[people/stevee/selinux-policy.git] / policy / modules / services / postgresql.te


policy_module(postgresql, 1.7.0)

gen_require(`
	class db_database all_db_database_perms;
	class db_table all_db_table_perms;
	class db_procedure all_db_procedure_perms;
	class db_column all_db_column_perms;
	class db_tuple all_db_tuple_perms;
	class db_blob all_db_blob_perms;
')

#################################
#
# Declarations
#

## <desc>
## <p>
## Allow unprived users to execute DDL statement
## </p>
## </desc>
gen_tunable(sepgsql_enable_users_ddl, true)

type postgresql_t;
type postgresql_exec_t;
init_daemon_domain(postgresql_t, postgresql_exec_t)

type postgresql_db_t;
files_type(postgresql_db_t)

type postgresql_etc_t;
files_config_file(postgresql_etc_t)

type postgresql_lock_t;
files_lock_file(postgresql_lock_t)

type postgresql_log_t;
logging_log_file(postgresql_log_t)

type postgresql_tmp_t;
files_tmp_file(postgresql_tmp_t)

type postgresql_var_run_t;
files_pid_file(postgresql_var_run_t)

# database clients attribute
attribute sepgsql_client_type;
attribute sepgsql_unconfined_type;

# database objects attribute
attribute sepgsql_database_type;
attribute sepgsql_table_type;
attribute sepgsql_sysobj_table_type;
attribute sepgsql_procedure_type;
attribute sepgsql_blob_type;
attribute sepgsql_module_type;

# database object types
type sepgsql_blob_t;
postgresql_blob_object(sepgsql_blob_t)

type sepgsql_db_t;
postgresql_database_object(sepgsql_db_t)

type sepgsql_fixed_table_t;
postgresql_table_object(sepgsql_fixed_table_t)

type sepgsql_proc_t;
postgresql_procedure_object(sepgsql_proc_t)

type sepgsql_ro_blob_t;
postgresql_blob_object(sepgsql_ro_blob_t)

type sepgsql_ro_table_t;
postgresql_table_object(sepgsql_ro_table_t)

type sepgsql_secret_blob_t;
postgresql_blob_object(sepgsql_secret_blob_t)

type sepgsql_secret_table_t;
postgresql_table_object(sepgsql_secret_table_t)

type sepgsql_sysobj_t;
postgresql_system_table_object(sepgsql_sysobj_t)

type sepgsql_table_t;
postgresql_table_object(sepgsql_table_t)

type sepgsql_trusted_proc_exec_t;
postgresql_procedure_object(sepgsql_trusted_proc_exec_t)

# Trusted Procedure Domain
type sepgsql_trusted_proc_t;
domain_type(sepgsql_trusted_proc_t)
postgresql_unconfined(sepgsql_trusted_proc_t)
role system_r types sepgsql_trusted_proc_t;

########################################
#
# postgresql Local policy
#
allow postgresql_t self:capability { kill dac_override dac_read_search chown fowner fsetid setuid setgid sys_nice sys_tty_config sys_admin };
dontaudit postgresql_t self:capability { sys_tty_config sys_admin };
allow postgresql_t self:process signal_perms;
allow postgresql_t self:fifo_file rw_fifo_file_perms;
allow postgresql_t self:sem create_sem_perms;
allow postgresql_t self:shm create_shm_perms;
allow postgresql_t self:tcp_socket create_stream_socket_perms;
allow postgresql_t self:udp_socket create_stream_socket_perms;
allow postgresql_t self:unix_dgram_socket create_socket_perms;
allow postgresql_t self:unix_stream_socket create_stream_socket_perms;
allow postgresql_t self:netlink_selinux_socket create_socket_perms;

allow postgresql_t sepgsql_database_type:db_database *;
type_transition postgresql_t postgresql_t:db_database sepgsql_db_t;

allow postgresql_t sepgsql_module_type:db_database install_module;
# Database/Loadable module
allow sepgsql_database_type sepgsql_module_type:db_database load_module;

allow postgresql_t sepgsql_table_type:{ db_table db_column db_tuple } *;
type_transition postgresql_t sepgsql_database_type:db_table sepgsql_sysobj_t;

