table unpriv_sepgsql_table_t; # deprecated -+ type_transition $1 sepgsql_schema_type:db_table unpriv_sepgsql_table_t; -+ -+ allow $1 unpriv_sepgsql_seq_t:db_sequence { getattr get_value next_value set_value }; -+ type_transition $1 sepgsql_schema_type:db_sequence unpriv_sepgsql_seq_t; -+ -+ allow $1 unpriv_sepgsql_view_t:db_view { getattr expand }; -+ type_transition $1 sepgsql_schema_type:db_view unpriv_sepgsql_view_t; - - allow $1 unpriv_sepgsql_sysobj_t:db_tuple { use select }; - type_transition $1 sepgsql_sysobj_table_type:db_tuple unpriv_sepgsql_sysobj_t; - - allow $1 unpriv_sepgsql_proc_exec_t:db_procedure { getattr execute }; -- type_transition $1 sepgsql_database_type:db_procedure unpriv_sepgsql_proc_exec_t; -+ type_transition $1 sepgsql_database_type:db_procedure unpriv_sepgsql_proc_exec_t; # deprecated -+ type_transition $1 sepgsql_schema_type:db_procedure unpriv_sepgsql_proc_exec_t; - - allow $1 unpriv_sepgsql_blob_t:db_blob { create drop getattr setattr read write import export }; - type_transition $1 sepgsql_database_type:db_blob unpriv_sepgsql_blob_t; -diff --git a/policy/modules/services/postgresql.te b/policy/modules/services/postgresql.te -index 39abf57..2de95c5 100644 ---- a/policy/modules/services/postgresql.te -+++ b/policy/modules/services/postgresql.te -@@ -60,9 +60,13 @@ attribute sepgsql_unconfined_type; - - # database objects attribute - attribute sepgsql_database_type; -+attribute sepgsql_schema_type; - attribute sepgsql_table_type; - attribute sepgsql_sysobj_table_type; -+attribute sepgsql_sequence_type; -+attribute sepgsql_view_type; - attribute sepgsql_procedure_type; -+attribute sepgsql_language_type; - attribute sepgsql_blob_type; - attribute sepgsql_module_type; - -@@ -76,6 +80,12 @@ postgresql_database_object(sepgsql_db_t) - type sepgsql_fixed_table_t; - postgresql_table_object(sepgsql_fixed_table_t) - -+type sepgsql_lang_t; -+postgresql_language_object(sepgsql_lang_t) -+ -+type sepgsql_priv_lang_t; -+postgresql_language_object(sepgsql_priv_lang_t) -+ - type sepgsql_proc_exec_t; - typealias sepgsql_proc_exec_t alias sepgsql_proc_t; - postgresql_procedure_object(sepgsql_proc_exec_t) -@@ -86,12 +96,21 @@ postgresql_blob_object(sepgsql_ro_blob_t) - type sepgsql_ro_table_t; - postgresql_table_object(sepgsql_ro_table_t) - -+type sepgsql_safe_lang_t; -+postgresql_language_object(sepgsql_safe_lang_t) -+ -+type sepgsql_schema_t; -+postgresql_schema_object(sepgsql_schema_t) -+ - type sepgsql_secret_blob_t; - postgresql_blob_object(sepgsql_secret_blob_t) - - type sepgsql_secret_table_t; - postgresql_table_object(sepgsql_secret_table_t) - -+type sepgsql_seq_t; -+postgresql_sequence_object(sepgsql_seq_t) -+ - type sepgsql_sysobj_t; - postgresql_system_table_object(sepgsql_sysobj_t) - -@@ -101,6 +120,9 @@ postgresql_table_object(sepgsql_table_t) - type sepgsql_trusted_proc_exec_t; - postgresql_procedure_object(sepgsql_trusted_proc_exec_t) - -+type sepgsql_view_t; -+postgresql_view_object(sepgsql_view_t) -+ - # Trusted Procedure Domain - type sepgsql_trusted_proc_t; - domain_type(sepgsql_trusted_proc_t) -@@ -114,12 +136,21 @@ postgresql_blob_object(unpriv_sepgsql_blob_t) - type unpriv_sepgsql_proc_exec_t; - postgresql_procedure_object(unpriv_sepgsql_proc_exec_t) - -+type unpriv_sepgsql_schema_t; -+postgresql_schema_object(unpriv_sepgsql_schema_t); -+ -+type unpriv_sepgsql_seq_t; -+postgresql_sequence_object(unpriv_sepgsql_seq_t) -+ - type unpriv_sepgsql_sysobj_t; - postgresql_system_table_object(unpriv_sepgsql_sysobj_t) - - type unpriv_sepgsql_table_t; - postgresql_table_object(unpriv_sepgsql_table_t) - -+type unpriv_sepgsql_view_t; -+postgresql_view_object(unpriv_sepgsql_view_t) -+ - # Types for UBAC - type user_sepgsql_blob_t; - typealias user_sepgsql_blob_t alias { staff_sepgsql_blob_t sysadm_sepgsql_blob_t }; -@@ -131,6 +162,16 @@ typealias user_sepgsql_proc_exec_t alias { staff_sepgsql_proc_exec_t sysadm_sepg - typealias user_sepgsql_proc_exec_t alias { auditadm_sepgsql_proc_exec_t secadm_sepgsql_proc_exec_t }; - postgresql_procedure_object(user_sepgsql_proc_exec_t) - -+type user_sepgsql_schema_t; -+typealias user_sepgsql_schema_t alias { staff_sepgsql_schema_t sysadm_sepgsql_schema_t }; -+typealias user_sepgsql_schema_t alias { auditadm_sepgsql_schema_t secadm_sepgsql_schema_t }; -+postgresql_schema_object(user_sepgsql_schema_t) -+ -+type user_sepgsql_seq_t; -+typealias user_sepgsql_seq_t alias { staff_sepgsql_seq_t sysadm_sepgsql_seq_t }; -+typealias user_sepgsql_seq_t alias { auditadm_sepgsql_seq_t secadm_sepgsql_seq_t }; -+postgresql_sequence_object(user_sepgsql_seq_t) -+ - type user_sepgsql_sysobj_t; - typealias user_sepgsql_sysobj_t alias { staff_sepgsql_sysobj_t sysadm_sepgsql_sysobj_t }; - typealias user_sepgsql_sysobj_t alias { auditadm_sepgsql_sysobj_t secadm_sepgsql_sysobj_t }; -@@ -141,6 +182,11 @@ typealias user_sepgsql_table_t alias { staff_sepgsql_table_t sysadm_sepgsql_tabl - typealias user_sepgsql_table_t alias { auditadm_sepgsql_table_t secadm_sepgsql_table_t }; - postgresql_table_object(user_sepgsql_table_t) - -+type user_sepgsql_view_t; -+typealias user_sepgsql_view_t alias { staff_sepgsql_view_t sysadm_sepgsql_view_t }; -+typealias user_sepgsql_view_t alias { auditadm_sepgsql_view_t secadm_sepgsql_view_t }; -+postgresql_view_object(user_sepgsql_view_t) -+ - ######################################## - # - # postgresql Local policy -@@ -165,9 +211,15 @@ allow postgresql_t sepgsql_module_type:db_database install_module; - # Database/Loadable module - allow sepgsql_database_type sepgsql_module_type:db_database load_module; - -+allow postgresql_t sepgsql_schema_type:db_schema *; -+ - allow postgresql_t sepgsql_table_type:{ db_table db_column db_tuple } *; - type_transition postgresql_t sepgsql_database_type:db_table sepgsql_sysobj_t; - -+allow postgresql_t sepgsql_sequence_type:db_sequence *; -+ -+allow postgresql_t sepgsql_view_type:db_view *; -+ - allow postgresql_t sepgsql_procedure_type:db_procedure *; - type_transition postgresql_t sepgsql_database_type:db_procedure sepgsql_proc_exec_t; - -@@ -314,6 +366,14 @@ optional_policy(` - allow sepgsql_client_type sepgsql_db_t:db_database { getattr access get_param set_param }; - type_transition sepgsql_client_type sepgsql_client_type:db_database sepgsql_db_t; - -+allow sepgsql_client_type