PostgreSQL Source Code  git master
database.c
Go to the documentation of this file.
1 /* -------------------------------------------------------------------------
2  *
3  * contrib/sepgsql/database.c
4  *
5  * Routines corresponding to database objects
6  *
7  * Copyright (c) 2010-2020, PostgreSQL Global Development Group
8  *
9  * -------------------------------------------------------------------------
10  */
11 #include "postgres.h"
12 
13 #include "access/genam.h"
14 #include "access/htup_details.h"
15 #include "access/sysattr.h"
16 #include "access/table.h"
17 #include "catalog/dependency.h"
18 #include "catalog/indexing.h"
19 #include "catalog/pg_database.h"
20 #include "commands/dbcommands.h"
21 #include "commands/seclabel.h"
22 #include "sepgsql.h"
23 #include "utils/builtins.h"
24 #include "utils/fmgroids.h"
25 #include "utils/snapmgr.h"
26 
27 /*
28  * sepgsql_database_post_create
29  *
30  * This routine assigns a default security label on a newly defined
31  * database, and check permission needed for its creation.
32  */
33 void
34 sepgsql_database_post_create(Oid databaseId, const char *dtemplate)
35 {
36  Relation rel;
37  ScanKeyData skey;
38  SysScanDesc sscan;
39  HeapTuple tuple;
40  char *tcontext;
41  char *ncontext;
42  ObjectAddress object;
43  Form_pg_database datForm;
44  StringInfoData audit_name;
45 
46  /*
47  * Oid of the source database is not saved in pg_database catalog, so we
48  * collect its identifier using contextual information. If NULL, its
49  * default is "template1" according to createdb().
50  */
51  if (!dtemplate)
52  dtemplate = "template1";
53 
54  object.classId = DatabaseRelationId;
55  object.objectId = get_database_oid(dtemplate, false);
56  object.objectSubId = 0;
57 
58  tcontext = sepgsql_get_label(object.classId,
59  object.objectId,
60  object.objectSubId);
61 
62  /*
63  * check db_database:{getattr} permission
64  */
65  initStringInfo(&audit_name);
66  appendStringInfoString(&audit_name, quote_identifier(dtemplate));
67  sepgsql_avc_check_perms_label(tcontext,
68  SEPG_CLASS_DB_DATABASE,
69  SEPG_DB_DATABASE__GETATTR,
70  audit_name.data,
71  true);
72 
73  /*
74  * Compute a default security label of the newly created database based on
75  * a pair of security label of client and source database.
76  *
77  * XXX - upcoming version of libselinux supports to take object name to
78  * handle special treatment on default security label.
79  */
80  rel = table_open(DatabaseRelationId, AccessShareLock);
81 
82  ScanKeyInit(&skey,
83  Anum_pg_database_oid,
84  BTEqualStrategyNumber, F_OIDEQ,
85  ObjectIdGetDatum(databaseId));
86 
87  sscan = systable_beginscan(rel, DatabaseOidIndexId, true,
88  SnapshotSelf, 1, &skey);
89  tuple = systable_getnext(sscan);
90  if (!HeapTupleIsValid(tuple))
91  elog(ERROR, "could not find tuple for database %u", databaseId);
92 
93  datForm = (Form_pg_database) GETSTRUCT(tuple);
94 
95  ncontext = sepgsql_compute_create(sepgsql_get_client_label(),
96  tcontext,
97  SEPG_CLASS_DB_DATABASE,
98  NameStr(datForm->datname));
99 
100  /*
101  * check db_database:{create} permission
102  */
103  resetStringInfo(&audit_name);
104  appendStringInfoString(&audit_name,
105  quote_identifier(NameStr(datForm->datname)));
106  sepgsql_avc_check_perms_label(ncontext,
