mirror of
https://github.com/SELinuxProject/refpolicy
synced 2025-03-25 04:26:37 +00:00
SEPostgresql changes from Kohei KaiGai.
* fix bugs in MLS/MCS * add connection pooling server support * foreign data wrapper support * Add temporary objects support * redefinition of use permission onto system objects
This commit is contained in:
Chris PeBenito
parent
00dc68d969
commit
c5114fef5e
@ -761,7 +761,6 @@ inherits database
|
||||
class db_table
|
||||
inherits database
|
||||
{
|
||||
use # deprecated
|
||||
select
|
||||
update
|
||||
insert
|
||||
@ -780,7 +779,6 @@ inherits database
|
||||
class db_column
|
||||
inherits database
|
||||
{
|
||||
use # deprecated
|
||||
select
|
||||
update
|
||||
insert
|
||||
@ -790,7 +788,7 @@ class db_tuple
|
||||
{
|
||||
relabelfrom
|
||||
relabelto
|
||||
use # deprecated
|
||||
use
|
||||
select
|
||||
update
|
||||
insert
|
||||
|
||||
@ -117,13 +117,13 @@ mlsconstrain { db_tuple } { insert relabelto }
|
||||
mlsconstrain db_database { drop getattr setattr relabelfrom access install_module load_module get_param set_param }
|
||||
( h1 dom h2 );
|
||||
|
||||
mlsconstrain db_language { drop getattr setattr relabelfrom execute }
|
||||
mlsconstrain db_schema { drop getattr setattr relabelfrom search }
|
||||
( h1 dom h2 );
|
||||
|
||||
mlsconstrain db_table { drop getattr setattr relabelfrom select update insert delete use lock }
|
||||
mlsconstrain db_table { drop getattr setattr relabelfrom select update insert delete lock }
|
||||
( h1 dom h2 );
|
||||
|
||||
mlsconstrain db_column { drop getattr setattr relabelfrom select update insert use }
|
||||
mlsconstrain db_column { drop getattr setattr relabelfrom select update insert }
|
||||
( h1 dom h2 );
|
||||
|
||||
mlsconstrain db_tuple { relabelfrom select update delete use }
|
||||
@ -135,7 +135,7 @@ mlsconstrain db_sequence { drop getattr setattr relabelfrom get_value next_value
|
||||
mlsconstrain db_view { drop getattr setattr relabelfrom expand }
|
||||
( h1 dom h2 );
|
||||
|
||||
mlsconstrain db_procedure { drop getattr setattr relabelfrom execute install }
|
||||
mlsconstrain db_procedure { drop getattr setattr relabelfrom execute install entrypoint }
|
||||
( h1 dom h2 );
|
||||
|
||||
mlsconstrain db_language { drop getattr setattr relabelfrom execute }
|
||||
|
||||
@ -749,13 +749,13 @@ mlsconstrain { db_schema } { getattr search }
|
||||
( t1 == mlsdbread ) or
|
||||
( t2 == mlstrustedobject ));
|
||||
|
||||
mlsconstrain { db_table } { getattr use select lock }
|
||||
mlsconstrain { db_table } { getattr select lock }
|
||||
(( l1 dom l2 ) or
|
||||
(( t1 == mlsdbreadtoclr ) and ( h1 dom l2 )) or
|
||||
( t1 == mlsdbread ) or
|
||||
( t2 == mlstrustedobject ));
|
||||
|
||||
mlsconstrain { db_column } { getattr use select }
|
||||
mlsconstrain { db_column } { getattr select }
|
||||
(( l1 dom l2 ) or
|
||||
(( t1 == mlsdbreadtoclr ) and ( h1 dom l2 )) or
|
||||
( t1 == mlsdbread ) or
|
||||
@ -773,7 +773,7 @@ mlsconstrain { db_view } { getattr expand }
|
||||
( t1 == mlsdbread ) or
|
||||
( t2 == mlstrustedobject ));
|
||||
