sepgsql, an SE-Linux integration for PostgreSQL

This is still pretty rough - among other things, the documentation needs work, and the messages need a visit from the style police - but this gets the basic framework in place. KaiGai Kohei
author: Robert Haas 2011-01-24 01:44:48 +0000
committer: Robert Haas 2011-01-24 01:48:27 +0000
commit: 968bc6fac91d6aaca594488ab85c179b686cbbdd (patch)
tree: 3cb8fa7ee4101723733e5ed5a06803f9c299c2d7 /contrib/sepgsql/sql
parent: e5487f65fdbd05716ade642a3ae1c5c6e85b6f22 (diff)
3 files changed, 196 insertions, 0 deletions
diff --git a/contrib/sepgsql/sql/dml.sql b/contrib/sepgsql/sql/dml.sql
new file mode 100644
index 0000000000..6fa1eb802e
--- /dev/null
+++ b/contrib/sepgsql/sql/dml.sql
@@ -0,0 +1,118 @@
+--
+-- Regression Test for DML Permissions
+--
+
+--
+-- Setup
+--
+CREATE TABLE t1 (a int, b text);
+SECURITY LABEL ON TABLE t1 IS 'system_u:object_r:sepgsql_table_t:s0';
+INSERT INTO t1 VALUES (1, 'aaa'), (2, 'bbb'), (3, 'ccc');
+
+CREATE TABLE t2 (x int, y text);
+SECURITY LABEL ON TABLE t2 IS 'system_u:object_r:sepgsql_ro_table_t:s0';
+INSERT INTO t2 VALUES (1, 'xxx'), (2, 'yyy'), (3, 'zzz');
+
+CREATE TABLE t3 (s int, t text);
+SECURITY LABEL ON TABLE t3 IS 'system_u:object_r:sepgsql_fixed_table_t:s0';
+INSERT INTO t3 VALUES (1, 'sss'), (2, 'ttt'), (3, 'uuu');
+
+CREATE TABLE t4 (m int, n text);
+SECURITY LABEL ON TABLE t4 IS 'system_u:object_r:sepgsql_secret_table_t:s0';
+INSERT INTO t4 VALUES (1, 'mmm'), (2, 'nnn'), (3, 'ooo');
+
+CREATE TABLE t5 (e text, f text, g text);
+SECURITY LABEL ON TABLE t5 IS 'system_u:object_r:sepgsql_table_t:s0';
+SECURITY LABEL ON COLUMN t5.e IS 'system_u:object_r:sepgsql_table_t:s0';
+SECURITY LABEL ON COLUMN t5.f IS 'system_u:object_r:sepgsql_ro_table_t:s0';
+SECURITY LABEL ON COLUMN t5.g IS 'system_u:object_r:sepgsql_secret_table_t:s0';
+
+CREATE TABLE customer (cid int primary key, cname text, ccredit text);
+SECURITY LABEL ON COLUMN customer.ccredit IS 'system_u:object_r:sepgsql_secret_table_t:s0';
+INSERT INTO customer VALUES (1, 'Taro',   '1111-2222-3333-4444'),
+                            (2, 'Hanako', '5555-6666-7777-8888');
+CREATE FUNCTION customer_credit(int) RETURNS text
+    AS 'SELECT regexp_replace(ccredit, ''-[0-9]+$'', ''-????'') FROM customer WHERE cid = $1'
+    LANGUAGE sql;
+SECURITY LABEL ON FUNCTION customer_credit(int)
+    IS 'system_u:object_r:sepgsql_trusted_proc_exec_t:s0';
+
+SELECT objtype, objname, label FROM pg_seclabels
+    WHERE provider = 'selinux'
+     AND  objtype in ('table', 'column')
+     AND  objname in ('t1', 't2', 't3', 't4', 't5', 't5.e', 't5.f', 't5.g');
+
