schema_8c_source.html

/* -------------------------------------------------------------------------

 *

 * contrib/sepgsql/schema.c

 *

 * Routines corresponding to schema objects

 *

 * Copyright (c) 2010-2025, PostgreSQL Global Development Group

 *

 * -------------------------------------------------------------------------

 */

#include "postgres.h"


#include "access/genam.h"

#include "access/htup_details.h"

#include "access/sysattr.h"

#include "access/table.h"

#include "catalog/dependency.h"

#include "catalog/pg_database.h"

#include "catalog/pg_namespace.h"

#include "commands/seclabel.h"

#include "lib/stringinfo.h"

#include "miscadmin.h"

#include "sepgsql.h"

#include "utils/builtins.h"

#include "utils/fmgroids.h"

#include "utils/lsyscache.h"

#include "utils/snapmgr.h"


/*

 * sepgsql_schema_post_create

 *

 * This routine assigns a default security label on a newly defined

 * schema.

 */

void

sepgsql_schema_post_create(Oid namespaceId)

{

    Relation    rel;

    ScanKeyData skey;

    SysScanDesc sscan;

    HeapTuple   tuple;

    char       *tcontext;

    char       *ncontext;

    const char *nsp_name;

    ObjectAddress object;

    Form_pg_namespace nspForm;

    StringInfoData audit_name;


    /*

     * Compute a default security label when we create a new schema object

     * under the working database.

     *

     * XXX - upcoming version of libselinux supports to take object name to

     * handle special treatment on default security label; such as special

     * label on "pg_temp" schema.

     */

    rel = table_open(NamespaceRelationId, AccessShareLock);


    ScanKeyInit(&skey,

                Anum_pg_namespace_oid,

                BTEqualStrategyNumber, F_OIDEQ,

                ObjectIdGetDatum(namespaceId));


    sscan = systable_beginscan(rel, NamespaceOidIndexId, true,

                               SnapshotSelf, 1, &skey);

    tuple = systable_getnext(sscan);

    if (!HeapTupleIsValid(tuple))

        elog(ERROR, "could not find tuple for namespace %u", namespaceId);


    nspForm = (Form_pg_namespace) GETSTRUCT(tuple);

    nsp_name = NameStr(nspForm->nspname);

    if (strncmp(nsp_name, "pg_temp_", 8) == 0)

        nsp_name = "pg_temp";

    else if (strncmp(nsp_name, "pg_toast_temp_", 14) == 0)

        nsp_name = "pg_toast_temp";


    tcontext = sepgsql_get_label(DatabaseRelationId, MyDatabaseId, 0);

    ncontext = sepgsql_compute_create(sepgsql_get_client_label(),

                                      tcontext,

                                      SEPG_CLASS_DB_SCHEMA,

                                      nsp_name);


    /*

     * check db_schema:{create}

     */

    initStringInfo(&audit_name);

    appendStringInfoString(&audit_name, quote_identifier(nsp_name));

    sepgsql_avc_check_perms_label(ncontext,

                                  SEPG_CLASS_DB_SCHEMA,

                                  SEPG_DB_SCHEMA__CREATE,

                                  audit_name.data,

                                  true);

    systable_endscan(sscan);

    table_close(rel, AccessShareLock);


    /*

     * Assign the default security label on a new procedure

     */

    object.classId = NamespaceRelationId;

    object.objectId = namespaceId;

    object.objectSubId = 0;

    SetSecurityLabel(&object, SEPGSQL_LABEL_TAG, ncontext);


    pfree(ncontext);

    pfree(tcontext);

}


/*

 * sepgsql_schema_drop

 *

 * It checks privileges to drop the supplied schema object.

 */

void

sepgsql_schema_drop(Oid namespaceId)

{

    ObjectAddress object;

    char       *audit_name;


    /*

     * check db_schema:{drop} permission

     */

    object.classId = NamespaceRelationId;

    object.objectId = namespaceId;

    object.objectSubId = 0;

    audit_name = getObjectIdentity(&object, false);


    sepgsql_avc_check_perms(&object,

                            SEPG_CLASS_DB_SCHEMA,

                            SEPG_DB_SCHEMA__DROP,

                            audit_name,

                            true);

    pfree(audit_name);

}


/*

 * sepgsql_schema_relabel

 *

 * It checks privileges to relabel the supplied schema

 * by the `seclabel'.

