654 selinux_status_getenforce() > 0)
679 const char *scontext,
680 const char *tcontext,
683 const char *audit_name)
697 (denied ?
"denied" :
"allowed"));
700 if (audited & (1UL << i))
712 scontext, tcontext, class_name);
734 const char *tcontext,
736 struct av_decision *avd)
738 const char *tclass_name;
739 security_class_t tclass_ex;
740 struct av_decision avd_ex;
742 deny_unknown = security_deny_unknown();
749 tclass_ex = string_to_security_class(tclass_name);
759 avd->allowed = (security_deny_unknown() > 0 ? 0 : ~0);
760 avd->auditallow = 0U;
761 avd->auditdeny = ~0U;
771 if (security_compute_av_flags_raw(scontext,
773 tclass_ex, 0, &avd_ex) < 0)
775 (
errcode(ERRCODE_INTERNAL_ERROR),
776 errmsg(
"SELinux could not compute av_decision: " 777 "scontext=%s tcontext=%s tclass=%s: %m",
778 scontext, tcontext, tclass_name)));
786 memset(avd, 0,
sizeof(
struct av_decision));
790 access_vector_t av_code_ex;
794 av_code_ex = string_to_av_perm(tclass_ex, av_name);
805 if (avd_ex.allowed & av_code_ex)
807 if (avd_ex.auditallow & av_code_ex)
809 if (avd_ex.auditdeny & av_code_ex)
837 const char *tcontext,
842 security_class_t tclass_ex;
843 const char *tclass_name;
850 tclass_ex = string_to_security_class(tclass_name);
856 if (security_compute_create_name_raw(scontext,
862 (
errcode(ERRCODE_INTERNAL_ERROR),
863 errmsg(
"SELinux could not compute a new context: " 864 "scontext=%s tcontext=%s tclass=%s: %m",
865 scontext, tcontext, tclass_name)));
900 const char *tcontext,
903 const char *audit_name,
904 bool abort_on_violation)
906 struct av_decision avd;
913 denied = required & ~avd.allowed;
916 audited = (denied ? denied :
required);
918 audited = (denied ? (denied & avd.auditdeny)
919 : (required & avd.auditallow));
923 (avd.flags & SELINUX_AVD_FLAGS_PERMISSIVE) == 0)
940 if (!result && abort_on_violation)
942 (
errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
943 errmsg(
"SELinux: security policy violation")));
#define SEPG_DB_PROCEDURE__GETATTR
#define SEPG_DB_PROCEDURE__DROP
#define SEPG_LNK_FILE__RENAME
#define SEPGSQL_MODE_INTERNAL
#define SEPG_DB_SCHEMA__DROP
#define SEPG_DB_PROCEDURE__EXECUTE
#define SEPG_CHR_FILE__UNLINK
#define SEPG_BLK_FILE__GETATTR
#define SEPG_DB_VIEW__EXPAND
#define SEPG_CLASS_DB_TUPLE
#define SEPG_BLK_FILE__RENAME
#define SEPG_DB_TUPLE__INSERT
#define SEPG_CHR_FILE__GETATTR
#define SEPG_CLASS_DB_COLUMN
#define SEPG_LNK_FILE__UNLINK
#define SEPG_CLASS_SOCK_FILE
#define SEPG_DB_COLUMN__SETATTR
#define SEPG_DIR__REPARENT
#define SEPG_DIR__ADD_NAME
#define SEPG_PROCESS__DYNTRANSITION
#define SEPG_SOCK_FILE__UNLINK
#define SEPG_DB_COLUMN__RELABELTO
#define SEPG_FILE__CREATE
#define SEPG_DB_TABLE__TRUNCATE
#define SEPG_DB_LANGUAGE__CREATE
char * pstrdup(const char *in)
#define SEPG_DB_VIEW__RELABELTO
void sepgsql_compute_avd(const char *scontext, const char *tcontext, uint16 tclass, struct av_decision *avd)
#define SEPG_DB_VIEW__SETATTR
#define SEPG_DB_TUPLE__RELABELFROM
static struct @11 selinux_catalog[]
#define SEPG_DB_LANGUAGE__RELABELTO
#define SEPG_DB_TABLE__DELETE
#define SEPG_DB_SEQUENCE__GETATTR
#define SEPG_SOCK_FILE__GETATTR
#define SEPG_LNK_FILE__READ
int errcode(int sqlerrcode)
#define SEPG_SOCK_FILE__CREATE
bool sepgsql_getenforce(void)
#define SEPG_CHR_FILE__WRITE
#define SEPGSQL_MODE_DISABLED
#define SEPG_DB_COLUMN__INSERT
#define SEPG_SOCK_FILE__READ
#define SEPG_DB_SCHEMA__GETATTR
#define SEPG_LNK_FILE__CREATE
#define SEPG_CLASS_DB_SCHEMA
#define SEPG_DB_DATABASE__RELABELFROM
#define SEPG_PROCESS__TRANSITION
#define SEPG_CLASS_FIFO_FILE
#define SEPG_CLASS_BLK_FILE
#define SEPG_DB_BLOB__CREATE
#define SEPG_DB_COLUMN__RELABELFROM
#define SEPG_BLK_FILE__UNLINK
#define SEPG_DB_TUPLE__DELETE
#define SEPG_DB_SEQUENCE__SETATTR
#define SEPG_CLASS_DB_DATABASE
#define SEPG_DB_COLUMN__GETATTR
#define SEPG_CLASS_CHR_FILE
#define SEPG_FILE__RENAME
#define SEPG_SOCK_FILE__RENAME
#define SEPG_DB_LANGUAGE__DROP
#define SEPG_DB_SCHEMA__RELABELFROM
#define SEPG_DB_SEQUENCE__RELABELFROM
#define SEPG_DB_TUPLE__SELECT
#define SEPG_DB_LANGUAGE__SETATTR
#define SEPG_DB_TABLE__SELECT
#define SEPG_CLASS_PROCESS
#define SEPG_DB_TABLE__SETATTR
#define SEPG_DB_BLOB__RELABELTO
int sepgsql_get_mode(void)
#define SEPG_DB_DATABASE__CREATE
void appendStringInfo(StringInfo str, const char *fmt,...)
