]>
Commit | Line | Data |
---|---|---|
a1fcff33 | 1 | |
29af4c13 | 2 | policy_module(postgresql, 1.11.0) |
e8cb08ae CP |
3 | |
4 | gen_require(` | |
5 | class db_database all_db_database_perms; | |
6 | class db_table all_db_table_perms; | |
7 | class db_procedure all_db_procedure_perms; | |
8 | class db_column all_db_column_perms; | |
9 | class db_tuple all_db_tuple_perms; | |
10 | class db_blob all_db_blob_perms; | |
11 | ') | |
a1fcff33 CP |
12 | |
13 | ################################# | |
14 | # | |
15 | # Declarations | |
16 | # | |
e8cb08ae CP |
17 | |
18 | ## <desc> | |
19 | ## <p> | |
20 | ## Allow unprived users to execute DDL statement | |
21 | ## </p> | |
22 | ## </desc> | |
23 | gen_tunable(sepgsql_enable_users_ddl, true) | |
24 | ||
22a2874d CP |
25 | ## <desc> |
26 | ## <p> | |
27 | ## Allow database admins to execute DML statement | |
28 | ## </p> | |
29 | ## </desc> | |
30 | gen_tunable(sepgsql_unconfined_dbadm, true) | |
31 | ||
a1fcff33 CP |
32 | type postgresql_t; |
33 | type postgresql_exec_t; | |
0bfccda4 | 34 | init_daemon_domain(postgresql_t, postgresql_exec_t) |
a1fcff33 CP |
35 | |
36 | type postgresql_db_t; | |
37 | files_type(postgresql_db_t) | |
38 | ||
9bbc757a CP |
39 | type postgresql_etc_t; |
40 | files_config_file(postgresql_etc_t) | |
a1fcff33 | 41 | |
22a2874d CP |
42 | type postgresql_initrc_exec_t; |
43 | init_script_file(postgresql_initrc_exec_t) | |
44 | ||
a1fcff33 CP |
45 | type postgresql_lock_t; |
46 | files_lock_file(postgresql_lock_t) | |
47 | ||
48 | type postgresql_log_t; | |
49 | logging_log_file(postgresql_log_t) | |
50 | ||
51 | type postgresql_tmp_t; | |
52 | files_tmp_file(postgresql_tmp_t) | |
53 | ||
54 | type postgresql_var_run_t; | |
55 | files_pid_file(postgresql_var_run_t) | |
56 | ||
e8cb08ae | 57 | # database clients attribute |
22a2874d | 58 | attribute sepgsql_admin_type; |
e8cb08ae CP |
59 | attribute sepgsql_client_type; |
60 | attribute sepgsql_unconfined_type; | |
61 | ||
62 | # database objects attribute | |
63 | attribute sepgsql_database_type; | |
64 | attribute sepgsql_table_type; | |
65 | attribute sepgsql_sysobj_table_type; | |
66 | attribute sepgsql_procedure_type; | |
67 | attribute sepgsql_blob_type; | |
68 | attribute sepgsql_module_type; | |
69 | ||
70 | # database object types | |
71 | type sepgsql_blob_t; | |
72 | postgresql_blob_object(sepgsql_blob_t) | |
73 | ||
74 | type sepgsql_db_t; | |
75 | postgresql_database_object(sepgsql_db_t) | |
76 | ||
77 | type sepgsql_fixed_table_t; | |
78 | postgresql_table_object(sepgsql_fixed_table_t) | |
79 | ||
350ed891 CP |
80 | type sepgsql_proc_exec_t; |
81 | typealias sepgsql_proc_exec_t alias sepgsql_proc_t; | |
82 | postgresql_procedure_object(sepgsql_proc_exec_t) | |
e8cb08ae CP |
83 | |
84 | type sepgsql_ro_blob_t; | |
85 | postgresql_blob_object(sepgsql_ro_blob_t) | |
86 | ||
87 | type sepgsql_ro_table_t; | |
88 | postgresql_table_object(sepgsql_ro_table_t) | |
89 | ||
90 | type sepgsql_secret_blob_t; | |
