PostgreSQL Source Code
git master
|
#include "catalog/objectaddress.h"
#include "fmgr.h"
#include <selinux/selinux.h>
#include <selinux/avc.h>
Go to the source code of this file.
Functions | |
bool | sepgsql_get_permissive (void) |
bool | sepgsql_get_debug_audit (void) |
bool | sepgsql_is_enabled (void) |
int | sepgsql_get_mode (void) |
int | sepgsql_set_mode (int new_mode) |
bool | sepgsql_getenforce (void) |
void | sepgsql_audit_log (bool denied, bool enforcing, const char *scontext, const char *tcontext, uint16 tclass, uint32 audited, const char *audit_name) |
void | sepgsql_compute_avd (const char *scontext, const char *tcontext, uint16 tclass, struct av_decision *avd) |
char * | sepgsql_compute_create (const char *scontext, const char *tcontext, uint16 tclass, const char *objname) |
bool | sepgsql_avc_check_perms_label (const char *tcontext, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation) |
bool | sepgsql_avc_check_perms (const ObjectAddress *tobject, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation) |
char * | sepgsql_avc_trusted_proc (Oid functionId) |
void | sepgsql_avc_init (void) |
char * | sepgsql_get_client_label (void) |
void | sepgsql_init_client_label (void) |
char * | sepgsql_get_label (Oid classId, Oid objectId, int32 subId) |
void | sepgsql_object_relabel (const ObjectAddress *object, const char *seclabel) |
bool | sepgsql_dml_privileges (List *rangeTabls, List *rteperminfos, bool abort_on_violation) |
void | sepgsql_database_post_create (Oid databaseId, const char *dtemplate) |
void | sepgsql_database_drop (Oid databaseId) |
void | sepgsql_database_relabel (Oid databaseId, const char *seclabel) |
void | sepgsql_database_setattr (Oid databaseId) |
void | sepgsql_schema_post_create (Oid namespaceId) |
void | sepgsql_schema_drop (Oid namespaceId) |
void | sepgsql_schema_relabel (Oid namespaceId, const char *seclabel) |
void | sepgsql_schema_setattr (Oid namespaceId) |
bool | sepgsql_schema_search (Oid namespaceId, bool abort_on_violation) |
void | sepgsql_schema_add_name (Oid namespaceId) |
void | sepgsql_schema_remove_name (Oid namespaceId) |
void | sepgsql_schema_rename (Oid namespaceId) |
void | sepgsql_attribute_post_create (Oid relOid, AttrNumber attnum) |
void | sepgsql_attribute_drop (Oid relOid, AttrNumber attnum) |
void | sepgsql_attribute_relabel (Oid relOid, AttrNumber attnum, const char *seclabel) |
void | sepgsql_attribute_setattr (Oid relOid, AttrNumber attnum) |
void | sepgsql_relation_post_create (Oid relOid) |
void | sepgsql_relation_drop (Oid relOid) |
void | sepgsql_relation_truncate (Oid relOid) |
void | sepgsql_relation_relabel (Oid relOid, const char *seclabel) |
void | sepgsql_relation_setattr (Oid relOid) |
void | sepgsql_proc_post_create (Oid functionId) |
void | sepgsql_proc_drop (Oid functionId) |
void | sepgsql_proc_relabel (Oid functionId, const char *seclabel) |