107  SEPG_CLASS_DB_DATABASE,
108  SEPG_DB_DATABASE__CREATE,
109  audit_name.data,
110  true);
111 
112  systable_endscan(sscan);
113  table_close(rel, AccessShareLock);
114 
115  /*
116  * Assign the default security label on the new database
117  */
118  object.classId = DatabaseRelationId;
119  object.objectId = databaseId;
120  object.objectSubId = 0;
121 
122  SetSecurityLabel(&object, SEPGSQL_LABEL_TAG, ncontext);
123 
124  pfree(ncontext);
125  pfree(tcontext);
126 }
127 
128 /*
129  * sepgsql_database_drop
130  *
131  * It checks privileges to drop the supplied database
132  */
133 void
134 sepgsql_database_drop(Oid databaseId)
135 {
136  ObjectAddress object;
137  char *audit_name;
138 
139  /*
140  * check db_database:{drop} permission
141  */
142  object.classId = DatabaseRelationId;
143  object.objectId = databaseId;
144  object.objectSubId = 0;
145  audit_name = getObjectIdentity(&object, false);
146 
147  sepgsql_avc_check_perms(&object,
148  SEPG_CLASS_DB_DATABASE,
149  SEPG_DB_DATABASE__DROP,
150  audit_name,
151  true);
152  pfree(audit_name);
153 }
154 
155 /*
156  * sepgsql_database_post_alter
157  *
158  * It checks privileges to alter the supplied database
159  */
160 void
161 sepgsql_database_setattr(Oid databaseId)
162 {
163  ObjectAddress object;
164  char *audit_name;
165 
166  /*
167  * check db_database:{setattr} permission
168  */
169  object.classId = DatabaseRelationId;
170  object.objectId = databaseId;
171  object.objectSubId = 0;
172  audit_name = getObjectIdentity(&object, false);
173 
174  sepgsql_avc_check_perms(&object,
175  SEPG_CLASS_DB_DATABASE,
176  SEPG_DB_DATABASE__SETATTR,
177  audit_name,
178  true);
179  pfree(audit_name);
180 }
181 
182 /*
183  * sepgsql_database_relabel
184  *
185  * It checks privileges to relabel the supplied database with the `seclabel'
186  */
187 void
188 sepgsql_database_relabel(Oid databaseId, const char *seclabel)
189 {
190  ObjectAddress object;
191  char *audit_name;
192 
193  object.classId = DatabaseRelationId;
194  object.objectId = databaseId;
195  object.objectSubId = 0;
196  audit_name = getObjectIdentity(&object, false);
197 
198  /*
199  * check db_database:{setattr relabelfrom} permission
200  */
201  sepgsql_avc_check_perms(&object,
202  SEPG_CLASS_DB_DATABASE,
203  SEPG_DB_DATABASE__SETATTR |
204  SEPG_DB_DATABASE__RELABELFROM,
205  audit_name,
206  true);
207 
208  /*
209  * check db_database:{relabelto} permission
210  */
211  sepgsql_avc_check_perms_label(seclabel,
212  SEPG_CLASS_DB_DATABASE,
213  SEPG_DB_DATABASE__RELABELTO,
214  audit_name,
215  true);
216  pfree(audit_name);
217 }
sepgsql_avc_check_perms_label
bool sepgsql_avc_check_perms_label(const char *tcontext, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:337
table_close
void table_close(Relation relation, LOCKMODE lockmode)
Definition: table.c:133
systable_endscan
void systable_endscan(SysScanDesc sysscan)
Definition: genam.c:529
GETSTRUCT
#define GETSTRUCT(TUP)
Definition: htup_details.h:655
SetSecurityLabel
void SetSecurityLabel(const ObjectAddress *object, const char *provider, const char *label)
Definition: seclabel.c:401
quote_identifier
const char * quote_identifier(const char *ident)
Definition: ruleutils.c:10727
Form_pg_database
FormData_pg_database * Form_pg_database
Definition: pg_database.h:81