|
||||
mlsconstrain { db_procedure } { getattr execute install }
|
||||
mlsconstrain { db_procedure } { getattr execute entrypoint install }
|
||||
(( l1 dom l2 ) or
|
||||
(( t1 == mlsdbreadtoclr ) and ( h1 dom l2 )) or
|
||||
( t1 == mlsdbread ) or
|
||||
|
||||
@ -32,10 +32,12 @@ interface(`postgresql_role',`
|
||||
attribute sepgsql_schema_type, sepgsql_sysobj_table_type;
|
||||
|
||||
type sepgsql_trusted_proc_exec_t, sepgsql_trusted_proc_t;
|
||||
type sepgsql_ranged_proc_exec_t, sepgsql_ranged_proc_t;
|
||||
type user_sepgsql_blob_t, user_sepgsql_proc_exec_t;
|
||||
type user_sepgsql_schema_t, user_sepgsql_seq_t;
|
||||
type user_sepgsql_sysobj_t, user_sepgsql_table_t;
|
||||
type user_sepgsql_view_t;
|
||||
type sepgsql_temp_object_t;
|
||||
')
|
||||
|
||||
########################################
|
||||
@ -45,6 +47,7 @@ interface(`postgresql_role',`
|
||||
|
||||
typeattribute $2 sepgsql_client_type;
|
||||
role $1 types sepgsql_trusted_proc_t;
|
||||
role $1 types sepgsql_ranged_proc_t;
|
||||
|
||||
##############################
|
||||
#
|
||||
@ -63,11 +66,11 @@ interface(`postgresql_role',`
|
||||
|
||||
allow $2 user_sepgsql_schema_t:db_schema { getattr search add_name remove_name };
|
||||
type_transition $2 sepgsql_database_type:db_schema user_sepgsql_schema_t;
|
||||
type_transition $2 sepgsql_database_type:db_schema sepgsql_temp_object_t "pg_temp";
|
||||
|
||||
allow $2 user_sepgsql_table_t:db_table { getattr use select update insert delete lock };
|
||||
allow $2 user_sepgsql_table_t:db_column { getattr use select update insert };
|
||||
allow $2 user_sepgsql_table_t:db_tuple { use select update insert delete };
|
||||
type_transition $2 sepgsql_database_type:db_table user_sepgsql_table_t; # deprecated
|
||||
allow $2 user_sepgsql_table_t:db_table { getattr select update insert delete lock };
|
||||
allow $2 user_sepgsql_table_t:db_column { getattr select update insert };
|
||||
allow $2 user_sepgsql_table_t:db_tuple { select update insert delete };
|
||||
type_transition $2 sepgsql_schema_type:db_table user_sepgsql_table_t;
|
||||
|
||||
allow $2 user_sepgsql_sysobj_t:db_tuple { use select };
|
||||
@ -80,7 +83,6 @@ interface(`postgresql_role',`
|
||||
type_transition $2 sepgsql_schema_type:db_view user_sepgsql_view_t;
|
||||
|
||||
allow $2 user_sepgsql_proc_exec_t:db_procedure { getattr execute };
|
||||
type_transition $2 sepgsql_database_type:db_procedure user_sepgsql_proc_exec_t; # deprecated
|
||||
type_transition $2 sepgsql_schema_type:db_procedure user_sepgsql_proc_exec_t;
|
||||
|
||||
allow $2 user_sepgsql_blob_t:db_blob { create drop getattr setattr read write import export };
|
||||
@ -88,6 +90,10 @@ interface(`postgresql_role',`
|
||||
|
||||
allow $2 sepgsql_trusted_proc_t:process transition;
|
||||
type_transition $2 sepgsql_trusted_proc_exec_t:process sepgsql_trusted_proc_t;
|
||||
|
||||
allow $2 sepgsql_ranged_proc_t:process transition;
|
||||
type_transition $2 sepgsql_ranged_proc_exec_t:process sepgsql_ranged_proc_t;
|
||||
allow sepgsql_ranged_proc_t $2:process dyntransition;
|
||||
')