void | sepgsql_proc_setattr (Oid functionId) |
void | sepgsql_proc_execute (Oid functionId) |
#define SEPG_BLK_FILE__CREATE (SEPG_FILE__CREATE) |
#define SEPG_BLK_FILE__GETATTR (SEPG_FILE__GETATTR) |
#define SEPG_BLK_FILE__READ (SEPG_FILE__READ) |
#define SEPG_BLK_FILE__RENAME (SEPG_FILE__RENAME) |
#define SEPG_BLK_FILE__UNLINK (SEPG_FILE__UNLINK) |
#define SEPG_BLK_FILE__WRITE (SEPG_FILE__WRITE) |
#define SEPG_CHR_FILE__CREATE (SEPG_FILE__CREATE) |
#define SEPG_CHR_FILE__GETATTR (SEPG_FILE__GETATTR) |
#define SEPG_CHR_FILE__READ (SEPG_FILE__READ) |
#define SEPG_CHR_FILE__RENAME (SEPG_FILE__RENAME) |
#define SEPG_CHR_FILE__UNLINK (SEPG_FILE__UNLINK) |
#define SEPG_CHR_FILE__WRITE (SEPG_FILE__WRITE) |
#define SEPG_DB_BLOB__CREATE (SEPG_DB_DATABASE__CREATE) |
#define SEPG_DB_BLOB__DROP (SEPG_DB_DATABASE__DROP) |
#define SEPG_DB_BLOB__GETATTR (SEPG_DB_DATABASE__GETATTR) |
#define SEPG_DB_BLOB__RELABELFROM (SEPG_DB_DATABASE__RELABELFROM) |
#define SEPG_DB_BLOB__RELABELTO (SEPG_DB_DATABASE__RELABELTO) |
#define SEPG_DB_BLOB__SETATTR (SEPG_DB_DATABASE__SETATTR) |
#define SEPG_DB_COLUMN__CREATE (SEPG_DB_DATABASE__CREATE) |
#define SEPG_DB_COLUMN__DROP (SEPG_DB_DATABASE__DROP) |
#define SEPG_DB_COLUMN__GETATTR (SEPG_DB_DATABASE__GETATTR) |
#define SEPG_DB_COLUMN__RELABELFROM (SEPG_DB_DATABASE__RELABELFROM) |
#define SEPG_DB_COLUMN__RELABELTO (SEPG_DB_DATABASE__RELABELTO) |
#define SEPG_DB_COLUMN__SETATTR (SEPG_DB_DATABASE__SETATTR) |
#define SEPG_DB_LANGUAGE__CREATE (SEPG_DB_DATABASE__CREATE) |
#define SEPG_DB_LANGUAGE__DROP (SEPG_DB_DATABASE__DROP) |
#define SEPG_DB_LANGUAGE__GETATTR (SEPG_DB_DATABASE__GETATTR) |
#define SEPG_DB_LANGUAGE__RELABELFROM (SEPG_DB_DATABASE__RELABELFROM) |
#define SEPG_DB_LANGUAGE__RELABELTO (SEPG_DB_DATABASE__RELABELTO) |
#define SEPG_DB_LANGUAGE__SETATTR (SEPG_DB_DATABASE__SETATTR) |
#define SEPG_DB_PROCEDURE__CREATE (SEPG_DB_DATABASE__CREATE) |
#define SEPG_DB_PROCEDURE__DROP (SEPG_DB_DATABASE__DROP) |
#define SEPG_DB_PROCEDURE__GETATTR (SEPG_DB_DATABASE__GETATTR) |
#define SEPG_DB_PROCEDURE__RELABELFROM (SEPG_DB_DATABASE__RELABELFROM) |
#define SEPG_DB_PROCEDURE__RELABELTO (SEPG_DB_DATABASE__RELABELTO) |
#define SEPG_DB_PROCEDURE__SETATTR (SEPG_DB_DATABASE__SETATTR) |
#define SEPG_DB_SCHEMA__CREATE (SEPG_DB_DATABASE__CREATE) |
#define SEPG_DB_SCHEMA__DROP (SEPG_DB_DATABASE__DROP) |
#define SEPG_DB_SCHEMA__GETATTR (SEPG_DB_DATABASE__GETATTR) |
#define SEPG_DB_SCHEMA__RELABELFROM (SEPG_DB_DATABASE__RELABELFROM) |
#define SEPG_DB_SCHEMA__RELABELTO (SEPG_DB_DATABASE__RELABELTO) |
#define SEPG_DB_SCHEMA__SETATTR (SEPG_DB_DATABASE__SETATTR) |
#define SEPG_DB_SEQUENCE__CREATE (SEPG_DB_DATABASE__CREATE) |
#define SEPG_DB_SEQUENCE__DROP (SEPG_DB_DATABASE__DROP) |
#define SEPG_DB_SEQUENCE__GETATTR (SEPG_DB_DATABASE__GETATTR) |
#define SEPG_DB_SEQUENCE__RELABELFROM (SEPG_DB_DATABASE__RELABELFROM) |
