selinux_8c_source.html

/* -------------------------------------------------------------------------

 *

 * contrib/sepgsql/selinux.c

 *

 * Interactions between userspace and selinux in kernelspace,

 * using libselinux api.

 *

 * Copyright (c) 2010-2025, PostgreSQL Global Development Group

 *

 * -------------------------------------------------------------------------

 */

#include "postgres.h"


#include "lib/stringinfo.h"


#include "sepgsql.h"


/*

 * selinux_catalog

 *

 * This mapping table enables to translate the name of object classes and

 * access vectors to/from their own codes.

 * When we ask SELinux whether the required privileges are allowed or not,

 * we use security_compute_av(3). It needs us to represent object classes

 * and access vectors using 'external' codes defined in the security policy.

 * It is determined in the runtime, not build time. So, it needs an internal

 * service to translate object class/access vectors which we want to check

 * into the code which kernel want to be given.

 */

static struct

{

    const char *class_name;

    uint16      class_code;

    struct

    {

        const char *av_name;

        uint32      av_code;

    }           av[32];

}           selinux_catalog[] =


{

    {

        "process", SEPG_CLASS_PROCESS,

        {

            {

                "transition", SEPG_PROCESS__TRANSITION

            },

            {

                "dyntransition", SEPG_PROCESS__DYNTRANSITION

            },

            {

                "setcurrent", SEPG_PROCESS__SETCURRENT

            },

            {

                NULL, 0UL

            }

        }

    },

    {

        "file", SEPG_CLASS_FILE,

        {

            {

                "read", SEPG_FILE__READ

            },

            {

                "write", SEPG_FILE__WRITE

            },

            {

                "create", SEPG_FILE__CREATE

            },

            {

                "getattr", SEPG_FILE__GETATTR

            },

            {

                "unlink", SEPG_FILE__UNLINK

            },

            {

                "rename", SEPG_FILE__RENAME

            },

            {

                "append", SEPG_FILE__APPEND

            },

            {

                NULL, 0UL

            }

        }

    },

    {

        "dir", SEPG_CLASS_DIR,

        {

            {

                "read", SEPG_DIR__READ

            },

            {

                "write", SEPG_DIR__WRITE

            },

            {

                "create", SEPG_DIR__CREATE

            },

            {

                "getattr", SEPG_DIR__GETATTR

            },

            {

                "unlink", SEPG_DIR__UNLINK

            },

            {

                "rename", SEPG_DIR__RENAME

            },

            {

                "search", SEPG_DIR__SEARCH

            },

            {

                "add_name", SEPG_DIR__ADD_NAME

            },

            {

                "remove_name", SEPG_DIR__REMOVE_NAME

            },

            {

                "rmdir", SEPG_DIR__RMDIR

            },

            {

                "reparent", SEPG_DIR__REPARENT

            },

            {

                NULL, 0UL

            }

        }

    },

    {

        "lnk_file", SEPG_CLASS_LNK_FILE,

        {

            {

                "read", SEPG_LNK_FILE__READ

            },

            {

                "write", SEPG_LNK_FILE__WRITE

            },

            {

                "create", SEPG_LNK_FILE__CREATE

            },

            {

                "getattr", SEPG_LNK_FILE__GETATTR

            },

            {

                "unlink", SEPG_LNK_FILE__UNLINK

            },

            {

                "rename", SEPG_LNK_FILE__RENAME

            },

            {

                NULL, 0UL

            }

        }

    },

    {

        "chr_file", SEPG_CLASS_CHR_FILE,

        {

            {

                "read", SEPG_CHR_FILE__READ

            },

            {

                "write", SEPG_CHR_FILE__WRITE

            },

            {

                "create", SEPG_CHR_FILE__CREATE

            },

            {

                "getattr", SEPG_CHR_FILE__GETATTR

            },

            {

                "unlink", SEPG_CHR_FILE__UNLINK

            },

            {

                "rename", SEPG_CHR_FILE__RENAME

            },

            {

                NULL, 0UL

            }

        }

    },

    {

        "blk_file", SEPG_CLASS_BLK_FILE,

        {

            {

                "read", SEPG_BLK_FILE__READ

            },

            {

                "write", SEPG_BLK_FILE__WRITE

            },

            {

                "create", SEPG_BLK_FILE__CREATE

            },

            {

                "getattr", SEPG_BLK_FILE__GETATTR

            },

            {

                "unlink", SEPG_BLK_FILE__UNLINK

            },

            {

                "rename", SEPG_BLK_FILE__RENAME

            },

            {

                NULL, 0UL

            }

        }

    },

    {

        "sock_file", SEPG_CLASS_SOCK_FILE,

        {

            {

                "read", SEPG_SOCK_FILE__READ

            },

            {

                "write", SEPG_SOCK_FILE__WRITE

            },

            {

                "create", SEPG_SOCK_FILE__CREATE

            },

            {

                "getattr", SEPG_SOCK_FILE__GETATTR

            },

            {

                "unlink", SEPG_SOCK_FILE__UNLINK

            },

            {

                "rename", SEPG_SOCK_FILE__RENAME

            },

            {

                NULL, 0UL

            }

        }

    },

    {

        "fifo_file", SEPG_CLASS_FIFO_FILE,

        {

            {

                "read", SEPG_FIFO_FILE__READ

            },

            {

                "write", SEPG_FIFO_FILE__WRITE

            },

            {

                "create", SEPG_FIFO_FILE__CREATE

            },

            {

                "getattr", SEPG_FIFO_FILE__GETATTR

            },

            {

                "unlink", SEPG_FIFO_FILE__UNLINK

            },

