PostgreSQL Source Code  git master
relation.c
Go to the documentation of this file.
1 /* -------------------------------------------------------------------------
2  *
3  * contrib/sepgsql/relation.c
4  *
5  * Routines corresponding to relation/attribute objects
6  *
7  * Copyright (c) 2010-2019, PostgreSQL Global Development Group
8  *
9  * -------------------------------------------------------------------------
10  */
11 #include "postgres.h"
12 
13 #include "access/genam.h"
14 #include "access/htup_details.h"
15 #include "access/sysattr.h"
16 #include "access/table.h"
17 #include "catalog/dependency.h"
18 #include "catalog/indexing.h"
19 #include "catalog/pg_attribute.h"
20 #include "catalog/pg_class.h"
21 #include "catalog/pg_namespace.h"
22 #include "commands/seclabel.h"
23 #include "lib/stringinfo.h"
24 #include "sepgsql.h"
25 #include "utils/builtins.h"
26 #include "utils/catcache.h"
27 #include "utils/fmgroids.h"
28 #include "utils/lsyscache.h"
29 #include "utils/rel.h"
30 #include "utils/snapmgr.h"
31 #include "utils/syscache.h"
32 
33 static void sepgsql_index_modify(Oid indexOid);
34 
35 /*
36  * sepgsql_attribute_post_create
37  *
38  * This routine assigns a default security label on a newly defined
39  * column, using ALTER TABLE ... ADD COLUMN.
40  * Note that this routine is not invoked in the case of CREATE TABLE,
41  * although it also defines columns in addition to table.
42  */
43 void
45 {
46  Relation rel;
47  ScanKeyData skey[2];
48  SysScanDesc sscan;
49  HeapTuple tuple;
50  char *scontext;
51  char *tcontext;
52  char *ncontext;
53  ObjectAddress object;
54  Form_pg_attribute attForm;
55  StringInfoData audit_name;
56  char relkind = get_rel_relkind(relOid);
57 
58  /*
59  * Only attributes within regular relations or partition relations have
60  * individual security labels.
61  */
62  if (relkind != RELKIND_RELATION && relkind != RELKIND_PARTITIONED_TABLE)
63  return;
64 
65  /*
66  * Compute a default security label of the new column underlying the
67  * specified relation, and check permission to create it.
68  */
69  rel = table_open(AttributeRelationId, AccessShareLock);
70 
71  ScanKeyInit(&skey[0],
72  Anum_pg_attribute_attrelid,
73  BTEqualStrategyNumber, F_OIDEQ,
74  ObjectIdGetDatum(relOid));
75  ScanKeyInit(&skey[1],
76  Anum_pg_attribute_attnum,
77  BTEqualStrategyNumber, F_INT2EQ,
78  Int16GetDatum(attnum));
79 
81  SnapshotSelf, 2, &skey[0]);
82 
83  tuple = systable_getnext(sscan);
84  if (!HeapTupleIsValid(tuple))
85  elog(ERROR, "could not find tuple for column %d of relation %u",
86  attnum, relOid);
87 
88  attForm = (Form_pg_attribute) GETSTRUCT(tuple);
89 
90  scontext = sepgsql_get_client_label();
91  tcontext = sepgsql_get_label(RelationRelationId, relOid, 0);
92  ncontext = sepgsql_compute_create(scontext, tcontext,
94  NameStr(attForm->attname));
95 
96  /*
97  * check db_column:{create} permission
98  */
99  object.classId = RelationRelationId;
100  object.objectId = relOid;
101  object.objectSubId = 0;
102 
103  initStringInfo(&audit_name);
104  appendStringInfo(&audit_name, "%s.%s",
105  getObjectIdentity(&object),
106  quote_identifier(NameStr(attForm->attname)));
110  audit_name.data,
111  true);
112 
113  /*
114  * Assign the default security label on a new procedure
115  */
116  object.classId = RelationRelationId;
117  object.objectId = relOid;
118  object.objectSubId = attnum;
119  SetSecurityLabel(&object, SEPGSQL_LABEL_TAG, ncontext);
120 
121  systable_endscan(sscan);
123 
124  pfree(tcontext);
125  pfree(ncontext);
126 }
127 
128 /*
129  * sepgsql_attribute_drop
130  *
131  * It checks privileges to drop the supplied column.