allow postgresql_t sepgsql_procedure_type:db_procedure *;
type_transition postgresql_t sepgsql_database_type:db_procedure sepgsql_proc_t;

allow postgresql_t sepgsql_blob_type:db_blob *;
type_transition postgresql_t sepgsql_database_type:db_blob sepgsql_blob_t;

manage_dirs_pattern(postgresql_t, postgresql_db_t, postgresql_db_t)
manage_files_pattern(postgresql_t, postgresql_db_t, postgresql_db_t)
manage_lnk_files_pattern(postgresql_t, postgresql_db_t, postgresql_db_t)
manage_fifo_files_pattern(postgresql_t, postgresql_db_t, postgresql_db_t)
manage_sock_files_pattern(postgresql_t, postgresql_db_t, postgresql_db_t)
files_var_lib_filetrans(postgresql_t, postgresql_db_t, { dir file lnk_file sock_file fifo_file })

allow postgresql_t postgresql_etc_t:dir list_dir_perms;
read_files_pattern(postgresql_t, postgresql_etc_t, postgresql_etc_t)
read_lnk_files_pattern(postgresql_t, postgresql_etc_t, postgresql_etc_t)

allow postgresql_t postgresql_exec_t:lnk_file { getattr read };
can_exec(postgresql_t, postgresql_exec_t )

allow postgresql_t postgresql_lock_t:file manage_file_perms;
files_lock_filetrans(postgresql_t,postgresql_lock_t,file)

manage_files_pattern(postgresql_t, postgresql_log_t, postgresql_log_t)
logging_log_filetrans(postgresql_t, postgresql_log_t, { file dir })

manage_dirs_pattern(postgresql_t, postgresql_tmp_t, postgresql_tmp_t)
manage_files_pattern(postgresql_t, postgresql_tmp_t, postgresql_tmp_t)
manage_lnk_files_pattern(postgresql_t, postgresql_tmp_t, postgresql_tmp_t)
manage_fifo_files_pattern(postgresql_t, postgresql_tmp_t, postgresql_tmp_t)
manage_sock_files_pattern(postgresql_t, postgresql_tmp_t, postgresql_tmp_t)
files_tmp_filetrans(postgresql_t, postgresql_tmp_t, { dir file sock_file })
fs_tmpfs_filetrans(postgresql_t, postgresql_tmp_t, { dir file lnk_file sock_file fifo_file })

manage_files_pattern(postgresql_t, postgresql_var_run_t, postgresql_var_run_t)
manage_sock_files_pattern(postgresql_t, postgresql_var_run_t, postgresql_var_run_t)
files_pid_filetrans(postgresql_t, postgresql_var_run_t, file)

kernel_read_kernel_sysctls(postgresql_t)
kernel_read_system_state(postgresql_t)
kernel_list_proc(postgresql_t)
kernel_read_all_sysctls(postgresql_t)
kernel_read_proc_symlinks(postgresql_t)

corenet_all_recvfrom_unlabeled(postgresql_t)
corenet_all_recvfrom_netlabel(postgresql_t)
corenet_tcp_sendrecv_all_if(postgresql_t)
corenet_udp_sendrecv_all_if(postgresql_t)
corenet_tcp_sendrecv_all_nodes(postgresql_t)
corenet_udp_sendrecv_all_nodes(postgresql_t)
corenet_tcp_sendrecv_all_ports(postgresql_t)
corenet_udp_sendrecv_all_ports(postgresql_t)
corenet_tcp_bind_all_nodes(postgresql_t)
corenet_tcp_bind_postgresql_port(postgresql_t)
corenet_tcp_connect_auth_port(postgresql_t)
corenet_sendrecv_postgresql_server_packets(postgresql_t)
corenet_sendrecv_auth_client_packets(postgresql_t)

dev_read_sysfs(postgresql_t)
dev_read_urand(postgresql_t)

fs_getattr_all_fs(postgresql_t)
fs_search_auto_mountpoints(postgresql_t)
fs_rw_hugetlbfs_files(postgresql_t)

selinux_get_enforce_mode(postgresql_t)
selinux_validate_context(postgresql_t)
selinux_compute_access_vector(postgresql_t)
selinux_compute_create_context(postgresql_t)
selinux_compute_relabel_context(postgresql_t)

