PostgreSQL Source Code  git master
database.c
Go to the documentation of this file.
1 /* -------------------------------------------------------------------------
2  *
3  * contrib/sepgsql/database.c
4  *
5  * Routines corresponding to database objects
6  *
7  * Copyright (c) 2010-2023, PostgreSQL Global Development Group
8  *
9  * -------------------------------------------------------------------------
10  */
11 #include "postgres.h"
12 
13 #include "access/genam.h"
14 #include "access/htup_details.h"
15 #include "access/sysattr.h"
16 #include "access/table.h"
17 #include "catalog/dependency.h"
18 #include "catalog/pg_database.h"
19 #include "commands/dbcommands.h"
20 #include "commands/seclabel.h"
21 #include "sepgsql.h"
22 #include "utils/builtins.h"
23 #include "utils/fmgroids.h"
24 #include "utils/snapmgr.h"
25 
26 /*
27  * sepgsql_database_post_create
28  *
29  * This routine assigns a default security label on a newly defined
30  * database, and check permission needed for its creation.
31  */
32 void
33 sepgsql_database_post_create(Oid databaseId, const char *dtemplate)
34 {
35  Relation rel;
36  ScanKeyData skey;
37  SysScanDesc sscan;
38  HeapTuple tuple;
39  char *tcontext;
40  char *ncontext;
41  ObjectAddress object;
42  Form_pg_database datForm;
43  StringInfoData audit_name;
44 
45  /*
46  * Oid of the source database is not saved in pg_database catalog, so we
47  * collect its identifier using contextual information. If NULL, its
48  * default is "template1" according to createdb().
49  */
50  if (!dtemplate)
51  dtemplate = "template1";
52 
53  object.classId = DatabaseRelationId;
54  object.objectId = get_database_oid(dtemplate, false);
55  object.objectSubId = 0;
56 
57  tcontext = sepgsql_get_label(object.classId,
58  object.objectId,
59  object.objectSubId);
60 
61  /*
62  * check db_database:{getattr} permission
63  */
64  initStringInfo(&audit_name);
65  appendStringInfoString(&audit_name, quote_identifier(dtemplate));
66  sepgsql_avc_check_perms_label(tcontext,
67  SEPG_CLASS_DB_DATABASE,
68  SEPG_DB_DATABASE__GETATTR,
69  audit_name.data,
70  true);
71 
72  /*
73  * Compute a default security label of the newly created database based on
74  * a pair of security label of client and source database.
75  *
76  * XXX - upcoming version of libselinux supports to take object name to
77  * handle special treatment on default security label.
78  */
79  rel = table_open(DatabaseRelationId, AccessShareLock);
80 
81  ScanKeyInit(&skey,
82  Anum_pg_database_oid,
83  BTEqualStrategyNumber, F_OIDEQ,
84  ObjectIdGetDatum(databaseId));
85 
86  sscan = systable_beginscan(rel, DatabaseOidIndexId, true,
87  SnapshotSelf, 1, &skey);
88  tuple = systable_getnext(sscan);
89  if (!HeapTupleIsValid(tuple))
90  elog(ERROR, "could not find tuple for database %u", databaseId);
91 
92  datForm = (Form_pg_database) GETSTRUCT(tuple);
93 
94  ncontext = sepgsql_compute_create(sepgsql_get_client_label(),
95  tcontext,
96  SEPG_CLASS_DB_DATABASE,
97  NameStr(datForm->datname));
98 
99  /*
100  * check db_database:{create} permission
101  */
102  resetStringInfo(&audit_name);
103  appendStringInfoString(&audit_name,
104  quote_identifier(NameStr(datForm->datname)));
105  sepgsql_avc_check_perms_label(ncontext,