91 | postgresql_blob_object(sepgsql_secret_blob_t) | |
92 | ||
93 | type sepgsql_secret_table_t; | |
94 | postgresql_table_object(sepgsql_secret_table_t) | |
95 | ||
96 | type sepgsql_sysobj_t; | |
97 | postgresql_system_table_object(sepgsql_sysobj_t) | |
98 | ||
99 | type sepgsql_table_t; | |
100 | postgresql_table_object(sepgsql_table_t) | |
101 | ||
7f4005e3 CP |
102 | type sepgsql_trusted_proc_exec_t; |
103 | postgresql_procedure_object(sepgsql_trusted_proc_exec_t) | |
e8cb08ae CP |
104 | |
105 | # Trusted Procedure Domain | |
7f4005e3 CP |
106 | type sepgsql_trusted_proc_t; |
107 | domain_type(sepgsql_trusted_proc_t) | |
108 | postgresql_unconfined(sepgsql_trusted_proc_t) | |
109 | role system_r types sepgsql_trusted_proc_t; | |
e8cb08ae | 110 | |
a01a4a71 CP |
111 | # Types for unprivileged client |
112 | type unpriv_sepgsql_blob_t; | |
113 | postgresql_blob_object(unpriv_sepgsql_blob_t) | |
114 | ||
115 | type unpriv_sepgsql_proc_exec_t; | |
116 | postgresql_procedure_object(unpriv_sepgsql_proc_exec_t) | |
117 | ||
118 | type unpriv_sepgsql_sysobj_t; | |
119 | postgresql_system_table_object(unpriv_sepgsql_sysobj_t) | |
120 | ||
121 | type unpriv_sepgsql_table_t; | |
122 | postgresql_table_object(unpriv_sepgsql_table_t) | |
123 | ||
124 | # Types for UBAC | |
296273a7 CP |
125 | type user_sepgsql_blob_t; |
126 | typealias user_sepgsql_blob_t alias { staff_sepgsql_blob_t sysadm_sepgsql_blob_t }; | |
127 | typealias user_sepgsql_blob_t alias { auditadm_sepgsql_blob_t secadm_sepgsql_blob_t }; | |
128 | postgresql_blob_object(user_sepgsql_blob_t) | |
129 | ||
130 | type user_sepgsql_proc_exec_t; | |
131 | typealias user_sepgsql_proc_exec_t alias { staff_sepgsql_proc_exec_t sysadm_sepgsql_proc_exec_t }; | |
132 | typealias user_sepgsql_proc_exec_t alias { auditadm_sepgsql_proc_exec_t secadm_sepgsql_proc_exec_t }; | |
133 | postgresql_procedure_object(user_sepgsql_proc_exec_t) | |
134 | ||
135 | type user_sepgsql_sysobj_t; | |
136 | typealias user_sepgsql_sysobj_t alias { staff_sepgsql_sysobj_t sysadm_sepgsql_sysobj_t }; | |
137 | typealias user_sepgsql_sysobj_t alias { auditadm_sepgsql_sysobj_t secadm_sepgsql_sysobj_t }; | |
138 | postgresql_system_table_object(user_sepgsql_sysobj_t) | |
139 | ||
140 | type user_sepgsql_table_t; | |
141 | typealias user_sepgsql_table_t alias { staff_sepgsql_table_t sysadm_sepgsql_table_t }; | |
142 | typealias user_sepgsql_table_t alias { auditadm_sepgsql_table_t secadm_sepgsql_table_t }; | |
143 | postgresql_table_object(user_sepgsql_table_t) | |
144 | ||
a1fcff33 CP |
145 | ######################################## |
146 | # | |
147 | # postgresql Local policy | |
148 | # | |
149 | allow postgresql_t self:capability { kill dac_override dac_read_search chown fowner fsetid setuid setgid sys_nice sys_tty_config sys_admin }; | |
165b42d2 | 150 | dontaudit postgresql_t self:capability { sys_tty_config sys_admin }; |
57d8e6c7 | 151 | allow postgresql_t self:process signal_perms; |
