trunk: fix up stored procedure naming patch from kaigai.
This commit is contained in:
parent
b1a903654f
commit
7f4005e348
|
@ -37,7 +37,7 @@ template(`postgresql_userdom_template',`
|
||||||
attribute sepgsql_client_type, sepgsql_database_type;
|
attribute sepgsql_client_type, sepgsql_database_type;
|
||||||
attribute sepgsql_sysobj_table_type;
|
attribute sepgsql_sysobj_table_type;
|
||||||
|
|
||||||
type sepgsql_trusted_proc_t, sepgsql_trusted_domain_t;
|
type sepgsql_trusted_proc_exec_t, sepgsql_trusted_proc_t;
|
||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
|
@ -50,8 +50,8 @@ template(`postgresql_userdom_template',`
|
||||||
type $1_sepgsql_blob_t;
|
type $1_sepgsql_blob_t;
|
||||||
postgresql_blob_object($1_sepgsql_blob_t)
|
postgresql_blob_object($1_sepgsql_blob_t)
|
||||||
|
|
||||||
type $1_sepgsql_proc_t;
|
type $1_sepgsql_proc_exec_t;
|
||||||
postgresql_procedure_object($1_sepgsql_proc_t)
|
postgresql_procedure_object($1_sepgsql_proc_exec_t)
|
||||||
|
|
||||||
type $1_sepgsql_sysobj_t;
|
type $1_sepgsql_sysobj_t;
|
||||||
postgresql_system_table_object($1_sepgsql_sysobj_t)
|
postgresql_system_table_object($1_sepgsql_sysobj_t)
|
||||||
|
@ -59,7 +59,7 @@ template(`postgresql_userdom_template',`
|
||||||
type $1_sepgsql_table_t;
|
type $1_sepgsql_table_t;
|
||||||
postgresql_table_object($1_sepgsql_table_t)
|
postgresql_table_object($1_sepgsql_table_t)
|
||||||
|
|
||||||
role $3 types sepgsql_trusted_domain_t;
|
role $3 types sepgsql_trusted_proc_t;
|
||||||
|
|
||||||
##############################
|
##############################
|
||||||
#
|
#
|
||||||
|
@ -81,14 +81,14 @@ template(`postgresql_userdom_template',`
|
||||||
allow $2 $1_sepgsql_table_t : db_tuple { use select update insert delete };
|
allow $2 $1_sepgsql_table_t : db_tuple { use select update insert delete };
|
||||||
allow $2 $1_sepgsql_sysobj_t : db_tuple { use select };
|
allow $2 $1_sepgsql_sysobj_t : db_tuple { use select };
|
||||||
|
|
||||||
allow $2 $1_sepgsql_proc_t : db_procedure { create drop getattr setattr execute };
|
allow $2 $1_sepgsql_proc_exec_t : db_procedure { create drop getattr setattr execute };
|
||||||
type_transition $2 sepgsql_database_type:db_procedure $1_sepgsql_proc_t;
|
type_transition $2 sepgsql_database_type:db_procedure $1_sepgsql_proc_exec_t;
|
||||||
|
|
||||||
allow $2 $1_sepgsql_blob_t : db_blob { create drop getattr setattr read write };
|
allow $2 $1_sepgsql_blob_t : db_blob { create drop getattr setattr read write };
|
||||||
type_transition $2 sepgsql_database_type:db_blob $1_sepgsql_blob_t;
|
type_transition $2 sepgsql_database_type:db_blob $1_sepgsql_blob_t;
|
||||||
|
|
||||||
allow $2 sepgsql_trusted_domain_t:process transition;
|
allow $2 sepgsql_trusted_proc_t:process transition;
|
||||||
type_transition $2 sepgsql_trusted_proc_t:process sepgsql_trusted_domain_t;
|
type_transition $2 sepgsql_trusted_proc_exec_t:process sepgsql_trusted_proc_t;
|
||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
|
@ -343,7 +343,7 @@ interface(`postgresql_unpriv_client',`
|
||||||
|
|
||||||
type sepgsql_db_t, sepgsql_table_t, sepgsql_proc_t, sepgsql_blob_t;
|
type sepgsql_db_t, sepgsql_table_t, sepgsql_proc_t, sepgsql_blob_t;
|
||||||
|
|
||||||
type sepgsql_trusted_proc_t, sepgsql_trusted_domain_t;
|
type sepgsql_trusted_proc_t, sepgsql_trusted_proc_exec_t;
|
||||||
')
|
')
|
||||||
|
|
||||||
typeattribute $1 sepgsql_client_type;
|
typeattribute $1 sepgsql_client_type;
|
||||||
|
@ -352,8 +352,8 @@ interface(`postgresql_unpriv_client',`
|
||||||
type_transition $1 sepgsql_db_t:db_procedure sepgsql_proc_t;
|
type_transition $1 sepgsql_db_t:db_procedure sepgsql_proc_t;
|
||||||
type_transition $1 sepgsql_db_t:db_blob sepgsql_blob_t;
|
type_transition $1 sepgsql_db_t:db_blob sepgsql_blob_t;
|
||||||
|
|
||||||
type_transition $1 sepgsql_trusted_proc_t:process sepgsql_trusted_domain_t;
|
type_transition $1 sepgsql_trusted_proc_exec_t:process sepgsql_trusted_proc_t;
|
||||||
allow $1 sepgsql_trusted_domain_t:process transition;
|
allow $1 sepgsql_trusted_proc_t:process transition;
|
||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
|
|
||||||
policy_module(postgresql, 1.5.2)
|
policy_module(postgresql, 1.5.3)
|
||||||
|
|
||||||
gen_require(`
|
gen_require(`
|
||||||
class db_database all_db_database_perms;
|
class db_database all_db_database_perms;
|
||||||
|
@ -87,14 +87,14 @@ postgresql_system_table_object(sepgsql_sysobj_t)
|
||||||
type sepgsql_table_t;
|
type sepgsql_table_t;
|
||||||
postgresql_table_object(sepgsql_table_t)
|
postgresql_table_object(sepgsql_table_t)
|
||||||
|
|
||||||
type sepgsql_trusted_proc_t;
|
type sepgsql_trusted_proc_exec_t;
|
||||||
postgresql_procedure_object(sepgsql_trusted_proc_t)
|
postgresql_procedure_object(sepgsql_trusted_proc_exec_t)
|
||||||
|
|
||||||
# Trusted Procedure Domain
|
# Trusted Procedure Domain
|
||||||
type sepgsql_trusted_domain_t;
|
type sepgsql_trusted_proc_t;
|
||||||
domain_type(sepgsql_trusted_domain_t)
|
domain_type(sepgsql_trusted_proc_t)
|
||||||
postgresql_unconfined(sepgsql_trusted_domain_t)
|
postgresql_unconfined(sepgsql_trusted_proc_t)
|
||||||
role system_r types sepgsql_trusted_domain_t;
|
role system_r types sepgsql_trusted_proc_t;
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
|
|
Loading…
Reference in New Issue