Rearrange lines in postgresql.

2012-05-18 14:18:00 -04:00 · 2012-05-18 14:18:00 -04:00 · 32e0f50cf7
commit 32e0f50cf7
parent c5114fef5e
2 changed files with 67 additions and 62 deletions
--- a/policy/modules/services/postgresql.if
+++ b/policy/modules/services/postgresql.if
@ -88,12 +88,12 @@ interface(`postgresql_role',`
 	allow $2 user_sepgsql_blob_t:db_blob { create drop getattr setattr read write import export };
 	type_transition $2 sepgsql_database_type:db_blob user_sepgsql_blob_t;

-	allow $2 sepgsql_trusted_proc_t:process transition;
-	type_transition $2 sepgsql_trusted_proc_exec_t:process sepgsql_trusted_proc_t;
-
 	allow $2 sepgsql_ranged_proc_t:process transition;
 	type_transition $2 sepgsql_ranged_proc_exec_t:process sepgsql_ranged_proc_t;
 	allow sepgsql_ranged_proc_t $2:process dyntransition;
+
+	allow $2 sepgsql_trusted_proc_t:process transition;
+	type_transition $2 sepgsql_trusted_proc_exec_t:process sepgsql_trusted_proc_t;
 ')

 ########################################
@ -463,13 +463,13 @@ interface(`postgresql_unpriv_client',`
 		attribute sepgsql_database_type, sepgsql_schema_type;
 		attribute sepgsql_sysobj_table_type;

-		type sepgsql_trusted_proc_t, sepgsql_trusted_proc_exec_t;
 		type sepgsql_ranged_proc_t, sepgsql_ranged_proc_exec_t;
+		type sepgsql_temp_object_t;
+		type sepgsql_trusted_proc_t, sepgsql_trusted_proc_exec_t;
 		type unpriv_sepgsql_blob_t, unpriv_sepgsql_proc_exec_t;
 		type unpriv_sepgsql_schema_t, unpriv_sepgsql_seq_t;
 		type unpriv_sepgsql_sysobj_t, unpriv_sepgsql_table_t;
 		type unpriv_sepgsql_view_t;
-		type sepgsql_temp_object_t;
 	')

 	########################################
@ -484,22 +484,19 @@ interface(`postgresql_unpriv_client',`
 	# Client local policy
 	#

-	type_transition $1 sepgsql_trusted_proc_exec_t:process sepgsql_trusted_proc_t;
-	allow $1 sepgsql_trusted_proc_t:process transition;
-
 	type_transition $1 sepgsql_ranged_proc_exec_t:process sepgsql_ranged_proc_t;
 	allow $1 sepgsql_ranged_proc_t:process transition;
 	allow sepgsql_ranged_proc_t $1:process dyntransition;

-	tunable_policy(`sepgsql_enable_users_ddl',`
-		allow $1 unpriv_sepgsql_schema_t:db_schema { create drop setattr };
-		allow $1 unpriv_sepgsql_table_t:db_table { create drop setattr };
-		allow $1 unpriv_sepgsql_table_t:db_column { create drop setattr };
-		allow $1 unpriv_sepgsql_sysobj_t:db_tuple { update insert delete };
-		allow $1 unpriv_sepgsql_seq_t:db_sequence { create drop setattr };
-		allow $1 unpriv_sepgsql_view_t:db_view { create drop setattr };
-		allow $1 unpriv_sepgsql_proc_exec_t:db_procedure { create drop setattr };
-	')
+	type_transition $1 sepgsql_trusted_proc_exec_t:process sepgsql_trusted_proc_t;
+	allow $1 sepgsql_trusted_proc_t:process transition;
+
+	allow $1 unpriv_sepgsql_blob_t:db_blob { create drop getattr setattr read write import export };
+	type_transition $1 sepgsql_database_type:db_blob unpriv_sepgsql_blob_t;
+
+	allow $1 unpriv_sepgsql_proc_exec_t:db_procedure { getattr execute };
+	type_transition $1 sepgsql_schema_type:db_procedure unpriv_sepgsql_proc_exec_t;
+
 	allow $1 unpriv_sepgsql_schema_t:db_schema { getattr add_name remove_name };
 	type_transition $1 sepgsql_database_type:db_schema unpriv_sepgsql_schema_t;
 	type_transition $1 sepgsql_database_type:db_schema sepgsql_temp_object_t "pg_temp";
@ -512,17 +509,22 @@ interface(`postgresql_unpriv_client',`
 	allow $1 unpriv_sepgsql_seq_t:db_sequence { getattr get_value next_value set_value };
 	type_transition $1 sepgsql_schema_type:db_sequence unpriv_sepgsql_seq_t;