0b36a214 | 152 | allow postgresql_t self:fifo_file rw_fifo_file_perms; |
9681df1c | 153 | allow postgresql_t self:file { getattr read }; |
a1fcff33 CP |
154 | allow postgresql_t self:sem create_sem_perms; |
155 | allow postgresql_t self:shm create_shm_perms; | |
156 | allow postgresql_t self:tcp_socket create_stream_socket_perms; | |
157 | allow postgresql_t self:udp_socket create_stream_socket_perms; | |
158 | allow postgresql_t self:unix_dgram_socket create_socket_perms; | |
159 | allow postgresql_t self:unix_stream_socket create_stream_socket_perms; | |
e8cb08ae CP |
160 | allow postgresql_t self:netlink_selinux_socket create_socket_perms; |
161 | ||
162 | allow postgresql_t sepgsql_database_type:db_database *; | |
163 | type_transition postgresql_t postgresql_t:db_database sepgsql_db_t; | |
164 | ||
165 | allow postgresql_t sepgsql_module_type:db_database install_module; | |
166 | # Database/Loadable module | |
167 | allow sepgsql_database_type sepgsql_module_type:db_database load_module; | |
168 | ||
169 | allow postgresql_t sepgsql_table_type:{ db_table db_column db_tuple } *; | |
170 | type_transition postgresql_t sepgsql_database_type:db_table sepgsql_sysobj_t; | |
171 | ||
172 | allow postgresql_t sepgsql_procedure_type:db_procedure *; | |
350ed891 | 173 | type_transition postgresql_t sepgsql_database_type:db_procedure sepgsql_proc_exec_t; |
e8cb08ae CP |
174 | |
175 | allow postgresql_t sepgsql_blob_type:db_blob *; | |
176 | type_transition postgresql_t sepgsql_database_type:db_blob sepgsql_blob_t; | |
a1fcff33 | 177 | |
0bfccda4 CP |
178 | manage_dirs_pattern(postgresql_t, postgresql_db_t, postgresql_db_t) |
179 | manage_files_pattern(postgresql_t, postgresql_db_t, postgresql_db_t) | |
180 | manage_lnk_files_pattern(postgresql_t, postgresql_db_t, postgresql_db_t) | |
181 | manage_fifo_files_pattern(postgresql_t, postgresql_db_t, postgresql_db_t) | |
182 | manage_sock_files_pattern(postgresql_t, postgresql_db_t, postgresql_db_t) | |
103fe280 | 183 | files_var_lib_filetrans(postgresql_t, postgresql_db_t, { dir file lnk_file sock_file fifo_file }) |
a1fcff33 | 184 | |
c0868a7a | 185 | allow postgresql_t postgresql_etc_t:dir list_dir_perms; |
0bfccda4 CP |
186 | read_files_pattern(postgresql_t, postgresql_etc_t, postgresql_etc_t) |
187 | read_lnk_files_pattern(postgresql_t, postgresql_etc_t, postgresql_etc_t) | |
a1fcff33 CP |
188 | |
189 | allow postgresql_t postgresql_exec_t:lnk_file { getattr read }; | |
190 | can_exec(postgresql_t, postgresql_exec_t ) | |
191 | ||
c0868a7a | 192 | allow postgresql_t postgresql_lock_t:file manage_file_perms; |
3f67f722 | 193 | files_lock_filetrans(postgresql_t, postgresql_lock_t, file) |
a1fcff33 | 194 | |
0bfccda4 CP |
195 | manage_files_pattern(postgresql_t, postgresql_log_t, postgresql_log_t) |
196 | logging_log_filetrans(postgresql_t, postgresql_log_t, { file dir }) | |
a1fcff33 | 197 | |
0bfccda4 CP |
198 | manage_dirs_pattern(postgresql_t, postgresql_tmp_t, postgresql_tmp_t) |
