PostgreSQL Source Code  git master
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros
sepgsql.h File Reference
#include "catalog/objectaddress.h"
#include "fmgr.h"
#include <selinux/selinux.h>
#include <selinux/avc.h>
Include dependency graph for sepgsql.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Macros

#define SEPGSQL_LABEL_TAG   "selinux"
 
#define SEPGSQL_MODE_DEFAULT   1
 
#define SEPGSQL_MODE_PERMISSIVE   2
 
#define SEPGSQL_MODE_INTERNAL   3
 
#define SEPGSQL_MODE_DISABLED   4
 
#define SEPG_CLASS_PROCESS   0
 
#define SEPG_CLASS_FILE   1
 
#define SEPG_CLASS_DIR   2
 
#define SEPG_CLASS_LNK_FILE   3
 
#define SEPG_CLASS_CHR_FILE   4
 
#define SEPG_CLASS_BLK_FILE   5
 
#define SEPG_CLASS_SOCK_FILE   6
 
#define SEPG_CLASS_FIFO_FILE   7
 
#define SEPG_CLASS_DB_DATABASE   8
 
#define SEPG_CLASS_DB_SCHEMA   9
 
#define SEPG_CLASS_DB_TABLE   10
 
#define SEPG_CLASS_DB_SEQUENCE   11
 
#define SEPG_CLASS_DB_PROCEDURE   12
 
#define SEPG_CLASS_DB_COLUMN   13
 
#define SEPG_CLASS_DB_TUPLE   14
 
#define SEPG_CLASS_DB_BLOB   15
 
#define SEPG_CLASS_DB_LANGUAGE   16
 
#define SEPG_CLASS_DB_VIEW   17
 
#define SEPG_CLASS_MAX   18
 
#define SEPG_PROCESS__TRANSITION   (1<<0)
 
#define SEPG_PROCESS__DYNTRANSITION   (1<<1)
 
#define SEPG_PROCESS__SETCURRENT   (1<<2)
 
#define SEPG_FILE__READ   (1<<0)
 
#define SEPG_FILE__WRITE   (1<<1)
 
#define SEPG_FILE__CREATE   (1<<2)
 
#define SEPG_FILE__GETATTR   (1<<3)
 
#define SEPG_FILE__UNLINK   (1<<4)
 
#define SEPG_FILE__RENAME   (1<<5)
 
#define SEPG_FILE__APPEND   (1<<6)
 
#define SEPG_DIR__READ   (SEPG_FILE__READ)
 
#define SEPG_DIR__WRITE   (SEPG_FILE__WRITE)
 
#define SEPG_DIR__CREATE   (SEPG_FILE__CREATE)
 
#define SEPG_DIR__GETATTR   (SEPG_FILE__GETATTR)
 
#define SEPG_DIR__UNLINK   (SEPG_FILE__UNLINK)
 
#define SEPG_DIR__RENAME   (SEPG_FILE__RENAME)
 
#define SEPG_DIR__SEARCH   (1<<6)
 
#define SEPG_DIR__ADD_NAME   (1<<7)
 
#define SEPG_DIR__REMOVE_NAME   (1<<8)
 
#define SEPG_DIR__RMDIR   (1<<9)
 
#define SEPG_DIR__REPARENT   (1<<10)
 
#define SEPG_LNK_FILE__READ   (SEPG_FILE__READ)
 
#define SEPG_LNK_FILE__WRITE   (SEPG_FILE__WRITE)
 
#define SEPG_LNK_FILE__CREATE   (SEPG_FILE__CREATE)
 
#define SEPG_LNK_FILE__GETATTR   (SEPG_FILE__GETATTR)
 
#define SEPG_LNK_FILE__UNLINK   (SEPG_FILE__UNLINK)
 
#define SEPG_LNK_FILE__RENAME   (SEPG_FILE__RENAME)
 
#define SEPG_CHR_FILE__READ   (SEPG_FILE__READ)
 
#define SEPG_CHR_FILE__WRITE   (SEPG_FILE__WRITE)
 
#define SEPG_CHR_FILE__CREATE   (SEPG_FILE__CREATE)
 
#define SEPG_CHR_FILE__GETATTR   (SEPG_FILE__GETATTR)
 
#define SEPG_CHR_FILE__UNLINK   (SEPG_FILE__UNLINK)
 
#define SEPG_CHR_FILE__RENAME   (SEPG_FILE__RENAME)
 
#define SEPG_BLK_FILE__READ   (SEPG_FILE__READ)
 
#define SEPG_BLK_FILE__WRITE   (SEPG_FILE__WRITE)
 
#define SEPG_BLK_FILE__CREATE   (SEPG_FILE__CREATE)
 
#define SEPG_BLK_FILE__GETATTR   (SEPG_FILE__GETATTR)
 
#define SEPG_BLK_FILE__UNLINK   (SEPG_FILE__UNLINK)
 
#define SEPG_BLK_FILE__RENAME   (SEPG_FILE__RENAME)
 
#define SEPG_SOCK_FILE__READ   (SEPG_FILE__READ)
 
#define SEPG_SOCK_FILE__WRITE   (SEPG_FILE__WRITE)
 
#define SEPG_SOCK_FILE__CREATE   (SEPG_FILE__CREATE)
 
#define SEPG_SOCK_FILE__GETATTR   (SEPG_FILE__GETATTR)
 
#define SEPG_SOCK_FILE__UNLINK   (SEPG_FILE__UNLINK)
 
#define SEPG_SOCK_FILE__RENAME   (SEPG_FILE__RENAME)
 
#define SEPG_FIFO_FILE__READ   (SEPG_FILE__READ)
 
#define SEPG_FIFO_FILE__WRITE   (SEPG_FILE__WRITE)
 
#define SEPG_FIFO_FILE__CREATE   (SEPG_FILE__CREATE)
 
#define SEPG_FIFO_FILE__GETATTR   (SEPG_FILE__GETATTR)
 
#define SEPG_FIFO_FILE__UNLINK   (SEPG_FILE__UNLINK)
 
#define SEPG_FIFO_FILE__RENAME   (SEPG_FILE__RENAME)
 
#define SEPG_DB_DATABASE__CREATE   (1<<0)
 
#define SEPG_DB_DATABASE__DROP   (1<<1)
 
#define SEPG_DB_DATABASE__GETATTR   (1<<2)
 
#define SEPG_DB_DATABASE__SETATTR   (1<<3)
 
#define SEPG_DB_DATABASE__RELABELFROM   (1<<4)
 
#define SEPG_DB_DATABASE__RELABELTO   (1<<5)
 
#define SEPG_DB_DATABASE__ACCESS   (1<<6)
 
#define SEPG_DB_DATABASE__LOAD_MODULE   (1<<7)
 
#define SEPG_DB_SCHEMA__CREATE   (SEPG_DB_DATABASE__CREATE)
 
#define SEPG_DB_SCHEMA__DROP   (SEPG_DB_DATABASE__DROP)
 
#define SEPG_DB_SCHEMA__GETATTR   (SEPG_DB_DATABASE__GETATTR)
 
#define SEPG_DB_SCHEMA__SETATTR   (SEPG_DB_DATABASE__SETATTR)
 
#define SEPG_DB_SCHEMA__RELABELFROM   (SEPG_DB_DATABASE__RELABELFROM)
 
#define SEPG_DB_SCHEMA__RELABELTO   (SEPG_DB_DATABASE__RELABELTO)
 
#define SEPG_DB_SCHEMA__SEARCH   (1<<6)
 
#define SEPG_DB_SCHEMA__ADD_NAME   (1<<7)
 
#define SEPG_DB_SCHEMA__REMOVE_NAME   (1<<8)
 
#define SEPG_DB_TABLE__CREATE   (SEPG_DB_DATABASE__CREATE)
 
#define SEPG_DB_TABLE__DROP   (SEPG_DB_DATABASE__DROP)
 
#define SEPG_DB_TABLE__GETATTR   (SEPG_DB_DATABASE__GETATTR)
 
#define SEPG_DB_TABLE__SETATTR   (SEPG_DB_DATABASE__SETATTR)
 
#define SEPG_DB_TABLE__RELABELFROM   (SEPG_DB_DATABASE__RELABELFROM)
 
#define SEPG_DB_TABLE__RELABELTO   (SEPG_DB_DATABASE__RELABELTO)
 
#define SEPG_DB_TABLE__SELECT   (1<<6)
 
#define SEPG_DB_TABLE__UPDATE   (1<<7)
 
#define SEPG_DB_TABLE__INSERT   (1<<8)
 
#define SEPG_DB_TABLE__DELETE   (1<<9)
 
#define SEPG_DB_TABLE__LOCK   (1<<10)
 
#define SEPG_DB_SEQUENCE__CREATE   (SEPG_DB_DATABASE__CREATE)
 
#define SEPG_DB_SEQUENCE__DROP   (SEPG_DB_DATABASE__DROP)
 
#define SEPG_DB_SEQUENCE__GETATTR   (SEPG_DB_DATABASE__GETATTR)
 
#define SEPG_DB_SEQUENCE__SETATTR   (SEPG_DB_DATABASE__SETATTR)
 
#define SEPG_DB_SEQUENCE__RELABELFROM   (SEPG_DB_DATABASE__RELABELFROM)
 
#define SEPG_DB_SEQUENCE__RELABELTO   (SEPG_DB_DATABASE__RELABELTO)
 
#define SEPG_DB_SEQUENCE__GET_VALUE   (1<<6)
 
#define SEPG_DB_SEQUENCE__NEXT_VALUE   (1<<7)
 
#define SEPG_DB_SEQUENCE__SET_VALUE   (1<<8)
 
#define SEPG_DB_PROCEDURE__CREATE   (SEPG_DB_DATABASE__CREATE)
 
#define SEPG_DB_PROCEDURE__DROP   (SEPG_DB_DATABASE__DROP)
 
#define SEPG_DB_PROCEDURE__GETATTR   (SEPG_DB_DATABASE__GETATTR)
 
#define SEPG_DB_PROCEDURE__SETATTR   (SEPG_DB_DATABASE__SETATTR)
 
#define SEPG_DB_PROCEDURE__RELABELFROM   (SEPG_DB_DATABASE__RELABELFROM)
 
#define SEPG_DB_PROCEDURE__RELABELTO   (SEPG_DB_DATABASE__RELABELTO)
 
#define SEPG_DB_PROCEDURE__EXECUTE   (1<<6)
 
#define SEPG_DB_PROCEDURE__ENTRYPOINT   (1<<7)
 
#define SEPG_DB_PROCEDURE__INSTALL   (1<<8)
 
#define SEPG_DB_COLUMN__CREATE   (SEPG_DB_DATABASE__CREATE)
 
#define SEPG_DB_COLUMN__DROP   (SEPG_DB_DATABASE__DROP)
 
#define SEPG_DB_COLUMN__GETATTR   (SEPG_DB_DATABASE__GETATTR)
 
#define SEPG_DB_COLUMN__SETATTR   (SEPG_DB_DATABASE__SETATTR)
 
#define SEPG_DB_COLUMN__RELABELFROM   (SEPG_DB_DATABASE__RELABELFROM)
 
#define SEPG_DB_COLUMN__RELABELTO   (SEPG_DB_DATABASE__RELABELTO)
 
#define SEPG_DB_COLUMN__SELECT   (1<<6)
 
#define SEPG_DB_COLUMN__UPDATE   (1<<7)
 
#define SEPG_DB_COLUMN__INSERT   (1<<8)
 
#define SEPG_DB_TUPLE__RELABELFROM   (SEPG_DB_DATABASE__RELABELFROM)
 
#define SEPG_DB_TUPLE__RELABELTO   (SEPG_DB_DATABASE__RELABELTO)
 
#define SEPG_DB_TUPLE__SELECT   (SEPG_DB_DATABASE__GETATTR)
 
#define SEPG_DB_TUPLE__UPDATE   (SEPG_DB_DATABASE__SETATTR)
 
#define SEPG_DB_TUPLE__INSERT   (SEPG_DB_DATABASE__CREATE)
 
#define SEPG_DB_TUPLE__DELETE   (SEPG_DB_DATABASE__DROP)
 
#define SEPG_DB_BLOB__CREATE   (SEPG_DB_DATABASE__CREATE)
 
#define SEPG_DB_BLOB__DROP   (SEPG_DB_DATABASE__DROP)
 
#define SEPG_DB_BLOB__GETATTR   (SEPG_DB_DATABASE__GETATTR)
 
#define SEPG_DB_BLOB__SETATTR   (SEPG_DB_DATABASE__SETATTR)
 
#define SEPG_DB_BLOB__RELABELFROM   (SEPG_DB_DATABASE__RELABELFROM)
 
#define SEPG_DB_BLOB__RELABELTO   (SEPG_DB_DATABASE__RELABELTO)
 
#define SEPG_DB_BLOB__READ   (1<<6)
 
#define SEPG_DB_BLOB__WRITE   (1<<7)
 
#define SEPG_DB_BLOB__IMPORT   (1<<8)
 
#define SEPG_DB_BLOB__EXPORT   (1<<9)
 
#define SEPG_DB_LANGUAGE__CREATE   (SEPG_DB_DATABASE__CREATE)
 
#define SEPG_DB_LANGUAGE__DROP   (SEPG_DB_DATABASE__DROP)
 
#define SEPG_DB_LANGUAGE__GETATTR   (SEPG_DB_DATABASE__GETATTR)
 
#define SEPG_DB_LANGUAGE__SETATTR   (SEPG_DB_DATABASE__SETATTR)
 
#define SEPG_DB_LANGUAGE__RELABELFROM   (SEPG_DB_DATABASE__RELABELFROM)
 
#define SEPG_DB_LANGUAGE__RELABELTO   (SEPG_DB_DATABASE__RELABELTO)
 
#define SEPG_DB_LANGUAGE__IMPLEMENT   (1<<6)
 
#define SEPG_DB_LANGUAGE__EXECUTE   (1<<7)
 
#define SEPG_DB_VIEW__CREATE   (SEPG_DB_DATABASE__CREATE)
 
#define SEPG_DB_VIEW__DROP   (SEPG_DB_DATABASE__DROP)
 
#define SEPG_DB_VIEW__GETATTR   (SEPG_DB_DATABASE__GETATTR)
 
#define SEPG_DB_VIEW__SETATTR   (SEPG_DB_DATABASE__SETATTR)
 
#define SEPG_DB_VIEW__RELABELFROM   (SEPG_DB_DATABASE__RELABELFROM)
 
#define SEPG_DB_VIEW__RELABELTO   (SEPG_DB_DATABASE__RELABELTO)
 
#define SEPG_DB_VIEW__EXPAND   (1<<6)
 
#define SEPGSQL_AVC_NOAUDIT   ((void *)(-1))
 

Functions

bool sepgsql_get_permissive (void)
 
bool sepgsql_get_debug_audit (void)
 
bool sepgsql_is_enabled (void)
 
int sepgsql_get_mode (void)
 
int sepgsql_set_mode (int new_mode)
 
bool sepgsql_getenforce (void)
 
void sepgsql_audit_log (bool denied, const char *scontext, const char *tcontext, uint16 tclass, uint32 audited, const char *audit_name)
 
void sepgsql_compute_avd (const char *scontext, const char *tcontext, uint16 tclass, struct av_decision *avd)
 
char * sepgsql_compute_create (const char *scontext, const char *tcontext, uint16 tclass, const char *objname)
 
bool sepgsql_check_perms (const char *scontext, const char *tcontext, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
 
bool sepgsql_avc_check_perms_label (const char *tcontext, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
 
bool sepgsql_avc_check_perms (const ObjectAddress *tobject, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
 
char * sepgsql_avc_trusted_proc (Oid functionId)
 
void sepgsql_avc_init (void)
 
char * sepgsql_get_client_label (void)
 
void sepgsql_init_client_label (void)
 
char * sepgsql_get_label (Oid relOid, Oid objOid, int32 subId)
 
void sepgsql_object_relabel (const ObjectAddress *object, const char *seclabel)
 
bool sepgsql_dml_privileges (List *rangeTabls, bool abort_on_violation)
 
void sepgsql_database_post_create (Oid databaseId, const char *dtemplate)
 
void sepgsql_database_drop (Oid databaseId)
 
void sepgsql_database_relabel (Oid databaseId, const char *seclabel)
 
void sepgsql_database_setattr (Oid databaseId)
 
void sepgsql_schema_post_create (Oid namespaceId)
 
void sepgsql_schema_drop (Oid namespaceId)
 
void sepgsql_schema_relabel (Oid namespaceId, const char *seclabel)
 
void sepgsql_schema_setattr (Oid namespaceId)
 
bool sepgsql_schema_search (Oid namespaceId, bool abort_on_violation)
 
void sepgsql_schema_add_name (Oid namespaceId)
 
void sepgsql_schema_remove_name (Oid namespaceId)
 
void sepgsql_schema_rename (Oid namespaceId)
 
void sepgsql_attribute_post_create (Oid relOid, AttrNumber attnum)
 
void sepgsql_attribute_drop (Oid relOid, AttrNumber attnum)
 
void sepgsql_attribute_relabel (Oid relOid, AttrNumber attnum, const char *seclabel)
 
void sepgsql_attribute_setattr (Oid relOid, AttrNumber attnum)
 
void sepgsql_relation_post_create (Oid relOid)
 
void sepgsql_relation_drop (Oid relOid)
 
void sepgsql_relation_relabel (Oid relOid, const char *seclabel)
 
void sepgsql_relation_setattr (Oid relOid)
 
void sepgsql_proc_post_create (Oid functionId)
 
void sepgsql_proc_drop (Oid functionId)
 
void sepgsql_proc_relabel (Oid functionId, const char *seclabel)
 
void sepgsql_proc_setattr (Oid functionId)
 
void sepgsql_proc_execute (Oid functionId)
 

Macro Definition Documentation

#define SEPG_BLK_FILE__CREATE   (SEPG_FILE__CREATE)

Definition at line 99 of file sepgsql.h.

#define SEPG_BLK_FILE__GETATTR   (SEPG_FILE__GETATTR)

Definition at line 100 of file sepgsql.h.

#define SEPG_BLK_FILE__READ   (SEPG_FILE__READ)

Definition at line 97 of file sepgsql.h.

#define SEPG_BLK_FILE__RENAME   (SEPG_FILE__RENAME)

Definition at line 102 of file sepgsql.h.

#define SEPG_BLK_FILE__UNLINK   (SEPG_FILE__UNLINK)

Definition at line 101 of file sepgsql.h.

#define SEPG_BLK_FILE__WRITE   (SEPG_FILE__WRITE)

Definition at line 98 of file sepgsql.h.

#define SEPG_CHR_FILE__CREATE   (SEPG_FILE__CREATE)

Definition at line 92 of file sepgsql.h.

#define SEPG_CHR_FILE__GETATTR   (SEPG_FILE__GETATTR)

Definition at line 93 of file sepgsql.h.

#define SEPG_CHR_FILE__READ   (SEPG_FILE__READ)

Definition at line 90 of file sepgsql.h.

#define SEPG_CHR_FILE__RENAME   (SEPG_FILE__RENAME)

Definition at line 95 of file sepgsql.h.

#define SEPG_CHR_FILE__UNLINK   (SEPG_FILE__UNLINK)

Definition at line 94 of file sepgsql.h.

#define SEPG_CHR_FILE__WRITE   (SEPG_FILE__WRITE)

Definition at line 91 of file sepgsql.h.

#define SEPG_CLASS_BLK_FILE   5

Definition at line 41 of file sepgsql.h.

#define SEPG_CLASS_CHR_FILE   4

Definition at line 40 of file sepgsql.h.

#define SEPG_CLASS_DB_BLOB   15

Definition at line 51 of file sepgsql.h.

#define SEPG_CLASS_DB_DATABASE   8
#define SEPG_CLASS_DB_LANGUAGE   16

Definition at line 52 of file sepgsql.h.

#define SEPG_CLASS_DB_SEQUENCE   11
#define SEPG_CLASS_DB_TUPLE   14

Definition at line 50 of file sepgsql.h.

#define SEPG_CLASS_DIR   2

Definition at line 38 of file sepgsql.h.

#define SEPG_CLASS_FIFO_FILE   7

Definition at line 43 of file sepgsql.h.