term_use_controlling_term(postgresql_t)

corecmd_exec_bin(postgresql_t)
corecmd_exec_shell(postgresql_t)

domain_dontaudit_list_all_domains_state(postgresql_t)
domain_use_interactive_fds(postgresql_t)

files_dontaudit_search_home(postgresql_t)
files_manage_etc_files(postgresql_t)
files_search_etc(postgresql_t)
files_read_etc_runtime_files(postgresql_t)
files_read_usr_files(postgresql_t)

auth_use_nsswitch(postgresql_t)

init_read_utmp(postgresql_t)

libs_use_ld_so(postgresql_t)
libs_use_shared_libs(postgresql_t)

logging_send_syslog_msg(postgresql_t)

miscfiles_read_localization(postgresql_t)

seutil_libselinux_linked(postgresql_t)

userdom_dontaudit_use_unpriv_user_fds(postgresql_t)

mta_getattr_spool(postgresql_t)

sysadm_dontaudit_search_home_dirs(postgresql_t)
sysadm_dontaudit_use_ttys(postgresql_t)

tunable_policy(`allow_execmem',`
	allow postgresql_t self:process execmem;
')

optional_policy(`
	consoletype_exec(postgresql_t)
')

optional_policy(`
	cron_search_spool(postgresql_t)
	cron_system_entry(postgresql_t,postgresql_exec_t)
')

optional_policy(`
	hostname_exec(postgresql_t)
')

optional_policy(`
	ipsec_match_default_spd(postgresql_t)
')

optional_policy(`
	kerberos_use(postgresql_t)
')

optional_policy(`
	seutil_sigchld_newrole(postgresql_t)
')

optional_policy(`
	udev_read_db(postgresql_t)
')

########################################
#
# Rules common to all clients
#

allow sepgsql_client_type sepgsql_db_t:db_database { getattr access get_param set_param };
type_transition sepgsql_client_type sepgsql_client_type:db_database sepgsql_db_t;

allow sepgsql_client_type sepgsql_fixed_table_t:db_table { getattr use select insert };
allow sepgsql_client_type sepgsql_fixed_table_t:db_column { getattr use select insert };
allow sepgsql_client_type sepgsql_fixed_table_t:db_tuple { use select insert };

allow sepgsql_client_type sepgsql_table_t:db_table { getattr use select update insert delete };
allow sepgsql_client_type sepgsql_table_t:db_column { getattr use select update insert };
allow sepgsql_client_type sepgsql_table_t:db_tuple { use select update insert delete };

allow sepgsql_client_type sepgsql_ro_table_t:db_table { getattr use select };
allow sepgsql_client_type sepgsql_ro_table_t:db_column { getattr use select };
allow sepgsql_client_type sepgsql_ro_table_t:db_tuple { use select };

allow sepgsql_client_type sepgsql_secret_table_t:db_table getattr;
allow sepgsql_client_type sepgsql_secret_table_t:db_column getattr;

allow sepgsql_client_type sepgsql_sysobj_t:db_table { getattr use select };
allow sepgsql_client_type sepgsql_sysobj_t:db_column { getattr use select };
allow sepgsql_client_type sepgsql_sysobj_t:db_tuple { use select };

allow sepgsql_client_type sepgsql_proc_t:db_procedure { getattr execute };
allow sepgsql_client_type sepgsql_trusted_proc_t:db_procedure { getattr execute entrypoint };

allow sepgsql_client_type sepgsql_blob_t:db_blob { create drop getattr setattr read write };
allow sepgsql_client_type sepgsql_ro_blob_t:db_blob { getattr read };
allow sepgsql_client_type sepgsql_secret_blob_t:db_blob getattr;