199 | manage_files_pattern(postgresql_t, postgresql_tmp_t, postgresql_tmp_t) | |
200 | manage_lnk_files_pattern(postgresql_t, postgresql_tmp_t, postgresql_tmp_t) | |
201 | manage_fifo_files_pattern(postgresql_t, postgresql_tmp_t, postgresql_tmp_t) | |
202 | manage_sock_files_pattern(postgresql_t, postgresql_tmp_t, postgresql_tmp_t) | |
103fe280 CP |
203 | files_tmp_filetrans(postgresql_t, postgresql_tmp_t, { dir file sock_file }) |
204 | fs_tmpfs_filetrans(postgresql_t, postgresql_tmp_t, { dir file lnk_file sock_file fifo_file }) | |
a1fcff33 | 205 | |
0bfccda4 CP |
206 | manage_files_pattern(postgresql_t, postgresql_var_run_t, postgresql_var_run_t) |
207 | manage_sock_files_pattern(postgresql_t, postgresql_var_run_t, postgresql_var_run_t) | |
208 | files_pid_filetrans(postgresql_t, postgresql_var_run_t, file) | |
a1fcff33 | 209 | |
445522dc | 210 | kernel_read_kernel_sysctls(postgresql_t) |
a1fcff33 CP |
211 | kernel_read_system_state(postgresql_t) |
212 | kernel_list_proc(postgresql_t) | |
445522dc | 213 | kernel_read_all_sysctls(postgresql_t) |
a1fcff33 | 214 | kernel_read_proc_symlinks(postgresql_t) |
a1fcff33 | 215 | |
19006686 CP |
216 | corenet_all_recvfrom_unlabeled(postgresql_t) |
217 | corenet_all_recvfrom_netlabel(postgresql_t) | |
668b3093 CP |
218 | corenet_tcp_sendrecv_generic_if(postgresql_t) |
219 | corenet_udp_sendrecv_generic_if(postgresql_t) | |
c1262146 CP |
220 | corenet_tcp_sendrecv_generic_node(postgresql_t) |
221 | corenet_udp_sendrecv_generic_node(postgresql_t) | |
a1fcff33 CP |
222 | corenet_tcp_sendrecv_all_ports(postgresql_t) |
223 | corenet_udp_sendrecv_all_ports(postgresql_t) | |
9681df1c | 224 | corenet_udp_bind_generic_node(postgresql_t) |
c1262146 | 225 | corenet_tcp_bind_generic_node(postgresql_t) |
a1fcff33 CP |
226 | corenet_tcp_bind_postgresql_port(postgresql_t) |
227 | corenet_tcp_connect_auth_port(postgresql_t) | |
9681df1c | 228 | corenet_tcp_connect_postgresql_port(postgresql_t) |
141cffdd CP |
229 | corenet_sendrecv_postgresql_server_packets(postgresql_t) |
230 | corenet_sendrecv_auth_client_packets(postgresql_t) | |
a1fcff33 CP |
231 | |
232 | dev_read_sysfs(postgresql_t) | |
233 | dev_read_urand(postgresql_t) | |
234 | ||
235 | fs_getattr_all_fs(postgresql_t) | |
236 | fs_search_auto_mountpoints(postgresql_t) | |
770c015f | 237 | fs_rw_hugetlbfs_files(postgresql_t) |
a1fcff33 | 238 | |
e8cb08ae CP |
239 | selinux_get_enforce_mode(postgresql_t) |
240 | selinux_validate_context(postgresql_t) | |
241 | selinux_compute_access_vector(postgresql_t) | |
242 | selinux_compute_create_context(postgresql_t) | |
243 | selinux_compute_relabel_context(postgresql_t) | |
244 | ||
a1fcff33 | 245 | term_use_controlling_term(postgresql_t) |
a1fcff33 CP |
246 | |
247 | corecmd_exec_bin(postgresql_t) | |
a1fcff33 CP |
248 | corecmd_exec_shell(postgresql_t) |
249 | ||
1815bad1 | 250 | domain_dontaudit_list_all_domains_state(postgresql_t) |
15722ec9 | 251 | domain_use_interactive_fds(postgresql_t) |
a1fcff33 CP |
252 | |