132  */
133 void
135 {
136  ObjectAddress object;
137  char *audit_name;
138  char relkind = get_rel_relkind(relOid);
139 
140  if (relkind != RELKIND_RELATION && relkind != RELKIND_PARTITIONED_TABLE)
141  return;
142 
143  /*
144  * check db_column:{drop} permission
145  */
146  object.classId = RelationRelationId;
147  object.objectId = relOid;
148  object.objectSubId = attnum;
149  audit_name = getObjectIdentity(&object);
150 
151  sepgsql_avc_check_perms(&object,
154  audit_name,
155  true);
156  pfree(audit_name);
157 }
158 
159 /*
160  * sepgsql_attribute_relabel
161  *
162  * It checks privileges to relabel the supplied column
163  * by the `seclabel'.
164  */
165 void
167  const char *seclabel)
168 {
169  ObjectAddress object;
170  char *audit_name;
171  char relkind = get_rel_relkind(relOid);
172 
173  if (relkind != RELKIND_RELATION && relkind != RELKIND_PARTITIONED_TABLE)
174  ereport(ERROR,
175  (errcode(ERRCODE_WRONG_OBJECT_TYPE),
176  errmsg("cannot set security label on non-regular columns")));
177 
178  object.classId = RelationRelationId;
179  object.objectId = relOid;
180  object.objectSubId = attnum;
181  audit_name = getObjectIdentity(&object);
182 
183  /*
184  * check db_column:{setattr relabelfrom} permission
185  */
186  sepgsql_avc_check_perms(&object,
190  audit_name,
191  true);
192 
193  /*
194  * check db_column:{relabelto} permission
195  */
199  audit_name,
200  true);
201  pfree(audit_name);
202 }
203 
204 /*
205  * sepgsql_attribute_setattr
206  *
207  * It checks privileges to alter the supplied column.
208  */
209 void
211 {
212  ObjectAddress object;
213  char *audit_name;
214  char relkind = get_rel_relkind(relOid);
215 
216  if (relkind != RELKIND_RELATION && relkind != RELKIND_PARTITIONED_TABLE)
217  return;
218 
219  /*
220  * check db_column:{setattr} permission
221  */
222  object.classId = RelationRelationId;
223  object.objectId = relOid;
224  object.objectSubId = attnum;
225  audit_name = getObjectIdentity(&object);
226 
227  sepgsql_avc_check_perms(&object,
230  audit_name,
231  true);
232  pfree(audit_name);
233 }
234 
235 /*
236  * sepgsql_relation_post_create
237  *
238  * The post creation hook of relation/attribute
239  */
240 void
242 {
243  Relation rel;
244  ScanKeyData skey;
245  SysScanDesc sscan;
246  HeapTuple tuple;
247  Form_pg_class classForm;
248  ObjectAddress object;
249  uint16_t tclass;
250  char *scontext; /* subject */
251  char *tcontext; /* schema */
252  char *rcontext; /* relation */
253  char *ccontext; /* column */
254  char *nsp_name;
255  StringInfoData audit_name;
256 
257  /*
258  * Fetch catalog record of the new relation. Because pg_class entry is not
259  * visible right now, we need to scan the catalog using SnapshotSelf.
260  */
261  rel = table_open(RelationRelationId, AccessShareLock);
262 
263  ScanKeyInit(&skey,
264  Anum_pg_class_oid,
265  BTEqualStrategyNumber, F_OIDEQ,
266  ObjectIdGetDatum(relOid));
267 
268  sscan = systable_beginscan(rel, ClassOidIndexId, true,
269  SnapshotSelf, 1, &skey);
270 
271  tuple = systable_getnext(sscan);
272  if (!HeapTupleIsValid(tuple))
273  elog(ERROR, "could not find tuple for relation %u", relOid);
274 
275  classForm = (Form_pg_class) GETSTRUCT(tuple);
276 
277  /* ignore indexes on toast tables */
278  if (classForm->relkind == RELKIND_INDEX &&
279  classForm->relnamespace == PG_TOAST_NAMESPACE)
280  goto out;
281 
282  /*
283  * check db_schema:{add_name} permission of the namespace
284  */
285  object.classId = NamespaceRelationId;
286  object.objectId = classForm->relnamespace;
287  object.objectSubId = 0;
288  sepgsql_avc_check_perms(&object,
291  getObjectIdentity(&object),
292  true);
293 
294  switch (classForm->relkind)
295  {
296  case RELKIND_RELATION:
297  case RELKIND_PARTITIONED_TABLE:
298  tclass = SEPG_CLASS_DB_TABLE;
299  break;
300  case RELKIND_SEQUENCE:
301  tclass = SEPG_CLASS_DB_SEQUENCE;
302  break;
303  case RELKIND_VIEW:
304  tclass = SEPG_CLASS_DB_VIEW;
305  break;
306  case RELKIND_INDEX:
307  /* deal with indexes specially; no need for tclass */
308  sepgsql_index_modify(relOid);
309  goto out;
310  default:
311  /* ignore other relkinds */
312  goto out;
313  }
314 
315  /*
316  * Compute a default security label when we create a new relation object
317  * under the specified namespace.
