PostgreSQL Source Code  git master
selinux.c File Reference
#include "postgres.h"
#include "lib/stringinfo.h"
#include "sepgsql.h"
Include dependency graph for selinux.c:

Go to the source code of this file.

Functions

bool sepgsql_is_enabled (void)
 
int sepgsql_get_mode (void)
 
int sepgsql_set_mode (int new_mode)
 
bool sepgsql_getenforce (void)
 
void sepgsql_audit_log (bool denied, bool enforcing, const char *scontext, const char *tcontext, uint16 tclass, uint32 audited, const char *audit_name)
 
void sepgsql_compute_avd (const char *scontext, const char *tcontext, uint16 tclass, struct av_decision *avd)
 
char * sepgsql_compute_create (const char *scontext, const char *tcontext, uint16 tclass, const char *objname)
 

Variables

struct {
   const char *   class_name
 
   uint16   class_code
 
   struct {
      const char *   av_name
 
      uint32   av_code
 
   }   av [32]
 
selinux_catalog []
 
static int sepgsql_mode = SEPGSQL_MODE_INTERNAL
 

Function Documentation

◆ sepgsql_audit_log()

void sepgsql_audit_log ( bool  denied,
bool  enforcing,
const char *  scontext,
const char *  tcontext,
uint16  tclass,
uint32  audited,
const char *  audit_name 
)

Definition at line 678 of file selinux.c.

685 {
687  const char *class_name;
688  const char *av_name;
689  int i;
690 
691  /* lookup name of the object class */
692  Assert(tclass < SEPG_CLASS_MAX);
693  class_name = selinux_catalog[tclass].class_name;
694 
695  /* lookup name of the permissions */
697  appendStringInfo(&buf, "%s {",
698  (denied ? "denied" : "allowed"));
699  for (i = 0; selinux_catalog[tclass].av[i].av_name; i++)
700  {
701  if (audited & (1UL << i))
702  {
703  av_name = selinux_catalog[tclass].av[i].av_name;
704  appendStringInfo(&buf, " %s", av_name);
705  }
706  }
707  appendStringInfoString(&buf, " }");
708 
709  /*
710  * Call external audit module, if loaded
711  */
712  appendStringInfo(&buf, " scontext=%s tcontext=%s tclass=%s",
713  scontext, tcontext, class_name);
714  if (audit_name)
715  appendStringInfo(&buf, " name=\"%s\"", audit_name);
716 
717  if (enforcing)
718  appendStringInfoString(&buf, " permissive=0");
719  else
720  appendStringInfoString(&buf, " permissive=1");
721 
722  ereport(LOG, (errmsg("SELinux: %s", buf.data)));
723 }
int errmsg(const char *fmt,...)
Definition: elog.c:906
#define LOG
Definition: elog.h:27
#define ereport(elevel,...)
Definition: elog.h:145
int i
Definition: isn.c:73
Assert(fmt[strlen(fmt) - 1] !='\n')
static char * buf
Definition: pg_test_fsync.c:67
const char * av_name
Definition: selinux.c:36
const char * class_name
Definition: selinux.c:32
static struct @10 selinux_catalog[]
#define SEPG_CLASS_MAX
Definition: sepgsql.h:54
void appendStringInfo(StringInfo str, const char *fmt,...)
Definition: stringinfo.c:91
void appendStringInfoString(StringInfo str, const char *s)
Definition: stringinfo.c:176
void initStringInfo(StringInfo str)
Definition: stringinfo.c:59

References appendStringInfo(), appendStringInfoString(), Assert(), av_name, buf, class_name, ereport, errmsg(), i, initStringInfo(), LOG, selinux_catalog, and SEPG_CLASS_MAX.

Referenced by sepgsql_avc_check_perms_label().

◆ sepgsql_compute_avd()

void sepgsql_compute_avd ( const char *  scontext,
const char *  tcontext,
uint16  tclass,
struct av_decision *  avd 
)

Definition at line 739 of file selinux.c.