sepgsql_schema_t:db_schema { getattr search }; -+# Note that permission of creation/deletion are eventually controlled by -+# create or drop permission of individual objects within shared schemas. -+# So, it just allows to create/drop user specific types. -+tunable_policy(`sepgsql_enable_users_ddl',` -+ allow sepgsql_client_type sepgsql_schema_t:db_schema { add_name remove_name }; -+') -+ - allow sepgsql_client_type sepgsql_fixed_table_t:db_table { getattr use select insert lock }; - allow sepgsql_client_type sepgsql_fixed_table_t:db_column { getattr use select insert }; - allow sepgsql_client_type sepgsql_fixed_table_t:db_tuple { use select insert }; -@@ -333,9 +393,22 @@ allow sepgsql_client_type sepgsql_sysobj_t:db_table { getattr use select lock }; - allow sepgsql_client_type sepgsql_sysobj_t:db_column { getattr use select }; - allow sepgsql_client_type sepgsql_sysobj_t:db_tuple { use select }; - -+allow sepgsql_client_type sepgsql_seq_t:db_sequence { getattr get_value next_value }; -+ -+allow sepgsql_client_type sepgsql_view_t:db_view { getattr expand }; -+ - allow sepgsql_client_type sepgsql_proc_exec_t:db_procedure { getattr execute install }; - allow sepgsql_client_type sepgsql_trusted_proc_exec_t:db_procedure { getattr execute entrypoint }; - -+allow sepgsql_client_type sepgsql_lang_t:db_language { getattr }; -+allow sepgsql_client_type sepgsql_safe_lang_t:db_language { getattr execute }; -+ -+# Only DBA can implement SQL procedures using `unsafe' procedural languages. -+# The `unsafe' one provides a capability to access internal data structure, -+# so we don't allow user-defined function being implemented using `unsafe' one. -+allow sepgsql_proc_exec_t sepgsql_lang_t:db_language { implement }; -+allow sepgsql_procedure_type sepgsql_safe_lang_t:db_language { implement }; -+ - allow sepgsql_client_type sepgsql_blob_t:db_blob { create drop getattr setattr read write }; - allow sepgsql_client_type sepgsql_ro_blob_t:db_blob { getattr read }; - allow sepgsql_client_type sepgsql_secret_blob_t:db_blob getattr; -@@ -361,16 +434,33 @@ dontaudit { postgresql_t sepgsql_admin_type sepgsql_client_type sepgsql_unconfin - allow sepgsql_admin_type sepgsql_database_type:db_database { create drop getattr setattr relabelfrom relabelto access }; - type_transition sepgsql_admin_type sepgsql_admin_type:db_database sepgsql_db_t; - -+allow sepgsql_admin_type sepgsql_schema_type:db_schema { create drop getattr setattr relabelfrom relabelto search add_name remove_name }; -+type_transition sepgsql_admin_type sepgsql_database_type:db_schema sepgsql_schema_t; -+ - allow sepgsql_admin_type sepgsql_table_type:db_table { create drop getattr setattr relabelfrom relabelto lock }; - allow sepgsql_admin_type sepgsql_table_type:db_column { create drop getattr setattr relabelfrom relabelto }; - allow sepgsql_admin_type sepgsql_sysobj_table_type:db_tuple { relabelfrom relabelto select update insert delete }; - --type_transition sepgsql_admin_type sepgsql_database_type:db_table sepgsql_table_t; -+type_transition sepgsql_admin_type sepgsql_database_type:db_table sepgsql_table_t; # deprecated -+type_transition sepgsql_admin_type sepgsql_schema_type:db_table sepgsql_table_t; -+ -+allow sepgsql_admin_type sepgsql_sequence_type:db_sequence { create drop getattr setattr relabelfrom relabelto get_value next_value set_value }; -+ -+type_transition sepgsql_admin_type sepgsql_schema_type:db_schema sepgsql_seq_t; -+ -+allow sepgsql_admin_type sepgsql_view_type:db_view { create drop getattr setattr relabelfrom relabelto expand }; -+ -+type_transition sepgsql_admin_type sepgsql_view_type:db_view sepgsql_view_t; - - allow sepgsql_admin_type sepgsql_procedure_type:db_procedure { create drop getattr relabelfrom relabelto }; - allow sepgsql_admin_type sepgsql_proc_exec_t:db_procedure execute; - --type_transition sepgsql_admin_type sepgsql_database_type:db_procedure sepgsql_proc_exec_t; -+type_transition sepgsql_admin_type sepgsql_database_type:db_procedure sepgsql_proc_exec_t; # deprecated -+type_transition sepgsql_admin_type sepgsql_schema_type:db_procedure sepgsql_proc_exec_t; -+ -+allow sepgsql_admin_type sepgsql_language_type:db_language { create drop getattr setattr relabelfrom relabelto execute }; -+ -+type_transition sepgsql_admin_type sepgsql_database_type:db_language sepgsql_lang_t; - - allow sepgsql_admin_type sepgsql_blob_type:db_blob { create drop getattr setattr relabelfrom relabelto }; - -@@ -383,12 +473,18 @@ kernel_relabelfrom_unlabeled_database(sepgsql_admin_type) - tunable_policy(`sepgsql_unconfined_dbadm',` - allow sepgsql_admin_type sepgsql_database_type:db_database *; - -+ allow sepgsql_admin_type sepgsql_schema_type:db_schema *; -+ - allow sepgsql_admin_type sepgsql_table_type:{ db_table db_column db_tuple } *; -+ allow sepgsql_admin_type sepgsql_sequence_type:db_sequence *; -+ allow sepgsql_admin_type sepgsql_view_type:db_view *; - - allow sepgsql_admin_type sepgsql_proc_exec_t:db_procedure *; - allow sepgsql_admin_type sepgsql_trusted_proc_exec_t:db_procedure ~install; - allow sepgsql_admin_type sepgsql_procedure_type:db_procedure ~{ execute install }; - -+ allow sepgsql_admin_type sepgsql_language_type:db_language ~implement; -+ - allow sepgsql_admin_type sepgsql_blob_type:db_blob *; - ') - -@@ -400,11 +496,21 @@ tunable_policy(`sepgsql_unconfined_dbadm',` - allow sepgsql_unconfined_type sepgsql_database_type:db_database *; - type_transition sepgsql_unconfined_type sepgsql_unconfined_type:db_database sepgsql_db_t; - --type_transition sepgsql_unconfined_type sepgsql_database_type:db_table sepgsql_table_t; --type_transition sepgsql_unconfined_type sepgsql_database_type:db_procedure sepgsql_proc_exec_t; -+allow sepgsql_unconfined_type sepgsql_schema_type:db_schema *; -+type_transition sepgsql_unconfined_type sepgsql_database_type:db_schema sepgsql_schema_t; -+ -+type_transition sepgsql_unconfined_type sepgsql_database_type:db_table sepgsql_table_t; # deprecated -+type_transition sepgsql_unconfined_type sepgsql_database_type:db_procedure sepgsql_proc_exec_t; # deprecated -+type_transition sepgsql_unconfined_type sepgsql_schema_type:db_table sepgsql_table_t; -+type_transition sepgsql_unconfined_type sepgsql_schema_type:db_sequence sepgsql_seq_t; -+type_transition sepgsql_unconfined_type sepgsql_schema_type:db_view