 */

void

sepgsql_schema_relabel(Oid namespaceId, const char *seclabel)

{

    ObjectAddress object;

    char       *audit_name;


    object.classId = NamespaceRelationId;

    object.objectId = namespaceId;

    object.objectSubId = 0;

    audit_name = getObjectIdentity(&object, false);


    /*

     * check db_schema:{setattr relabelfrom} permission

     */

    sepgsql_avc_check_perms(&object,

                            SEPG_CLASS_DB_SCHEMA,

                            SEPG_DB_SCHEMA__SETATTR |

                            SEPG_DB_SCHEMA__RELABELFROM,

                            audit_name,

                            true);


    /*

     * check db_schema:{relabelto} permission

     */

    sepgsql_avc_check_perms_label(seclabel,

                                  SEPG_CLASS_DB_SCHEMA,

                                  SEPG_DB_SCHEMA__RELABELTO,

                                  audit_name,

                                  true);

    pfree(audit_name);

}


/*

 * sepgsql_schema_check_perms

 *

 * utility routine to check db_schema:{xxx} permissions

 */

static bool

check_schema_perms(Oid namespaceId, uint32 required, bool abort_on_violation)

{

    ObjectAddress object;

    char       *audit_name;

    bool        result;


    object.classId = NamespaceRelationId;

    object.objectId = namespaceId;

    object.objectSubId = 0;

    audit_name = getObjectIdentity(&object, false);


    result = sepgsql_avc_check_perms(&object,

                                     SEPG_CLASS_DB_SCHEMA,

                                     required,

                                     audit_name,

                                     abort_on_violation);

    pfree(audit_name);


    return result;

}


/* db_schema:{setattr} permission */

void

sepgsql_schema_setattr(Oid namespaceId)

{

    check_schema_perms(namespaceId, SEPG_DB_SCHEMA__SETATTR, true);

}


/* db_schema:{search} permission */

bool

sepgsql_schema_search(Oid namespaceId, bool abort_on_violation)

{

    return check_schema_perms(namespaceId,

                              SEPG_DB_SCHEMA__SEARCH,

                              abort_on_violation);

}


void

sepgsql_schema_add_name(Oid namespaceId)

{

    check_schema_perms(namespaceId, SEPG_DB_SCHEMA__ADD_NAME, true);

}


void

sepgsql_schema_remove_name(Oid namespaceId)

{

    check_schema_perms(namespaceId, SEPG_DB_SCHEMA__REMOVE_NAME, true);

}


void

sepgsql_schema_rename(Oid namespaceId)

{

    check_schema_perms(namespaceId,

                       SEPG_DB_SCHEMA__ADD_NAME |

                       SEPG_DB_SCHEMA__REMOVE_NAME,

                       true);

}

builtins.h

NameStr
#define NameStr(name)
Definition: c.h:717

uint32
uint32_t uint32
Definition: c.h:502

dependency.h

ERROR
#define ERROR
Definition: elog.h:39

elog
#define elog(elevel,...)
Definition: elog.h:225

systable_endscan
void systable_endscan(SysScanDesc sysscan)
Definition: genam.c:603

systable_getnext
HeapTuple systable_getnext(SysScanDesc sysscan)
Definition: genam.c:514

systable_beginscan
SysScanDesc systable_beginscan(Relation heapRelation, Oid indexId, bool indexOK, Snapshot snapshot, int nkeys, ScanKey key)
Definition: genam.c:388

genam.h

MyDatabaseId
Oid MyDatabaseId
Definition: globals.c:94

HeapTupleIsValid
#define HeapTupleIsValid(tuple)
Definition: htup.h:78

htup_details.h

GETSTRUCT
static void * GETSTRUCT(const HeapTupleData *tuple)
Definition: htup_details.h:728

sepgsql_get_label
char * sepgsql_get_label(Oid classId, Oid objectId, int32 subId)
Definition: label.c:445

sepgsql_get_client_label
char * sepgsql_get_client_label(void)
Definition: label.c:80

AccessShareLock
#define AccessShareLock
Definition: lockdefs.h:36

lsyscache.h

pfree
void pfree(void *pointer)
Definition: mcxt.c:1528

miscadmin.h

generate_unaccent_rules.required
required
Definition: generate_unaccent_rules.py:285

getObjectIdentity
char * getObjectIdentity(const ObjectAddress *object, bool missing_ok)
Definition: objectaddress.c:4824

pg_database.h

pg_namespace.h

Form_pg_namespace
FormData_pg_namespace * Form_pg_namespace
Definition: pg_namespace.h:52

postgres.h

ObjectIdGetDatum
static Datum ObjectIdGetDatum(Oid X)
Definition: postgres.h:257

Oid
unsigned int Oid
Definition: postgres_ext.h:30

quote_identifier
const char * quote_identifier(const char *ident)
Definition: ruleutils.c:13029

