diff -Nrpc base/src/backend/security/sepgsql/policy/Makefile sepgsql/src/backend/security/sepgsql/policy/Makefile
*** base/src/backend/security/sepgsql/policy/Makefile Thu Jan 1 09:00:00 1970
--- sepgsql/src/backend/security/sepgsql/policy/Makefile Fri Jul 11 11:27:18 2008
***************
*** 0 ****
--- 1,41 ----
+ #
+ # contrib/sepgsql_policy/Makefile
+ # Makefile of security policy module for SE-PostgreSQL
+ #
+ top_builddir = ../../../../..
+ include $(top_builddir)/src/Makefile.global
+
+ policy_basedir := /usr/share/selinux
+ policy_makefile := $(policy_basedir)/devel/Makefile
+ policy_types := targeted mls
+ policy := $(strip $(shell $(AWK) -F= '/^SELINUXTYPE/{ print $$2 }' /etc/selinux/config))
+ package_names := sepostgresql sepostgresql-devel
+ prefix_ptn := "s/%%__prefix__%%/$(shell echo $(prefix)|sed 's/\//\\\//g')/g"
+ bindir_ptn := "s/%%__bindir__%%/$(shell echo $(bindir)|sed 's/\//\\\//g')/g"
+ libdir_ptn := "s/%%__libdir__%%/$(shell echo $(pkglibdir)|sed 's/\//\\\//g')/g"
+
+ all:
+ $(foreach pkg, $(package_names), $(foreach p, $(policy_types), $(MAKE) $(MAKEOVERRIDES) policy=$(p) $(pkg).pp;))
+ $(foreach pkg, $(package_names), test -e $(pkg).pp.$(policy) && ln -sf $(pkg).pp.$(policy) $(pkg).pp;)
+
+ .install-policy:
+ test -d $(DESTDIR)$(policy_basedir)/$(policy) || install -d $(DESTDIR)$(policy_basedir)/$(policy)
+ $(foreach pkg, $(package_names), install -p -m 644 $(pkg).pp.$(policy) $(DESTDIR)$(policy_basedir)/$(policy)/$(pkg).pp;)
+
+ install: all
+ $(foreach p, $(policy_types), $(MAKE) $(MAKEOVERRIDES) policy=$(p) .install-policy;)
+
+ %.pp: %.te %.if %.fc
+ rm -f $@
+ $(MAKE) NAME=$(policy) -f $(policy_makefile) $@
+ mv $@ $@.$(policy)
+
+ sepostgresql-devel.fc: sepostgresql.fc.template
+ cat $< | grep -v ^/var | sed -e $(prefix_ptn) -e $(bindir_ptn) -e $(libdir_ptn) > $@
+
+ sepostgresql.fc: sepostgresql.fc.template
+ cat $< | sed -e $(prefix_ptn) -e $(bindir_ptn) -e $(libdir_ptn) > $@
+
+ clean:
+ $(MAKE) -f $(policy_makefile) clean
+ rm -f *.pp.* *.fc
diff -Nrpc base/src/backend/security/sepgsql/policy/README sepgsql/src/backend/security/sepgsql/policy/README
*** base/src/backend/security/sepgsql/policy/README Thu Jan 1 09:00:00 1970
--- sepgsql/src/backend/security/sepgsql/policy/README Fri Jul 11 11:27:18 2008
***************
*** 0 ****
--- 1,49 ----
+ The security policy module of SE-PostgreSQL
+ -------------------------------------------
+
+ o Introduction
+
+ We provide two kind of security policy modules.
+
+ One is "sepostgresql.pp" which contains full-set of security policy
+ and suitable for legacy base policy (selinux-policy-3.4.1, or prior).
+
+ The other is "sepostgresql-devel.pp" which provides several booleans
+ for developers, and suitable for newer base policy (selinux-policy-3.4.2,
+ or later).
+
+ In the selinux-policy-3.4.2, most part of the policy got upstreamed.
+ So, we don't need to install "sepostgresql.pp" explicitly on the newer
+ base security policy.
+
+ If you need to run regression test, or (don't) want to generate access
+ logs, install "sepostgresql-devel.pp" and turn on/off booleans.