sepgsql_view_t; -+type_transition sepgsql_unconfined_type sepgsql_schema_type:db_procedure sepgsql_proc_exec_t; -+type_transition sepgsql_unconfined_type sepgsql_database_type:db_language sepgsql_lang_t; - type_transition sepgsql_unconfined_type sepgsql_database_type:db_blob sepgsql_blob_t; - - allow sepgsql_unconfined_type sepgsql_table_type:{ db_table db_column db_tuple } *; -+allow sepgsql_unconfined_type sepgsql_sequence_type:db_sequence *; -+allow sepgsql_unconfined_type sepgsql_view_type:db_view *; - - # unconfined domain is not allowed to invoke user defined procedure directly. - # They have to confirm and relabel it at first. -@@ -412,6 +518,8 @@ allow sepgsql_unconfined_type sepgsql_proc_exec_t:db_procedure *; - allow sepgsql_unconfined_type sepgsql_trusted_proc_exec_t:db_procedure ~install; - allow sepgsql_unconfined_type sepgsql_procedure_type:db_procedure ~{ execute install }; - -+allow sepgsql_unconfined_type sepgsql_language_type:db_language ~implement; -+ - allow sepgsql_unconfined_type sepgsql_blob_type:db_blob *; - - allow sepgsql_unconfined_type sepgsql_module_type:db_database install_module; diff --git a/a/content_digest b/N1/content_digest index 7016c1d..c428e9d 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -1,9 +1,8 @@ - "From\0KaiGai Kohei <kaigai@ak.jp.nec.com>\0" - "Subject\0[PATCH] New database object classes\0" + "From\0kaigai@ak.jp.nec.com (KaiGai Kohei)\0" + "Subject\0[refpolicy] [PATCH] New database object classes\0" "Date\0Fri, 10 Dec 2010 18:49:24 +0900\0" - "To\0refpolicy@oss1.tresys.com\0" - "Cc\0selinux@tycho.nsa.gov\0" - "\01:1\0" + "To\0refpolicy@oss.tresys.com\0" + "\00:1\0" "b\0" "The attached patch adds a few database object classes, as follows:\n" "\n" @@ -101,746 +100,13 @@ "\n" "Thanks,\n" "-- \n" - KaiGai Kohei <kaigai@ak.jp.nec.com> - "\01:2\0" - "fn\0refpolicy-sepgsql.1.patch\0" - "b\0" - " policy/flask/access_vectors | 29 ++++++++\n" - " policy/flask/security_classes | 6 ++\n" - " policy/mcs | 16 ++++-\n" - " policy/mls | 58 ++++++++++++++-\n" - " policy/modules/kernel/kernel.if | 8 ++\n" - " policy/modules/services/postgresql.if | 125 +++++++++++++++++++++++++++++++--\n" - " policy/modules/services/postgresql.te | 116 +++++++++++++++++++++++++++++-\n" - " 7 files changed, 342 insertions(+), 16 deletions(-)\n" - "\n" - "diff --git a/policy/flask/access_vectors b/policy/flask/access_vectors\n" - "index 6760c95..ae29de3 100644\n" - "--- a/policy/flask/access_vectors\n" - "+++ b/policy/flask/access_vectors\n" - "@@ -816,3 +816,32 @@ inherits x_device\n" - " \n" - " class x_keyboard\n" - " inherits x_device\n" - "+\n" - "+class db_schema\n" - "+inherits database\n" - "+{\n" - "+\tsearch\n" - "+\tadd_name\n" - "+\tremove_name\n" - "+}\n" - "+\n" - "+class db_view\n" - "+inherits database\n" - "+{\n" - "+\texpand\n" - "+}\n" - "+\n" - "+class db_sequence\n" - "+inherits database\n" - "+{\n" - "+\tget_value\n" - "+\tnext_value\n" - "+\tset_value\n" - "+}\n" - "+\n" - "+class db_language\n" - "+inherits database\n" - "+{\n" - "+\timplement\n" - "+\texecute\n" - "+}\n" - "diff --git a/policy/flask/security_classes b/policy/flask/security_classes\n" - "index fa65db2..14a4799 100644\n" - "--- a/policy/flask/security_classes\n" - "+++ b/policy/flask/security_classes\n" - "@@ -125,4 +125,10 @@ class tun_socket\n" - " class x_pointer\t\t\t# userspace\n" - " class x_keyboard\t\t# userspace\n" - " \n" - "+# More Database stuff\n" - "+class db_schema\t\t\t# userspace\n" - "+class db_view\t\t\t# userspace\n" - "+class db_sequence\t\t# userspace\n" - "+class db_language\t\t# userspace\n" - "+\n" - " # FLASK\n" - "diff --git a/policy/mcs b/policy/mcs\n" - "index af90ef2..358ce7c 100644\n" - "--- a/policy/mcs\n" - "+++ b/policy/mcs\n" - "@@ -107,7 +107,7 @@ mlsconstrain process { sigkill sigstop }\n" - " \n" - " # Any database object must be dominated by the relabeling subject\n" - " # clearance, also the objects are single-level.\n" - "-mlsconstrain { db_database db_table db_procedure db_column db_blob } { create relabelto }\n" - "+mlsconstrain { db_database db_schema db_table db_sequence db_view db_procedure db_language db_column db_blob } { create relabelto }\n" - " \t(( h1 dom h2 ) and ( l2 eq h2 ));\n" - " \n" - " mlsconstrain { db_tuple } { insert relabelto }\n" - "@@ -117,6 +117,9 @@ mlsconstrain { db_tuple } { insert relabelto }\n" - " mlsconstrain db_database { drop getattr setattr relabelfrom access install_module load_module get_param set_param }\n" - " \t( h1 dom h2 );\n" - " \n" - "+mlsconstrain db_language { drop getattr setattr relabelfrom execute }\n" - "+\t( h1 dom h2 );\n" - "+\n" - " mlsconstrain db_table { drop getattr setattr relabelfrom select update insert delete use lock }\n" - " \t( h1 dom h2 );\n" - " \n" - "@@ -126,7 +129,16 @@ mlsconstrain db_column { drop getattr setattr relabelfrom select update insert u\n" - " mlsconstrain db_tuple { relabelfrom select update delete use }\n" - " \t( h1 dom h2 );\n" - " \n" - "-mlsconstrain db_procedure { drop getattr setattr execute install }\n" - "+mlsconstrain db_sequence { drop getattr setattr relabelfrom get_value next_value set_value }\n" - "+\t( h1 dom h2 );\n" - "+\n" - "+mlsconstrain db_view { drop getattr setattr relabelfrom expand }\n" - "+\t( h1 dom h2 );\n" - "+\n" - "+mlsconstrain db_procedure { drop getattr setattr relabelfrom execute install }\n" - "+\t( h1 dom h2 );\n" - "+\n" - "+mlsconstrain db_language { drop getattr setattr relabelfrom execute }\n" - " \t( h1 dom h2 );\n" - " \n" - " mlsconstrain db_blob { drop getattr setattr relabelfrom read write import export }\n" - "diff --git a/policy/mls b/policy/mls\n" - "index b9f0a3e..13151ad 100644\n" - "--- a/policy/mls\n" - "+++ b/policy/mls\n" - "@@ -727,13 +727,13 @@ mlsconstrain context contains\n" - " #\n" - " \n" - " # make sure these database classes are \"single level\"\n" - "-mlsconstrain { db_database db_table db_procedure db_column db_blob } { create relabelto }\n" - "+mlsconstrain { db_database db_schema db_table db_sequence db_view db_procedure db_language db_column db_blob } { create relabelto }\n" - " \t( l2 eq h2 );\n" - " mlsconstrain { db_tuple } { insert relabelto }\n" - " \t( l2 eq h2 );\n" - " \n" - " # new database labels must be dominated by the relabeling subjects clearance\n" - "-mlsconstrain { db_database db_table db_procedure db_column db_tuple db_blob } { relabelto }\n" - "+mlsconstrain { db_database db_schema db_table db_sequence db_view db_procedure db_language db_column db_tuple db_blob } { relabelto }\n" - " \t( h1 dom h2 );\n" - " \n" - " # the database \"read\" ops (note the check is dominance of the low level)\n" - "@@ -743,6 +743,12 @@ mlsconstrain { db_database } { getattr access get_param }\n" - " \t ( t1 == mlsdbread ) or\n" - " \t ( t2 == mlstrustedobject ));\n" - " \n" - "+mlsconstrain { db_schema } { getattr search }\n" - "+\t(( l1 dom l2 ) or\n" - "+\t (( t1 == mlsdbreadtoclr ) and ( h1 dom l2 )) or\n" - "+\t ( t1 == mlsdbread ) or\n" - "+\t ( t2 == mlstrustedobject ));\n" - "+\n" - " mlsconstrain { db_table } { getattr use select lock }\n" - " \t(( l1 dom l2 ) or\n" - " \t (( t1 == mlsdbreadtoclr ) and ( h1 dom l2 )) or\n" - "@@ -755,12 +761,30 @@ mlsconstrain { db_column } { getattr use select }\n" - " \t ( t1 == mlsdbread ) or\n" - " \t ( t2 == mlstrustedobject ));\n" - " \n" - "+mlsconstrain { db_sequence } { getattr get_value next_value }\n" - "+\t(( l1 dom l2 ) or\n" - "+\t (( t1 == mlsdbreadtoclr ) and ( h1 dom l2 )) or\n" - "+\t ( t1 == mlsdbread ) or\n" - "+\t ( t2 == mlstrustedobject ));\n" - "+\n" - "+mlsconstrain { db_view } { getattr expand }\n" - "+\t(( l1 dom l2 ) or\n" - "+\t (( t1 == mlsdbreadtoclr ) and ( h1 dom l2 )) or\n" - "+\t ( t1 == mlsdbread ) or\n" - "+\t ( t2 == mlstrustedobject ));\n" - "+\n" - " mlsconstrain { db_procedure } { getattr execute install }\n" - " \t(( l1 dom l2 ) or\n" - " \t (( t1 == mlsdbreadtoclr ) and ( h1 dom l2 )) or\n" - " \t ( t1 == mlsdbread ) or\n" - " \t ( t2 == mlstrustedobject ));\n" - " \n" - "+mlsconstrain { db_language } { getattr execute }\n" - "+\t(( l1 dom l2 ) or\n" - "+\t (( t1 == mlsdbreadtoclr ) and ( h1 dom l2 )) or\n" - "+\t ( t1 == mlsdbread ) or\n" - "+\t ( t2 == mlstrustedobject ));\n" - "+\n" - " mlsconstrain { db_blob } { getattr read export }\n" - " \t(( l1 dom l2 ) or\n" - " \t (( t1 == mlsdbreadtoclr ) and ( h1 dom l2 )) or\n" - "@@ -781,6 +805,13 @@ mlsconstrain { db_database } { create drop setattr relabelfrom install_module lo\n" - " \t ( t1 == mlsdbwrite ) or\n" - " \t ( t2 == mlstrustedobject ));\n" - " \n" - "+mlsconstrain { db_schema } { create drop setattr relabelfrom add_name remove_name }\n" - "+\t(( l1 eq l2 ) or\n" - "+\t (( t1 == mlsdbwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or\n" - "+\t (( t2 == mlsdbwriteinrange ) and ( l1 dom l2 ) and ( h1 domby h2 )) or\n" - "+\t ( t1 == mlsdbwrite ) or\n" - "+\t ( t2 == mlstrustedobject ));\n" - "+\n" - " mlsconstrain { db_table } { create drop setattr relabelfrom update insert delete }\n" - " \t(( l1 eq l2 ) or\n" - " \t (( t1 == mlsdbwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or\n" - "@@ -795,6 +826,20 @@ mlsconstrain { db_column } { create drop setattr relabelfrom update insert }\n" - " \t ( t1 == mlsdbwrite ) or\n" - " \t ( t2 == mlstrustedobject ));\n" - " \n" - "+mlsconstrain { db_sequence } { create drop setattr relabelfrom set_value }\n" - "+\t(( l1 eq l2 ) or\n" - "+\t (( t1 == mlsdbwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or\n" - "+\t (( t2 == mlsdbwriteinrange ) and ( l1 dom l2 ) and ( h1 domby h2 )) or\n" - "+\t ( t1 == mlsdbwrite ) or\n" - "+\t ( t2 == mlstrustedobject ));\n" - "+\n" - "+mlsconstrain { db_view } { create drop setattr relabelfrom }\n" - "+\t(( l1 eq l2 ) or\n" - "+\t (( t1 == mlsdbwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or\n" - "+\t (( t2 == mlsdbwriteinrange ) and ( l1 dom l2 ) and ( h1 domby h2 )) or\n" - "+\t ( t1 == mlsdbwrite ) or\n" - "+\t ( t2 == mlstrustedobject ));\n" - "+\n" - " mlsconstrain { db_procedure } { create drop setattr relabelfrom }\n" - " \t(( l1 eq l2 ) or\n" - " \t (( t1 == mlsdbwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or\n" - "@@ -802,6 +847,13 @@ mlsconstrain { db_procedure } { create drop setattr relabelfrom }\n" - " \t ( t1 == mlsdbwrite ) or\n" - " \t ( t2 == mlstrustedobject ));\n" - " \n" - "+mlsconstrain { db_language } { create drop setattr relabelfrom }\n" - "+\t(( l1 eq l2 ) or\n" - "+\t (( t1 == mlsdbwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or\n" - "+\t (( t2 == mlsdbwriteinrange ) and ( l1 dom l2 ) and ( h1 domby h2 )) or\n" - "+\t ( t1 == mlsdbwrite ) or\n" - "+\t ( t2 == mlstrustedobject ));\n" - "+\n" - " mlsconstrain { db_blob } { create drop setattr relabelfrom write import }\n" - " \t(( l1 eq l2 ) or\n" - " \t (( t1 == mlsdbwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or\n" - "@@ -817,7 +869,7 @@ mlsconstrain { db_tuple } { relabelfrom update insert delete }\n" - " \t ( t2 == mlstrustedobject ));\n" - " \n" - " # the database upgrade/downgrade rule\n" - "-mlsvalidatetrans { db_database db_table db_procedure db_column db_tuple db_blob }\n" - "+mlsvalidatetrans { db_database db_schema db_table db_sequence db_view db_procedure db_language db_column db_tuple db_blob }\n" - " \t((( l1 eq l2 ) or\n" - " \t (( t3 == mlsdbupgrade ) and ( l1 domby l2 )) or\n" - " \t (( t3 == mlsdbdowngrade ) and ( l1 dom l2 )) or\n" - "diff --git a/policy/modules/kernel/kernel.if b/policy/modules/kernel/kernel.if\n" - "index b4ad6d7..d7468b3 100644\n" - "--- a/policy/modules/kernel/kernel.if\n" - "+++ b/policy/modules/kernel/kernel.if\n" - "@@ -2865,16 +2865,24 @@ interface(`kernel_relabelfrom_unlabeled_database',`\n" - " \tgen_require(`\n" - " \t\ttype unlabeled_t;\n" - " \t\tclass db_database { setattr relabelfrom };\n" - "+\t\tclass db_schema { setattr relabelfrom };\n" - " \t\tclass db_table { setattr relabelfrom };\n" - "+\t\tclass db_sequence { setattr relabelfrom };\n" - "+\t\tclass db_view { setattr relabelfrom };\n" - " \t\tclass db_procedure { setattr relabelfrom };\n" - "+\t\tclass db_language { setattr relabelfrom };\n" - " \t\tclass db_column { setattr relabelfrom };\n" - " \t\tclass db_tuple { update relabelfrom };\n" - " \t\tclass db_blob { setattr relabelfrom };\n" - " \t')\n" - " \n" - " \tallow $1 unlabeled_t:db_database { setattr relabelfrom };\n" - "+\tallow $1 unlabeled_t:db_schema { setattr relabelfrom };\n" - " \tallow $1 unlabeled_t:db_table { setattr relabelfrom };\n" - "+\tallow $1 unlabeled_t:db_sequence { setattr relabelfrom };\n" - "+\tallow $1 unlabeled_t:db_view { setattr