[selinux-policy/f14/master] - Add sepgsql fixes from KaiGai Kohei
Miroslav Grepl
mgrepl at fedoraproject.org
Wed Jan 19 16:51:01 UTC 2011
commit fad6c15e349ea9ad30f8238252f68596d253580b
Author: Miroslav Grepl <mgrepl at redhat.com>
Date: Wed Jan 19 17:51:00 2011 +0000
- Add sepgsql fixes from KaiGai Kohei
policy-F14.patch | 908 ++++++++++++++++++++++++++++++++++++++++++++++++---
selinux-policy.spec | 6 +-
2 files changed, 871 insertions(+), 43 deletions(-)
---
diff --git a/policy-F14.patch b/policy-F14.patch
index 7836b88..ed39dca 100644
--- a/policy-F14.patch
+++ b/policy-F14.patch
@@ -1,12 +1,144 @@
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/sepgsql_contexts serefpolicy-3.9.7/config/appconfig-mcs/sepgsql_contexts
+--- nsaserefpolicy/config/appconfig-mcs/sepgsql_contexts 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.9.7/config/appconfig-mcs/sepgsql_contexts 2011-01-19 17:48:56.469042251 +0100
+@@ -0,0 +1,40 @@
++#
++# Initial security label for SE-PostgreSQL (MCS)
++#
++
++# <databases>
++db_database * system_u:object_r:sepgsql_db_t:s0
++
++# <schemas>
++db_schema *.* system_u:object_r:sepgsql_schema_t:s0
++
++# <tables>
++db_table *.pg_catalog.* system_u:object_r:sepgsql_sysobj_t:s0
++db_table *.*.* system_u:object_r:sepgsql_table_t:s0
++
++# <column>
++db_column *.pg_catalog.*.* system_u:object_r:sepgsql_sysobj_t:s0
++db_column *.*.*.* system_u:object_r:sepgsql_table_t:s0
++
++# <sequences>
++db_sequence *.*.* system_u:object_r:sepgsql_seq_t:s0
++
++# <views>
++db_view *.*.* system_u:object_r:sepgsql_view_t:s0
++
++# <procedures>
++db_procedure *.*.* system_u:object_r:sepgsql_proc_exec_t:s0
++
++# <tuples>
++db_tuple *.pg_catalog.* system_u:object_r:sepgsql_sysobj_t:s0
++db_tuple *.*.* system_u:object_r:sepgsql_table_t:s0
++
++# <blobs>
++db_blobs *.* system_u:object_r:sepgsql_blob_t:s0
++
++# <language>
++db_language *.sql system_u:object_r:sepgsql_safe_lang_t:s0
++db_language *.plpgsql system_u:object_r:sepgsql_safe_lang_t:s0
++db_language *.pltcl system_u:object_r:sepgsql_safe_lang_t:s0
++db_language *.plperl system_u:object_r:sepgsql_safe_lang_t:s0
++db_language *.* system_u:object_r:sepgsql_lang_t:s0
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/sepgsql_contexts serefpolicy-3.9.7/config/appconfig-mls/sepgsql_contexts
+--- nsaserefpolicy/config/appconfig-mls/sepgsql_contexts 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.9.7/config/appconfig-mls/sepgsql_contexts 2011-01-19 17:48:56.469042251 +0100
+@@ -0,0 +1,40 @@
++#
++# Initial security label for SE-PostgreSQL (MLS)
++#
++
++# <databases>
++db_database * system_u:object_r:sepgsql_db_t:s0
++
++# <schemas>
++db_schema *.* system_u:object_r:sepgsql_schema_t:s0
++
++# <tables>
++db_table *.pg_catalog.* system_u:object_r:sepgsql_sysobj_t:s0
++db_table *.*.* system_u:object_r:sepgsql_table_t:s0
++
++# <column>
++db_column *.pg_catalog.*.* system_u:object_r:sepgsql_sysobj_t:s0
++db_column *.*.*.* system_u:object_r:sepgsql_table_t:s0
++
++# <sequences>
++db_sequence *.*.* system_u:object_r:sepgsql_seq_t:s0
++
++# <views>
++db_view *.*.* system_u:object_r:sepgsql_view_t:s0
++
++# <procedures>
++db_procedure *.*.* system_u:object_r:sepgsql_proc_exec_t:s0
++
++# <tuples>
++db_tuple *.pg_catalog.* system_u:object_r:sepgsql_sysobj_t:s0
++db_tuple *.*.* system_u:object_r:sepgsql_table_t:s0
++
++# <blobs>
++db_blobs *.* system_u:object_r:sepgsql_blob_t:s0
++
++# <language>
++db_language *.sql system_u:object_r:sepgsql_safe_lang_t:s0
++db_language *.plpgsql system_u:object_r:sepgsql_safe_lang_t:s0
++db_language *.pltcl system_u:object_r:sepgsql_safe_lang_t:s0
++db_language *.plperl system_u:object_r:sepgsql_safe_lang_t:s0
++db_language *.* system_u:object_r:sepgsql_lang_t:s0
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-standard/sepgsql_contexts serefpolicy-3.9.7/config/appconfig-standard/sepgsql_contexts
+--- nsaserefpolicy/config/appconfig-standard/sepgsql_contexts 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.9.7/config/appconfig-standard/sepgsql_contexts 2011-01-19 17:48:56.473040798 +0100
+@@ -0,0 +1,40 @@
++#
++# Initial security label for SE-PostgreSQL (none-MLS)
++#
++
++# <databases>
++db_database * system_u:object_r:sepgsql_db_t
++
++# <schemas>
++db_schema *.* system_u:object_r:sepgsql_schema_t
++
++# <tables>
++db_table *.pg_catalog.* system_u:object_r:sepgsql_sysobj_t
++db_table *.*.* system_u:object_r:sepgsql_table_t
++
++# <column>
++db_column *.pg_catalog.*.* system_u:object_r:sepgsql_sysobj_t
++db_column *.*.*.* system_u:object_r:sepgsql_table_t
++
++# <sequences>
++db_sequence *.*.* system_u:object_r:sepgsql_seq_t
++
++# <views>
++db_view *.*.* system_u:object_r:sepgsql_view_t
++
++# <procedures>
++db_procedure *.*.* system_u:object_r:sepgsql_proc_exec_t
++
++# <tuples>