318  */
319  scontext = sepgsql_get_client_label();
320  tcontext = sepgsql_get_label(NamespaceRelationId,
321  classForm->relnamespace, 0);
322  rcontext = sepgsql_compute_create(scontext, tcontext, tclass,
323  NameStr(classForm->relname));
324 
325  /*
326  * check db_xxx:{create} permission
327  */
328  nsp_name = get_namespace_name(classForm->relnamespace);
329  initStringInfo(&audit_name);
330  appendStringInfo(&audit_name, "%s.%s",
331  quote_identifier(nsp_name),
332  quote_identifier(NameStr(classForm->relname)));
334  tclass,
336  audit_name.data,
337  true);
338 
339  /*
340  * Assign the default security label on the new regular or partitioned
341  * relation.
342  */
343  object.classId = RelationRelationId;
344  object.objectId = relOid;
345  object.objectSubId = 0;
346  SetSecurityLabel(&object, SEPGSQL_LABEL_TAG, rcontext);
347 
348  /*
349  * We also assign a default security label on columns of a new table.
350  */
351  if (classForm->relkind == RELKIND_RELATION ||
352  classForm->relkind == RELKIND_PARTITIONED_TABLE)
353  {
354  Relation arel;
355  ScanKeyData akey;
356  SysScanDesc ascan;
357  HeapTuple atup;
358  Form_pg_attribute attForm;
359 
360  arel = table_open(AttributeRelationId, AccessShareLock);
361 
362  ScanKeyInit(&akey,
363  Anum_pg_attribute_attrelid,
364  BTEqualStrategyNumber, F_OIDEQ,
365  ObjectIdGetDatum(relOid));
366 
367  ascan = systable_beginscan(arel, AttributeRelidNumIndexId, true,
368  SnapshotSelf, 1, &akey);
369 
370  while (HeapTupleIsValid(atup = systable_getnext(ascan)))
371  {
372  attForm = (Form_pg_attribute) GETSTRUCT(atup);
373 
374  resetStringInfo(&audit_name);
375  appendStringInfo(&audit_name, "%s.%s.%s",
376  quote_identifier(nsp_name),
377  quote_identifier(NameStr(classForm->relname)),
378  quote_identifier(NameStr(attForm->attname)));
379 
380  ccontext = sepgsql_compute_create(scontext,
381  rcontext,
383  NameStr(attForm->attname));
384 
385  /*
386  * check db_column:{create} permission
387  */
391  audit_name.data,
392  true);
393 
394  object.classId = RelationRelationId;
395  object.objectId = relOid;
396  object.objectSubId = attForm->attnum;
397  SetSecurityLabel(&object, SEPGSQL_LABEL_TAG, ccontext);
398 
399  pfree(ccontext);
400  }
401  systable_endscan(ascan);
403  }
404  pfree(rcontext);
405 
406 out:
407  systable_endscan(sscan);
409 }
410 
411 /*
412  * sepgsql_relation_drop
413  *
414  * It checks privileges to drop the supplied relation.