# The purpose of the dontaudit rule in row-level access control is to prevent a flood of logs.
# If a client tries to SELECT a table including violated tuples, these are filtered from
# the result set as if not exist, but its access denied longs can be recorded within log files.
# In generally, the number of tuples are much larger than the number of columns, tables and so on.
# So, it makes a flood of logs when many tuples are violated.
#
# The default policy does not prevent anything for sepgsql_client_type sepgsql_unconfined_type,
# so we don't need "dontaudit" rules in Type-Enforcement. However, MLS/MCS can prevent them
# to access classified tuples and can make a audit record.
#
# Therefore, the following rule is applied for any domains which can connect SE-PostgreSQL.
dontaudit { postgresql_t sepgsql_client_type sepgsql_unconfined_type } { sepgsql_table_type -sepgsql_sysobj_table_type }:db_tuple { use select update insert delete };

tunable_policy(`sepgsql_enable_users_ddl',`
	allow sepgsql_client_type sepgsql_table_t:db_table { create drop setattr };
	allow sepgsql_client_type sepgsql_table_t:db_column { create drop setattr };
	allow sepgsql_client_type sepgsql_sysobj_t:db_tuple { update insert delete };
')

########################################
#
# Unconfined access to this module
#

allow sepgsql_unconfined_type sepgsql_database_type:db_database *;
type_transition sepgsql_unconfined_type sepgsql_unconfined_type:db_database sepgsql_db_t;

type_transition sepgsql_unconfined_type sepgsql_database_type:db_table sepgsql_table_t;
type_transition sepgsql_unconfined_type sepgsql_database_type:db_procedure sepgsql_proc_t;
type_transition sepgsql_unconfined_type sepgsql_database_type:db_blob sepgsql_blob_t;

allow sepgsql_unconfined_type sepgsql_table_type:{ db_table db_column db_tuple } *;

# unconfined domain is not allowed to invoke user defined procedure directly.
# They have to confirm and relabel it at first.
allow sepgsql_unconfined_type { sepgsql_proc_t sepgsql_trusted_proc_t }:db_procedure *;
allow sepgsql_unconfined_type sepgsql_procedure_type:db_procedure { create drop getattr setattr relabelfrom relabelto };

allow sepgsql_unconfined_type sepgsql_blob_type:db_blob *;

allow sepgsql_unconfined_type sepgsql_module_type:db_database install_module;