#define SEPG_DB_SEQUENCE__RELABELTO (SEPG_DB_DATABASE__RELABELTO) |
#define SEPG_DB_SEQUENCE__SETATTR (SEPG_DB_DATABASE__SETATTR) |
#define SEPG_DB_TABLE__CREATE (SEPG_DB_DATABASE__CREATE) |
#define SEPG_DB_TABLE__DROP (SEPG_DB_DATABASE__DROP) |
#define SEPG_DB_TABLE__GETATTR (SEPG_DB_DATABASE__GETATTR) |
#define SEPG_DB_TABLE__RELABELFROM (SEPG_DB_DATABASE__RELABELFROM) |
#define SEPG_DB_TABLE__RELABELTO (SEPG_DB_DATABASE__RELABELTO) |
#define SEPG_DB_TABLE__SETATTR (SEPG_DB_DATABASE__SETATTR) |
#define SEPG_DB_TUPLE__DELETE (SEPG_DB_DATABASE__DROP) |
#define SEPG_DB_TUPLE__INSERT (SEPG_DB_DATABASE__CREATE) |
#define SEPG_DB_TUPLE__RELABELFROM (SEPG_DB_DATABASE__RELABELFROM) |
#define SEPG_DB_TUPLE__RELABELTO (SEPG_DB_DATABASE__RELABELTO) |
#define SEPG_DB_TUPLE__SELECT (SEPG_DB_DATABASE__GETATTR) |
#define SEPG_DB_TUPLE__UPDATE (SEPG_DB_DATABASE__SETATTR) |
#define SEPG_DB_VIEW__CREATE (SEPG_DB_DATABASE__CREATE) |
#define SEPG_DB_VIEW__DROP (SEPG_DB_DATABASE__DROP) |
#define SEPG_DB_VIEW__GETATTR (SEPG_DB_DATABASE__GETATTR) |
#define SEPG_DB_VIEW__RELABELFROM (SEPG_DB_DATABASE__RELABELFROM) |
#define SEPG_DB_VIEW__RELABELTO (SEPG_DB_DATABASE__RELABELTO) |
#define SEPG_DB_VIEW__SETATTR (SEPG_DB_DATABASE__SETATTR) |
#define SEPG_DIR__CREATE (SEPG_FILE__CREATE) |
#define SEPG_DIR__GETATTR (SEPG_FILE__GETATTR) |
#define SEPG_DIR__READ (SEPG_FILE__READ) |
#define SEPG_DIR__RENAME (SEPG_FILE__RENAME) |
#define SEPG_DIR__UNLINK (SEPG_FILE__UNLINK) |
#define SEPG_DIR__WRITE (SEPG_FILE__WRITE) |
#define SEPG_FIFO_FILE__CREATE (SEPG_FILE__CREATE) |
#define SEPG_FIFO_FILE__GETATTR (SEPG_FILE__GETATTR) |
#define SEPG_FIFO_FILE__READ (SEPG_FILE__READ) |
#define SEPG_FIFO_FILE__RENAME (SEPG_FILE__RENAME) |
#define SEPG_FIFO_FILE__UNLINK (SEPG_FILE__UNLINK) |
#define SEPG_FIFO_FILE__WRITE (SEPG_FILE__WRITE) |
#define SEPG_LNK_FILE__CREATE (SEPG_FILE__CREATE) |
#define SEPG_LNK_FILE__GETATTR (SEPG_FILE__GETATTR) |
#define SEPG_LNK_FILE__READ (SEPG_FILE__READ) |
#define SEPG_LNK_FILE__RENAME (SEPG_FILE__RENAME) |
#define SEPG_LNK_FILE__UNLINK (SEPG_FILE__UNLINK) |
#define SEPG_LNK_FILE__WRITE (SEPG_FILE__WRITE) |
#define SEPG_SOCK_FILE__CREATE (SEPG_FILE__CREATE) |
#define SEPG_SOCK_FILE__GETATTR (SEPG_FILE__GETATTR) |
#define SEPG_SOCK_FILE__READ (SEPG_FILE__READ) |
#define SEPG_SOCK_FILE__RENAME (SEPG_FILE__RENAME) |
#define SEPG_SOCK_FILE__UNLINK (SEPG_FILE__UNLINK) |
#define SEPG_SOCK_FILE__WRITE (SEPG_FILE__WRITE) |
void sepgsql_attribute_drop | ( | Oid | relOid, |
AttrNumber | attnum | ||
) |
Definition at line 133 of file relation.c.
References attnum, get_rel_relkind(), getObjectIdentity(), pfree(), SEPG_CLASS_DB_COLUMN, SEPG_DB_COLUMN__DROP, and sepgsql_avc_check_perms().
Referenced by sepgsql_object_access().
void sepgsql_attribute_post_create | ( | Oid | relOid, |
AttrNumber | attnum | ||
) |
Definition at line 43 of file relation.c.
