schema_8c_source.html

 /* -------------------------------------------------------------------------
  *
  * contrib/sepgsql/schema.c
  *
  * Routines corresponding to schema objects
  *
  * Copyright (c) 2010-2021, PostgreSQL Global Development Group
  *
  * -------------------------------------------------------------------------
  */
 #include "postgres.h"

 #include "access/genam.h"
 #include "access/htup_details.h"
 #include "access/sysattr.h"
 #include "access/table.h"
 #include "catalog/dependency.h"
 #include "catalog/pg_database.h"
 #include "catalog/pg_namespace.h"
 #include "commands/seclabel.h"
 #include "lib/stringinfo.h"
 #include "miscadmin.h"
 #include "sepgsql.h"
 #include "utils/builtins.h"
 #include "utils/fmgroids.h"
 #include "utils/lsyscache.h"
 #include "utils/snapmgr.h"

 /*
  * sepgsql_schema_post_create
  *
  * This routine assigns a default security label on a newly defined
  * schema.
  */
 void
 sepgsql_schema_post_create(Oid namespaceId)
 {
     Relation    rel;
     ScanKeyData skey;
     SysScanDesc sscan;
     HeapTuple   tuple;
     char       *tcontext;
     char       *ncontext;
     const char *nsp_name;
     ObjectAddress object;
     Form_pg_namespace nspForm;
     StringInfoData audit_name;

     /*
      * Compute a default security label when we create a new schema object
      * under the working database.
      *
      * XXX - upcoming version of libselinux supports to take object name to
      * handle special treatment on default security label; such as special
      * label on "pg_temp" schema.
      */
     rel = table_open(NamespaceRelationId, AccessShareLock);

     ScanKeyInit(&skey,
                 Anum_pg_namespace_oid,
                 BTEqualStrategyNumber, F_OIDEQ,
                 ObjectIdGetDatum(namespaceId));

     sscan = systable_beginscan(rel, NamespaceOidIndexId, true,
                                SnapshotSelf, 1, &skey);
     tuple = systable_getnext(sscan);
     if (!HeapTupleIsValid(tuple))
         elog(ERROR, "could not find tuple for namespace %u", namespaceId);

     nspForm = (Form_pg_namespace) GETSTRUCT(tuple);
     nsp_name = NameStr(nspForm->nspname);
     if (strncmp(nsp_name, "pg_temp_", 8) == 0)
         nsp_name = "pg_temp";
     else if (strncmp(nsp_name, "pg_toast_temp_", 14) == 0)
         nsp_name = "pg_toast_temp";

     tcontext = sepgsql_get_label(DatabaseRelationId, MyDatabaseId, 0);
     ncontext = sepgsql_compute_create(sepgsql_get_client_label(),
                                       tcontext,
                                       SEPG_CLASS_DB_SCHEMA,
                                       nsp_name);

     /*
      * check db_schema:{create}
      */
     initStringInfo(&audit_name);
     appendStringInfo(&audit_name, "%s", quote_identifier(nsp_name));
     sepgsql_avc_check_perms_label(ncontext,
                                   SEPG_CLASS_DB_SCHEMA,
                                   SEPG_DB_SCHEMA__CREATE,
                                   audit_name.data,
                                   true);
     systable_endscan(sscan);
     table_close(rel, AccessShareLock);

     /*
      * Assign the default security label on a new procedure
      */
     object.classId = NamespaceRelationId;
     object.objectId = namespaceId;
     object.objectSubId = 0;
     SetSecurityLabel(&object, SEPGSQL_LABEL_TAG, ncontext);

     pfree(ncontext);
     pfree(tcontext);
 }

 /*
  * sepgsql_schema_drop
  *
  * It checks privileges to drop the supplied schema object.
  */
 void
 sepgsql_schema_drop(Oid namespaceId)
 {
     ObjectAddress object;
     char       *audit_name;

     /*
      * check db_schema:{drop} permission
      */
     object.classId = NamespaceRelationId;
     object.objectId = namespaceId;
     object.objectSubId = 0;
     audit_name = getObjectIdentity(&object, false);

     sepgsql_avc_check_perms(&object,
                             SEPG_CLASS_DB_SCHEMA,
                             SEPG_DB_SCHEMA__DROP,
                             audit_name,
                             true);
     pfree(audit_name);
 }

 /*
  * sepgsql_schema_relabel
  *
  * It checks privileges to relabel the supplied schema
  * by the `seclabel'.
  */
 void
 sepgsql_schema_relabel(Oid namespaceId, const char *seclabel)
 {
     ObjectAddress object;
     char       *audit_name;

     object.classId = NamespaceRelationId;
     object.objectId = namespaceId;
     object.objectSubId = 0;
     audit_name = getObjectIdentity(&object, false);

