Add missing check on invocation of trusted procedures.

KaiGai Kohei
author: Robert Haas 2011-04-04 17:25:42 +0000
committer: Robert Haas 2011-04-04 17:25:42 +0000
commit: 595a441ae999fb155a381fa4bcceadf40f041a33 (patch)
tree: 909c31644c86574d83243361ca2063482ff787a5 /contrib/sepgsql/expected
parent: a0e50e698beb89a8ec203303581e464a5f69fc41 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/contrib/sepgsql/expected/label.out b/contrib/sepgsql/expected/label.out
index daf8d08eb2..bac169f37b 100644
--- a/contrib/sepgsql/expected/label.out
+++ b/contrib/sepgsql/expected/label.out
@@ -22,6 +22,11 @@ CREATE FUNCTION f3 () RETURNS text
         END;' LANGUAGE plpgsql;
 SECURITY LABEL ON FUNCTION f3()
     IS 'system_u:object_r:sepgsql_trusted_proc_exec_t:s0';
+CREATE FUNCTION f4 () RETURNS text
+    AS 'SELECT sepgsql_getcon()'
+    LANGUAGE sql;
+SECURITY LABEL ON FUNCTION f4()
+    IS 'system_u:object_r:sepgsql_regtest_trusted_proc_exec_t:s0';
 --
 -- Tests for default labeling behavior
 --
@@ -86,6 +91,8 @@ SELECT f2();			-- trusted procedure
 
 SELECT f3();			-- trusted procedure that raises an error
 ERROR:  an exception from f3()
+SELECT f4();			-- failed on domain transition
+ERROR:  SELinux: security policy violation
 SELECT sepgsql_getcon();	-- client's label must be restored
                    sepgsql_getcon                    
 -----------------------------------------------------
@@ -107,3 +114,4 @@ DROP TABLE IF EXISTS t3 CASCADE;
 DROP FUNCTION IF EXISTS f1() CASCADE;
 DROP FUNCTION IF EXISTS f2() CASCADE;
 DROP FUNCTION IF EXISTS f3() CASCADE;
+DROP FUNCTION IF EXISTS f4() CASCADE;
author	Robert Haas	2011-04-04 17:25:42 +0000
committer	Robert Haas	2011-04-04 17:25:42 +0000
commit	595a441ae999fb155a381fa4bcceadf40f041a33 (patch)
tree	909c31644c86574d83243361ca2063482ff787a5 /contrib/sepgsql/expected
parent	a0e50e698beb89a8ec203303581e464a5f69fc41 (diff)