|
||||
|
||||
########################################
|
||||
@ -223,7 +229,7 @@ interface(`postgresql_view_object',`
|
||||
## </summary>
|
||||
## <param name="type">
|
||||
## <summary>
|
||||
## Type marked as a database object type.
|
||||
## Type marked as a procedure object type.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
@ -235,6 +241,26 @@ interface(`postgresql_procedure_object',`
|
||||
typeattribute $1 sepgsql_procedure_type;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Marks as a SE-PostgreSQL trusted procedure object type
|
||||
## </summary>
|
||||
## <param name="type">
|
||||
## <summary>
|
||||
## Type marked as a trusted procedure object type.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`postgresql_trusted_procedure_object',`
|
||||
gen_require(`
|
||||
attribute sepgsql_procedure_type;
|
||||
attribute sepgsql_trusted_procedure_type;
|
||||
')
|
||||
|
||||
typeattribute $1 sepgsql_procedure_type;
|
||||
typeattribute $1 sepgsql_trusted_procedure_type;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Marks as a SE-PostgreSQL procedural language object type
|
||||
@ -438,10 +464,12 @@ interface(`postgresql_unpriv_client',`
|
||||
attribute sepgsql_sysobj_table_type;
|
||||
|
||||
type sepgsql_trusted_proc_t, sepgsql_trusted_proc_exec_t;
|
||||
type sepgsql_ranged_proc_t, sepgsql_ranged_proc_exec_t;
|
||||
type unpriv_sepgsql_blob_t, unpriv_sepgsql_proc_exec_t;
|
||||
type unpriv_sepgsql_schema_t, unpriv_sepgsql_seq_t;
|
||||
type unpriv_sepgsql_sysobj_t, unpriv_sepgsql_table_t;
|
||||
type unpriv_sepgsql_view_t;
|
||||
type sepgsql_temp_object_t;
|
||||
')
|
||||
|
||||
########################################
|
||||
@ -459,6 +487,10 @@ interface(`postgresql_unpriv_client',`
|
||||
type_transition $1 sepgsql_trusted_proc_exec_t:process sepgsql_trusted_proc_t;
|
||||
allow $1 sepgsql_trusted_proc_t:process transition;
|
||||
|
||||
type_transition $1 sepgsql_ranged_proc_exec_t:process sepgsql_ranged_proc_t;
|
||||
allow $1 sepgsql_ranged_proc_t:process transition;
|
||||
allow sepgsql_ranged_proc_t $1:process dyntransition;
|
||||
|
||||
tunable_policy(`sepgsql_enable_users_ddl',`
|
||||
allow $1 unpriv_sepgsql_schema_t:db_schema { create drop setattr };
|
||||
allow $1 unpriv_sepgsql_table_t:db_table { create drop setattr };
|
||||
@ -470,11 +502,11 @@ interface(`postgresql_unpriv_client',`
|
||||
')
|
||||
allow $1 unpriv_sepgsql_schema_t:db_schema { getattr add_name remove_name };
|
||||
type_transition $1 sepgsql_database_type:db_schema unpriv_sepgsql_schema_t;
|
||||
type_transition $1 sepgsql_database_type:db_schema sepgsql_temp_object_t "pg_temp";
|
||||
|
||||
allow $1 unpriv_sepgsql_table_t:db_table { getattr use select update insert delete lock };
|
||||
allow $1 unpriv_sepgsql_table_t:db_column { getattr use select update insert };
|
||||
allow $1 unpriv_sepgsql_table_t:db_tuple { use select update insert delete };
|
||||
type_transition $1 sepgsql_database_type:db_table unpriv_sepgsql_table_t; # deprecated
|
||||
allow $1 unpriv_sepgsql_table_t:db_table { getattr select update insert delete lock };
|
||||
allow $1 unpriv_sepgsql_table_t:db_column { getattr select update insert };