743 {
744  const char *tclass_name;
745  security_class_t tclass_ex;
746  struct av_decision avd_ex;
747  int i,
748  deny_unknown = security_deny_unknown();
749 
750  /* Get external code of the object class */
751  Assert(tclass < SEPG_CLASS_MAX);
752  Assert(tclass == selinux_catalog[tclass].class_code);
753 
754  tclass_name = selinux_catalog[tclass].class_name;
755  tclass_ex = string_to_security_class(tclass_name);
756 
757  if (tclass_ex == 0)
758  {
759  /*
760  * If the current security policy does not support permissions
761  * corresponding to database objects, we fill up them with dummy data.
762  * If security_deny_unknown() returns positive value, undefined
763  * permissions should be denied. Otherwise, allowed
764  */
765  avd->allowed = (security_deny_unknown() > 0 ? 0 : ~0);
766  avd->auditallow = 0U;
767  avd->auditdeny = ~0U;
768  avd->flags = 0;
769 
770  return;
771  }
772 
773  /*
774  * Ask SELinux what is allowed set of permissions on a pair of the
775  * security contexts and the given object class.
776  */
777  if (security_compute_av_flags_raw(scontext,
778  tcontext,
779  tclass_ex, 0, &avd_ex) < 0)
780  ereport(ERROR,
781  (errcode(ERRCODE_INTERNAL_ERROR),
782  errmsg("SELinux could not compute av_decision: "
783  "scontext=%s tcontext=%s tclass=%s: %m",
784  scontext, tcontext, tclass_name)));
785 
786  /*
787  * SELinux returns its access control decision as a set of permissions
788  * represented in external code which depends on run-time environment. So,
789  * we need to translate it to the internal representation before returning
790  * results for the caller.
791  */
792  memset(avd, 0, sizeof(struct av_decision));
793 
794  for (i = 0; selinux_catalog[tclass].av[i].av_name; i++)
795  {
796  access_vector_t av_code_ex;
797  const char *av_name = selinux_catalog[tclass].av[i].av_name;
798  uint32 av_code = selinux_catalog[tclass].av[i].av_code;
799 
800  av_code_ex = string_to_av_perm(tclass_ex, av_name);
801  if (av_code_ex == 0)
802  {
803  /* fill up undefined permissions */
804  if (!deny_unknown)
805  avd->allowed |= av_code;
806  avd->auditdeny |= av_code;
807 
808  continue;
809  }
810 
811  if (avd_ex.allowed & av_code_ex)
812  avd->allowed |= av_code;
813  if (avd_ex.auditallow & av_code_ex)
814  avd->auditallow |= av_code;
815  if (avd_ex.auditdeny & av_code_ex)
816  avd->auditdeny |= av_code;
817  }
818 }
unsigned int uint32
Definition: c.h:442
int errcode(int sqlerrcode)
Definition: elog.c:695
#define ERROR
Definition: elog.h:35
uint16 class_code
Definition: selinux.c:33
uint32 av_code
Definition: selinux.c:37

References Assert(), av_code, av_name, class_code, ereport, errcode(), errmsg(), ERROR, i, selinux_catalog, and SEPG_CLASS_MAX.

Referenced by sepgsql_avc_compute().

◆ sepgsql_compute_create()

char* sepgsql_compute_create ( const char *  scontext,
const char *  tcontext,
uint16  tclass,
const char *  objname 
)

Definition at line 842 of file selinux.c.