relabelfrom };\n" - " \tallow $1 unlabeled_t:db_procedure { setattr relabelfrom };\n" - "+\tallow $1 unlabeled_t:db_language { setattr relabelfrom };\n" - " \tallow $1 unlabeled_t:db_column { setattr relabelfrom };\n" - " \tallow $1 unlabeled_t:db_tuple { update relabelfrom };\n" - " \tallow $1 unlabeled_t:db_blob { setattr relabelfrom };\n" - "diff --git a/policy/modules/services/postgresql.if b/policy/modules/services/postgresql.if\n" - "index 539a7c9..09aeffa 100644\n" - "--- a/policy/modules/services/postgresql.if\n" - "+++ b/policy/modules/services/postgresql.if\n" - "@@ -18,18 +18,24 @@\n" - " interface(`postgresql_role',`\n" - " \tgen_require(`\n" - " \t\tclass db_database all_db_database_perms;\n" - "+\t\tclass db_schema all_db_schema_perms;\n" - " \t\tclass db_table all_db_table_perms;\n" - "+\t\tclass db_sequence all_db_sequence_perms;\n" - "+\t\tclass db_view all_db_view_perms;\n" - " \t\tclass db_procedure all_db_procedure_perms;\n" - "+\t\tclass db_language all_db_language_perms;\n" - " \t\tclass db_column all_db_column_perms;\n" - " \t\tclass db_tuple all_db_tuple_perms;\n" - " \t\tclass db_blob all_db_blob_perms;\n" - " \n" - " \t\tattribute sepgsql_client_type, sepgsql_database_type;\n" - "-\t\tattribute sepgsql_sysobj_table_type;\n" - "+\t\tattribute sepgsql_schema_type, sepgsql_sysobj_table_type;\n" - " \n" - " \t\ttype sepgsql_trusted_proc_exec_t, sepgsql_trusted_proc_t;\n" - " \t\ttype user_sepgsql_blob_t, user_sepgsql_proc_exec_t;\n" - "+\t\ttype user_sepgsql_schema_t, user_sepgsql_seq_t;\n" - " \t\ttype user_sepgsql_sysobj_t, user_sepgsql_table_t;\n" - "+\t\ttype user_sepgsql_view_t;\n" - " \t')\n" - " \n" - " \t########################################\n" - "@@ -46,23 +52,36 @@ interface(`postgresql_role',`\n" - " \t#\n" - " \n" - " \ttunable_policy(`sepgsql_enable_users_ddl',`\n" - "+\t\tallow $2 user_sepgsql_schema_t:db_schema { create drop setattr };\n" - " \t\tallow $2 user_sepgsql_table_t:db_table { create drop setattr };\n" - " \t\tallow $2 user_sepgsql_table_t:db_column { create drop setattr };\n" - "-\n" - " \t\tallow $2 user_sepgsql_sysobj_t:db_tuple { update insert delete };\n" - "+\t\tallow $2 user_sepgsql_seq_t:db_sequence { create drop setattr set_value };\n" - "+\t\tallow $2 user_sepgsql_view_t:db_view { create drop setattr };\n" - " \t\tallow $2 user_sepgsql_proc_exec_t:db_procedure { create drop setattr };\n" - " \t')\n" - " \n" - "+\tallow $2 user_sepgsql_schema_t:db_schema { getattr search add_name remove_name };\n" - "+\ttype_transition $2 sepgsql_database_type:db_schema user_sepgsql_schema_t;\n" - "+\n" - " \tallow $2 user_sepgsql_table_t:db_table\t{ getattr use select update insert delete lock };\n" - " \tallow $2 user_sepgsql_table_t:db_column { getattr use select update insert };\n" - " \tallow $2 user_sepgsql_table_t:db_tuple\t{ use select update insert delete };\n" - "-\ttype_transition $2 sepgsql_database_type:db_table user_sepgsql_table_t;\n" - "+\ttype_transition $2 sepgsql_database_type:db_table user_sepgsql_table_t;\t\t# deprecated\n" - "+\ttype_transition $2 sepgsql_schema_type:db_table user_sepgsql_table_t;\n" - " \n" - " \tallow $2 user_sepgsql_sysobj_t:db_tuple\t{ use select };\n" - " \ttype_transition $2 sepgsql_sysobj_table_type:db_tuple user_sepgsql_sysobj_t;\n" - " \n" - "+\tallow $2 user_sepgsql_seq_t:db_sequence { getattr get_value next_value };\n" - "+\ttype_transition $2 sepgsql_schema_type:db_sequence user_sepgsql_seq_t;\n" - "+\n" - "+\tallow $2 user_sepgsql_view_t:db_view { getattr expand };\n" - "+\ttype_transition $2 sepgsql_schema_type:db_view user_sepgsql_view_t;\n" - "+\n" - " \tallow $2 user_sepgsql_proc_exec_t:db_procedure { getattr execute };\n" - "-\ttype_transition $2 sepgsql_database_type:db_procedure user_sepgsql_proc_exec_t;\n" - "+\ttype_transition $2 sepgsql_database_type:db_procedure user_sepgsql_proc_exec_t;\t# deprecated\n" - "+\ttype_transition $2 sepgsql_schema_type:db_procedure user_sepgsql_proc_exec_t;\n" - " \n" - " \tallow $2 user_sepgsql_blob_t:db_blob { create drop getattr setattr read write import export };\n" - " \ttype_transition $2 sepgsql_database_type:db_blob user_sepgsql_blob_t;\n" - "@@ -109,6 +128,24 @@ interface(`postgresql_database_object',`\n" - " \n" - " ########################################\n" - " ## <summary>\n" - "+##\tMarks as a SE-PostgreSQL schema object type\n" - "+## </summary>\n" - "+## <param name=\"type\">\n" - "+##\t<summary>\n" - "+##\tType marked as a schema object type.\n" - "+##\t</summary>\n" - "+## </param>\n" - "+#\n" - "+interface(`postgresql_schema_object',`\n" - "+\tgen_require(`\n" - "+\t\tattribute sepgsql_schema_type;\n" - "+\t')\n" - "+\n" - "+\ttypeattribute $1 sepgsql_schema_type;\n" - "+')\n" - "+\n" - "+########################################\n" - "+## <summary>\n" - " ##\tMarks as a SE-PostgreSQL table/column/tuple object type\n" - " ## </summary>\n" - " ## <param name=\"type\">\n" - "@@ -146,6 +183,42 @@ interface(`postgresql_system_table_object',`\n" - " \n" - " ########################################\n" - " ## <summary>\n" - "+##\tMarks as a SE-PostgreSQL sequence type\n" - "+## </summary>\n" - "+## <param name=\"type\">\n" - "+##\t<summary>\n" - "+##\tType marked as a sequence type.\n" - "+##\t</summary>\n" - "+## </param>\n" - "+#\n" - "+interface(`postgresql_sequence_object',`\n" - "+\tgen_require(`\n" - "+\t\tattribute sepgsql_sequence_type;\n" - "+\t')\n" - "+\n" - "+\ttypeattribute $1 sepgsql_sequence_type;\n" - "+')\n" - "+\n" - "+########################################\n" - "+## <summary>\n" - "+##\tMarks as a SE-PostgreSQL view object type\n" - "+## </summary>\n" - "+## <param name=\"type\">\n" - "+##\t<summary>\n" - "+##\tType marked as a view object type.\n" - "+##\t</summary>\n" - "+## </param>\n" - "+#\n" - "+interface(`postgresql_view_object',`\n" - "+\tgen_require(`\n" - "+\t\tattribute sepgsql_view_type;\n" - "+\t')\n" - "+\n" - "+\ttypeattribute $1 sepgsql_view_type;\n" - "+')\n" - "+\n" - "+########################################\n" - "+## <summary>\n" - " ##\tMarks as a SE-PostgreSQL procedure object type\n" - " ## </summary>\n" - " ## <param name=\"type\">\n" - "@@ -164,6 +237,24 @@ interface(`postgresql_procedure_object',`\n" - " \n" - " ########################################\n" - " ## <summary>\n" - "+##\tMarks as a SE-PostgreSQL procedural language object type\n" - "+## </summary>\n" - "+## <param name=\"type\">\n" - "+##\t<summary>\n" - "+##\tType marked as a procedural language object type.