References AccessShareLock, appendStringInfo(), attnum, BTEqualStrategyNumber, StringInfoData::data, elog, ERROR, get_rel_relkind(), getObjectIdentity(), GETSTRUCT, HeapTupleIsValid, initStringInfo(), Int16GetDatum(), NameStr, ObjectIdGetDatum(), pfree(), quote_identifier(), ScanKeyInit(), SEPG_CLASS_DB_COLUMN, SEPG_DB_COLUMN__CREATE, sepgsql_avc_check_perms_label(), sepgsql_compute_create(), sepgsql_get_client_label(), sepgsql_get_label(), SEPGSQL_LABEL_TAG, SetSecurityLabel(), SnapshotSelf, systable_beginscan(), systable_endscan(), systable_getnext(), table_close(), and table_open().
Referenced by sepgsql_object_access().
void sepgsql_attribute_relabel | ( | Oid | relOid, |
AttrNumber | attnum, | ||
const char * | seclabel | ||
) |
Definition at line 165 of file relation.c.
References attnum, ereport, errcode(), errmsg(), ERROR, get_rel_relkind(), getObjectIdentity(), pfree(), SEPG_CLASS_DB_COLUMN, SEPG_DB_COLUMN__RELABELFROM, SEPG_DB_COLUMN__SETATTR, SEPG_DB_PROCEDURE__RELABELTO, sepgsql_avc_check_perms(), and sepgsql_avc_check_perms_label().
Referenced by sepgsql_object_relabel().
void sepgsql_attribute_setattr | ( | Oid | relOid, |
AttrNumber | attnum | ||
) |
Definition at line 209 of file relation.c.
References attnum, get_rel_relkind(), getObjectIdentity(), pfree(), SEPG_CLASS_DB_COLUMN, SEPG_DB_COLUMN__SETATTR, and sepgsql_avc_check_perms().
Referenced by sepgsql_object_access().
void sepgsql_audit_log | ( | bool | denied, |
bool | enforcing, | ||
const char * | scontext, | ||
const char * | tcontext, | ||
uint16 | tclass, | ||
uint32 | audited, | ||
const char * | audit_name | ||
) |
Definition at line 678 of file selinux.c.
References appendStringInfo(), appendStringInfoString(), Assert, av_name, buf, class_name, ereport, errmsg(), i, initStringInfo(), LOG, selinux_catalog, and SEPG_CLASS_MAX.
Referenced by sepgsql_avc_check_perms_label().
bool sepgsql_avc_check_perms | ( | const ObjectAddress * | tobject, |
uint16 | tclass, | ||
uint32 | required, | ||
const char * | audit_name, | ||
bool | abort_on_violation | ||
) |
Definition at line 420 of file uavc.c.
References GetSecurityLabel(), pfree(), generate_unaccent_rules::required, sepgsql_avc_check_perms_label(), and SEPGSQL_LABEL_TAG.
Referenced by check_relation_privileges(), check_schema_perms(), sepgsql_attribute_drop(), sepgsql_attribute_relabel(), sepgsql_attribute_setattr(), sepgsql_database_drop(), sepgsql_database_relabel(), sepgsql_database_setattr(), sepgsql_fmgr_hook(), sepgsql_needs_fmgr_hook(), sepgsql_proc_drop(), sepgsql_proc_execute(), sepgsql_proc_post_create(), sepgsql_proc_relabel(), sepgsql_proc_setattr(), sepgsql_relation_drop(), sepgsql_relation_post_create(), sepgsql_relation_relabel(), sepgsql_relation_setattr(), sepgsql_relation_truncate(), sepgsql_schema_drop(), and sepgsql_schema_relabel().
bool sepgsql_avc_check_perms_label | ( | const char * | tcontext, |
uint16 | tclass, | ||
uint32 | required, | ||
const char * | audit_name, | ||
bool | abort_on_violation | ||
) |
Definition at line 337 of file uavc.c.
References avc_cache::allowed, avc_cache::auditallow, avc_cache::auditdeny, ereport, errcode(), errmsg(), ERROR, avc_cache::permissive, generate_unaccent_rules::required, avc_cache::scontext, sepgsql_audit_log(), sepgsql_avc_check_valid(), sepgsql_avc_lookup(), SEPGSQL_AVC_NOAUDIT, sepgsql_avc_unlabeled(), sepgsql_get_client_label(), sepgsql_get_debug_audit(), sepgsql_get_mode(), sepgsql_getenforce(), SEPGSQL_MODE_INTERNAL, avc_cache::tclass, avc_cache::tcontext, and avc_cache::tcontext_is_valid.