#define SEPG_CLASS_FILE   1

Definition at line 37 of file sepgsql.h.

#define SEPG_CLASS_LNK_FILE   3

Definition at line 39 of file sepgsql.h.

#define SEPG_CLASS_MAX   18

Definition at line 54 of file sepgsql.h.

Referenced by sepgsql_audit_log(), sepgsql_compute_avd(), and sepgsql_compute_create().

#define SEPG_CLASS_PROCESS   0

Definition at line 36 of file sepgsql.h.

Referenced by sepgsql_avc_compute(), sepgsql_fmgr_hook(), and sepgsql_set_client_label().

#define SEPG_CLASS_SOCK_FILE   6

Definition at line 42 of file sepgsql.h.

#define SEPG_DB_BLOB__CREATE   (SEPG_DB_DATABASE__CREATE)

Definition at line 186 of file sepgsql.h.

#define SEPG_DB_BLOB__DROP   (SEPG_DB_DATABASE__DROP)

Definition at line 187 of file sepgsql.h.

#define SEPG_DB_BLOB__EXPORT   (1<<9)

Definition at line 195 of file sepgsql.h.

#define SEPG_DB_BLOB__GETATTR   (SEPG_DB_DATABASE__GETATTR)

Definition at line 188 of file sepgsql.h.

#define SEPG_DB_BLOB__IMPORT   (1<<8)

Definition at line 194 of file sepgsql.h.

#define SEPG_DB_BLOB__READ   (1<<6)

Definition at line 192 of file sepgsql.h.

#define SEPG_DB_BLOB__RELABELFROM   (SEPG_DB_DATABASE__RELABELFROM)

Definition at line 190 of file sepgsql.h.

#define SEPG_DB_BLOB__RELABELTO   (SEPG_DB_DATABASE__RELABELTO)

Definition at line 191 of file sepgsql.h.

#define SEPG_DB_BLOB__SETATTR   (SEPG_DB_DATABASE__SETATTR)

Definition at line 189 of file sepgsql.h.

#define SEPG_DB_BLOB__WRITE   (1<<7)

Definition at line 193 of file sepgsql.h.

#define SEPG_DB_COLUMN__CREATE   (SEPG_DB_DATABASE__CREATE)

Definition at line 169 of file sepgsql.h.

Referenced by sepgsql_attribute_post_create(), and sepgsql_relation_post_create().

#define SEPG_DB_COLUMN__DROP   (SEPG_DB_DATABASE__DROP)

Definition at line 170 of file sepgsql.h.

Referenced by sepgsql_attribute_drop(), and sepgsql_relation_drop().

#define SEPG_DB_COLUMN__GETATTR   (SEPG_DB_DATABASE__GETATTR)

Definition at line 171 of file sepgsql.h.

#define SEPG_DB_COLUMN__INSERT   (1<<8)

Definition at line 177 of file sepgsql.h.

Referenced by check_relation_privileges().

#define SEPG_DB_COLUMN__RELABELFROM   (SEPG_DB_DATABASE__RELABELFROM)

Definition at line 173 of file sepgsql.h.

Referenced by sepgsql_attribute_relabel().

#define SEPG_DB_COLUMN__RELABELTO   (SEPG_DB_DATABASE__RELABELTO)

Definition at line 174 of file sepgsql.h.

#define SEPG_DB_COLUMN__SELECT   (1<<6)

Definition at line 175 of file sepgsql.h.

Referenced by check_relation_privileges().

#define SEPG_DB_COLUMN__SETATTR   (SEPG_DB_DATABASE__SETATTR)

Definition at line 172 of file sepgsql.h.

Referenced by sepgsql_attribute_relabel(), and sepgsql_attribute_setattr().

#define SEPG_DB_COLUMN__UPDATE   (1<<7)

Definition at line 176 of file sepgsql.h.

Referenced by check_relation_privileges().

#define SEPG_DB_DATABASE__ACCESS   (1<<6)

Definition at line 124 of file sepgsql.h.

#define SEPG_DB_DATABASE__CREATE   (1<<0)

Definition at line 118 of file sepgsql.h.

Referenced by sepgsql_database_post_create(), and sepgsql_relation_post_create().

#define SEPG_DB_DATABASE__DROP   (1<<1)

Definition at line 119 of file sepgsql.h.

Referenced by sepgsql_database_drop().

#define SEPG_DB_DATABASE__GETATTR   (1<<2)

Definition at line 120 of file sepgsql.h.

Referenced by sepgsql_database_post_create().

#define SEPG_DB_DATABASE__LOAD_MODULE   (1<<7)

Definition at line 125 of file sepgsql.h.

#define SEPG_DB_DATABASE__RELABELFROM   (1<<4)

Definition at line 122 of file sepgsql.h.

Referenced by sepgsql_database_relabel().

#define SEPG_DB_DATABASE__RELABELTO   (1<<5)

Definition at line 123 of file sepgsql.h.

Referenced by sepgsql_database_relabel().

#define SEPG_DB_DATABASE__SETATTR   (1<<3)

Definition at line 121 of file sepgsql.h.

Referenced by sepgsql_database_relabel(), and sepgsql_database_setattr().

#define SEPG_DB_LANGUAGE__CREATE   (SEPG_DB_DATABASE__CREATE)

Definition at line 197 of file sepgsql.h.

#define SEPG_DB_LANGUAGE__DROP   (SEPG_DB_DATABASE__DROP)

Definition at line 198 of file sepgsql.h.

#define SEPG_DB_LANGUAGE__EXECUTE   (1<<7)

Definition at line 204 of file sepgsql.h.

#define SEPG_DB_LANGUAGE__GETATTR   (SEPG_DB_DATABASE__GETATTR)

Definition at line 199 of file sepgsql.h.

#define SEPG_DB_LANGUAGE__IMPLEMENT   (1<<6)

Definition at line 203 of file sepgsql.h.

#define SEPG_DB_LANGUAGE__RELABELFROM   (SEPG_DB_DATABASE__RELABELFROM)

Definition at line 201 of file sepgsql.h.

#define SEPG_DB_LANGUAGE__RELABELTO   (SEPG_DB_DATABASE__RELABELTO)

Definition at line 202 of file sepgsql.h.

#define SEPG_DB_LANGUAGE__SETATTR   (SEPG_DB_DATABASE__SETATTR)

Definition at line 200 of file sepgsql.h.

#define SEPG_DB_PROCEDURE__CREATE   (SEPG_DB_DATABASE__CREATE)

Definition at line 159 of file sepgsql.h.

Referenced by sepgsql_proc_post_create().

#define SEPG_DB_PROCEDURE__DROP   (SEPG_DB_DATABASE__DROP)

Definition at line 160 of file sepgsql.h.

Referenced by sepgsql_proc_drop().

#define SEPG_DB_PROCEDURE__ENTRYPOINT   (1<<7)

Definition at line 166 of file sepgsql.h.

Referenced by sepgsql_fmgr_hook(), and sepgsql_needs_fmgr_hook().

#define SEPG_DB_PROCEDURE__EXECUTE   (1<<6)

Definition at line 165 of file sepgsql.h.

Referenced by sepgsql_needs_fmgr_hook(), and sepgsql_proc_execute().

#define SEPG_DB_PROCEDURE__GETATTR   (SEPG_DB_DATABASE__GETATTR)

Definition at line 161 of file sepgsql.h.

#define SEPG_DB_PROCEDURE__INSTALL   (1<<8)

Definition at line 167 of file sepgsql.h.

Referenced by sepgsql_proc_post_create(), and sepgsql_proc_setattr().

#define SEPG_DB_PROCEDURE__RELABELFROM   (SEPG_DB_DATABASE__RELABELFROM)

Definition at line 163 of file sepgsql.h.

Referenced by sepgsql_proc_relabel().

#define SEPG_DB_PROCEDURE__RELABELTO   (SEPG_DB_DATABASE__RELABELTO)

Definition at line 164 of file sepgsql.h.

Referenced by sepgsql_attribute_relabel(), and sepgsql_proc_relabel().

#define SEPG_DB_PROCEDURE__SETATTR   (SEPG_DB_DATABASE__SETATTR)

Definition at line 162 of file sepgsql.h.

Referenced by sepgsql_proc_relabel(), and sepgsql_proc_setattr().

#define SEPG_DB_SCHEMA__ADD_NAME   (1<<7)
#define SEPG_DB_SCHEMA__CREATE   (SEPG_DB_DATABASE__CREATE)

Definition at line 127 of file sepgsql.h.

Referenced by sepgsql_schema_post_create().

#define SEPG_DB_SCHEMA__DROP   (SEPG_DB_DATABASE__DROP)

Definition at line 128 of file sepgsql.h.

Referenced by sepgsql_schema_drop().

#define SEPG_DB_SCHEMA__GETATTR   (SEPG_DB_DATABASE__GETATTR)

Definition at line 129 of file sepgsql.h.

#define SEPG_DB_SCHEMA__RELABELFROM   (SEPG_DB_DATABASE__RELABELFROM)

Definition at line 131 of file sepgsql.h.

Referenced by sepgsql_schema_relabel().

#define SEPG_DB_SCHEMA__RELABELTO   (SEPG_DB_DATABASE__RELABELTO)

Definition at line 132 of file sepgsql.h.

Referenced by sepgsql_schema_relabel().

#define SEPG_DB_SCHEMA__REMOVE_NAME   (1<<8)
#define SEPG_DB_SCHEMA__SEARCH   (1<<6)

Definition at line 133 of file sepgsql.h.

Referenced by sepgsql_schema_search().

#define SEPG_DB_SCHEMA__SETATTR   (SEPG_DB_DATABASE__SETATTR)

Definition at line 130 of file sepgsql.h.

Referenced by sepgsql_schema_relabel(), and sepgsql_schema_setattr().

#define SEPG_DB_SEQUENCE__CREATE   (SEPG_DB_DATABASE__CREATE)

Definition at line 149 of file sepgsql.h.

#define SEPG_DB_SEQUENCE__DROP   (SEPG_DB_DATABASE__DROP)

Definition at line 150 of file sepgsql.h.

#define SEPG_DB_SEQUENCE__GET_VALUE   (1<<6)

Definition at line 155 of file sepgsql.h.

Referenced by check_relation_privileges().

#define SEPG_DB_SEQUENCE__GETATTR   (SEPG_DB_DATABASE__GETATTR)

Definition at line 151 of file sepgsql.h.

#define SEPG_DB_SEQUENCE__NEXT_VALUE   (1<<7)

Definition at line 156 of file sepgsql.h.

#define SEPG_DB_SEQUENCE__RELABELFROM   (SEPG_DB_DATABASE__RELABELFROM)

Definition at line 153 of file sepgsql.h.

#define SEPG_DB_SEQUENCE__RELABELTO   (SEPG_DB_DATABASE__RELABELTO)

Definition at line 154 of file sepgsql.h.

#define SEPG_DB_SEQUENCE__SET_VALUE   (1<<8)

Definition at line 157 of file sepgsql.h.

#define SEPG_DB_SEQUENCE__SETATTR   (SEPG_DB_DATABASE__SETATTR)

Definition at line 152 of file sepgsql.h.

#define SEPG_DB_TABLE__CREATE   (SEPG_DB_DATABASE__CREATE)

Definition at line 137 of file sepgsql.h.

#define SEPG_DB_TABLE__DELETE   (1<<9)

Definition at line 146 of file sepgsql.h.

Referenced by check_relation_privileges(), and sepgsql_dml_privileges().

#define SEPG_DB_TABLE__DROP   (SEPG_DB_DATABASE__DROP)

Definition at line 138 of file sepgsql.h.

Referenced by sepgsql_relation_drop().

#define SEPG_DB_TABLE__GETATTR   (SEPG_DB_DATABASE__GETATTR)

Definition at line 139 of file sepgsql.h.

#define SEPG_DB_TABLE__INSERT   (1<<8)

Definition at line 145 of file sepgsql.h.

Referenced by check_relation_privileges(), and sepgsql_dml_privileges().

#define SEPG_DB_TABLE__LOCK   (1<<10)

Definition at line 147 of file sepgsql.h.

Referenced by sepgsql_dml_privileges().

#define SEPG_DB_TABLE__RELABELFROM   (SEPG_DB_DATABASE__RELABELFROM)

Definition at line 141 of file sepgsql.h.

Referenced by sepgsql_relation_relabel().

#define SEPG_DB_TABLE__RELABELTO   (SEPG_DB_DATABASE__RELABELTO)

Definition at line 142 of file sepgsql.h.

Referenced by sepgsql_relation_relabel().

#define SEPG_DB_TABLE__SELECT   (1<<6)

Definition at line 143 of file sepgsql.h.

Referenced by check_relation_privileges(), and sepgsql_dml_privileges().

#define SEPG_DB_TABLE__SETATTR   (SEPG_DB_DATABASE__SETATTR)

Definition at line 140 of file sepgsql.h.

Referenced by sepgsql_relation_relabel(), and sepgsql_relation_setattr().

#define SEPG_DB_TABLE__UPDATE   (1<<7)

Definition at line 144 of file sepgsql.h.

Referenced by check_relation_privileges(), and sepgsql_dml_privileges().

#define SEPG_DB_TUPLE__DELETE   (SEPG_DB_DATABASE__DROP)

Definition at line 184 of file sepgsql.h.

#define SEPG_DB_TUPLE__INSERT   (SEPG_DB_DATABASE__CREATE)

Definition at line 183 of file sepgsql.h.

#define SEPG_DB_TUPLE__RELABELFROM   (SEPG_DB_DATABASE__RELABELFROM)

Definition at line 179 of file sepgsql.h.

#define SEPG_DB_TUPLE__RELABELTO   (SEPG_DB_DATABASE__RELABELTO)

Definition at line 180 of file sepgsql.h.

#define SEPG_DB_TUPLE__SELECT   (SEPG_DB_DATABASE__GETATTR)

Definition at line 181 of file sepgsql.h.

#define SEPG_DB_TUPLE__UPDATE   (SEPG_DB_DATABASE__SETATTR)

Definition at line 182 of file sepgsql.h.

#define SEPG_DB_VIEW__CREATE   (SEPG_DB_DATABASE__CREATE)

Definition at line 206 of file sepgsql.h.

#define SEPG_DB_VIEW__DROP   (SEPG_DB_DATABASE__DROP)

Definition at line 207 of file sepgsql.h.

#define SEPG_DB_VIEW__EXPAND   (1<<6)

Definition at line 212 of file sepgsql.h.

Referenced by check_relation_privileges().

#define SEPG_DB_VIEW__GETATTR   (SEPG_DB_DATABASE__GETATTR)

Definition at line 208 of file sepgsql.h.

#define SEPG_DB_VIEW__RELABELFROM   (SEPG_DB_DATABASE__RELABELFROM)

Definition at line 210 of file sepgsql.h.

#define SEPG_DB_VIEW__RELABELTO   (SEPG_DB_DATABASE__RELABELTO)

Definition at line 211 of file sepgsql.h.

#define SEPG_DB_VIEW__SETATTR   (SEPG_DB_DATABASE__SETATTR)

Definition at line 209 of file sepgsql.h.

#define SEPG_DIR__ADD_NAME   (1<<7)

Definition at line 78 of file sepgsql.h.

#define SEPG_DIR__CREATE   (SEPG_FILE__CREATE)

Definition at line 73 of file sepgsql.h.

#define SEPG_DIR__GETATTR   (SEPG_FILE__GETATTR)

Definition at line 74 of file sepgsql.h.

#define SEPG_DIR__READ   (SEPG_FILE__READ)

Definition at line 71 of file sepgsql.h.

#define SEPG_DIR__REMOVE_NAME   (1<<8)

Definition at line 79 of file sepgsql.h.

#define SEPG_DIR__RENAME   (SEPG_FILE__RENAME)

Definition at line 76 of file sepgsql.h.

#define SEPG_DIR__REPARENT   (1<<10)

Definition at line 81 of file sepgsql.h.

#define SEPG_DIR__RMDIR   (1<<9)

Definition at line 80 of file sepgsql.h.

#define SEPG_DIR__SEARCH   (1<<6)

Definition at line 77 of file sepgsql.h.

#define SEPG_DIR__UNLINK   (SEPG_FILE__UNLINK)

Definition at line 75 of file sepgsql.h.

#define SEPG_DIR__WRITE   (SEPG_FILE__WRITE)

Definition at line 72 of file sepgsql.h.

#define SEPG_FIFO_FILE__CREATE   (SEPG_FILE__CREATE)

Definition at line 113 of file sepgsql.h.

#define SEPG_FIFO_FILE__GETATTR   (SEPG_FILE__GETATTR)

Definition at line 114 of file sepgsql.h.

#define SEPG_FIFO_FILE__READ   (SEPG_FILE__READ)

Definition at line 111 of file sepgsql.h.

#define SEPG_FIFO_FILE__RENAME   (SEPG_FILE__RENAME)

Definition at line 116 of file sepgsql.h.

#define SEPG_FIFO_FILE__UNLINK   (SEPG_FILE__UNLINK)

Definition at line 115 of file sepgsql.h.

#define SEPG_FIFO_FILE__WRITE   (SEPG_FILE__WRITE)

Definition at line 112 of file sepgsql.h.

#define SEPG_FILE__APPEND   (1<<6)

Definition at line 69 of file sepgsql.h.

#define SEPG_FILE__CREATE   (1<<2)

Definition at line 65 of file sepgsql.h.

#define SEPG_FILE__GETATTR   (1<<3)

Definition at line 66 of file sepgsql.h.

#define SEPG_FILE__READ   (1<<0)

Definition at line 63 of file sepgsql.h.

#define SEPG_FILE__RENAME   (1<<5)

Definition at line 68 of file sepgsql.h.

#define SEPG_FILE__UNLINK   (1<<4)

Definition at line 67 of file sepgsql.h.

#define SEPG_FILE__WRITE   (1<<1)

Definition at line 64 of file sepgsql.h.

#define SEPG_LNK_FILE__CREATE   (SEPG_FILE__CREATE)

Definition at line 85 of file sepgsql.h.

#define SEPG_LNK_FILE__GETATTR   (SEPG_FILE__GETATTR)

Definition at line 86 of file sepgsql.h.

#define SEPG_LNK_FILE__READ   (SEPG_FILE__READ)

Definition at line 83 of file sepgsql.h.

#define SEPG_LNK_FILE__RENAME   (SEPG_FILE__RENAME)

Definition at line 88 of file sepgsql.h.

#define SEPG_LNK_FILE__UNLINK   (SEPG_FILE__UNLINK)

Definition at line 87 of file sepgsql.h.

#define SEPG_LNK_FILE__WRITE   (SEPG_FILE__WRITE)

Definition at line 84 of file sepgsql.h.

#define SEPG_PROCESS__DYNTRANSITION   (1<<1)

Definition at line 60 of file sepgsql.h.

Referenced by sepgsql_set_client_label().

#define SEPG_PROCESS__SETCURRENT   (1<<2)

Definition at line 61 of file sepgsql.h.

Referenced by sepgsql_set_client_label().

#define SEPG_PROCESS__TRANSITION   (1<<0)

Definition at line 59 of file sepgsql.h.

Referenced by sepgsql_fmgr_hook().

#define SEPG_SOCK_FILE__CREATE   (SEPG_FILE__CREATE)

Definition at line 106 of file sepgsql.h.

#define SEPG_SOCK_FILE__GETATTR   (SEPG_FILE__GETATTR)

Definition at line 107 of file sepgsql.h.

#define SEPG_SOCK_FILE__READ   (SEPG_FILE__READ)

Definition at line 104 of file sepgsql.h.

#define SEPG_SOCK_FILE__RENAME   (SEPG_FILE__RENAME)

Definition at line 109 of file sepgsql.h.

#define SEPG_SOCK_FILE__UNLINK   (SEPG_FILE__UNLINK)

Definition at line 108 of file sepgsql.h.

#define SEPG_SOCK_FILE__WRITE   (SEPG_FILE__WRITE)

Definition at line 105 of file sepgsql.h.

#define SEPGSQL_AVC_NOAUDIT   ((void *)(-1))

Definition at line 255 of file sepgsql.h.

Referenced by sepgsql_avc_check_perms_label(), and sepgsql_needs_fmgr_hook().

#define SEPGSQL_MODE_DEFAULT   1

Definition at line 28 of file sepgsql.h.

