diff options
Diffstat (limited to '')
-rw-r--r-- | contrib/sepgsql/expected/dml.out | 399 |
1 files changed, 399 insertions, 0 deletions
diff --git a/contrib/sepgsql/expected/dml.out b/contrib/sepgsql/expected/dml.out new file mode 100644 index 0000000..6d5b1c1 --- /dev/null +++ b/contrib/sepgsql/expected/dml.out @@ -0,0 +1,399 @@ +-- +-- Regression Test for DML Permissions +-- +-- +-- Setup +-- +CREATE TABLE t1 (a int, junk int, b text); +SECURITY LABEL ON TABLE t1 IS 'system_u:object_r:sepgsql_table_t:s0'; +ALTER TABLE t1 DROP COLUMN junk; +INSERT INTO t1 VALUES (1, 'aaa'), (2, 'bbb'), (3, 'ccc'); +CREATE TABLE t2 (x int, y text); +SECURITY LABEL ON TABLE t2 IS 'system_u:object_r:sepgsql_ro_table_t:s0'; +INSERT INTO t2 VALUES (1, 'xxx'), (2, 'yyy'), (3, 'zzz'); +CREATE TABLE t3 (s int, t text); +SECURITY LABEL ON TABLE t3 IS 'system_u:object_r:sepgsql_fixed_table_t:s0'; +INSERT INTO t3 VALUES (1, 'sss'), (2, 'ttt'), (3, 'uuu'); +CREATE TABLE t4 (m int, junk int, n text); +SECURITY LABEL ON TABLE t4 IS 'system_u:object_r:sepgsql_secret_table_t:s0'; +ALTER TABLE t4 DROP COLUMN junk; +INSERT INTO t4 VALUES (1, 'mmm'), (2, 'nnn'), (3, 'ooo'); +CREATE TABLE t5 (e text, f text, g text); +SECURITY LABEL ON TABLE t5 IS 'system_u:object_r:sepgsql_table_t:s0'; +SECURITY LABEL ON COLUMN t5.e IS 'system_u:object_r:sepgsql_table_t:s0'; +SECURITY LABEL ON COLUMN t5.f IS 'system_u:object_r:sepgsql_ro_table_t:s0'; +SECURITY LABEL ON COLUMN t5.g IS 'system_u:object_r:sepgsql_secret_table_t:s0'; +--- +-- partitioned table parent +CREATE TABLE t1p (o int, p text, q text) PARTITION BY RANGE (o); +SECURITY LABEL ON TABLE t1p IS 'system_u:object_r:sepgsql_table_t:s0'; +SECURITY LABEL ON COLUMN t1p.o IS 'system_u:object_r:sepgsql_table_t:s0'; +SECURITY LABEL ON COLUMN t1p.p IS 'system_u:object_r:sepgsql_ro_table_t:s0'; +SECURITY LABEL ON COLUMN t1p.q IS 'system_u:object_r:sepgsql_secret_table_t:s0'; +-- partitioned table children +CREATE TABLE t1p_ones PARTITION OF t1p FOR VALUES FROM ('0') TO ('10'); +SECURITY LABEL ON COLUMN t1p_ones.o IS 'system_u:object_r:sepgsql_table_t:s0'; +SECURITY LABEL ON COLUMN t1p_ones.p IS 'system_u:object_r:sepgsql_ro_table_t:s0'; +SECURITY LABEL ON COLUMN t1p_ones.q IS 'system_u:object_r:sepgsql_secret_table_t:s0'; +CREATE TABLE t1p_tens PARTITION OF t1p FOR VALUES FROM ('10') TO ('100'); +SECURITY LABEL ON COLUMN t1p_tens.o IS 'system_u:object_r:sepgsql_table_t:s0'; +SECURITY LABEL ON COLUMN t1p_tens.p IS 'system_u:object_r:sepgsql_ro_table_t:s0'; +SECURITY LABEL ON COLUMN t1p_tens.q IS 'system_u:object_r:sepgsql_secret_table_t:s0'; +--- +CREATE TABLE customer (cid int primary key, cname text, ccredit text); +SECURITY LABEL ON COLUMN customer.ccredit IS 'system_u:object_r:sepgsql_secret_table_t:s0'; +INSERT INTO customer VALUES (1, 'Taro', '1111-2222-3333-4444'), + (2, 