\n" - "+##\t</summary>\n" - "+## </param>\n" - "+#\n" - "+interface(`postgresql_language_object',`\n" - "+\tgen_require(`\n" - "+\t\tattribute sepgsql_language_type;\n" - "+\t')\n" - "+\n" - "+\ttypeattribute $1 sepgsql_language_type;\n" - "+')\n" - "+\n" - "+########################################\n" - "+## <summary>\n" - " ##\tMarks as a SE-PostgreSQL binary large object type\n" - " ## </summary>\n" - " ## <param name=\"type\">\n" - "@@ -332,18 +423,25 @@ interface(`postgresql_stream_connect',`\n" - " interface(`postgresql_unpriv_client',`\n" - " \tgen_require(`\n" - " \t\tclass db_database all_db_database_perms;\n" - "+\t\tclass db_schema all_db_schema_perms;\n" - " \t\tclass db_table all_db_table_perms;\n" - "+\t\tclass db_sequence all_db_sequence_perms;\n" - "+\t\tclass db_view all_db_view_perms;\n" - " \t\tclass db_procedure all_db_procedure_perms;\n" - "+\t\tclass db_language all_db_language_perms;\n" - " \t\tclass db_column all_db_column_perms;\n" - " \t\tclass db_tuple all_db_tuple_perms;\n" - " \t\tclass db_blob all_db_blob_perms;\n" - " \n" - " \t\tattribute sepgsql_client_type;\n" - "-\t\tattribute sepgsql_database_type, sepgsql_sysobj_table_type;\n" - "+\t\tattribute sepgsql_database_type, sepgsql_schema_type;\n" - "+\t\tattribute sepgsql_sysobj_table_type;\n" - " \n" - " \t\ttype sepgsql_trusted_proc_t, sepgsql_trusted_proc_exec_t;\n" - " \t\ttype unpriv_sepgsql_blob_t, unpriv_sepgsql_proc_exec_t;\n" - "+\t\ttype unpriv_sepgsql_schema_t, unpriv_sepgsql_seq_t;\n" - " \t\ttype unpriv_sepgsql_sysobj_t, unpriv_sepgsql_table_t;\n" - "+\t\ttype unpriv_sepgsql_view_t;\n" - " \t')\n" - " \n" - " \t########################################\n" - "@@ -362,22 +460,35 @@ interface(`postgresql_unpriv_client',`\n" - " \tallow $1 sepgsql_trusted_proc_t:process transition;\n" - " \n" - " \ttunable_policy(`sepgsql_enable_users_ddl',`\n" - "+\t\tallow $1 unpriv_sepgsql_schema_t:db_schema { create drop setattr };\n" - " \t\tallow $1 unpriv_sepgsql_table_t:db_table { create drop setattr };\n" - " \t\tallow $1 unpriv_sepgsql_table_t:db_column { create drop setattr };\n" - " \t\tallow $1 unpriv_sepgsql_sysobj_t:db_tuple { update insert delete };\n" - "+\t\tallow $1 unpriv_sepgsql_seq_t:db_sequence { create drop setattr };\n" - "+\t\tallow $1 unpriv_sepgsql_view_t:db_view { create drop setattr };\n" - " \t\tallow $1 unpriv_sepgsql_proc_exec_t:db_procedure { create drop setattr };\n" - " \t')\n" - "+\tallow $1 unpriv_sepgsql_schema_t:db_schema { getattr add_name remove_name };\n" - "+\ttype_transition $1 sepgsql_database_type:db_schema unpriv_sepgsql_schema_t;\n" - " \n" - " \tallow $1 unpriv_sepgsql_table_t:db_table { getattr use select update insert delete lock };\n" - " \tallow $1 unpriv_sepgsql_table_t:db_column { getattr use select update insert };\n" - " \tallow $1 unpriv_sepgsql_table_t:db_tuple { use select update insert delete };\n" - "-\ttype_transition $1 sepgsql_database_type:db_table unpriv_sepgsql_table_t;\n" - "+\ttype_transition $1 sepgsql_database_type:db_table unpriv_sepgsql_table_t;\t# deprecated\n" - "+\ttype_transition $1 sepgsql_schema_type:db_table unpriv_sepgsql_table_t;\n" - "+\n" - "+\tallow $1 unpriv_sepgsql_seq_t:db_sequence { getattr get_value next_value set_value };\n" - "+\ttype_transition $1 sepgsql_schema_type:db_sequence unpriv_sepgsql_seq_t;\n" - "+\n" - "+\tallow $1 unpriv_sepgsql_view_t:db_view { getattr expand };\n" - "+\ttype_transition $1 sepgsql_schema_type:db_view unpriv_sepgsql_view_t;\n" - " \n" - " \tallow $1 unpriv_sepgsql_sysobj_t:db_tuple { use select };\n" - " \ttype_transition $1 sepgsql_sysobj_table_type:db_tuple unpriv_sepgsql_sysobj_t;\n" - " \n" - " \tallow $1 unpriv_sepgsql_proc_exec_t:db_procedure { getattr execute };\n" - "-\ttype_transition $1 sepgsql_database_type:db_procedure unpriv_sepgsql_proc_exec_t;\n" - "+\ttype_transition $1 sepgsql_database_type:db_procedure unpriv_sepgsql_proc_exec_t; # deprecated\n" - "+\ttype_transition $1 sepgsql_schema_type:db_procedure unpriv_sepgsql_proc_exec_t;\n" - " \n" - " \tallow $1 unpriv_sepgsql_blob_t:db_blob { create drop getattr setattr read write import export };\n" - " \ttype_transition $1 sepgsql_database_type:db_blob unpriv_sepgsql_blob_t;\n" - "diff --git a/policy/modules/services/postgresql.te b/policy/modules/services/postgresql.te\n" - "index 39abf57..2de95c5 100644\n" - "--- a/policy/modules/services/postgresql.te\n" - "+++ b/policy/modules/services/postgresql.te\n" - "@@ -60,9 +60,13 @@ attribute sepgsql_unconfined_type;\n" - " \n" - " # database objects attribute\n" - " attribute sepgsql_database_type;\n" - "+attribute sepgsql_schema_type;\n" - " attribute sepgsql_table_type;\n" - " attribute sepgsql_sysobj_table_type;\n" - "+attribute sepgsql_sequence_type;\n" - "+attribute sepgsql_view_type;\n" - " attribute sepgsql_procedure_type;\n" - "+attribute sepgsql_language_type;\n" - " attribute sepgsql_blob_type;\n" - " attribute sepgsql_module_type;\n" - " \n" - "@@ -76,6 +80,12 @@ postgresql_database_object(sepgsql_db_t)\n" - " type sepgsql_fixed_table_t;\n" - " postgresql_table_object(sepgsql_fixed_table_t)\n" - " \n" - "+type sepgsql_lang_t;\n" - "+postgresql_language_object(sepgsql_lang_t)\n" - "+\n" - "+type sepgsql_priv_lang_t;\n" - "+postgresql_language_object(sepgsql_priv_lang_t)\n" - "+\n" - " type sepgsql_proc_exec_t;\n" - " typealias sepgsql_proc_exec_t alias sepgsql_proc_t;\n" - " postgresql_procedure_object(sepgsql_proc_exec_t)\n" - "@@ -86,12 +96,21 @@ postgresql_blob_object(sepgsql_ro_blob_t)\n" - " type sepgsql_ro_table_t;\n" - " postgresql_table_object(sepgsql_ro_table_t)\n" - " \n" - "+type sepgsql_safe_lang_t;\n" - "+postgresql_language_object(sepgsql_safe_lang_t)\n" - "+\n" - "+type sepgsql_schema_t;\n" - "+postgresql_schema_object(sepgsql_schema_t)\n" - "+\n" - " type sepgsql_secret_blob_t;\n" - " postgresql_blob_object(sepgsql_secret_blob_t)\n" - " \n" - " type sepgsql_secret_table_t;\n" - " postgresql_table_object(sepgsql_secret_table_t)\n" - " \n" - "+type sepgsql_seq_t;\n" - "+postgresql_sequence_object(sepgsql_seq_t)\n" - "+\n" - " type