Referenced by sepgsql_attribute_post_create(), sepgsql_attribute_relabel(), sepgsql_avc_check_perms(), sepgsql_database_post_create(), sepgsql_database_relabel(), sepgsql_fmgr_hook(), sepgsql_proc_post_create(), sepgsql_proc_relabel(), sepgsql_relation_post_create(), sepgsql_relation_relabel(), sepgsql_schema_post_create(), sepgsql_schema_relabel(), and sepgsql_set_client_label().
void sepgsql_avc_init | ( | void | ) |
Definition at line 488 of file uavc.c.
References ALLOCSET_DEFAULT_SIZES, AllocSetContextCreate, AVC_DEF_THRESHOLD, avc_lru_hint, avc_mem_cxt, avc_num_caches, avc_slots, avc_threshold, ereport, errcode(), errmsg(), ERROR, LOG, on_proc_exit(), sepgsql_avc_exit(), and TopMemoryContext.
Referenced by _PG_init().
char* sepgsql_avc_trusted_proc | ( | Oid | functionId | ) |
Definition at line 445 of file uavc.c.
References ObjectAddress::classId, GetSecurityLabel(), avc_cache::ncontext, ObjectAddress::objectId, ObjectAddress::objectSubId, SEPG_CLASS_DB_PROCEDURE, sepgsql_avc_check_valid(), sepgsql_avc_lookup(), sepgsql_avc_unlabeled(), sepgsql_get_client_label(), and SEPGSQL_LABEL_TAG.
Referenced by sepgsql_fmgr_hook(), and sepgsql_needs_fmgr_hook().
void sepgsql_compute_avd | ( | const char * | scontext, |
const char * | tcontext, | ||
uint16 | tclass, | ||
struct av_decision * | avd | ||
) |
Definition at line 739 of file selinux.c.
References Assert, av_code, av_name, class_code, ereport, errcode(), errmsg(), ERROR, i, selinux_catalog, and SEPG_CLASS_MAX.
Referenced by sepgsql_avc_compute().
char* sepgsql_compute_create | ( | const char * | scontext, |
const char * | tcontext, | ||
uint16 | tclass, | ||
const char * | objname | ||
) |
Definition at line 842 of file selinux.c.
References Assert, ereport, errcode(), errmsg(), ERROR, PG_END_TRY, PG_FINALLY, PG_TRY, pstrdup(), selinux_catalog, and SEPG_CLASS_MAX.
Referenced by sepgsql_attribute_post_create(), sepgsql_avc_compute(), sepgsql_database_post_create(), sepgsql_proc_post_create(), sepgsql_relation_post_create(), and sepgsql_schema_post_create().
void sepgsql_database_drop | ( | Oid | databaseId | ) |
Definition at line 133 of file database.c.
References ObjectAddress::classId, getObjectIdentity(), pfree(), SEPG_CLASS_DB_DATABASE, SEPG_DB_DATABASE__DROP, and sepgsql_avc_check_perms().
Referenced by sepgsql_object_access().
void sepgsql_database_post_create | ( | Oid | databaseId, |
const char * | dtemplate | ||
) |
Definition at line 33 of file database.c.
References AccessShareLock, appendStringInfoString(), BTEqualStrategyNumber, StringInfoData::data, elog, ERROR, get_database_oid(), GETSTRUCT, HeapTupleIsValid, initStringInfo(), NameStr, ObjectIdGetDatum(), pfree(), quote_identifier(), resetStringInfo(), ScanKeyInit(), SEPG_CLASS_DB_DATABASE, SEPG_DB_DATABASE__CREATE, SEPG_DB_DATABASE__GETATTR, sepgsql_avc_check_perms_label(), sepgsql_compute_create(), sepgsql_get_client_label(), sepgsql_get_label(), SEPGSQL_LABEL_TAG, SetSecurityLabel(), SnapshotSelf, systable_beginscan(), systable_endscan(), systable_getnext(), table_close(), and table_open().
Referenced by sepgsql_object_access().
void sepgsql_database_relabel | ( | Oid | databaseId, |
const char * | seclabel | ||
) |
Definition at line 187 of file database.c.
References ObjectAddress::classId, getObjectIdentity(), pfree(), SEPG_CLASS_DB_DATABASE, SEPG_DB_DATABASE__RELABELFROM, SEPG_DB_DATABASE__RELABELTO, SEPG_DB_DATABASE__SETATTR, sepgsql_avc_check_perms(), and sepgsql_avc_check_perms_label().
Referenced by sepgsql_object_relabel().
void sepgsql_database_setattr | ( | Oid | databaseId | ) |
Definition at line 160 of file database.c.