++db_tuple *.pg_catalog.* system_u:object_r:sepgsql_sysobj_t
++db_tuple *.*.* system_u:object_r:sepgsql_table_t
++
++# <blobs>
++db_blobs *.* system_u:object_r:sepgsql_blob_t
++
++# <language>
++db_language *.sql system_u:object_r:sepgsql_safe_lang_t
++db_language *.plpgsql system_u:object_r:sepgsql_safe_lang_t
++db_language *.pltcl system_u:object_r:sepgsql_safe_lang_t
++db_language *.plperl system_u:object_r:sepgsql_safe_lang_t
++db_language *.* system_u:object_r:sepgsql_lang_t
diff --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-3.9.7/Makefile
--- nsaserefpolicy/Makefile 2010-10-12 22:42:47.000000000 +0200
-+++ serefpolicy-3.9.7/Makefile 2010-11-05 14:02:26.394657971 +0100
++++ serefpolicy-3.9.7/Makefile 2011-01-19 17:48:56.474041360 +0100
@@ -248,7 +248,7 @@
appdir := $(contextpath)
user_default_contexts := $(wildcard config/appconfig-$(TYPE)/*_default_contexts)
user_default_contexts_names := $(addprefix $(contextpath)/users/,$(subst _default_contexts,,$(notdir $(user_default_contexts))))
-appfiles := $(addprefix $(appdir)/,default_contexts default_type initrc_context failsafe_context userhelper_context removable_context dbus_contexts x_contexts customizable_types securetty_types) $(contextpath)/files/media $(user_default_contexts_names)
-+appfiles := $(addprefix $(appdir)/,default_contexts default_type initrc_context failsafe_context userhelper_context removable_context dbus_contexts x_contexts customizable_types securetty_types virtual_image_context virtual_domain_context) $(contextpath)/files/media $(user_default_contexts_names)
++appfiles := $(addprefix $(appdir)/,default_contexts default_type initrc_context failsafe_context userhelper_context removable_context dbus_contexts sepgsql_contexts x_contexts customizable_types securetty_types virtual_image_context virtual_domain_context) $(contextpath)/files/media $(user_default_contexts_names)
net_contexts := $(builddir)net_contexts
all_layers := $(shell find $(wildcard $(moddir)/*) -maxdepth 0 -type d)
@@ -146,7 +278,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/git_selinux.8 seref
+selinux(8), git(8), chcon(1), semodule(8), setsebool(8)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/flask/access_vectors serefpolicy-3.9.7/policy/flask/access_vectors
--- nsaserefpolicy/policy/flask/access_vectors 2010-10-12 22:42:51.000000000 +0200
-+++ serefpolicy-3.9.7/policy/flask/access_vectors 2010-11-05 14:02:26.397649323 +0100
++++ serefpolicy-3.9.7/policy/flask/access_vectors 2011-01-19 17:46:31.654042362 +0100
@@ -27,6 +27,8 @@
swapon
quotaon
@@ -179,6 +311,54 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/flask/access_vectors
open
}
+@@ -816,3 +819,33 @@
+
+ class x_keyboard
+ inherits x_device
++
++class db_schema
++inherits database
++{
++ search
++ add_name
++ remove_name
++}
++
++class db_view
++inherits database
++{
++ expand
++}
++
++class db_sequence
++inherits database
++{
++ get_value
++ next_value
++ set_value
++}
++
++class db_language
++inherits database
++{
++ implement
++ execute
++}
++
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/flask/security_classes serefpolicy-3.9.7/policy/flask/security_classes
+--- nsaserefpolicy/policy/flask/security_classes 2010-10-12 22:42:51.000000000 +0200
++++ serefpolicy-3.9.7/policy/flask/security_classes 2011-01-19 17:46:49.461042109 +0100
+@@ -125,4 +125,10 @@
+ class x_pointer # userspace
+ class x_keyboard # userspace
+
++# More Database stuff
++class db_schema # userspace
++class db_view # userspace
++class db_sequence # userspace
++class db_language # userspace
++
+ # FLASK
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables serefpolicy-3.9.7/policy/global_tunables
--- nsaserefpolicy/policy/global_tunables 2010-10-12 22:42:51.000000000 +0200
+++ serefpolicy-3.9.7/policy/global_tunables 2010-11-05 14:02:26.398662249 +0100
@@ -250,7 +430,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables seref
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mcs serefpolicy-3.9.7/policy/mcs
--- nsaserefpolicy/policy/mcs 2010-10-12 22:42:51.000000000 +0200
-+++ serefpolicy-3.9.7/policy/mcs 2010-11-05 14:02:26.399651707 +0100
++++ serefpolicy-3.9.7/policy/mcs 2011-01-19 17:48:56.475041433 +0100
@@ -86,10 +86,10 @@
(( h1 dom h2 ) and ( l2 eq h2 ));
@@ -264,7 +444,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mcs serefpolicy-3.9.7
(( h1 dom h2 ) and ( l2 eq h2 ));
mlsconstrain process { transition dyntransition }
-@@ -101,6 +101,9 @@
+@@ -101,13 +101,16 @@
mlsconstrain process { sigkill sigstop }
(( h1 dom h2 ) or ( t1 == mcskillall ));
@@ -274,6 +454,166 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mcs serefpolicy-3.9.7
#
# MCS policy for SELinux-enabled databases
#
+
+ # Any database object must be dominated by the relabeling subject
+ # clearance, also the objects are single-level.