sepgsql_sysobj_t;\n" - " postgresql_system_table_object(sepgsql_sysobj_t)\n" - " \n" - "@@ -101,6 +120,9 @@ postgresql_table_object(sepgsql_table_t)\n" - " type sepgsql_trusted_proc_exec_t;\n" - " postgresql_procedure_object(sepgsql_trusted_proc_exec_t)\n" - " \n" - "+type sepgsql_view_t;\n" - "+postgresql_view_object(sepgsql_view_t)\n" - "+\n" - " # Trusted Procedure Domain\n" - " type sepgsql_trusted_proc_t;\n" - " domain_type(sepgsql_trusted_proc_t)\n" - "@@ -114,12 +136,21 @@ postgresql_blob_object(unpriv_sepgsql_blob_t)\n" - " type unpriv_sepgsql_proc_exec_t;\n" - " postgresql_procedure_object(unpriv_sepgsql_proc_exec_t)\n" - " \n" - "+type unpriv_sepgsql_schema_t;\n" - "+postgresql_schema_object(unpriv_sepgsql_schema_t);\n" - "+\n" - "+type unpriv_sepgsql_seq_t;\n" - "+postgresql_sequence_object(unpriv_sepgsql_seq_t)\n" - "+\n" - " type unpriv_sepgsql_sysobj_t;\n" - " postgresql_system_table_object(unpriv_sepgsql_sysobj_t)\n" - " \n" - " type unpriv_sepgsql_table_t;\n" - " postgresql_table_object(unpriv_sepgsql_table_t)\n" - " \n" - "+type unpriv_sepgsql_view_t;\n" - "+postgresql_view_object(unpriv_sepgsql_view_t)\n" - "+\n" - " # Types for UBAC\n" - " type user_sepgsql_blob_t;\n" - " typealias user_sepgsql_blob_t alias { staff_sepgsql_blob_t sysadm_sepgsql_blob_t };\n" - "@@ -131,6 +162,16 @@ typealias user_sepgsql_proc_exec_t alias { staff_sepgsql_proc_exec_t sysadm_sepg\n" - " typealias user_sepgsql_proc_exec_t alias { auditadm_sepgsql_proc_exec_t secadm_sepgsql_proc_exec_t };\n" - " postgresql_procedure_object(user_sepgsql_proc_exec_t)\n" - " \n" - "+type user_sepgsql_schema_t;\n" - "+typealias user_sepgsql_schema_t alias { staff_sepgsql_schema_t sysadm_sepgsql_schema_t };\n" - "+typealias user_sepgsql_schema_t alias { auditadm_sepgsql_schema_t secadm_sepgsql_schema_t };\n" - "+postgresql_schema_object(user_sepgsql_schema_t)\n" - "+\n" - "+type user_sepgsql_seq_t;\n" - "+typealias user_sepgsql_seq_t alias { staff_sepgsql_seq_t sysadm_sepgsql_seq_t };\n" - "+typealias user_sepgsql_seq_t alias { auditadm_sepgsql_seq_t secadm_sepgsql_seq_t };\n" - "+postgresql_sequence_object(user_sepgsql_seq_t)\n" - "+\n" - " type user_sepgsql_sysobj_t;\n" - " typealias user_sepgsql_sysobj_t alias { staff_sepgsql_sysobj_t sysadm_sepgsql_sysobj_t };\n" - " typealias user_sepgsql_sysobj_t alias { auditadm_sepgsql_sysobj_t secadm_sepgsql_sysobj_t };\n" - "@@ -141,6 +182,11 @@ typealias user_sepgsql_table_t alias { staff_sepgsql_table_t sysadm_sepgsql_tabl\n" - " typealias user_sepgsql_table_t alias { auditadm_sepgsql_table_t secadm_sepgsql_table_t };\n" - " postgresql_table_object(user_sepgsql_table_t)\n" - " \n" - "+type user_sepgsql_view_t;\n" - "+typealias user_sepgsql_view_t alias { staff_sepgsql_view_t sysadm_sepgsql_view_t };\n" - "+typealias user_sepgsql_view_t alias { auditadm_sepgsql_view_t secadm_sepgsql_view_t };\n" - "+postgresql_view_object(user_sepgsql_view_t)\n" - "+\n" - " ########################################\n" - " #\n" - " # postgresql Local policy\n" - "@@ -165,9 +211,15 @@ allow postgresql_t sepgsql_module_type:db_database install_module;\n" - " # Database/Loadable module\n" - " allow sepgsql_database_type sepgsql_module_type:db_database load_module;\n" - " \n" - "+allow postgresql_t sepgsql_schema_type:db_schema *;\n" - "+\n" - " allow postgresql_t sepgsql_table_type:{ db_table db_column db_tuple } *;\n" - " type_transition postgresql_t sepgsql_database_type:db_table sepgsql_sysobj_t;\n" - " \n" - "+allow postgresql_t sepgsql_sequence_type:db_sequence *;\n" - "+\n" - "+allow postgresql_t sepgsql_view_type:db_view *;\n" - "+\n" - " allow postgresql_t sepgsql_procedure_type:db_procedure *;\n" - " type_transition postgresql_t sepgsql_database_type:db_procedure sepgsql_proc_exec_t;\n" - " \n" - "@@ -314,6 +366,14 @@ optional_policy(`\n" - " allow sepgsql_client_type sepgsql_db_t:db_database { getattr access get_param set_param };\n" - " type_transition sepgsql_client_type sepgsql_client_type:db_database sepgsql_db_t;\n" - " \n" - "+allow sepgsql_client_type sepgsql_schema_t:db_schema { getattr search };\n" - "+# Note that permission of creation/deletion are eventually controlled by\n" - "+# create or drop permission of individual objects within shared schemas.\n" - "+# So, it just allows to create/drop user specific types.\n" - "+tunable_policy(`sepgsql_enable_users_ddl',`\n" - "+\tallow sepgsql_client_type sepgsql_schema_t:db_schema { add_name remove_name };\n" - "+')\n" - "+\n" - " allow sepgsql_client_type sepgsql_fixed_table_t:db_table { getattr use select insert lock };\n" - " allow sepgsql_client_type sepgsql_fixed_table_t:db_column { getattr use select insert };\n" - " allow sepgsql_client_type sepgsql_fixed_table_t:db_tuple { use select insert };\n" - "@@ -333,9 +393,22 @@ allow sepgsql_client_type sepgsql_sysobj_t:db_table { getattr use select lock };\n" - " allow sepgsql_client_type sepgsql_sysobj_t:db_column { getattr use select };\n" - " allow sepgsql_client_type sepgsql_sysobj_t:db_tuple { use select };\n" - " \n" - "+allow sepgsql_client_type sepgsql_seq_t:db_sequence { getattr get_value next_value };\n" - "+\n" - "+allow sepgsql_client_type sepgsql_view_t:db_view { getattr expand };\n" - "+\n" - " allow sepgsql_client_type sepgsql_proc_exec_t:db_procedure { getattr execute install };\n" - " allow sepgsql_client_type sepgsql_trusted_proc_exec_t:db_procedure { getattr execute entrypoint };\n" - " \n" - "+allow sepgsql_client_type sepgsql_lang_t:db_language { getattr };\n" - "+allow sepgsql_client_type sepgsql_safe_lang_t:db_language { getattr execute };\n" - "+\n" - "+# Only DBA can implement SQL procedures using `unsafe' procedural languages.\n" - "+# The `unsafe' one provides a capability to access internal data structure,\n" - "+# so we don't allow user-defined function being implemented using `unsafe' one.