References ObjectAddress::classId, getObjectIdentity(), pfree(), SEPG_CLASS_DB_DATABASE, SEPG_DB_DATABASE__SETATTR, and sepgsql_avc_check_perms().
Referenced by sepgsql_object_access().
Definition at line 282 of file dml.c.
References ACL_DELETE, ACL_INSERT, ACL_SELECT, ACL_UPDATE, bms_is_empty, check_relation_privileges(), find_all_inheritors(), fixup_inherited_columns(), RTEPermissionInfo::inh, RTEPermissionInfo::insertedCols, lfirst_node, lfirst_oid, list_free(), list_make1_oid, NoLock, RTEPermissionInfo::relid, generate_unaccent_rules::required, RTEPermissionInfo::requiredPerms, RTEPermissionInfo::selectedCols, SEPG_DB_TABLE__DELETE, SEPG_DB_TABLE__INSERT, SEPG_DB_TABLE__LOCK, SEPG_DB_TABLE__SELECT, SEPG_DB_TABLE__UPDATE, and RTEPermissionInfo::updatedCols.
Referenced by sepgsql_exec_check_perms().
char* sepgsql_get_client_label | ( | void | ) |
Definition at line 80 of file label.c.
References Assert, client_label_committed, client_label_func, client_label_peer, client_label_pending, pending_label::label, and llast.
Referenced by sepgsql_attribute_post_create(), sepgsql_avc_check_perms_label(), sepgsql_avc_trusted_proc(), sepgsql_database_post_create(), sepgsql_getcon(), sepgsql_proc_post_create(), sepgsql_relation_post_create(), sepgsql_schema_post_create(), and sepgsql_set_client_label().
bool sepgsql_get_debug_audit | ( | void | ) |
Definition at line 74 of file hooks.c.
References sepgsql_debug_audit.
Referenced by sepgsql_avc_check_perms_label().
Definition at line 445 of file label.c.
References ereport, errcode(), errmsg(), ERROR, GetSecurityLabel(), label, PG_END_TRY, PG_FINALLY, PG_TRY, pstrdup(), and SEPGSQL_LABEL_TAG.
Referenced by sepgsql_attribute_post_create(), sepgsql_database_post_create(), sepgsql_proc_post_create(), sepgsql_relation_post_create(), and sepgsql_schema_post_create().
int sepgsql_get_mode | ( | void | ) |
Definition at line 625 of file selinux.c.
References sepgsql_mode.
Referenced by sepgsql_avc_check_perms_label().
bool sepgsql_get_permissive | ( | void | ) |
Definition at line 63 of file hooks.c.
References sepgsql_permissive.
Referenced by sepgsql_client_auth().
bool sepgsql_getenforce | ( | void | ) |
Definition at line 651 of file selinux.c.
References sepgsql_mode, and SEPGSQL_MODE_DEFAULT.
Referenced by check_relation_privileges(), sepgsql_avc_check_perms_label(), and sepgsql_utility_command().
void sepgsql_init_client_label | ( | void | ) |
Definition at line 404 of file label.c.
References client_label_peer, ClientAuthentication_hook, ereport, errcode(), errmsg(), ERROR, fmgr_hook, needs_fmgr_hook, next_client_auth_hook, next_fmgr_hook, next_needs_fmgr_hook, RegisterSubXactCallback(), RegisterXactCallback(), sepgsql_client_auth(), sepgsql_fmgr_hook(), sepgsql_needs_fmgr_hook(), sepgsql_subxact_callback(), and sepgsql_xact_callback().
Referenced by _PG_init().
bool sepgsql_is_enabled | ( | void | ) |
Definition at line 616 of file selinux.c.
References sepgsql_mode, and SEPGSQL_MODE_DISABLED.
Referenced by sepgsql_getcon(), sepgsql_mcstrans_in(), sepgsql_mcstrans_out(), and sepgsql_restorecon().
void sepgsql_object_relabel | ( | const ObjectAddress * | object, |
const char * | seclabel | ||
) |
Definition at line 482 of file label.c.
References ObjectAddress::classId, ereport, errcode(), errmsg(), ERROR, getObjectTypeDescription(), ObjectAddress::objectId, ObjectAddress::objectSubId, sepgsql_attribute_relabel(), sepgsql_database_relabel(), sepgsql_proc_relabel(), sepgsql_relation_relabel(), and sepgsql_schema_relabel().
Referenced by _PG_init(), and exec_object_restorecon().
void sepgsql_proc_drop | ( | Oid | functionId | ) |
Definition at line 155 of file proc.c.