+-mlsconstrain { db_database db_table db_procedure db_column db_blob } { create relabelto }
++mlsconstrain { db_database db_schema db_table db_sequence db_view db_procedure db_language db_column db_blob } { create relabelto }
+ (( h1 dom h2 ) and ( l2 eq h2 ));
+
+ mlsconstrain { db_tuple } { insert relabelto }
+@@ -117,6 +120,9 @@
+ mlsconstrain db_database { drop getattr setattr relabelfrom access install_module load_module get_param set_param }
+ ( h1 dom h2 );
+
++mlsconstrain db_language { drop getattr setattr relabelfrom execute }
++ ( h1 dom h2 );
++
+ mlsconstrain db_table { drop getattr setattr relabelfrom select update insert delete use lock }
+ ( h1 dom h2 );
+
+@@ -126,9 +132,19 @@
+ mlsconstrain db_tuple { relabelfrom select update delete use }
+ ( h1 dom h2 );
+
+-mlsconstrain db_procedure { drop getattr setattr execute install }
++mlsconstrain db_sequence { drop getattr setattr relabelfrom get_value next_value set_value }
++ ( h1 dom h2 );
++
++mlsconstrain db_view { drop getattr setattr relabelfrom expand }
+ ( h1 dom h2 );
+
++mlsconstrain db_procedure { drop getattr setattr relabelfrom execute install }
++ ( h1 dom h2 );
++
++mlsconstrain db_language { drop getattr setattr relabelfrom execute }
++ ( h1 dom h2 );
++
++
+ mlsconstrain db_blob { drop getattr setattr relabelfrom read write import export }
+ ( h1 dom h2 );
+
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mls serefpolicy-3.9.7/policy/mls
+--- nsaserefpolicy/policy/mls 2010-10-12 22:42:51.000000000 +0200
++++ serefpolicy-3.9.7/policy/mls 2011-01-19 17:48:56.476041227 +0100
+@@ -727,13 +727,13 @@
+ #
+
+ # make sure these database classes are "single level"
+-mlsconstrain { db_database db_table db_procedure db_column db_blob } { create relabelto }
++mlsconstrain { db_database db_schema db_table db_sequence db_view db_procedure db_language db_column db_blob } { create relabelto }
+ ( l2 eq h2 );
+ mlsconstrain { db_tuple } { insert relabelto }
+ ( l2 eq h2 );
+
+ # new database labels must be dominated by the relabeling subjects clearance
+-mlsconstrain { db_database db_table db_procedure db_column db_tuple db_blob } { relabelto }
++mlsconstrain { db_database db_schema db_table db_sequence db_view db_procedure db_language db_column db_tuple db_blob } { relabelto }
+ ( h1 dom h2 );
+
+ # the database "read" ops (note the check is dominance of the low level)
+@@ -743,6 +743,12 @@
+ ( t1 == mlsdbread ) or
+ ( t2 == mlstrustedobject ));
+
++mlsconstrain { db_schema } { getattr search }
++ (( l1 dom l2 ) or
++ (( t1 == mlsdbreadtoclr ) and ( h1 dom l2 )) or
++ ( t1 == mlsdbread ) or
++ ( t2 == mlstrustedobject ));
++
+ mlsconstrain { db_table } { getattr use select lock }
+ (( l1 dom l2 ) or
+ (( t1 == mlsdbreadtoclr ) and ( h1 dom l2 )) or
+@@ -755,12 +761,30 @@
+ ( t1 == mlsdbread ) or
+ ( t2 == mlstrustedobject ));
+
++mlsconstrain { db_sequence } { getattr get_value next_value }
++ (( l1 dom l2 ) or
++ (( t1 == mlsdbreadtoclr ) and ( h1 dom l2 )) or
++ ( t1 == mlsdbread ) or
++ ( t2 == mlstrustedobject ));
++
++mlsconstrain { db_view } { getattr expand }
++ (( l1 dom l2 ) or
++ (( t1 == mlsdbreadtoclr ) and ( h1 dom l2 )) or
++ ( t1 == mlsdbread ) or
++ ( t2 == mlstrustedobject ));
++
+ mlsconstrain { db_procedure } { getattr execute install }
+ (( l1 dom l2 ) or
+ (( t1 == mlsdbreadtoclr ) and ( h1 dom l2 )) or
+ ( t1 == mlsdbread ) or
+ ( t2 == mlstrustedobject ));
+
++mlsconstrain { db_language } { getattr execute }
++ (( l1 dom l2 ) or
++ (( t1 == mlsdbreadtoclr ) and ( h1 dom l2 )) or
++ ( t1 == mlsdbread ) or
++ ( t2 == mlstrustedobject ));
++
+ mlsconstrain { db_blob } { getattr read export }
+ (( l1 dom l2 ) or
+ (( t1 == mlsdbreadtoclr ) and ( h1 dom l2 )) or
+@@ -781,6 +805,13 @@
+ ( t1 == mlsdbwrite ) or
+ ( t2 == mlstrustedobject ));
+
++mlsconstrain { db_schema } { create drop setattr relabelfrom add_name remove_name }
++ (( l1 eq l2 ) or
++ (( t1 == mlsdbwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
++ (( t2 == mlsdbwriteinrange ) and ( l1 dom l2 ) and ( h1 domby h2 )) or
++ ( t1 == mlsdbwrite ) or
++ ( t2 == mlstrustedobject ));
++
+ mlsconstrain { db_table } { create drop setattr relabelfrom update insert delete }
+ (( l1 eq l2 ) or
+ (( t1 == mlsdbwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
+@@ -795,6 +826,20 @@
+ ( t1 == mlsdbwrite ) or
+ ( t2 == mlstrustedobject ));
+
++mlsconstrain { db_sequence } { create drop setattr relabelfrom set_value }
++ (( l1 eq l2 ) or
++ (( t1 == mlsdbwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
++ (( t2 == mlsdbwriteinrange ) and ( l1 dom l2 ) and ( h1 domby h2 )) or
++ ( t1 == mlsdbwrite ) or
++ ( t2 == mlstrustedobject ));
++
++mlsconstrain { db_view } { create drop setattr relabelfrom }
++ (( l1 eq l2 ) or
++ (( t1 == mlsdbwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
++ (( t2 == mlsdbwriteinrange ) and ( l1 dom l2 ) and ( h1 domby h2 )) or
++ ( t1 == mlsdbwrite ) or
++ ( t2 == mlstrustedobject ));
++
+ mlsconstrain { db_procedure } { create drop setattr relabelfrom }
+ (( l1 eq l2 ) or
+ (( t1 == mlsdbwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
+@@ -802,6 +847,13 @@
+ ( t1 == mlsdbwrite ) or
+ ( t2 == mlstrustedobject ));
+
++mlsconstrain { db_language } { create drop setattr relabelfrom }
++ (( l1 eq l2 ) or
++ (( t1 == mlsdbwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
++ (( t2 == mlsdbwriteinrange ) and ( l1 dom l2 ) and ( h1 domby h2 )) or
++ ( t1 == mlsdbwrite ) or
++ ( t2 == mlstrustedobject ));
++
+ mlsconstrain { db_blob } { create drop setattr relabelfrom write import }
+ (( l1 eq l2 ) or
+ (( t1 == mlsdbwritetoclr ) and ( h1 dom l2 ) and ( l1 domby l2 )) or
+@@ -817,7 +869,7 @@
+ ( t2 == mlstrustedobject ));
+
+ # the database upgrade/downgrade rule
+-mlsvalidatetrans { db_database db_table db_procedure db_column db_tuple db_blob }
++mlsvalidatetrans { db_database db_schema db_table db_sequence db_view db_procedure db_language db_column db_tuple db_blob }
+ ((( l1 eq l2 ) or
+ (( t3 == mlsdbupgrade ) and ( l1 domby l2 )) or
+ (( t3 == mlsdbdowngrade ) and ( l1 dom l2 )) or
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/acct.if serefpolicy-3.9.7/policy/modules/admin/acct.if
--- nsaserefpolicy/policy/modules/admin/acct.if 2010-10-12 22:42:51.000000000 +0200
+++ serefpolicy-3.9.7/policy/modules/admin/acct.if 2010-12-22 13:20:41.408042200 +0100
@@ -10547,7 +10887,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesy
#
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-3.9.7/policy/modules/kernel/kernel.if
--- nsaserefpolicy/policy/modules/kernel/kernel.if 2010-10-12 22:42:50.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/kernel/kernel.if 2011-01-19 17:02:58.261042200 +0100
++++ serefpolicy-3.9.7/policy/modules/kernel/kernel.if 2011-01-19 17:48:56.478041164 +0100
@@ -698,6 +698,46 @@
########################################
@@ -10629,7 +10969,32 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel
########################################
## <summary>
## Do not audit attempts by caller to get attributes for
-@@ -2845,6 +2903,24 @@
+@@ -2828,16 +2886,24 @@
+ gen_require(`
+ type unlabeled_t;
+ class db_database { setattr relabelfrom };
++ class db_schema { setattr relabelfrom };
+ class db_table { setattr relabelfrom };
++ class db_sequence { setattr relabelfrom };
++ class db_view { setattr relabelfrom };
+ class db_procedure { setattr relabelfrom };
++ class db_language { setattr relabelfrom };
+ class db_column { setattr relabelfrom };
+ class db_tuple { update relabelfrom };
+ class db_blob { setattr relabelfrom };
+ ')
+
+ allow $1 unlabeled_t:db_database { setattr relabelfrom };
++ allow $1 unlabeled_t:db_schema { setattr relabelfrom };
+ allow $1 unlabeled_t:db_table { setattr relabelfrom };
++ allow $1 unlabeled_t:db_sequence { setattr relabelfrom };
++ allow $1 unlabeled_t:db_view { setattr relabelfrom };
+ allow $1 unlabeled_t:db_procedure { setattr relabelfrom };
++ allow $1 unlabeled_t:db_language { setattr relabelfrom };
+ allow $1 unlabeled_t:db_column { setattr relabelfrom };
+ allow $1 unlabeled_t:db_tuple { update relabelfrom };
+ allow $1 unlabeled_t:db_blob { setattr relabelfrom };
