postgrespro
diff --git a/‎contrib/sepgsql/expected/label.out
Lines changed: 346 additions & 0 deletions b/‎contrib/sepgsql/expected/label.out
Lines changed: 346 additions & 0 deletions
@@ -26,7 +26,33 @@ CREATE FUNCTION f4 () RETURNS text
     AS 'SELECT sepgsql_getcon()'
     LANGUAGE sql;
 SECURITY LABEL ON FUNCTION f4()
+    IS 'system_u:object_r:sepgsql_nosuch_trusted_proc_exec_t:s0';
+CREATE FUNCTION f5 (text) RETURNS bool
+	AS 'SELECT sepgsql_setcon($1)'
+    LANGUAGE sql;
+SECURITY LABEL ON FUNCTION f5(text)
+    IS 'system_u:object_r:sepgsql_regtest_trusted_proc_exec_t:s0';
+CREATE TABLE auth_tbl(uname text, credential text, label text);
+INSERT INTO auth_tbl
+    VALUES ('foo', 'acbd18db4cc2f85cedef654fccc4a4d8', 'sepgsql_regtest_foo_t:s0'),
+           ('var', 'b2145aac704ce76dbe1ac7adac535b23', 'sepgsql_regtest_var_t:s0'),
+           ('baz', 'b2145aac704ce76dbe1ac7adac535b23', 'sepgsql_regtest_baz_t:s0');
+SECURITY LABEL ON TABLE auth_tbl
+    IS 'system_u:object_r:sepgsql_secret_table_t:s0';
+CREATE FUNCTION auth_func(text, text) RETURNS bool
+    LANGUAGE sql
+    AS 'SELECT sepgsql_setcon(regexp_replace(sepgsql_getcon(), ''_r:.*$'', ''_r:'' || label))
+        FROM auth_tbl WHERE uname = $1 AND credential = $2';
+SECURITY LABEL ON FUNCTION auth_func(text,text)
     IS 'system_u:object_r:sepgsql_regtest_trusted_proc_exec_t:s0';
+CREATE TABLE foo_tbl(a int, b text);
+INSERT INTO foo_tbl VALUES (1, 'aaa'), (2,'bbb'), (3,'ccc'), (4,'ddd');
+SECURITY LABEL ON TABLE foo_tbl
+	IS 'system_u:object_r:sepgsql_regtest_foo_table_t:s0';
+CREATE TABLE var_tbl(x int, y text);
+INSERT INTO var_tbl VALUES (2,'xxx'), (3,'yyy'), (4,'zzz'), (5,'xyz');
+SECURITY LABEL ON TABLE var_tbl
+	IS 'system_u:object_r:sepgsql_regtest_var_table_t:s0';
 --
 -- Tests for default labeling behavior
 --
@@ -99,6 +125,325 @@ SELECT sepgsql_getcon();	-- client's label must be restored
  unconfined_u:unconfined_r:sepgsql_regtest_user_t:s0
 (1 row)
 
+--
+-- Test for Dynamic Domain Transition
+--
+-- validation of transaction aware dynamic-transition
+SELECT sepgsql_getcon();	-- confirm client privilege
+                  sepgsql_getcon                  
+--------------------------------------------------
+ unconfined_u:unconfined_r:unconfined_t:s0:c0.c25
+(1 row)
+
+SELECT sepgsql_setcon('unconfined_u:unconfined_r:unconfined_t:s0:c0.c15');
+ sepgsql_setcon 
+----------------
+ t
+(1 row)
+
+SELECT sepgsql_getcon();
+                  sepgsql_getcon                  
+--------------------------------------------------
+ unconfined_u:unconfined_r:unconfined_t:s0:c0.c15
+(1 row)
+
+SELECT sepgsql_setcon(NULL);	-- failed to reset
+ERROR:  SELinux: security policy violation
+SELECT sepgsql_getcon();
+                  sepgsql_getcon                  
+--------------------------------------------------
+ unconfined_u:unconfined_r:unconfined_t:s0:c0.c15
+(1 row)
+
+BEGIN;
+SELECT sepgsql_setcon('unconfined_u:unconfined_r:unconfined_t:s0:c0.c12');
+ sepgsql_setcon 
+----------------
+ t
+(1 row)
+
+SELECT sepgsql_getcon();
+                  sepgsql_getcon                  
+--------------------------------------------------
+ unconfined_u:unconfined_r:unconfined_t:s0:c0.c12
+(1 row)
+
+SAVEPOINT svpt_1;
+SELECT sepgsql_setcon('unconfined_u:unconfined_r:unconfined_t:s0:c0.c9');
+ sepgsql_setcon 
+----------------
+ t
+(1 row)
+
+SELECT sepgsql_getcon();
+                 sepgsql_getcon                  
+-------------------------------------------------
+ unconfined_u:unconfined_r:unconfined_t:s0:c0.c9
+(1 row)
+
+SAVEPOINT svpt_2;
+SELECT sepgsql_setcon('unconfined_u:unconfined_r:unconfined_t:s0:c0.c6');
+ sepgsql_setcon 
+----------------
+ t
+(1 row)
+
+SELECT sepgsql_getcon();
+                 sepgsql_getcon                  
+-------------------------------------------------
+ unconfined_u:unconfined_r:unconfined_t:s0:c0.c6