Referenced by sepgsql_client_auth(), and sepgsql_getenforce().

#define SEPGSQL_MODE_DISABLED   4

Definition at line 31 of file sepgsql.h.

Referenced by _PG_init(), and sepgsql_is_enabled().

#define SEPGSQL_MODE_INTERNAL   3

Definition at line 30 of file sepgsql.h.

Referenced by sepgsql_avc_check_perms_label(), and sepgsql_check_perms().

#define SEPGSQL_MODE_PERMISSIVE   2

Definition at line 29 of file sepgsql.h.

Referenced by sepgsql_client_auth().

Function Documentation

void sepgsql_attribute_drop ( Oid  relOid,
AttrNumber  attnum 
)

Definition at line 135 of file relation.c.

References get_rel_relkind(), getObjectIdentity(), pfree(), RelationRelationId, RELKIND_PARTITIONED_TABLE, RELKIND_RELATION, SEPG_CLASS_DB_COLUMN, SEPG_DB_COLUMN__DROP, and sepgsql_avc_check_perms().

Referenced by sepgsql_object_access().

136 {
137  ObjectAddress object;
138  char *audit_name;
139  char relkind = get_rel_relkind(relOid);
140 
141  if (relkind != RELKIND_RELATION && relkind != RELKIND_PARTITIONED_TABLE)
142  return;
143 
144  /*
145  * check db_column:{drop} permission
146  */
147  object.classId = RelationRelationId;
148  object.objectId = relOid;
149  object.objectSubId = attnum;
150  audit_name = getObjectIdentity(&object);
151 
152  sepgsql_avc_check_perms(&object,
155  audit_name,
156  true);
157  pfree(audit_name);
158 }
#define SEPG_CLASS_DB_COLUMN
Definition: sepgsql.h:49
char get_rel_relkind(Oid relid)
Definition: lsyscache.c:1801
#define RelationRelationId
Definition: pg_class.h:29
bool sepgsql_avc_check_perms(const ObjectAddress *tobject, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:428
void pfree(void *pointer)
Definition: mcxt.c:950
char * getObjectIdentity(const ObjectAddress *object)
#define RELKIND_PARTITIONED_TABLE
Definition: pg_class.h:168
#define SEPG_DB_COLUMN__DROP
Definition: sepgsql.h:170
#define RELKIND_RELATION
Definition: pg_class.h:160
void sepgsql_attribute_post_create ( Oid  relOid,
AttrNumber  attnum 
)

Definition at line 45 of file relation.c.

References AccessShareLock, Anum_pg_attribute_attnum, Anum_pg_attribute_attrelid, appendStringInfo(), AttributeRelationId, AttributeRelidNumIndexId, BTEqualStrategyNumber, StringInfoData::data, elog, ERROR, get_rel_relkind(), getObjectIdentity(), GETSTRUCT, heap_close, heap_open(), HeapTupleIsValid, initStringInfo(), Int16GetDatum, NameStr, ObjectIdGetDatum, pfree(), quote_identifier(), RelationRelationId, RELKIND_PARTITIONED_TABLE, RELKIND_RELATION, ScanKeyInit(), SEPG_CLASS_DB_COLUMN, SEPG_DB_COLUMN__CREATE, sepgsql_avc_check_perms_label(), sepgsql_compute_create(), sepgsql_get_client_label(), sepgsql_get_label(), SEPGSQL_LABEL_TAG, SetSecurityLabel(), SnapshotSelf, systable_beginscan(), systable_endscan(), and systable_getnext().

Referenced by sepgsql_object_access().

46 {
47  Relation rel;
48  ScanKeyData skey[2];
49  SysScanDesc sscan;
50  HeapTuple tuple;
51  char *scontext;
52  char *tcontext;
53  char *ncontext;
54  ObjectAddress object;
55  Form_pg_attribute attForm;
56  StringInfoData audit_name;
57  char relkind = get_rel_relkind(relOid);
58 
59  /*
60  * Only attributes within regular relations or partition relations have
61  * individual security labels.
62  */
63  if (relkind != RELKIND_RELATION && relkind != RELKIND_PARTITIONED_TABLE)
64  return;
65 
66  /*
67  * Compute a default security label of the new column underlying the
68  * specified relation, and check permission to create it.
69  */
71 
72  ScanKeyInit(&skey[0],
74  BTEqualStrategyNumber, F_OIDEQ,
75  ObjectIdGetDatum(relOid));
76  ScanKeyInit(&skey[1],
78  BTEqualStrategyNumber, F_INT2EQ,
79  Int16GetDatum(attnum));
80 
82  SnapshotSelf, 2, &skey[0]);
83 
84  tuple = systable_getnext(sscan);
85  if (!HeapTupleIsValid(tuple))
86  elog(ERROR, "could not find tuple for column %d of relation %u",
87  attnum, relOid);
88 
89  attForm = (Form_pg_attribute) GETSTRUCT(tuple);
90 
91  scontext = sepgsql_get_client_label();
92  tcontext = sepgsql_get_label(RelationRelationId, relOid, 0);
93  ncontext = sepgsql_compute_create(scontext, tcontext,
95  NameStr(attForm->attname));
96 
97  /*
98  * check db_column:{create} permission
99  */
100  object.classId = RelationRelationId;
101  object.objectId = relOid;
102  object.objectSubId = 0;
103 
104  initStringInfo(&audit_name);
105  appendStringInfo(&audit_name, "%s.%s",
106  getObjectIdentity(&object),
107  quote_identifier(NameStr(attForm->attname)));
111  audit_name.data,
112  true);
113 
114  /*
115  * Assign the default security label on a new procedure
116  */
117  object.classId = RelationRelationId;
118  object.objectId = relOid;
119  object.objectSubId = attnum;
120  SetSecurityLabel(&object, SEPGSQL_LABEL_TAG, ncontext);
121 
122  systable_endscan(sscan);
124 
125  pfree(tcontext);
126  pfree(ncontext);
127 }
#define AttributeRelidNumIndexId
Definition: indexing.h:94
bool sepgsql_avc_check_perms_label(const char *tcontext, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:346
#define Anum_pg_attribute_attrelid
Definition: pg_attribute.h:195
void systable_endscan(SysScanDesc sysscan)
Definition: genam.c:499
#define GETSTRUCT(TUP)
Definition: htup_details.h:656
#define SEPG_CLASS_DB_COLUMN
Definition: sepgsql.h:49
void SetSecurityLabel(const ObjectAddress *object, const char *provider, const char *label)
Definition: seclabel.c:327
const char * quote_identifier(const char *ident)
Definition: ruleutils.c:10280
#define Anum_pg_attribute_attnum
Definition: pg_attribute.h:200
char get_rel_relkind(Oid relid)
Definition: lsyscache.c:1801
#define RelationRelationId
Definition: pg_class.h:29
char * sepgsql_get_label(Oid classId, Oid objectId, int32 subId)
Definition: label.c:463
#define Int16GetDatum(X)
Definition: postgres.h:457
#define AccessShareLock
Definition: lockdefs.h:36
#define AttributeRelationId
Definition: pg_attribute.h:33
#define heap_close(r, l)
Definition: heapam.h:97
SysScanDesc systable_beginscan(Relation heapRelation, Oid indexId, bool indexOK, Snapshot snapshot, int nkeys, ScanKey key)
Definition: genam.c:328
HeapTuple systable_getnext(SysScanDesc sysscan)
Definition: genam.c:416
void pfree(void *pointer)
Definition: mcxt.c:950
void appendStringInfo(StringInfo str, const char *fmt,...)
Definition: stringinfo.c:78
#define ObjectIdGetDatum(X)
Definition: postgres.h:513
#define ERROR
Definition: elog.h:43
char * getObjectIdentity(const ObjectAddress *object)
#define SEPGSQL_LABEL_TAG
Definition: sepgsql.h:23
FormData_pg_attribute * Form_pg_attribute
Definition: pg_attribute.h:187
#define SnapshotSelf
Definition: tqual.h:27
void initStringInfo(StringInfo str)
Definition: stringinfo.c:46
#define RELKIND_PARTITIONED_TABLE
Definition: pg_class.h:168
Relation heap_open(Oid relationId, LOCKMODE lockmode)
Definition: heapam.c:1284
#define SEPG_DB_COLUMN__CREATE
Definition: sepgsql.h:169
#define HeapTupleIsValid(tuple)
Definition: htup.h:77
char * sepgsql_get_client_label(void)
Definition: label.c:91
char * sepgsql_compute_create(const char *scontext, const char *tcontext, uint16 tclass, const char *objname)
Definition: selinux.c:837
#define NameStr(name)
Definition: c.h:499
void ScanKeyInit(ScanKey entry, AttrNumber attributeNumber, StrategyNumber strategy, RegProcedure procedure, Datum argument)
Definition: scankey.c:76
#define elog
Definition: elog.h:219
#define RELKIND_RELATION
Definition: pg_class.h:160
#define BTEqualStrategyNumber
Definition: stratnum.h:31
void sepgsql_attribute_relabel ( Oid  relOid,
AttrNumber  attnum,
const char *  seclabel 
)

Definition at line 167 of file relation.c.

References ereport, errcode(), errmsg(), ERROR, get_rel_relkind(), getObjectIdentity(), pfree(), RelationRelationId, RELKIND_PARTITIONED_TABLE, RELKIND_RELATION, SEPG_CLASS_DB_COLUMN, SEPG_DB_COLUMN__RELABELFROM, SEPG_DB_COLUMN__SETATTR, SEPG_DB_PROCEDURE__RELABELTO, sepgsql_avc_check_perms(), and sepgsql_avc_check_perms_label().

Referenced by sepgsql_object_relabel().

169 {
170  ObjectAddress object;
171  char *audit_name;
172  char relkind = get_rel_relkind(relOid);
173 
174  if (relkind != RELKIND_RELATION && relkind != RELKIND_PARTITIONED_TABLE)
175  ereport(ERROR,
176  (errcode(ERRCODE_WRONG_OBJECT_TYPE),
177  errmsg("cannot set security label on non-regular columns")));
178 
179  object.classId = RelationRelationId;
180  object.objectId = relOid;
181  object.objectSubId = attnum;
182  audit_name = getObjectIdentity(&object);
183 
184  /*
185  * check db_column:{setattr relabelfrom} permission
186  */
187  sepgsql_avc_check_perms(&object,
191  audit_name,
192  true);
193 
194  /*
195  * check db_column:{relabelto} permission
196  */
200  audit_name,
201  true);
202  pfree(audit_name);
203 }
bool sepgsql_avc_check_perms_label(const char *tcontext, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:346
#define SEPG_CLASS_DB_COLUMN
Definition: sepgsql.h:49
#define SEPG_DB_COLUMN__SETATTR
Definition: sepgsql.h:172
char get_rel_relkind(Oid relid)
Definition: lsyscache.c:1801
#define RelationRelationId
Definition: pg_class.h:29
bool sepgsql_avc_check_perms(const ObjectAddress *tobject, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:428
int errcode(int sqlerrcode)
Definition: elog.c:575
#define SEPG_DB_COLUMN__RELABELFROM
Definition: sepgsql.h:173
void pfree(void *pointer)
Definition: mcxt.c:950
#define ERROR
Definition: elog.h:43
char * getObjectIdentity(const ObjectAddress *object)
#define SEPG_DB_PROCEDURE__RELABELTO
Definition: sepgsql.h:164
#define ereport(elevel, rest)
Definition: elog.h:122
#define RELKIND_PARTITIONED_TABLE
Definition: pg_class.h:168
int errmsg(const char *fmt,...)
Definition: elog.c:797
#define RELKIND_RELATION
Definition: pg_class.h:160
void sepgsql_attribute_setattr ( Oid  relOid,
AttrNumber  attnum 
)

Definition at line 211 of file relation.c.

References get_rel_relkind(), getObjectIdentity(), pfree(), RelationRelationId, RELKIND_PARTITIONED_TABLE, RELKIND_RELATION, SEPG_CLASS_DB_COLUMN, SEPG_DB_COLUMN__SETATTR, and sepgsql_avc_check_perms().

Referenced by sepgsql_object_access().

212 {
213  ObjectAddress object;
214  char *audit_name;
215  char relkind = get_rel_relkind(relOid);
216 
217  if (relkind != RELKIND_RELATION && relkind != RELKIND_PARTITIONED_TABLE)
218  return;
219 
220  /*
221  * check db_column:{setattr} permission
222  */
223  object.classId = RelationRelationId;
224  object.objectId = relOid;
225  object.objectSubId = attnum;
226  audit_name = getObjectIdentity(&object);
227 
228  sepgsql_avc_check_perms(&object,
231  audit_name,
232  true);
233  pfree(audit_name);
234 }
#define SEPG_CLASS_DB_COLUMN
Definition: sepgsql.h:49
#define SEPG_DB_COLUMN__SETATTR
Definition: sepgsql.h:172
char get_rel_relkind(Oid relid)
Definition: lsyscache.c:1801
#define RelationRelationId
Definition: pg_class.h:29
bool sepgsql_avc_check_perms(const ObjectAddress *tobject, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:428
void pfree(void *pointer)
Definition: mcxt.c:950
char * getObjectIdentity(const ObjectAddress *object)
#define RELKIND_PARTITIONED_TABLE
Definition: pg_class.h:168
#define RELKIND_RELATION
Definition: pg_class.h:160
void sepgsql_audit_log ( bool  denied,
const char *  scontext,
const char *  tcontext,
uint16  tclass,
uint32  audited,
const char *  audit_name 
)

Definition at line 677 of file selinux.c.

References appendStringInfo(), Assert, av_name, buf, class_name, StringInfoData::data, ereport, errmsg(), i, initStringInfo(), LOG, selinux_catalog, and SEPG_CLASS_MAX.

Referenced by sepgsql_avc_check_perms_label(), and sepgsql_check_perms().

683 {
685  const char *class_name;
686  const char *av_name;
687  int i;
688 
689  /* lookup name of the object class */
690  Assert(tclass < SEPG_CLASS_MAX);
691  class_name = selinux_catalog[tclass].class_name;
692 
693  /* lookup name of the permissions */
694  initStringInfo(&buf);
695  appendStringInfo(&buf, "%s {",
696  (denied ? "denied" : "allowed"));
697  for (i = 0; selinux_catalog[tclass].av[i].av_name; i++)
698  {
699  if (audited & (1UL << i))
700  {
701  av_name = selinux_catalog[tclass].av[i].av_name;
702  appendStringInfo(&buf, " %s", av_name);
703  }
704  }
705  appendStringInfo(&buf, " }");
706 
707  /*
708  * Call external audit module, if loaded
709  */
710  appendStringInfo(&buf, " scontext=%s tcontext=%s tclass=%s",
711  scontext, tcontext, class_name);
712  if (audit_name)
713  appendStringInfo(&buf, " name=\"%s\"", audit_name);
714 
715  ereport(LOG, (errmsg("SELinux: %s", buf.data)));
716 }
#define SEPG_CLASS_MAX
Definition: sepgsql.h:54
const char * av_name
Definition: selinux.c:36
#define LOG
Definition: elog.h:26
void appendStringInfo(StringInfo str, const char *fmt,...)
Definition: stringinfo.c:78
static char * buf
Definition: pg_test_fsync.c:66
static struct @18 selinux_catalog[]
#define ereport(elevel, rest)
Definition: elog.h:122
void initStringInfo(StringInfo str)
Definition: stringinfo.c:46
#define Assert(condition)
Definition: c.h:675
const char * class_name
Definition: selinux.c:32
int errmsg(const char *fmt,...)
Definition: elog.c:797
int i
bool sepgsql_avc_check_perms ( const ObjectAddress tobject,
uint16  tclass,
uint32  required,
const char *  audit_name,
bool  abort_on_violation 
)

Definition at line 428 of file uavc.c.

References GetSecurityLabel(), pfree(), sepgsql_avc_check_perms_label(), and SEPGSQL_LABEL_TAG.

Referenced by check_relation_privileges(), check_schema_perms(), sepgsql_attribute_drop(), sepgsql_attribute_relabel(), sepgsql_attribute_setattr(), sepgsql_database_drop(), sepgsql_database_relabel(), sepgsql_database_setattr(), sepgsql_fmgr_hook(), sepgsql_needs_fmgr_hook(), sepgsql_proc_drop(), sepgsql_proc_execute(), sepgsql_proc_post_create(), sepgsql_proc_relabel(), sepgsql_proc_setattr(), sepgsql_relation_drop(), sepgsql_relation_post_create(), sepgsql_relation_relabel(), sepgsql_relation_setattr(), sepgsql_schema_drop(), and sepgsql_schema_relabel().

432 {
433  char *tcontext = GetSecurityLabel(tobject, SEPGSQL_LABEL_TAG);
434  bool rc;
435 
436  rc = sepgsql_avc_check_perms_label(tcontext,
437  tclass, required,
438  audit_name, abort_on_violation);
439  if (tcontext)
440  pfree(tcontext);
441 
442  return rc;
443 }
void pfree(void *pointer)
Definition: mcxt.c:950
char * GetSecurityLabel(const ObjectAddress *object, const char *provider)
Definition: seclabel.c:195
#define SEPGSQL_LABEL_TAG
Definition: sepgsql.h:23
bool sepgsql_avc_check_perms_label(const char *tcontext, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:346
bool sepgsql_avc_check_perms_label ( const char *  tcontext,
uint16  tclass,
uint32  required,
const char *  audit_name,
bool  abort_on_violation 
)

Definition at line 346 of file uavc.c.

References avc_cache::allowed, avc_cache::auditallow, avc_cache::auditdeny, ereport, errcode(), errmsg(), ERROR, avc_cache::permissive, result, avc_cache::scontext, sepgsql_audit_log(), sepgsql_avc_check_valid(), sepgsql_avc_lookup(), SEPGSQL_AVC_NOAUDIT, sepgsql_avc_unlabeled(), sepgsql_get_client_label(), sepgsql_get_debug_audit(), sepgsql_get_mode(), sepgsql_getenforce(), SEPGSQL_MODE_INTERNAL, avc_cache::tclass, avc_cache::tcontext, and avc_cache::tcontext_is_valid.

Referenced by sepgsql_attribute_post_create(), sepgsql_attribute_relabel(), sepgsql_avc_check_perms(), sepgsql_database_post_create(), sepgsql_database_relabel(), sepgsql_fmgr_hook(), sepgsql_proc_post_create(), sepgsql_proc_relabel(), sepgsql_relation_post_create(), sepgsql_relation_relabel(), sepgsql_schema_post_create(), sepgsql_schema_relabel(), and sepgsql_set_client_label().