+@@ -2845,6 +2911,24 @@
########################################
## <summary>
@@ -10654,7 +11019,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel
## Unconfined access to kernel module resources.
## </summary>
## <param name="domain">
-@@ -2860,3 +2936,23 @@
+@@ -2860,3 +2944,23 @@
typeattribute $1 kern_unconfined;
')
@@ -29686,7 +30051,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
+userdom_user_home_dir_filetrans_user_home_content(postfix_virtual_t, {file dir })
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.if serefpolicy-3.9.7/policy/modules/services/postgresql.if
--- nsaserefpolicy/policy/modules/services/postgresql.if 2010-10-12 22:42:48.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/postgresql.if 2010-11-05 14:02:26.767899951 +0100
++++ serefpolicy-3.9.7/policy/modules/services/postgresql.if 2011-01-19 17:48:56.480041380 +0100
@@ -10,7 +10,7 @@
## </summary>
## </param>
@@ -29696,37 +30061,179 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
## The type of the user domain.
## </summary>
## </param>
-@@ -45,14 +45,6 @@
+@@ -18,18 +18,24 @@
+ interface(`postgresql_role',`
+ gen_require(`
+ class db_database all_db_database_perms;
++ class db_schema all_db_schema_perms;
+ class db_table all_db_table_perms;
++ class db_sequence all_db_sequence_perms;
++ class db_view all_db_view_perms;
+ class db_procedure all_db_procedure_perms;
++ class db_language all_db_language_perms;
+ class db_column all_db_column_perms;
+ class db_tuple all_db_tuple_perms;
+ class db_blob all_db_blob_perms;
+
+ attribute sepgsql_client_type, sepgsql_database_type;
+- attribute sepgsql_sysobj_table_type;
++ attribute sepgsql_schema_type, sepgsql_sysobj_table_type;
+
+ type sepgsql_trusted_proc_exec_t, sepgsql_trusted_proc_t;
+ type user_sepgsql_blob_t, user_sepgsql_proc_exec_t;
++ type user_sepgsql_schema_t, user_sepgsql_seq_t;
+ type user_sepgsql_sysobj_t, user_sepgsql_table_t;
++ type user_sepgsql_view_t;
+ ')
+
+ ########################################
+@@ -45,30 +51,44 @@
# Client local policy
#
- tunable_policy(`sepgsql_enable_users_ddl',`
- allow $2 user_sepgsql_table_t:db_table { create drop setattr };
- allow $2 user_sepgsql_table_t:db_column { create drop setattr };
--
+
- allow $2 user_sepgsql_sysobj_t:db_tuple { update insert delete };
- allow $2 user_sepgsql_proc_exec_t:db_procedure { create drop setattr };
- ')
--
++ allow $2 user_sepgsql_schema_t:db_schema { getattr search add_name remove_name };
++ type_transition $2 sepgsql_database_type:db_schema user_sepgsql_schema_t;
+
allow $2 user_sepgsql_table_t:db_table { getattr use select update insert delete lock };
allow $2 user_sepgsql_table_t:db_column { getattr use select update insert };
allow $2 user_sepgsql_table_t:db_tuple { use select update insert delete };
-@@ -69,6 +61,14 @@
+- type_transition $2 sepgsql_database_type:db_table user_sepgsql_table_t;
++ type_transition $2 sepgsql_database_type:db_table user_sepgsql_table_t; # deprecated
++ type_transition $2 sepgsql_schema_type:db_table user_sepgsql_table_t;
+
+ allow $2 user_sepgsql_sysobj_t:db_tuple { use select };
+ type_transition $2 sepgsql_sysobj_table_type:db_tuple user_sepgsql_sysobj_t;
+
++ allow $2 user_sepgsql_seq_t:db_sequence { getattr get_value next_value };
++ type_transition $2 sepgsql_schema_type:db_sequence user_sepgsql_seq_t;
++
++ allow $2 user_sepgsql_view_t:db_view { getattr expand };
++ type_transition $2 sepgsql_schema_type:db_view user_sepgsql_view_t;
++
+ allow $2 user_sepgsql_proc_exec_t:db_procedure { getattr execute };
+- type_transition $2 sepgsql_database_type:db_procedure user_sepgsql_proc_exec_t;
++ type_transition $2 sepgsql_database_type:db_procedure user_sepgsql_proc_exec_t; # deprecated
++ type_transition $2 sepgsql_schema_type:db_procedure user_sepgsql_proc_exec_t;
+
+ allow $2 user_sepgsql_blob_t:db_blob { create drop getattr setattr read write import export };
+ type_transition $2 sepgsql_database_type:db_blob user_sepgsql_blob_t;
allow $2 sepgsql_trusted_proc_t:process transition;
type_transition $2 sepgsql_trusted_proc_exec_t:process sepgsql_trusted_proc_t;
+
+ tunable_policy(`sepgsql_enable_users_ddl',`
++ allow $2 user_sepgsql_schema_t:db_schema { create drop setattr };
+ allow $2 user_sepgsql_table_t:db_table { create drop setattr };
+ allow $2 user_sepgsql_table_t:db_column { create drop setattr };
-+
+ allow $2 user_sepgsql_sysobj_t:db_tuple { update insert delete };
++ allow $2 user_sepgsql_seq_t:db_sequence { create drop setattr set_value };
++ allow $2 user_sepgsql_view_t:db_view { create drop setattr };
+ allow $2 user_sepgsql_proc_exec_t:db_procedure { create drop setattr };
+ ')
')
########################################
-@@ -195,7 +195,7 @@
+@@ -109,6 +129,24 @@
+
+ ########################################
+ ## <summary>
++## Marks as a SE-PostgreSQL schema object type
++## </summary>
++## <param name="type">
++## <summary>
++## Type marked as a schema object type.