+
+ o Build & Installation
+
+ $ cd src/backend/security/sepgsql/policy
+ $ make
+ $ su
+ # /usr/sbin/semodule -i sepostgresql-devel.pp
+ or
+ # /usr/sbin/semodule -i sepostgresql.pp
+
+ o Booleans
+
+ - sepgsql_enable_users_ddl (default: on)
+ This boolean enables to control to execute DDL statement come from
+ confined users.
+
+ - sepgsql_enable_auditallow (default: off)
+ This boolean enables to generate access allow logs except for tuple
+ level.
+
+ - sepgsql_enable_auditdeny (default: on)
+ This boolean enables to generata access denied logs except for tuple
+ level.
+
+ - sepgsql_regression_test_mode (default: off)
+ This boolean provides several permission to run regression test on
+ your home directory. It enables to load shared library files deployed
+ on home directory.
+ However, we don't recommend it to turn on in the operation phase.
diff -Nrpc base/src/backend/security/sepgsql/policy/sepostgresql-devel.if sepgsql/src/backend/security/sepgsql/policy/sepostgresql-devel.if
*** base/src/backend/security/sepgsql/policy/sepostgresql-devel.if Thu Jan 1 09:00:00 1970
--- sepgsql/src/backend/security/sepgsql/policy/sepostgresql-devel.if Thu Jun 19 11:04:10 2008
***************
*** 0 ****
--- 1 ----
+ ## There are no interface declaration
diff -Nrpc base/src/backend/security/sepgsql/policy/sepostgresql-devel.te sepgsql/src/backend/security/sepgsql/policy/sepostgresql-devel.te
*** base/src/backend/security/sepgsql/policy/sepostgresql-devel.te Thu Jan 1 09:00:00 1970
--- sepgsql/src/backend/security/sepgsql/policy/sepostgresql-devel.te Tue Jan 20 15:04:45 2009
***************
*** 0 ****
--- 1,120 ----
+ policy_module(sepostgresql-devel, 3.23)
+
+ gen_require(`
+ class db_database all_db_database_perms;
+ class db_table all_db_table_perms;
+ class db_procedure all_db_procedure_perms;
+ class db_column all_db_column_perms;
+ class db_tuple all_db_tuple_perms;
+ class db_blob all_db_blob_perms;
+
+ attribute sepgsql_client_type;
+ attribute sepgsql_unconfined_type;
+
+ attribute sepgsql_database_type;
+ attribute sepgsql_table_type;
+ attribute sepgsql_sysobj_table_type;
+ attribute sepgsql_procedure_type;
+ attribute sepgsql_blob_type;
+ attribute sepgsql_module_type;
+
+ # for regression test
+ type bin_t;
+ type user_home_t;
+ type sepgsql_trusted_proc_t;
+
+ attribute tmpfile;
+ attribute user_ptynode;
+ ')
+
+ #################################
+ #
+ # Domain for Testcases
+ #
+
+ role sepgsql_test_r;
+
+ userdom_unpriv_user_template(sepgsql_test)
+
+ ifdef(`postgresql_role', `
+ postgresql_role(sepgsql_test_r, sepgsql_test_t)
+ ',`
+ postgresql_userdom_template(sepgsql_test, sepgsql_test_t, sepgsql_test_r)
+ ')
+
+ allow sepgsql_test_t tmpfile : dir search_dir_perms;
+ allow sepgsql_test_t tmpfile : file rw_file_perms;
+ allow sepgsql_test_t user_ptynode : chr_file rw_file_perms;
+
+ optional_policy(`
+ gen_require(`
+ type unconfined_t;
+ role unconfined_r;
+ ')
+ allow unconfined_t sepgsql_test_t : process transition;
+ role unconfined_r types sepgsql_test_t;
+ role unconfined_r types sepgsql_trusted_proc_t;
+ ')
+
+ #################################
+ #
+ # SE-PostgreSQL Declarations
+ #
+
+ ##
+ ##
+ ## Allow to generate auditallow logs
+ ##
+ ##
+ gen_tunable(sepgsql_enable_auditallow, false)
+
+ ##
+ ##
+ ## Allow to generate auditdeny logs
+ ##
+ ##
+ gen_tunable(sepgsql_enable_auditdeny, true)