References ObjectAddress::classId, get_func_namespace(), getObjectIdentity(), pfree(), SEPG_CLASS_DB_PROCEDURE, SEPG_CLASS_DB_SCHEMA, SEPG_DB_PROCEDURE__DROP, SEPG_DB_SCHEMA__REMOVE_NAME, and sepgsql_avc_check_perms().
Referenced by sepgsql_object_access().
void sepgsql_proc_execute | ( | Oid | functionId | ) |
Definition at line 315 of file proc.c.
References ObjectAddress::classId, getObjectIdentity(), pfree(), SEPG_CLASS_DB_PROCEDURE, SEPG_DB_PROCEDURE__EXECUTE, and sepgsql_avc_check_perms().
Referenced by sepgsql_object_access().
void sepgsql_proc_post_create | ( | Oid | functionId | ) |
Definition at line 37 of file proc.c.
References AccessShareLock, appendStringInfo(), appendStringInfoChar(), appendStringInfoString(), BTEqualStrategyNumber, StringInfoData::data, elog, ERROR, get_namespace_name(), getObjectIdentity(), GETSTRUCT, HeapTupleIsValid, i, initStringInfo(), NameStr, ObjectIdGetDatum(), pfree(), quote_qualified_identifier(), generate_unaccent_rules::required, ScanKeyInit(), SEPG_CLASS_DB_PROCEDURE, SEPG_CLASS_DB_SCHEMA, SEPG_DB_PROCEDURE__CREATE, SEPG_DB_PROCEDURE__INSTALL, SEPG_DB_SCHEMA__ADD_NAME, sepgsql_avc_check_perms(), sepgsql_avc_check_perms_label(), sepgsql_compute_create(), sepgsql_get_client_label(), sepgsql_get_label(), SEPGSQL_LABEL_TAG, SetSecurityLabel(), SnapshotSelf, systable_beginscan(), systable_endscan(), systable_getnext(), table_close(), and table_open().
Referenced by sepgsql_object_access().
void sepgsql_proc_relabel | ( | Oid | functionId, |
const char * | seclabel | ||
) |
Definition at line 198 of file proc.c.
References ObjectAddress::classId, getObjectIdentity(), pfree(), SEPG_CLASS_DB_PROCEDURE, SEPG_DB_PROCEDURE__RELABELFROM, SEPG_DB_PROCEDURE__RELABELTO, SEPG_DB_PROCEDURE__SETATTR, sepgsql_avc_check_perms(), and sepgsql_avc_check_perms_label().
Referenced by sepgsql_object_relabel().
void sepgsql_proc_setattr | ( | Oid | functionId | ) |
Definition at line 235 of file proc.c.
References AccessShareLock, BTEqualStrategyNumber, elog, ERROR, getObjectIdentity(), GETSTRUCT, HeapTupleIsValid, NameStr, ObjectIdGetDatum(), pfree(), ReleaseSysCache(), generate_unaccent_rules::required, ScanKeyInit(), SearchSysCache1(), SEPG_CLASS_DB_PROCEDURE, SEPG_DB_PROCEDURE__INSTALL, SEPG_DB_PROCEDURE__SETATTR, sepgsql_avc_check_perms(), sepgsql_schema_add_name(), sepgsql_schema_remove_name(), sepgsql_schema_rename(), SnapshotSelf, systable_beginscan(), systable_endscan(), systable_getnext(), table_close(), and table_open().
Referenced by sepgsql_object_access().
void sepgsql_relation_drop | ( | Oid | relOid | ) |
Definition at line 416 of file relation.c.
References get_rel_namespace(), get_rel_relkind(), getObjectIdentity(), GETSTRUCT, i, catclist::members, catclist::n_members, ObjectIdGetDatum(), pfree(), ReleaseCatCacheList(), SearchSysCacheList1, SEPG_CLASS_DB_COLUMN, SEPG_CLASS_DB_SCHEMA, SEPG_CLASS_DB_SEQUENCE, SEPG_CLASS_DB_TABLE, SEPG_CLASS_DB_VIEW, SEPG_DB_COLUMN__DROP, SEPG_DB_SCHEMA__REMOVE_NAME, SEPG_DB_TABLE__DROP, sepgsql_avc_check_perms(), sepgsql_index_modify(), and catctup::tuple.
Referenced by sepgsql_object_access().
void sepgsql_relation_post_create | ( | Oid | relOid | ) |
Definition at line 240 of file relation.c.