            {

                "rename", SEPG_FIFO_FILE__RENAME

            },

            {

                NULL, 0UL

            }

        }

    },

    {

        "db_database", SEPG_CLASS_DB_DATABASE,

        {

            {

                "create", SEPG_DB_DATABASE__CREATE

            },

            {

                "drop", SEPG_DB_DATABASE__DROP

            },

            {

                "getattr", SEPG_DB_DATABASE__GETATTR

            },

            {

                "setattr", SEPG_DB_DATABASE__SETATTR

            },

            {

                "relabelfrom", SEPG_DB_DATABASE__RELABELFROM

            },

            {

                "relabelto", SEPG_DB_DATABASE__RELABELTO

            },

            {

                "access", SEPG_DB_DATABASE__ACCESS

            },

            {

                "load_module", SEPG_DB_DATABASE__LOAD_MODULE

            },

            {

                NULL, 0UL

            },

        }

    },

    {

        "db_schema", SEPG_CLASS_DB_SCHEMA,

        {

            {

                "create", SEPG_DB_SCHEMA__CREATE

            },

            {

                "drop", SEPG_DB_SCHEMA__DROP

            },

            {

                "getattr", SEPG_DB_SCHEMA__GETATTR

            },

            {

                "setattr", SEPG_DB_SCHEMA__SETATTR

            },

            {

                "relabelfrom", SEPG_DB_SCHEMA__RELABELFROM

            },

            {

                "relabelto", SEPG_DB_SCHEMA__RELABELTO

            },

            {

                "search", SEPG_DB_SCHEMA__SEARCH

            },

            {

                "add_name", SEPG_DB_SCHEMA__ADD_NAME

            },

            {

                "remove_name", SEPG_DB_SCHEMA__REMOVE_NAME

            },

            {

                NULL, 0UL

            },

        }

    },

    {

        "db_table", SEPG_CLASS_DB_TABLE,

        {

            {

                "create", SEPG_DB_TABLE__CREATE

            },

            {

                "drop", SEPG_DB_TABLE__DROP

            },

            {

                "getattr", SEPG_DB_TABLE__GETATTR

            },

            {

                "setattr", SEPG_DB_TABLE__SETATTR

            },

            {

                "relabelfrom", SEPG_DB_TABLE__RELABELFROM

            },

            {

                "relabelto", SEPG_DB_TABLE__RELABELTO

            },

            {

                "select", SEPG_DB_TABLE__SELECT

            },

            {

                "update", SEPG_DB_TABLE__UPDATE

            },

            {

                "insert", SEPG_DB_TABLE__INSERT

            },

            {

                "delete", SEPG_DB_TABLE__DELETE

            },

            {

                "lock", SEPG_DB_TABLE__LOCK

            },

            {

                "truncate", SEPG_DB_TABLE__TRUNCATE

            },

            {

                NULL, 0UL

            },

        }

    },

    {

        "db_sequence", SEPG_CLASS_DB_SEQUENCE,

        {

            {

                "create", SEPG_DB_SEQUENCE__CREATE

            },

            {

                "drop", SEPG_DB_SEQUENCE__DROP

            },

            {

                "getattr", SEPG_DB_SEQUENCE__GETATTR

            },

            {

                "setattr", SEPG_DB_SEQUENCE__SETATTR

            },

            {

                "relabelfrom", SEPG_DB_SEQUENCE__RELABELFROM

            },

            {

                "relabelto", SEPG_DB_SEQUENCE__RELABELTO

            },

            {

                "get_value", SEPG_DB_SEQUENCE__GET_VALUE

            },

            {

                "next_value", SEPG_DB_SEQUENCE__NEXT_VALUE

            },

            {

                "set_value", SEPG_DB_SEQUENCE__SET_VALUE

            },

            {

                NULL, 0UL

            },

        }

    },

    {

        "db_procedure", SEPG_CLASS_DB_PROCEDURE,

        {

            {

                "create", SEPG_DB_PROCEDURE__CREATE

            },

            {

                "drop", SEPG_DB_PROCEDURE__DROP

            },

            {

                "getattr", SEPG_DB_PROCEDURE__GETATTR

            },

            {

                "setattr", SEPG_DB_PROCEDURE__SETATTR

            },

            {

                "relabelfrom", SEPG_DB_PROCEDURE__RELABELFROM

            },

            {

                "relabelto", SEPG_DB_PROCEDURE__RELABELTO

            },

            {

                "execute", SEPG_DB_PROCEDURE__EXECUTE

            },

            {

                "entrypoint", SEPG_DB_PROCEDURE__ENTRYPOINT

            },

            {

                "install", SEPG_DB_PROCEDURE__INSTALL

            },

            {

                NULL, 0UL

            },

        }

    },

    {

        "db_column", SEPG_CLASS_DB_COLUMN,

        {

            {

                "create", SEPG_DB_COLUMN__CREATE

            },

            {

                "drop", SEPG_DB_COLUMN__DROP

            },

            {

                "getattr", SEPG_DB_COLUMN__GETATTR

            },

            {

                "setattr", SEPG_DB_COLUMN__SETATTR

            },

            {

                "relabelfrom", SEPG_DB_COLUMN__RELABELFROM

            },

            {

                "relabelto", SEPG_DB_COLUMN__RELABELTO

            },

            {

                "select", SEPG_DB_COLUMN__SELECT

            },

            {

                "update", SEPG_DB_COLUMN__UPDATE

            },

            {

                "insert", SEPG_DB_COLUMN__INSERT

            },

            {

                NULL, 0UL

            },

        }

    },

    {

        "db_tuple", SEPG_CLASS_DB_TUPLE,

        {

            {

                "relabelfrom", SEPG_DB_TUPLE__RELABELFROM

            },

            {

                "relabelto", SEPG_DB_TUPLE__RELABELTO

            },

            {

                "select", SEPG_DB_TUPLE__SELECT

            },

            {

                "update", SEPG_DB_TUPLE__UPDATE

            },

            {

                "insert", SEPG_DB_TUPLE__INSERT

