selinux.c File Reference

#include "postgres.h"
#include "lib/stringinfo.h"
#include "sepgsql.h"

Include dependency graph for selinux.c:

Go to the source code of this file.

Functions
bool	sepgsql_is_enabled (void)
int	sepgsql_get_mode (void)
int	sepgsql_set_mode (int new_mode)
bool	sepgsql_getenforce (void)
void	sepgsql_audit_log (bool denied, bool enforcing, const char *scontext, const char *tcontext, uint16 tclass, uint32 audited, const char *audit_name)
void	sepgsql_compute_avd (const char *scontext, const char *tcontext, uint16 tclass, struct av_decision *avd)
char *	sepgsql_compute_create (const char *scontext, const char *tcontext, uint16 tclass, const char *objname)

Variables
struct {
const char *   class_name
uint16   class_code
struct {
const char *   av_name
uint32   av_code
}   av [32]
}	selinux_catalog []
static int	sepgsql_mode = SEPGSQL_MODE_INTERNAL

Function Documentation

sepgsql_audit_log()

void sepgsql_audit_log	(	bool	denied,
		bool	enforcing,
		const char *	scontext,
		const char *	tcontext,
		uint16	tclass,
		uint32	audited,
		const char *	audit_name
	)

Definition at line 678 of file selinux.c.

{
    StringInfoData buf;
    const char *class_name;
    const char *av_name;
    int         i;
 
    /* lookup name of the object class */
    Assert(tclass < SEPG_CLASS_MAX);
    class_name = selinux_catalog[tclass].class_name;
 
    /* lookup name of the permissions */
    initStringInfo(&buf);
    appendStringInfo(&buf, "%s {",
                     (denied ? "denied" : "allowed"));
    for (i = 0; selinux_catalog[tclass].av[i].av_name; i++)
    {
        if (audited & (1UL << i))
        {
            av_name = selinux_catalog[tclass].av[i].av_name;
            appendStringInfo(&buf, " %s", av_name);
        }
    }
    appendStringInfoString(&buf, " }");
 
    /*
     * Call external audit module, if loaded
     */
    appendStringInfo(&buf, " scontext=%s tcontext=%s tclass=%s",
                     scontext, tcontext, class_name);
    if (audit_name)
        appendStringInfo(&buf, " name=\"%s\"", audit_name);
 
    if (enforcing)
        appendStringInfoString(&buf, " permissive=0");
    else
        appendStringInfoString(&buf, " permissive=1");
 
    ereport(LOG, (errmsg("SELinux: %s", buf.data)));
}

References appendStringInfo(), appendStringInfoString(), Assert(), av_name, buf, class_name, ereport, errmsg(), i, initStringInfo(), LOG, selinux_catalog, and SEPG_CLASS_MAX.

Referenced by sepgsql_avc_check_perms_label().

sepgsql_compute_avd()

void sepgsql_compute_avd	(	const char *	scontext,
		const char *	tcontext,
		uint16	tclass,
		struct av_decision *	avd
	)

Definition at line 739 of file selinux.c.

{
    const char *tclass_name;
    security_class_t tclass_ex;
    struct av_decision avd_ex;
    int         i,
                deny_unknown = security_deny_unknown();
 
    /* Get external code of the object class */
    Assert(tclass < SEPG_CLASS_MAX);
    Assert(tclass == selinux_catalog[tclass].class_code);
 
    tclass_name = selinux_catalog[tclass].class_name;
    tclass_ex = string_to_security_class(tclass_name);
 
    if (tclass_ex == 0)
    {
        /*
         * If the current security policy does not support permissions
         * corresponding to database objects, we fill up them with dummy data.
         * If security_deny_unknown() returns positive value, undefined
         * permissions should be denied. Otherwise, allowed
         */
        avd->allowed = (security_deny_unknown() > 0 ? 0 : ~0);
        avd->auditallow = 0U;
        avd->auditdeny = ~0U;
        avd->flags = 0;
 
        return;
    }
 
    /*
     * Ask SELinux what is allowed set of permissions on a pair of the
     * security contexts and the given object class.
     */
    if (security_compute_av_flags_raw(scontext,
                                      tcontext,
                                      tclass_ex, 0, &avd_ex) < 0)
        ereport(ERROR,
                (errcode(ERRCODE_INTERNAL_ERROR),
                 errmsg("SELinux could not compute av_decision: "
                        "scontext=%s tcontext=%s tclass=%s: %m",
                        scontext, tcontext, tclass_name)));
 
    /*
     * SELinux returns its access control decision as a set of permissions
     * represented in external code which depends on run-time environment. So,
     * we need to translate it to the internal representation before returning
     * results for the caller.
     */
    memset(avd, 0, sizeof(struct av_decision));
 
    for (i = 0; selinux_catalog[tclass].av[i].av_name; i++)
    {
        access_vector_t av_code_ex;
        const char *av_name = selinux_catalog[tclass].av[i].av_name;
        uint32      av_code = selinux_catalog[tclass].av[i].av_code;
 
        av_code_ex = string_to_av_perm(tclass_ex, av_name);
        if (av_code_ex == 0)
        {
            /* fill up undefined permissions */
            if (!deny_unknown)
                avd->allowed |= av_code;
            avd->auditdeny |= av_code;
 
            continue;
        }
 
        if (avd_ex.allowed & av_code_ex)
            avd->allowed |= av_code;
        if (avd_ex.auditallow & av_code_ex)
            avd->auditallow |= av_code;
        if (avd_ex.auditdeny & av_code_ex)
            avd->auditdeny |= av_code;
    }
}

References Assert(), av_code, av_name, class_code, ereport, errcode(), errmsg(), ERROR, i, selinux_catalog, and SEPG_CLASS_MAX.

