trunk:

The attached patch allows unprivileged clients to export from or import
to the largeobject owned by themselves.

The current security policy does not allow them to import/export any
largeobjects without any clear reason.

NOTE: Export of the largeobject means that it dumps whole of the
largeobject into a local file, so SE-PostgreSQL checks both of
db_blob:{read export} on the largeobject and file:{write} on the
local file. Import is a reversal behavior.

KaiGai Kohei

policy/modules/services/postgresql.if

@@ -64,7 +64,7 @@ interface(`postgresql_role',`
 	allow $2 user_sepgsql_proc_exec_t:db_procedure { getattr execute };
 	type_transition $2 sepgsql_database_type:db_procedure user_sepgsql_proc_exec_t;
 
-	allow $2 user_sepgsql_blob_t:db_blob { create drop getattr setattr read write };
+	allow $2 user_sepgsql_blob_t:db_blob { create drop getattr setattr read write import export };
 	type_transition $2 sepgsql_database_type:db_blob user_sepgsql_blob_t;
 
 	allow $2 sepgsql_trusted_proc_t:process transition;
@@ -362,7 +362,7 @@ interface(`postgresql_unpriv_client',`
 	allow $1 unpriv_sepgsql_proc_exec_t:db_procedure { getattr execute };
 	type_transition $1 sepgsql_database_type:db_procedure unpriv_sepgsql_proc_exec_t;
 
-	allow $1 unpriv_sepgsql_blob_t:db_blob { create drop getattr setattr read write };
+	allow $1 unpriv_sepgsql_blob_t:db_blob { create drop getattr setattr read write import export };
 	type_transition $1 sepgsql_database_type:db_blob unpriv_sepgsql_blob_t;
 ')
 

policy/modules/services/postgresql.te

@@ -1,5 +1,5 @@
 
-policy_module(postgresql, 1.8.6)
+policy_module(postgresql, 1.8.7)
 
 gen_require(`
 	class db_database all_db_database_perms;