Clean up (network) connect DB.

policy/modules/services/apache.te

@@ -523,6 +523,11 @@ tunable_policy(`httpd_can_network_connect',`
 	corenet_tcp_connect_all_ports(httpd_t)
 ')
 
+tunable_policy(`httpd_can_network_connect_db',`
+	corenet_tcp_connect_mssql_port(httpd_t)
+	corenet_sendrecv_mssql_client_packets(httpd_t)
+')
+
 tunable_policy(`httpd_can_network_memcache',`
 	corenet_tcp_connect_memcache_port(httpd_t)
 ')
@@ -742,7 +747,6 @@ optional_policy(`
 
 	tunable_policy(`httpd_can_network_connect_db',`
 		postgresql_tcp_connect(httpd_t)
-		postgresql_tcp_connect(httpd_sys_script_t)
 	')
 ')
 
@@ -827,28 +831,27 @@ libs_exec_lib_files(httpd_php_t)
 userdom_use_unpriv_users_fds(httpd_php_t)
 
 tunable_policy(`httpd_can_network_connect_db',`
-	corenet_tcp_connect_mysqld_port(httpd_t)
+	corenet_tcp_connect_mssql_port(httpd_php_t)
-	corenet_sendrecv_mysqld_client_packets(httpd_t)
+	corenet_sendrecv_mssql_client_packets(httpd_php_t)
-	corenet_tcp_connect_mysqld_port(httpd_sys_script_t)
-	corenet_sendrecv_mysqld_client_packets(httpd_sys_script_t)
-	corenet_tcp_connect_mysqld_port(httpd_suexec_t)
-	corenet_sendrecv_mysqld_client_packets(httpd_suexec_t)
-
-	corenet_tcp_connect_mssql_port(httpd_t)
-	corenet_sendrecv_mssql_client_packets(httpd_t)
-	corenet_tcp_connect_mssql_port(httpd_sys_script_t)
-	corenet_sendrecv_mssql_client_packets(httpd_sys_script_t)
-	corenet_tcp_connect_mssql_port(httpd_suexec_t)
-	corenet_sendrecv_mssql_client_packets(httpd_suexec_t)
 ')
 
 optional_policy(`
 	mysql_stream_connect(httpd_php_t)
+	mysql_rw_db_sockets(httpd_php_t)
 	mysql_read_config(httpd_php_t)
+
+	tunable_policy(`httpd_can_network_connect_db',`
+		mysql_tcp_connect(httpd_php_t)
+	')
 ')
 
 optional_policy(`
 	postgresql_stream_connect(httpd_php_t)
+	postgresql_unpriv_client(httpd_php_t)
+
+	tunable_policy(`httpd_can_network_connect_db',`
+		postgresql_tcp_connect(httpd_php_t)
+	')
 ')
 
 ########################################
@@ -914,6 +917,11 @@ tunable_policy(`httpd_can_network_connect',`
 	corenet_sendrecv_all_client_packets(httpd_suexec_t)
 ')
 
+tunable_policy(`httpd_can_network_connect_db',`
+	corenet_tcp_connect_mssql_port(httpd_suexec_t)
+	corenet_sendrecv_mssql_client_packets(httpd_suexec_t)
+')
+
 read_files_pattern(httpd_suexec_t, httpd_user_content_t, httpd_user_content_t)
 read_files_pattern(httpd_suexec_t, httpd_user_rw_content_t, httpd_user_rw_content_t)
 read_files_pattern(httpd_suexec_t, httpd_user_ra_content_t, httpd_user_ra_content_t)
@@ -959,6 +967,19 @@ optional_policy(`
 	mysql_stream_connect(httpd_suexec_t)
 	mysql_rw_db_sockets(httpd_suexec_t)
 	mysql_read_config(httpd_suexec_t)
+
+	tunable_policy(`httpd_can_network_connect_db',`
+		mysql_tcp_connect(httpd_suexec_t)
+	')
+')
+
+optional_policy(`
+	postgresql_stream_connect(httpd_suexec_t)
+	postgresql_unpriv_client(httpd_suexec_t)
+
+	tunable_policy(`httpd_can_network_connect_db',`
+		postgresql_tcp_connect(httpd_suexec_t)
+	')
 ')
 
 ########################################
@@ -1009,6 +1030,11 @@ fs_cifs_entry_type(httpd_sys_script_t)
 fs_read_iso9660_files(httpd_sys_script_t)
 fs_nfs_entry_type(httpd_sys_script_t)
 
+tunable_policy(`httpd_can_network_connect_db',`
+	corenet_tcp_connect_mssql_port(httpd_sys_script_t)
+	corenet_sendrecv_mssql_client_packets(httpd_sys_script_t)
+')
+
 tunable_policy(`httpd_use_nfs',`
 	fs_manage_nfs_dirs(httpd_sys_script_t)
 	fs_manage_nfs_files(httpd_sys_script_t)
@@ -1075,10 +1101,19 @@ optional_policy(`
 	mysql_stream_connect(httpd_sys_script_t)
 	mysql_rw_db_sockets(httpd_sys_script_t)
 	mysql_read_config(httpd_sys_script_t)
+
+	tunable_policy(`httpd_can_network_connect_db',`
+		mysql_tcp_connect(httpd_sys_script_t)
+	')
 ')
 
 optional_policy(`
 	postgresql_stream_connect(httpd_sys_script_t)
+	postgresql_unpriv_client(httpd_sys_script_t)
+
+	tunable_policy(`httpd_can_network_connect_db',`
+		postgresql_tcp_connect(httpd_sys_script_t)
+	')
 ')
 
 ########################################