+
+ ##
+ ##
+ ## Allow widespread permissions for regression test
+ ## Don't set TRUE on operation phase
+ ##
+ ##
+ gen_tunable(sepgsql_regression_test_mode, false)
+
+ ########################################
+ #
+ # SE-PostgreSQL audit switch for debugging
+ #
+ tunable_policy(`sepgsql_enable_auditallow',`
+ auditallow domain sepgsql_database_type : db_database *;
+ auditallow domain sepgsql_table_type : db_table *;
+ auditallow domain sepgsql_table_type : db_column *;
+ auditallow domain sepgsql_table_type : db_tuple { relabelfrom relabelto };
+ auditallow domain sepgsql_procedure_type : db_procedure *;
+ auditallow domain sepgsql_blob_type : db_blob *;
+ auditallow domain sepgsql_module_type : db_database { install_module };
+ auditallow sepgsql_database_type sepgsql_module_type : db_database { load_module };
+ ')
+
+ tunable_policy(`! sepgsql_enable_auditdeny',`
+ dontaudit domain sepgsql_database_type : db_database *;
+ dontaudit domain sepgsql_table_type : db_table *;
+ dontaudit domain sepgsql_table_type : db_column *;
+ dontaudit domain sepgsql_table_type : db_tuple { relabelfrom relabelto };
+ dontaudit domain sepgsql_procedure_type : db_procedure *;
+ dontaudit domain sepgsql_blob_type : db_blob *;
+ dontaudit domain sepgsql_module_type : db_database { install_module };
+ dontaudit sepgsql_database_type sepgsql_module_type : db_database { load_module };
+ ')
+
+ ########################################
+ #
+ # SE-PostgreSQL regression test mode switch
+ #
+ tunable_policy(`sepgsql_regression_test_mode',`
+ allow sepgsql_client_type user_home_t : db_database { install_module };
+ allow sepgsql_unconfined_type user_home_t : db_database { install_module };
+ allow sepgsql_database_type user_home_t : db_database { load_module };
+ ')
diff -Nrpc base/src/backend/security/sepgsql/policy/sepostgresql.fc.template sepgsql/src/backend/security/sepgsql/policy/sepostgresql.fc.template
*** base/src/backend/security/sepgsql/policy/sepostgresql.fc.template Thu Jan 1 09:00:00 1970
--- sepgsql/src/backend/security/sepgsql/policy/sepostgresql.fc.template Tue May 13 10:52:48 2008
***************
*** 0 ****
--- 1,15 ----
+ #
+ # SE-PostgreSQL install path
+ #
+ %%__prefix__%%(/.*)? -- gen_context(system_u:object_r:usr_t,s0)
+
+ %%__bindir__%%/(se)?postgres -- gen_context(system_u:object_r:postgresql_exec_t,s0)
+ %%__bindir__%%/(se)?pg_ctl -- gen_context(system_u:object_r:initrc_exec_t,s0)
+ %%__bindir__%%/initdb(\.sepgsql)? -- gen_context(system_u:object_r:postgresql_exec_t,s0)
+ %%__bindir__%%(/.*)? -- gen_context(system_u:object_r:bin_t,s0)
+
+ %%__libdir__%%(/.*)? -- gen_context(system_u:object_r:lib_t,s0)
+
+ /var/lib/sepgsql(/.*)? gen_context(system_u:object_r:postgresql_db_t,s0)
+ /var/lib/sepgsql/pgstartup\.log gen_context(system_u:object_r:postgresql_log_t,s0)
+ /var/log/sepostgresql\.log.* -- gen_context(system_u:object_r:postgresql_log_t,s0)
diff -Nrpc base/src/backend/security/sepgsql/policy/sepostgresql.if sepgsql/src/backend/security/sepgsql/policy/sepostgresql.if
*** base/src/backend/security/sepgsql/policy/sepostgresql.if Thu Jan 1 09:00:00 1970
--- sepgsql/src/backend/security/sepgsql/policy/sepostgresql.if Fri Jul 11 17:07:43 2008
***************
*** 0 ****
--- 1,259 ----
+ #######################################
+ ##
+ ## The userdomain template for the SE-PostgreSQL.