253 | files_dontaudit_search_home(postgresql_t) | |
254 | files_manage_etc_files(postgresql_t) | |
255 | files_search_etc(postgresql_t) | |
256 | files_read_etc_runtime_files(postgresql_t) | |
257 | files_read_usr_files(postgresql_t) | |
258 | ||
9681df1c | 259 | auth_use_pam(postgresql_t) |
09e21686 | 260 | |
68228b33 | 261 | init_read_utmp(postgresql_t) |
a1fcff33 | 262 | |
a1fcff33 | 263 | logging_send_syslog_msg(postgresql_t) |
9681df1c | 264 | logging_send_audit_msgs(postgresql_t) |
a1fcff33 CP |
265 | |
266 | miscfiles_read_localization(postgresql_t) | |
267 | ||
e8cb08ae | 268 | seutil_libselinux_linked(postgresql_t) |
a1fcff33 | 269 | |
15722ec9 | 270 | userdom_dontaudit_use_unpriv_user_fds(postgresql_t) |
296273a7 CP |
271 | userdom_dontaudit_search_user_home_dirs(postgresql_t) |
272 | userdom_dontaudit_use_user_terminals(postgresql_t) | |
a1fcff33 CP |
273 | |
274 | mta_getattr_spool(postgresql_t) | |
275 | ||
a1fcff33 CP |
276 | tunable_policy(`allow_execmem',` |
277 | allow postgresql_t self:process execmem; | |
278 | ') | |
279 | ||
bb7170f6 | 280 | optional_policy(` |
a1fcff33 CP |
281 | consoletype_exec(postgresql_t) |
282 | ') | |
283 | ||
bb7170f6 | 284 | optional_policy(` |
a1fcff33 | 285 | cron_search_spool(postgresql_t) |
3f67f722 | 286 | cron_system_entry(postgresql_t, postgresql_exec_t) |
a1fcff33 CP |
287 | ') |
288 | ||
bb7170f6 | 289 | optional_policy(` |
a1fcff33 CP |
290 | hostname_exec(postgresql_t) |
291 | ') | |
292 | ||
0b6acad1 CP |
293 | optional_policy(` |
294 | ipsec_match_default_spd(postgresql_t) | |
295 | ') | |
296 | ||
bb7170f6 | 297 | optional_policy(` |
a1fcff33 CP |
298 | kerberos_use(postgresql_t) |
299 | ') | |
300 | ||
bb7170f6 | 301 | optional_policy(` |
a1fcff33 CP |
302 | seutil_sigchld_newrole(postgresql_t) |
303 | ') | |
304 | ||
bb7170f6 | 305 | optional_policy(` |
a1fcff33 CP |
306 | udev_read_db(postgresql_t) |
307 | ') | |
e8cb08ae CP |
308 | |
309 | ######################################## | |
310 | # | |
311 | # Rules common to all clients | |
312 | # | |
313 | ||
314 | allow sepgsql_client_type sepgsql_db_t:db_database { getattr access get_param set_param }; | |
315 | type_transition sepgsql_client_type sepgsql_client_type:db_database sepgsql_db_t; | |
316 | ||
350ed891 | 317 | allow sepgsql_client_type sepgsql_fixed_table_t:db_table { getattr use select insert lock }; |
e8cb08ae CP |
318 | allow sepgsql_client_type sepgsql_fixed_table_t:db_column { getattr use select insert }; |
319 | allow sepgsql_client_type sepgsql_fixed_table_t:db_tuple { use select insert }; | |
320 | ||
350ed891 | 321 | allow sepgsql_client_type sepgsql_table_t:db_table { getattr use select update insert delete lock }; |
e8cb08ae CP |
322 | allow sepgsql_client_type sepgsql_table_t:db_column { getattr use select update insert }; |
323 | allow sepgsql_client_type sepgsql_table_t:db_tuple { use select update insert delete }; | |
324 | ||
350ed891 | 325 | allow sepgsql_client_type sepgsql_ro_table_t:db_table { getattr use select lock }; |