350 {
351  char *scontext = sepgsql_get_client_label();
352  avc_cache *cache;
353  uint32 denied;
354  uint32 audited;
355  bool result;
356 
358  do
359  {
360  result = true;
361 
362  /*
363  * If the target object is unlabeled, we perform the check using the
364  * label supplied by sepgsql_avc_unlabeled().
365  */
366  if (tcontext)
367  cache = sepgsql_avc_lookup(scontext, tcontext, tclass);
368  else
369  cache = sepgsql_avc_lookup(scontext,
370  sepgsql_avc_unlabeled(), tclass);
371 
372  denied = required & ~cache->allowed;
373 
374  /*
375  * Compute permissions to be audited
376  */
378  audited = (denied ? (denied & ~0) : (required & ~0));
379  else
380  audited = denied ? (denied & cache->auditdeny)
381  : (required & cache->auditallow);
382 
383  if (denied)
384  {
385  /*
386  * In permissive mode or permissive domain, violated permissions
387  * shall be audited to the log files at once, and then implicitly
388  * allowed to avoid a flood of access denied logs, because the
389  * purpose of permissive mode/domain is to collect a violation log
390  * that will make it possible to fix up the security policy.
391  */
392  if (!sepgsql_getenforce() || cache->permissive)
393  cache->allowed |= required;
394  else
395  result = false;
396  }
397  } while (!sepgsql_avc_check_valid());
398 
399  /*
400  * In the case when we have something auditable actions here,
401  * sepgsql_audit_log shall be called with text representation of security
402  * labels for both of subject and object. It records this access
403  * violation, so DBA will be able to find out unexpected security problems
404  * later.
405  */
406  if (audited != 0 &&
407  audit_name != SEPGSQL_AVC_NOAUDIT &&
409  {
410  sepgsql_audit_log(denied != 0,
411  cache->scontext,
412  cache->tcontext_is_valid ?
413  cache->tcontext : sepgsql_avc_unlabeled(),
414  cache->tclass,
415  audited,
416  audit_name);
417  }
418 
419  if (abort_on_violation && !result)
420  ereport(ERROR,
421  (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
422  errmsg("SELinux: security policy violation")));
423 
424  return result;
425 }
#define SEPGSQL_MODE_INTERNAL
Definition: sepgsql.h:30
bool permissive
Definition: uavc.c:42
Definition: uavc.c:31
int errcode(int sqlerrcode)
Definition: elog.c:575
bool sepgsql_getenforce(void)
Definition: selinux.c:648
static char * sepgsql_avc_unlabeled(void)
Definition: uavc.c:176
return result
Definition: formatting.c:1632
uint32 allowed
Definition: uavc.c:38
uint32 auditallow
Definition: uavc.c:39
static avc_cache * sepgsql_avc_lookup(const char *scontext, const char *tcontext, uint16 tclass)
Definition: uavc.c:306
#define SEPGSQL_AVC_NOAUDIT
Definition: sepgsql.h:255
uint16 tclass
Definition: uavc.c:36
int sepgsql_get_mode(void)
Definition: selinux.c:622
bool tcontext_is_valid
Definition: uavc.c:44
#define ERROR
Definition: elog.h:43
void sepgsql_audit_log(bool denied, const char *scontext, const char *tcontext, uint16 tclass, uint32 audited, const char *audit_name)
Definition: selinux.c:677
char * tcontext
Definition: uavc.c:35
bool sepgsql_get_debug_audit(void)
Definition: hooks.c:76
char * scontext
Definition: uavc.c:34
unsigned int uint32
Definition: c.h:268
#define ereport(elevel, rest)
Definition: elog.h:122
char * sepgsql_get_client_label(void)
Definition: label.c:91
static bool sepgsql_avc_check_valid(void)
Definition: uavc.c:158
uint32 auditdeny
Definition: uavc.c:40
int errmsg(const char *fmt,...)
Definition: elog.c:797
void sepgsql_avc_init ( void  )

Definition at line 496 of file uavc.c.

References ALLOCSET_DEFAULT_SIZES, AllocSetContextCreate(), AVC_DEF_THRESHOLD, avc_lru_hint, avc_num_caches, avc_threshold, ereport, errcode(), errmsg(), ERROR, LOG, on_proc_exit(), sepgsql_avc_exit(), and TopMemoryContext.

Referenced by _PG_init().

497 {
498  int rc;
499 
500  /*
501  * All the avc stuff shall be allocated in avc_mem_cxt
502  */
504  "userspace access vector cache",
506  memset(avc_slots, 0, sizeof(avc_slots));
507  avc_num_caches = 0;
508  avc_lru_hint = 0;
510 
511  /*
512  * SELinux allows to mmap(2) its kernel status page in read-only mode to
513  * inform userspace applications its status updating (such as policy
514  * reloading) without system-call invocations. This feature is only
515  * supported in Linux-2.6.38 or later, however, libselinux provides a
516  * fallback mode to know its status using netlink sockets.
517  */
518  rc = selinux_status_open(1);
519  if (rc < 0)
520  ereport(ERROR,
521  (errcode(ERRCODE_INTERNAL_ERROR),
522  errmsg("SELinux: could not open selinux status : %m")));
523  else if (rc > 0)
524  ereport(LOG,
525  (errmsg("SELinux: kernel status page uses fallback mode")));
526 
527  /* Arrange to close selinux status page on process exit. */
529 }
#define AVC_DEF_THRESHOLD
Definition: uavc.c:55
void on_proc_exit(pg_on_exit_callback function, Datum arg)
Definition: ipc.c:292
int errcode(int sqlerrcode)
Definition: elog.c:575
#define LOG
Definition: elog.h:26
static MemoryContext avc_mem_cxt
Definition: uavc.c:57
#define ERROR
Definition: elog.h:43
#define ALLOCSET_DEFAULT_SIZES
Definition: memutils.h:165
static void sepgsql_avc_exit(int code, Datum arg)
Definition: uavc.c:485
static int avc_lru_hint
Definition: uavc.c:60
#define ereport(elevel, rest)
Definition: elog.h:122
MemoryContext TopMemoryContext
Definition: mcxt.c:43
static int avc_num_caches
Definition: uavc.c:59
MemoryContext AllocSetContextCreate(MemoryContext parent, const char *name, Size minContextSize, Size initBlockSize, Size maxBlockSize)
Definition: aset.c:322
static List * avc_slots[AVC_NUM_SLOTS]
Definition: uavc.c:58
int errmsg(const char *fmt,...)
Definition: elog.c:797
static int avc_threshold
Definition: uavc.c:61
char* sepgsql_avc_trusted_proc ( Oid  functionId)

Definition at line 453 of file uavc.c.

References ObjectAddress::classId, GetSecurityLabel(), avc_cache::ncontext, ObjectAddress::objectId, ObjectAddress::objectSubId, ProcedureRelationId, SEPG_CLASS_DB_PROCEDURE, sepgsql_avc_check_valid(), sepgsql_avc_lookup(), sepgsql_avc_unlabeled(), sepgsql_get_client_label(), and SEPGSQL_LABEL_TAG.

Referenced by sepgsql_fmgr_hook(), and sepgsql_needs_fmgr_hook().

454 {
455  char *scontext = sepgsql_get_client_label();
456  char *tcontext;
457  ObjectAddress tobject;
458  avc_cache *cache;
459 
460  tobject.classId = ProcedureRelationId;
461  tobject.objectId = functionId;
462  tobject.objectSubId = 0;
463  tcontext = GetSecurityLabel(&tobject, SEPGSQL_LABEL_TAG);
464 
466  do
467  {
468  if (tcontext)
469  cache = sepgsql_avc_lookup(scontext, tcontext,
471  else
472  cache = sepgsql_avc_lookup(scontext, sepgsql_avc_unlabeled(),
474  } while (!sepgsql_avc_check_valid());
475 
476  return cache->ncontext;
477 }
char * ncontext
Definition: uavc.c:46
#define ProcedureRelationId
Definition: pg_proc.h:33
Definition: uavc.c:31
static char * sepgsql_avc_unlabeled(void)
Definition: uavc.c:176
static avc_cache * sepgsql_avc_lookup(const char *scontext, const char *tcontext, uint16 tclass)
Definition: uavc.c:306
char * GetSecurityLabel(const ObjectAddress *object, const char *provider)
Definition: seclabel.c:195
#define SEPG_CLASS_DB_PROCEDURE
Definition: sepgsql.h:48
#define SEPGSQL_LABEL_TAG
Definition: sepgsql.h:23
char * sepgsql_get_client_label(void)
Definition: label.c:91
static bool sepgsql_avc_check_valid(void)
Definition: uavc.c:158
bool sepgsql_check_perms ( const char *  scontext,
const char *  tcontext,
uint16  tclass,
uint32  required,
const char *  audit_name,
bool  abort_on_violation 
)

Definition at line 902 of file selinux.c.

References ereport, errcode(), errmsg(), ERROR, result, sepgsql_audit_log(), sepgsql_compute_avd(), sepgsql_get_debug_audit(), sepgsql_getenforce(), sepgsql_mode, and SEPGSQL_MODE_INTERNAL.

908 {
909  struct av_decision avd;
910  uint32 denied;
911  uint32 audited;
912  bool result = true;
913 
914  sepgsql_compute_avd(scontext, tcontext, tclass, &avd);
915 
916  denied = required & ~avd.allowed;
917 
919  audited = (denied ? denied : required);
920  else
921  audited = (denied ? (denied & avd.auditdeny)
922  : (required & avd.auditallow));
923 
924  if (denied &&
925  sepgsql_getenforce() > 0 &&
926  (avd.flags & SELINUX_AVD_FLAGS_PERMISSIVE) == 0)
927  result = false;
928 
929  /*
930  * It records a security audit for the request, if needed. But, when
931  * SE-PgSQL performs 'internal' mode, it needs to keep silent.
932  */
933  if (audited && sepgsql_mode != SEPGSQL_MODE_INTERNAL)
934  {
935  sepgsql_audit_log(denied,
936  scontext,
937  tcontext,
938  tclass,
939  audited,
940  audit_name);
941  }
942 
943  if (!result && abort_on_violation)
944  ereport(ERROR,
945  (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
946  errmsg("SELinux: security policy violation")));
947  return result;
948 }
#define SEPGSQL_MODE_INTERNAL
Definition: sepgsql.h:30
static int sepgsql_mode
Definition: selinux.c:607
void sepgsql_compute_avd(const char *scontext, const char *tcontext, uint16 tclass, struct av_decision *avd)
Definition: selinux.c:732
int errcode(int sqlerrcode)
Definition: elog.c:575
bool sepgsql_getenforce(void)
Definition: selinux.c:648
return result
Definition: formatting.c:1632
#define ERROR
Definition: elog.h:43
void sepgsql_audit_log(bool denied, const char *scontext, const char *tcontext, uint16 tclass, uint32 audited, const char *audit_name)
Definition: selinux.c:677
bool sepgsql_get_debug_audit(void)
Definition: hooks.c:76
unsigned int uint32
Definition: c.h:268
#define ereport(elevel, rest)
Definition: elog.h:122
int errmsg(const char *fmt,...)
Definition: elog.c:797
void sepgsql_compute_avd ( const char *  scontext,
const char *  tcontext,
uint16  tclass,
struct av_decision *  avd 
)

Definition at line 732 of file selinux.c.

References Assert, av_code, av_name, class_code, ereport, errcode(), errmsg(), ERROR, i, selinux_catalog, and SEPG_CLASS_MAX.

Referenced by sepgsql_avc_compute(), and sepgsql_check_perms().

736 {
737  const char *tclass_name;
738  security_class_t tclass_ex;
739  struct av_decision avd_ex;
740  int i,
741  deny_unknown = security_deny_unknown();
742 
743  /* Get external code of the object class */
744  Assert(tclass < SEPG_CLASS_MAX);
745  Assert(tclass == selinux_catalog[tclass].class_code);
746 
747  tclass_name = selinux_catalog[tclass].class_name;
748  tclass_ex = string_to_security_class(tclass_name);
749 
750  if (tclass_ex == 0)
751  {
752  /*
753  * If the current security policy does not support permissions
754  * corresponding to database objects, we fill up them with dummy data.
755  * If security_deny_unknown() returns positive value, undefined
756  * permissions should be denied. Otherwise, allowed
757  */
758  avd->allowed = (security_deny_unknown() > 0 ? 0 : ~0);
759  avd->auditallow = 0U;
760  avd->auditdeny = ~0U;
761  avd->flags = 0;
762 
763  return;
764  }
765 
766  /*
767  * Ask SELinux what is allowed set of permissions on a pair of the
768  * security contexts and the given object class.
769  */
770  if (security_compute_av_flags_raw((security_context_t) scontext,
771  (security_context_t) tcontext,
772  tclass_ex, 0, &avd_ex) < 0)
773  ereport(ERROR,
774  (errcode(ERRCODE_INTERNAL_ERROR),
775  errmsg("SELinux could not compute av_decision: "
776  "scontext=%s tcontext=%s tclass=%s: %m",
777  scontext, tcontext, tclass_name)));
778 
779  /*
780  * SELinux returns its access control decision as a set of permissions
781  * represented in external code which depends on run-time environment. So,
782  * we need to translate it to the internal representation before returning
783  * results for the caller.
784  */
785  memset(avd, 0, sizeof(struct av_decision));
786 
787  for (i = 0; selinux_catalog[tclass].av[i].av_name; i++)
788  {
789  access_vector_t av_code_ex;
790  const char *av_name = selinux_catalog[tclass].av[i].av_name;
791  uint32 av_code = selinux_catalog[tclass].av[i].av_code;
792 
793  av_code_ex = string_to_av_perm(tclass_ex, av_name);
794  if (av_code_ex == 0)
795  {
796  /* fill up undefined permissions */
797  if (!deny_unknown)
798  avd->allowed |= av_code;
799  avd->auditdeny |= av_code;
800 
801  continue;
802  }
803 
804  if (avd_ex.allowed & av_code_ex)
805  avd->allowed |= av_code;
806  if (avd_ex.auditallow & av_code_ex)
807  avd->auditallow |= av_code;
808  if (avd_ex.auditdeny & av_code_ex)
809  avd->auditdeny |= av_code;
810  }
811 
812  return;
813 }
#define SEPG_CLASS_MAX
Definition: sepgsql.h:54
const char * av_name
Definition: selinux.c:36
int errcode(int sqlerrcode)
Definition: elog.c:575
#define ERROR
Definition: elog.h:43
uint32 av_code
Definition: selinux.c:37
static struct @18 selinux_catalog[]
unsigned int uint32
Definition: c.h:268
#define ereport(elevel, rest)
Definition: elog.h:122
uint16 class_code
Definition: selinux.c:33
#define Assert(condition)
Definition: c.h:675
int errmsg(const char *fmt,...)
Definition: elog.c:797
int i
char* sepgsql_compute_create ( const char *  scontext,
const char *  tcontext,
uint16  tclass,
const char *  objname 
)

Definition at line 837 of file selinux.c.

References Assert, ereport, errcode(), errmsg(), ERROR, PG_CATCH, PG_END_TRY, PG_RE_THROW, PG_TRY, pstrdup(), result, selinux_catalog, and SEPG_CLASS_MAX.

Referenced by sepgsql_attribute_post_create(), sepgsql_avc_compute(), sepgsql_database_post_create(), sepgsql_proc_post_create(), sepgsql_relation_post_create(), and sepgsql_schema_post_create().

841 {
842  security_context_t ncontext;
843  security_class_t tclass_ex;
844  const char *tclass_name;
845  char *result;
846 
847  /* Get external code of the object class */
848  Assert(tclass < SEPG_CLASS_MAX);
849 
850  tclass_name = selinux_catalog[tclass].class_name;
851  tclass_ex = string_to_security_class(tclass_name);
852 
853  /*
854  * Ask SELinux what is the default context for the given object class on a
855  * pair of security contexts
856  */
857  if (security_compute_create_name_raw((security_context_t) scontext,
858  (security_context_t) tcontext,
859  tclass_ex,
860  objname,
861  &ncontext) < 0)
862  ereport(ERROR,
863  (errcode(ERRCODE_INTERNAL_ERROR),
864  errmsg("SELinux could not compute a new context: "
865  "scontext=%s tcontext=%s tclass=%s: %m",
866  scontext, tcontext, tclass_name)));
867 
868  /*
869  * libselinux returns malloc()'ed string, so we need to copy it on the
870  * palloc()'ed region.
871  */
872  PG_TRY();
873  {
874  result = pstrdup(ncontext);
875  }
876  PG_CATCH();
877  {
878  freecon(ncontext);
879  PG_RE_THROW();
880  }
881  PG_END_TRY();
882  freecon(ncontext);
883 
884  return result;
885 }
#define SEPG_CLASS_MAX
Definition: sepgsql.h:54
char * pstrdup(const char *in)
Definition: mcxt.c:1077
int errcode(int sqlerrcode)
Definition: elog.c:575
return result
Definition: formatting.c:1632
#define ERROR
Definition: elog.h:43
static struct @18 selinux_catalog[]
#define ereport(elevel, rest)
Definition: elog.h:122
#define PG_CATCH()
Definition: elog.h:293
#define Assert(condition)
Definition: c.h:675
#define PG_RE_THROW()
Definition: elog.h:314
int errmsg(const char *fmt,...)
Definition: elog.c:797
#define PG_TRY()
Definition: elog.h:284
#define PG_END_TRY()
Definition: elog.h:300
void sepgsql_database_drop ( Oid  databaseId)

Definition at line 134 of file database.c.

References ObjectAddress::classId, DatabaseRelationId, getObjectIdentity(), pfree(), SEPG_CLASS_DB_DATABASE, SEPG_DB_DATABASE__DROP, and sepgsql_avc_check_perms().

Referenced by sepgsql_object_access().

135 {
136  ObjectAddress object;
137  char *audit_name;
138 
139  /*
140  * check db_database:{drop} permission
141  */
142  object.classId = DatabaseRelationId;
143  object.objectId = databaseId;
144  object.objectSubId = 0;
145  audit_name = getObjectIdentity(&object);
146 
147  sepgsql_avc_check_perms(&object,
150  audit_name,
151  true);
152  pfree(audit_name);
153 }
#define DatabaseRelationId
Definition: pg_database.h:29
bool sepgsql_avc_check_perms(const ObjectAddress *tobject, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:428
#define SEPG_CLASS_DB_DATABASE
Definition: sepgsql.h:44
void pfree(void *pointer)
Definition: mcxt.c:950
char * getObjectIdentity(const ObjectAddress *object)
#define SEPG_DB_DATABASE__DROP
Definition: sepgsql.h:119
void sepgsql_database_post_create ( Oid  databaseId,
const char *  dtemplate 
)

Definition at line 34 of file database.c.

References AccessShareLock, appendStringInfo(), BTEqualStrategyNumber, StringInfoData::data, DatabaseOidIndexId, DatabaseRelationId, elog, ERROR, get_database_oid(), GETSTRUCT, heap_close, heap_open(), HeapTupleIsValid, initStringInfo(), NameStr, ObjectIdAttributeNumber, ObjectIdGetDatum, pfree(), quote_identifier(), resetStringInfo(), ScanKeyInit(), SEPG_CLASS_DB_DATABASE, SEPG_DB_DATABASE__CREATE, SEPG_DB_DATABASE__GETATTR, sepgsql_avc_check_perms_label(), sepgsql_compute_create(), sepgsql_get_client_label(), sepgsql_get_label(), SEPGSQL_LABEL_TAG, SetSecurityLabel(), SnapshotSelf, systable_beginscan(), systable_endscan(), and systable_getnext().

Referenced by sepgsql_object_access().