+ ##
+ ##
+ ## This template creates a delivered types which are used
+ ## for given userdomains.
+ ##
+ ##
+ ##
+ ## The prefix of the user domain (e.g., user
+ ## is the prefix for user_t).
+ ##
+ ##
+ ##
+ ##
+ ## The type of the user domain.
+ ##
+ ##
+ ##
+ ##
+ ## The role associated with the user domain.
+ ##
+ ##
+ #
+ template(`sepgsql_userdom_template',`
+ gen_require(`
+ class db_database all_db_database_perms;
+ class db_table all_db_table_perms;
+ class db_procedure all_db_procedure_perms;
+ class db_column all_db_column_perms;
+ class db_tuple all_db_tuple_perms;
+ class db_blob all_db_blob_perms;
+
+ attribute sepgsql_client_type;
+ attribute sepgsql_database_type;
+ attribute sepgsql_sysobj_table_type;
+
+ type sepgsql_trusted_proc_t;
+ type sepgsql_trusted_proc_exec_t;
+ ')
+
+ ########################################
+ #
+ # Declarations
+ #
+
+ typeattribute $2 sepgsql_client_type;
+
+ type $1_sepgsql_blob_t;
+ sepgsql_blob_object($1_sepgsql_blob_t)
+
+ type $1_sepgsql_proc_exec_t;
+ sepgsql_procedure_object($1_sepgsql_proc_exec_t)
+
+ type $1_sepgsql_sysobj_t;
+ sepgsql_system_table_object($1_sepgsql_sysobj_t)
+
+ type $1_sepgsql_table_t;
+ sepgsql_table_object($1_sepgsql_table_t)
+
+ role $3 types sepgsql_trusted_proc_t;
+
+ ##############################
+ #
+ # Client local policy
+ #
+
+ tunable_policy(`sepgsql_enable_users_ddl',`
+ allow $2 $1_sepgsql_table_t : db_table { create drop };
+ type_transition $2 sepgsql_database_type:db_table $1_sepgsql_table_t;
+
+ allow $2 $1_sepgsql_table_t : db_column { create drop };
+
+ allow $2 $1_sepgsql_sysobj_t : db_tuple { update insert delete };
+ type_transition $2 sepgsql_sysobj_table_type:db_tuple $1_sepgsql_sysobj_t;
+ ')
+
+ allow $2 $1_sepgsql_table_t : db_table { getattr setattr use select update insert delete };
+ allow $2 $1_sepgsql_table_t : db_column { getattr setattr use select update insert };
+ allow $2 $1_sepgsql_table_t : db_tuple { use select update insert delete };
+ allow $2 $1_sepgsql_sysobj_t : db_tuple { use select };
+
+ allow $2 $1_sepgsql_proc_exec_t : db_procedure { create drop getattr setattr execute };
+ type_transition $2 sepgsql_database_type:db_procedure $1_sepgsql_proc_exec_t;
+
+ allow $2 $1_sepgsql_blob_t : db_blob { create drop getattr setattr read write };
+ type_transition $2 sepgsql_database_type:db_blob $1_sepgsql_blob_t;
+
+ allow $2 sepgsql_trusted_proc_t:process transition;
+ type_transition $2 sepgsql_trusted_proc_exec_t:process sepgsql_trusted_proc_t;
+ ')
+
+ ########################################
+ ##
+ ## Marks as a SE-PostgreSQL loadable shared library module
+ ##
+ ##
+ ##
+ ## Type marked as a database object type.
+ ##
+ ##
+ #
+ interface(`sepgsql_loadable_module',`
+ gen_require(`
+ attribute sepgsql_module_type;
+ ')
+
+ typeattribute $1 sepgsql_module_type;
+ ')
+
+ ########################################
+ ##
+ ## Marks as a SE-PostgreSQL database object type
+ ##
+ ##
+ ##
+ ## Type marked as a database object type.
