trunk:
OK, the attached patch adds the following types for unprivileged clients. - unpriv_sepgsql_table_t - unpriv_sepgsql_sysobj_t - unpriv_sepgsql_proc_exec_t - unpriv_sepgsql_blob_t These types are the default for unprivileged and unprefixed domains, such as httpd_t and others. In addition, TYPE_TRANSITION rules are moved to outside of tunable of the sepgsql_enable_users_ddl. IIRC, it was enclosed within the tunable because UBAC domains (user_t and so on) were allowed to create sepgsql_table_t, and its default was pointed to this type when sepgsql_enable_users_ddl is disabled. However, it has different meanings now, so the TYPE_TRANSITION rules should be unconditional. KaiGai Kohei
This commit is contained in:
parent
80348b73a0
commit
a01a4a7183
@ -47,18 +47,18 @@ interface(`postgresql_role',`
|
||||
|
||||
tunable_policy(`sepgsql_enable_users_ddl',`
|
||||
allow $2 user_sepgsql_table_t:db_table { create drop };
|
||||
type_transition $2 sepgsql_database_type:db_table user_sepgsql_table_t;
|
||||
|
||||
allow $2 user_sepgsql_table_t:db_column { create drop };
|
||||
|
||||
allow $2 user_sepgsql_sysobj_t:db_tuple { update insert delete };
|
||||
type_transition $2 sepgsql_sysobj_table_type:db_tuple user_sepgsql_sysobj_t;
|
||||
')
|
||||
|
||||
allow $2 user_sepgsql_table_t:db_table { getattr setattr use select update insert delete lock };
|
||||
allow $2 user_sepgsql_table_t:db_column { getattr setattr use select update insert };
|
||||
allow $2 user_sepgsql_table_t:db_tuple { use select update insert delete };
|
||||
type_transition $2 sepgsql_database_type:db_table user_sepgsql_table_t;
|
||||
|
||||
allow $2 user_sepgsql_sysobj_t:db_tuple { use select };
|
||||
type_transition $2 sepgsql_sysobj_table_type:db_tuple user_sepgsql_sysobj_t;
|
||||
|
||||
allow $2 user_sepgsql_proc_exec_t:db_procedure { create drop getattr setattr execute };
|
||||
type_transition $2 sepgsql_database_type:db_procedure user_sepgsql_proc_exec_t;
|
||||
@ -313,24 +313,55 @@ interface(`postgresql_stream_connect',`
|
||||
#
|
||||
interface(`postgresql_unpriv_client',`
|
||||
gen_require(`
|
||||
class db_database all_db_database_perms;
|
||||
class db_table all_db_table_perms;
|
||||
class db_procedure all_db_procedure_perms;
|
||||
class db_column all_db_column_perms;
|
||||
class db_tuple all_db_tuple_perms;
|
||||
class db_blob all_db_blob_perms;
|
||||
|
||||
attribute sepgsql_client_type;
|
||||
attribute sepgsql_database_type, sepgsql_sysobj_table_type;
|
||||
|
||||
type sepgsql_db_t, sepgsql_table_t, sepgsql_proc_exec_t, sepgsql_blob_t;
|
||||
type sepgsql_trusted_proc_t, sepgsql_trusted_proc_exec_t;
|
||||
type unpriv_sepgsql_blob_t, unpriv_sepgsql_proc_exec_t;
|
||||
type unpriv_sepgsql_sysobj_t, unpriv_sepgsql_table_t;
|
||||
')
|
||||
|
||||
########################################
|
||||
#
|
||||
# Declarations
|
||||
#
|
||||
|
||||
typeattribute $1 sepgsql_client_type;
|
||||
|
||||
type_transition $1 sepgsql_db_t:db_table sepgsql_table_t;
|
||||
type_transition $1 sepgsql_db_t:db_procedure sepgsql_proc_exec_t;
|
||||
type_transition $1 sepgsql_db_t:db_blob sepgsql_blob_t;
|
||||
########################################
|
||||
#
|
||||
# Client local policy
|
||||
#
|
||||
|
||||
type_transition $1 sepgsql_trusted_proc_exec_t:process sepgsql_trusted_proc_t;
|
||||
allow $1 sepgsql_trusted_proc_t:process transition;
|
||||
|
||||
tunable_policy(`sepgsql_enable_users_ddl',`
|
||||
allow $1 unpriv_sepgsql_table_t:db_table { create drop setattr };
|
||||
allow $1 unpriv_sepgsql_table_t:db_column { create drop setattr };
|
||||
allow $1 unpriv_sepgsql_sysobj_t:db_tuple { update insert delete };
|
||||
')
|
||||
|
||||
allow $1 unpriv_sepgsql_table_t:db_table { getattr use select update insert delete lock };
|
||||
allow $1 unpriv_sepgsql_table_t:db_column { getattr use select update insert };
|
||||
allow $1 unpriv_sepgsql_table_t:db_tuple { use select update insert delete };
|
||||
type_transition $1 sepgsql_database_type:db_table unpriv_sepgsql_table_t;
|
||||
|
||||
allow $1 unpriv_sepgsql_sysobj_t:db_tuple { use select };
|
||||
type_transition $1 sepgsql_sysobj_table_type:db_tuple unpriv_sepgsql_sysobj_t;
|
||||
|
||||
allow $1 unpriv_sepgsql_proc_exec_t:db_procedure { create drop getattr setattr execute };
|
||||
type_transition $1 sepgsql_database_type:db_procedure unpriv_sepgsql_proc_exec_t;
|
||||
|
||||
allow $1 unpriv_sepgsql_blob_t:db_blob { create drop getattr setattr read write };
|
||||
type_transition $1 sepgsql_database_type:db_blob unpriv_sepgsql_blob_t;
|
||||
')
|
||||
|
||||
########################################
|
||||
|
@ -1,5 +1,5 @@
|
||||
|
||||
policy_module(postgresql, 1.8.4)
|
||||
policy_module(postgresql, 1.8.5)
|
||||
|
||||
gen_require(`
|
||||
class db_database all_db_database_perms;
|
||||
@ -97,6 +97,20 @@ domain_type(sepgsql_trusted_proc_t)
|
||||
postgresql_unconfined(sepgsql_trusted_proc_t)
|
||||
role system_r types sepgsql_trusted_proc_t;
|
||||
|
||||
# Types for unprivileged client
|
||||
type unpriv_sepgsql_blob_t;
|
||||
postgresql_blob_object(unpriv_sepgsql_blob_t)
|
||||
|
||||
type unpriv_sepgsql_proc_exec_t;
|
||||
postgresql_procedure_object(unpriv_sepgsql_proc_exec_t)
|
||||
|
||||
type unpriv_sepgsql_sysobj_t;
|
||||
postgresql_system_table_object(unpriv_sepgsql_sysobj_t)
|
||||
|
||||
type unpriv_sepgsql_table_t;
|
||||
postgresql_table_object(unpriv_sepgsql_table_t)
|
||||
|
||||
# Types for UBAC
|
||||
type user_sepgsql_blob_t;
|
||||
typealias user_sepgsql_blob_t alias { staff_sepgsql_blob_t sysadm_sepgsql_blob_t };
|
||||
typealias user_sepgsql_blob_t alias { auditadm_sepgsql_blob_t secadm_sepgsql_blob_t };
|
||||
|
Loading…
Reference in New Issue
Block a user