35 {
36  Relation rel;
37  ScanKeyData skey;
38  SysScanDesc sscan;
39  HeapTuple tuple;
40  char *tcontext;
41  char *ncontext;
42  ObjectAddress object;
43  Form_pg_database datForm;
44  StringInfoData audit_name;
45 
46  /*
47  * Oid of the source database is not saved in pg_database catalog, so we
48  * collect its identifier using contextual information. If NULL, its
49  * default is "template1" according to createdb().
50  */
51  if (!dtemplate)
52  dtemplate = "template1";
53 
54  object.classId = DatabaseRelationId;
55  object.objectId = get_database_oid(dtemplate, false);
56  object.objectSubId = 0;
57 
58  tcontext = sepgsql_get_label(object.classId,
59  object.objectId,
60  object.objectSubId);
61 
62  /*
63  * check db_database:{getattr} permission
64  */
65  initStringInfo(&audit_name);
66  appendStringInfo(&audit_name, "%s", quote_identifier(dtemplate));
70  audit_name.data,
71  true);
72 
73  /*
74  * Compute a default security label of the newly created database based on
75  * a pair of security label of client and source database.
76  *
77  * XXX - uncoming version of libselinux supports to take object name to
78  * handle special treatment on default security label.
79  */
81 
82  ScanKeyInit(&skey,
84  BTEqualStrategyNumber, F_OIDEQ,
85  ObjectIdGetDatum(databaseId));
86 
87  sscan = systable_beginscan(rel, DatabaseOidIndexId, true,
88  SnapshotSelf, 1, &skey);
89  tuple = systable_getnext(sscan);
90  if (!HeapTupleIsValid(tuple))
91  elog(ERROR, "could not find tuple for database %u", databaseId);
92 
93  datForm = (Form_pg_database) GETSTRUCT(tuple);
94 
96  tcontext,
98  NameStr(datForm->datname));
99 
100  /*
101  * check db_database:{create} permission
102  */
103  resetStringInfo(&audit_name);
104  appendStringInfo(&audit_name, "%s",
105  quote_identifier(NameStr(datForm->datname)));
109  audit_name.data,
110  true);
111 
112  systable_endscan(sscan);
114 
115  /*
116  * Assign the default security label on the new database
117  */
118  object.classId = DatabaseRelationId;
119  object.objectId = databaseId;
120  object.objectSubId = 0;
121 
122  SetSecurityLabel(&object, SEPGSQL_LABEL_TAG, ncontext);
123 
124  pfree(ncontext);
125  pfree(tcontext);
126 }
bool sepgsql_avc_check_perms_label(const char *tcontext, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:346
void systable_endscan(SysScanDesc sysscan)
Definition: genam.c:499
#define GETSTRUCT(TUP)
Definition: htup_details.h:656
void SetSecurityLabel(const ObjectAddress *object, const char *provider, const char *label)
Definition: seclabel.c:327
const char * quote_identifier(const char *ident)
Definition: ruleutils.c:10280
#define ObjectIdAttributeNumber
Definition: sysattr.h:22
FormData_pg_database * Form_pg_database
Definition: pg_database.h:57
#define DatabaseRelationId
Definition: pg_database.h:29
char * sepgsql_get_label(Oid classId, Oid objectId, int32 subId)
Definition: label.c:463
#define AccessShareLock
Definition: lockdefs.h:36
#define heap_close(r, l)
Definition: heapam.h:97
#define SEPG_CLASS_DB_DATABASE
Definition: sepgsql.h:44
SysScanDesc systable_beginscan(Relation heapRelation, Oid indexId, bool indexOK, Snapshot snapshot, int nkeys, ScanKey key)
Definition: genam.c:328
HeapTuple systable_getnext(SysScanDesc sysscan)
Definition: genam.c:416
#define SEPG_DB_DATABASE__CREATE
Definition: sepgsql.h:118
void pfree(void *pointer)
Definition: mcxt.c:950
void appendStringInfo(StringInfo str, const char *fmt,...)
Definition: stringinfo.c:78
#define ObjectIdGetDatum(X)
Definition: postgres.h:513
#define ERROR
Definition: elog.h:43
#define DatabaseOidIndexId
Definition: indexing.h:142
#define SEPGSQL_LABEL_TAG
Definition: sepgsql.h:23
void resetStringInfo(StringInfo str)
Definition: stringinfo.c:62
#define SnapshotSelf
Definition: tqual.h:27
#define SEPG_DB_DATABASE__GETATTR
Definition: sepgsql.h:120
void initStringInfo(StringInfo str)
Definition: stringinfo.c:46
Relation heap_open(Oid relationId, LOCKMODE lockmode)
Definition: heapam.c:1284
Oid get_database_oid(const char *dbname, bool missing_ok)
Definition: dbcommands.c:2009
#define HeapTupleIsValid(tuple)
Definition: htup.h:77
char * sepgsql_get_client_label(void)
Definition: label.c:91
char * sepgsql_compute_create(const char *scontext, const char *tcontext, uint16 tclass, const char *objname)
Definition: selinux.c:837
#define NameStr(name)
Definition: c.h:499
void ScanKeyInit(ScanKey entry, AttrNumber attributeNumber, StrategyNumber strategy, RegProcedure procedure, Datum argument)
Definition: scankey.c:76
#define elog
Definition: elog.h:219
#define BTEqualStrategyNumber
Definition: stratnum.h:31
void sepgsql_database_relabel ( Oid  databaseId,
const char *  seclabel 
)

Definition at line 188 of file database.c.

References ObjectAddress::classId, DatabaseRelationId, getObjectIdentity(), pfree(), SEPG_CLASS_DB_DATABASE, SEPG_DB_DATABASE__RELABELFROM, SEPG_DB_DATABASE__RELABELTO, SEPG_DB_DATABASE__SETATTR, sepgsql_avc_check_perms(), and sepgsql_avc_check_perms_label().

Referenced by sepgsql_object_relabel().

189 {
190  ObjectAddress object;
191  char *audit_name;
192 
193  object.classId = DatabaseRelationId;
194  object.objectId = databaseId;
195  object.objectSubId = 0;
196  audit_name = getObjectIdentity(&object);
197 
198  /*
199  * check db_database:{setattr relabelfrom} permission
200  */
201  sepgsql_avc_check_perms(&object,
205  audit_name,
206  true);
207 
208  /*
209  * check db_database:{relabelto} permission
210  */
214  audit_name,
215  true);
216  pfree(audit_name);
217 }
bool sepgsql_avc_check_perms_label(const char *tcontext, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:346
#define DatabaseRelationId
Definition: pg_database.h:29
bool sepgsql_avc_check_perms(const ObjectAddress *tobject, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:428
#define SEPG_DB_DATABASE__RELABELFROM
Definition: sepgsql.h:122
#define SEPG_CLASS_DB_DATABASE
Definition: sepgsql.h:44
void pfree(void *pointer)
Definition: mcxt.c:950
char * getObjectIdentity(const ObjectAddress *object)
#define SEPG_DB_DATABASE__SETATTR
Definition: sepgsql.h:121
#define SEPG_DB_DATABASE__RELABELTO
Definition: sepgsql.h:123
void sepgsql_database_setattr ( Oid  databaseId)

Definition at line 161 of file database.c.

References ObjectAddress::classId, DatabaseRelationId, getObjectIdentity(), pfree(), SEPG_CLASS_DB_DATABASE, SEPG_DB_DATABASE__SETATTR, and sepgsql_avc_check_perms().

Referenced by sepgsql_object_access().

162 {
163  ObjectAddress object;
164  char *audit_name;
165 
166  /*
167  * check db_database:{setattr} permission
168  */
169  object.classId = DatabaseRelationId;
170  object.objectId = databaseId;
171  object.objectSubId = 0;
172  audit_name = getObjectIdentity(&object);
173 
174  sepgsql_avc_check_perms(&object,
177  audit_name,
178  true);
179  pfree(audit_name);
180 }
#define DatabaseRelationId
Definition: pg_database.h:29
bool sepgsql_avc_check_perms(const ObjectAddress *tobject, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:428
#define SEPG_CLASS_DB_DATABASE
Definition: sepgsql.h:44
void pfree(void *pointer)
Definition: mcxt.c:950
char * getObjectIdentity(const ObjectAddress *object)
#define SEPG_DB_DATABASE__SETATTR
Definition: sepgsql.h:121
bool sepgsql_dml_privileges ( List rangeTabls,
bool  abort_on_violation 
)

Definition at line 287 of file dml.c.

References ACL_DELETE, ACL_INSERT, ACL_SELECT, ACL_UPDATE, bms_is_empty(), check_relation_privileges(), find_all_inheritors(), fixup_inherited_columns(), RangeTblEntry::inh, RangeTblEntry::insertedCols, lfirst, lfirst_oid, list_free(), list_make1_oid, NoLock, NULL, RangeTblEntry::relid, RangeTblEntry::requiredPerms, RTE_RELATION, RangeTblEntry::rtekind, RangeTblEntry::selectedCols, SEPG_DB_TABLE__DELETE, SEPG_DB_TABLE__INSERT, SEPG_DB_TABLE__LOCK, SEPG_DB_TABLE__SELECT, SEPG_DB_TABLE__UPDATE, and RangeTblEntry::updatedCols.

Referenced by sepgsql_exec_check_perms().

288 {
289  ListCell *lr;
290 
291  foreach(lr, rangeTabls)
292  {
293  RangeTblEntry *rte = lfirst(lr);
294  uint32 required = 0;
295  List *tableIds;
296  ListCell *li;
297 
298  /*
299  * Only regular relations shall be checked
300  */
301  if (rte->rtekind != RTE_RELATION)
302  continue;
303 
304  /*
305  * Find out required permissions
306  */
307  if (rte->requiredPerms & ACL_SELECT)
308  required |= SEPG_DB_TABLE__SELECT;
309  if (rte->requiredPerms & ACL_INSERT)
310  required |= SEPG_DB_TABLE__INSERT;
311  if (rte->requiredPerms & ACL_UPDATE)
312  {
313  if (!bms_is_empty(rte->updatedCols))
314  required |= SEPG_DB_TABLE__UPDATE;
315  else
316  required |= SEPG_DB_TABLE__LOCK;
317  }
318  if (rte->requiredPerms & ACL_DELETE)
319  required |= SEPG_DB_TABLE__DELETE;
320 
321  /*
322  * Skip, if nothing to be checked
323  */
324  if (required == 0)
325  continue;
326 
327  /*
328  * If this RangeTblEntry is also supposed to reference inherited
329  * tables, we need to check security label of the child tables. So, we
330  * expand rte->relid into list of OIDs of inheritance hierarchy, then
331  * checker routine will be invoked for each relations.
332  */
333  if (!rte->inh)
334  tableIds = list_make1_oid(rte->relid);
335  else
336  tableIds = find_all_inheritors(rte->relid, NoLock, NULL);
337 
338  foreach(li, tableIds)
339  {
340  Oid tableOid = lfirst_oid(li);
341  Bitmapset *selectedCols;
342  Bitmapset *insertedCols;
343  Bitmapset *updatedCols;
344 
345  /*
346  * child table has different attribute numbers, so we need to fix
347  * up them.
348  */
349  selectedCols = fixup_inherited_columns(rte->relid, tableOid,
350  rte->selectedCols);
351  insertedCols = fixup_inherited_columns(rte->relid, tableOid,
352  rte->insertedCols);
353  updatedCols = fixup_inherited_columns(rte->relid, tableOid,
354  rte->updatedCols);
355 
356  /*
357  * check permissions on individual tables
358  */
359  if (!check_relation_privileges(tableOid,
360  selectedCols,
361  insertedCols,
362  updatedCols,
363  required, abort_on_violation))
364  return false;
365  }
366  list_free(tableIds);
367  }
368  return true;
369 }
static bool check_relation_privileges(Oid relOid, Bitmapset *selected, Bitmapset *inserted, Bitmapset *updated, uint32 required, bool abort_on_violation)
Definition: dml.c:146
#define SEPG_DB_TABLE__DELETE
Definition: sepgsql.h:146
static Bitmapset * fixup_inherited_columns(Oid parentId, Oid childId, Bitmapset *columns)
Definition: dml.c:94
#define ACL_DELETE
Definition: parsenodes.h:75
AclMode requiredPerms
Definition: parsenodes.h:1039
unsigned int Oid
Definition: postgres_ext.h:31
#define SEPG_DB_TABLE__SELECT
Definition: sepgsql.h:143
Bitmapset * selectedCols
Definition: parsenodes.h:1041
#define SEPG_DB_TABLE__UPDATE
Definition: sepgsql.h:144
#define NoLock
Definition: lockdefs.h:34
#define SEPG_DB_TABLE__INSERT
Definition: sepgsql.h:145
unsigned int uint32
Definition: c.h:268
bool bms_is_empty(const Bitmapset *a)
Definition: bitmapset.c:663
#define ACL_UPDATE
Definition: parsenodes.h:74
#define ACL_SELECT
Definition: parsenodes.h:73
#define list_make1_oid(x1)
Definition: pg_list.h:151
Bitmapset * updatedCols
Definition: parsenodes.h:1043
#define NULL
Definition: c.h:229
#define lfirst(lc)
Definition: pg_list.h:106
#define ACL_INSERT
Definition: parsenodes.h:72
RTEKind rtekind
Definition: parsenodes.h:936
List * find_all_inheritors(Oid parentrelId, LOCKMODE lockmode, List **numparents)
Definition: pg_inherits.c:167
void list_free(List *list)
Definition: list.c:1133
Bitmapset * insertedCols
Definition: parsenodes.h:1042
Definition: pg_list.h:45
#define SEPG_DB_TABLE__LOCK
Definition: sepgsql.h:147
#define lfirst_oid(lc)
Definition: pg_list.h:108
char* sepgsql_get_client_label ( void  )

Definition at line 91 of file label.c.

References Assert, client_label_committed, client_label_func, client_label_peer, pending_label::label, llast, and NULL.

Referenced by sepgsql_attribute_post_create(), sepgsql_avc_check_perms_label(), sepgsql_avc_trusted_proc(), sepgsql_database_post_create(), sepgsql_getcon(), sepgsql_proc_post_create(), sepgsql_relation_post_create(), sepgsql_schema_post_create(), and sepgsql_set_client_label().

92 {
93  /* trusted procedure client label override */
95  return client_label_func;
96 
97  /* uncommitted sepgsql_setcon() value */
99  {
101 
102  if (plabel->label)
103  return plabel->label;
104  }
105  else if (client_label_committed)
106  return client_label_committed; /* set by sepgsql_setcon() committed */
107 
108  /* default label */
110  return client_label_peer;
111 }
static char * client_label_func
Definition: label.c:75
static char * client_label_committed
Definition: label.c:73
#define llast(l)
Definition: pg_list.h:131
char * label
Definition: label.c:80
static List * client_label_pending
Definition: label.c:71
#define NULL
Definition: c.h:229
#define Assert(condition)
Definition: c.h:675
static char * client_label_peer
Definition: label.c:70
bool sepgsql_get_debug_audit ( void  )

Definition at line 76 of file hooks.c.

References sepgsql_debug_audit.

Referenced by sepgsql_avc_check_perms_label(), and sepgsql_check_perms().

77 {
78  return sepgsql_debug_audit;
79 }
static bool sepgsql_debug_audit
Definition: hooks.c:73
char* sepgsql_get_label ( Oid  relOid,
Oid  objOid,
int32  subId 
)

Definition at line 463 of file label.c.

References ereport, errcode(), errmsg(), ERROR, GetSecurityLabel(), label, PG_CATCH, PG_END_TRY, PG_RE_THROW, PG_TRY, pstrdup(), and SEPGSQL_LABEL_TAG.

Referenced by sepgsql_attribute_post_create(), sepgsql_database_post_create(), sepgsql_proc_post_create(), sepgsql_relation_post_create(), and sepgsql_schema_post_create().

464 {
465  ObjectAddress object;
466  char *label;
467 
468  object.classId = classId;
469  object.objectId = objectId;
470  object.objectSubId = subId;
471 
472  label = GetSecurityLabel(&object, SEPGSQL_LABEL_TAG);
473  if (!label || security_check_context_raw((security_context_t) label))
474  {
475  security_context_t unlabeled;
476 
477  if (security_get_initial_context_raw("unlabeled", &unlabeled) < 0)
478  ereport(ERROR,
479  (errcode(ERRCODE_INTERNAL_ERROR),
480  errmsg("SELinux: failed to get initial security label: %m")));
481  PG_TRY();
482  {
483  label = pstrdup(unlabeled);
484  }
485  PG_CATCH();
486  {
487  freecon(unlabeled);
488  PG_RE_THROW();
489  }
490  PG_END_TRY();
491 
492  freecon(unlabeled);
493  }
494  return label;
495 }
char * pstrdup(const char *in)
Definition: mcxt.c:1077
int errcode(int sqlerrcode)
Definition: elog.c:575
#define ERROR
Definition: elog.h:43
char * GetSecurityLabel(const ObjectAddress *object, const char *provider)
Definition: seclabel.c:195
#define SEPGSQL_LABEL_TAG
Definition: sepgsql.h:23
#define ereport(elevel, rest)
Definition: elog.h:122
static char * label
Definition: pg_basebackup.c:81
#define PG_CATCH()
Definition: elog.h:293
#define PG_RE_THROW()
Definition: elog.h:314
int errmsg(const char *fmt,...)
Definition: elog.c:797
#define PG_TRY()
Definition: elog.h:284
#define PG_END_TRY()
Definition: elog.h:300
int sepgsql_get_mode ( void  )

Definition at line 622 of file selinux.c.

References sepgsql_mode.

Referenced by sepgsql_avc_check_perms_label().

623 {
624  return sepgsql_mode;
625 }
static int sepgsql_mode
Definition: selinux.c:607
bool sepgsql_get_permissive ( void  )

Definition at line 65 of file hooks.c.

References sepgsql_permissive.

Referenced by sepgsql_client_auth().

66 {
67  return sepgsql_permissive;
68 }
static bool sepgsql_permissive
Definition: hooks.c:62
bool sepgsql_getenforce ( void  )

Definition at line 648 of file selinux.c.

References sepgsql_mode, and SEPGSQL_MODE_DEFAULT.

Referenced by check_relation_privileges(), sepgsql_avc_check_perms_label(), sepgsql_check_perms(), and sepgsql_utility_command().

649 {
651  selinux_status_getenforce() > 0)
652  return true;
653 
654  return false;
655 }
static int sepgsql_mode
Definition: selinux.c:607
#define SEPGSQL_MODE_DEFAULT
Definition: sepgsql.h:28
void sepgsql_init_client_label ( void  )

Definition at line 422 of file label.c.

References client_label_peer, ClientAuthentication_hook, ereport, errcode(), errmsg(), ERROR, fmgr_hook, needs_fmgr_hook, next_client_auth_hook, next_fmgr_hook, next_needs_fmgr_hook, NULL, RegisterSubXactCallback(), RegisterXactCallback(), sepgsql_client_auth(), sepgsql_fmgr_hook(), sepgsql_needs_fmgr_hook(), sepgsql_subxact_callback(), and sepgsql_xact_callback().

Referenced by _PG_init().

423 {
424  /*
425  * Set up dummy client label.
426  *
427  * XXX - note that PostgreSQL launches background worker process like
428  * autovacuum without authentication steps. So, we initialize sepgsql_mode
429  * with SEPGSQL_MODE_INTERNAL, and client_label with the security context
430  * of server process. Later, it also launches background of user session.
431  * In this case, the process is always hooked on post-authentication, and
432  * we can initialize the sepgsql_mode and client_label correctly.
433  */
434  if (getcon_raw(&client_label_peer) < 0)
435  ereport(ERROR,
436  (errcode(ERRCODE_INTERNAL_ERROR),
437  errmsg("SELinux: failed to get server security label: %m")));
438 
439  /* Client authentication hook */
442 
443  /* Trusted procedure hooks */
446 
449 
450  /* Transaction/Sub-transaction callbacks */
453 }
int errcode(int sqlerrcode)
Definition: elog.c:575
static void sepgsql_xact_callback(XactEvent event, void *arg)
Definition: label.c:176
static ClientAuthentication_hook_type next_client_auth_hook
Definition: label.c:53
static bool sepgsql_needs_fmgr_hook(Oid functionId)
Definition: label.c:286
#define ERROR
Definition: elog.h:43
ClientAuthentication_hook_type ClientAuthentication_hook
Definition: auth.c:235
#define ereport(elevel, rest)
Definition: elog.h:122
static void sepgsql_client_auth(Port *port, int status)
Definition: label.c:248
static needs_fmgr_hook_type next_needs_fmgr_hook
Definition: label.c:54
void RegisterSubXactCallback(SubXactCallback callback, void *arg)
Definition: xact.c:3361
PGDLLIMPORT fmgr_hook_type fmgr_hook
Definition: fmgr.c:37
PGDLLIMPORT needs_fmgr_hook_type needs_fmgr_hook
Definition: fmgr.c:36
static void sepgsql_subxact_callback(SubXactEvent event, SubTransactionId mySubid, SubTransactionId parentSubid, void *arg)
Definition: label.c:215
#define NULL
Definition: c.h:229
void RegisterXactCallback(XactCallback callback, void *arg)
Definition: xact.c:3306
static char * client_label_peer
Definition: label.c:70
static void sepgsql_fmgr_hook(FmgrHookEventType event, FmgrInfo *flinfo, Datum *private)
Definition: label.c:329
int errmsg(const char *fmt,...)
Definition: elog.c:797
static fmgr_hook_type next_fmgr_hook
Definition: label.c:55
bool sepgsql_is_enabled ( void  )

Definition at line 613 of file selinux.c.

References sepgsql_mode, and SEPGSQL_MODE_DISABLED.

Referenced by sepgsql_getcon(), sepgsql_mcstrans_in(), sepgsql_mcstrans_out(), and sepgsql_restorecon().

614 {
615  return (sepgsql_mode != SEPGSQL_MODE_DISABLED ? true : false);
616 }
static int sepgsql_mode
Definition: selinux.c:607
#define SEPGSQL_MODE_DISABLED
Definition: sepgsql.h:31
void sepgsql_object_relabel ( const ObjectAddress object,
const char *  seclabel 
)

Definition at line 503 of file label.c.

References ObjectAddress::classId, DatabaseRelationId, ereport, errcode(), errmsg(), ERROR, getObjectTypeDescription(), NamespaceRelationId, ObjectAddress::objectId, ObjectAddress::objectSubId, ProcedureRelationId, RelationRelationId, sepgsql_attribute_relabel(), sepgsql_database_relabel(), sepgsql_proc_relabel(), sepgsql_relation_relabel(), and sepgsql_schema_relabel().

