93 (*next_object_access_hook) (
access, classId, objectId, subId,
arg);
102 is_internal = pc_arg ? pc_arg->
is_internal :
false;
106 case DatabaseRelationId:
112 case NamespaceRelationId:
117 case RelationRelationId:
138 case ProcedureRelationId:
164 case DatabaseRelationId:
168 case NamespaceRelationId:
172 case RelationRelationId:
179 case ProcedureRelationId:
194 case RelationRelationId:
211 case DatabaseRelationId:
216 case NamespaceRelationId:
221 case RelationRelationId:
240 case ProcedureRelationId:
263 Assert(classId == NamespaceRelationId);
273 Assert(classId == ProcedureRelationId);
314 const char *queryString,
347 if (strcmp(defel->
defname,
"template") == 0)
365 (
errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
366 errmsg(
"SELinux: LOAD is not permitted")));
381 (*next_ProcessUtility_hook) (pstmt, queryString, readOnlyTree,
408 (
errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
409 errmsg(
"sepgsql must be loaded via \"shared_preload_libraries\"")));
416 if (is_selinux_enabled() < 1)
429 "Turn on/off permissive mode in SE-PostgreSQL",
447 "Turn on/off debug audit messages",
#define Assert(condition)
void sepgsql_proc_post_create(Oid functionId)
void sepgsql_proc_setattr(Oid functionId)
void sepgsql_proc_drop(Oid functionId)
void sepgsql_proc_execute(Oid functionId)
void sepgsql_attribute_setattr(Oid relOid, AttrNumber attnum)
void sepgsql_attribute_post_create(Oid relOid, AttrNumber attnum)
void sepgsql_relation_post_create(Oid relOid)
void sepgsql_relation_truncate(Oid relOid)
void sepgsql_relation_setattr(Oid relOid)
void sepgsql_relation_drop(Oid relOid)
void sepgsql_attribute_drop(Oid relOid, AttrNumber attnum)
void sepgsql_database_post_create(Oid databaseId, const char *dtemplate)
void sepgsql_database_drop(Oid databaseId)
void sepgsql_database_setattr(Oid databaseId)
#define PERFORM_DELETION_INTERNAL
bool sepgsql_dml_privileges(List *rangeTbls, List *rteperminfos, bool abort_on_violation)
int errcode(int sqlerrcode)
int errmsg(const char *fmt,...)
#define ereport(elevel,...)
ExecutorCheckPerms_hook_type ExecutorCheckPerms_hook
bool(* ExecutorCheckPerms_hook_type)(List *rangeTable, List *rtePermInfos, bool ereport_on_violation)
void DefineCustomBoolVariable(const char *name, const char *short_desc, const char *long_desc, bool *valueAddr, bool bootValue, GucContext context, int flags, GucBoolCheckHook check_hook, GucBoolAssignHook assign_hook, GucShowHook show_hook)
void MarkGUCPrefixReserved(const char *className)
#define GUC_NOT_IN_SAMPLE
static sepgsql_context_info_t sepgsql_context_info
bool sepgsql_get_permissive(void)
static ExecutorCheckPerms_hook_type next_exec_check_perms_hook
static ProcessUtility_hook_type next_ProcessUtility_hook
static void sepgsql_object_access(ObjectAccessType access, Oid classId, Oid objectId, int subId, void *arg)
static bool sepgsql_debug_audit
bool sepgsql_get_debug_audit(void)
static bool sepgsql_permissive
static bool sepgsql_exec_check_perms(List *rangeTbls, List *rteperminfos, bool abort)
static object_access_hook_type next_object_access_hook
static void sepgsql_utility_command(PlannedStmt *pstmt, const char *queryString, bool readOnlyTree, ProcessUtilityContext context, ParamListInfo params, QueryEnvironment *queryEnv, DestReceiver *dest, QueryCompletion *qc)
void sepgsql_init_client_label(void)
void sepgsql_object_relabel(const ObjectAddress *object, const char *seclabel)
object_access_hook_type object_access_hook
void(* object_access_hook_type)(ObjectAccessType access, Oid classId, Oid objectId, int subId, void *arg)
void sepgsql_schema_post_create(Oid namespaceId)
void sepgsql_schema_setattr(Oid namespaceId)
bool sepgsql_schema_search(Oid namespaceId, bool abort_on_violation)
void sepgsql_schema_drop(Oid namespaceId)
void register_label_provider(const char *provider_name, check_object_relabel_type hook)
int sepgsql_set_mode(int new_mode)
bool sepgsql_getenforce(void)
#define SEPGSQL_LABEL_TAG
#define SEPGSQL_MODE_DISABLED
void sepgsql_avc_init(void)
bool ereport_on_violation
const char * createdb_dtemplate
void standard_ProcessUtility(PlannedStmt *pstmt, const char *queryString, bool readOnlyTree, ProcessUtilityContext context, ParamListInfo params, QueryEnvironment *queryEnv, DestReceiver *dest, QueryCompletion *qc)
ProcessUtility_hook_type ProcessUtility_hook
void(* ProcessUtility_hook_type)(PlannedStmt *pstmt, const char *queryString, bool readOnlyTree, ProcessUtilityContext context, ParamListInfo params, QueryEnvironment *queryEnv, DestReceiver *dest, QueryCompletion *qc)