     /*
      * check db_schema:{setattr relabelfrom} permission
      */
     sepgsql_avc_check_perms(&object,
                             SEPG_CLASS_DB_SCHEMA,
                             SEPG_DB_SCHEMA__SETATTR |
                             SEPG_DB_SCHEMA__RELABELFROM,
                             audit_name,
                             true);

     /*
      * check db_schema:{relabelto} permission
      */
     sepgsql_avc_check_perms_label(seclabel,
                                   SEPG_CLASS_DB_SCHEMA,
                                   SEPG_DB_SCHEMA__RELABELTO,
                                   audit_name,
                                   true);
     pfree(audit_name);
 }

 /*
  * sepgsql_schema_check_perms
  *
  * utility routine to check db_schema:{xxx} permissions
  */
 static bool
 check_schema_perms(Oid namespaceId, uint32 required, bool abort_on_violation)
 {
     ObjectAddress object;
     char       *audit_name;
     bool        result;

     object.classId = NamespaceRelationId;
     object.objectId = namespaceId;
     object.objectSubId = 0;
     audit_name = getObjectIdentity(&object, false);

     result = sepgsql_avc_check_perms(&object,
                                      SEPG_CLASS_DB_SCHEMA,
                                      required,
                                      audit_name,
                                      abort_on_violation);
     pfree(audit_name);

     return result;
 }

 /* db_schema:{setattr} permission */
 void
 sepgsql_schema_setattr(Oid namespaceId)
 {
     check_schema_perms(namespaceId, SEPG_DB_SCHEMA__SETATTR, true);
 }

 /* db_schema:{search} permission */
 bool
 sepgsql_schema_search(Oid namespaceId, bool abort_on_violation)
 {
     return check_schema_perms(namespaceId,
                               SEPG_DB_SCHEMA__SEARCH,
                               abort_on_violation);
 }

 void
 sepgsql_schema_add_name(Oid namespaceId)
 {
     check_schema_perms(namespaceId, SEPG_DB_SCHEMA__ADD_NAME, true);
 }

 void
 sepgsql_schema_remove_name(Oid namespaceId)
 {
     check_schema_perms(namespaceId, SEPG_DB_SCHEMA__REMOVE_NAME, true);
 }

 void
 sepgsql_schema_rename(Oid namespaceId)
 {
     check_schema_perms(namespaceId,
                        SEPG_DB_SCHEMA__ADD_NAME |
                        SEPG_DB_SCHEMA__REMOVE_NAME,
                        true);
 }
sepgsql_avc_check_perms_label
bool sepgsql_avc_check_perms_label(const char *tcontext, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:337

SEPG_DB_SCHEMA__DROP
#define SEPG_DB_SCHEMA__DROP
Definition: sepgsql.h:128

table_close
void table_close(Relation relation, LOCKMODE lockmode)
Definition: table.c:167

systable_endscan
void systable_endscan(SysScanDesc sysscan)
Definition: genam.c:595

GETSTRUCT
#define GETSTRUCT(TUP)
Definition: htup_details.h:654

sepgsql_schema_setattr
void sepgsql_schema_setattr(Oid namespaceId)
Definition: schema.c:202

Form_pg_namespace
FormData_pg_namespace * Form_pg_namespace
Definition: pg_namespace.h:52

SetSecurityLabel
void SetSecurityLabel(const ObjectAddress *object, const char *provider, const char *label)
Definition: seclabel.c:402

sepgsql_schema_relabel
void sepgsql_schema_relabel(Oid namespaceId, const char *seclabel)
Definition: schema.c:142

quote_identifier
const char * quote_identifier(const char *ident)
Definition: ruleutils.c:11374

sepgsql_schema_drop
void sepgsql_schema_drop(Oid namespaceId)
Definition: schema.c:114

sepgsql_schema_add_name
void sepgsql_schema_add_name(Oid namespaceId)
Definition: schema.c:217

sepgsql_get_label
char * sepgsql_get_label(Oid classId, Oid objectId, int32 subId)
Definition: label.c:445

sepgsql_avc_check_perms
bool sepgsql_avc_check_perms(const ObjectAddress *tobject, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:419

sepgsql_schema_remove_name
void sepgsql_schema_remove_name(Oid namespaceId)
Definition: schema.c:223

stringinfo.h

AccessShareLock
#define AccessShareLock
Definition: lockdefs.h:36

lsyscache.h

check_schema_perms
static bool check_schema_perms(Oid namespaceId, uint32 required, bool abort_on_violation)
Definition: schema.c:179