-	allow $1 unpriv_sepgsql_view_t:db_view { getattr expand };
-	type_transition $1 sepgsql_schema_type:db_view unpriv_sepgsql_view_t;
-
 	allow $1 unpriv_sepgsql_sysobj_t:db_tuple { use select };
 	type_transition $1 sepgsql_sysobj_table_type:db_tuple unpriv_sepgsql_sysobj_t;

-	allow $1 unpriv_sepgsql_proc_exec_t:db_procedure { getattr execute };
-	type_transition $1 sepgsql_schema_type:db_procedure unpriv_sepgsql_proc_exec_t;
+	allow $1 unpriv_sepgsql_view_t:db_view { getattr expand };
+	type_transition $1 sepgsql_schema_type:db_view unpriv_sepgsql_view_t;

-	allow $1 unpriv_sepgsql_blob_t:db_blob { create drop getattr setattr read write import export };
-	type_transition $1 sepgsql_database_type:db_blob unpriv_sepgsql_blob_t;
+
+	tunable_policy(`sepgsql_enable_users_ddl',`
+		allow $1 unpriv_sepgsql_schema_t:db_schema { create drop setattr };
+		allow $1 unpriv_sepgsql_table_t:db_table { create drop setattr };
+		allow $1 unpriv_sepgsql_table_t:db_column { create drop setattr };
+		allow $1 unpriv_sepgsql_sysobj_t:db_tuple { update insert delete };
+		allow $1 unpriv_sepgsql_seq_t:db_sequence { create drop setattr };
+		allow $1 unpriv_sepgsql_view_t:db_view { create drop setattr };
+		allow $1 unpriv_sepgsql_proc_exec_t:db_procedure { create drop setattr };
+	')
 ')

 ########################################
--- a/policy/modules/services/postgresql.te
+++ b/policy/modules/services/postgresql.te
@ -25,13 +25,6 @@ gen_require(`
 ## </desc>
 gen_tunable(sepgsql_enable_users_ddl, true)

-## <desc>
-## <p>
-## Allow database admins to execute DML statement
-## </p>
-## </desc>
-gen_tunable(sepgsql_unconfined_dbadm, true)
-
 ## <desc>
 ## <p>
 ## Allow transmit client label to foreign database
@ -39,6 +32,13 @@ gen_tunable(sepgsql_unconfined_dbadm, true)
 ## </desc>
 gen_tunable(sepgsql_transmit_client_label, false)

+## <desc>
+## <p>
+## Allow database admins to execute DML statement
+## </p>
+## </desc>
+gen_tunable(sepgsql_unconfined_dbadm, true)
+
 type postgresql_t;
 type postgresql_exec_t;
 init_daemon_domain(postgresql_t, postgresql_exec_t)
@ -132,38 +132,13 @@ postgresql_table_object(sepgsql_table_t)
 type sepgsql_trusted_proc_exec_t;
 postgresql_trusted_procedure_object(sepgsql_trusted_proc_exec_t)