415  */
416 void
418 {
419  ObjectAddress object;
420  char *audit_name;
421  uint16_t tclass = 0;
422  char relkind = get_rel_relkind(relOid);
423 
424  switch (relkind)
425  {
426  case RELKIND_RELATION:
427  case RELKIND_PARTITIONED_TABLE:
428  tclass = SEPG_CLASS_DB_TABLE;
429  break;
430  case RELKIND_SEQUENCE:
431  tclass = SEPG_CLASS_DB_SEQUENCE;
432  break;
433  case RELKIND_VIEW:
434  tclass = SEPG_CLASS_DB_VIEW;
435  break;
436  case RELKIND_INDEX:
437  /* ignore indexes on toast tables */
438  if (get_rel_namespace(relOid) == PG_TOAST_NAMESPACE)
439  return;
440  /* other indexes are handled specially below; no need for tclass */
441  break;
442  default:
443  /* ignore other relkinds */
444  return;
445  }
446 
447  /*
448  * check db_schema:{remove_name} permission
449  */
450  object.classId = NamespaceRelationId;
451  object.objectId = get_rel_namespace(relOid);
452  object.objectSubId = 0;
453  audit_name = getObjectIdentity(&object);
454 
455  sepgsql_avc_check_perms(&object,
458  audit_name,
459  true);
460  pfree(audit_name);
461 
462  /* deal with indexes specially */
463  if (relkind == RELKIND_INDEX)
464  {
465  sepgsql_index_modify(relOid);
466  return;
467  }
468 
469  /*
470  * check db_table/sequence/view:{drop} permission
471  */
472  object.classId = RelationRelationId;
473  object.objectId = relOid;
474  object.objectSubId = 0;
475  audit_name = getObjectIdentity(&object);
476 
477  sepgsql_avc_check_perms(&object,
478  tclass,
480  audit_name,
481  true);
482  pfree(audit_name);
483 
484  /*
485  * check db_column:{drop} permission
486  */
487  if (relkind == RELKIND_RELATION || relkind == RELKIND_PARTITIONED_TABLE)
488  {
489  Form_pg_attribute attForm;
490  CatCList *attrList;
491  HeapTuple atttup;
492  int i;
493 
494  attrList = SearchSysCacheList1(ATTNUM, ObjectIdGetDatum(relOid));
495  for (i = 0; i < attrList->n_members; i++)
496  {
497  atttup = &attrList->members[i]->tuple;
498  attForm = (Form_pg_attribute) GETSTRUCT(atttup);
499 
500  if (attForm->attisdropped)
501  continue;
502 
503  object.classId = RelationRelationId;
504  object.objectId = relOid;
505  object.objectSubId = attForm->attnum;
506  audit_name = getObjectIdentity(&object);
507 
508  sepgsql_avc_check_perms(&object,
511  audit_name,
512  true);
513  pfree(audit_name);
514  }
515  ReleaseCatCacheList(attrList);
516  }
517 }
518 
519 /*
520  * sepgsql_relation_truncate
521  *
522  * Check privileges to TRUNCATE the supplied relation.
523  */
524 void
526 {
527  ObjectAddress object;
528  char *audit_name;
529  uint16_t tclass = 0;
530  char relkind = get_rel_relkind(relOid);
531 
532  switch (relkind)
533  {
534  case RELKIND_RELATION:
535  case RELKIND_PARTITIONED_TABLE:
536  tclass = SEPG_CLASS_DB_TABLE;
537  break;
538  default:
539  /* ignore other relkinds */
540  return;
541  }
542 
543  /*
544  * check db_table:{truncate} permission
545  */
546  object.classId = RelationRelationId;
547  object.objectId = relOid;
548  object.objectSubId = 0;
549  audit_name = getObjectIdentity(&object);
550 
551  sepgsql_avc_check_perms(&object,
552  tclass,
554  audit_name,
555  true);
556  pfree(audit_name);
557 }
558 
559 /*
560  * sepgsql_relation_relabel
561  *
562  * It checks privileges to relabel the supplied relation by the `seclabel'.