+ ##
+ ##
+ #
+ interface(`sepgsql_database_object',`
+ gen_require(`
+ attribute sepgsql_database_type;
+ ')
+
+ typeattribute $1 sepgsql_database_type;
+ ')
+
+ ########################################
+ ##
+ ## Marks as a SE-PostgreSQL table/column/tuple object type
+ ##
+ ##
+ ##
+ ## Type marked as a table/column/tuple object type.
+ ##
+ ##
+ #
+ interface(`sepgsql_table_object',`
+ gen_require(`
+ attribute sepgsql_table_type;
+ ')
+
+ typeattribute $1 sepgsql_table_type;
+ ')
+
+ ########################################
+ ##
+ ## Marks as a SE-PostgreSQL system table/column/tuple object type
+ ##
+ ##
+ ##
+ ## Type marked as a table/column/tuple object type.
+ ##
+ ##
+ #
+ interface(`sepgsql_system_table_object',`
+ gen_require(`
+ attribute sepgsql_table_type;
+ attribute sepgsql_sysobj_table_type;
+ ')
+
+ typeattribute $1 sepgsql_table_type;
+ typeattribute $1 sepgsql_sysobj_table_type;
+ ')
+
+ ########################################
+ ##
+ ## Marks as a SE-PostgreSQL procedure object type
+ ##
+ ##
+ ##
+ ## Type marked as a database object type.
+ ##
+ ##
+ #
+ interface(`sepgsql_procedure_object',`
+ gen_require(`
+ attribute sepgsql_procedure_type;
+ ')
+
+ typeattribute $1 sepgsql_procedure_type;
+ ')
+
+ ########################################
+ ##
+ ## Marks as a SE-PostgreSQL binary large object type
+ ##
+ ##
+ ##
+ ## Type marked as a database binary large object type.
+ ##
+ ##
+ #
+ interface(`sepgsql_blob_object',`
+ gen_require(`
+ attribute sepgsql_blob_type;
+ ')
+
+ typeattribute $1 sepgsql_blob_type;
+ ')
+
+ ########################################
+ ##
+ ## Allow the specified domain unprivileged accesses to unifined database objects
+ ## managed by SE-PostgreSQL,
+ ##
+ ##
+ ##
+ ## Domain allowed access.
+ ##
+ ##
+ #
+ interface(`sepgsql_unpriv_client',`
+ gen_require(`
+ class db_table all_db_table_perms;
+ class db_procedure all_db_procedure_perms;
+ class db_blob all_db_blob_perms;
+
+ attribute sepgsql_client_type;
+ attribute sepgsql_database_type;
+
+ type sepgsql_table_t;
+ type sepgsql_proc_t;
+ type sepgsql_blob_t;
+
+ type sepgsql_trusted_proc_t;
+ type sepgsql_trusted_proc_exec_t;
+ ')
+
+ typeattribute $1 sepgsql_client_type;
+
+ type_transition $1 sepgsql_database_type:db_table sepgsql_table_t;
+ type_transition $1 sepgsql_database_type:db_procedure sepgsql_proc_t;
+ type_transition $1 sepgsql_database_type:db_blob sepgsql_blob_t;
+
+ type_transition $1 sepgsql_trusted_proc_exec_t:process sepgsql_trusted_proc_t;
+ allow $1 sepgsql_trusted_proc_t:process transition;
+ ')
+
+ ########################################
+ ##
+ ## Allow the specified domain unconfined accesses to any database objects
+ ## managed by SE-PostgreSQL,
+ ##
+ ##
+ ##
+ ## Domain allowed access.
