[BUGFIX] lack of type transition on dbadm domain (Re: dbadm.pp is not available in selinux-policy package)

I found out a bug when we initialize the database with dbadm_r:dbadm_t
which belongs to sepgsql_admin_type attribute.

In the case when sepgsql_admin_type create a new database objects,
it does not have valid type_transition rules. So, it was failed.
Sorry, I didn't find out it for a long time.

And db_procedure:{execute} on the sepgsql_proc_exec_t might be necessary
for the administrative domain independently from sepgsql_unconfined_dbadm,
because we need to execute some of system defined procedures to look up
system tables.

Changelog

@@ -1,3 +1,4 @@
+- SE-Postgresql updates from KaiGai Kohei.
 - X object manager revisions from Eamon Walsh.
 - Added modules:
 	chronyd (Miroslav Grepl)

policy/modules/services/postgresql.te

@@ -1,5 +1,5 @@
 
-policy_module(postgresql, 1.10.1)
+policy_module(postgresql, 1.10.2)
 
 gen_require(`
 	class db_database all_db_database_perms;
@@ -366,10 +366,17 @@ allow sepgsql_admin_type sepgsql_table_type:db_table { create drop getattr setat
 allow sepgsql_admin_type sepgsql_table_type:db_column { create drop getattr setattr relabelfrom relabelto };
 allow sepgsql_admin_type sepgsql_sysobj_table_type:db_tuple { relabelfrom relabelto select update insert delete };
 
+type_transition sepgsql_admin_type sepgsql_database_type:db_table sepgsql_table_t;
+
 allow sepgsql_admin_type sepgsql_procedure_type:db_procedure { create drop getattr relabelfrom relabelto };
+allow sepgsql_admin_type sepgsql_proc_exec_t:db_procedure execute;
+
+type_transition sepgsql_admin_type sepgsql_database_type:db_procedure sepgsql_proc_exec_t;
 
 allow sepgsql_admin_type sepgsql_blob_type:db_blob { create drop getattr setattr relabelfrom relabelto };
 
+type_transition sepgsql_admin_type sepgsql_database_type:db_blob sepgsql_blob_t;
+
 allow sepgsql_admin_type sepgsql_module_type:db_database install_module;
 
 kernel_relabelfrom_unlabeled_database(sepgsql_admin_type)