database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-08-30 06:01:21 +03:00
Code Activity
Files
c65ed13ce71f095ffd32c9bd88faf2773b72b38c
postgres/contrib/sepgsql/expected/dml.out
Joe Conway e90a629e12 Fix sepgsql regression tests (9.2-only patch). 
The regression tests for sepgsql were broken by changes in the
base distro as-shipped policies. Specifically, definition of
unconfined_t in the system default policy was changed to bypass
multi-category rules, which the regression test depended on.
Fix that by defining a custom privileged domain
(sepgsql_regtest_superuser_t) and using it instead of system's
unconfined_t domain. The new sepgsql_regtest_superuser_t domain
performs almost like the current unconfined_t, but restricted by
multi-category policy as the traditional unconfined_t was.

The custom policy module is a self defined domain, and so should not
be affected by related future system policy changes. However, it still
uses the unconfined_u:unconfined_r pair for selinux-user and role.
Those definitions have not been changed for several years and seem
less risky to rely on than the unconfined_t domain. Additionally, if
we define custom user/role, they would need to be manually defined
at the operating system level, adding more complexity to an already
non-standard and complex regression test.

Applies only to 9.2. Unlike the previous similar patch, commit 794e2558b,
this also fixes a bug related to processing SELECT INTO statement.
Because v9.2 didn't have ObjectAccessPostCreate to inform the context
when a relation is newly created, sepgsql had an alternative method.
However, related code in sepgsql_object_access() neglected to consider
T_CreateTableAsStmt, thus no label was assigned on the new relation.
This logic was removed and replaced starting in 9.3.