|
||||
allow $1 unpriv_sepgsql_table_t:db_tuple { select update insert delete };
|
||||
type_transition $1 sepgsql_schema_type:db_table unpriv_sepgsql_table_t;
|
||||
|
||||
allow $1 unpriv_sepgsql_seq_t:db_sequence { getattr get_value next_value set_value };
|
||||
@ -487,7 +519,6 @@ interface(`postgresql_unpriv_client',`
|
||||
type_transition $1 sepgsql_sysobj_table_type:db_tuple unpriv_sepgsql_sysobj_t;
|
||||
|
||||
allow $1 unpriv_sepgsql_proc_exec_t:db_procedure { getattr execute };
|
||||
type_transition $1 sepgsql_database_type:db_procedure unpriv_sepgsql_proc_exec_t; # deprecated
|
||||
type_transition $1 sepgsql_schema_type:db_procedure unpriv_sepgsql_proc_exec_t;
|
||||
|
||||
allow $1 unpriv_sepgsql_blob_t:db_blob { create drop getattr setattr read write import export };
|
||||
|
||||
@ -32,6 +32,13 @@ gen_tunable(sepgsql_enable_users_ddl, true)
|
||||
## </desc>
|
||||
gen_tunable(sepgsql_unconfined_dbadm, true)
|
||||
|
||||
## <desc>
|
||||
## <p>
|
||||
## Allow transmit client label to foreign database
|
||||
## </p>
|
||||
## </desc>
|
||||
gen_tunable(sepgsql_transmit_client_label, false)
|
||||
|
||||
type postgresql_t;
|
||||
type postgresql_exec_t;
|
||||
init_daemon_domain(postgresql_t, postgresql_exec_t)
|
||||
@ -70,6 +77,7 @@ attribute sepgsql_sysobj_table_type;
|
||||
attribute sepgsql_sequence_type;
|
||||
attribute sepgsql_view_type;
|
||||
attribute sepgsql_procedure_type;
|
||||
attribute sepgsql_trusted_procedure_type;
|
||||
attribute sepgsql_language_type;
|
||||
attribute sepgsql_blob_type;
|
||||
attribute sepgsql_module_type;
|
||||
@ -122,7 +130,10 @@ type sepgsql_table_t;
|
||||
postgresql_table_object(sepgsql_table_t)
|
||||
|
||||
type sepgsql_trusted_proc_exec_t;
|
||||
postgresql_procedure_object(sepgsql_trusted_proc_exec_t)
|
||||
postgresql_trusted_procedure_object(sepgsql_trusted_proc_exec_t)
|
||||
|
||||
type sepgsql_ranged_proc_exec_t;
|
||||
postgresql_trusted_procedure_object(sepgsql_ranged_proc_exec_t)
|
||||
|
||||
type sepgsql_view_t;
|
||||
postgresql_view_object(sepgsql_view_t)
|
||||
@ -133,6 +144,40 @@ domain_type(sepgsql_trusted_proc_t)
|
||||
postgresql_unconfined(sepgsql_trusted_proc_t)
|
||||
role system_r types sepgsql_trusted_proc_t;
|
||||
|
||||
# Ranged Trusted Procedure Domain
|
||||
#
|
||||
# XXX - the purpose of this domain is to switch security context of
|
||||
# the database client using dynamic domain transition; typically,
|
||||
# used for connection pooling software that shall assign a security
|
||||
# context at beginning of the user session based on the credentials
|
||||
# being invisible from unprivileged domains.
|
||||
#
|
||||
type sepgsql_ranged_proc_t;
|
||||
domain_type(sepgsql_ranged_proc_t)
|
||||
postgresql_unconfined(sepgsql_ranged_proc_t)
|
||||
domain_dyntrans_type(sepgsql_ranged_proc_t)
|
||||
allow sepgsql_ranged_proc_t self:process { setcurrent };
|
||||
role system_r types sepgsql_ranged_proc_t;
|
||||
optional_policy(`
|
||||
mcs_process_set_categories(sepgsql_ranged_proc_t)
|
||||
')
|
||||
optional_policy(`
|
||||
mls_process_set_level(sepgsql_ranged_proc_t)
|
||||
')