'Hanako', '5555-6666-7777-8888'); +CREATE FUNCTION customer_credit(int) RETURNS text + AS 'SELECT regexp_replace(ccredit, ''-[0-9]+$'', ''-????'') FROM customer WHERE cid = $1' + LANGUAGE sql; +SECURITY LABEL ON FUNCTION customer_credit(int) + IS 'system_u:object_r:sepgsql_trusted_proc_exec_t:s0'; +SELECT objtype, objname, label FROM pg_seclabels + WHERE provider = 'selinux' + AND objtype in ('table', 'column') + AND objname in ('t1', 't2', 't3', 't4', + 't5', 't5.e', 't5.f', 't5.g', + 't1p', 't1p.o', 't1p.p', 't1p.q', + 't1p_ones', 't1p_ones.o', 't1p_ones.p', 't1p_ones.q', + 't1p_tens', 't1p_tens.o', 't1p_tens.p', 't1p_tens.q') +ORDER BY objname COLLATE "C"; + objtype | objname | label +---------+------------+--------------------------------------------- + table | t1 | system_u:object_r:sepgsql_table_t:s0 + table | t1p | system_u:object_r:sepgsql_table_t:s0 + column | t1p.o | system_u:object_r:sepgsql_table_t:s0 + column | t1p.p | system_u:object_r:sepgsql_ro_table_t:s0 + column | t1p.q | system_u:object_r:sepgsql_secret_table_t:s0 + table | t1p_ones | unconfined_u:object_r:sepgsql_table_t:s0 + column | t1p_ones.o | system_u:object_r:sepgsql_table_t:s0 + column | t1p_ones.p | system_u:object_r:sepgsql_ro_table_t:s0 + column | t1p_ones.q | system_u:object_r:sepgsql_secret_table_t:s0 + table | t1p_tens | unconfined_u:object_r:sepgsql_table_t:s0 + column | t1p_tens.o | system_u:object_r:sepgsql_table_t:s0 + column | t1p_tens.p | system_u:object_r:sepgsql_ro_table_t:s0 + column | t1p_tens.q | system_u:object_r:sepgsql_secret_table_t:s0 + table | t2 | system_u:object_r:sepgsql_ro_table_t:s0 + table | t3 | system_u:object_r:sepgsql_fixed_table_t:s0 + table | t4 | system_u:object_r:sepgsql_secret_table_t:s0 + table | t5 | system_u:object_r:sepgsql_table_t:s0 + column | t5.e | system_u:object_r:sepgsql_table_t:s0 + column | t5.f | system_u:object_r:sepgsql_ro_table_t:s0 + column | t5.g | system_u:object_r:sepgsql_secret_table_t:s0 +(20 rows) + +CREATE SCHEMA my_schema_1; +CREATE TABLE my_schema_1.ts1 (a int, b text); +CREATE TABLE my_schema_1.pts1 (o int, p text) PARTITION BY RANGE (o); +CREATE TABLE my_schema_1.pts1_ones PARTITION OF my_schema_1.pts1 FOR VALUES FROM ('0') to ('10'); +CREATE SCHEMA my_schema_2; +CREATE TABLE my_schema_2.ts2 (x int, y text); +CREATE TABLE my_schema_2.pts2 (o int, p text) PARTITION BY RANGE (o); +CREATE TABLE my_schema_2.pts2_tens PARTITION OF my_schema_2.pts2 FOR VALUES FROM ('10') to ('100'); +SECURITY LABEL ON SCHEMA my_schema_2 + IS 'system_u:object_r:sepgsql_regtest_invisible_schema_t:s0'; +-- Hardwired Rules +UPDATE pg_attribute SET attisdropped = true + WHERE attrelid = 't5'::regclass AND attname = 'f'; -- failed +ERROR: SELinux: hardwired security policy violation +-- +-- Simple DML statements +-- +SELECT sepgsql_getcon(); -- confirm client