106  SEPG_CLASS_DB_DATABASE,
107  SEPG_DB_DATABASE__CREATE,
108  audit_name.data,
109  true);
110 
111  systable_endscan(sscan);
112  table_close(rel, AccessShareLock);
113 
114  /*
115  * Assign the default security label on the new database
116  */
117  object.classId = DatabaseRelationId;
118  object.objectId = databaseId;
119  object.objectSubId = 0;
120 
121  SetSecurityLabel(&object, SEPGSQL_LABEL_TAG, ncontext);
122 
123  pfree(ncontext);
124  pfree(tcontext);
125 }
126 
127 /*
128  * sepgsql_database_drop
129  *
130  * It checks privileges to drop the supplied database
131  */
132 void
133 sepgsql_database_drop(Oid databaseId)
134 {
135  ObjectAddress object;
136  char *audit_name;
137 
138  /*
139  * check db_database:{drop} permission
140  */
141  object.classId = DatabaseRelationId;
142  object.objectId = databaseId;
143  object.objectSubId = 0;
144  audit_name = getObjectIdentity(&object, false);
145 
146  sepgsql_avc_check_perms(&object,
147  SEPG_CLASS_DB_DATABASE,
148  SEPG_DB_DATABASE__DROP,
149  audit_name,
150  true);
151  pfree(audit_name);
152 }
153 
154 /*
155  * sepgsql_database_post_alter
156  *
157  * It checks privileges to alter the supplied database
158  */
159 void
160 sepgsql_database_setattr(Oid databaseId)
161 {
162  ObjectAddress object;
163  char *audit_name;
164 
165  /*
166  * check db_database:{setattr} permission
167  */
168  object.classId = DatabaseRelationId;
169  object.objectId = databaseId;
170  object.objectSubId = 0;
171  audit_name = getObjectIdentity(&object, false);
172 
173  sepgsql_avc_check_perms(&object,
174  SEPG_CLASS_DB_DATABASE,
175  SEPG_DB_DATABASE__SETATTR,
176  audit_name,
177  true);
178  pfree(audit_name);
179 }
180 
181 /*
182  * sepgsql_database_relabel
183  *
184  * It checks privileges to relabel the supplied database with the `seclabel'
185  */
186 void
187 sepgsql_database_relabel(Oid databaseId, const char *seclabel)
188 {
189  ObjectAddress object;
190  char *audit_name;
191 
192  object.classId = DatabaseRelationId;
193  object.objectId = databaseId;
194  object.objectSubId = 0;
195  audit_name = getObjectIdentity(&object, false);
196 
197  /*
198  * check db_database:{setattr relabelfrom} permission
199  */
200  sepgsql_avc_check_perms(&object,
201  SEPG_CLASS_DB_DATABASE,
202  SEPG_DB_DATABASE__SETATTR |
203  SEPG_DB_DATABASE__RELABELFROM,
204  audit_name,
205  true);
206 
207  /*
208  * check db_database:{relabelto} permission
209  */
210  sepgsql_avc_check_perms_label(seclabel,
211  SEPG_CLASS_DB_DATABASE,
212  SEPG_DB_DATABASE__RELABELTO,
213  audit_name,
214  true);
215  pfree(audit_name);
216 }
NameStr
#define NameStr(name)
Definition: c.h:735
sepgsql_database_relabel
void sepgsql_database_relabel(Oid databaseId, const char *seclabel)
Definition: database.c:187
sepgsql_database_post_create
void sepgsql_database_post_create(Oid databaseId, const char *dtemplate)
Definition: database.c:33
sepgsql_database_drop
void sepgsql_database_drop(Oid databaseId)
Definition: database.c:133
sepgsql_database_setattr
void sepgsql_database_setattr(Oid databaseId)
Definition: database.c:160
get_database_oid
Oid get_database_oid(const char *dbname, bool missing_ok)
Definition: dbcommands.c:3037
ERROR
#define ERROR
Definition: elog.h:39