Referenced by _PG_init(), and exec_object_restorecon().

504 {
505  /*
506  * validate format of the supplied security label, if it is security
507  * context of selinux.
508  */
509  if (seclabel &&
510  security_check_context_raw((security_context_t) seclabel) < 0)
511  ereport(ERROR,
512  (errcode(ERRCODE_INVALID_NAME),
513  errmsg("SELinux: invalid security label: \"%s\"", seclabel)));
514 
515  /*
516  * Do actual permission checks for each object classes
517  */
518  switch (object->classId)
519  {
520  case DatabaseRelationId:
521  sepgsql_database_relabel(object->objectId, seclabel);
522  break;
523 
524  case NamespaceRelationId:
525  sepgsql_schema_relabel(object->objectId, seclabel);
526  break;
527 
528  case RelationRelationId:
529  if (object->objectSubId == 0)
531  seclabel);
532  else
534  object->objectSubId,
535  seclabel);
536  break;
537 
538  case ProcedureRelationId:
539  sepgsql_proc_relabel(object->objectId, seclabel);
540  break;
541 
542  default:
543  ereport(ERROR,
544  (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
545  errmsg("sepgsql provider does not support labels on %s",
546  getObjectTypeDescription(object))));
547  break;
548  }
549 }
#define NamespaceRelationId
Definition: pg_namespace.h:34
void sepgsql_schema_relabel(Oid namespaceId, const char *seclabel)
Definition: schema.c:144
char * getObjectTypeDescription(const ObjectAddress *object)
#define ProcedureRelationId
Definition: pg_proc.h:33
#define DatabaseRelationId
Definition: pg_database.h:29
#define RelationRelationId
Definition: pg_class.h:29
int errcode(int sqlerrcode)
Definition: elog.c:575
void sepgsql_database_relabel(Oid databaseId, const char *seclabel)
Definition: database.c:188
#define ERROR
Definition: elog.h:43
#define ereport(elevel, rest)
Definition: elog.h:122
void sepgsql_relation_relabel(Oid relOid, const char *seclabel)
Definition: relation.c:526
void sepgsql_attribute_relabel(Oid relOid, AttrNumber attnum, const char *seclabel)
Definition: relation.c:167
void sepgsql_proc_relabel(Oid functionId, const char *seclabel)
Definition: proc.c:200
int errmsg(const char *fmt,...)
Definition: elog.c:797
void sepgsql_proc_drop ( Oid  functionId)

Definition at line 157 of file proc.c.

References ObjectAddress::classId, get_func_namespace(), getObjectIdentity(), NamespaceRelationId, pfree(), ProcedureRelationId, SEPG_CLASS_DB_PROCEDURE, SEPG_CLASS_DB_SCHEMA, SEPG_DB_PROCEDURE__DROP, SEPG_DB_SCHEMA__REMOVE_NAME, and sepgsql_avc_check_perms().

Referenced by sepgsql_object_access().

158 {
159  ObjectAddress object;
160  char *audit_name;
161 
162  /*
163  * check db_schema:{remove_name} permission
164  */
165  object.classId = NamespaceRelationId;
166  object.objectId = get_func_namespace(functionId);
167  object.objectSubId = 0;
168  audit_name = getObjectIdentity(&object);
169 
170  sepgsql_avc_check_perms(&object,
173  audit_name,
174  true);
175  pfree(audit_name);
176 
177  /*
178  * check db_procedure:{drop} permission
179  */
180  object.classId = ProcedureRelationId;
181  object.objectId = functionId;
182  object.objectSubId = 0;
183  audit_name = getObjectIdentity(&object);
184 
185  sepgsql_avc_check_perms(&object,
188  audit_name,
189  true);
190  pfree(audit_name);
191 }
#define SEPG_DB_PROCEDURE__DROP
Definition: sepgsql.h:160
#define NamespaceRelationId
Definition: pg_namespace.h:34
Oid get_func_namespace(Oid funcid)
Definition: lsyscache.c:1436
#define ProcedureRelationId
Definition: pg_proc.h:33
bool sepgsql_avc_check_perms(const ObjectAddress *tobject, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:428
#define SEPG_CLASS_DB_SCHEMA
Definition: sepgsql.h:45
void pfree(void *pointer)
Definition: mcxt.c:950
char * getObjectIdentity(const ObjectAddress *object)
#define SEPG_CLASS_DB_PROCEDURE
Definition: sepgsql.h:48
#define SEPG_DB_SCHEMA__REMOVE_NAME
Definition: sepgsql.h:135
void sepgsql_proc_execute ( Oid  functionId)

Definition at line 317 of file proc.c.

References ObjectAddress::classId, getObjectIdentity(), pfree(), ProcedureRelationId, SEPG_CLASS_DB_PROCEDURE, SEPG_DB_PROCEDURE__EXECUTE, and sepgsql_avc_check_perms().

Referenced by sepgsql_object_access().

318 {
319  ObjectAddress object;
320  char *audit_name;
321 
322  /*
323  * check db_procedure:{execute} permission
324  */
325  object.classId = ProcedureRelationId;
326  object.objectId = functionId;
327  object.objectSubId = 0;
328  audit_name = getObjectIdentity(&object);
329  sepgsql_avc_check_perms(&object,
332  audit_name,
333  true);
334  pfree(audit_name);
335 }
#define SEPG_DB_PROCEDURE__EXECUTE
Definition: sepgsql.h:165
#define ProcedureRelationId
Definition: pg_proc.h:33
bool sepgsql_avc_check_perms(const ObjectAddress *tobject, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:428
void pfree(void *pointer)
Definition: mcxt.c:950
char * getObjectIdentity(const ObjectAddress *object)
#define SEPG_CLASS_DB_PROCEDURE
Definition: sepgsql.h:48
void sepgsql_proc_post_create ( Oid  functionId)

Definition at line 39 of file proc.c.

References AccessShareLock, appendStringInfo(), appendStringInfoChar(), appendStringInfoString(), BTEqualStrategyNumber, StringInfoData::data, elog, ERROR, get_namespace_name(), getObjectIdentity(), GETSTRUCT, heap_close, heap_open(), HeapTupleIsValid, i, initStringInfo(), NamespaceRelationId, NameStr, ObjectIdAttributeNumber, ObjectIdGetDatum, pfree(), ProcedureOidIndexId, ProcedureRelationId, quote_qualified_identifier(), ScanKeyInit(), SEPG_CLASS_DB_PROCEDURE, SEPG_CLASS_DB_SCHEMA, SEPG_DB_PROCEDURE__CREATE, SEPG_DB_PROCEDURE__INSTALL, SEPG_DB_SCHEMA__ADD_NAME, sepgsql_avc_check_perms(), sepgsql_avc_check_perms_label(), sepgsql_compute_create(), sepgsql_get_client_label(), sepgsql_get_label(), SEPGSQL_LABEL_TAG, SetSecurityLabel(), SnapshotSelf, systable_beginscan(), systable_endscan(), systable_getnext(), and TypeRelationId.

Referenced by sepgsql_object_access().

40 {
41  Relation rel;
42  ScanKeyData skey;
43  SysScanDesc sscan;
44  HeapTuple tuple;
45  char *nsp_name;
46  char *scontext;
47  char *tcontext;
48  char *ncontext;
49  uint32 required;
50  int i;
51  StringInfoData audit_name;
52  ObjectAddress object;
53  Form_pg_proc proForm;
54 
55  /*
56  * Fetch namespace of the new procedure. Because pg_proc entry is not
57  * visible right now, we need to scan the catalog using SnapshotSelf.
58  */
60 
61  ScanKeyInit(&skey,
63  BTEqualStrategyNumber, F_OIDEQ,
64  ObjectIdGetDatum(functionId));
65 
66  sscan = systable_beginscan(rel, ProcedureOidIndexId, true,
67  SnapshotSelf, 1, &skey);
68 
69  tuple = systable_getnext(sscan);
70  if (!HeapTupleIsValid(tuple))
71  elog(ERROR, "could not find tuple for function %u", functionId);
72 
73  proForm = (Form_pg_proc) GETSTRUCT(tuple);
74 
75  /*
76  * check db_schema:{add_name} permission of the namespace
77  */
78  object.classId = NamespaceRelationId;
79  object.objectId = proForm->pronamespace;
80  object.objectSubId = 0;
84  getObjectIdentity(&object),
85  true);
86 
87  /*
88  * XXX - db_language:{implement} also should be checked here
89  */
90 
91 
92  /*
93  * Compute a default security label when we create a new procedure object
94  * under the specified namespace.
95  */
96  scontext = sepgsql_get_client_label();
98  proForm->pronamespace, 0);
99  ncontext = sepgsql_compute_create(scontext, tcontext,
101  NameStr(proForm->proname));
102 
103  /*
104  * check db_procedure:{create (install)} permission
105  */
106  initStringInfo(&audit_name);
107  nsp_name = get_namespace_name(proForm->pronamespace);
108  appendStringInfo(&audit_name, "%s(",
109  quote_qualified_identifier(nsp_name, NameStr(proForm->proname)));
110  for (i = 0; i < proForm->pronargs; i++)
111  {
112  if (i > 0)
113  appendStringInfoChar(&audit_name, ',');
114 
115  object.classId = TypeRelationId;
116  object.objectId = proForm->proargtypes.values[i];
117  object.objectSubId = 0;
118  appendStringInfoString(&audit_name, getObjectIdentity(&object));
119  }
120  appendStringInfoChar(&audit_name, ')');
121 
122  required = SEPG_DB_PROCEDURE__CREATE;
123  if (proForm->proleakproof)
124  required |= SEPG_DB_PROCEDURE__INSTALL;
125 
128  required,
129  audit_name.data,
130  true);
131 
132  /*
133  * Assign the default security label on a new procedure
134  */
135  object.classId = ProcedureRelationId;
136  object.objectId = functionId;
137  object.objectSubId = 0;
138  SetSecurityLabel(&object, SEPGSQL_LABEL_TAG, ncontext);
139 
140  /*
141  * Cleanup
142  */
143  systable_endscan(sscan);
145 
146  pfree(audit_name.data);
147  pfree(tcontext);
148  pfree(ncontext);
149 }
bool sepgsql_avc_check_perms_label(const char *tcontext, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:346
#define ProcedureOidIndexId
Definition: indexing.h:216
#define NamespaceRelationId
Definition: pg_namespace.h:34
void systable_endscan(SysScanDesc sysscan)
Definition: genam.c:499
#define GETSTRUCT(TUP)
Definition: htup_details.h:656
void SetSecurityLabel(const ObjectAddress *object, const char *provider, const char *label)
Definition: seclabel.c:327
#define ObjectIdAttributeNumber
Definition: sysattr.h:22
#define ProcedureRelationId
Definition: pg_proc.h:33
char * sepgsql_get_label(Oid classId, Oid objectId, int32 subId)
Definition: label.c:463
bool sepgsql_avc_check_perms(const ObjectAddress *tobject, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:428
#define AccessShareLock
Definition: lockdefs.h:36
#define heap_close(r, l)
Definition: heapam.h:97
#define SEPG_CLASS_DB_SCHEMA
Definition: sepgsql.h:45
#define TypeRelationId
Definition: pg_type.h:34
SysScanDesc systable_beginscan(Relation heapRelation, Oid indexId, bool indexOK, Snapshot snapshot, int nkeys, ScanKey key)
Definition: genam.c:328
HeapTuple systable_getnext(SysScanDesc sysscan)
Definition: genam.c:416
void pfree(void *pointer)
Definition: mcxt.c:950
void appendStringInfo(StringInfo str, const char *fmt,...)
Definition: stringinfo.c:78
#define SEPG_DB_PROCEDURE__CREATE
Definition: sepgsql.h:159
#define ObjectIdGetDatum(X)
Definition: postgres.h:513
#define ERROR
Definition: elog.h:43
char * getObjectIdentity(const ObjectAddress *object)
void appendStringInfoString(StringInfo str, const char *s)
Definition: stringinfo.c:157
char * get_namespace_name(Oid nspid)
Definition: lsyscache.c:3033
#define SEPG_CLASS_DB_PROCEDURE
Definition: sepgsql.h:48
#define SEPGSQL_LABEL_TAG
Definition: sepgsql.h:23
unsigned int uint32
Definition: c.h:268
#define SnapshotSelf
Definition: tqual.h:27
void appendStringInfoChar(StringInfo str, char ch)
Definition: stringinfo.c:169
void initStringInfo(StringInfo str)
Definition: stringinfo.c:46
char * quote_qualified_identifier(const char *qualifier, const char *ident)
Definition: ruleutils.c:10366
Relation heap_open(Oid relationId, LOCKMODE lockmode)
Definition: heapam.c:1284
#define SEPG_DB_SCHEMA__ADD_NAME
Definition: sepgsql.h:134
FormData_pg_proc * Form_pg_proc
Definition: pg_proc.h:83
#define HeapTupleIsValid(tuple)
Definition: htup.h:77
char * sepgsql_get_client_label(void)
Definition: label.c:91
char * sepgsql_compute_create(const char *scontext, const char *tcontext, uint16 tclass, const char *objname)
Definition: selinux.c:837
int i
#define NameStr(name)
Definition: c.h:499
void ScanKeyInit(ScanKey entry, AttrNumber attributeNumber, StrategyNumber strategy, RegProcedure procedure, Datum argument)
Definition: scankey.c:76
#define elog
Definition: elog.h:219
#define BTEqualStrategyNumber
Definition: stratnum.h:31
#define SEPG_DB_PROCEDURE__INSTALL
Definition: sepgsql.h:167
void sepgsql_proc_relabel ( Oid  functionId,
const char *  seclabel 
)

Definition at line 200 of file proc.c.

References ObjectAddress::classId, getObjectIdentity(), pfree(), ProcedureRelationId, SEPG_CLASS_DB_PROCEDURE, SEPG_DB_PROCEDURE__RELABELFROM, SEPG_DB_PROCEDURE__RELABELTO, SEPG_DB_PROCEDURE__SETATTR, sepgsql_avc_check_perms(), and sepgsql_avc_check_perms_label().

Referenced by sepgsql_object_relabel().

201 {
202  ObjectAddress object;
203  char *audit_name;
204 
205  object.classId = ProcedureRelationId;
206  object.objectId = functionId;
207  object.objectSubId = 0;
208  audit_name = getObjectIdentity(&object);
209 
210  /*
211  * check db_procedure:{setattr relabelfrom} permission
212  */
213  sepgsql_avc_check_perms(&object,
217  audit_name,
218  true);
219 
220  /*
221  * check db_procedure:{relabelto} permission
222  */
226  audit_name,
227  true);
228  pfree(audit_name);
229 }
bool sepgsql_avc_check_perms_label(const char *tcontext, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:346
#define ProcedureRelationId
Definition: pg_proc.h:33
bool sepgsql_avc_check_perms(const ObjectAddress *tobject, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:428
void pfree(void *pointer)
Definition: mcxt.c:950
char * getObjectIdentity(const ObjectAddress *object)
#define SEPG_DB_PROCEDURE__RELABELFROM
Definition: sepgsql.h:163
#define SEPG_CLASS_DB_PROCEDURE
Definition: sepgsql.h:48
#define SEPG_DB_PROCEDURE__RELABELTO
Definition: sepgsql.h:164
#define SEPG_DB_PROCEDURE__SETATTR
Definition: sepgsql.h:162
void sepgsql_proc_setattr ( Oid  functionId)

Definition at line 237 of file proc.c.

References AccessShareLock, BTEqualStrategyNumber, elog, ERROR, getObjectIdentity(), GETSTRUCT, heap_close, heap_open(), HeapTupleIsValid, NameStr, ObjectIdAttributeNumber, ObjectIdGetDatum, pfree(), ProcedureOidIndexId, ProcedureRelationId, PROCOID, ReleaseSysCache(), ScanKeyInit(), SearchSysCache1, SEPG_CLASS_DB_PROCEDURE, SEPG_DB_PROCEDURE__INSTALL, SEPG_DB_PROCEDURE__SETATTR, sepgsql_avc_check_perms(), sepgsql_schema_add_name(), sepgsql_schema_remove_name(), sepgsql_schema_rename(), SnapshotSelf, systable_beginscan(), systable_endscan(), and systable_getnext().

Referenced by sepgsql_object_access().

238 {
239  Relation rel;
240  ScanKeyData skey;
241  SysScanDesc sscan;
242  HeapTuple oldtup;
243  HeapTuple newtup;
244  Form_pg_proc oldform;
245  Form_pg_proc newform;
246  uint32 required;
247  ObjectAddress object;
248  char *audit_name;
249 
250  /*
251  * Fetch newer catalog
252  */
254 
255  ScanKeyInit(&skey,
257  BTEqualStrategyNumber, F_OIDEQ,
258  ObjectIdGetDatum(functionId));
259 
260  sscan = systable_beginscan(rel, ProcedureOidIndexId, true,
261  SnapshotSelf, 1, &skey);
262  newtup = systable_getnext(sscan);
263  if (!HeapTupleIsValid(newtup))
264  elog(ERROR, "could not find tuple for function %u", functionId);
265  newform = (Form_pg_proc) GETSTRUCT(newtup);
266 
267  /*
268  * Fetch older catalog
269  */
270  oldtup = SearchSysCache1(PROCOID, ObjectIdGetDatum(functionId));
271  if (!HeapTupleIsValid(oldtup))
272  elog(ERROR, "cache lookup failed for function %u", functionId);
273  oldform = (Form_pg_proc) GETSTRUCT(oldtup);
274 
275  /*
276  * Does this ALTER command takes operation to namespace?
277  */
278  if (newform->pronamespace != oldform->pronamespace)
279  {
280  sepgsql_schema_remove_name(oldform->pronamespace);
281  sepgsql_schema_add_name(oldform->pronamespace);
282  }
283  if (strcmp(NameStr(newform->proname), NameStr(oldform->proname)) != 0)
284  sepgsql_schema_rename(oldform->pronamespace);
285 
286  /*
287  * check db_procedure:{setattr (install)} permission
288  */
289  required = SEPG_DB_PROCEDURE__SETATTR;
290  if (!oldform->proleakproof && newform->proleakproof)
291  required |= SEPG_DB_PROCEDURE__INSTALL;
292 
293  object.classId = ProcedureRelationId;
294  object.objectId = functionId;
295  object.objectSubId = 0;
296  audit_name = getObjectIdentity(&object);
297 
298  sepgsql_avc_check_perms(&object,
300  required,
301  audit_name,
302  true);
303  /* cleanups */
304  pfree(audit_name);
305 
306  ReleaseSysCache(oldtup);
307  systable_endscan(sscan);
309 }
#define ProcedureOidIndexId
Definition: indexing.h:216
void systable_endscan(SysScanDesc sysscan)
Definition: genam.c:499
#define GETSTRUCT(TUP)
Definition: htup_details.h:656
#define ObjectIdAttributeNumber
Definition: sysattr.h:22
#define ProcedureRelationId
Definition: pg_proc.h:33
void sepgsql_schema_add_name(Oid namespaceId)
Definition: schema.c:219
bool sepgsql_avc_check_perms(const ObjectAddress *tobject, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:428
void sepgsql_schema_remove_name(Oid namespaceId)
Definition: schema.c:225
#define AccessShareLock
Definition: lockdefs.h:36
#define heap_close(r, l)
Definition: heapam.h:97
SysScanDesc systable_beginscan(Relation heapRelation, Oid indexId, bool indexOK, Snapshot snapshot, int nkeys, ScanKey key)
Definition: genam.c:328
#define SearchSysCache1(cacheId, key1)
Definition: syscache.h:156
HeapTuple systable_getnext(SysScanDesc sysscan)
Definition: genam.c:416
void pfree(void *pointer)
Definition: mcxt.c:950
#define ObjectIdGetDatum(X)
Definition: postgres.h:513
#define ERROR
Definition: elog.h:43
char * getObjectIdentity(const ObjectAddress *object)
void sepgsql_schema_rename(Oid namespaceId)
Definition: schema.c:231
#define SEPG_CLASS_DB_PROCEDURE
Definition: sepgsql.h:48
unsigned int uint32
Definition: c.h:268
#define SnapshotSelf
Definition: tqual.h:27
void ReleaseSysCache(HeapTuple tuple)
Definition: syscache.c:1117
Relation heap_open(Oid relationId, LOCKMODE lockmode)
Definition: heapam.c:1284
FormData_pg_proc * Form_pg_proc
Definition: pg_proc.h:83
#define HeapTupleIsValid(tuple)
Definition: htup.h:77
#define NameStr(name)
Definition: c.h:499
void ScanKeyInit(ScanKey entry, AttrNumber attributeNumber, StrategyNumber strategy, RegProcedure procedure, Datum argument)
Definition: scankey.c:76
#define elog
Definition: elog.h:219
#define SEPG_DB_PROCEDURE__SETATTR
Definition: sepgsql.h:162
#define BTEqualStrategyNumber
Definition: stratnum.h:31
#define SEPG_DB_PROCEDURE__INSTALL
Definition: sepgsql.h:167
void sepgsql_relation_drop ( Oid  relOid)

Definition at line 418 of file relation.c.