+-- Hardwired Rules
+UPDATE pg_attribute SET attisdropped = true
+    WHERE attrelid = 't5'::regclass AND attname = 'f';	-- failed
+
+--
+-- Simple DML statements
+--
+-- @SECURITY-CONTEXT=unconfined_u:unconfined_r:sepgsql_regtest_user_t:s0
+
+SELECT * FROM t1;			-- ok
+SELECT * FROM t2;			-- ok
+SELECT * FROM t3;			-- ok
+SELECT * FROM t4;			-- failed
+SELECT * FROM t5;			-- failed
+SELECT e,f FROM t5;			-- ok
+
+SELECT * FROM customer;			-- failed
+SELECT cid, cname, customer_credit(cid) FROM customer;	-- ok
+
+SELECT count(*) FROM t5;			-- ok
+SELECT count(*) FROM t5 WHERE g IS NULL;	-- failed
+
+INSERT INTO t1 VALUES (4, 'abc');		-- ok
+INSERT INTO t2 VALUES (4, 'xyz');		-- failed
+INSERT INTO t3 VALUES (4, 'stu');		-- ok
+INSERT INTO t4 VALUES (4, 'mno');		-- failed
+INSERT INTO t5 VALUES (1,2,3);			-- failed
+INSERT INTO t5 (e,f) VALUES ('abc', 'def');	-- failed
+INSERT INTO t5 (e) VALUES ('abc');		-- ok
+
+UPDATE t1 SET b = b || '_upd';			-- ok
+UPDATE t2 SET y = y || '_upd';			-- failed
+UPDATE t3 SET t = t || '_upd';			-- failed
+UPDATE t4 SET n = n || '_upd';			-- failed
+UPDATE t5 SET e = 'xyz';			-- ok
+UPDATE t5 SET e = f || '_upd';			-- ok
+UPDATE t5 SET e = g || '_upd';			-- failed
+
+DELETE FROM t1;					-- ok
+DELETE FROM t2;					-- failed
+DELETE FROM t3;					-- failed
+DELETE FROM t4;					-- failed
+DELETE FROM t5;					-- ok
+DELETE FROM t5 WHERE f IS NULL;			-- ok
+DELETE FROM t5 WHERE g IS NULL;			-- failed
+
+--
+-- COPY TO/FROM statements
+--
+COPY t1 TO '/dev/null';				-- ok
+COPY t2 TO '/dev/null';				-- ok
+COPY t3 TO '/dev/null';				-- ok
+COPY t4 TO '/dev/null';				-- failed
+COPY t5 TO '/dev/null';				-- failed
+COPY t5(e,f) TO '/dev/null';			-- ok
+
+COPY t1 FROM '/dev/null';			-- ok
+COPY t2 FROM '/dev/null';			-- failed
+COPY t3 FROM '/dev/null';			-- ok
+COPY t4 FROM '/dev/null';			-- failed
+COPY t5 FROM '/dev/null';			-- failed
+COPY t5 (e,f) FROM '/dev/null';			-- failed
+COPY t5 (e) FROM '/dev/null';			-- ok
+
+--
+-- Clean up
+--
+-- @SECURITY-CONTEXT=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c255
+DROP TABLE IF EXISTS t1 CASCADE;
+DROP TABLE IF EXISTS t2 CASCADE;
+DROP TABLE IF EXISTS t3 CASCADE;
+DROP TABLE IF EXISTS t4 CASCADE;
+DROP TABLE IF EXISTS t5 CASCADE;
+DROP TABLE IF EXISTS customer CASCADE;
diff --git a/contrib/sepgsql/sql/label.sql b/contrib/sepgsql/sql/label.sql
new file mode 100644
index 0000000000..3162494878
--- /dev/null
+++ b/contrib/sepgsql/sql/label.sql
@@ -0,0 +1,73 @@
+--
+-- Regression Tests for Label Management
+--
+
+--
+-- Setup
+--
+CREATE TABLE t1 (a int, b text);
+INSERT INTO t1 VALUES (1, 'aaa'), (2, 'bbb'), (3, 'ccc');