sepgsql_database_drop
void sepgsql_database_drop(Oid databaseId)
Definition: database.c:134
sepgsql_get_label
char * sepgsql_get_label(Oid classId, Oid objectId, int32 subId)
Definition: label.c:446
sepgsql_avc_check_perms
bool sepgsql_avc_check_perms(const ObjectAddress *tobject, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:419
AccessShareLock
#define AccessShareLock
Definition: lockdefs.h:36
SEPG_DB_DATABASE__RELABELFROM
#define SEPG_DB_DATABASE__RELABELFROM
Definition: sepgsql.h:122
Oid
unsigned int Oid
Definition: postgres_ext.h:31
SEPG_CLASS_DB_DATABASE
#define SEPG_CLASS_DB_DATABASE
Definition: sepgsql.h:44
systable_beginscan
SysScanDesc systable_beginscan(Relation heapRelation, Oid indexId, bool indexOK, Snapshot snapshot, int nkeys, ScanKey key)
Definition: genam.c:356
sepgsql_database_relabel
void sepgsql_database_relabel(Oid databaseId, const char *seclabel)
Definition: database.c:188
systable_getnext
HeapTuple systable_getnext(SysScanDesc sysscan)
Definition: genam.c:448
SEPG_DB_DATABASE__CREATE
#define SEPG_DB_DATABASE__CREATE
Definition: sepgsql.h:118
pfree
void pfree(void *pointer)
Definition: mcxt.c:1056
ObjectIdGetDatum
#define ObjectIdGetDatum(X)
Definition: postgres.h:507
ERROR
#define ERROR
Definition: elog.h:43
getObjectIdentity
char * getObjectIdentity(const ObjectAddress *object, bool missing_ok)
Definition: objectaddress.c:4636
appendStringInfoString
void appendStringInfoString(StringInfo str, const char *s)
Definition: stringinfo.c:176
SnapshotSelf
#define SnapshotSelf
Definition: snapmgr.h:68
DatabaseOidIndexId
#define DatabaseOidIndexId
Definition: indexing.h:151
SEPGSQL_LABEL_TAG
#define SEPGSQL_LABEL_TAG
Definition: sepgsql.h:23
resetStringInfo
void resetStringInfo(StringInfo str)
Definition: stringinfo.c:75
htup_details.h
SEPG_DB_DATABASE__GETATTR
#define SEPG_DB_DATABASE__GETATTR
Definition: sepgsql.h:120
sepgsql_database_post_create
void sepgsql_database_post_create(Oid databaseId, const char *dtemplate)
Definition: database.c:34
initStringInfo
void initStringInfo(StringInfo str)
Definition: stringinfo.c:59
pg_database.h
SEPG_DB_DATABASE__DROP
#define SEPG_DB_DATABASE__DROP
Definition: sepgsql.h:119
get_database_oid
Oid get_database_oid(const char *dbname, bool missing_ok)
Definition: dbcommands.c:2108
HeapTupleIsValid
#define HeapTupleIsValid(tuple)
Definition: htup.h:78
SEPG_DB_DATABASE__SETATTR
#define SEPG_DB_DATABASE__SETATTR
Definition: sepgsql.h:121
sepgsql_get_client_label
char * sepgsql_get_client_label(void)
Definition: label.c:81
SEPG_DB_DATABASE__RELABELTO
#define SEPG_DB_DATABASE__RELABELTO
Definition: sepgsql.h:123
sepgsql_compute_create
char * sepgsql_compute_create(const char *scontext, const char *tcontext, uint16 tclass, const char *objname)
Definition: selinux.c:836
elog
#define elog(elevel,...)
Definition: elog.h:214
NameStr
#define NameStr(name)
Definition: c.h:622
ScanKeyInit
void ScanKeyInit(ScanKey entry, AttrNumber attributeNumber, StrategyNumber strategy, RegProcedure procedure, Datum argument)
Definition: scankey.c:76
sepgsql_database_setattr
void sepgsql_database_setattr(Oid databaseId)
Definition: database.c:161
table_open
Relation table_open(Oid relationId, LOCKMODE lockmode)
Definition: table.c:39
BTEqualStrategyNumber
#define BTEqualStrategyNumber
Definition: stratnum.h:31