privilege + sepgsql_getcon +----------------------------------------------------- + unconfined_u:unconfined_r:sepgsql_regtest_user_t:s0 +(1 row) + +SELECT * FROM t1; -- ok + a | b +---+----- + 1 | aaa + 2 | bbb + 3 | ccc +(3 rows) + +SELECT * FROM t2; -- ok + x | y +---+----- + 1 | xxx + 2 | yyy + 3 | zzz +(3 rows) + +SELECT * FROM t3; -- ok + s | t +---+----- + 1 | sss + 2 | ttt + 3 | uuu +(3 rows) + +SELECT * FROM t4; -- failed +ERROR: SELinux: security policy violation +SELECT * FROM t5; -- failed +ERROR: SELinux: security policy violation +SELECT e,f FROM t5; -- ok + e | f +---+--- +(0 rows) + +SELECT (t1.*)::record FROM t1; -- ok + t1 +--------- + (1,aaa) + (2,bbb) + (3,ccc) +(3 rows) + +SELECT (t4.*)::record FROM t4; -- failed +ERROR: SELinux: security policy violation +--- +-- partitioned table parent +SELECT * FROM t1p; -- failed +ERROR: SELinux: security policy violation +SELECT o,p FROM t1p; -- ok + o | p +---+--- +(0 rows) + +--partitioned table children +SELECT * FROM t1p_ones; -- failed +ERROR: SELinux: security policy violation +SELECT o FROM t1p_ones; -- ok + o +--- +(0 rows) + +SELECT o,p FROM t1p_ones; -- ok + o | p +---+--- +(0 rows) + +SELECT * FROM t1p_tens; -- failed +ERROR: SELinux: security policy violation +SELECT o FROM t1p_tens; -- ok + o +--- +(0 rows) + +SELECT o,p FROM t1p_tens; -- ok + o | p +---+--- +(0 rows) + +--- +SELECT * FROM customer; -- failed +ERROR: SELinux: security policy violation +SELECT cid, cname, customer_credit(cid) FROM customer; -- ok + cid | cname | customer_credit +-----+--------+--------------------- + 1 | Taro | 1111-2222-3333-???? + 2 | Hanako | 5555-6666-7777-???? +(2 rows) + +SELECT count(*) FROM t5; -- ok + count +------- + 0 +(1 row) + +SELECT count(*) FROM t5 WHERE g IS NULL; -- failed +ERROR: SELinux: security policy violation +--- +-- partitioned table parent +SELECT count(*) FROM t1p; -- ok + count +------- + 0 +(1 row) + +SELECT count(*) FROM t1p WHERE q IS NULL; -- failed +ERROR: SELinux: security policy violation +-- partitioned table children +SELECT count(*) FROM t1p_ones; -- ok + count +------- + 0 +(1 row) + +SELECT count(*) FROM t1p_ones WHERE q IS NULL; -- failed +ERROR: SELinux: security policy violation +SELECT count(*) FROM t1p_tens; -- ok + count +------- + 0 +(1 row) + +SELECT count(*) FROM t1p_tens WHERE q IS NULL; -- failed +ERROR: SELinux: security policy violation +--- +INSERT INTO t1 VALUES (4, 'abc'); -- ok +INSERT INTO t2 VALUES (4, 'xyz'); -- failed +ERROR: SELinux: security policy violation +INSERT INTO t3 VALUES (4, 'stu'); -- ok +INSERT INTO t4 VALUES (4, 'mno'); -- failed +ERROR: SELinux: security policy violation +INSERT INTO t5 VALUES (1,2,3); -- failed +ERROR: SELinux: security policy violation +INSERT INTO t5 (e,f) VALUES ('abc', 'def'); -- failed +ERROR: SELinux: security policy violation +INSERT INTO t5 (e) VALUES ('abc'); -- ok +--- +-- partitioned table parent +INSERT INTO t1p (o,p) VALUES (9, 'mno'); -- failed +ERROR: SELinux: security policy violation +INSERT INTO t1p (o) VALUES (9); -- ok +INSERT INTO t1p (o,p) VALUES (99, 'pqr'); -- failed +ERROR: SELinux: security policy violation +INSERT INTO t1p (o) VALUES (99); -- ok +-- partitioned table children +INSERT INTO t1p_ones (o,p) VALUES (9, 'mno'); -- failed +ERROR: SELinux: security policy violation +INSERT INTO t1p_ones (o) VALUES (9); -- ok +INSERT INTO t1p_tens (o,p) VALUES (99, 'pqr'); -- failed +ERROR: SELinux: security policy violation +INSERT INTO t1p_tens (o) VALUES (99); -- ok +--- +UPDATE t1 SET b = b || '_upd'; -- ok +UPDATE t2 SET y = y || '_upd'; -- failed +ERROR: SELinux: security policy violation +UPDATE t3 SET t = t || '_upd'; -- failed +ERROR: SELinux: security policy violation +UPDATE t4 SET n = n || '_upd'; -- failed +ERROR: SELinux: security policy violation +UPDATE t5 SET e = 'xyz'; -- ok +UPDATE t5 SET e = f || '_upd'; -- ok +UPDATE t5 SET e = g || '_upd'; -- failed +ERROR: SELinux: security policy violation +--- +-- partitioned table parent +UPDATE t1p SET o = 9 WHERE o < 10; -- ok +UPDATE t1p SET o = 99 WHERE o >= 10; -- ok +UPDATE t1p SET o = ascii(COALESCE(p,'upd'))%10 WHERE o < 10; -- ok +UPDATE t1p SET o = ascii(COALESCE(q,'upd'))%100 WHERE o >= 10; -- failed +ERROR: SELinux: security policy violation +-- partitioned table children +UPDATE t1p_ones SET o = 9; -- ok +UPDATE t1p_ones SET o = ascii(COALESCE(p,'upd'))%10; -- ok +UPDATE t1p_ones SET o = ascii(COALESCE(q,'upd'))%10; -- failed +ERROR: SELinux: security policy violation +UPDATE t1p_tens SET o = 99; -- ok +UPDATE t1p_tens SET o = ascii(COALESCE(p,'upd'))%100; -- ok +UPDATE t1p_tens SET o = ascii(COALESCE(q,'upd'))%100; -- failed +ERROR: SELinux: security policy violation +--- +DELETE FROM t1; -- ok +DELETE FROM t2; -- failed +ERROR: SELinux: security policy violation +DELETE FROM t3; -- failed +ERROR: SELinux: security policy violation +DELETE FROM t4; -- failed +ERROR: SELinux: security policy violation +DELETE FROM t5; -- ok +DELETE FROM t5 WHERE f IS NULL; -- ok +DELETE FROM t5 WHERE g IS NULL; -- failed +ERROR: SELinux: security policy violation +--- +-- partitioned table parent +DELETE FROM t1p; -- ok +DELETE FROM t1p WHERE p IS NULL; -- ok +DELETE FROM t1p WHERE q IS NULL; -- failed +ERROR: SELinux: security policy violation +-- partitioned table children +DELETE FROM t1p_ones WHERE p IS NULL; -- ok +DELETE FROM t1p_ones WHERE q IS NULL; -- failed; +ERROR: SELinux: security policy violation +DELETE FROM t1p_tens WHERE p IS NULL; -- ok +DELETE FROM t1p_tens WHERE q IS NULL; -- failed +ERROR: SELinux: security policy violation +--- +-- +-- COPY TO/FROM statements +-- +COPY t1 TO '/dev/null'; -- ok +COPY t2 TO '/dev/null'; -- ok +COPY t3 TO '/dev/null'; -- ok +COPY t4 TO '/dev/null'; -- failed +ERROR: SELinux: security policy violation +COPY t5 TO '/dev/null'; -- failed +ERROR: SELinux: security policy violation +COPY t5(e,f) TO '/dev/null'; -- ok +--- +-- partitioned table parent +COPY (SELECT * FROM t1p) TO '/dev/null'; -- failed +ERROR: SELinux: security policy violation +COPY (SELECT (o,p) FROM t1p) TO '/dev/null'; -- ok +-- partitioned table children +COPY t1p_ones TO '/dev/null'; -- failed +ERROR: SELinux: security policy violation +COPY t1p_ones(o,p) TO '/dev/null'; -- ok +COPY t1p_tens TO '/dev/null'; -- failed +ERROR: SELinux: security policy violation +COPY t1p_tens(o,p) TO '/dev/null'; -- ok +--- +COPY t1 FROM '/dev/null'; -- ok +COPY t2 FROM '/dev/null'; -- failed +ERROR: SELinux: security policy violation +COPY t3 FROM '/dev/null'; -- ok +COPY t4 FROM '/dev/null'; -- failed +ERROR: SELinux: security policy violation +COPY t5 FROM '/dev/null'; -- failed +ERROR: SELinux: security policy violation +COPY t5 (e,f) FROM '/dev/null'; -- failed +ERROR: SELinux: security policy violation +COPY t5 (e) FROM '/dev/null'; -- ok +--- +-- partitioned table parent +COPY t1p FROM '/dev/null'; -- failed +ERROR: SELinux: security policy violation +COPY t1p (o) FROM '/dev/null'; -- ok +-- partitioned table children +COPY t1p_ones FROM '/dev/null'; -- failed +ERROR: SELinux: security policy violation +COPY t1p_ones (o) FROM '/dev/null'; -- ok +COPY t1p_tens FROM '/dev/null'; -- failed +ERROR: SELinux: security policy violation +COPY t1p_tens (o) FROM '/dev/null'; -- ok +--- +-- +-- Schema search path +-- +SET search_path = my_schema_1, my_schema_2, public; +SELECT * FROM ts1; -- ok + a | b +---+--- +(0 rows) + +SELECT * FROM ts2; -- failed (relation not found) +ERROR: relation "ts2" does not exist +LINE 1: SELECT * FROM ts2; + ^ +SELECT * FROM my_schema_2.ts2; -- failed (policy violation) +ERROR: SELinux: security policy violation +LINE 1: SELECT * FROM my_schema_2.ts2; + ^ +-- +-- Clean up +-- +SELECT sepgsql_getcon(); -- confirm client privilege + sepgsql_getcon +--------------------------------------------------------------------- + unconfined_u:unconfined_r:sepgsql_regtest_superuser_t:s0-s0:c0.c255 +(1 row) + +DROP TABLE IF EXISTS t1 CASCADE; +DROP TABLE IF EXISTS t2 CASCADE; +DROP TABLE IF EXISTS t3 CASCADE; +DROP TABLE IF EXISTS t4 CASCADE; +DROP TABLE IF EXISTS t5 CASCADE; +DROP TABLE IF EXISTS t1p CASCADE; +DROP TABLE IF EXISTS customer CASCADE; +DROP SCHEMA IF EXISTS my_schema_1 CASCADE; +NOTICE: drop cascades to 2 other objects +DETAIL: drop cascades to table my_schema_1.ts1 +drop cascades to table my_schema_1.pts1 +DROP SCHEMA IF EXISTS my_schema_2 CASCADE; +NOTICE: drop cascades to 2 other objects +DETAIL: drop cascades to table my_schema_2.ts2 +drop cascades to table my_schema_2.pts2 |