kernel_relabelfrom_unlabeled_database(sepgsql_unconfined_type)
Commit	Line	Data
a1fcff33	1
5d4f4b53	2	policy_module(postgresql, 1.7.0)
e8cb08ae CP	3
	4	gen_require(`
	5	class db_database all_db_database_perms;
	6	class db_table all_db_table_perms;
	7	class db_procedure all_db_procedure_perms;
	8	class db_column all_db_column_perms;
	9	class db_tuple all_db_tuple_perms;
	10	class db_blob all_db_blob_perms;
	11	')
a1fcff33 CP	12
	13	#################################
	14	#
	15	# Declarations
	16	#
e8cb08ae CP	17
	18	## <desc>
	19	## <p>
	20	## Allow unprived users to execute DDL statement
	21	## </p>
	22	## </desc>
	23	gen_tunable(sepgsql_enable_users_ddl, true)
	24
a1fcff33 CP	25	type postgresql_t;
a1fcff33 CP	26	type postgresql_exec_t;
0bfccda4	27	init_daemon_domain(postgresql_t, postgresql_exec_t)
a1fcff33 CP	28
	29	type postgresql_db_t;
	30	files_type(postgresql_db_t)
	31
9bbc757a CP	32	type postgresql_etc_t;
9bbc757a CP	33	files_config_file(postgresql_etc_t)
a1fcff33 CP	34
	35	type postgresql_lock_t;
	36	files_lock_file(postgresql_lock_t)
	37
	38	type postgresql_log_t;
	39	logging_log_file(postgresql_log_t)
	40
	41	type postgresql_tmp_t;
	42	files_tmp_file(postgresql_tmp_t)
	43
	44	type postgresql_var_run_t;
	45	files_pid_file(postgresql_var_run_t)
	46
e8cb08ae CP	47	# database clients attribute
	48	attribute sepgsql_client_type;
	49	attribute sepgsql_unconfined_type;
	50
	51	# database objects attribute
	52	attribute sepgsql_database_type;
	53	attribute sepgsql_table_type;
	54	attribute sepgsql_sysobj_table_type;
	55	attribute sepgsql_procedure_type;
	56	attribute sepgsql_blob_type;
	57	attribute sepgsql_module_type;
	58
	59	# database object types
	60	type sepgsql_blob_t;
	61	postgresql_blob_object(sepgsql_blob_t)
	62
	63	type sepgsql_db_t;
	64	postgresql_database_object(sepgsql_db_t)
	65
	66	type sepgsql_fixed_table_t;
	67	postgresql_table_object(sepgsql_fixed_table_t)
	68
	69	type sepgsql_proc_t;
	70	postgresql_procedure_object(sepgsql_proc_t)
	71
	72	type sepgsql_ro_blob_t;
	73	postgresql_blob_object(sepgsql_ro_blob_t)
	74
	75	type sepgsql_ro_table_t;
	76	postgresql_table_object(sepgsql_ro_table_t)
	77
	78	type sepgsql_secret_blob_t;
	79	postgresql_blob_object(sepgsql_secret_blob_t)
	80
	81	type sepgsql_secret_table_t;
	82	postgresql_table_object(sepgsql_secret_table_t)
	83
	84	type sepgsql_sysobj_t;
	85	postgresql_system_table_object(sepgsql_sysobj_t)
	86
	87	type sepgsql_table_t;
	88	postgresql_table_object(sepgsql_table_t)
	89
7f4005e3 CP	90	type sepgsql_trusted_proc_exec_t;
7f4005e3 CP	91	postgresql_procedure_object(sepgsql_trusted_proc_exec_t)
e8cb08ae CP	92
e8cb08ae CP	93	# Trusted Procedure Domain
7f4005e3 CP	94	type sepgsql_trusted_proc_t;
	95	domain_type(sepgsql_trusted_proc_t)
	96	postgresql_unconfined(sepgsql_trusted_proc_t)
	97	role system_r types sepgsql_trusted_proc_t;
e8cb08ae	98
a1fcff33 CP	99	########################################
	100	#
	101	# postgresql Local policy
	102	#
	103	allow postgresql_t self:capability { kill dac_override dac_read_search chown fowner fsetid setuid setgid sys_nice sys_tty_config sys_admin };
165b42d2	104	dontaudit postgresql_t self:capability { sys_tty_config sys_admin };
57d8e6c7	105	allow postgresql_t self:process signal_perms;
0b36a214	106	allow postgresql_t self:fifo_file rw_fifo_file_perms;
a1fcff33 CP	107	allow postgresql_t self:sem create_sem_perms;
	108	allow postgresql_t self:shm create_shm_perms;
	109	allow postgresql_t self:tcp_socket create_stream_socket_perms;
	110	allow postgresql_t self:udp_socket create_stream_socket_perms;
	111	allow postgresql_t self:unix_dgram_socket create_socket_perms;
	112	allow postgresql_t self:unix_stream_socket create_stream_socket_perms;