\n" - "+allow sepgsql_proc_exec_t sepgsql_lang_t:db_language { implement };\n" - "+allow sepgsql_procedure_type sepgsql_safe_lang_t:db_language { implement };\n" - "+\n" - " allow sepgsql_client_type sepgsql_blob_t:db_blob { create drop getattr setattr read write };\n" - " allow sepgsql_client_type sepgsql_ro_blob_t:db_blob { getattr read };\n" - " allow sepgsql_client_type sepgsql_secret_blob_t:db_blob getattr;\n" - "@@ -361,16 +434,33 @@ dontaudit { postgresql_t sepgsql_admin_type sepgsql_client_type sepgsql_unconfin\n" - " allow sepgsql_admin_type sepgsql_database_type:db_database { create drop getattr setattr relabelfrom relabelto access };\n" - " type_transition sepgsql_admin_type sepgsql_admin_type:db_database sepgsql_db_t;\n" - " \n" - "+allow sepgsql_admin_type sepgsql_schema_type:db_schema { create drop getattr setattr relabelfrom relabelto search add_name remove_name };\n" - "+type_transition sepgsql_admin_type sepgsql_database_type:db_schema sepgsql_schema_t;\n" - "+\n" - " allow sepgsql_admin_type sepgsql_table_type:db_table { create drop getattr setattr relabelfrom relabelto lock };\n" - " allow sepgsql_admin_type sepgsql_table_type:db_column { create drop getattr setattr relabelfrom relabelto };\n" - " allow sepgsql_admin_type sepgsql_sysobj_table_type:db_tuple { relabelfrom relabelto select update insert delete };\n" - " \n" - "-type_transition sepgsql_admin_type sepgsql_database_type:db_table sepgsql_table_t;\n" - "+type_transition sepgsql_admin_type sepgsql_database_type:db_table sepgsql_table_t;\t# deprecated\n" - "+type_transition sepgsql_admin_type sepgsql_schema_type:db_table sepgsql_table_t;\n" - "+\n" - "+allow sepgsql_admin_type sepgsql_sequence_type:db_sequence { create drop getattr setattr relabelfrom relabelto get_value next_value set_value };\n" - "+\n" - "+type_transition sepgsql_admin_type sepgsql_schema_type:db_schema sepgsql_seq_t;\n" - "+\n" - "+allow sepgsql_admin_type sepgsql_view_type:db_view { create drop getattr setattr relabelfrom relabelto expand };\n" - "+\n" - "+type_transition sepgsql_admin_type sepgsql_view_type:db_view sepgsql_view_t;\n" - " \n" - " allow sepgsql_admin_type sepgsql_procedure_type:db_procedure { create drop getattr relabelfrom relabelto };\n" - " allow sepgsql_admin_type sepgsql_proc_exec_t:db_procedure execute;\n" - " \n" - "-type_transition sepgsql_admin_type sepgsql_database_type:db_procedure sepgsql_proc_exec_t;\n" - "+type_transition sepgsql_admin_type sepgsql_database_type:db_procedure sepgsql_proc_exec_t;\t# deprecated\n" - "+type_transition sepgsql_admin_type sepgsql_schema_type:db_procedure sepgsql_proc_exec_t;\n" - "+\n" - "+allow sepgsql_admin_type sepgsql_language_type:db_language { create drop getattr setattr relabelfrom relabelto execute };\n" - "+\n" - "+type_transition sepgsql_admin_type sepgsql_database_type:db_language sepgsql_lang_t;\n" - " \n" - " allow sepgsql_admin_type sepgsql_blob_type:db_blob { create drop getattr setattr relabelfrom relabelto };\n" - " \n" - "@@ -383,12 +473,18 @@ kernel_relabelfrom_unlabeled_database(sepgsql_admin_type)\n" - " tunable_policy(`sepgsql_unconfined_dbadm',`\n" - " \tallow sepgsql_admin_type sepgsql_database_type:db_database *;\n" - " \n" - "+\tallow sepgsql_admin_type sepgsql_schema_type:db_schema *;\n" - "+\n" - " \tallow sepgsql_admin_type sepgsql_table_type:{ db_table db_column db_tuple } *;\n" - "+\tallow sepgsql_admin_type sepgsql_sequence_type:db_sequence *;\n" - "+\tallow sepgsql_admin_type sepgsql_view_type:db_view *;\n" - " \n" - " \tallow sepgsql_admin_type sepgsql_proc_exec_t:db_procedure *;\n" - " \tallow sepgsql_admin_type sepgsql_trusted_proc_exec_t:db_procedure ~install;\n" - " \tallow sepgsql_admin_type sepgsql_procedure_type:db_procedure ~{ execute install };\n" - " \n" - "+\tallow sepgsql_admin_type sepgsql_language_type:db_language ~implement;\n" - "+\n" - " \tallow sepgsql_admin_type sepgsql_blob_type:db_blob *;\n" - " ')\n" - " \n" - "@@ -400,11 +496,21 @@ tunable_policy(`sepgsql_unconfined_dbadm',`\n" - " allow sepgsql_unconfined_type sepgsql_database_type:db_database *;\n" - " type_transition sepgsql_unconfined_type sepgsql_unconfined_type:db_database sepgsql_db_t;\n" - " \n" - "-type_transition sepgsql_unconfined_type sepgsql_database_type:db_table sepgsql_table_t;\n" - "-type_transition sepgsql_unconfined_type sepgsql_database_type:db_procedure sepgsql_proc_exec_t;\n" - "+allow sepgsql_unconfined_type sepgsql_schema_type:db_schema *;\n" - "+type_transition sepgsql_unconfined_type sepgsql_database_type:db_schema sepgsql_schema_t;\n" - "+\n" - "+type_transition sepgsql_unconfined_type sepgsql_database_type:db_table sepgsql_table_t;\t\t# deprecated\n" - "+type_transition sepgsql_unconfined_type sepgsql_database_type:db_procedure sepgsql_proc_exec_t;\t# deprecated\n" - "+type_transition sepgsql_unconfined_type sepgsql_schema_type:db_table sepgsql_table_t;\n" - "+type_transition sepgsql_unconfined_type sepgsql_schema_type:db_sequence sepgsql_seq_t;\n" - "+type_transition sepgsql_unconfined_type sepgsql_schema_type:db_view sepgsql_view_t;\n" - "+type_transition sepgsql_unconfined_type sepgsql_schema_type:db_procedure sepgsql_proc_exec_t;\n" - "+type_transition sepgsql_unconfined_type sepgsql_database_type:db_language sepgsql_lang_t;\n" - " type_transition sepgsql_unconfined_type sepgsql_database_type:db_blob sepgsql_blob_t;\n" - " \n" - " allow sepgsql_unconfined_type sepgsql_table_type:{ db_table db_column db_tuple } *;\n" - "+allow sepgsql_unconfined_type sepgsql_sequence_type:db_sequence *;\n" - "+allow sepgsql_unconfined_type sepgsql_view_type:db_view *;\n" - " \n" - " # unconfined domain is not allowed to invoke user defined procedure directly.\n" - " # They have to confirm and relabel it at first.\n" - "@@ -412,6 +518,8 @@ allow sepgsql_unconfined_type sepgsql_proc_exec_t:db_procedure *;\n" - " allow sepgsql_unconfined_type sepgsql_trusted_proc_exec_t:db_procedure ~install;\n" - " allow sepgsql_unconfined_type sepgsql_procedure_type:db_procedure ~{ execute install };\n" - " \n" - "+allow sepgsql_unconfined_type sepgsql_language_type:db_language ~implement;\n" - "+\n" - " allow sepgsql_unconfined_type sepgsql_blob_type:db_blob *;\n" - " \n" - allow sepgsql_unconfined_type sepgsql_module_type:db_database install_module; + "KaiGai Kohei <kaigai@ak.jp.nec.com>\n" + "-------------- next part --------------\n" + "A non-text attachment was scrubbed...\n" + "Name: refpolicy-sepgsql.1.patch\n" + "Type: text/x-patch\n" + "Size: 30699 bytes\n" + "Desc: not available\n" + Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20101210/06e9b492/attachment-0001.bin -d70ae51d2db1895500584ba13d6662048171e9937749e7c0f0a1075364d54c6b +76e52f4050c218782a79ab9bfa957796038fd46bd1b62cdf9a4fc5ec63e05779
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.