systable_endscan
void systable_endscan(SysScanDesc sysscan)
Definition: genam.c:599
systable_getnext
HeapTuple systable_getnext(SysScanDesc sysscan)
Definition: genam.c:506
systable_beginscan
SysScanDesc systable_beginscan(Relation heapRelation, Oid indexId, bool indexOK, Snapshot snapshot, int nkeys, ScanKey key)
Definition: genam.c:387
HeapTupleIsValid
#define HeapTupleIsValid(tuple)
Definition: htup.h:78
htup_details.h
GETSTRUCT
#define GETSTRUCT(TUP)
Definition: htup_details.h:653
sepgsql_get_label
char * sepgsql_get_label(Oid classId, Oid objectId, int32 subId)
Definition: label.c:445
sepgsql_get_client_label
char * sepgsql_get_client_label(void)
Definition: label.c:80
AccessShareLock
#define AccessShareLock
Definition: lockdefs.h:36
pfree
void pfree(void *pointer)
Definition: mcxt.c:1456
getObjectIdentity
char * getObjectIdentity(const ObjectAddress *object, bool missing_ok)
Definition: objectaddress.c:4747
pg_database.h
Form_pg_database
FormData_pg_database * Form_pg_database
Definition: pg_database.h:93
ObjectIdGetDatum
static Datum ObjectIdGetDatum(Oid X)
Definition: postgres.h:252
Oid
unsigned int Oid
Definition: postgres_ext.h:31
quote_identifier
const char * quote_identifier(const char *ident)
Definition: ruleutils.c:11965
ScanKeyInit
void ScanKeyInit(ScanKey entry, AttrNumber attributeNumber, StrategyNumber strategy, RegProcedure procedure, Datum argument)
Definition: scankey.c:76
SetSecurityLabel
void SetSecurityLabel(const ObjectAddress *object, const char *provider, const char *label)
Definition: seclabel.c:404
sepgsql_compute_create
char * sepgsql_compute_create(const char *scontext, const char *tcontext, uint16 tclass, const char *objname)
Definition: selinux.c:842
SEPG_DB_DATABASE__CREATE
#define SEPG_DB_DATABASE__CREATE
Definition: sepgsql.h:118
SEPG_CLASS_DB_DATABASE
#define SEPG_CLASS_DB_DATABASE
Definition: sepgsql.h:44
sepgsql_avc_check_perms_label
bool sepgsql_avc_check_perms_label(const char *tcontext, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:337
SEPG_DB_DATABASE__SETATTR
#define SEPG_DB_DATABASE__SETATTR
Definition: sepgsql.h:121
SEPG_DB_DATABASE__RELABELTO
#define SEPG_DB_DATABASE__RELABELTO
Definition: sepgsql.h:123
SEPG_DB_DATABASE__DROP
#define SEPG_DB_DATABASE__DROP
Definition: sepgsql.h:119
SEPG_DB_DATABASE__GETATTR
#define SEPG_DB_DATABASE__GETATTR
Definition: sepgsql.h:120
SEPGSQL_LABEL_TAG
#define SEPGSQL_LABEL_TAG
Definition: sepgsql.h:23
SEPG_DB_DATABASE__RELABELFROM
#define SEPG_DB_DATABASE__RELABELFROM
Definition: sepgsql.h:122
sepgsql_avc_check_perms
bool sepgsql_avc_check_perms(const ObjectAddress *tobject, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:420
SnapshotSelf
#define SnapshotSelf
Definition: snapmgr.h:32
BTEqualStrategyNumber
#define BTEqualStrategyNumber
Definition: stratnum.h:31
resetStringInfo
void resetStringInfo(StringInfo str)
Definition: stringinfo.c:75
appendStringInfoString
void appendStringInfoString(StringInfo str, const char *s)
Definition: stringinfo.c:176
initStringInfo
void initStringInfo(StringInfo str)
Definition: stringinfo.c:59
table_close
void table_close(Relation relation, LOCKMODE lockmode)
Definition: table.c:126
table_open
Relation table_open(Oid relationId, LOCKMODE lockmode)
Definition: table.c:40