            },

            {

                "delete", SEPG_DB_TUPLE__DELETE

            },

            {

                NULL, 0UL

            },

        }

    },

    {

        "db_blob", SEPG_CLASS_DB_BLOB,

        {

            {

                "create", SEPG_DB_BLOB__CREATE

            },

            {

                "drop", SEPG_DB_BLOB__DROP

            },

            {

                "getattr", SEPG_DB_BLOB__GETATTR

            },

            {

                "setattr", SEPG_DB_BLOB__SETATTR

            },

            {

                "relabelfrom", SEPG_DB_BLOB__RELABELFROM

            },

            {

                "relabelto", SEPG_DB_BLOB__RELABELTO

            },

            {

                "read", SEPG_DB_BLOB__READ

            },

            {

                "write", SEPG_DB_BLOB__WRITE

            },

            {

                "import", SEPG_DB_BLOB__IMPORT

            },

            {

                "export", SEPG_DB_BLOB__EXPORT

            },

            {

                NULL, 0UL

            },

        }

    },

    {

        "db_language", SEPG_CLASS_DB_LANGUAGE,

        {

            {

                "create", SEPG_DB_LANGUAGE__CREATE

            },

            {

                "drop", SEPG_DB_LANGUAGE__DROP

            },

            {

                "getattr", SEPG_DB_LANGUAGE__GETATTR

            },

            {

                "setattr", SEPG_DB_LANGUAGE__SETATTR

            },

            {

                "relabelfrom", SEPG_DB_LANGUAGE__RELABELFROM

            },

            {

                "relabelto", SEPG_DB_LANGUAGE__RELABELTO

            },

            {

                "implement", SEPG_DB_LANGUAGE__IMPLEMENT

            },

            {

                "execute", SEPG_DB_LANGUAGE__EXECUTE

            },

            {

                NULL, 0UL

            },

        }

    },

    {

        "db_view", SEPG_CLASS_DB_VIEW,

        {

            {

                "create", SEPG_DB_VIEW__CREATE

            },

            {

                "drop", SEPG_DB_VIEW__DROP

            },

            {

                "getattr", SEPG_DB_VIEW__GETATTR

            },

            {

                "setattr", SEPG_DB_VIEW__SETATTR

            },

            {

                "relabelfrom", SEPG_DB_VIEW__RELABELFROM

            },

            {

                "relabelto", SEPG_DB_VIEW__RELABELTO

            },

            {

                "expand", SEPG_DB_VIEW__EXPAND

            },

            {

                NULL, 0UL

            },

        }

    },

};


/*

 * sepgsql_mode

 *

 * SEPGSQL_MODE_DISABLED: Disabled on runtime

 * SEPGSQL_MODE_DEFAULT: Same as system settings

 * SEPGSQL_MODE_PERMISSIVE: Always permissive mode

 * SEPGSQL_MODE_INTERNAL: Same as permissive, except for no audit logs

 */

static int  sepgsql_mode = SEPGSQL_MODE_INTERNAL;


/*

 * sepgsql_is_enabled

 */

bool

sepgsql_is_enabled(void)

{

    return (sepgsql_mode != SEPGSQL_MODE_DISABLED);

}


/*

 * sepgsql_get_mode

 */

int

sepgsql_get_mode(void)

{

    return sepgsql_mode;

}


/*

 * sepgsql_set_mode

 */

int

sepgsql_set_mode(int new_mode)

{

    int         old_mode = sepgsql_mode;


    sepgsql_mode = new_mode;


    return old_mode;

}


/*

 * sepgsql_getenforce

 *

 * It returns whether the current working mode tries to enforce access

 * control decision, or not. It shall be enforced when sepgsql_mode is

 * SEPGSQL_MODE_DEFAULT and system is running in enforcing mode.

 */

bool

sepgsql_getenforce(void)

{

    if (sepgsql_mode == SEPGSQL_MODE_DEFAULT &&

        selinux_status_getenforce() > 0)

        return true;


    return false;

}


/*

 * sepgsql_audit_log

 *

 * It generates a security audit record. It writes out audit records

 * into standard PG's logfile.

 *

 * SELinux can control what should be audited and should not using

 * "auditdeny" and "auditallow" rules in the security policy. In the

 * default, all the access violations are audited, and all the access

 * allowed are not audited. But we can set up the security policy, so

 * we can have exceptions. So, it is necessary to follow the suggestion

 * come from the security policy. (av_decision.auditallow and auditdeny)

 *

 * Security audit is an important feature, because it enables us to check

 * what was happen if we have a security incident. In fact, ISO/IEC15408

 * defines several security functionalities for audit features.

 */

void

sepgsql_audit_log(bool denied,

                  bool enforcing,

                  const char *scontext,

                  const char *tcontext,

                  uint16 tclass,

                  uint32 audited,

                  const char *audit_name)

{

    StringInfoData buf;

    const char *class_name;

    const char *av_name;

    int         i;


    /* lookup name of the object class */

    Assert(tclass < SEPG_CLASS_MAX);

    class_name = selinux_catalog[tclass].class_name;


    /* lookup name of the permissions */

    initStringInfo(&buf);

    appendStringInfo(&buf, "%s {",

                     (denied ? "denied" : "allowed"));

    for (i = 0; selinux_catalog[tclass].av[i].av_name; i++)

    {

        if (audited & (1UL << i))

        {

            av_name = selinux_catalog[tclass].av[i].av_name;

            appendStringInfo(&buf, " %s", av_name);

        }

    }

    appendStringInfoString(&buf, " }");


    /*

     * Call external audit module, if loaded

     */

    appendStringInfo(&buf, " scontext=%s tcontext=%s tclass=%s",

                     scontext, tcontext, class_name);

    if (audit_name)

        appendStringInfo(&buf, " name=\"%s\"", audit_name);


    if (enforcing)

        appendStringInfoString(&buf, " permissive=0");

    else

        appendStringInfoString(&buf, " permissive=1");


    ereport(LOG, (errmsg("SELinux: %s", buf.data)));

}


/*

 * sepgsql_compute_avd

 *

 * It actually asks SELinux what permissions are allowed on a pair of

 * the security contexts and object class. It also returns what permissions

 * should be audited on access violation or allowed.

