Changeset 2730
- Timestamp:
- 06/24/08 07:57:06 (2 months ago)
- Files:
-
- trunk/policy/modules/services/postgresql.if (modified) (6 diffs)
- trunk/policy/modules/services/postgresql.te (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
trunk/policy/modules/services/postgresql.if
r2716 r2730 38 38 attribute sepgsql_sysobj_table_type; 39 39 40 type sepgsql_trusted_proc_ t, sepgsql_trusted_domain_t;40 type sepgsql_trusted_proc_exec_t, sepgsql_trusted_proc_t; 41 41 ') 42 42 … … 51 51 postgresql_blob_object($1_sepgsql_blob_t) 52 52 53 type $1_sepgsql_proc_ t;54 postgresql_procedure_object($1_sepgsql_proc_ t)53 type $1_sepgsql_proc_exec_t; 54 postgresql_procedure_object($1_sepgsql_proc_exec_t) 55 55 56 56 type $1_sepgsql_sysobj_t; … … 60 60 postgresql_table_object($1_sepgsql_table_t) 61 61 62 role $3 types sepgsql_trusted_ domain_t;62 role $3 types sepgsql_trusted_proc_t; 63 63 64 64 ############################## … … 82 82 allow $2 $1_sepgsql_sysobj_t : db_tuple { use select }; 83 83 84 allow $2 $1_sepgsql_proc_ t : db_procedure { create drop getattr setattr execute };85 type_transition $2 sepgsql_database_type:db_procedure $1_sepgsql_proc_ t;84 allow $2 $1_sepgsql_proc_exec_t : db_procedure { create drop getattr setattr execute }; 85 type_transition $2 sepgsql_database_type:db_procedure $1_sepgsql_proc_exec_t; 86 86 87 87 allow $2 $1_sepgsql_blob_t : db_blob { create drop getattr setattr read write }; 88 88 type_transition $2 sepgsql_database_type:db_blob $1_sepgsql_blob_t; 89 89 90 allow $2 sepgsql_trusted_ domain_t:process transition;91 type_transition $2 sepgsql_trusted_proc_ t:process sepgsql_trusted_domain_t;90 allow $2 sepgsql_trusted_proc_t:process transition; 91 type_transition $2 sepgsql_trusted_proc_exec_t:process sepgsql_trusted_proc_t; 92 92 ') 93 93 … … 344 344 type sepgsql_db_t, sepgsql_table_t, sepgsql_proc_t, sepgsql_blob_t; 345 345 346 type sepgsql_trusted_proc_t, sepgsql_trusted_ domain_t;346 type sepgsql_trusted_proc_t, sepgsql_trusted_proc_exec_t; 347 347 ') 348 348 … … 353 353 type_transition $1 sepgsql_db_t:db_blob sepgsql_blob_t; 354 354 355 type_transition $1 sepgsql_trusted_proc_ t:process sepgsql_trusted_domain_t;356 allow $1 sepgsql_trusted_ domain_t:process transition;355 type_transition $1 sepgsql_trusted_proc_exec_t:process sepgsql_trusted_proc_t; 356 allow $1 sepgsql_trusted_proc_t:process transition; 357 357 ') 358 358 trunk/policy/modules/services/postgresql.te
r2713 r2730 1 1 2 policy_module(postgresql, 1.5. 2)2 policy_module(postgresql, 1.5.3) 3 3 4 4 gen_require(` … … 88 88 postgresql_table_object(sepgsql_table_t) 89 89 90 type sepgsql_trusted_proc_exec_t; 91 postgresql_procedure_object(sepgsql_trusted_proc_exec_t) 92 93 # Trusted Procedure Domain 90 94 type sepgsql_trusted_proc_t; 91 postgresql_procedure_object(sepgsql_trusted_proc_t) 92 93 # Trusted Procedure Domain 94 type sepgsql_trusted_domain_t; 95 domain_type(sepgsql_trusted_domain_t) 96 postgresql_unconfined(sepgsql_trusted_domain_t) 97 role system_r types sepgsql_trusted_domain_t; 95 domain_type(sepgsql_trusted_proc_t) 96 postgresql_unconfined(sepgsql_trusted_proc_t) 97 role system_r types sepgsql_trusted_proc_t; 98 98 99 99 ########################################