+(1 row)
+
+SAVEPOINT svpt_3;
+SELECT sepgsql_setcon('unconfined_u:unconfined_r:unconfined_t:s0:c0.c3');
+ sepgsql_setcon 
+----------------
+ t
+(1 row)
+
+SELECT sepgsql_getcon();
+                 sepgsql_getcon                  
+-------------------------------------------------
+ unconfined_u:unconfined_r:unconfined_t:s0:c0.c3
+(1 row)
+
+ROLLBACK TO SAVEPOINT svpt_2;
+SELECT sepgsql_getcon();		-- should be 's0:c0.c9'
+                 sepgsql_getcon                  
+-------------------------------------------------
+ unconfined_u:unconfined_r:unconfined_t:s0:c0.c9
+(1 row)
+
+ROLLBACK TO SAVEPOINT svpt_1;
+SELECT sepgsql_getcon();		-- should be 's0:c0.c12'
+                  sepgsql_getcon                  
+--------------------------------------------------
+ unconfined_u:unconfined_r:unconfined_t:s0:c0.c12
+(1 row)
+
+ABORT;
+SELECT sepgsql_getcon();		-- should be 's0:c0.c15'
+                  sepgsql_getcon                  
+--------------------------------------------------
+ unconfined_u:unconfined_r:unconfined_t:s0:c0.c15
+(1 row)
+
+BEGIN;
+SELECT sepgsql_setcon('unconfined_u:unconfined_r:unconfined_t:s0:c0.c8');
+ sepgsql_setcon 
+----------------
+ t
+(1 row)
+
+SELECT sepgsql_getcon();
+                 sepgsql_getcon                  
+-------------------------------------------------
+ unconfined_u:unconfined_r:unconfined_t:s0:c0.c8
+(1 row)
+
+SAVEPOINT svpt_1;
+SELECT sepgsql_setcon('unconfined_u:unconfined_r:unconfined_t:s0:c0.c4');
+ sepgsql_setcon 
+----------------
+ t
+(1 row)
+
+SELECT sepgsql_getcon();
+                 sepgsql_getcon                  
+-------------------------------------------------
+ unconfined_u:unconfined_r:unconfined_t:s0:c0.c4
+(1 row)
+
+ROLLBACK TO SAVEPOINT svpt_1;
+SELECT sepgsql_getcon();		-- should be 's0:c0.c8'
+                 sepgsql_getcon                  
+-------------------------------------------------
+ unconfined_u:unconfined_r:unconfined_t:s0:c0.c8
+(1 row)
+
+SELECT sepgsql_setcon('unconfined_u:unconfined_r:unconfined_t:s0:c0.c6');
+ sepgsql_setcon 
+----------------
+ t
+(1 row)
+
+COMMIT;
+SELECT sepgsql_getcon();		-- should be 's0:c0.c6'
+                 sepgsql_getcon                  
+-------------------------------------------------
+ unconfined_u:unconfined_r:unconfined_t:s0:c0.c6
+(1 row)
+
+-- sepgsql_regtest_user_t is not available dynamic-transition,
+-- unless sepgsql_setcon() is called inside of trusted-procedure
+SELECT sepgsql_getcon();	-- confirm client privilege
+                       sepgsql_getcon                       
+------------------------------------------------------------
+ unconfined_u:unconfined_r:sepgsql_regtest_user_t:s0:c0.c15
+(1 row)
+
+-- sepgsql_regtest_user_t has no permission to switch current label
+SELECT sepgsql_setcon('unconfined_u:unconfined_r:sepgsql_regtest_user_t:s0');	-- failed
+ERROR:  SELinux: security policy violation
+SELECT sepgsql_getcon();
+                       sepgsql_getcon                       
+------------------------------------------------------------
+ unconfined_u:unconfined_r:sepgsql_regtest_user_t:s0:c0.c15
+(1 row)
+
+-- trusted procedure allows to switch, but unavailable to override MCS rules
+SELECT f5('unconfined_u:unconfined_r:sepgsql_regtest_user_t:s0:c0.c7');	-- OK
+ f5 
+----
+ t
+(1 row)
+
+SELECT sepgsql_getcon();
+                      sepgsql_getcon                       
+-----------------------------------------------------------
+ unconfined_u:unconfined_r:sepgsql_regtest_user_t:s0:c0.c7
+(1 row)
+
+SELECT f5('unconfined_u:unconfined_r:sepgsql_regtest_user_t:s0:c0.c31');	-- Failed
+ERROR:  SELinux: security policy violation
+CONTEXT:  SQL function "f5" statement 1
+SELECT sepgsql_getcon();
+                      sepgsql_getcon                       
+-----------------------------------------------------------