|
||||
|
||||
# Types for temporary objects
|
||||
#
|
||||
# XXX - All the temporary objects are eliminated at end of database session
|
||||
# and invisible from other sessions, so it is unnecessary to restrict users
|
||||
# operations on temporary object. For policy simplification, only one type
|
||||
# is defined for temporary objects under the "pg_temp" schema.
|
||||
type sepgsql_temp_object_t;
|
||||
|
||||
postgresql_table_object(sepgsql_temp_object_t)
|
||||
postgresql_sequence_object(sepgsql_temp_object_t)
|
||||
postgresql_view_object(sepgsql_temp_object_t)
|
||||
postgresql_procedure_object(sepgsql_temp_object_t)
|
||||
|
||||
# Types for unprivileged client
|
||||
type unpriv_sepgsql_blob_t;
|
||||
postgresql_blob_object(unpriv_sepgsql_blob_t)
|
||||
@ -207,19 +252,21 @@ allow postgresql_t self:udp_socket create_stream_socket_perms;
|
||||
allow postgresql_t self:unix_dgram_socket create_socket_perms;
|
||||
allow postgresql_t self:unix_stream_socket create_stream_socket_perms;
|
||||
allow postgresql_t self:netlink_selinux_socket create_socket_perms;
|
||||
tunable_policy(`sepgsql_transmit_client_label',`
|
||||
allow postgresql_t self:process { setsockcreate };
|
||||
')
|
||||
|
||||
allow postgresql_t sepgsql_database_type:db_database *;
|
||||
type_transition postgresql_t postgresql_t:db_database sepgsql_db_t; # deprecated
|
||||
|
||||
allow postgresql_t sepgsql_module_type:db_database install_module;
|
||||
# Database/Loadable module
|
||||
allow sepgsql_database_type sepgsql_module_type:db_database load_module;
|
||||
|
||||
allow postgresql_t sepgsql_schema_type:db_schema *;
|
||||
allow postgresql_t {sepgsql_schema_type sepgsql_temp_object_t}:db_schema *;
|
||||
type_transition postgresql_t sepgsql_database_type:db_schema sepgsql_schema_t;
|
||||
type_transition postgresql_t sepgsql_database_type:db_schema sepgsql_temp_object_t "pg_temp";
|
||||
|
||||
allow postgresql_t sepgsql_table_type:{ db_table db_column db_tuple } *;
|
||||
type_transition postgresql_t sepgsql_database_type:db_table sepgsql_sysobj_t; # deprecated
|
||||
type_transition postgresql_t sepgsql_schema_type:db_table sepgsql_sysobj_t;
|
||||
|
||||
allow postgresql_t sepgsql_sequence_type:db_sequence *;
|
||||
@ -229,7 +276,6 @@ allow postgresql_t sepgsql_view_type:db_view *;
|
||||
type_transition postgresql_t sepgsql_schema_type:db_view sepgsql_view_t;
|
||||
|
||||
allow postgresql_t sepgsql_procedure_type:db_procedure *;
|
||||
type_transition postgresql_t sepgsql_database_type:db_procedure sepgsql_proc_exec_t; # deprecated
|
||||
type_transition postgresql_t sepgsql_schema_type:db_procedure sepgsql_proc_exec_t;
|
||||
|
||||
allow postgresql_t sepgsql_blob_type:db_blob *;
|
||||
@ -380,23 +426,23 @@ type_transition sepgsql_client_type sepgsql_client_type:db_database sepgsql_db_t
|
||||
|
||||
allow sepgsql_client_type sepgsql_schema_t:db_schema { getattr search };
|
||||
|
||||
allow sepgsql_client_type sepgsql_fixed_table_t:db_table { getattr use select insert lock };
|
||||
allow sepgsql_client_type sepgsql_fixed_table_t:db_column { getattr use select insert };
|
||||
allow sepgsql_client_type sepgsql_fixed_table_t:db_tuple { use select insert };
|
||||
allow sepgsql_client_type sepgsql_fixed_table_t:db_table { getattr select insert lock };
|
||||
allow sepgsql_client_type sepgsql_fixed_table_t:db_column { getattr select insert };
|
||||
allow sepgsql_client_type sepgsql_fixed_table_t:db_tuple { select insert };
|
||||
|
||||
allow sepgsql_client_type sepgsql_table_t:db_table { getattr use select update insert delete lock };
|
||||
allow sepgsql_client_type sepgsql_table_t:db_column { getattr use select update insert };
|
||||
allow sepgsql_client_type sepgsql_table_t:db_tuple { use select update insert delete };
|
||||
allow sepgsql_client_type sepgsql_table_t:db_table { getattr select update insert delete lock };
|
||||