ScanKeyInit
void ScanKeyInit(ScanKey entry, AttrNumber attributeNumber, StrategyNumber strategy, RegProcedure procedure, Datum argument)
Definition: scankey.c:76

sepgsql_schema_post_create
void sepgsql_schema_post_create(Oid namespaceId)
Definition: schema.c:36

sepgsql_schema_setattr
void sepgsql_schema_setattr(Oid namespaceId)
Definition: schema.c:202

sepgsql_schema_rename
void sepgsql_schema_rename(Oid namespaceId)
Definition: schema.c:229

sepgsql_schema_remove_name
void sepgsql_schema_remove_name(Oid namespaceId)
Definition: schema.c:223

sepgsql_schema_add_name
void sepgsql_schema_add_name(Oid namespaceId)
Definition: schema.c:217

sepgsql_schema_relabel
void sepgsql_schema_relabel(Oid namespaceId, const char *seclabel)
Definition: schema.c:142

sepgsql_schema_search
bool sepgsql_schema_search(Oid namespaceId, bool abort_on_violation)
Definition: schema.c:209

sepgsql_schema_drop
void sepgsql_schema_drop(Oid namespaceId)
Definition: schema.c:114

check_schema_perms
static bool check_schema_perms(Oid namespaceId, uint32 required, bool abort_on_violation)
Definition: schema.c:179

SetSecurityLabel
void SetSecurityLabel(const ObjectAddress *object, const char *provider, const char *label)
Definition: seclabel.c:404

seclabel.h

sepgsql_compute_create
char * sepgsql_compute_create(const char *scontext, const char *tcontext, uint16 tclass, const char *objname)
Definition: selinux.c:842

sepgsql.h

SEPG_DB_SCHEMA__DROP
#define SEPG_DB_SCHEMA__DROP
Definition: sepgsql.h:128

SEPG_CLASS_DB_SCHEMA
#define SEPG_CLASS_DB_SCHEMA
Definition: sepgsql.h:45

SEPG_DB_SCHEMA__SETATTR
#define SEPG_DB_SCHEMA__SETATTR
Definition: sepgsql.h:130

SEPG_DB_SCHEMA__CREATE
#define SEPG_DB_SCHEMA__CREATE
Definition: sepgsql.h:127

SEPG_DB_SCHEMA__REMOVE_NAME
#define SEPG_DB_SCHEMA__REMOVE_NAME
Definition: sepgsql.h:135

sepgsql_avc_check_perms_label
bool sepgsql_avc_check_perms_label(const char *tcontext, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:337

SEPG_DB_SCHEMA__ADD_NAME
#define SEPG_DB_SCHEMA__ADD_NAME
Definition: sepgsql.h:134

SEPG_DB_SCHEMA__RELABELFROM
#define SEPG_DB_SCHEMA__RELABELFROM
Definition: sepgsql.h:131

SEPG_DB_SCHEMA__SEARCH
#define SEPG_DB_SCHEMA__SEARCH
Definition: sepgsql.h:133

SEPGSQL_LABEL_TAG
#define SEPGSQL_LABEL_TAG
Definition: sepgsql.h:23

SEPG_DB_SCHEMA__RELABELTO
#define SEPG_DB_SCHEMA__RELABELTO
Definition: sepgsql.h:132

sepgsql_avc_check_perms
bool sepgsql_avc_check_perms(const ObjectAddress *tobject, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:420

snapmgr.h

SnapshotSelf
#define SnapshotSelf
Definition: snapmgr.h:32

BTEqualStrategyNumber
#define BTEqualStrategyNumber
Definition: stratnum.h:31

appendStringInfoString
void appendStringInfoString(StringInfo str, const char *s)
Definition: stringinfo.c:230

initStringInfo
void initStringInfo(StringInfo str)
Definition: stringinfo.c:97

stringinfo.h

HeapTupleData
Definition: htup.h:63

ObjectAddress
Definition: objectaddress.h:25

ObjectAddress::classId
Oid classId
Definition: objectaddress.h:26

RelationData
Definition: rel.h:56

ScanKeyData
Definition: skey.h:65

StringInfoData
Definition: stringinfo.h:47

StringInfoData::data
char * data
Definition: stringinfo.h:48

SysScanDescData
Definition: relscan.h:208

sysattr.h

table_close
void table_close(Relation relation, LOCKMODE lockmode)
Definition: table.c:126

table_open
Relation table_open(Oid relationId, LOCKMODE lockmode)
Definition: table.c:40

table.h