+ unconfined_u:unconfined_r:sepgsql_regtest_user_t:s0:c0.c7
+(1 row)
+
+SELECT f5(NULL);	-- Failed
+ERROR:  SELinux: security policy violation
+CONTEXT:  SQL function "f5" statement 1
+SELECT sepgsql_getcon();
+                      sepgsql_getcon                       
+-----------------------------------------------------------
+ unconfined_u:unconfined_r:sepgsql_regtest_user_t:s0:c0.c7
+(1 row)
+
+BEGIN;
+SELECT f5('unconfined_u:unconfined_r:sepgsql_regtest_user_t:s0:c0.c3');	-- OK
+ f5 
+----
+ t
+(1 row)
+
+SELECT sepgsql_getcon();
+                      sepgsql_getcon                       
+-----------------------------------------------------------
+ unconfined_u:unconfined_r:sepgsql_regtest_user_t:s0:c0.c3
+(1 row)
+
+ABORT;
+SELECT sepgsql_getcon();
+                      sepgsql_getcon                       
+-----------------------------------------------------------
+ unconfined_u:unconfined_r:sepgsql_regtest_user_t:s0:c0.c7
+(1 row)
+
+--
+-- Test for simulation of typical connection pooling server
+--
+SELECT sepgsql_getcon();	-- confirm client privilege
+                   sepgsql_getcon                    
+-----------------------------------------------------
+ unconfined_u:unconfined_r:sepgsql_regtest_pool_t:s0
+(1 row)
+
+-- we shouldn't allow to switch client label without trusted procedure
+SELECT sepgsql_setcon('unconfined_u:unconfined_r:sepgsql_regtest_foo_t:s0');
+ERROR:  SELinux: security policy violation
+SELECT * FROM auth_tbl;	-- failed, no permission to reference
+ERROR:  SELinux: security policy violation
+-- switch to "foo"
+SELECT auth_func('foo', 'acbd18db4cc2f85cedef654fccc4a4d8');
+ auth_func 
+-----------
+ t
+(1 row)
+
+SELECT sepgsql_getcon();
+                   sepgsql_getcon                   
+----------------------------------------------------
+ unconfined_u:unconfined_r:sepgsql_regtest_foo_t:s0
+(1 row)
+
+SELECT * FROM foo_tbl;	-- OK
+ a |  b  
+---+-----
+ 1 | aaa
+ 2 | bbb
+ 3 | ccc
+ 4 | ddd
+(4 rows)
+
+SELECT * FROM var_tbl;	-- failed
+ERROR:  SELinux: security policy violation
+SELECT * FROM auth_tbl;	-- failed
+ERROR:  SELinux: security policy violation
+SELECT sepgsql_setcon(NULL);	-- end of session
+ sepgsql_setcon 
+----------------
+ t
+(1 row)
+
+SELECT sepgsql_getcon();
+                   sepgsql_getcon                    
+-----------------------------------------------------
+ unconfined_u:unconfined_r:sepgsql_regtest_pool_t:s0
+(1 row)
+
+-- the pooler cannot touch these tables directry
+SELECT * FROM foo_tbl;	-- failed
+ERROR:  SELinux: security policy violation
+SELECT * FROM var_tbl;	-- failed
+ERROR:  SELinux: security policy violation
+-- switch to "var"
+SELECT auth_func('var', 'b2145aac704ce76dbe1ac7adac535b23');
+ auth_func 
+-----------
+ t
+(1 row)
+
+SELECT sepgsql_getcon();
+                   sepgsql_getcon                   
+----------------------------------------------------
+ unconfined_u:unconfined_r:sepgsql_regtest_var_t:s0
+(1 row)
+
+SELECT * FROM foo_tbl;  -- failed
+ERROR:  SELinux: security policy violation
+SELECT * FROM var_tbl;  -- OK
+ x |  y  
+---+-----
+ 2 | xxx
+ 3 | yyy
+ 4 | zzz
+ 5 | xyz
+(4 rows)
+
+SELECT * FROM auth_tbl;	-- failed
+ERROR:  SELinux: security policy violation
+SELECT sepgsql_setcon(NULL);    -- end of session
+ sepgsql_setcon 
+----------------
+ t
+(1 row)
+
+-- misc checks
+SELECT auth_func('var', 'invalid credential');	-- not works
+ auth_func 
+-----------
+ 
+(1 row)
+
+SELECT sepgsql_getcon();
+                   sepgsql_getcon                    
+-----------------------------------------------------
+ unconfined_u:unconfined_r:sepgsql_regtest_pool_t:s0
+(1 row)
+
 --
 -- Clean up
 --
@@ -115,3 +460,4 @@ DROP FUNCTION IF EXISTS f1() CASCADE;
 DROP FUNCTION IF EXISTS f2() CASCADE;
 DROP FUNCTION IF EXISTS f3() CASCADE;
 DROP FUNCTION IF EXISTS f4() CASCADE;
+DROP FUNCTION IF EXISTS f5(text) CASCADE;