++## </summary>
++## </param>
++#
++interface(`postgresql_schema_object',`
++ gen_require(`
++ attribute sepgsql_schema_type;
++ ')
++
++ typeattribute $1 sepgsql_schema_type;
++')
++
++########################################
++## <summary>
+ ## Marks as a SE-PostgreSQL table/column/tuple object type
+ ## </summary>
+ ## <param name="type">
+@@ -146,6 +184,42 @@
+
+ ########################################
+ ## <summary>
++## Marks as a SE-PostgreSQL sequence type
++## </summary>
++## <param name="type">
++## <summary>
++## Type marked as a sequence type.
++## </summary>
++## </param>
++#
++interface(`postgresql_sequence_object',`
++ gen_require(`
++ attribute sepgsql_sequence_type;
++ ')
++
++ typeattribute $1 sepgsql_sequence_type;
++')
++
++########################################
++## <summary>
++## Marks as a SE-PostgreSQL view object type
++## </summary>
++## <param name="type">
++## <summary>
++## Type marked as a view object type.
++## </summary>
++## </param>
++#
++interface(`postgresql_view_object',`
++ gen_require(`
++ attribute sepgsql_view_type;
++ ')
++
++ typeattribute $1 sepgsql_view_type;
++')
++
++########################################
++## <summary>
+ ## Marks as a SE-PostgreSQL procedure object type
+ ## </summary>
+ ## <param name="type">
+@@ -164,6 +238,24 @@
+
+ ########################################
+ ## <summary>
++## Marks as a SE-PostgreSQL procedural language object type
++## </summary>
++## <param name="type">
++## <summary>
++## Type marked as a procedural language object type.
++## </summary>
++## </param>
++#
++interface(`postgresql_language_object',`
++ gen_require(`
++ attribute sepgsql_language_type;
++ ')
++
++ typeattribute $1 sepgsql_language_type;
++')
++
++########################################
++## <summary>
+ ## Marks as a SE-PostgreSQL binary large object type
+ ## </summary>
+ ## <param name="type">
+@@ -195,7 +287,7 @@
type postgresql_db_t;
')
@@ -29735,7 +30242,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
')
########################################
-@@ -207,6 +207,7 @@
+@@ -207,6 +299,7 @@
## Domain allowed access.
## </summary>
## </param>
@@ -29743,7 +30250,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
interface(`postgresql_manage_db',`
gen_require(`
type postgresql_db_t;
-@@ -214,7 +215,7 @@
+@@ -214,7 +307,7 @@
allow $1 postgresql_db_t:dir rw_dir_perms;
allow $1 postgresql_db_t:file rw_file_perms;
@@ -29752,7 +30259,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
')
########################################
-@@ -304,7 +305,6 @@
+@@ -304,7 +397,6 @@
## Domain allowed access.
## </summary>
## </param>
@@ -29760,7 +30267,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
#
interface(`postgresql_stream_connect',`
gen_require(`
-@@ -312,10 +312,8 @@
+@@ -312,10 +404,8 @@
')
files_search_pids($1)
@@ -29773,35 +30280,77 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
')
########################################
-@@ -361,13 +359,6 @@
- type_transition $1 sepgsql_trusted_proc_exec_t:process sepgsql_trusted_proc_t;
+@@ -332,18 +422,25 @@
+ interface(`postgresql_unpriv_client',`
+ gen_require(`
+ class db_database all_db_database_perms;
++ class db_schema all_db_schema_perms;
+ class db_table all_db_table_perms;
++ class db_sequence all_db_sequence_perms;
++ class db_view all_db_view_perms;
+ class db_procedure all_db_procedure_perms;
++ class db_language all_db_language_perms;
+ class db_column all_db_column_perms;
+ class db_tuple all_db_tuple_perms;
+ class db_blob all_db_blob_perms;
+
+ attribute sepgsql_client_type;
+- attribute sepgsql_database_type, sepgsql_sysobj_table_type;
++ attribute sepgsql_database_type, sepgsql_schema_type;
++ attribute sepgsql_sysobj_table_type;
+
+ type sepgsql_trusted_proc_t, sepgsql_trusted_proc_exec_t;
+ type unpriv_sepgsql_blob_t, unpriv_sepgsql_proc_exec_t;
++ type unpriv_sepgsql_schema_t, unpriv_sepgsql_seq_t;
+ type unpriv_sepgsql_sysobj_t, unpriv_sepgsql_table_t;
++ type unpriv_sepgsql_view_t;
+ ')
+
+ ########################################
+@@ -362,25 +459,40 @@
allow $1 sepgsql_trusted_proc_t:process transition;
-- tunable_policy(`sepgsql_enable_users_ddl',`
-- allow $1 unpriv_sepgsql_table_t:db_table { create drop setattr };
-- allow $1 unpriv_sepgsql_table_t:db_column { create drop setattr };
-- allow $1 unpriv_sepgsql_sysobj_t:db_tuple { update insert delete };
-- allow $1 unpriv_sepgsql_proc_exec_t:db_procedure { create drop setattr };
-- ')
--
+ tunable_policy(`sepgsql_enable_users_ddl',`
++ allow $1 unpriv_sepgsql_schema_t:db_schema { create drop setattr };
+ allow $1 unpriv_sepgsql_table_t:db_table { create drop setattr };
+ allow $1 unpriv_sepgsql_table_t:db_column { create drop setattr };
+ allow $1 unpriv_sepgsql_sysobj_t:db_tuple { update insert delete };
++ allow $1 unpriv_sepgsql_seq_t:db_sequence { create drop setattr };
++ allow $1 unpriv_sepgsql_view_t:db_view { create drop setattr };
+ allow $1 unpriv_sepgsql_proc_exec_t:db_procedure { create drop setattr };
+ ')
+
++ allow $1 unpriv_sepgsql_schema_t:db_schema { getattr add_name remove_name };
++ type_transition $1 sepgsql_database_type:db_schema unpriv_sepgsql_schema_t;
++
allow $1 unpriv_sepgsql_table_t:db_table { getattr use select update insert delete lock };