+ ##
+ ##
+ #
+ interface(`sepgsql_unconfined',`
+ gen_require(`
+ attribute sepgsql_unconfined_type;
+ ')
+
+ typeattribute $1 sepgsql_unconfined_type;
+ ')
diff -Nrpc base/src/backend/security/sepgsql/policy/sepostgresql.te sepgsql/src/backend/security/sepgsql/policy/sepostgresql.te
*** base/src/backend/security/sepgsql/policy/sepostgresql.te Thu Jan 1 09:00:00 1970
--- sepgsql/src/backend/security/sepgsql/policy/sepostgresql.te Fri Jul 11 17:07:43 2008
***************
*** 0 ****
--- 1,308 ----
+ policy_module(sepostgresql, 3.11)
+
+ gen_require(`
+ class db_database all_db_database_perms;
+ class db_table all_db_table_perms;
+ class db_procedure all_db_procedure_perms;
+ class db_column all_db_column_perms;
+ class db_tuple all_db_tuple_perms;
+ class db_blob all_db_blob_perms;
+
+ attribute domain, home_type;
+ type postgresql_t, unlabeled_t;
+
+ role system_r;
+ ')
+
+ #################################
+ #
+ # SE-PostgreSQL Declarations
+ #
+
+ ##
+ ##
+ ## Allow to generate auditallow logs
+ ##
+ ##
+ gen_tunable(sepgsql_enable_auditallow, false)
+
+ ##
+ ##
+ ## Allow to generate auditdeny logs
+ ##
+ ##
+ gen_tunable(sepgsql_enable_auditdeny, true)
+
+ ##
+ ##
+ ## Allow unprivileged users to execute DDL statement
+ ##
+ ##
+ gen_tunable(sepgsql_enable_users_ddl, true)
+
+ ##
+ ##
+ ## Allow widespread permissions for regression test
+ ## Don't set TRUE on operation phase
+ ##
+ ##
+ gen_tunable(sepgsql_regression_test_mode, false)
+
+ # database clients attribute
+ attribute sepgsql_client_type;
+ attribute sepgsql_unconfined_type;
+
+ # database objects attribute
+ attribute sepgsql_database_type;
+ attribute sepgsql_table_type;
+ attribute sepgsql_sysobj_table_type;
+ attribute sepgsql_procedure_type;
+ attribute sepgsql_blob_type;
+ attribute sepgsql_module_type;
+
+ # database object types
+ type sepgsql_blob_t;
+ sepgsql_blob_object(sepgsql_blob_t)
+
+ type sepgsql_db_t;
+ sepgsql_database_object(sepgsql_db_t)
+
+ type sepgsql_fixed_table_t;
+ sepgsql_table_object(sepgsql_fixed_table_t)
+
+ type sepgsql_proc_t;
+ sepgsql_procedure_object(sepgsql_proc_t)
+
+ type sepgsql_ro_blob_t;
+ sepgsql_blob_object(sepgsql_ro_blob_t)
+
+ type sepgsql_ro_table_t;
+ sepgsql_table_object(sepgsql_ro_table_t)
+
+ type sepgsql_secret_blob_t;
+ sepgsql_blob_object(sepgsql_secret_blob_t)
+
+ type sepgsql_secret_table_t;
+ sepgsql_table_object(sepgsql_secret_table_t)
+
+ type sepgsql_sysobj_t;
+ sepgsql_system_table_object(sepgsql_sysobj_t)
+
+ type sepgsql_table_t;
+ sepgsql_table_object(sepgsql_table_t)
+
+ type sepgsql_trusted_proc_exec_t;
+ sepgsql_procedure_object(sepgsql_trusted_proc_exec_t)
+
+ # Trusted Procedure Domain
+ type sepgsql_trusted_proc_t;
+ domain_type(sepgsql_trusted_proc_t)
+ sepgsql_unconfined(sepgsql_trusted_proc_t)
+ role system_r types sepgsql_trusted_proc_t;
+
+ ########################################
+ #
+ # SE-PostgreSQL Local Policy
+ #
+ allow postgresql_t self:netlink_selinux_socket create_socket_perms;
+ selinux_get_enforce_mode(postgresql_t)
+ selinux_validate_context(postgresql_t)
+ selinux_compute_access_vector(postgresql_t)
+ selinux_compute_create_context(postgresql_t)
+ selinux_compute_relabel_context(postgresql_t)
+ seutil_libselinux_linked(postgresql_t)
+
+ allow postgresql_t sepgsql_database_type:db_database *;
+ type_transition postgresql_t postgresql_t:db_database sepgsql_db_t;
+
+ allow postgresql_t sepgsql_module_type:db_database install_module;
+ allow postgresql_t sepgsql_table_type:{ db_table db_column db_tuple } *;