References ATTNUM, get_rel_namespace(), get_rel_relkind(), getObjectIdentity(), GETSTRUCT, i, catclist::members, catclist::n_members, NamespaceRelationId, ObjectIdGetDatum, pfree(), PG_TOAST_NAMESPACE, RelationRelationId, ReleaseCatCacheList(), RELKIND_INDEX, RELKIND_PARTITIONED_TABLE, RELKIND_RELATION, RELKIND_SEQUENCE, RELKIND_VIEW, SearchSysCacheList1, SEPG_CLASS_DB_COLUMN, SEPG_CLASS_DB_SCHEMA, SEPG_CLASS_DB_SEQUENCE, SEPG_CLASS_DB_TABLE, SEPG_CLASS_DB_VIEW, SEPG_DB_COLUMN__DROP, SEPG_DB_SCHEMA__REMOVE_NAME, SEPG_DB_TABLE__DROP, sepgsql_avc_check_perms(), sepgsql_index_modify(), and catctup::tuple.

Referenced by sepgsql_object_access().

419 {
420  ObjectAddress object;
421  char *audit_name;
422  uint16_t tclass = 0;
423  char relkind = get_rel_relkind(relOid);
424 
425  switch (relkind)
426  {
427  case RELKIND_RELATION:
429  tclass = SEPG_CLASS_DB_TABLE;
430  break;
431  case RELKIND_SEQUENCE:
432  tclass = SEPG_CLASS_DB_SEQUENCE;
433  break;
434  case RELKIND_VIEW:
435  tclass = SEPG_CLASS_DB_VIEW;
436  break;
437  case RELKIND_INDEX:
438  /* ignore indexes on toast tables */
439  if (get_rel_namespace(relOid) == PG_TOAST_NAMESPACE)
440  return;
441  /* other indexes are handled specially below; no need for tclass */
442  break;
443  default:
444  /* ignore other relkinds */
445  return;
446  }
447 
448  /*
449  * check db_schema:{remove_name} permission
450  */
451  object.classId = NamespaceRelationId;
452  object.objectId = get_rel_namespace(relOid);
453  object.objectSubId = 0;
454  audit_name = getObjectIdentity(&object);
455 
456  sepgsql_avc_check_perms(&object,
459  audit_name,
460  true);
461  pfree(audit_name);
462 
463  /* deal with indexes specially */
464  if (relkind == RELKIND_INDEX)
465  {
466  sepgsql_index_modify(relOid);
467  return;
468  }
469 
470  /*
471  * check db_table/sequence/view:{drop} permission
472  */
473  object.classId = RelationRelationId;
474  object.objectId = relOid;
475  object.objectSubId = 0;
476  audit_name = getObjectIdentity(&object);
477 
478  sepgsql_avc_check_perms(&object,
479  tclass,
481  audit_name,
482  true);
483  pfree(audit_name);
484 
485  /*
486  * check db_column:{drop} permission
487  */
488  if (relkind == RELKIND_RELATION || relkind == RELKIND_PARTITIONED_TABLE)
489  {
490  Form_pg_attribute attForm;
491  CatCList *attrList;
492  HeapTuple atttup;
493  int i;
494 
495  attrList = SearchSysCacheList1(ATTNUM, ObjectIdGetDatum(relOid));
496  for (i = 0; i < attrList->n_members; i++)
497  {
498  atttup = &attrList->members[i]->tuple;
499  attForm = (Form_pg_attribute) GETSTRUCT(atttup);
500 
501  if (attForm->attisdropped)
502  continue;
503 
504  object.classId = RelationRelationId;
505  object.objectId = relOid;
506  object.objectSubId = attForm->attnum;
507  audit_name = getObjectIdentity(&object);
508 
509  sepgsql_avc_check_perms(&object,
512  audit_name,
513  true);
514  pfree(audit_name);
515  }
516  ReleaseCatCacheList(attrList);
517  }
518 }
#define NamespaceRelationId
Definition: pg_namespace.h:34
int n_members
Definition: catcache.h:154
#define GETSTRUCT(TUP)
Definition: htup_details.h:656
#define SEPG_CLASS_DB_COLUMN
Definition: sepgsql.h:49
char get_rel_relkind(Oid relid)
Definition: lsyscache.c:1801
#define RelationRelationId
Definition: pg_class.h:29
bool sepgsql_avc_check_perms(const ObjectAddress *tobject, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:428
Oid get_rel_namespace(Oid relid)
Definition: lsyscache.c:1750
#define SEPG_CLASS_DB_SCHEMA
Definition: sepgsql.h:45
#define PG_TOAST_NAMESPACE
Definition: pg_namespace.h:74
void ReleaseCatCacheList(CatCList *list)
Definition: catcache.c:1651
CatCTup * members[FLEXIBLE_ARRAY_MEMBER]
Definition: catcache.h:155
void pfree(void *pointer)
Definition: mcxt.c:950
#define SEPG_CLASS_DB_SEQUENCE
Definition: sepgsql.h:47
#define ObjectIdGetDatum(X)
Definition: postgres.h:513
char * getObjectIdentity(const ObjectAddress *object)
#define SEPG_DB_TABLE__DROP
Definition: sepgsql.h:138
FormData_pg_attribute * Form_pg_attribute
Definition: pg_attribute.h:187
#define SearchSysCacheList1(cacheId, key1)
Definition: syscache.h:201
static void sepgsql_index_modify(Oid indexOid)
Definition: relation.c:724
#define SEPG_CLASS_DB_VIEW
Definition: sepgsql.h:53
#define RELKIND_PARTITIONED_TABLE
Definition: pg_class.h:168
#define SEPG_DB_COLUMN__DROP
Definition: sepgsql.h:170
#define SEPG_CLASS_DB_TABLE
Definition: sepgsql.h:46
#define RELKIND_VIEW
Definition: pg_class.h:164
int i
#define RELKIND_INDEX
Definition: pg_class.h:161
HeapTupleData tuple
Definition: catcache.h:116
#define RELKIND_RELATION
Definition: pg_class.h:160
#define RELKIND_SEQUENCE
Definition: pg_class.h:162
#define SEPG_DB_SCHEMA__REMOVE_NAME
Definition: sepgsql.h:135
void sepgsql_relation_post_create ( Oid  relOid)

Definition at line 242 of file relation.c.

References AccessShareLock, Anum_pg_attribute_attrelid, appendStringInfo(), AttributeRelationId, AttributeRelidNumIndexId, BTEqualStrategyNumber, ClassOidIndexId, StringInfoData::data, elog, ERROR, get_namespace_name(), getObjectIdentity(), GETSTRUCT, heap_close, heap_open(), HeapTupleIsValid, initStringInfo(), NamespaceRelationId, NameStr, ObjectIdAttributeNumber, ObjectIdGetDatum, pfree(), PG_TOAST_NAMESPACE, quote_identifier(), RelationRelationId, RELKIND_INDEX, RELKIND_PARTITIONED_TABLE, RELKIND_RELATION, RELKIND_SEQUENCE, RELKIND_VIEW, resetStringInfo(), ScanKeyInit(), SEPG_CLASS_DB_COLUMN, SEPG_CLASS_DB_SCHEMA, SEPG_CLASS_DB_SEQUENCE, SEPG_CLASS_DB_TABLE, SEPG_CLASS_DB_VIEW, SEPG_DB_COLUMN__CREATE, SEPG_DB_DATABASE__CREATE, SEPG_DB_SCHEMA__ADD_NAME, sepgsql_avc_check_perms(), sepgsql_avc_check_perms_label(), sepgsql_compute_create(), sepgsql_get_client_label(), sepgsql_get_label(), sepgsql_index_modify(), SEPGSQL_LABEL_TAG, SetSecurityLabel(), SnapshotSelf, systable_beginscan(), systable_endscan(), and systable_getnext().

Referenced by sepgsql_object_access().

243 {
244  Relation rel;
245  ScanKeyData skey;
246  SysScanDesc sscan;
247  HeapTuple tuple;
248  Form_pg_class classForm;
249  ObjectAddress object;
250  uint16_t tclass;
251  char *scontext; /* subject */
252  char *tcontext; /* schema */
253  char *rcontext; /* relation */
254  char *ccontext; /* column */
255  char *nsp_name;
256  StringInfoData audit_name;
257 
258  /*
259  * Fetch catalog record of the new relation. Because pg_class entry is not
260  * visible right now, we need to scan the catalog using SnapshotSelf.
261  */
263 
264  ScanKeyInit(&skey,
266  BTEqualStrategyNumber, F_OIDEQ,
267  ObjectIdGetDatum(relOid));
268 
269  sscan = systable_beginscan(rel, ClassOidIndexId, true,
270  SnapshotSelf, 1, &skey);
271 
272  tuple = systable_getnext(sscan);
273  if (!HeapTupleIsValid(tuple))
274  elog(ERROR, "could not find tuple for relation %u", relOid);
275 
276  classForm = (Form_pg_class) GETSTRUCT(tuple);
277 
278  /* ignore indexes on toast tables */
279  if (classForm->relkind == RELKIND_INDEX &&
280  classForm->relnamespace == PG_TOAST_NAMESPACE)
281  goto out;
282 
283  /*
284  * check db_schema:{add_name} permission of the namespace
285  */
286  object.classId = NamespaceRelationId;
287  object.objectId = classForm->relnamespace;
288  object.objectSubId = 0;
289  sepgsql_avc_check_perms(&object,
292  getObjectIdentity(&object),
293  true);
294 
295  switch (classForm->relkind)
296  {
297  case RELKIND_RELATION:
299  tclass = SEPG_CLASS_DB_TABLE;
300  break;
301  case RELKIND_SEQUENCE:
302  tclass = SEPG_CLASS_DB_SEQUENCE;
303  break;
304  case RELKIND_VIEW:
305  tclass = SEPG_CLASS_DB_VIEW;
306  break;
307  case RELKIND_INDEX:
308  /* deal with indexes specially; no need for tclass */
309  sepgsql_index_modify(relOid);
310  goto out;
311  default:
312  /* ignore other relkinds */
313  goto out;
314  }
315 
316  /*
317  * Compute a default security label when we create a new relation object
318  * under the specified namespace.
319  */
320  scontext = sepgsql_get_client_label();
322  classForm->relnamespace, 0);
323  rcontext = sepgsql_compute_create(scontext, tcontext, tclass,
324  NameStr(classForm->relname));
325 
326  /*
327  * check db_xxx:{create} permission
328  */
329  nsp_name = get_namespace_name(classForm->relnamespace);
330  initStringInfo(&audit_name);
331  appendStringInfo(&audit_name, "%s.%s",
332  quote_identifier(nsp_name),
333  quote_identifier(NameStr(classForm->relname)));
335  tclass,
337  audit_name.data,
338  true);
339 
340  /*
341  * Assign the default security label on the new regular or partitioned
342  * relation.
343  */
344  object.classId = RelationRelationId;
345  object.objectId = relOid;
346  object.objectSubId = 0;
347  SetSecurityLabel(&object, SEPGSQL_LABEL_TAG, rcontext);
348 
349  /*
350  * We also assign a default security label on columns of a new table.
351  */
352  if (classForm->relkind == RELKIND_RELATION ||
353  classForm->relkind == RELKIND_PARTITIONED_TABLE)
354  {
355  Relation arel;
356  ScanKeyData akey;
357  SysScanDesc ascan;
358  HeapTuple atup;
359  Form_pg_attribute attForm;
360 
362 
363  ScanKeyInit(&akey,
365  BTEqualStrategyNumber, F_OIDEQ,
366  ObjectIdGetDatum(relOid));
367 
368  ascan = systable_beginscan(arel, AttributeRelidNumIndexId, true,
369  SnapshotSelf, 1, &akey);
370 
371  while (HeapTupleIsValid(atup = systable_getnext(ascan)))
372  {
373  attForm = (Form_pg_attribute) GETSTRUCT(atup);
374 
375  resetStringInfo(&audit_name);
376  appendStringInfo(&audit_name, "%s.%s.%s",
377  quote_identifier(nsp_name),
378  quote_identifier(NameStr(classForm->relname)),
379  quote_identifier(NameStr(attForm->attname)));
380 
381  ccontext = sepgsql_compute_create(scontext,
382  rcontext,
384  NameStr(attForm->attname));
385 
386  /*
387  * check db_column:{create} permission
388  */
392  audit_name.data,
393  true);
394 
395  object.classId = RelationRelationId;
396  object.objectId = relOid;
397  object.objectSubId = attForm->attnum;
398  SetSecurityLabel(&object, SEPGSQL_LABEL_TAG, ccontext);
399 
400  pfree(ccontext);
401  }
402  systable_endscan(ascan);
404  }
405  pfree(rcontext);
406 
407 out:
408  systable_endscan(sscan);
410 }
#define AttributeRelidNumIndexId
Definition: indexing.h:94
bool sepgsql_avc_check_perms_label(const char *tcontext, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:346
#define Anum_pg_attribute_attrelid
Definition: pg_attribute.h:195
#define NamespaceRelationId
Definition: pg_namespace.h:34
void systable_endscan(SysScanDesc sysscan)
Definition: genam.c:499
#define GETSTRUCT(TUP)
Definition: htup_details.h:656
#define SEPG_CLASS_DB_COLUMN
Definition: sepgsql.h:49
void SetSecurityLabel(const ObjectAddress *object, const char *provider, const char *label)
Definition: seclabel.c:327
const char * quote_identifier(const char *ident)
Definition: ruleutils.c:10280
#define ObjectIdAttributeNumber
Definition: sysattr.h:22
#define RelationRelationId
Definition: pg_class.h:29
char * sepgsql_get_label(Oid classId, Oid objectId, int32 subId)
Definition: label.c:463
bool sepgsql_avc_check_perms(const ObjectAddress *tobject, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:428
#define AccessShareLock
Definition: lockdefs.h:36
#define AttributeRelationId
Definition: pg_attribute.h:33
#define heap_close(r, l)
Definition: heapam.h:97
#define SEPG_CLASS_DB_SCHEMA
Definition: sepgsql.h:45
#define PG_TOAST_NAMESPACE
Definition: pg_namespace.h:74
SysScanDesc systable_beginscan(Relation heapRelation, Oid indexId, bool indexOK, Snapshot snapshot, int nkeys, ScanKey key)
Definition: genam.c:328
HeapTuple systable_getnext(SysScanDesc sysscan)
Definition: genam.c:416
#define SEPG_DB_DATABASE__CREATE
Definition: sepgsql.h:118
void pfree(void *pointer)
Definition: mcxt.c:950
void appendStringInfo(StringInfo str, const char *fmt,...)
Definition: stringinfo.c:78
#define SEPG_CLASS_DB_SEQUENCE
Definition: sepgsql.h:47
#define ObjectIdGetDatum(X)
Definition: postgres.h:513
#define ERROR
Definition: elog.h:43
char * getObjectIdentity(const ObjectAddress *object)
char * get_namespace_name(Oid nspid)
Definition: lsyscache.c:3033
#define SEPGSQL_LABEL_TAG
Definition: sepgsql.h:23
FormData_pg_attribute * Form_pg_attribute
Definition: pg_attribute.h:187
void resetStringInfo(StringInfo str)
Definition: stringinfo.c:62
#define ClassOidIndexId
Definition: indexing.h:112
#define SnapshotSelf
Definition: tqual.h:27
static void sepgsql_index_modify(Oid indexOid)
Definition: relation.c:724
void initStringInfo(StringInfo str)
Definition: stringinfo.c:46
#define SEPG_CLASS_DB_VIEW
Definition: sepgsql.h:53
#define RELKIND_PARTITIONED_TABLE
Definition: pg_class.h:168
Relation heap_open(Oid relationId, LOCKMODE lockmode)
Definition: heapam.c:1284
#define SEPG_DB_SCHEMA__ADD_NAME
Definition: sepgsql.h:134
#define SEPG_DB_COLUMN__CREATE
Definition: sepgsql.h:169
#define SEPG_CLASS_DB_TABLE
Definition: sepgsql.h:46
#define HeapTupleIsValid(tuple)
Definition: htup.h:77
char * sepgsql_get_client_label(void)
Definition: label.c:91
FormData_pg_class * Form_pg_class
Definition: pg_class.h:95
char * sepgsql_compute_create(const char *scontext, const char *tcontext, uint16 tclass, const char *objname)
Definition: selinux.c:837
#define RELKIND_VIEW
Definition: pg_class.h:164
#define NameStr(name)
Definition: c.h:499
#define RELKIND_INDEX
Definition: pg_class.h:161
void ScanKeyInit(ScanKey entry, AttrNumber attributeNumber, StrategyNumber strategy, RegProcedure procedure, Datum argument)
Definition: scankey.c:76
#define elog
Definition: elog.h:219
#define RELKIND_RELATION
Definition: pg_class.h:160
#define RELKIND_SEQUENCE
Definition: pg_class.h:162
#define BTEqualStrategyNumber
Definition: stratnum.h:31
void sepgsql_relation_relabel ( Oid  relOid,
const char *  seclabel 
)

Definition at line 526 of file relation.c.

References ereport, errcode(), errmsg(), ERROR, get_rel_relkind(), getObjectIdentity(), pfree(), RelationRelationId, RELKIND_PARTITIONED_TABLE, RELKIND_RELATION, RELKIND_SEQUENCE, RELKIND_VIEW, SEPG_CLASS_DB_SEQUENCE, SEPG_CLASS_DB_TABLE, SEPG_CLASS_DB_VIEW, SEPG_DB_TABLE__RELABELFROM, SEPG_DB_TABLE__RELABELTO, SEPG_DB_TABLE__SETATTR, sepgsql_avc_check_perms(), and sepgsql_avc_check_perms_label().

Referenced by sepgsql_object_relabel().

527 {
528  ObjectAddress object;
529  char *audit_name;
530  char relkind = get_rel_relkind(relOid);
531  uint16_t tclass = 0;
532 
533  if (relkind == RELKIND_RELATION || relkind == RELKIND_PARTITIONED_TABLE)
534  tclass = SEPG_CLASS_DB_TABLE;
535  else if (relkind == RELKIND_SEQUENCE)
536  tclass = SEPG_CLASS_DB_SEQUENCE;
537  else if (relkind == RELKIND_VIEW)
538  tclass = SEPG_CLASS_DB_VIEW;
539  else
540  ereport(ERROR,
541  (errcode(ERRCODE_WRONG_OBJECT_TYPE),
542  errmsg("cannot set security labels on relations except "
543  "for tables, sequences or views")));
544 
545  object.classId = RelationRelationId;
546  object.objectId = relOid;
547  object.objectSubId = 0;
548  audit_name = getObjectIdentity(&object);
549 
550  /*
551  * check db_xxx:{setattr relabelfrom} permission
552  */
553  sepgsql_avc_check_perms(&object,
554  tclass,
557  audit_name,
558  true);
559 
560  /*
561  * check db_xxx:{relabelto} permission
562  */
564  tclass,
566  audit_name,
567  true);
568  pfree(audit_name);
569 }
bool sepgsql_avc_check_perms_label(const char *tcontext, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:346
char get_rel_relkind(Oid relid)
Definition: lsyscache.c:1801
#define RelationRelationId
Definition: pg_class.h:29
bool sepgsql_avc_check_perms(const ObjectAddress *tobject, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:428
int errcode(int sqlerrcode)
Definition: elog.c:575
#define SEPG_DB_TABLE__SETATTR
Definition: sepgsql.h:140
void pfree(void *pointer)
Definition: mcxt.c:950
#define SEPG_CLASS_DB_SEQUENCE
Definition: sepgsql.h:47
#define ERROR
Definition: elog.h:43
char * getObjectIdentity(const ObjectAddress *object)
#define SEPG_DB_TABLE__RELABELTO
Definition: sepgsql.h:142
#define ereport(elevel, rest)
Definition: elog.h:122
#define SEPG_CLASS_DB_VIEW
Definition: sepgsql.h:53
#define RELKIND_PARTITIONED_TABLE
Definition: pg_class.h:168
#define SEPG_DB_TABLE__RELABELFROM
Definition: sepgsql.h:141
#define SEPG_CLASS_DB_TABLE
Definition: sepgsql.h:46
int errmsg(const char *fmt,...)
Definition: elog.c:797
#define RELKIND_VIEW
Definition: pg_class.h:164
#define RELKIND_RELATION
Definition: pg_class.h:160
#define RELKIND_SEQUENCE
Definition: pg_class.h:162
void sepgsql_relation_setattr ( Oid  relOid)

Definition at line 577 of file relation.c.