 * In most cases, subject's security context (scontext) is a client, and

 * target security context (tcontext) is a database object.

 *

 * The access control decision shall be set on the given av_decision.

 * The av_decision.allowed has a bitmask of SEPG_<class>__<perms>

 * to suggest a set of allowed actions in this object class.

 */

void

sepgsql_compute_avd(const char *scontext,

                    const char *tcontext,

                    uint16 tclass,

                    struct av_decision *avd)

{

    const char *tclass_name;

    security_class_t tclass_ex;

    struct av_decision avd_ex;

    int         i,

                deny_unknown = security_deny_unknown();


    /* Get external code of the object class */

    Assert(tclass < SEPG_CLASS_MAX);

    Assert(tclass == selinux_catalog[tclass].class_code);


    tclass_name = selinux_catalog[tclass].class_name;

    tclass_ex = string_to_security_class(tclass_name);


    if (tclass_ex == 0)

    {

        /*

         * If the current security policy does not support permissions

         * corresponding to database objects, we fill up them with dummy data.

         * If security_deny_unknown() returns positive value, undefined

         * permissions should be denied. Otherwise, allowed

         */

        avd->allowed = (security_deny_unknown() > 0 ? 0 : ~0);

        avd->auditallow = 0U;

        avd->auditdeny = ~0U;

        avd->flags = 0;


        return;

    }


    /*

     * Ask SELinux what is allowed set of permissions on a pair of the

     * security contexts and the given object class.

     */

    if (security_compute_av_flags_raw(scontext,

                                      tcontext,

                                      tclass_ex, 0, &avd_ex) < 0)

        ereport(ERROR,

                (errcode(ERRCODE_INTERNAL_ERROR),

                 errmsg("SELinux could not compute av_decision: "

                        "scontext=%s tcontext=%s tclass=%s: %m",

                        scontext, tcontext, tclass_name)));


    /*

     * SELinux returns its access control decision as a set of permissions

     * represented in external code which depends on run-time environment. So,

     * we need to translate it to the internal representation before returning

     * results for the caller.

     */

    memset(avd, 0, sizeof(struct av_decision));


    for (i = 0; selinux_catalog[tclass].av[i].av_name; i++)

    {

        access_vector_t av_code_ex;

        const char *av_name = selinux_catalog[tclass].av[i].av_name;

        uint32      av_code = selinux_catalog[tclass].av[i].av_code;


        av_code_ex = string_to_av_perm(tclass_ex, av_name);

        if (av_code_ex == 0)

        {

            /* fill up undefined permissions */

            if (!deny_unknown)

                avd->allowed |= av_code;

            avd->auditdeny |= av_code;


            continue;

        }


        if (avd_ex.allowed & av_code_ex)

            avd->allowed |= av_code;

        if (avd_ex.auditallow & av_code_ex)

            avd->auditallow |= av_code;

        if (avd_ex.auditdeny & av_code_ex)

            avd->auditdeny |= av_code;

    }

}


/*

 * sepgsql_compute_create

 *

 * It returns a default security context to be assigned on a new database

 * object. SELinux compute it based on a combination of client, upper object

 * which owns the new object and object class.

 *

 * For example, when a client (staff_u:staff_r:staff_t:s0) tries to create

 * a new table within a schema (system_u:object_r:sepgsql_schema_t:s0),

 * SELinux looks-up its security policy. If it has a special rule on the

 * combination of these security contexts and object class (db_table),

 * it returns the security context suggested by the special rule.

 * Otherwise, it returns the security context of schema, as is.

 *

 * We expect the caller already applies sanity/validation checks on the

 * given security context.

 *

 * scontext: security context of the subject (mostly, peer process).

 * tcontext: security context of the upper database object.

 * tclass: class code (SEPG_CLASS_*) of the new object in creation

 */

char *

sepgsql_compute_create(const char *scontext,

                       const char *tcontext,

                       uint16 tclass,

                       const char *objname)

{

    char       *ncontext;

    security_class_t tclass_ex;

    const char *tclass_name;

    char       *result;


    /* Get external code of the object class */

    Assert(tclass < SEPG_CLASS_MAX);


    tclass_name = selinux_catalog[tclass].class_name;

    tclass_ex = string_to_security_class(tclass_name);


    /*

     * Ask SELinux what is the default context for the given object class on a

     * pair of security contexts

     */

    if (security_compute_create_name_raw(scontext,

                                         tcontext,

                                         tclass_ex,

                                         objname,

                                         &ncontext) < 0)

        ereport(ERROR,

                (errcode(ERRCODE_INTERNAL_ERROR),

                 errmsg("SELinux could not compute a new context: "

                        "scontext=%s tcontext=%s tclass=%s: %m",

                        scontext, tcontext, tclass_name)));


    /*

     * libselinux returns malloc()'ed string, so we need to copy it on the

     * palloc()'ed region.

     */

    PG_TRY();

    {

        result = pstrdup(ncontext);

    }

    PG_FINALLY();

    {

        freecon(ncontext);

    }

    PG_END_TRY();


    return result;