563  */
564 void
565 sepgsql_relation_relabel(Oid relOid, const char *seclabel)
566 {
567  ObjectAddress object;
568  char *audit_name;
569  char relkind = get_rel_relkind(relOid);
570  uint16_t tclass = 0;
571 
572  if (relkind == RELKIND_RELATION || relkind == RELKIND_PARTITIONED_TABLE)
573  tclass = SEPG_CLASS_DB_TABLE;
574  else if (relkind == RELKIND_SEQUENCE)
575  tclass = SEPG_CLASS_DB_SEQUENCE;
576  else if (relkind == RELKIND_VIEW)
577  tclass = SEPG_CLASS_DB_VIEW;
578  else
579  ereport(ERROR,
580  (errcode(ERRCODE_WRONG_OBJECT_TYPE),
581  errmsg("cannot set security labels on relations except "
582  "for tables, sequences or views")));
583 
584  object.classId = RelationRelationId;
585  object.objectId = relOid;
586  object.objectSubId = 0;
587  audit_name = getObjectIdentity(&object);
588 
589  /*
590  * check db_xxx:{setattr relabelfrom} permission
591  */
592  sepgsql_avc_check_perms(&object,
593  tclass,
596  audit_name,
597  true);
598 
599  /*
600  * check db_xxx:{relabelto} permission
601  */
603  tclass,
605  audit_name,
606  true);
607  pfree(audit_name);
608 }
609 
610 /*
611  * sepgsql_relation_setattr
612  *
613  * It checks privileges to set attribute of the supplied relation
614  */
615 void
617 {
618  Relation rel;
619  ScanKeyData skey;
620  SysScanDesc sscan;
621  HeapTuple oldtup;
622  HeapTuple newtup;
623  Form_pg_class oldform;
624  Form_pg_class newform;
625  ObjectAddress object;
626  char *audit_name;
627  uint16_t tclass;
628 
629  switch (get_rel_relkind(relOid))
630  {
631  case RELKIND_RELATION:
632  case RELKIND_PARTITIONED_TABLE:
633  tclass = SEPG_CLASS_DB_TABLE;
634  break;
635  case RELKIND_SEQUENCE:
636  tclass = SEPG_CLASS_DB_SEQUENCE;
637  break;
638  case RELKIND_VIEW:
639  tclass = SEPG_CLASS_DB_VIEW;
640  break;
641  case RELKIND_INDEX:
642  /* deal with indexes specially */
643  sepgsql_index_modify(relOid);
644  return;
645  default:
646  /* other relkinds don't need additional work */
647  return;
648  }
649 
650  /*
651  * Fetch newer catalog
652  */
653  rel = table_open(RelationRelationId, AccessShareLock);
654 
655  ScanKeyInit(&skey,
656  Anum_pg_class_oid,
657  BTEqualStrategyNumber, F_OIDEQ,
658  ObjectIdGetDatum(relOid));
659 
660  sscan = systable_beginscan(rel, ClassOidIndexId, true,
661  SnapshotSelf, 1, &skey);
662 
663  newtup = systable_getnext(sscan);
664  if (!HeapTupleIsValid(newtup))
665  elog(ERROR, "could not find tuple for relation %u", relOid);
666  newform = (Form_pg_class) GETSTRUCT(newtup);
667 
668  /*
669  * Fetch older catalog
670  */
671  oldtup = SearchSysCache1(RELOID, ObjectIdGetDatum(relOid));
672  if (!HeapTupleIsValid(oldtup))
673  elog(ERROR, "cache lookup failed for relation %u", relOid);
674  oldform = (Form_pg_class) GETSTRUCT(oldtup);
675 
676  /*
677  * Does this ALTER command takes operation to namespace?
678  */
679  if (newform->relnamespace != oldform->relnamespace)
680  {
681  sepgsql_schema_remove_name(oldform->relnamespace);
682  sepgsql_schema_add_name(newform->relnamespace);
683  }
684  if (strcmp(NameStr(newform->relname), NameStr(oldform->relname)) != 0)
685  sepgsql_schema_rename(oldform->relnamespace);
686 
687  /*
688  * XXX - In the future version, db_tuple:{use} of system catalog entry
689  * shall be checked, if tablespace configuration is changed.
690  */
691 
692  /*
693  * check db_xxx:{setattr} permission
694  */
695  object.classId = RelationRelationId;
696  object.objectId = relOid;
697  object.objectSubId = 0;
698  audit_name = getObjectIdentity(&object);
699 
700  sepgsql_avc_check_perms(&object,
701  tclass,
703  audit_name,
704  true);
705  pfree(audit_name);
706 
707  ReleaseSysCache(oldtup);
708  systable_endscan(sscan);
710 }
711 
712 /*
713  * sepgsql_relation_setattr_extra
714  *
715  * It checks permission of the relation being referenced by extra attributes,
716  * such as pg_index entries. Like core PostgreSQL, sepgsql also does not deal
717  * with such entries as individual "objects", thus, modification of these
718  * entries shall be considered as setting an attribute of the underlying
719  * relation.