allow $1 unpriv_sepgsql_table_t:db_column { getattr use select update insert };
allow $1 unpriv_sepgsql_table_t:db_tuple { use select update insert delete };
-@@ -381,6 +372,13 @@
+- type_transition $1 sepgsql_database_type:db_table unpriv_sepgsql_table_t;
++ type_transition $1 sepgsql_database_type:db_table unpriv_sepgsql_table_t; # deprecated
++ type_transition $1 sepgsql_schema_type:db_table unpriv_sepgsql_table_t;
++
++ allow $1 unpriv_sepgsql_seq_t:db_sequence { getattr get_value next_value set_value };
++ type_transition $1 sepgsql_schema_type:db_sequence unpriv_sepgsql_seq_t;
++
++ allow $1 unpriv_sepgsql_view_t:db_view { getattr expand };
++ type_transition $1 sepgsql_schema_type:db_view unpriv_sepgsql_view_t;
+
+ allow $1 unpriv_sepgsql_sysobj_t:db_tuple { use select };
+ type_transition $1 sepgsql_sysobj_table_type:db_tuple unpriv_sepgsql_sysobj_t;
+
+ allow $1 unpriv_sepgsql_proc_exec_t:db_procedure { getattr execute };
+- type_transition $1 sepgsql_database_type:db_procedure unpriv_sepgsql_proc_exec_t;
++ type_transition $1 sepgsql_database_type:db_procedure unpriv_sepgsql_proc_exec_t; # deprecated
++ type_transition $1 sepgsql_schema_type:db_procedure unpriv_sepgsql_proc_exec_t;
allow $1 unpriv_sepgsql_blob_t:db_blob { create drop getattr setattr read write import export };
type_transition $1 sepgsql_database_type:db_blob unpriv_sepgsql_blob_t;
+
-+ tunable_policy(`sepgsql_enable_users_ddl',`
-+ allow $1 unpriv_sepgsql_table_t:db_table { create drop setattr };
-+ allow $1 unpriv_sepgsql_table_t:db_column { create drop setattr };
-+ allow $1 unpriv_sepgsql_sysobj_t:db_tuple { update insert delete };
-+ allow $1 unpriv_sepgsql_proc_exec_t:db_procedure { create drop setattr };
-+ ')
')
########################################
-@@ -420,13 +418,10 @@
+@@ -420,13 +532,10 @@
#
interface(`postgresql_admin',`
gen_require(`
@@ -29819,7 +30368,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
')
typeattribute $1 sepgsql_admin_type;
-@@ -439,14 +434,19 @@
+@@ -439,14 +548,19 @@
role_transition $2 postgresql_initrc_exec_t system_r;
allow $2 system_r;
@@ -29841,8 +30390,25 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
postgresql_tcp_connect($1)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.te serefpolicy-3.9.7/policy/modules/services/postgresql.te
--- nsaserefpolicy/policy/modules/services/postgresql.te 2010-10-12 22:42:49.000000000 +0200
-+++ serefpolicy-3.9.7/policy/modules/services/postgresql.te 2010-11-05 14:02:26.768900304 +0100
-@@ -15,16 +15,16 @@
++++ serefpolicy-3.9.7/policy/modules/services/postgresql.te 2011-01-19 17:48:56.482041108 +0100
+@@ -1,4 +1,4 @@
+-policy_module(postgresql, 1.11.1)
++policy_module(postgresql, 1.12.1)
+
+ gen_require(`
+ class db_database all_db_database_perms;
+@@ -7,6 +7,10 @@
+ class db_column all_db_column_perms;
+ class db_tuple all_db_tuple_perms;
+ class db_blob all_db_blob_perms;
++ class db_schema all_db_schema_perms;
++ class db_view all_db_view_perms;
++ class db_sequence all_db_sequence_perms;
++ class db_language all_db_language_perms;
+ ')
+
+ #################################
+@@ -15,16 +19,16 @@
#
## <desc>
@@ -29865,7 +30431,133 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
## </desc>
gen_tunable(sepgsql_unconfined_dbadm, true)
-@@ -185,7 +185,7 @@
+@@ -60,9 +64,13 @@
+
+ # database objects attribute
+ attribute sepgsql_database_type;
++attribute sepgsql_schema_type;
+ attribute sepgsql_table_type;
+ attribute sepgsql_sysobj_table_type;
++attribute sepgsql_sequence_type;
++attribute sepgsql_view_type;
+ attribute sepgsql_procedure_type;
++attribute sepgsql_language_type;
+ attribute sepgsql_blob_type;
+ attribute sepgsql_module_type;
+
+@@ -76,6 +84,12 @@
+ type sepgsql_fixed_table_t;
+ postgresql_table_object(sepgsql_fixed_table_t)
+
++type sepgsql_lang_t;
++postgresql_language_object(sepgsql_lang_t)
++
++type sepgsql_priv_lang_t;
++postgresql_language_object(sepgsql_priv_lang_t)
++
+ type sepgsql_proc_exec_t;
+ typealias sepgsql_proc_exec_t alias sepgsql_proc_t;
+ postgresql_procedure_object(sepgsql_proc_exec_t)
+@@ -86,12 +100,21 @@
+ type sepgsql_ro_table_t;
+ postgresql_table_object(sepgsql_ro_table_t)
+
++type sepgsql_safe_lang_t;
++postgresql_language_object(sepgsql_safe_lang_t)
++
++type sepgsql_schema_t;
++postgresql_schema_object(sepgsql_schema_t)
++
+ type sepgsql_secret_blob_t;
+ postgresql_blob_object(sepgsql_secret_blob_t)
+
+ type sepgsql_secret_table_t;
+ postgresql_table_object(sepgsql_secret_table_t)
+
++type sepgsql_seq_t;
++postgresql_sequence_object(sepgsql_seq_t)
++
+ type sepgsql_sysobj_t;
+ postgresql_system_table_object(sepgsql_sysobj_t)
+
+@@ -101,6 +124,9 @@
+ type sepgsql_trusted_proc_exec_t;
+ postgresql_procedure_object(sepgsql_trusted_proc_exec_t)
+
++type sepgsql_view_t;
++postgresql_view_object(sepgsql_view_t)
++
+ # Trusted Procedure Domain
+ type sepgsql_trusted_proc_t;
+ domain_type(sepgsql_trusted_proc_t)
+@@ -114,12 +140,21 @@
+ type unpriv_sepgsql_proc_exec_t;
+ postgresql_procedure_object(unpriv_sepgsql_proc_exec_t)
+
++type unpriv_sepgsql_schema_t;
++postgresql_schema_object(unpriv_sepgsql_schema_t);
++
++type unpriv_sepgsql_seq_t;
++postgresql_sequence_object(unpriv_sepgsql_seq_t)
++
+ type unpriv_sepgsql_sysobj_t;
+ postgresql_system_table_object(unpriv_sepgsql_sysobj_t)
+
+ type unpriv_sepgsql_table_t;