}

uint16
uint16_t uint16
Definition: c.h:501

uint32
uint32_t uint32
Definition: c.h:502

errcode
int errcode(int sqlerrcode)
Definition: elog.c:854

errmsg
int errmsg(const char *fmt,...)
Definition: elog.c:1071

LOG
#define LOG
Definition: elog.h:31

PG_TRY
#define PG_TRY(...)
Definition: elog.h:371

PG_END_TRY
#define PG_END_TRY(...)
Definition: elog.h:396

ERROR
#define ERROR
Definition: elog.h:39

PG_FINALLY
#define PG_FINALLY(...)
Definition: elog.h:388

ereport
#define ereport(elevel,...)
Definition: elog.h:149

Assert
Assert(PointerIsAligned(start, uint64))

i
int i
Definition: isn.c:77

pstrdup
char * pstrdup(const char *in)
Definition: mcxt.c:1703

buf
static char * buf
Definition: pg_test_fsync.c:72

postgres.h

av
struct @10::@11 av[32]

sepgsql_compute_create
char * sepgsql_compute_create(const char *scontext, const char *tcontext, uint16 tclass, const char *objname)
Definition: selinux.c:842

sepgsql_get_mode
int sepgsql_get_mode(void)
Definition: selinux.c:625

sepgsql_compute_avd
void sepgsql_compute_avd(const char *scontext, const char *tcontext, uint16 tclass, struct av_decision *avd)
Definition: selinux.c:739

sepgsql_mode
static int sepgsql_mode
Definition: selinux.c:610

sepgsql_audit_log
void sepgsql_audit_log(bool denied, bool enforcing, const char *scontext, const char *tcontext, uint16 tclass, uint32 audited, const char *audit_name)
Definition: selinux.c:678

av_name
const char * av_name
Definition: selinux.c:36

class_code
uint16 class_code
Definition: selinux.c:33

class_name
const char * class_name
Definition: selinux.c:32

sepgsql_set_mode
int sepgsql_set_mode(int new_mode)
Definition: selinux.c:634

selinux_catalog
static struct @10 selinux_catalog[]

sepgsql_is_enabled
bool sepgsql_is_enabled(void)
Definition: selinux.c:616

av_code
uint32 av_code
Definition: selinux.c:37

sepgsql_getenforce
bool sepgsql_getenforce(void)
Definition: selinux.c:651

sepgsql.h

SEPG_DIR__RENAME
#define SEPG_DIR__RENAME
Definition: sepgsql.h:76

SEPG_DB_BLOB__WRITE
#define SEPG_DB_BLOB__WRITE
Definition: sepgsql.h:194

SEPG_DB_COLUMN__CREATE
#define SEPG_DB_COLUMN__CREATE
Definition: sepgsql.h:170

SEPG_DB_COLUMN__SETATTR
#define SEPG_DB_COLUMN__SETATTR
Definition: sepgsql.h:173

SEPG_DB_TABLE__GETATTR
#define SEPG_DB_TABLE__GETATTR
Definition: sepgsql.h:139

SEPG_SOCK_FILE__RENAME
#define SEPG_SOCK_FILE__RENAME
Definition: sepgsql.h:109

SEPGSQL_MODE_INTERNAL
#define SEPGSQL_MODE_INTERNAL
Definition: sepgsql.h:30

SEPG_FIFO_FILE__READ
#define SEPG_FIFO_FILE__READ
Definition: sepgsql.h:111

SEPG_DB_SCHEMA__DROP
#define SEPG_DB_SCHEMA__DROP
Definition: sepgsql.h:128

SEPG_CLASS_DB_SCHEMA
#define SEPG_CLASS_DB_SCHEMA
Definition: sepgsql.h:45

SEPG_DB_PROCEDURE__CREATE
#define SEPG_DB_PROCEDURE__CREATE
Definition: sepgsql.h:160

SEPG_DB_LANGUAGE__RELABELTO
#define SEPG_DB_LANGUAGE__RELABELTO
Definition: sepgsql.h:203

SEPG_CLASS_DB_TABLE
#define SEPG_CLASS_DB_TABLE
Definition: sepgsql.h:46

SEPG_FIFO_FILE__WRITE
#define SEPG_FIFO_FILE__WRITE
Definition: sepgsql.h:112

SEPG_DB_SCHEMA__SETATTR
#define SEPG_DB_SCHEMA__SETATTR
Definition: sepgsql.h:130

SEPG_DB_DATABASE__CREATE
#define SEPG_DB_DATABASE__CREATE
Definition: sepgsql.h:118

SEPG_DB_BLOB__EXPORT
#define SEPG_DB_BLOB__EXPORT
Definition: sepgsql.h:196

SEPG_DB_SCHEMA__CREATE
#define SEPG_DB_SCHEMA__CREATE
Definition: sepgsql.h:127

SEPG_BLK_FILE__CREATE
#define SEPG_BLK_FILE__CREATE
Definition: sepgsql.h:99

SEPG_CLASS_DB_DATABASE
#define SEPG_CLASS_DB_DATABASE
Definition: sepgsql.h:44

SEPG_DB_PROCEDURE__RELABELFROM
#define SEPG_DB_PROCEDURE__RELABELFROM
Definition: sepgsql.h:164

SEPG_DB_BLOB__READ
#define SEPG_DB_BLOB__READ
Definition: sepgsql.h:193

SEPG_DB_TABLE__CREATE
#define SEPG_DB_TABLE__CREATE
Definition: sepgsql.h:137

SEPG_DB_SEQUENCE__CREATE
#define SEPG_DB_SEQUENCE__CREATE
Definition: sepgsql.h:150

SEPG_DB_SCHEMA__REMOVE_NAME
#define SEPG_DB_SCHEMA__REMOVE_NAME
Definition: sepgsql.h:135

SEPG_DIR__SEARCH
#define SEPG_DIR__SEARCH
Definition: sepgsql.h:77

SEPG_DB_LANGUAGE__GETATTR
#define SEPG_DB_LANGUAGE__GETATTR
Definition: sepgsql.h:200

SEPG_DB_SEQUENCE__SETATTR
#define SEPG_DB_SEQUENCE__SETATTR
Definition: sepgsql.h:153

SEPG_DB_TABLE__DELETE
#define SEPG_DB_TABLE__DELETE
Definition: sepgsql.h:146

SEPG_CLASS_BLK_FILE
#define SEPG_CLASS_BLK_FILE
Definition: sepgsql.h:41

SEPG_DB_TABLE__LOCK
#define SEPG_DB_TABLE__LOCK
Definition: sepgsql.h:147

SEPG_CLASS_FIFO_FILE
#define SEPG_CLASS_FIFO_FILE
Definition: sepgsql.h:43

SEPG_CLASS_DIR
#define SEPG_CLASS_DIR
Definition: sepgsql.h:38

SEPG_DB_LANGUAGE__DROP
#define SEPG_DB_LANGUAGE__DROP
Definition: sepgsql.h:199

SEPG_DB_SEQUENCE__RELABELFROM
#define SEPG_DB_SEQUENCE__RELABELFROM
Definition: sepgsql.h:154