-type sepgsql_ranged_proc_exec_t;
-postgresql_trusted_procedure_object(sepgsql_ranged_proc_exec_t)
-
-type sepgsql_view_t;
-postgresql_view_object(sepgsql_view_t)
-
-# Trusted Procedure Domain
-type sepgsql_trusted_proc_t;
-domain_type(sepgsql_trusted_proc_t)
-postgresql_unconfined(sepgsql_trusted_proc_t)
-role system_r types sepgsql_trusted_proc_t;
-
 # Ranged Trusted Procedure Domain
-#
-# XXX - the purpose of this domain is to switch security context of
-# the database client using dynamic domain transition; typically,
-# used for connection pooling software that shall assign a security
-# context at beginning of the user session based on the credentials
-# being invisible from unprivileged domains.
-#
 type sepgsql_ranged_proc_t;
 domain_type(sepgsql_ranged_proc_t)
-postgresql_unconfined(sepgsql_ranged_proc_t)
-domain_dyntrans_type(sepgsql_ranged_proc_t)
-allow sepgsql_ranged_proc_t self:process { setcurrent };
 role system_r types sepgsql_ranged_proc_t;
-optional_policy(`
-	mcs_process_set_categories(sepgsql_ranged_proc_t)
-')
-optional_policy(`
-	mls_process_set_level(sepgsql_ranged_proc_t)
-')
+
+type sepgsql_ranged_proc_exec_t;
+postgresql_trusted_procedure_object(sepgsql_ranged_proc_exec_t)

 # Types for temporary objects
 #
@ -172,12 +147,20 @@ optional_policy(`
 # operations on temporary object. For policy simplification, only one type
 # is defined for temporary objects under the "pg_temp" schema.
 type sepgsql_temp_object_t;
-
 postgresql_table_object(sepgsql_temp_object_t)
 postgresql_sequence_object(sepgsql_temp_object_t)
 postgresql_view_object(sepgsql_temp_object_t)
 postgresql_procedure_object(sepgsql_temp_object_t)

+# Trusted Procedure Domain
+type sepgsql_trusted_proc_t;
+domain_type(sepgsql_trusted_proc_t)
+postgresql_unconfined(sepgsql_trusted_proc_t)
+role system_r types sepgsql_trusted_proc_t;
+
+type sepgsql_view_t;
+postgresql_view_object(sepgsql_view_t)
+
 # Types for unprivileged client
 type unpriv_sepgsql_blob_t;
 postgresql_blob_object(unpriv_sepgsql_blob_t)
@ -416,6 +399,26 @@ optional_policy(`
 	udev_read_db(postgresql_t)
 ')

+########################################
+#
+# Ranged Trusted Procedure Domain
+#
+# XXX - the purpose of this domain is to switch security context of
+# the database client using dynamic domain transition; typically,
+# used for connection pooling software that shall assign a security
+# context at beginning of the user session based on the credentials
+# being invisible from unprivileged domains.
+#
+allow sepgsql_ranged_proc_t self:process setcurrent;
+
+domain_dyntrans_type(sepgsql_ranged_proc_t)
+
+mcs_process_set_categories(sepgsql_ranged_proc_t)
+
+mls_process_set_level(sepgsql_ranged_proc_t)
+
+postgresql_unconfined(sepgsql_ranged_proc_t)
+
 ########################################
 #
 # Rules common to all clients
@ -518,6 +521,8 @@ allow sepgsql_admin_type sepgsql_proc_exec_t:db_procedure execute;

 type_transition sepgsql_admin_type sepgsql_schema_type:db_procedure sepgsql_proc_exec_t;

+allow sepgsql_admin_type sepgsql_temp_object_t:{db_schema db_table db_column db_tuple db_sequence db_view db_procedure} ~{ relabelto relabelfrom };
+
 allow sepgsql_admin_type sepgsql_language_type:db_language { create drop getattr setattr relabelfrom relabelto execute };

 type_transition sepgsql_admin_type sepgsql_database_type:db_language sepgsql_lang_t;
@ -548,8 +553,6 @@ tunable_policy(`sepgsql_unconfined_dbadm',`
 	allow sepgsql_admin_type sepgsql_blob_type:db_blob *;
 ')

-allow sepgsql_admin_type sepgsql_temp_object_t:{db_schema db_table db_column db_tuple db_sequence db_view db_procedure} ~{ relabelto relabelfrom };
-
 ########################################
 #
 # Unconfined access to this module