Navigation

← Previous Changeset
Next Changeset →

Changeset 2746

Timestamp:

07/08/08 12:59:52 (3 months ago)

Author:

cpebenito

Message:

rbacsep: collapse sepostgres types.

Files:

branches/rbacsep/policy/modules/services/postgresql.if (modified) (5 diffs)
branches/rbacsep/policy/modules/services/postgresql.te (modified) (1 diff)
branches/rbacsep/policy/modules/system/userdomain.if (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

branches/rbacsep/policy/modules/services/postgresql.if

r2745	r2746
3	3	#######################################
4	4	## <summary>
5		## The userdomain template for the SE-PostgreSQL.
6		## </summary>
7		## <desc>
8		## This template creates a delivered types which are used
9		## for given userdomains.
10		## </desc>
11		## <param name="userdomain_prefix">
	5	## Role access for SE-PostgreSQL.
	6	## </summary>
	7	## <param name="user_role">
12	8	## <summary>
13		## The prefix of the user domain (e.g., user
14		## is the prefix for user_t).
	9	## The role associated with the user domain.
15	10	## </summary>
16	11	## </param>
…	…
20	15	## </summary>
21	16	## </param>
22		## <param name="user_role">
23		## <summary>
24		## The role associated with the user domain.
25		## </summary>
26		## </param>
27		#
28		template(`postgresql_userdom_template',`
	17	#
	18	template(`postgresql_role',`
29	19	gen_require(`
30	20	class db_database all_db_database_perms;
…	…
39	29
40	30	type sepgsql_trusted_proc_exec_t, sepgsql_trusted_proc_t;
	31	type user_sepgsql_blob_t, user_sepgsql_proc_exec_t;
	32	type user_sepgsql_sysobj_t, user_sepgsql_table_t;
41	33	')
42	34
…	…
47	39
48	40	typeattribute $2 sepgsql_client_type;
49
50		type $1_sepgsql_blob_t;
51		postgresql_blob_object($1_sepgsql_blob_t)
52
53		type $1_sepgsql_proc_exec_t;
54		postgresql_procedure_object($1_sepgsql_proc_exec_t)
55
56		type $1_sepgsql_sysobj_t;
57		postgresql_system_table_object($1_sepgsql_sysobj_t)
58
59		type $1_sepgsql_table_t;
60		postgresql_table_object($1_sepgsql_table_t)
61
62		role $3 types sepgsql_trusted_proc_t;
	41	role $1 types sepgsql_trusted_proc_t;
63	42
64	43	##############################
…	…
68	47
69	48	tunable_policy(`sepgsql_enable_users_ddl',`
70		allow $2 $1_sepgsql_table_t : db_table { create drop };
71		type_transition $2 sepgsql_database_type:db_table $1_sepgsql_table_t;
72
73		allow $2 $1_sepgsql_table_t : db_column { create drop };
74
75		allow $2 $1_sepgsql_sysobj_t : db_tuple { update insert delete };
76		type_transition $2 sepgsql_sysobj_table_type:db_tuple $1_sepgsql_sysobj_t;
77		')
78
79		allow $2 $1_sepgsql_table_t : db_table { getattr setattr use select update insert delete };
80		allow $2 $1_sepgsql_table_t : db_column { getattr setattr use select update insert };
81		allow $2 $1_sepgsql_table_t : db_tuple { use select update insert delete };
82		allow $2 $1_sepgsql_sysobj_t : db_tuple { use select };
83
84		allow $2 $1_sepgsql_proc_exec_t : db_procedure { create drop getattr setattr execute };
85		type_transition $2 sepgsql_database_type:db_procedure $1_sepgsql_proc_exec_t;
86
87		allow $2 $1_sepgsql_blob_t : db_blob { create drop getattr setattr read write };
88		type_transition $2 sepgsql_database_type:db_blob $1_sepgsql_blob_t;
	49	allow $2 user_sepgsql_table_t : db_table { create drop };
	50	type_transition $2 sepgsql_database_type:db_table user_sepgsql_table_t;
	51
	52	allow $2 user_sepgsql_table_t : db_column { create drop };
	53
	54	allow $2 user_sepgsql_sysobj_t : db_tuple { update insert delete };
	55	type_transition $2 sepgsql_sysobj_table_type:db_tuple user_sepgsql_sysobj_t;
	56	')
	57
	58	allow $2 user_sepgsql_table_t : db_table { getattr setattr use select update insert delete };
	59	allow $2 user_sepgsql_table_t : db_column { getattr setattr use select update insert };
	60	allow $2 user_sepgsql_table_t : db_tuple { use select update insert delete };
	61	allow $2 user_sepgsql_sysobj_t : db_tuple { use select };
	62
	63	allow $2 user_sepgsql_proc_exec_t : db_procedure { create drop getattr setattr execute };
	64	type_transition $2 sepgsql_database_type:db_procedure user_sepgsql_proc_exec_t;
	65
	66	allow $2 user_sepgsql_blob_t : db_blob { create drop getattr setattr read write };
	67	type_transition $2 sepgsql_database_type:db_blob user_sepgsql_blob_t;
89	68
90	69	allow $2 sepgsql_trusted_proc_t:process transition;

branches/rbacsep/policy/modules/services/postgresql.te

r2745	r2746
96	96	postgresql_unconfined(sepgsql_trusted_proc_t)
97	97	role system_r types sepgsql_trusted_proc_t;
	98
	99	type user_sepgsql_blob_t;
	100	postgresql_blob_object(user_sepgsql_blob_t)
	101
	102	type user_sepgsql_proc_exec_t;
	103	postgresql_procedure_object(user_sepgsql_proc_exec_t)
	104
	105	type user_sepgsql_sysobj_t;
	106	postgresql_system_table_object(user_sepgsql_sysobj_t)
	107
	108	type user_sepgsql_table_t;
	109	postgresql_table_object(user_sepgsql_table_t)
98	110
99	111	########################################

branches/rbacsep/policy/modules/system/userdomain.if

r2745	r2746
1015	1015
1016	1016	optional_policy(`
1017		postgresql_~~userdom_template($1,$1_t,$1_r~~)
	1017	postgresql_role($1_r,$1_t)
1018	1018	')
1019	1019

Download in other formats:

Unified Diff
Zip Disabled

* Generating other formats may take time.