+ allow postgresql_t sepgsql_procedure_type:db_procedure *;
+ allow postgresql_t sepgsql_blob_type:db_blob *;
+
+ # server specific type transitions
+ type_transition postgresql_t sepgsql_database_type:db_table sepgsql_sysobj_t;
+ type_transition postgresql_t sepgsql_database_type:db_procedure sepgsql_proc_t;
+ type_transition postgresql_t sepgsql_database_type:db_blob sepgsql_blob_t;
+
+ # Database/Loadable module
+ allow sepgsql_database_type sepgsql_module_type:db_database load_module;
+
+ ########################################
+ #
+ # Rules common to all clients
+ #
+
+ # Client domain constraint
+ allow sepgsql_client_type sepgsql_db_t:db_database { getattr access get_param set_param };
+ type_transition sepgsql_client_type sepgsql_client_type:db_database sepgsql_db_t;
+
+ allow sepgsql_client_type sepgsql_fixed_table_t:db_table { getattr use select insert };
+ allow sepgsql_client_type sepgsql_fixed_table_t:db_column { getattr use select insert };
+ allow sepgsql_client_type sepgsql_fixed_table_t:db_tuple { use select insert };
+
+ allow sepgsql_client_type sepgsql_table_t:db_table { getattr use select update insert delete };
+ allow sepgsql_client_type sepgsql_table_t:db_column { getattr use select update insert };
+ allow sepgsql_client_type sepgsql_table_t:db_tuple { use select update insert delete };
+
+ allow sepgsql_client_type sepgsql_ro_table_t:db_table { getattr use select };
+ allow sepgsql_client_type sepgsql_ro_table_t:db_column { getattr use select };
+ allow sepgsql_client_type sepgsql_ro_table_t:db_tuple { use select };
+
+ allow sepgsql_client_type sepgsql_secret_table_t:db_table getattr;
+ allow sepgsql_client_type sepgsql_secret_table_t:db_column getattr;
+
+ allow sepgsql_client_type sepgsql_sysobj_t:db_table { getattr use select };
+ allow sepgsql_client_type sepgsql_sysobj_t:db_column { getattr use select };
+ allow sepgsql_client_type sepgsql_sysobj_t:db_tuple { use select };
+
+ allow sepgsql_client_type sepgsql_proc_t:db_procedure { getattr execute };
+ allow sepgsql_client_type sepgsql_trusted_proc_t:db_procedure { getattr execute entrypoint };
+
+ allow sepgsql_client_type sepgsql_blob_t:db_blob { create drop getattr setattr read write };
+ allow sepgsql_client_type sepgsql_ro_blob_t:db_blob { getattr read };
+ allow sepgsql_client_type sepgsql_secret_blob_t:db_blob getattr;
+
+ tunable_policy(`sepgsql_enable_users_ddl',`
+ allow sepgsql_client_type sepgsql_table_t:db_table { create drop setattr };
+ allow sepgsql_client_type sepgsql_table_t:db_column { create drop setattr };
+ allow sepgsql_client_type sepgsql_sysobj_t:db_tuple { update insert delete };
+ ')
+
+ ########################################
+ #
+ # Unconfined access to this module
+ #
+
+ allow sepgsql_unconfined_type sepgsql_database_type:db_database *;
+ allow sepgsql_unconfined_type sepgsql_table_type:{ db_table db_column db_tuple } *;
+ allow sepgsql_unconfined_type sepgsql_blob_type:db_blob *;
+ allow sepgsql_unconfined_type { sepgsql_proc_t sepgsql_trusted_proc_t }:db_procedure *;
+ allow sepgsql_unconfined_type sepgsql_procedure_type:db_procedure { create drop getattr setattr relabelfrom relabelto };
+ allow sepgsql_unconfined_type sepgsql_module_type:db_database install_module;
+
+ type_transition sepgsql_unconfined_type sepgsql_unconfined_type:db_database sepgsql_db_t;
+ type_transition sepgsql_unconfined_type sepgsql_database_type:db_table sepgsql_table_t;
+ type_transition sepgsql_unconfined_type sepgsql_database_type:db_procedure sepgsql_proc_t;