SEPG_CLASS_CHR_FILE
#define SEPG_CLASS_CHR_FILE
Definition: sepgsql.h:40

SEPG_CHR_FILE__READ
#define SEPG_CHR_FILE__READ
Definition: sepgsql.h:90

SEPG_DB_TABLE__SETATTR
#define SEPG_DB_TABLE__SETATTR
Definition: sepgsql.h:140

SEPG_DB_VIEW__RELABELTO
#define SEPG_DB_VIEW__RELABELTO
Definition: sepgsql.h:212

SEPG_DB_TABLE__TRUNCATE
#define SEPG_DB_TABLE__TRUNCATE
Definition: sepgsql.h:148

SEPG_FILE__UNLINK
#define SEPG_FILE__UNLINK
Definition: sepgsql.h:67

SEPG_DB_COLUMN__DROP
#define SEPG_DB_COLUMN__DROP
Definition: sepgsql.h:171

SEPG_DB_BLOB__SETATTR
#define SEPG_DB_BLOB__SETATTR
Definition: sepgsql.h:190

SEPG_DB_TABLE__RELABELFROM
#define SEPG_DB_TABLE__RELABELFROM
Definition: sepgsql.h:141

SEPG_DB_PROCEDURE__INSTALL
#define SEPG_DB_PROCEDURE__INSTALL
Definition: sepgsql.h:168

SEPG_CLASS_LNK_FILE
#define SEPG_CLASS_LNK_FILE
Definition: sepgsql.h:39

SEPG_CLASS_FILE
#define SEPG_CLASS_FILE
Definition: sepgsql.h:37

SEPG_FILE__CREATE
#define SEPG_FILE__CREATE
Definition: sepgsql.h:65

SEPG_LNK_FILE__CREATE
#define SEPG_LNK_FILE__CREATE
Definition: sepgsql.h:85

SEPG_CHR_FILE__WRITE
#define SEPG_CHR_FILE__WRITE
Definition: sepgsql.h:91

SEPG_DB_TUPLE__RELABELTO
#define SEPG_DB_TUPLE__RELABELTO
Definition: sepgsql.h:181

SEPG_DB_DATABASE__ACCESS
#define SEPG_DB_DATABASE__ACCESS
Definition: sepgsql.h:124

SEPG_FILE__RENAME
#define SEPG_FILE__RENAME
Definition: sepgsql.h:68

SEPG_FILE__READ
#define SEPG_FILE__READ
Definition: sepgsql.h:63

SEPG_CHR_FILE__UNLINK
#define SEPG_CHR_FILE__UNLINK
Definition: sepgsql.h:94

SEPG_CHR_FILE__CREATE
#define SEPG_CHR_FILE__CREATE
Definition: sepgsql.h:92

SEPG_DB_VIEW__CREATE
#define SEPG_DB_VIEW__CREATE
Definition: sepgsql.h:207

SEPG_DB_PROCEDURE__GETATTR
#define SEPG_DB_PROCEDURE__GETATTR
Definition: sepgsql.h:162

SEPG_DB_TABLE__INSERT
#define SEPG_DB_TABLE__INSERT
Definition: sepgsql.h:145

SEPG_CLASS_SOCK_FILE
#define SEPG_CLASS_SOCK_FILE
Definition: sepgsql.h:42

SEPG_SOCK_FILE__GETATTR
#define SEPG_SOCK_FILE__GETATTR
Definition: sepgsql.h:107

SEPG_FILE__APPEND
#define SEPG_FILE__APPEND
Definition: sepgsql.h:69

SEPG_DB_COLUMN__RELABELTO
#define SEPG_DB_COLUMN__RELABELTO
Definition: sepgsql.h:175

SEPG_BLK_FILE__UNLINK
#define SEPG_BLK_FILE__UNLINK
Definition: sepgsql.h:101

SEPG_DB_PROCEDURE__DROP
#define SEPG_DB_PROCEDURE__DROP
Definition: sepgsql.h:161

SEPG_DB_SCHEMA__ADD_NAME
#define SEPG_DB_SCHEMA__ADD_NAME
Definition: sepgsql.h:134

SEPG_DB_PROCEDURE__EXECUTE
#define SEPG_DB_PROCEDURE__EXECUTE
Definition: sepgsql.h:166

SEPG_DB_SEQUENCE__RELABELTO
#define SEPG_DB_SEQUENCE__RELABELTO
Definition: sepgsql.h:155

SEPG_BLK_FILE__RENAME
#define SEPG_BLK_FILE__RENAME
Definition: sepgsql.h:102

SEPG_BLK_FILE__WRITE
#define SEPG_BLK_FILE__WRITE
Definition: sepgsql.h:98

SEPG_DB_LANGUAGE__RELABELFROM
#define SEPG_DB_LANGUAGE__RELABELFROM
Definition: sepgsql.h:202

SEPG_DB_LANGUAGE__EXECUTE
#define SEPG_DB_LANGUAGE__EXECUTE
Definition: sepgsql.h:205

SEPG_DB_SEQUENCE__GETATTR
#define SEPG_DB_SEQUENCE__GETATTR
Definition: sepgsql.h:152

SEPG_DB_DATABASE__SETATTR
#define SEPG_DB_DATABASE__SETATTR
Definition: sepgsql.h:121

SEPG_DB_BLOB__IMPORT
#define SEPG_DB_BLOB__IMPORT
Definition: sepgsql.h:195

SEPG_FILE__GETATTR
#define SEPG_FILE__GETATTR
Definition: sepgsql.h:66

SEPG_DB_VIEW__RELABELFROM
#define SEPG_DB_VIEW__RELABELFROM
Definition: sepgsql.h:211