e8cb08ae CP |
326 | allow sepgsql_client_type sepgsql_ro_table_t:db_column { getattr use select }; |
327 | allow sepgsql_client_type sepgsql_ro_table_t:db_tuple { use select }; | |
328 | ||
329 | allow sepgsql_client_type sepgsql_secret_table_t:db_table getattr; | |
330 | allow sepgsql_client_type sepgsql_secret_table_t:db_column getattr; | |
331 | ||
350ed891 | 332 | allow sepgsql_client_type sepgsql_sysobj_t:db_table { getattr use select lock }; |
e8cb08ae CP |
333 | allow sepgsql_client_type sepgsql_sysobj_t:db_column { getattr use select }; |
334 | allow sepgsql_client_type sepgsql_sysobj_t:db_tuple { use select }; | |
335 | ||
350ed891 CP |
336 | allow sepgsql_client_type sepgsql_proc_exec_t:db_procedure { getattr execute install }; |
337 | allow sepgsql_client_type sepgsql_trusted_proc_exec_t:db_procedure { getattr execute entrypoint }; | |
e8cb08ae CP |
338 | |
339 | allow sepgsql_client_type sepgsql_blob_t:db_blob { create drop getattr setattr read write }; | |
340 | allow sepgsql_client_type sepgsql_ro_blob_t:db_blob { getattr read }; | |
341 | allow sepgsql_client_type sepgsql_secret_blob_t:db_blob getattr; | |
342 | ||
343 | # The purpose of the dontaudit rule in row-level access control is to prevent a flood of logs. | |
344 | # If a client tries to SELECT a table including violated tuples, these are filtered from | |
345 | # the result set as if not exist, but its access denied longs can be recorded within log files. | |
346 | # In generally, the number of tuples are much larger than the number of columns, tables and so on. | |
347 | # So, it makes a flood of logs when many tuples are violated. | |
348 | # | |
349 | # The default policy does not prevent anything for sepgsql_client_type sepgsql_unconfined_type, | |
350 | # so we don't need "dontaudit" rules in Type-Enforcement. However, MLS/MCS can prevent them | |
351 | # to access classified tuples and can make a audit record. | |
352 | # | |
353 | # Therefore, the following rule is applied for any domains which can connect SE-PostgreSQL. | |
22a2874d CP |
354 | dontaudit { postgresql_t sepgsql_admin_type sepgsql_client_type sepgsql_unconfined_type } { sepgsql_table_type -sepgsql_sysobj_table_type }:db_tuple { use select update insert delete }; |
355 | ||
356 | ||
357 | ######################################## | |
358 | # | |
359 | # Rules common to administrator clients | |
360 | # | |
361 | ||
362 | allow sepgsql_admin_type sepgsql_database_type:db_database { create drop getattr setattr relabelfrom relabelto access }; | |
363 | type_transition sepgsql_admin_type sepgsql_admin_type:db_database sepgsql_db_t; | |
364 | ||
365 | allow sepgsql_admin_type sepgsql_table_type:db_table { create drop getattr setattr relabelfrom relabelto lock }; | |
366 | allow sepgsql_admin_type sepgsql_table_type:db_column { create drop getattr setattr relabelfrom relabelto }; | |
367 | allow sepgsql_admin_type sepgsql_sysobj_table_type:db_tuple { relabelfrom relabelto select update insert delete }; | |