References AccessShareLock, BTEqualStrategyNumber, ClassOidIndexId, elog, ERROR, get_rel_relkind(), getObjectIdentity(), GETSTRUCT, heap_close, heap_open(), HeapTupleIsValid, NameStr, ObjectIdAttributeNumber, ObjectIdGetDatum, pfree(), RelationRelationId, ReleaseSysCache(), RELKIND_INDEX, RELKIND_PARTITIONED_TABLE, RELKIND_RELATION, RELKIND_SEQUENCE, RELKIND_VIEW, RELOID, ScanKeyInit(), SearchSysCache1, SEPG_CLASS_DB_SEQUENCE, SEPG_CLASS_DB_TABLE, SEPG_CLASS_DB_VIEW, SEPG_DB_TABLE__SETATTR, sepgsql_avc_check_perms(), sepgsql_index_modify(), sepgsql_schema_add_name(), sepgsql_schema_remove_name(), sepgsql_schema_rename(), SnapshotSelf, systable_beginscan(), systable_endscan(), and systable_getnext().

Referenced by sepgsql_object_access(), and sepgsql_relation_setattr_extra().

578 {
579  Relation rel;
580  ScanKeyData skey;
581  SysScanDesc sscan;
582  HeapTuple oldtup;
583  HeapTuple newtup;
584  Form_pg_class oldform;
585  Form_pg_class newform;
586  ObjectAddress object;
587  char *audit_name;
588  uint16_t tclass;
589 
590  switch (get_rel_relkind(relOid))
591  {
592  case RELKIND_RELATION:
594  tclass = SEPG_CLASS_DB_TABLE;
595  break;
596  case RELKIND_SEQUENCE:
597  tclass = SEPG_CLASS_DB_SEQUENCE;
598  break;
599  case RELKIND_VIEW:
600  tclass = SEPG_CLASS_DB_VIEW;
601  break;
602  case RELKIND_INDEX:
603  /* deal with indexes specially */
604  sepgsql_index_modify(relOid);
605  return;
606  default:
607  /* other relkinds don't need additional work */
608  return;
609  }
610 
611  /*
612  * Fetch newer catalog
613  */
615 
616  ScanKeyInit(&skey,
618  BTEqualStrategyNumber, F_OIDEQ,
619  ObjectIdGetDatum(relOid));
620 
621  sscan = systable_beginscan(rel, ClassOidIndexId, true,
622  SnapshotSelf, 1, &skey);
623 
624  newtup = systable_getnext(sscan);
625  if (!HeapTupleIsValid(newtup))
626  elog(ERROR, "could not find tuple for relation %u", relOid);
627  newform = (Form_pg_class) GETSTRUCT(newtup);
628 
629  /*
630  * Fetch older catalog
631  */
632  oldtup = SearchSysCache1(RELOID, ObjectIdGetDatum(relOid));
633  if (!HeapTupleIsValid(oldtup))
634  elog(ERROR, "cache lookup failed for relation %u", relOid);
635  oldform = (Form_pg_class) GETSTRUCT(oldtup);
636 
637  /*
638  * Does this ALTER command takes operation to namespace?
639  */
640  if (newform->relnamespace != oldform->relnamespace)
641  {
642  sepgsql_schema_remove_name(oldform->relnamespace);
643  sepgsql_schema_add_name(newform->relnamespace);
644  }
645  if (strcmp(NameStr(newform->relname), NameStr(oldform->relname)) != 0)
646  sepgsql_schema_rename(oldform->relnamespace);
647 
648  /*
649  * XXX - In the future version, db_tuple:{use} of system catalog entry
650  * shall be checked, if tablespace configuration is changed.
651  */
652 
653  /*
654  * check db_xxx:{setattr} permission
655  */
656  object.classId = RelationRelationId;
657  object.objectId = relOid;
658  object.objectSubId = 0;
659  audit_name = getObjectIdentity(&object);
660 
661  sepgsql_avc_check_perms(&object,
662  tclass,
664  audit_name,
665  true);
666  pfree(audit_name);
667 
668  ReleaseSysCache(oldtup);
669  systable_endscan(sscan);
671 }
void systable_endscan(SysScanDesc sysscan)
Definition: genam.c:499
#define GETSTRUCT(TUP)
Definition: htup_details.h:656
#define ObjectIdAttributeNumber
Definition: sysattr.h:22
char get_rel_relkind(Oid relid)
Definition: lsyscache.c:1801
#define RelationRelationId
Definition: pg_class.h:29
void sepgsql_schema_add_name(Oid namespaceId)
Definition: schema.c:219
bool sepgsql_avc_check_perms(const ObjectAddress *tobject, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:428
void sepgsql_schema_remove_name(Oid namespaceId)
Definition: schema.c:225
#define AccessShareLock
Definition: lockdefs.h:36
#define heap_close(r, l)
Definition: heapam.h:97
SysScanDesc systable_beginscan(Relation heapRelation, Oid indexId, bool indexOK, Snapshot snapshot, int nkeys, ScanKey key)
Definition: genam.c:328
#define SearchSysCache1(cacheId, key1)
Definition: syscache.h:156
#define SEPG_DB_TABLE__SETATTR
Definition: sepgsql.h:140
HeapTuple systable_getnext(SysScanDesc sysscan)
Definition: genam.c:416
void pfree(void *pointer)
Definition: mcxt.c:950
#define SEPG_CLASS_DB_SEQUENCE
Definition: sepgsql.h:47
#define ObjectIdGetDatum(X)
Definition: postgres.h:513
#define ERROR
Definition: elog.h:43
char * getObjectIdentity(const ObjectAddress *object)
void sepgsql_schema_rename(Oid namespaceId)
Definition: schema.c:231
#define ClassOidIndexId
Definition: indexing.h:112
#define SnapshotSelf
Definition: tqual.h:27
static void sepgsql_index_modify(Oid indexOid)
Definition: relation.c:724
#define SEPG_CLASS_DB_VIEW
Definition: sepgsql.h:53
#define RELKIND_PARTITIONED_TABLE
Definition: pg_class.h:168
void ReleaseSysCache(HeapTuple tuple)
Definition: syscache.c:1117
Relation heap_open(Oid relationId, LOCKMODE lockmode)
Definition: heapam.c:1284
#define SEPG_CLASS_DB_TABLE
Definition: sepgsql.h:46
#define HeapTupleIsValid(tuple)
Definition: htup.h:77
FormData_pg_class * Form_pg_class
Definition: pg_class.h:95
#define RELKIND_VIEW
Definition: pg_class.h:164
#define NameStr(name)
Definition: c.h:499
#define RELKIND_INDEX
Definition: pg_class.h:161
void ScanKeyInit(ScanKey entry, AttrNumber attributeNumber, StrategyNumber strategy, RegProcedure procedure, Datum argument)
Definition: scankey.c:76
#define elog
Definition: elog.h:219
#define RELKIND_RELATION
Definition: pg_class.h:160
#define RELKIND_SEQUENCE
Definition: pg_class.h:162
#define BTEqualStrategyNumber
Definition: stratnum.h:31
void sepgsql_schema_add_name ( Oid  namespaceId)

Definition at line 219 of file schema.c.

References check_schema_perms(), and SEPG_DB_SCHEMA__ADD_NAME.

Referenced by sepgsql_proc_setattr(), and sepgsql_relation_setattr().

220 {
221  check_schema_perms(namespaceId, SEPG_DB_SCHEMA__ADD_NAME, true);
222 }
static bool check_schema_perms(Oid namespaceId, uint32 required, bool abort_on_violation)
Definition: schema.c:181
#define SEPG_DB_SCHEMA__ADD_NAME
Definition: sepgsql.h:134
void sepgsql_schema_drop ( Oid  namespaceId)

Definition at line 116 of file schema.c.

References ObjectAddress::classId, getObjectIdentity(), NamespaceRelationId, pfree(), SEPG_CLASS_DB_SCHEMA, SEPG_DB_SCHEMA__DROP, and sepgsql_avc_check_perms().

Referenced by sepgsql_object_access().

117 {
118  ObjectAddress object;
119  char *audit_name;
120 
121  /*
122  * check db_schema:{drop} permission
123  */
124  object.classId = NamespaceRelationId;
125  object.objectId = namespaceId;
126  object.objectSubId = 0;
127  audit_name = getObjectIdentity(&object);
128 
129  sepgsql_avc_check_perms(&object,
132  audit_name,
133  true);
134  pfree(audit_name);
135 }
#define SEPG_DB_SCHEMA__DROP
Definition: sepgsql.h:128
#define NamespaceRelationId
Definition: pg_namespace.h:34
bool sepgsql_avc_check_perms(const ObjectAddress *tobject, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:428
#define SEPG_CLASS_DB_SCHEMA
Definition: sepgsql.h:45
void pfree(void *pointer)
Definition: mcxt.c:950
char * getObjectIdentity(const ObjectAddress *object)
void sepgsql_schema_post_create ( Oid  namespaceId)

Definition at line 38 of file schema.c.

References AccessShareLock, appendStringInfo(), BTEqualStrategyNumber, StringInfoData::data, DatabaseRelationId, elog, ERROR, GETSTRUCT, heap_close, heap_open(), HeapTupleIsValid, initStringInfo(), MyDatabaseId, NamespaceOidIndexId, NamespaceRelationId, NameStr, ObjectIdAttributeNumber, ObjectIdGetDatum, pfree(), quote_identifier(), ScanKeyInit(), SEPG_CLASS_DB_SCHEMA, SEPG_DB_SCHEMA__CREATE, sepgsql_avc_check_perms_label(), sepgsql_compute_create(), sepgsql_get_client_label(), sepgsql_get_label(), SEPGSQL_LABEL_TAG, SetSecurityLabel(), SnapshotSelf, systable_beginscan(), systable_endscan(), and systable_getnext().

Referenced by sepgsql_object_access().

39 {
40  Relation rel;
41  ScanKeyData skey;
42  SysScanDesc sscan;
43  HeapTuple tuple;
44  char *tcontext;
45  char *ncontext;
46  const char *nsp_name;
47  ObjectAddress object;
48  Form_pg_namespace nspForm;
49  StringInfoData audit_name;
50 
51  /*
52  * Compute a default security label when we create a new schema object
53  * under the working database.
54  *
55  * XXX - uncoming version of libselinux supports to take object name to
56  * handle special treatment on default security label; such as special
57  * label on "pg_temp" schema.
58  */
60 
61  ScanKeyInit(&skey,
63  BTEqualStrategyNumber, F_OIDEQ,
64  ObjectIdGetDatum(namespaceId));
65 
66  sscan = systable_beginscan(rel, NamespaceOidIndexId, true,
67  SnapshotSelf, 1, &skey);
68  tuple = systable_getnext(sscan);
69  if (!HeapTupleIsValid(tuple))
70  elog(ERROR, "could not find tuple for namespace %u", namespaceId);
71 
72  nspForm = (Form_pg_namespace) GETSTRUCT(tuple);
73  nsp_name = NameStr(nspForm->nspname);
74  if (strncmp(nsp_name, "pg_temp_", 8) == 0)
75  nsp_name = "pg_temp";
76  else if (strncmp(nsp_name, "pg_toast_temp_", 14) == 0)
77  nsp_name = "pg_toast_temp";
78 
81  tcontext,
83  nsp_name);
84 
85  /*
86  * check db_schema:{create}
87  */
88  initStringInfo(&audit_name);
89  appendStringInfo(&audit_name, "%s", quote_identifier(nsp_name));
93  audit_name.data,
94  true);
95  systable_endscan(sscan);
97 
98  /*
99  * Assign the default security label on a new procedure
100  */
101  object.classId = NamespaceRelationId;
102  object.objectId = namespaceId;
103  object.objectSubId = 0;
104  SetSecurityLabel(&object, SEPGSQL_LABEL_TAG, ncontext);
105 
106  pfree(ncontext);
107  pfree(tcontext);
108 }
bool sepgsql_avc_check_perms_label(const char *tcontext, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:346
#define NamespaceOidIndexId
Definition: indexing.h:195
#define NamespaceRelationId
Definition: pg_namespace.h:34
void systable_endscan(SysScanDesc sysscan)
Definition: genam.c:499
#define GETSTRUCT(TUP)
Definition: htup_details.h:656
FormData_pg_namespace * Form_pg_namespace
Definition: pg_namespace.h:51
void SetSecurityLabel(const ObjectAddress *object, const char *provider, const char *label)
Definition: seclabel.c:327
const char * quote_identifier(const char *ident)
Definition: ruleutils.c:10280
#define ObjectIdAttributeNumber
Definition: sysattr.h:22
#define DatabaseRelationId
Definition: pg_database.h:29
char * sepgsql_get_label(Oid classId, Oid objectId, int32 subId)
Definition: label.c:463
#define AccessShareLock
Definition: lockdefs.h:36
#define heap_close(r, l)
Definition: heapam.h:97
#define SEPG_CLASS_DB_SCHEMA
Definition: sepgsql.h:45
SysScanDesc systable_beginscan(Relation heapRelation, Oid indexId, bool indexOK, Snapshot snapshot, int nkeys, ScanKey key)
Definition: genam.c:328
HeapTuple systable_getnext(SysScanDesc sysscan)
Definition: genam.c:416
void pfree(void *pointer)
Definition: mcxt.c:950
void appendStringInfo(StringInfo str, const char *fmt,...)
Definition: stringinfo.c:78
#define ObjectIdGetDatum(X)
Definition: postgres.h:513
#define ERROR
Definition: elog.h:43
#define SEPGSQL_LABEL_TAG
Definition: sepgsql.h:23
#define SnapshotSelf
Definition: tqual.h:27
void initStringInfo(StringInfo str)
Definition: stringinfo.c:46
Oid MyDatabaseId
Definition: globals.c:77
Relation heap_open(Oid relationId, LOCKMODE lockmode)
Definition: heapam.c:1284
#define HeapTupleIsValid(tuple)
Definition: htup.h:77
#define SEPG_DB_SCHEMA__CREATE
Definition: sepgsql.h:127
char * sepgsql_get_client_label(void)
Definition: label.c:91
char * sepgsql_compute_create(const char *scontext, const char *tcontext, uint16 tclass, const char *objname)
Definition: selinux.c:837
#define NameStr(name)
Definition: c.h:499
void ScanKeyInit(ScanKey entry, AttrNumber attributeNumber, StrategyNumber strategy, RegProcedure procedure, Datum argument)
Definition: scankey.c:76
#define elog
Definition: elog.h:219
#define BTEqualStrategyNumber
Definition: stratnum.h:31
void sepgsql_schema_relabel ( Oid  namespaceId,
const char *  seclabel 
)

Definition at line 144 of file schema.c.

References ObjectAddress::classId, getObjectIdentity(), NamespaceRelationId, pfree(), SEPG_CLASS_DB_SCHEMA, SEPG_DB_SCHEMA__RELABELFROM, SEPG_DB_SCHEMA__RELABELTO, SEPG_DB_SCHEMA__SETATTR, sepgsql_avc_check_perms(), and sepgsql_avc_check_perms_label().

Referenced by sepgsql_object_relabel().

145 {
146  ObjectAddress object;
147  char *audit_name;
148 
149  object.classId = NamespaceRelationId;
150  object.objectId = namespaceId;
151  object.objectSubId = 0;
152  audit_name = getObjectIdentity(&object);
153 
154  /*
155  * check db_schema:{setattr relabelfrom} permission
156  */
157  sepgsql_avc_check_perms(&object,
161  audit_name,
162  true);
163 
164  /*
165  * check db_schema:{relabelto} permission
166  */
170  audit_name,
171  true);
172  pfree(audit_name);
173 }
bool sepgsql_avc_check_perms_label(const char *tcontext, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:346
#define NamespaceRelationId
Definition: pg_namespace.h:34
bool sepgsql_avc_check_perms(const ObjectAddress *tobject, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:428
#define SEPG_CLASS_DB_SCHEMA
Definition: sepgsql.h:45
#define SEPG_DB_SCHEMA__RELABELFROM
Definition: sepgsql.h:131
void pfree(void *pointer)
Definition: mcxt.c:950
char * getObjectIdentity(const ObjectAddress *object)
#define SEPG_DB_SCHEMA__SETATTR
Definition: sepgsql.h:130
#define SEPG_DB_SCHEMA__RELABELTO
Definition: sepgsql.h:132
void sepgsql_schema_remove_name ( Oid  namespaceId)

Definition at line 225 of file schema.c.

References check_schema_perms(), and SEPG_DB_SCHEMA__REMOVE_NAME.

Referenced by sepgsql_proc_setattr(), and sepgsql_relation_setattr().

226 {
228 }
static bool check_schema_perms(Oid namespaceId, uint32 required, bool abort_on_violation)
Definition: schema.c:181
#define SEPG_DB_SCHEMA__REMOVE_NAME
Definition: sepgsql.h:135
void sepgsql_schema_rename ( Oid  namespaceId)

Definition at line 231 of file schema.c.

References check_schema_perms(), SEPG_DB_SCHEMA__ADD_NAME, and SEPG_DB_SCHEMA__REMOVE_NAME.

Referenced by sepgsql_proc_setattr(), and sepgsql_relation_setattr().

232 {
233  check_schema_perms(namespaceId,
236  true);
237 }
static bool check_schema_perms(Oid namespaceId, uint32 required, bool abort_on_violation)
Definition: schema.c:181
#define SEPG_DB_SCHEMA__ADD_NAME
Definition: sepgsql.h:134
#define SEPG_DB_SCHEMA__REMOVE_NAME
Definition: sepgsql.h:135
bool sepgsql_schema_search ( Oid  namespaceId,
bool  abort_on_violation 
)

Definition at line 211 of file schema.c.

References check_schema_perms(), and SEPG_DB_SCHEMA__SEARCH.

Referenced by sepgsql_object_access().

212 {
213  return check_schema_perms(namespaceId,
215  abort_on_violation);
216 }
static bool check_schema_perms(Oid namespaceId, uint32 required, bool abort_on_violation)
Definition: schema.c:181
#define SEPG_DB_SCHEMA__SEARCH
Definition: sepgsql.h:133
void sepgsql_schema_setattr ( Oid  namespaceId)

Definition at line 204 of file schema.c.

References check_schema_perms(), and SEPG_DB_SCHEMA__SETATTR.

Referenced by sepgsql_object_access().

205 {
206  check_schema_perms(namespaceId, SEPG_DB_SCHEMA__SETATTR, true);
207 }
static bool check_schema_perms(Oid namespaceId, uint32 required, bool abort_on_violation)
Definition: schema.c:181
#define SEPG_DB_SCHEMA__SETATTR
Definition: sepgsql.h:130
int sepgsql_set_mode ( int  new_mode)

Definition at line 631 of file selinux.c.

References sepgsql_mode.

Referenced by _PG_init(), and sepgsql_client_auth().

632 {
633  int old_mode = sepgsql_mode;
634 
635  sepgsql_mode = new_mode;
636 
637  return old_mode;
638 }
static int sepgsql_mode
Definition: selinux.c:607