SEPG_DIR__ADD_NAME
#define SEPG_DIR__ADD_NAME
Definition: sepgsql.h:78

SEPG_PROCESS__SETCURRENT
#define SEPG_PROCESS__SETCURRENT
Definition: sepgsql.h:61

SEPG_DB_TABLE__RELABELTO
#define SEPG_DB_TABLE__RELABELTO
Definition: sepgsql.h:142

SEPG_DIR__WRITE
#define SEPG_DIR__WRITE
Definition: sepgsql.h:72

SEPG_DB_LANGUAGE__IMPLEMENT
#define SEPG_DB_LANGUAGE__IMPLEMENT
Definition: sepgsql.h:204

SEPG_DB_TUPLE__SELECT
#define SEPG_DB_TUPLE__SELECT
Definition: sepgsql.h:182

SEPG_FILE__WRITE
#define SEPG_FILE__WRITE
Definition: sepgsql.h:64

SEPG_DB_TUPLE__INSERT
#define SEPG_DB_TUPLE__INSERT
Definition: sepgsql.h:184

SEPG_CLASS_MAX
#define SEPG_CLASS_MAX
Definition: sepgsql.h:54

SEPG_DB_TABLE__UPDATE
#define SEPG_DB_TABLE__UPDATE
Definition: sepgsql.h:144

SEPG_LNK_FILE__WRITE
#define SEPG_LNK_FILE__WRITE
Definition: sepgsql.h:84

SEPG_CHR_FILE__GETATTR
#define SEPG_CHR_FILE__GETATTR
Definition: sepgsql.h:93

SEPG_DB_BLOB__RELABELTO
#define SEPG_DB_BLOB__RELABELTO
Definition: sepgsql.h:192

SEPG_DB_VIEW__EXPAND
#define SEPG_DB_VIEW__EXPAND
Definition: sepgsql.h:213

SEPG_PROCESS__TRANSITION
#define SEPG_PROCESS__TRANSITION
Definition: sepgsql.h:59

SEPG_DB_SEQUENCE__NEXT_VALUE
#define SEPG_DB_SEQUENCE__NEXT_VALUE
Definition: sepgsql.h:157

SEPG_DB_BLOB__GETATTR
#define SEPG_DB_BLOB__GETATTR
Definition: sepgsql.h:189

SEPG_DB_COLUMN__RELABELFROM
#define SEPG_DB_COLUMN__RELABELFROM
Definition: sepgsql.h:174

SEPG_DB_PROCEDURE__RELABELTO
#define SEPG_DB_PROCEDURE__RELABELTO
Definition: sepgsql.h:165

SEPG_DB_COLUMN__GETATTR
#define SEPG_DB_COLUMN__GETATTR
Definition: sepgsql.h:172

SEPG_DB_DATABASE__RELABELTO
#define SEPG_DB_DATABASE__RELABELTO
Definition: sepgsql.h:123

SEPG_DB_TUPLE__UPDATE
#define SEPG_DB_TUPLE__UPDATE
Definition: sepgsql.h:183

SEPG_CLASS_DB_COLUMN
#define SEPG_CLASS_DB_COLUMN
Definition: sepgsql.h:49

SEPG_DB_BLOB__CREATE
#define SEPG_DB_BLOB__CREATE
Definition: sepgsql.h:187

SEPG_DIR__RMDIR
#define SEPG_DIR__RMDIR
Definition: sepgsql.h:80

SEPG_SOCK_FILE__READ
#define SEPG_SOCK_FILE__READ
Definition: sepgsql.h:104

SEPG_DB_SCHEMA__RELABELFROM
#define SEPG_DB_SCHEMA__RELABELFROM
Definition: sepgsql.h:131

SEPG_PROCESS__DYNTRANSITION
#define SEPG_PROCESS__DYNTRANSITION
Definition: sepgsql.h:60

SEPG_DB_TUPLE__RELABELFROM
#define SEPG_DB_TUPLE__RELABELFROM
Definition: sepgsql.h:180

SEPG_DB_PROCEDURE__ENTRYPOINT
#define SEPG_DB_PROCEDURE__ENTRYPOINT
Definition: sepgsql.h:167

SEPG_DIR__READ
#define SEPG_DIR__READ
Definition: sepgsql.h:71

SEPG_DB_PROCEDURE__SETATTR
#define SEPG_DB_PROCEDURE__SETATTR
Definition: sepgsql.h:163

SEPG_DIR__UNLINK
#define SEPG_DIR__UNLINK
Definition: sepgsql.h:75

SEPG_DB_LANGUAGE__CREATE
#define SEPG_DB_LANGUAGE__CREATE
Definition: sepgsql.h:198

SEPG_SOCK_FILE__WRITE
#define SEPG_SOCK_FILE__WRITE
Definition: sepgsql.h:105

SEPG_LNK_FILE__UNLINK
#define SEPG_LNK_FILE__UNLINK
Definition: sepgsql.h:87

SEPG_BLK_FILE__GETATTR
#define SEPG_BLK_FILE__GETATTR
Definition: sepgsql.h:100

SEPG_DB_TUPLE__DELETE
#define SEPG_DB_TUPLE__DELETE
Definition: sepgsql.h:185

SEPG_CLASS_DB_LANGUAGE
#define SEPG_CLASS_DB_LANGUAGE
Definition: sepgsql.h:52

SEPG_LNK_FILE__READ
#define SEPG_LNK_FILE__READ
Definition: sepgsql.h:83

SEPG_DB_DATABASE__DROP
#define SEPG_DB_DATABASE__DROP
Definition: sepgsql.h:119

SEPG_LNK_FILE__RENAME
#define SEPG_LNK_FILE__RENAME
Definition: sepgsql.h:88

SEPG_DIR__GETATTR
#define SEPG_DIR__GETATTR
Definition: sepgsql.h:74

SEPG_DB_DATABASE__GETATTR
#define SEPG_DB_DATABASE__GETATTR
Definition: sepgsql.h:120