#define SEPG_FIFO_FILE__WRITE
#define SEPG_CLASS_DB_SEQUENCE
#define SEPG_DB_PROCEDURE__CREATE
#define SEPG_DB_LANGUAGE__IMPLEMENT
#define SEPG_DB_BLOB__DROP
#define SEPG_DB_COLUMN__SELECT
#define SEPG_DB_SEQUENCE__GET_VALUE
void sepgsql_audit_log(bool denied, const char *scontext, const char *tcontext, uint16 tclass, uint32 audited, const char *audit_name)
#define SEPG_DB_VIEW__CREATE
#define SEPG_LNK_FILE__WRITE
#define SEPG_FIFO_FILE__GETATTR
#define SEPG_DB_TABLE__UPDATE
int sepgsql_set_mode(int new_mode)
void appendStringInfoString(StringInfo str, const char *s)
#define SEPG_DB_PROCEDURE__RELABELFROM
bool sepgsql_get_debug_audit(void)
#define SEPG_DB_TABLE__INSERT
#define SEPG_DB_BLOB__GETATTR
#define SEPG_CLASS_DB_PROCEDURE
#define SEPG_BLK_FILE__READ
#define SEPG_DB_VIEW__GETATTR
#define SEPG_DB_TABLE__DROP
#define SEPG_DB_PROCEDURE__RELABELTO
#define SEPG_DB_SEQUENCE__RELABELTO
#define SEPG_DB_BLOB__WRITE
#define SEPG_DB_SEQUENCE__NEXT_VALUE
#define SEPG_DB_SEQUENCE__SET_VALUE
#define SEPG_DB_TABLE__RELABELTO
#define SEPG_DB_BLOB__RELABELFROM
#define SEPG_FIFO_FILE__UNLINK
#define SEPG_FIFO_FILE__CREATE
#define SEPG_DB_DATABASE__GETATTR
#define SEPG_DB_COLUMN__UPDATE
#define SEPG_DB_TUPLE__UPDATE
#define SEPG_CHR_FILE__RENAME
#define SEPG_DB_BLOB__EXPORT
void initStringInfo(StringInfo str)
#define SEPG_CLASS_DB_VIEW
#define SEPG_CHR_FILE__CREATE
#define SEPG_DB_SCHEMA__SEARCH
#define SEPG_DB_COLUMN__DROP
#define SEPG_FILE__UNLINK
#define SEPG_LNK_FILE__GETATTR
#define SEPG_DB_BLOB__READ
#define SEPG_DB_TABLE__RELABELFROM
#define SEPG_DB_SCHEMA__ADD_NAME
#define SEPG_DB_DATABASE__DROP
#define SEPG_DB_SCHEMA__SETATTR
bool sepgsql_check_perms(const char *scontext, const char *tcontext, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
#define ereport(elevel,...)
#define SEPGSQL_MODE_DEFAULT
#define SEPG_DB_COLUMN__CREATE
#define SEPG_CLASS_DB_TABLE
#define SEPG_DB_VIEW__RELABELFROM
#define SEPG_DB_PROCEDURE__ENTRYPOINT
bool sepgsql_is_enabled(void)
#define Assert(condition)
#define SEPG_DIR__REMOVE_NAME
#define SEPG_DB_DATABASE__SETATTR
#define SEPG_DB_SEQUENCE__CREATE
#define SEPG_DB_LANGUAGE__EXECUTE
#define SEPG_DB_TABLE__CREATE
#define SEPG_DB_SCHEMA__CREATE
#define SEPG_DB_TABLE__GETATTR
#define SEPG_DB_VIEW__DROP
#define SEPG_BLK_FILE__CREATE
#define SEPG_FIFO_FILE__RENAME
#define SEPG_DB_DATABASE__RELABELTO
#define SEPG_DIR__GETATTR
#define SEPG_PROCESS__SETCURRENT
#define SEPG_DB_DATABASE__ACCESS
char * sepgsql_compute_create(const char *scontext, const char *tcontext, uint16 tclass, const char *objname)
#define SEPG_DB_LANGUAGE__GETATTR
int errmsg(const char *fmt,...)
#define SEPG_DB_SEQUENCE__DROP
#define SEPG_FILE__GETATTR
#define SEPG_SOCK_FILE__WRITE
#define SEPG_CLASS_DB_BLOB
#define SEPG_DB_BLOB__SETATTR
#define SEPG_BLK_FILE__WRITE
#define SEPG_DB_LANGUAGE__RELABELFROM
#define SEPG_CLASS_DB_LANGUAGE
#define SEPG_CHR_FILE__READ
#define SEPG_DB_TUPLE__RELABELTO
#define SEPG_DB_DATABASE__LOAD_MODULE
#define SEPG_FIFO_FILE__READ
#define SEPG_DB_PROCEDURE__SETATTR
#define SEPG_DB_SCHEMA__RELABELTO
#define SEPG_DB_SCHEMA__REMOVE_NAME
#define SEPG_DB_TABLE__LOCK
#define SEPG_DB_PROCEDURE__INSTALL
#define SEPG_FILE__APPEND
#define SEPG_CLASS_LNK_FILE
#define SEPG_DB_BLOB__IMPORT