368 | ||
ec8d32c8 KK |
369 | type_transition sepgsql_admin_type sepgsql_database_type:db_table sepgsql_table_t; |
370 | ||
22a2874d | 371 | allow sepgsql_admin_type sepgsql_procedure_type:db_procedure { create drop getattr relabelfrom relabelto }; |
ec8d32c8 KK |
372 | allow sepgsql_admin_type sepgsql_proc_exec_t:db_procedure execute; |
373 | ||
374 | type_transition sepgsql_admin_type sepgsql_database_type:db_procedure sepgsql_proc_exec_t; | |
22a2874d CP |
375 | |
376 | allow sepgsql_admin_type sepgsql_blob_type:db_blob { create drop getattr setattr relabelfrom relabelto }; | |
377 | ||
ec8d32c8 KK |
378 | type_transition sepgsql_admin_type sepgsql_database_type:db_blob sepgsql_blob_t; |
379 | ||
22a2874d CP |
380 | allow sepgsql_admin_type sepgsql_module_type:db_database install_module; |
381 | ||
382 | kernel_relabelfrom_unlabeled_database(sepgsql_admin_type) | |
383 | ||
384 | tunable_policy(`sepgsql_unconfined_dbadm',` | |
385 | allow sepgsql_admin_type sepgsql_database_type:db_database *; | |
386 | ||
387 | allow sepgsql_admin_type sepgsql_table_type:{ db_table db_column db_tuple } *; | |
388 | ||
389 | allow sepgsql_admin_type sepgsql_proc_exec_t:db_procedure *; | |
390 | allow sepgsql_admin_type sepgsql_trusted_proc_exec_t:db_procedure ~install; | |
391 | allow sepgsql_admin_type sepgsql_procedure_type:db_procedure ~{ execute install }; | |
392 | ||
393 | allow sepgsql_admin_type sepgsql_blob_type:db_blob *; | |
394 | ') | |
e8cb08ae | 395 | |
e8cb08ae CP |
396 | ######################################## |
397 | # | |
398 | # Unconfined access to this module | |
399 | # | |
400 | ||
401 | allow sepgsql_unconfined_type sepgsql_database_type:db_database *; | |
402 | type_transition sepgsql_unconfined_type sepgsql_unconfined_type:db_database sepgsql_db_t; | |
403 | ||
404 | type_transition sepgsql_unconfined_type sepgsql_database_type:db_table sepgsql_table_t; | |
350ed891 | 405 | type_transition sepgsql_unconfined_type sepgsql_database_type:db_procedure sepgsql_proc_exec_t; |
e8cb08ae CP |
406 | type_transition sepgsql_unconfined_type sepgsql_database_type:db_blob sepgsql_blob_t; |
407 | ||
408 | allow sepgsql_unconfined_type sepgsql_table_type:{ db_table db_column db_tuple } *; | |
409 | ||
410 | # unconfined domain is not allowed to invoke user defined procedure directly. | |
411 | # They have to confirm and relabel it at first. | |
350ed891 CP |
412 | allow sepgsql_unconfined_type sepgsql_proc_exec_t:db_procedure *; |
413 | allow sepgsql_unconfined_type sepgsql_trusted_proc_exec_t:db_procedure ~install; | |
414 | allow sepgsql_unconfined_type sepgsql_procedure_type:db_procedure ~{ execute install }; | |
e8cb08ae CP |
415 | |
416 | allow sepgsql_unconfined_type sepgsql_blob_type:db_blob *; | |
417 | ||
418 | allow sepgsql_unconfined_type sepgsql_module_type:db_database install_module; | |
419 | ||
420 | kernel_relabelfrom_unlabeled_database(sepgsql_unconfined_type) |