e8cb08ae CP	113	allow postgresql_t self:netlink_selinux_socket create_socket_perms;
	114
	115	allow postgresql_t sepgsql_database_type:db_database *;
	116	type_transition postgresql_t postgresql_t:db_database sepgsql_db_t;
	117
	118	allow postgresql_t sepgsql_module_type:db_database install_module;
	119	# Database/Loadable module
	120	allow sepgsql_database_type sepgsql_module_type:db_database load_module;
	121
	122	allow postgresql_t sepgsql_table_type:{ db_table db_column db_tuple } *;
	123	type_transition postgresql_t sepgsql_database_type:db_table sepgsql_sysobj_t;
	124
	125	allow postgresql_t sepgsql_procedure_type:db_procedure *;
	126	type_transition postgresql_t sepgsql_database_type:db_procedure sepgsql_proc_t;
	127
	128	allow postgresql_t sepgsql_blob_type:db_blob *;
	129	type_transition postgresql_t sepgsql_database_type:db_blob sepgsql_blob_t;
a1fcff33	130
0bfccda4 CP	131	manage_dirs_pattern(postgresql_t, postgresql_db_t, postgresql_db_t)
	132	manage_files_pattern(postgresql_t, postgresql_db_t, postgresql_db_t)
	133	manage_lnk_files_pattern(postgresql_t, postgresql_db_t, postgresql_db_t)
	134	manage_fifo_files_pattern(postgresql_t, postgresql_db_t, postgresql_db_t)
	135	manage_sock_files_pattern(postgresql_t, postgresql_db_t, postgresql_db_t)
103fe280	136	files_var_lib_filetrans(postgresql_t, postgresql_db_t, { dir file lnk_file sock_file fifo_file })
a1fcff33	137
c0868a7a	138	allow postgresql_t postgresql_etc_t:dir list_dir_perms;
0bfccda4 CP	139	read_files_pattern(postgresql_t, postgresql_etc_t, postgresql_etc_t)
0bfccda4 CP	140	read_lnk_files_pattern(postgresql_t, postgresql_etc_t, postgresql_etc_t)
a1fcff33 CP	141
	142	allow postgresql_t postgresql_exec_t:lnk_file { getattr read };
	143	can_exec(postgresql_t, postgresql_exec_t )
	144
c0868a7a	145	allow postgresql_t postgresql_lock_t:file manage_file_perms;
1c1ac67f	146	files_lock_filetrans(postgresql_t,postgresql_lock_t,file)
a1fcff33	147
0bfccda4 CP	148	manage_files_pattern(postgresql_t, postgresql_log_t, postgresql_log_t)
0bfccda4 CP	149	logging_log_filetrans(postgresql_t, postgresql_log_t, { file dir })
a1fcff33	150
0bfccda4 CP	151	manage_dirs_pattern(postgresql_t, postgresql_tmp_t, postgresql_tmp_t)
	152	manage_files_pattern(postgresql_t, postgresql_tmp_t, postgresql_tmp_t)
	153	manage_lnk_files_pattern(postgresql_t, postgresql_tmp_t, postgresql_tmp_t)
	154	manage_fifo_files_pattern(postgresql_t, postgresql_tmp_t, postgresql_tmp_t)
	155	manage_sock_files_pattern(postgresql_t, postgresql_tmp_t, postgresql_tmp_t)
103fe280 CP	156	files_tmp_filetrans(postgresql_t, postgresql_tmp_t, { dir file sock_file })
103fe280 CP	157	fs_tmpfs_filetrans(postgresql_t, postgresql_tmp_t, { dir file lnk_file sock_file fifo_file })
a1fcff33	158
0bfccda4 CP	159	manage_files_pattern(postgresql_t, postgresql_var_run_t, postgresql_var_run_t)
	160	manage_sock_files_pattern(postgresql_t, postgresql_var_run_t, postgresql_var_run_t)
	161	files_pid_filetrans(postgresql_t, postgresql_var_run_t, file)
a1fcff33	162
445522dc	163	kernel_read_kernel_sysctls(postgresql_t)
a1fcff33 CP	164	kernel_read_system_state(postgresql_t)
a1fcff33 CP	165	kernel_list_proc(postgresql_t)
445522dc	166	kernel_read_all_sysctls(postgresql_t)
a1fcff33	167	kernel_read_proc_symlinks(postgresql_t)
a1fcff33	168
19006686 CP	169	corenet_all_recvfrom_unlabeled(postgresql_t)
19006686 CP	170	corenet_all_recvfrom_netlabel(postgresql_t)
a1fcff33 CP	171	corenet_tcp_sendrecv_all_if(postgresql_t)
a1fcff33 CP	172	corenet_udp_sendrecv_all_if(postgresql_t)
a1fcff33 CP	173	corenet_tcp_sendrecv_all_nodes(postgresql_t)
a1fcff33 CP	174	corenet_udp_sendrecv_all_nodes(postgresql_t)