720  */
721 static void
723  Oid catindex_id,
724  Oid extra_oid,
725  AttrNumber anum_relation_id,
726  AttrNumber anum_extra_id)
727 {
728  ScanKeyData skey;
729  SysScanDesc sscan;
730  HeapTuple tuple;
731  Datum datum;
732  bool isnull;
733 
734  ScanKeyInit(&skey, anum_extra_id,
735  BTEqualStrategyNumber, F_OIDEQ,
736  ObjectIdGetDatum(extra_oid));
737 
738  sscan = systable_beginscan(catalog, catindex_id, true,
739  SnapshotSelf, 1, &skey);
740  tuple = systable_getnext(sscan);
741  if (!HeapTupleIsValid(tuple))
742  elog(ERROR, "could not find tuple for object %u in catalog \"%s\"",
743  extra_oid, RelationGetRelationName(catalog));
744 
745  datum = heap_getattr(tuple, anum_relation_id,
746  RelationGetDescr(catalog), &isnull);
747  Assert(!isnull);
748 
750 
751  systable_endscan(sscan);
752 }
753 
754 /*
755  * sepgsql_index_modify
756  * Handle index create, update, drop
757  *
758  * Unlike other relation kinds, indexes do not have their own security labels,
759  * so instead of doing checks directly, treat them as extra attributes of their
760  * owning tables; so check 'setattr' permissions on the table.
761  */
762 static void
764 {
765  Relation catalog = table_open(IndexRelationId, AccessShareLock);
766 
767  /* check db_table:{setattr} permission of the table being indexed */
770  indexOid,
771  Anum_pg_index_indrelid,
772  Anum_pg_index_indexrelid);
773  table_close(catalog, AccessShareLock);
774 }
void sepgsql_attribute_drop(Oid relOid, AttrNumber attnum)
Definition: relation.c:134
#define AttributeRelidNumIndexId
Definition: indexing.h:96
bool sepgsql_avc_check_perms_label(const char *tcontext, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:337
int n_members
Definition: catcache.h:176
void table_close(Relation relation, LOCKMODE lockmode)
Definition: table.c:133
void systable_endscan(SysScanDesc sysscan)
Definition: genam.c:525
#define GETSTRUCT(TUP)
Definition: htup_details.h:655
#define SEPG_CLASS_DB_COLUMN
Definition: sepgsql.h:49
#define IndexRelidIndexId
Definition: indexing.h:168
void SetSecurityLabel(const ObjectAddress *object, const char *provider, const char *label)
Definition: seclabel.c:327
const char * quote_identifier(const char *ident)
Definition: ruleutils.c:10772
#define SEPG_DB_COLUMN__SETATTR
Definition: sepgsql.h:173
#define RelationGetDescr(relation)
Definition: rel.h:448
#define SEPG_DB_TABLE__TRUNCATE
Definition: sepgsql.h:148
void sepgsql_relation_truncate(Oid relOid)
Definition: relation.c:525
char get_rel_relkind(Oid relid)
Definition: lsyscache.c:1805
#define DatumGetObjectId(X)
Definition: postgres.h:500
void sepgsql_schema_add_name(Oid namespaceId)
Definition: schema.c:218
char * sepgsql_get_label(Oid classId, Oid objectId, int32 subId)
Definition: label.c:446
bool sepgsql_avc_check_perms(const ObjectAddress *tobject, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:419
void sepgsql_schema_remove_name(Oid namespaceId)
Definition: schema.c:224
Oid get_rel_namespace(Oid relid)
Definition: lsyscache.c:1754
#define Int16GetDatum(X)
Definition: postgres.h:451
#define AccessShareLock
Definition: lockdefs.h:36
int errcode(int sqlerrcode)
Definition: elog.c:608
#define SEPG_CLASS_DB_SCHEMA
Definition: sepgsql.h:45
unsigned int Oid
Definition: postgres_ext.h:31
#define SEPG_DB_COLUMN__RELABELFROM
Definition: sepgsql.h:174
SysScanDesc systable_beginscan(Relation heapRelation, Oid indexId, bool indexOK, Snapshot snapshot, int nkeys, ScanKey key)
Definition: genam.c:352
char relkind
Definition: pg_class.h:81
void ReleaseCatCacheList(CatCList *list)
Definition: catcache.c:1782
CatCTup * members[FLEXIBLE_ARRAY_MEMBER]
Definition: catcache.h:178
#define SEPG_DB_TABLE__SETATTR
Definition: sepgsql.h:140
HeapTuple systable_getnext(SysScanDesc sysscan)
Definition: genam.c:444
#define SEPG_DB_DATABASE__CREATE
Definition: sepgsql.h:118
void sepgsql_attribute_setattr(Oid relOid, AttrNumber attnum)
Definition: relation.c:210
void pfree(void *pointer)
Definition: mcxt.c:1056
void appendStringInfo(StringInfo str, const char *fmt,...)