allow sepgsql_client_type sepgsql_table_t:db_column { getattr select update insert };
|
||||
allow sepgsql_client_type sepgsql_table_t:db_tuple { select update insert delete };
|
||||
|
||||
allow sepgsql_client_type sepgsql_ro_table_t:db_table { getattr use select lock };
|
||||
allow sepgsql_client_type sepgsql_ro_table_t:db_column { getattr use select };
|
||||
allow sepgsql_client_type sepgsql_ro_table_t:db_tuple { use select };
|
||||
allow sepgsql_client_type sepgsql_ro_table_t:db_table { getattr select lock };
|
||||
allow sepgsql_client_type sepgsql_ro_table_t:db_column { getattr select };
|
||||
allow sepgsql_client_type sepgsql_ro_table_t:db_tuple { select };
|
||||
|
||||
allow sepgsql_client_type sepgsql_secret_table_t:db_table getattr;
|
||||
allow sepgsql_client_type sepgsql_secret_table_t:db_column getattr;
|
||||
|
||||
allow sepgsql_client_type sepgsql_sysobj_t:db_table { getattr use select lock };
|
||||
allow sepgsql_client_type sepgsql_sysobj_t:db_column { getattr use select };
|
||||
allow sepgsql_client_type sepgsql_sysobj_t:db_table { getattr select lock };
|
||||
allow sepgsql_client_type sepgsql_sysobj_t:db_column { getattr select };
|
||||
allow sepgsql_client_type sepgsql_sysobj_t:db_tuple { use select };
|
||||
|
||||
allow sepgsql_client_type sepgsql_seq_t:db_sequence { getattr get_value next_value };
|
||||
@ -404,7 +450,7 @@ allow sepgsql_client_type sepgsql_seq_t:db_sequence { getattr get_value next_val
|
||||
allow sepgsql_client_type sepgsql_view_t:db_view { getattr expand };
|
||||
|
||||
allow sepgsql_client_type sepgsql_proc_exec_t:db_procedure { getattr execute install };
|
||||
allow sepgsql_client_type sepgsql_trusted_proc_exec_t:db_procedure { getattr execute entrypoint };
|
||||
allow sepgsql_client_type sepgsql_trusted_procedure_type:db_procedure { getattr execute entrypoint };
|
||||
|
||||
allow sepgsql_client_type sepgsql_lang_t:db_language { getattr };
|
||||
allow sepgsql_client_type sepgsql_safe_lang_t:db_language { getattr execute };
|
||||
@ -432,6 +478,9 @@ allow sepgsql_client_type sepgsql_secret_blob_t:db_blob getattr;
|
||||
# Therefore, the following rule is applied for any domains which can connect SE-PostgreSQL.
|
||||
dontaudit { postgresql_t sepgsql_admin_type sepgsql_client_type sepgsql_unconfined_type } { sepgsql_table_type -sepgsql_sysobj_table_type }:db_tuple { use select update insert delete };
|
||||
|
||||
# It is always allowed to operate temporary objects for any database client.
|
||||
allow sepgsql_client_type sepgsql_temp_object_t:{db_schema db_table db_column db_tuple db_sequence db_view db_procedure} ~{ relabelto relabelfrom };
|
||||
|
||||
# Note that permission of creation/deletion are eventually controlled by
|
||||
# create or drop permission of individual objects within shared schemas.
|
||||
# So, it just allows to create/drop user specific types.
|
||||
@ -445,16 +494,15 @@ tunable_policy(`sepgsql_enable_users_ddl',`
|
||||
#
|
||||
|
||||
allow sepgsql_admin_type sepgsql_database_type:db_database { create drop getattr setattr relabelfrom relabelto access };
|
||||
type_transition sepgsql_admin_type sepgsql_admin_type:db_database sepgsql_db_t; # deprecated
|
||||
|
||||
allow sepgsql_admin_type sepgsql_schema_type:db_schema { create drop getattr setattr relabelfrom relabelto search add_name remove_name };
|
||||
type_transition sepgsql_admin_type sepgsql_database_type:db_schema sepgsql_schema_t;
|
||||
type_transition sepgsql_admin_type sepgsql_database_type:db_schema sepgsql_temp_object_t "pg_temp";
|
||||
|
||||
allow sepgsql_admin_type sepgsql_table_type:db_table { create drop getattr setattr relabelfrom relabelto lock };
|
||||
allow sepgsql_admin_type sepgsql_table_type:db_column { create drop getattr setattr relabelfrom relabelto };
|
||||
allow sepgsql_admin_type sepgsql_sysobj_table_type:db_tuple { relabelfrom relabelto select update insert delete };
