Christopher J. PeBenito wrote:
> I merged this, but I was thinking about some revisions that we should
> consider:
>
> 1. in the unpriv client interface, we have these type transitions:
> type_transition $1 sepgsql_database_type:db_table sepgsql_table_t;
> type_transition $1 sepgsql_database_type:db_procedure sepgsql_proc_t;
> type_transition $1 sepgsql_database_type:db_blob sepgsql_blob_t;
>
> The client can only access the system database, not all databases, so it
> seems that sepgsql_database_type should be replaced with sepgsql_db_t.
I agreed.
Currently, sepgsql_db_t is the only type of sepgsql_database_type
except for unlabeled_t, however, these type_transition can prevent
user to add new database type and new type_transition rules.
> 2. the stored procedure type names have been in the back of my mind for
> long time but I couldn't come up with a good naming scheme. This
> especially bugged me for the sepgsql_trusted_domain_t and
> sepgsql_trusted_proc_t. Why not just go with what we do with regular
> domains and executables: sepgsql_trusted_proc_t and
> sepgsql_trusted_proc_exec_t?
I don't have a clear reason for the naming of them.
sepgsql_trusted_proc_t and sepgsql_trusted_proc_exec_t are more suitable
for the purpose, I also think.
Thanks,
--
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai@xxxxxxxxxxxxx>
Index: refpolicy/policy/modules/services/postgresql.if
===================================================================
--- refpolicy/policy/modules/services/postgresql.if (revision 2714)
+++ refpolicy/policy/modules/services/postgresql.if (working copy)
@@ -37,7 +37,7 @@
attribute sepgsql_client_type, sepgsql_database_type;
attribute sepgsql_sysobj_table_type;
- type sepgsql_trusted_proc_t, sepgsql_trusted_domain_t;
+ type sepgsql_trusted_proc_exec_t, sepgsql_trusted_proc_t;
')
########################################
@@ -59,7 +59,7 @@
type $1_sepgsql_table_t;
postgresql_table_object($1_sepgsql_table_t)
- role $3 types sepgsql_trusted_domain_t;
+ role $3 types sepgsql_trusted_proc_t;
##############################
#
@@ -87,8 +87,8 @@
allow $2 $1_sepgsql_blob_t : db_blob { create drop getattr setattr read write };
type_transition $2 sepgsql_database_type:db_blob $1_sepgsql_blob_t;
- allow $2 sepgsql_trusted_domain_t:process transition;
- type_transition $2 sepgsql_trusted_proc_t:process sepgsql_trusted_domain_t;
+ allow $2 sepgsql_trusted_proc_t:process transition;
+ type_transition $2 sepgsql_trusted_proc_exec_t:process sepgsql_trusted_proc_t;
')
########################################
@@ -340,21 +340,20 @@
class db_blob all_db_blob_perms;
attribute sepgsql_client_type;
- attribute sepgsql_database_type;
- type sepgsql_table_t, sepgsql_proc_t, sepgsql_blob_t;
+ type sepgsql_db_t, sepgsql_table_t, sepgsql_proc_t, sepgsql_blob_t;
- type sepgsql_trusted_proc_t, sepgsql_trusted_domain_t;
+ type sepgsql_trusted_proc_t, sepgsql_trusted_proc_exec_t;
')
typeattribute $1 sepgsql_client_type;
- type_transition $1 sepgsql_database_type:db_table sepgsql_table_t;
- type_transition $1 sepgsql_database_type:db_procedure sepgsql_proc_t;
- type_transition $1 sepgsql_database_type:db_blob sepgsql_blob_t;
+ type_transition $1 sepgsql_db_t:db_table sepgsql_table_t;
+ type_transition $1 sepgsql_db_t:db_procedure sepgsql_proc_t;
+ type_transition $1 sepgsql_db_t:db_blob sepgsql_blob_t;
- type_transition $1 sepgsql_trusted_proc_t:process sepgsql_trusted_domain_t;
- allow $1 sepgsql_trusted_domain_t:process transition;
+ type_transition $1 sepgsql_trusted_proc_exec_t:process sepgsql_trusted_proc_t;
+ allow $1 sepgsql_trusted_proc_t:process transition;
')
########################################