Definition: stringinfo.c:91
#define SEPG_CLASS_DB_SEQUENCE
Definition: sepgsql.h:47
#define ObjectIdGetDatum(X)
Definition: postgres.h:507
#define ERROR
Definition: elog.h:43
void sepgsql_relation_post_create(Oid relOid)
Definition: relation.c:241
char * getObjectIdentity(const ObjectAddress *object)
char * get_namespace_name(Oid nspid)
Definition: lsyscache.c:3094
void sepgsql_schema_rename(Oid namespaceId)
Definition: schema.c:230
#define SnapshotSelf
Definition: snapmgr.h:68
static void sepgsql_relation_setattr_extra(Relation catalog, Oid catindex_id, Oid extra_oid, AttrNumber anum_relation_id, AttrNumber anum_extra_id)
Definition: relation.c:722
#define RelationGetRelationName(relation)
Definition: rel.h:456
#define SEPG_DB_TABLE__DROP
Definition: sepgsql.h:138
#define SEPGSQL_LABEL_TAG
Definition: sepgsql.h:23
FormData_pg_attribute * Form_pg_attribute
Definition: pg_attribute.h:200
void resetStringInfo(StringInfo str)
Definition: stringinfo.c:75
#define SearchSysCacheList1(cacheId, key1)
Definition: syscache.h:210
#define SEPG_DB_PROCEDURE__RELABELTO
Definition: sepgsql.h:165
#define ClassOidIndexId
Definition: indexing.h:114
#define SEPG_DB_TABLE__RELABELTO
Definition: sepgsql.h:142
#define ereport(elevel, rest)
Definition: elog.h:141
static void sepgsql_index_modify(Oid indexOid)
Definition: relation.c:763
#define SEPG_CLASS_DB_VIEW
Definition: sepgsql.h:53
void initStringInfo(StringInfo str)
Definition: stringinfo.c:59
#define heap_getattr(tup, attnum, tupleDesc, isnull)
Definition: htup_details.h:762
HeapTuple SearchSysCache1(int cacheId, Datum key1)
Definition: syscache.c:1116
uintptr_t Datum
Definition: postgres.h:367
#define SEPG_DB_COLUMN__DROP
Definition: sepgsql.h:171
void ReleaseSysCache(HeapTuple tuple)
Definition: syscache.c:1164
#define SEPG_DB_TABLE__RELABELFROM
Definition: sepgsql.h:141
#define SEPG_DB_SCHEMA__ADD_NAME
Definition: sepgsql.h:134
int16 attnum
Definition: pg_attribute.h:79
#define SEPG_DB_COLUMN__CREATE
Definition: sepgsql.h:170
#define SEPG_CLASS_DB_TABLE
Definition: sepgsql.h:46
#define HeapTupleIsValid(tuple)
Definition: htup.h:78
#define Assert(condition)
Definition: c.h:739
void sepgsql_relation_relabel(Oid relOid, const char *seclabel)
Definition: relation.c:565
char * sepgsql_get_client_label(void)
Definition: label.c:81
void sepgsql_attribute_relabel(Oid relOid, AttrNumber attnum, const char *seclabel)
Definition: relation.c:166
void sepgsql_attribute_post_create(Oid relOid, AttrNumber attnum)
Definition: relation.c:44
FormData_pg_class * Form_pg_class
Definition: pg_class.h:150
char * sepgsql_compute_create(const char *scontext, const char *tcontext, uint16 tclass, const char *objname)
Definition: selinux.c:836
int errmsg(const char *fmt,...)
Definition: elog.c:822
#define elog(elevel,...)
Definition: elog.h:228
int i
#define NameStr(name)
Definition: c.h:616
void ScanKeyInit(ScanKey entry, AttrNumber attributeNumber, StrategyNumber strategy, RegProcedure procedure, Datum argument)
Definition: scankey.c:76
HeapTupleData tuple
Definition: catcache.h:121
void sepgsql_relation_setattr(Oid relOid)
Definition: relation.c:616
Relation table_open(Oid relationId, LOCKMODE lockmode)
Definition: table.c:39
void sepgsql_relation_drop(Oid relOid)
Definition: relation.c:417
int16 AttrNumber
Definition: attnum.h:21
#define SEPG_DB_SCHEMA__REMOVE_NAME
Definition: sepgsql.h:135
#define BTEqualStrategyNumber
Definition: stratnum.h:31