trunk: Add db_procedure install permission from KaiGai Kohei.

Changelog

@@ -1,3 +1,4 @@
+- Add db_procedure install permission from KaiGai Kohei.
 - Add support for network interfaces with access controlled by a Boolean
   from the CLIP project.
 - Several fixes from the CLIP project.

policy/flask/access_vectors

@@ -739,6 +739,7 @@ inherits database
 {
 	execute
 	entrypoint
+	install
 }
 
 class db_column

policy/mcs

@@ -123,7 +123,7 @@ mlsconstrain db_column { drop setattr relabelfrom select update insert use }
 mlsconstrain db_tuple { relabelfrom select update delete use }
 	( h1 dom h2 );
 
-mlsconstrain db_procedure { execute }
+mlsconstrain db_procedure { execute install }
 	( h1 dom h2 );
 
 mlsconstrain db_blob { drop setattr relabelfrom read write }

policy/mls

@@ -664,7 +664,7 @@ mlsconstrain { db_table db_column } { getattr use select }
 	 ( t1 == mlsdbread ) or
 	 ( t2 == mlstrustedobject ));
 
-mlsconstrain { db_procedure } { getattr execute }
+mlsconstrain { db_procedure } { getattr execute install }
 	(( l1 dom l2 ) or
 	 (( t1 == mlsdbreadtoclr ) and ( h1 dom l2 )) or
 	 ( t1 == mlsdbread ) or

policy/modules/services/postgresql.te

@@ -1,5 +1,5 @@
 
-policy_module(postgresql, 1.8.2)
+policy_module(postgresql, 1.8.3)
 
 gen_require(`
 	class db_database all_db_database_perms;
@@ -303,7 +303,7 @@ allow sepgsql_client_type sepgsql_sysobj_t:db_table { getattr use select };
 allow sepgsql_client_type sepgsql_sysobj_t:db_column { getattr use select };
 allow sepgsql_client_type sepgsql_sysobj_t:db_tuple { use select };
 
-allow sepgsql_client_type sepgsql_proc_t:db_procedure { getattr execute };
+allow sepgsql_client_type sepgsql_proc_t:db_procedure { getattr execute install };
 allow sepgsql_client_type sepgsql_trusted_proc_t:db_procedure { getattr execute entrypoint };
 
 allow sepgsql_client_type sepgsql_blob_t:db_blob { create drop getattr setattr read write };