a1fcff33 CP	175	corenet_tcp_sendrecv_all_ports(postgresql_t)
	176	corenet_udp_sendrecv_all_ports(postgresql_t)
	177	corenet_tcp_bind_all_nodes(postgresql_t)
a1fcff33 CP	178	corenet_tcp_bind_postgresql_port(postgresql_t)
a1fcff33 CP	179	corenet_tcp_connect_auth_port(postgresql_t)
141cffdd CP	180	corenet_sendrecv_postgresql_server_packets(postgresql_t)
141cffdd CP	181	corenet_sendrecv_auth_client_packets(postgresql_t)
a1fcff33 CP	182
	183	dev_read_sysfs(postgresql_t)
	184	dev_read_urand(postgresql_t)
	185
	186	fs_getattr_all_fs(postgresql_t)
	187	fs_search_auto_mountpoints(postgresql_t)
770c015f	188	fs_rw_hugetlbfs_files(postgresql_t)
a1fcff33	189
e8cb08ae CP	190	selinux_get_enforce_mode(postgresql_t)
	191	selinux_validate_context(postgresql_t)
	192	selinux_compute_access_vector(postgresql_t)
	193	selinux_compute_create_context(postgresql_t)
	194	selinux_compute_relabel_context(postgresql_t)
	195
a1fcff33	196	term_use_controlling_term(postgresql_t)
a1fcff33 CP	197
a1fcff33 CP	198	corecmd_exec_bin(postgresql_t)
a1fcff33 CP	199	corecmd_exec_shell(postgresql_t)
a1fcff33 CP	200
1815bad1	201	domain_dontaudit_list_all_domains_state(postgresql_t)
15722ec9	202	domain_use_interactive_fds(postgresql_t)
a1fcff33 CP	203
	204	files_dontaudit_search_home(postgresql_t)
	205	files_manage_etc_files(postgresql_t)
	206	files_search_etc(postgresql_t)
	207	files_read_etc_runtime_files(postgresql_t)
	208	files_read_usr_files(postgresql_t)
	209
09e21686 CP	210	auth_use_nsswitch(postgresql_t)
09e21686 CP	211
68228b33	212	init_read_utmp(postgresql_t)
a1fcff33 CP	213
	214	libs_use_ld_so(postgresql_t)
	215	libs_use_shared_libs(postgresql_t)
	216
	217	logging_send_syslog_msg(postgresql_t)
	218
	219	miscfiles_read_localization(postgresql_t)
	220
e8cb08ae	221	seutil_libselinux_linked(postgresql_t)
a1fcff33	222
15722ec9	223	userdom_dontaudit_use_unpriv_user_fds(postgresql_t)
a1fcff33 CP	224
	225	mta_getattr_spool(postgresql_t)
	226
e9c6cda7 CP	227	sysadm_dontaudit_search_home_dirs(postgresql_t)
	228	sysadm_dontaudit_use_ttys(postgresql_t)
	229
a1fcff33 CP	230	tunable_policy(`allow_execmem',`
	231	allow postgresql_t self:process execmem;
	232	')
	233
bb7170f6	234	optional_policy(`
a1fcff33 CP	235	consoletype_exec(postgresql_t)
	236	')
	237
bb7170f6	238	optional_policy(`
a1fcff33 CP	239	cron_search_spool(postgresql_t)
	240	cron_system_entry(postgresql_t,postgresql_exec_t)
	241	')
	242
bb7170f6	243	optional_policy(`
a1fcff33 CP	244	hostname_exec(postgresql_t)
	245	')
	246
0b6acad1 CP	247	optional_policy(`
	248	ipsec_match_default_spd(postgresql_t)
	249	')
	250
bb7170f6	251	optional_policy(`
a1fcff33 CP	252	kerberos_use(postgresql_t)
	253	')
	254
bb7170f6	255	optional_policy(`
a1fcff33 CP	256	seutil_sigchld_newrole(postgresql_t)
	257	')
	258
bb7170f6	259	optional_policy(`
a1fcff33 CP	260	udev_read_db(postgresql_t)
a1fcff33 CP	261	')
e8cb08ae CP	262
	263	########################################
	264	#
	265	# Rules common to all clients
	266	#
	267
	268	allow sepgsql_client_type sepgsql_db_t:db_database { getattr access get_param set_param };
	269	type_transition sepgsql_client_type sepgsql_client_type:db_database sepgsql_db_t;
	270
	271	allow sepgsql_client_type sepgsql_fixed_table_t:db_table { getattr use select insert };
	272	allow sepgsql_client_type sepgsql_fixed_table_t:db_column { getattr use select insert };
	273	allow sepgsql_client_type sepgsql_fixed_table_t:db_tuple { use select insert };
	274
	275	allow sepgsql_client_type sepgsql_table_t:db_table { getattr use select update insert delete };
	276	allow sepgsql_client_type sepgsql_table_t:db_column { getattr use select update insert };
	277	allow sepgsql_client_type sepgsql_table_t:db_tuple { use select update insert delete };