Referenced by sepgsql_avc_compute().

sepgsql_compute_create()

char * sepgsql_compute_create	(	const char *	scontext,
		const char *	tcontext,
		uint16	tclass,
		const char *	objname
	)

Definition at line 842 of file selinux.c.

{
    char       *ncontext;
    security_class_t tclass_ex;
    const char *tclass_name;
    char       *result;
 
    /* Get external code of the object class */
    Assert(tclass < SEPG_CLASS_MAX);
 
    tclass_name = selinux_catalog[tclass].class_name;
    tclass_ex = string_to_security_class(tclass_name);
 
    /*
     * Ask SELinux what is the default context for the given object class on a
     * pair of security contexts
     */
    if (security_compute_create_name_raw(scontext,
                                         tcontext,
                                         tclass_ex,
                                         objname,
                                         &ncontext) < 0)
        ereport(ERROR,
                (errcode(ERRCODE_INTERNAL_ERROR),
                 errmsg("SELinux could not compute a new context: "
                        "scontext=%s tcontext=%s tclass=%s: %m",
                        scontext, tcontext, tclass_name)));
 
    /*
     * libselinux returns malloc()'ed string, so we need to copy it on the
     * palloc()'ed region.
     */
    PG_TRY();
    {
        result = pstrdup(ncontext);
    }
    PG_FINALLY();
    {
        freecon(ncontext);
    }
    PG_END_TRY();
 
    return result;
}

References Assert(), ereport, errcode(), errmsg(), ERROR, PG_END_TRY, PG_FINALLY, PG_TRY, pstrdup(), selinux_catalog, and SEPG_CLASS_MAX.

Referenced by sepgsql_attribute_post_create(), sepgsql_avc_compute(), sepgsql_database_post_create(), sepgsql_proc_post_create(), sepgsql_relation_post_create(), and sepgsql_schema_post_create().

sepgsql_get_mode()

int sepgsql_get_mode

(

void

)

Definition at line 625 of file selinux.c.

{
    return sepgsql_mode;
}

References sepgsql_mode.

Referenced by sepgsql_avc_check_perms_label().

sepgsql_getenforce()

bool sepgsql_getenforce

(

void

)

Definition at line 651 of file selinux.c.

{
    if (sepgsql_mode == SEPGSQL_MODE_DEFAULT &&
        selinux_status_getenforce() > 0)
        return true;
 
    return false;
}

References sepgsql_mode, and SEPGSQL_MODE_DEFAULT.

Referenced by check_relation_privileges(), sepgsql_avc_check_perms_label(), and sepgsql_utility_command().

sepgsql_is_enabled()

bool sepgsql_is_enabled

(

void

)

Definition at line 616 of file selinux.c.

{
    return (sepgsql_mode != SEPGSQL_MODE_DISABLED);
}

References sepgsql_mode, and SEPGSQL_MODE_DISABLED.

Referenced by sepgsql_getcon(), sepgsql_mcstrans_in(), sepgsql_mcstrans_out(), and sepgsql_restorecon().

sepgsql_set_mode()

int sepgsql_set_mode

(

int

new_mode

)

Definition at line 634 of file selinux.c.

{
    int         old_mode = sepgsql_mode;
 
    sepgsql_mode = new_mode;
 
    return old_mode;
}

References sepgsql_mode.

Referenced by _PG_init(), and sepgsql_client_auth().

Variable Documentation

struct { ... } av[32]

Referenced by array_to_datum_internal(), compare_int16(), extract_autovac_opts(), Jsonb_to_SV(), plperl_ref_from_pg_array(), plperl_trigger_build_args(), and process_startup_options().

av_code

uint32 av_code

Definition at line 37 of file selinux.c.

Referenced by sepgsql_compute_avd().

av_name

const char* av_name

Definition at line 36 of file selinux.c.

Referenced by sepgsql_audit_log(), and sepgsql_compute_avd().

class_code

uint16 class_code

Definition at line 33 of file selinux.c.

Referenced by sepgsql_compute_avd().

class_name

const char* class_name

Definition at line 32 of file selinux.c.

Referenced by sepgsql_audit_log(), and to_regclass().

struct { ... } selinux_catalog[]

Referenced by sepgsql_audit_log(), sepgsql_compute_avd(), and sepgsql_compute_create().

sepgsql_mode

int sepgsql_mode = SEPGSQL_MODE_INTERNAL

static

Definition at line 610 of file selinux.c.

Referenced by sepgsql_get_mode(), sepgsql_getenforce(), sepgsql_is_enabled(), and sepgsql_set_mode().