846 {
847  char *ncontext;
848  security_class_t tclass_ex;
849  const char *tclass_name;
850  char *result;
851 
852  /* Get external code of the object class */
853  Assert(tclass < SEPG_CLASS_MAX);
854 
855  tclass_name = selinux_catalog[tclass].class_name;
856  tclass_ex = string_to_security_class(tclass_name);
857 
858  /*
859  * Ask SELinux what is the default context for the given object class on a
860  * pair of security contexts
861  */
862  if (security_compute_create_name_raw(scontext,
863  tcontext,
864  tclass_ex,
865  objname,
866  &ncontext) < 0)
867  ereport(ERROR,
868  (errcode(ERRCODE_INTERNAL_ERROR),
869  errmsg("SELinux could not compute a new context: "
870  "scontext=%s tcontext=%s tclass=%s: %m",
871  scontext, tcontext, tclass_name)));
872 
873  /*
874  * libselinux returns malloc()'ed string, so we need to copy it on the
875  * palloc()'ed region.
876  */
877  PG_TRY();
878  {
879  result = pstrdup(ncontext);
880  }
881  PG_FINALLY();
882  {
883  freecon(ncontext);
884  }
885  PG_END_TRY();
886 
887  return result;
888 }
#define PG_TRY(...)
Definition: elog.h:309
#define PG_END_TRY(...)
Definition: elog.h:334
#define PG_FINALLY(...)
Definition: elog.h:326
char * pstrdup(const char *in)
Definition: mcxt.c:1483

References Assert(), ereport, errcode(), errmsg(), ERROR, PG_END_TRY, PG_FINALLY, PG_TRY, pstrdup(), selinux_catalog, and SEPG_CLASS_MAX.

Referenced by sepgsql_attribute_post_create(), sepgsql_avc_compute(), sepgsql_database_post_create(), sepgsql_proc_post_create(), sepgsql_relation_post_create(), and sepgsql_schema_post_create().

◆ sepgsql_get_mode()

int sepgsql_get_mode ( void  )

Definition at line 625 of file selinux.c.

626 {
627  return sepgsql_mode;
628 }
static int sepgsql_mode
Definition: selinux.c:610

References sepgsql_mode.

Referenced by sepgsql_avc_check_perms_label().

◆ sepgsql_getenforce()

bool sepgsql_getenforce ( void  )

Definition at line 651 of file selinux.c.

652 {
654  selinux_status_getenforce() > 0)
655  return true;
656 
657  return false;
658 }
#define SEPGSQL_MODE_DEFAULT
Definition: sepgsql.h:28

References sepgsql_mode, and SEPGSQL_MODE_DEFAULT.

Referenced by check_relation_privileges(), sepgsql_avc_check_perms_label(), and sepgsql_utility_command().

◆ sepgsql_is_enabled()

bool sepgsql_is_enabled ( void  )

Definition at line 616 of file selinux.c.

617 {
619 }
#define SEPGSQL_MODE_DISABLED
Definition: sepgsql.h:31

References sepgsql_mode, and SEPGSQL_MODE_DISABLED.

Referenced by sepgsql_getcon(), sepgsql_mcstrans_in(), sepgsql_mcstrans_out(), and sepgsql_restorecon().

◆ sepgsql_set_mode()

int sepgsql_set_mode ( int  new_mode)

Definition at line 634 of file selinux.c.

635 {
636  int old_mode = sepgsql_mode;
637 
638  sepgsql_mode = new_mode;
639 
640  return old_mode;
641 }

References sepgsql_mode.

Referenced by _PG_init(), and sepgsql_client_auth().

Variable Documentation

◆ 

◆ av_code

uint32 av_code

Definition at line 37 of file selinux.c.

Referenced by sepgsql_compute_avd().

◆ av_name

const char* av_name

Definition at line 36 of file selinux.c.

Referenced by sepgsql_audit_log(), and sepgsql_compute_avd().

◆ class_code

uint16 class_code

Definition at line 33 of file selinux.c.

Referenced by sepgsql_compute_avd().

◆ class_name

const char* class_name

Definition at line 32 of file selinux.c.

Referenced by sepgsql_audit_log(), and to_regclass().

◆ 

struct { ... } selinux_catalog[]

◆ sepgsql_mode

int sepgsql_mode = SEPGSQL_MODE_INTERNAL
static