|
||||
allow sepgsql_admin_type sepgsql_sysobj_table_type:db_tuple { relabelfrom relabelto use select update insert delete };
|
||||
|
||||
type_transition sepgsql_admin_type sepgsql_database_type:db_table sepgsql_table_t; # deprecated
|
||||
type_transition sepgsql_admin_type sepgsql_schema_type:db_table sepgsql_table_t;
|
||||
|
||||
allow sepgsql_admin_type sepgsql_sequence_type:db_sequence { create drop getattr setattr relabelfrom relabelto get_value next_value set_value };
|
||||
@ -468,7 +516,6 @@ type_transition sepgsql_admin_type sepgsql_schema_type:db_view sepgsql_view_t;
|
||||
allow sepgsql_admin_type sepgsql_procedure_type:db_procedure { create drop getattr relabelfrom relabelto };
|
||||
allow sepgsql_admin_type sepgsql_proc_exec_t:db_procedure execute;
|
||||
|
||||
type_transition sepgsql_admin_type sepgsql_database_type:db_procedure sepgsql_proc_exec_t; # deprecated
|
||||
type_transition sepgsql_admin_type sepgsql_schema_type:db_procedure sepgsql_proc_exec_t;
|
||||
|
||||
allow sepgsql_admin_type sepgsql_language_type:db_language { create drop getattr setattr relabelfrom relabelto execute };
|
||||
@ -493,7 +540,7 @@ tunable_policy(`sepgsql_unconfined_dbadm',`
|
||||
allow sepgsql_admin_type sepgsql_view_type:db_view *;
|
||||
|
||||
allow sepgsql_admin_type sepgsql_proc_exec_t:db_procedure *;
|
||||
allow sepgsql_admin_type sepgsql_trusted_proc_exec_t:db_procedure ~install;
|
||||
allow sepgsql_admin_type sepgsql_trusted_procedure_type:db_procedure ~install;
|
||||
allow sepgsql_admin_type sepgsql_procedure_type:db_procedure ~{ execute install };
|
||||
|
||||
allow sepgsql_admin_type sepgsql_language_type:db_language ~implement;
|
||||
@ -501,19 +548,19 @@ tunable_policy(`sepgsql_unconfined_dbadm',`
|
||||
allow sepgsql_admin_type sepgsql_blob_type:db_blob *;
|
||||
')
|
||||
|
||||
allow sepgsql_admin_type sepgsql_temp_object_t:{db_schema db_table db_column db_tuple db_sequence db_view db_procedure} ~{ relabelto relabelfrom };
|
||||
|
||||
########################################
|
||||
#
|
||||
# Unconfined access to this module
|
||||
#
|
||||
|
||||
allow sepgsql_unconfined_type sepgsql_database_type:db_database *;
|
||||
type_transition sepgsql_unconfined_type sepgsql_unconfined_type:db_database sepgsql_db_t; # deprecated
|
||||
|
||||
allow sepgsql_unconfined_type sepgsql_schema_type:db_schema *;
|
||||
allow sepgsql_unconfined_type {sepgsql_schema_type sepgsql_temp_object_t}:db_schema *;
|
||||
type_transition sepgsql_unconfined_type sepgsql_database_type:db_schema sepgsql_schema_t;
|
||||
type_transition sepgsql_unconfined_type sepgsql_database_type:db_schema sepgsql_temp_object_t "pg_temp";
|
||||
|
||||
type_transition sepgsql_unconfined_type sepgsql_database_type:db_table sepgsql_table_t; # deprecated
|
||||
type_transition sepgsql_unconfined_type sepgsql_database_type:db_procedure sepgsql_proc_exec_t; # deprecated
|
||||
type_transition sepgsql_unconfined_type sepgsql_schema_type:db_table sepgsql_table_t;
|
||||
type_transition sepgsql_unconfined_type sepgsql_schema_type:db_sequence sepgsql_seq_t;
|
||||
type_transition sepgsql_unconfined_type sepgsql_schema_type:db_view sepgsql_view_t;
|
||||
@ -528,7 +575,7 @@ allow sepgsql_unconfined_type sepgsql_view_type:db_view *;
|
||||
# unconfined domain is not allowed to invoke user defined procedure directly.
|
||||
# They have to confirm and relabel it at first.
|
||||
allow sepgsql_unconfined_type sepgsql_proc_exec_t:db_procedure *;
|
||||
allow sepgsql_unconfined_type sepgsql_trusted_proc_exec_t:db_procedure ~install;
|
||||
allow sepgsql_unconfined_type sepgsql_trusted_procedure_type:db_procedure ~install;
|
||||
allow sepgsql_unconfined_type sepgsql_procedure_type:db_procedure ~{ execute install };
|
||||
|
||||
allow sepgsql_unconfined_type sepgsql_language_type:db_language ~implement;
|
||||
|
||||
Loading…
Reference in New Issue
Block a user