Patch by Kohei KaiGai.
2015-09-22 14:58:38 -07:00

184 lines
6.4 KiB
Plaintext
Raw Blame History

--
-- Regression Test for DML Permissions
--
--
-- Setup
--
CREATE TABLE t1 (a int, b text);
SECURITY LABEL ON TABLE t1 IS 'system_u:object_r:sepgsql_table_t:s0';
INSERT INTO t1 VALUES (1, 'aaa'), (2, 'bbb'), (3, 'ccc');
CREATE TABLE t2 (x int, y text);
SECURITY LABEL ON TABLE t2 IS 'system_u:object_r:sepgsql_ro_table_t:s0';
INSERT INTO t2 VALUES (1, 'xxx'), (2, 'yyy'), (3, 'zzz');
CREATE TABLE t3 (s int, t text);
SECURITY LABEL ON TABLE t3 IS 'system_u:object_r:sepgsql_fixed_table_t:s0';
INSERT INTO t3 VALUES (1, 'sss'), (2, 'ttt'), (3, 'uuu');
CREATE TABLE t4 (m int, n text);
SECURITY LABEL ON TABLE t4 IS 'system_u:object_r:sepgsql_secret_table_t:s0';
INSERT INTO t4 VALUES (1, 'mmm'), (2, 'nnn'), (3, 'ooo');
CREATE TABLE t5 (e text, f text, g text);
SECURITY LABEL ON TABLE t5 IS 'system_u:object_r:sepgsql_table_t:s0';
SECURITY LABEL ON COLUMN t5.e IS 'system_u:object_r:sepgsql_table_t:s0';
SECURITY LABEL ON COLUMN t5.f IS 'system_u:object_r:sepgsql_ro_table_t:s0';
SECURITY LABEL ON COLUMN t5.g IS 'system_u:object_r:sepgsql_secret_table_t:s0';
CREATE TABLE customer (cid int primary key, cname text, ccredit text);
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "customer_pkey" for table "customer"
SECURITY LABEL ON COLUMN customer.ccredit IS 'system_u:object_r:sepgsql_secret_table_t:s0';
INSERT INTO customer VALUES (1, 'Taro', '1111-2222-3333-4444'),
(2, 'Hanako', '5555-6666-7777-8888');
CREATE FUNCTION customer_credit(int) RETURNS text
AS 'SELECT regexp_replace(ccredit, ''-[0-9]+$'', ''-????'') FROM customer WHERE cid = $1'
LANGUAGE sql;
SECURITY LABEL ON FUNCTION customer_credit(int)
IS 'system_u:object_r:sepgsql_trusted_proc_exec_t:s0';
SELECT objtype, objname, label FROM pg_seclabels
WHERE provider = 'selinux'
AND objtype in ('table', 'column')
AND objname in ('t1', 't2', 't3', 't4', 't5', 't5.e', 't5.f', 't5.g')
ORDER BY objname;
objtype | objname | label
---------+---------+---------------------------------------------
table | t1 | system_u:object_r:sepgsql_table_t:s0
table | t2 | system_u:object_r:sepgsql_ro_table_t:s0
table | t3 | system_u:object_r:sepgsql_fixed_table_t:s0
table | t4 | system_u:object_r:sepgsql_secret_table_t:s0
table | t5 | system_u:object_r:sepgsql_table_t:s0
column | t5.e | system_u:object_r:sepgsql_table_t:s0
column | t5.f | system_u:object_r:sepgsql_ro_table_t:s0
column | t5.g | system_u:object_r:sepgsql_secret_table_t:s0
(8 rows)
-- Hardwired Rules
UPDATE pg_attribute SET attisdropped = true
WHERE attrelid = 't5'::regclass AND attname = 'f'; -- failed
ERROR: SELinux: hardwired security policy violation
--
-- Simple DML statements
--
SELECT sepgsql_getcon(); -- confirm client privilege
sepgsql_getcon
-----------------------------------------------------
unconfined_u:unconfined_r:sepgsql_regtest_user_t:s0
(1 row)
SELECT * FROM t1; -- ok
a | b
---+-----
1 | aaa
2 | bbb
3 | ccc
(3 rows)
SELECT * FROM t2; -- ok
x | y
---+-----
1 | xxx
2 | yyy
3 | zzz
(3 rows)
SELECT * FROM t3; -- ok
s | t
---+-----
1 | sss
2 | ttt
3 | uuu
(3 rows)
SELECT * FROM t4; -- failed
ERROR: SELinux: security policy violation
SELECT * FROM t5; -- failed
ERROR: SELinux: security policy violation
SELECT e,f FROM t5; -- ok
e | f
---+---
(0 rows)
SELECT * FROM customer; -- failed
ERROR: SELinux: security policy violation
SELECT cid, cname, customer_credit(cid) FROM customer; -- ok
cid | cname | customer_credit
-----+--------+---------------------
1 | Taro | 1111-2222-3333-????
2 | Hanako | 5555-6666-7777-????
(2 rows)
SELECT count(*) FROM t5; -- ok
count
-------
0
(1 row)
SELECT count(*) FROM t5 WHERE g IS NULL; -- failed
ERROR: SELinux: security policy violation
INSERT INTO t1 VALUES (4, 'abc'); -- ok
INSERT INTO t2 VALUES (4, 'xyz'); -- failed
ERROR: SELinux: security policy violation
INSERT INTO t3 VALUES (4, 'stu'); -- ok
INSERT INTO t4 VALUES (4, 'mno'); -- failed
ERROR: SELinux: security policy violation
INSERT INTO t5 VALUES (1,2,3); -- failed
ERROR: SELinux: security policy violation
INSERT INTO t5 (e,f) VALUES ('abc', 'def'); -- failed
ERROR: SELinux: security policy violation
INSERT INTO t5 (e) VALUES ('abc'); -- ok
UPDATE t1 SET b = b || '_upd'; -- ok
UPDATE t2 SET y = y || '_upd'; -- failed
ERROR: SELinux: security policy violation
UPDATE t3 SET t = t || '_upd'; -- failed
ERROR: SELinux: security policy violation
UPDATE t4 SET n = n || '_upd'; -- failed
ERROR: SELinux: security policy violation
UPDATE t5 SET e = 'xyz'; -- ok
UPDATE t5 SET e = f || '_upd'; -- ok
UPDATE t5 SET e = g || '_upd'; -- failed
ERROR: SELinux: security policy violation
DELETE FROM t1; -- ok
DELETE FROM t2; -- failed
ERROR: SELinux: security policy violation
DELETE FROM t3; -- failed
ERROR: SELinux: security policy violation
DELETE FROM t4; -- failed
ERROR: SELinux: security policy violation
DELETE FROM t5; -- ok
DELETE FROM t5 WHERE f IS NULL; -- ok
DELETE FROM t5 WHERE g IS NULL; -- failed
ERROR: SELinux: security policy violation
--
-- COPY TO/FROM statements
--
COPY t1 TO '/dev/null'; -- ok
COPY t2 TO '/dev/null'; -- ok
COPY t3 TO '/dev/null'; -- ok
COPY t4 TO '/dev/null'; -- failed
ERROR: SELinux: security policy violation
COPY t5 TO '/dev/null'; -- failed
ERROR: SELinux: security policy violation
COPY t5(e,f) TO '/dev/null'; -- ok
COPY t1 FROM '/dev/null'; -- ok
COPY t2 FROM '/dev/null'; -- failed
ERROR: SELinux: security policy violation
COPY t3 FROM '/dev/null'; -- ok
COPY t4 FROM '/dev/null'; -- failed
ERROR: SELinux: security policy violation
COPY t5 FROM '/dev/null'; -- failed
ERROR: SELinux: security policy violation
COPY t5 (e,f) FROM '/dev/null'; -- failed
ERROR: SELinux: security policy violation
COPY t5 (e) FROM '/dev/null'; -- ok
--
-- Clean up
--
SELECT sepgsql_getcon(); -- confirm client privilege
sepgsql_getcon
---------------------------------------------------------------------
unconfined_u:unconfined_r:sepgsql_regtest_superuser_t:s0-s0:c0.c255
(1 row)
DROP TABLE IF EXISTS t1 CASCADE;
DROP TABLE IF EXISTS t2 CASCADE;
DROP TABLE IF EXISTS t3 CASCADE;
DROP TABLE IF EXISTS t4 CASCADE;
DROP TABLE IF EXISTS t5 CASCADE;
DROP TABLE IF EXISTS customer CASCADE;
View Git Blame Copy Permalink