SEPG_CLASS_DB_SCHEMA
#define SEPG_CLASS_DB_SCHEMA
Definition: sepgsql.h:45

Oid
unsigned int Oid
Definition: postgres_ext.h:31

builtins.h

dependency.h

systable_beginscan
SysScanDesc systable_beginscan(Relation heapRelation, Oid indexId, bool indexOK, Snapshot snapshot, int nkeys, ScanKey key)
Definition: genam.c:383

ScanKeyData
Definition: skey.h:64

SEPG_DB_SCHEMA__RELABELFROM
#define SEPG_DB_SCHEMA__RELABELFROM
Definition: sepgsql.h:131

ObjectAddress
Definition: objectaddress.h:24

sepgsql_schema_post_create
void sepgsql_schema_post_create(Oid namespaceId)
Definition: schema.c:36

systable_getnext
HeapTuple systable_getnext(SysScanDesc sysscan)
Definition: genam.c:502

pfree
void pfree(void *pointer)
Definition: mcxt.c:1169

appendStringInfo
void appendStringInfo(StringInfo str, const char *fmt,...)
Definition: stringinfo.c:91

ObjectIdGetDatum
#define ObjectIdGetDatum(X)
Definition: postgres.h:551

ERROR
#define ERROR
Definition: elog.h:46

miscadmin.h

getObjectIdentity
char * getObjectIdentity(const ObjectAddress *object, bool missing_ok)
Definition: objectaddress.c:4641

sepgsql_schema_rename
void sepgsql_schema_rename(Oid namespaceId)
Definition: schema.c:229

SnapshotSelf
#define SnapshotSelf
Definition: snapmgr.h:66

SEPGSQL_LABEL_TAG
#define SEPGSQL_LABEL_TAG
Definition: sepgsql.h:23

uint32
unsigned int uint32
Definition: c.h:441

htup_details.h

pg_namespace.h

initStringInfo
void initStringInfo(StringInfo str)
Definition: stringinfo.c:59

SEPG_DB_SCHEMA__SEARCH
#define SEPG_DB_SCHEMA__SEARCH
Definition: sepgsql.h:133

sepgsql.h

postgres.h

pg_database.h

MyDatabaseId
Oid MyDatabaseId
Definition: globals.c:88

sepgsql_schema_search
bool sepgsql_schema_search(Oid namespaceId, bool abort_on_violation)
Definition: schema.c:209

SEPG_DB_SCHEMA__ADD_NAME
#define SEPG_DB_SCHEMA__ADD_NAME
Definition: sepgsql.h:134

sysattr.h

seclabel.h

SEPG_DB_SCHEMA__SETATTR
#define SEPG_DB_SCHEMA__SETATTR
Definition: sepgsql.h:130

HeapTupleIsValid
#define HeapTupleIsValid(tuple)
Definition: htup.h:78

StringInfoData::data
char * data
Definition: stringinfo.h:38

HeapTupleData
Definition: htup.h:62

SEPG_DB_SCHEMA__CREATE
#define SEPG_DB_SCHEMA__CREATE
Definition: sepgsql.h:127

RelationData
Definition: rel.h:54

sepgsql_get_client_label
char * sepgsql_get_client_label(void)
Definition: label.c:80

table.h

snapmgr.h

sepgsql_compute_create
char * sepgsql_compute_create(const char *scontext, const char *tcontext, uint16 tclass, const char *objname)
Definition: selinux.c:836

ObjectAddress::classId
Oid classId
Definition: objectaddress.h:26

elog
#define elog(elevel,...)
Definition: elog.h:232

NameStr
#define NameStr(name)
Definition: c.h:681

ScanKeyInit
void ScanKeyInit(ScanKey entry, AttrNumber attributeNumber, StrategyNumber strategy, RegProcedure procedure, Datum argument)
Definition: scankey.c:76

genam.h

SysScanDescData
Definition: relscan.h:181

table_open
Relation table_open(Oid relationId, LOCKMODE lockmode)
Definition: table.c:39

generate_unaccent_rules.required
required
Definition: generate_unaccent_rules.py:282

SEPG_DB_SCHEMA__RELABELTO
#define SEPG_DB_SCHEMA__RELABELTO
Definition: sepgsql.h:132

SEPG_DB_SCHEMA__REMOVE_NAME
#define SEPG_DB_SCHEMA__REMOVE_NAME
Definition: sepgsql.h:135

BTEqualStrategyNumber
#define BTEqualStrategyNumber
Definition: stratnum.h:31

StringInfoData
Definition: stringinfo.h:36