SEPG_DIR__REMOVE_NAME
#define SEPG_DIR__REMOVE_NAME
Definition: sepgsql.h:79

SEPG_DB_DATABASE__LOAD_MODULE
#define SEPG_DB_DATABASE__LOAD_MODULE
Definition: sepgsql.h:125

SEPG_CLASS_DB_PROCEDURE
#define SEPG_CLASS_DB_PROCEDURE
Definition: sepgsql.h:48

SEPG_DB_TABLE__DROP
#define SEPG_DB_TABLE__DROP
Definition: sepgsql.h:138

SEPG_DB_SCHEMA__GETATTR
#define SEPG_DB_SCHEMA__GETATTR
Definition: sepgsql.h:129

SEPG_LNK_FILE__GETATTR
#define SEPG_LNK_FILE__GETATTR
Definition: sepgsql.h:86

SEPG_DB_VIEW__GETATTR
#define SEPG_DB_VIEW__GETATTR
Definition: sepgsql.h:209

SEPG_DB_COLUMN__INSERT
#define SEPG_DB_COLUMN__INSERT
Definition: sepgsql.h:178

SEPG_DIR__REPARENT
#define SEPG_DIR__REPARENT
Definition: sepgsql.h:81

SEPG_DB_SCHEMA__SEARCH
#define SEPG_DB_SCHEMA__SEARCH
Definition: sepgsql.h:133

SEPG_SOCK_FILE__CREATE
#define SEPG_SOCK_FILE__CREATE
Definition: sepgsql.h:106

SEPG_DB_COLUMN__SELECT
#define SEPG_DB_COLUMN__SELECT
Definition: sepgsql.h:176

SEPG_DB_TABLE__SELECT
#define SEPG_DB_TABLE__SELECT
Definition: sepgsql.h:143

SEPG_DB_COLUMN__UPDATE
#define SEPG_DB_COLUMN__UPDATE
Definition: sepgsql.h:177

SEPG_CHR_FILE__RENAME
#define SEPG_CHR_FILE__RENAME
Definition: sepgsql.h:95

SEPG_DB_VIEW__SETATTR
#define SEPG_DB_VIEW__SETATTR
Definition: sepgsql.h:210

SEPG_FIFO_FILE__CREATE
#define SEPG_FIFO_FILE__CREATE
Definition: sepgsql.h:113

SEPG_DB_BLOB__RELABELFROM
#define SEPG_DB_BLOB__RELABELFROM
Definition: sepgsql.h:191

SEPG_FIFO_FILE__GETATTR
#define SEPG_FIFO_FILE__GETATTR
Definition: sepgsql.h:114

SEPG_DIR__CREATE
#define SEPG_DIR__CREATE
Definition: sepgsql.h:73

SEPGSQL_MODE_DEFAULT
#define SEPGSQL_MODE_DEFAULT
Definition: sepgsql.h:28

SEPG_DB_LANGUAGE__SETATTR
#define SEPG_DB_LANGUAGE__SETATTR
Definition: sepgsql.h:201

SEPG_DB_SCHEMA__RELABELTO
#define SEPG_DB_SCHEMA__RELABELTO
Definition: sepgsql.h:132

SEPG_DB_SEQUENCE__SET_VALUE
#define SEPG_DB_SEQUENCE__SET_VALUE
Definition: sepgsql.h:158

SEPG_CLASS_PROCESS
#define SEPG_CLASS_PROCESS
Definition: sepgsql.h:36

SEPG_CLASS_DB_VIEW
#define SEPG_CLASS_DB_VIEW
Definition: sepgsql.h:53

SEPG_DB_BLOB__DROP
#define SEPG_DB_BLOB__DROP
Definition: sepgsql.h:188

SEPG_CLASS_DB_SEQUENCE
#define SEPG_CLASS_DB_SEQUENCE
Definition: sepgsql.h:47

SEPG_BLK_FILE__READ
#define SEPG_BLK_FILE__READ
Definition: sepgsql.h:97

SEPG_CLASS_DB_TUPLE
#define SEPG_CLASS_DB_TUPLE
Definition: sepgsql.h:50

SEPG_DB_SEQUENCE__DROP
#define SEPG_DB_SEQUENCE__DROP
Definition: sepgsql.h:151

SEPGSQL_MODE_DISABLED
#define SEPGSQL_MODE_DISABLED
Definition: sepgsql.h:31

SEPG_DB_DATABASE__RELABELFROM
#define SEPG_DB_DATABASE__RELABELFROM
Definition: sepgsql.h:122

SEPG_CLASS_DB_BLOB
#define SEPG_CLASS_DB_BLOB
Definition: sepgsql.h:51

SEPG_FIFO_FILE__UNLINK
#define SEPG_FIFO_FILE__UNLINK
Definition: sepgsql.h:115

SEPG_DB_VIEW__DROP
#define SEPG_DB_VIEW__DROP
Definition: sepgsql.h:208

SEPG_DB_SEQUENCE__GET_VALUE
#define SEPG_DB_SEQUENCE__GET_VALUE
Definition: sepgsql.h:156

SEPG_SOCK_FILE__UNLINK
#define SEPG_SOCK_FILE__UNLINK
Definition: sepgsql.h:108

SEPG_FIFO_FILE__RENAME
#define SEPG_FIFO_FILE__RENAME
Definition: sepgsql.h:116

appendStringInfo
void appendStringInfo(StringInfo str, const char *fmt,...)
Definition: stringinfo.c:145

appendStringInfoString
void appendStringInfoString(StringInfo str, const char *s)
Definition: stringinfo.c:230

initStringInfo
void initStringInfo(StringInfo str)
Definition: stringinfo.c:97

stringinfo.h

StringInfoData
Definition: stringinfo.h:47