	278
	279	allow sepgsql_client_type sepgsql_ro_table_t:db_table { getattr use select };
	280	allow sepgsql_client_type sepgsql_ro_table_t:db_column { getattr use select };
	281	allow sepgsql_client_type sepgsql_ro_table_t:db_tuple { use select };
	282
	283	allow sepgsql_client_type sepgsql_secret_table_t:db_table getattr;
	284	allow sepgsql_client_type sepgsql_secret_table_t:db_column getattr;
	285
	286	allow sepgsql_client_type sepgsql_sysobj_t:db_table { getattr use select };
	287	allow sepgsql_client_type sepgsql_sysobj_t:db_column { getattr use select };
	288	allow sepgsql_client_type sepgsql_sysobj_t:db_tuple { use select };
	289
	290	allow sepgsql_client_type sepgsql_proc_t:db_procedure { getattr execute };
	291	allow sepgsql_client_type sepgsql_trusted_proc_t:db_procedure { getattr execute entrypoint };
	292
	293	allow sepgsql_client_type sepgsql_blob_t:db_blob { create drop getattr setattr read write };
	294	allow sepgsql_client_type sepgsql_ro_blob_t:db_blob { getattr read };
	295	allow sepgsql_client_type sepgsql_secret_blob_t:db_blob getattr;
	296
	297	# The purpose of the dontaudit rule in row-level access control is to prevent a flood of logs.
	298	# If a client tries to SELECT a table including violated tuples, these are filtered from
	299	# the result set as if not exist, but its access denied longs can be recorded within log files.
	300	# In generally, the number of tuples are much larger than the number of columns, tables and so on.
	301	# So, it makes a flood of logs when many tuples are violated.
	302	#
	303	# The default policy does not prevent anything for sepgsql_client_type sepgsql_unconfined_type,
	304	# so we don't need "dontaudit" rules in Type-Enforcement. However, MLS/MCS can prevent them
	305	# to access classified tuples and can make a audit record.
	306	#
	307	# Therefore, the following rule is applied for any domains which can connect SE-PostgreSQL.
	308	dontaudit { postgresql_t sepgsql_client_type sepgsql_unconfined_type } { sepgsql_table_type -sepgsql_sysobj_table_type }:db_tuple { use select update insert delete };
	309
	310	tunable_policy(`sepgsql_enable_users_ddl',`
0bfccda4	311	allow sepgsql_client_type sepgsql_table_t:db_table { create drop setattr };
e8cb08ae	312	allow sepgsql_client_type sepgsql_table_t:db_column { create drop setattr };
0bfccda4	313	allow sepgsql_client_type sepgsql_sysobj_t:db_tuple { update insert delete };
e8cb08ae CP	314	')
	315
	316	########################################
	317	#
	318	# Unconfined access to this module
	319	#
	320
	321	allow sepgsql_unconfined_type sepgsql_database_type:db_database *;
	322	type_transition sepgsql_unconfined_type sepgsql_unconfined_type:db_database sepgsql_db_t;
	323
	324	type_transition sepgsql_unconfined_type sepgsql_database_type:db_table sepgsql_table_t;
	325	type_transition sepgsql_unconfined_type sepgsql_database_type:db_procedure sepgsql_proc_t;
	326	type_transition sepgsql_unconfined_type sepgsql_database_type:db_blob sepgsql_blob_t;
	327
	328	allow sepgsql_unconfined_type sepgsql_table_type:{ db_table db_column db_tuple } *;
	329
	330	# unconfined domain is not allowed to invoke user defined procedure directly.
	331	# They have to confirm and relabel it at first.
	332	allow sepgsql_unconfined_type { sepgsql_proc_t sepgsql_trusted_proc_t }:db_procedure *;
	333	allow sepgsql_unconfined_type sepgsql_procedure_type:db_procedure { create drop getattr setattr relabelfrom relabelto };
	334
	335	allow sepgsql_unconfined_type sepgsql_blob_type:db_blob *;
	336
	337	allow sepgsql_unconfined_type sepgsql_module_type:db_database install_module;
	338
	339	kernel_relabelfrom_unlabeled_database(sepgsql_unconfined_type)