+ postgresql_table_object(unpriv_sepgsql_table_t)
+
++type unpriv_sepgsql_view_t;
++postgresql_view_object(unpriv_sepgsql_view_t)
++
+ # Types for UBAC
+ type user_sepgsql_blob_t;
+ typealias user_sepgsql_blob_t alias { staff_sepgsql_blob_t sysadm_sepgsql_blob_t };
+@@ -131,6 +166,16 @@
+ typealias user_sepgsql_proc_exec_t alias { auditadm_sepgsql_proc_exec_t secadm_sepgsql_proc_exec_t };
+ postgresql_procedure_object(user_sepgsql_proc_exec_t)
+
++type user_sepgsql_schema_t;
++typealias user_sepgsql_schema_t alias { staff_sepgsql_schema_t sysadm_sepgsql_schema_t };
++typealias user_sepgsql_schema_t alias { auditadm_sepgsql_schema_t secadm_sepgsql_schema_t };
++postgresql_schema_object(user_sepgsql_schema_t)
++
++type user_sepgsql_seq_t;
++typealias user_sepgsql_seq_t alias { staff_sepgsql_seq_t sysadm_sepgsql_seq_t };
++typealias user_sepgsql_seq_t alias { auditadm_sepgsql_seq_t secadm_sepgsql_seq_t };
++postgresql_sequence_object(user_sepgsql_seq_t)
++
+ type user_sepgsql_sysobj_t;
+ typealias user_sepgsql_sysobj_t alias { staff_sepgsql_sysobj_t sysadm_sepgsql_sysobj_t };
+ typealias user_sepgsql_sysobj_t alias { auditadm_sepgsql_sysobj_t secadm_sepgsql_sysobj_t };
+@@ -141,6 +186,11 @@
+ typealias user_sepgsql_table_t alias { auditadm_sepgsql_table_t secadm_sepgsql_table_t };
+ postgresql_table_object(user_sepgsql_table_t)
+
++type user_sepgsql_view_t;
++typealias user_sepgsql_view_t alias { staff_sepgsql_view_t sysadm_sepgsql_view_t };
++typealias user_sepgsql_view_t alias { auditadm_sepgsql_view_t secadm_sepgsql_view_t };
++postgresql_view_object(user_sepgsql_view_t)
++
+ ########################################
+ #
+ # postgresql Local policy
+@@ -165,9 +215,15 @@
+ # Database/Loadable module
+ allow sepgsql_database_type sepgsql_module_type:db_database load_module;
+
++allow postgresql_t sepgsql_schema_type:db_schema *;
++
+ allow postgresql_t sepgsql_table_type:{ db_table db_column db_tuple } *;
+ type_transition postgresql_t sepgsql_database_type:db_table sepgsql_sysobj_t;
+
++allow postgresql_t sepgsql_sequence_type:db_sequence *;
++
++allow postgresql_t sepgsql_view_type:db_view *;
++
+ allow postgresql_t sepgsql_procedure_type:db_procedure *;
+ type_transition postgresql_t sepgsql_database_type:db_procedure sepgsql_proc_exec_t;
+
+@@ -185,7 +241,7 @@
read_files_pattern(postgresql_t, postgresql_etc_t, postgresql_etc_t)
read_lnk_files_pattern(postgresql_t, postgresql_etc_t, postgresql_etc_t)
@@ -29874,7 +30566,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
can_exec(postgresql_t, postgresql_exec_t )
allow postgresql_t postgresql_lock_t:file manage_file_perms;
-@@ -251,8 +251,7 @@
+@@ -251,8 +307,7 @@
domain_use_interactive_fds(postgresql_t)
files_dontaudit_search_home(postgresql_t)
@@ -29884,6 +30576,140 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
files_read_etc_runtime_files(postgresql_t)
files_read_usr_files(postgresql_t)
+@@ -314,6 +369,8 @@
+ allow sepgsql_client_type sepgsql_db_t:db_database { getattr access get_param set_param };
+ type_transition sepgsql_client_type sepgsql_client_type:db_database sepgsql_db_t;
+
++allow sepgsql_client_type sepgsql_schema_t:db_schema { getattr search };
++
+ allow sepgsql_client_type sepgsql_fixed_table_t:db_table { getattr use select insert lock };
+ allow sepgsql_client_type sepgsql_fixed_table_t:db_column { getattr use select insert };
+ allow sepgsql_client_type sepgsql_fixed_table_t:db_tuple { use select insert };
+@@ -333,9 +390,22 @@
+ allow sepgsql_client_type sepgsql_sysobj_t:db_column { getattr use select };
+ allow sepgsql_client_type sepgsql_sysobj_t:db_tuple { use select };
+
++allow sepgsql_client_type sepgsql_seq_t:db_sequence { getattr get_value next_value };
++
++allow sepgsql_client_type sepgsql_view_t:db_view { getattr expand };
++
+ allow sepgsql_client_type sepgsql_proc_exec_t:db_procedure { getattr execute install };
+ allow sepgsql_client_type sepgsql_trusted_proc_exec_t:db_procedure { getattr execute entrypoint };
+
++allow sepgsql_client_type sepgsql_lang_t:db_language { getattr };
++allow sepgsql_client_type sepgsql_safe_lang_t:db_language { getattr execute };
++
++# Only DBA can implement SQL procedures using `unsafe' procedural languages.
++# The `unsafe' one provides a capability to access internal data structure,
++# so we don't allow user-defined function being implemented using `unsafe' one.
++allow sepgsql_proc_exec_t sepgsql_lang_t:db_language { implement };
++allow sepgsql_procedure_type sepgsql_safe_lang_t:db_language { implement };
++
+ allow sepgsql_client_type sepgsql_blob_t:db_blob { create drop getattr setattr read write };
+ allow sepgsql_client_type sepgsql_ro_blob_t:db_blob { getattr read };
+ allow sepgsql_client_type sepgsql_secret_blob_t:db_blob getattr;
+@@ -353,6 +423,13 @@
+ # Therefore, the following rule is applied for any domains which can connect SE-PostgreSQL.
+ dontaudit { postgresql_t sepgsql_admin_type sepgsql_client_type sepgsql_unconfined_type } { sepgsql_table_type -sepgsql_sysobj_table_type }:db_tuple { use select update insert delete };
+
++# Note that permission of creation/deletion are eventually controlled by
++# create or drop permission of individual objects within shared schemas.
++# So, it just allows to create/drop user specific types.