+ type_transition sepgsql_unconfined_type sepgsql_database_type:db_blob sepgsql_blob_t;
+
+
+ ########################################
+ #
+ # Allow permission to external domains
+ #
+
+ # relabelfrom for invalid security context
+ allow sepgsql_unconfined_type unlabeled_t:db_database { setattr relabelfrom };
+ allow sepgsql_unconfined_type unlabeled_t:db_table { setattr relabelfrom };
+ allow sepgsql_unconfined_type unlabeled_t:db_procedure { setattr relabelfrom };
+ allow sepgsql_unconfined_type unlabeled_t:db_column { setattr relabelfrom };
+ allow sepgsql_unconfined_type unlabeled_t:db_tuple { update relabelfrom };
+ allow sepgsql_unconfined_type unlabeled_t:db_blob { setattr relabelfrom };
+
+ # administrative client domain
+ optional_policy(`
+ gen_require(`
+ type unconfined_t;
+ ')
+ sepgsql_unconfined(unconfined_t)
+ ')
+
+ optional_policy(`
+ gen_require(`
+ type sysadm_t;
+ ')
+ sepgsql_unconfined(sysadm_t)
+ ')
+
+ # unprivilleged client domain
+ optional_policy(`
+ gen_require(`
+ type user_t;
+ role user_r;
+ ')
+ sepgsql_userdom_template(user,user_t,user_r)
+ ')
+
+ optional_policy(`
+ gen_require(`
+ type staff_t;
+ role staff_r;
+ ')
+ sepgsql_userdom_template(staff,staff_t,staff_r)
+ ')
+
+ optional_policy(`
+ gen_require(`
+ type guest_t;
+ role guest_r;
+ ')
+ sepgsql_userdom_template(guest,guest_t,guest_r)
+ ')
+
+ optional_policy(`
+ gen_require(`
+ type xguest_t;
+ role xguest_r;
+ ')
+ sepgsql_userdom_template(xguest,xguest_t,xguest_r)
+ ')
+
+ optional_policy(`
+ gen_require(`
+ type httpd_t;
+ ')
+ sepgsql_unpriv_client(httpd_t)
+ ')
+
+ optional_policy(`
+ gen_require(`
+ type httpd_sys_script_t;
+ ')
+ sepgsql_unpriv_client(httpd_sys_script_t)
+ ')
+
+ # SE-PostgreSQL loadable modules
+ optional_policy(`
+ gen_require(`
+ type lib_t, textrel_shlib_t;
+ ')
+ sepgsql_loadable_module(lib_t)
+ sepgsql_loadable_module(textrel_shlib_t)
+ ')
+
+ ########################################
+ #
+ # SE-PostgreSQL audit switch for debugging
+ #
+ tunable_policy(`sepgsql_enable_auditallow',`
+ auditallow domain sepgsql_database_type : db_database *;
+ auditallow domain sepgsql_table_type : db_table *;
+ auditallow domain sepgsql_table_type : db_column *;
+ auditallow domain sepgsql_procedure_type : db_procedure *;
+ auditallow domain sepgsql_blob_type : db_blob *;
+ auditallow domain sepgsql_module_type : db_database { install_module };
+ auditallow sepgsql_database_type sepgsql_module_type : db_database { load_module };
+ ')
+
+ tunable_policy(`! sepgsql_enable_auditdeny',`
+ dontaudit domain sepgsql_database_type : db_database *;
+ dontaudit domain sepgsql_table_type : db_table *;
+ dontaudit domain sepgsql_table_type : db_column *;
+ dontaudit domain sepgsql_procedure_type : db_procedure *;
+ dontaudit domain sepgsql_blob_type : db_blob *;
+ dontaudit domain sepgsql_module_type : db_database { install_module };
+ dontaudit sepgsql_database_type sepgsql_module_type : db_database { load_module };
+ ')
+
+ dontaudit domain { sepgsql_table_type - sepgsql_sysobj_table_type } : db_tuple { use select update insert delete };
+
+ ########################################
+ #
+ # SE-PostgreSQL regression test mode switch
+ #
+ tunable_policy(`sepgsql_regression_test_mode',`
+ allow sepgsql_client_type home_type : db_database { install_module };
+ allow sepgsql_unconfined_type home_type : db_database { install_module };
+ allow sepgsql_database_type home_type : db_database { load_module };
+ ')