+SELECT * INTO t2 FROM t1 WHERE a % 2 = 0;
+
+CREATE FUNCTION f1 () RETURNS text
+    AS 'SELECT sepgsql_getcon()'
+    LANGUAGE sql;
+
+CREATE FUNCTION f2 () RETURNS text
+    AS 'SELECT sepgsql_getcon()'
+    LANGUAGE sql;
+SECURITY LABEL ON FUNCTION f2()
+    IS 'system_u:object_r:sepgsql_trusted_proc_exec_t:s0';
+
+CREATE FUNCTION f3 () RETURNS text
+    AS 'BEGIN
+          RAISE EXCEPTION ''an exception from f3()'';
+          RETURN NULL;
+        END;' LANGUAGE plpgsql;
+SECURITY LABEL ON FUNCTION f3()
+    IS 'system_u:object_r:sepgsql_trusted_proc_exec_t:s0';
+
+--
+-- Tests for default labeling behavior
+--
+-- @SECURITY-CONTEXT=unconfined_u:unconfined_r:sepgsql_regtest_user_t:s0
+CREATE TABLE t3 (s int, t text);
+INSERT INTO t3 VALUES (1, 'sss'), (2, 'ttt'), (3, 'uuu');
+
+SELECT objtype, objname, label FROM pg_seclabels
+    WHERE provider = 'selinux'
+     AND  objtype in ('table', 'column')
+     AND  objname in ('t1', 't2', 't3');
+
+--
+-- Tests for SECURITY LABEL
+--
+-- @SECURITY-CONTEXT=unconfined_u:unconfined_r:sepgsql_regtest_dba_t:s0
+SECURITY LABEL ON TABLE t1
+    IS 'system_u:object_r:sepgsql_ro_table_t:s0';	-- ok
+SECURITY LABEL ON TABLE t2
+    IS 'invalid seuciryt context';			-- be failed
+SECURITY LABEL ON COLUMN t2
+    IS 'system_u:object_r:sepgsql_ro_table_t:s0';	-- be failed
+SECURITY LABEL ON COLUMN t2.b
+    IS 'system_u:object_r:sepgsql_ro_table_t:s0';	-- ok
+
+--
+-- Tests for Trusted Procedures
+--
+-- @SECURITY-CONTEXT=unconfined_u:unconfined_r:sepgsql_regtest_user_t:s0
+SELECT f1();			-- normal procedure
+SELECT f2();			-- trusted procedure
+SELECT f3();			-- trusted procedure that raises an error
+SELECT sepgsql_getcon();	-- client's label must be restored
+
+--
+-- Clean up
+--
+-- @SECURITY-CONTEXT=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c255
+DROP TABLE IF EXISTS t1 CASCADE;
+DROP TABLE IF EXISTS t2 CASCADE;
+DROP TABLE IF EXISTS t3 CASCADE;
+DROP FUNCTION IF EXISTS f1() CASCADE;
+DROP FUNCTION IF EXISTS f2() CASCADE;
+DROP FUNCTION IF EXISTS f3() CASCADE;
diff --git a/contrib/sepgsql/sql/misc.sql b/contrib/sepgsql/sql/misc.sql
new file mode 100644
index 0000000000..a46d8a6b5c
--- /dev/null
+++ b/contrib/sepgsql/sql/misc.sql
@@ -0,0 +1,5 @@
+--
+-- Regression Test for Misc Permission Checks
+--
+
+LOAD '$libdir/sepgsql';		-- failed
author	Robert Haas	2011-01-24 01:44:48 +0000
committer	Robert Haas	2011-01-24 01:48:27 +0000
commit	968bc6fac91d6aaca594488ab85c179b686cbbdd (patch)
tree	3cb8fa7ee4101723733e5ed5a06803f9c299c2d7 /contrib/sepgsql/sql
parent	e5487f65fdbd05716ade642a3ae1c5c6e85b6f22 (diff)