++tunable_policy(`sepgsql_enable_users_ddl',`
++ allow sepgsql_client_type sepgsql_schema_t:db_schema { add_name remove_name };
++')
++
+ ########################################
+ #
+ # Rules common to administrator clients
+@@ -361,16 +438,33 @@
+ allow sepgsql_admin_type sepgsql_database_type:db_database { create drop getattr setattr relabelfrom relabelto access };
+ type_transition sepgsql_admin_type sepgsql_admin_type:db_database sepgsql_db_t;
+
++allow sepgsql_admin_type sepgsql_schema_type:db_schema { create drop getattr setattr relabelfrom relabelto search add_name remove_name };
++type_transition sepgsql_admin_type sepgsql_database_type:db_schema sepgsql_schema_t;
++
+ allow sepgsql_admin_type sepgsql_table_type:db_table { create drop getattr setattr relabelfrom relabelto lock };
+ allow sepgsql_admin_type sepgsql_table_type:db_column { create drop getattr setattr relabelfrom relabelto };
+ allow sepgsql_admin_type sepgsql_sysobj_table_type:db_tuple { relabelfrom relabelto select update insert delete };
+
+-type_transition sepgsql_admin_type sepgsql_database_type:db_table sepgsql_table_t;
++type_transition sepgsql_admin_type sepgsql_database_type:db_table sepgsql_table_t; # deprecated
++type_transition sepgsql_admin_type sepgsql_schema_type:db_table sepgsql_table_t;
++
++allow sepgsql_admin_type sepgsql_sequence_type:db_sequence { create drop getattr setattr relabelfrom relabelto get_value next_value set_value };
++
++type_transition sepgsql_admin_type sepgsql_schema_type:db_schema sepgsql_seq_t;
++
++allow sepgsql_admin_type sepgsql_view_type:db_view { create drop getattr setattr relabelfrom relabelto expand };
++
++type_transition sepgsql_admin_type sepgsql_view_type:db_view sepgsql_view_t;
+
+ allow sepgsql_admin_type sepgsql_procedure_type:db_procedure { create drop getattr relabelfrom relabelto };
+ allow sepgsql_admin_type sepgsql_proc_exec_t:db_procedure execute;
+
+-type_transition sepgsql_admin_type sepgsql_database_type:db_procedure sepgsql_proc_exec_t;
++type_transition sepgsql_admin_type sepgsql_database_type:db_procedure sepgsql_proc_exec_t; # deprecated
++type_transition sepgsql_admin_type sepgsql_schema_type:db_procedure sepgsql_proc_exec_t;
++
++allow sepgsql_admin_type sepgsql_language_type:db_language { create drop getattr setattr relabelfrom relabelto execute };
++
++type_transition sepgsql_admin_type sepgsql_database_type:db_language sepgsql_lang_t;
+
+ allow sepgsql_admin_type sepgsql_blob_type:db_blob { create drop getattr setattr relabelfrom relabelto };
+
+@@ -383,12 +477,18 @@
+ tunable_policy(`sepgsql_unconfined_dbadm',`
+ allow sepgsql_admin_type sepgsql_database_type:db_database *;
+
++ allow sepgsql_admin_type sepgsql_schema_type:db_schema *;
++
+ allow sepgsql_admin_type sepgsql_table_type:{ db_table db_column db_tuple } *;
++ allow sepgsql_admin_type sepgsql_sequence_type:db_sequence *;
++ allow sepgsql_admin_type sepgsql_view_type:db_view *;
+
+ allow sepgsql_admin_type sepgsql_proc_exec_t:db_procedure *;
+ allow sepgsql_admin_type sepgsql_trusted_proc_exec_t:db_procedure ~install;
+ allow sepgsql_admin_type sepgsql_procedure_type:db_procedure ~{ execute install };
+
++ allow sepgsql_admin_type sepgsql_language_type:db_language ~implement;
++
+ allow sepgsql_admin_type sepgsql_blob_type:db_blob *;
+ ')
+
+@@ -400,11 +500,21 @@
+ allow sepgsql_unconfined_type sepgsql_database_type:db_database *;
+ type_transition sepgsql_unconfined_type sepgsql_unconfined_type:db_database sepgsql_db_t;
+
+-type_transition sepgsql_unconfined_type sepgsql_database_type:db_table sepgsql_table_t;
+-type_transition sepgsql_unconfined_type sepgsql_database_type:db_procedure sepgsql_proc_exec_t;
++allow sepgsql_unconfined_type sepgsql_schema_type:db_schema *;
++type_transition sepgsql_unconfined_type sepgsql_database_type:db_schema sepgsql_schema_t;
++
++type_transition sepgsql_unconfined_type sepgsql_database_type:db_table sepgsql_table_t; # deprecated
++type_transition sepgsql_unconfined_type sepgsql_database_type:db_procedure sepgsql_proc_exec_t; # deprecated
++type_transition sepgsql_unconfined_type sepgsql_schema_type:db_table sepgsql_table_t;
++type_transition sepgsql_unconfined_type sepgsql_schema_type:db_sequence sepgsql_seq_t;
++type_transition sepgsql_unconfined_type sepgsql_schema_type:db_view sepgsql_view_t;
++type_transition sepgsql_unconfined_type sepgsql_schema_type:db_procedure sepgsql_proc_exec_t;
++type_transition sepgsql_unconfined_type sepgsql_database_type:db_language sepgsql_lang_t;
+ type_transition sepgsql_unconfined_type sepgsql_database_type:db_blob sepgsql_blob_t;
+
+ allow sepgsql_unconfined_type sepgsql_table_type:{ db_table db_column db_tuple } *;
++allow sepgsql_unconfined_type sepgsql_sequence_type:db_sequence *;
++allow sepgsql_unconfined_type sepgsql_view_type:db_view *;
+
+ # unconfined domain is not allowed to invoke user defined procedure directly.
+ # They have to confirm and relabel it at first.
+@@ -412,6 +522,8 @@
+ allow sepgsql_unconfined_type sepgsql_trusted_proc_exec_t:db_procedure ~install;
+ allow sepgsql_unconfined_type sepgsql_procedure_type:db_procedure ~{ execute install };
+
++allow sepgsql_unconfined_type sepgsql_language_type:db_language ~implement;
++
+ allow sepgsql_unconfined_type sepgsql_blob_type:db_blob *;
+
+ allow sepgsql_unconfined_type sepgsql_module_type:db_database install_module;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgrey.if serefpolicy-3.9.7/policy/modules/services/postgrey.if
--- nsaserefpolicy/policy/modules/services/postgrey.if 2010-10-12 22:42:48.000000000 +0200
+++ serefpolicy-3.9.7/policy/modules/services/postgrey.if 2010-11-05 14:02:26.769900239 +0100
diff --git a/selinux-policy.spec b/selinux-policy.spec
index d4bebb1..98080c1 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -21,7 +21,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.9.7
-Release: 23%{?dist}
+Release: 24%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -472,12 +472,14 @@ exit 0
%endif
%changelog
+* Wed Jan 19 2011 Miroslav Grepl <mgrepl at redhat.com> 3.9.7-24
+- Add sepgsql fixes from KaiGai Kohei
+
* Wed Jan 19 2011 Miroslav Grepl <mgrepl at redhat.com> 3.9.7-23
- Add puppetmaster_uses_db boolean
- Add oracle ports and allow apache to connect to them if the connect_db boolean is turned on
- sandbox fixes
- Allow shorewall to read iptables conf files
-- Add sepgsql fixes from KaiGai Kohei
* Fri Jan 14 2011 Miroslav Grepl <mgrepl at redhat.com> 3.9.7-22
- Add namespace policy
More information about the scm-commits
mailing list