References AccessShareLock, appendStringInfo(), BTEqualStrategyNumber, StringInfoData::data, elog, ERROR, get_namespace_name(), getObjectIdentity(), GETSTRUCT, HeapTupleIsValid, initStringInfo(), NameStr, ObjectIdGetDatum(), pfree(), quote_identifier(), resetStringInfo(), ScanKeyInit(), SEPG_CLASS_DB_COLUMN, SEPG_CLASS_DB_SCHEMA, SEPG_CLASS_DB_SEQUENCE, SEPG_CLASS_DB_TABLE, SEPG_CLASS_DB_VIEW, SEPG_DB_COLUMN__CREATE, SEPG_DB_DATABASE__CREATE, SEPG_DB_SCHEMA__ADD_NAME, sepgsql_avc_check_perms(), sepgsql_avc_check_perms_label(), sepgsql_compute_create(), sepgsql_get_client_label(), sepgsql_get_label(), sepgsql_index_modify(), SEPGSQL_LABEL_TAG, SetSecurityLabel(), SnapshotSelf, systable_beginscan(), systable_endscan(), systable_getnext(), table_close(), and table_open().
Referenced by sepgsql_object_access().
void sepgsql_relation_relabel | ( | Oid | relOid, |
const char * | seclabel | ||
) |
Definition at line 564 of file relation.c.
References ereport, errcode(), errmsg(), ERROR, get_rel_relkind(), getObjectIdentity(), pfree(), SEPG_CLASS_DB_SEQUENCE, SEPG_CLASS_DB_TABLE, SEPG_CLASS_DB_VIEW, SEPG_DB_TABLE__RELABELFROM, SEPG_DB_TABLE__RELABELTO, SEPG_DB_TABLE__SETATTR, sepgsql_avc_check_perms(), and sepgsql_avc_check_perms_label().
Referenced by sepgsql_object_relabel().
void sepgsql_relation_setattr | ( | Oid | relOid | ) |
Definition at line 615 of file relation.c.
References AccessShareLock, BTEqualStrategyNumber, elog, ERROR, get_rel_relkind(), getObjectIdentity(), GETSTRUCT, HeapTupleIsValid, NameStr, ObjectIdGetDatum(), pfree(), ReleaseSysCache(), ScanKeyInit(), SearchSysCache1(), SEPG_CLASS_DB_SEQUENCE, SEPG_CLASS_DB_TABLE, SEPG_CLASS_DB_VIEW, SEPG_DB_TABLE__SETATTR, sepgsql_avc_check_perms(), sepgsql_index_modify(), sepgsql_schema_add_name(), sepgsql_schema_remove_name(), sepgsql_schema_rename(), SnapshotSelf, systable_beginscan(), systable_endscan(), systable_getnext(), table_close(), and table_open().
Referenced by sepgsql_object_access(), and sepgsql_relation_setattr_extra().
void sepgsql_relation_truncate | ( | Oid | relOid | ) |
Definition at line 524 of file relation.c.
References get_rel_relkind(), getObjectIdentity(), pfree(), SEPG_CLASS_DB_TABLE, SEPG_DB_TABLE__TRUNCATE, and sepgsql_avc_check_perms().
Referenced by sepgsql_object_access().
void sepgsql_schema_add_name | ( | Oid | namespaceId | ) |
Definition at line 217 of file schema.c.
References check_schema_perms(), and SEPG_DB_SCHEMA__ADD_NAME.
Referenced by sepgsql_proc_setattr(), and sepgsql_relation_setattr().
void sepgsql_schema_drop | ( | Oid | namespaceId | ) |
Definition at line 114 of file schema.c.
References ObjectAddress::classId, getObjectIdentity(), pfree(), SEPG_CLASS_DB_SCHEMA, SEPG_DB_SCHEMA__DROP, and sepgsql_avc_check_perms().
Referenced by sepgsql_object_access().
void sepgsql_schema_post_create | ( | Oid | namespaceId | ) |
Definition at line 36 of file schema.c.
References AccessShareLock, appendStringInfoString(), BTEqualStrategyNumber, StringInfoData::data, elog, ERROR, GETSTRUCT, HeapTupleIsValid, initStringInfo(), MyDatabaseId, NameStr, ObjectIdGetDatum(), pfree(), quote_identifier(), ScanKeyInit(), SEPG_CLASS_DB_SCHEMA, SEPG_DB_SCHEMA__CREATE, sepgsql_avc_check_perms_label(), sepgsql_compute_create(), sepgsql_get_client_label(), sepgsql_get_label(), SEPGSQL_LABEL_TAG, SetSecurityLabel(), SnapshotSelf, systable_beginscan(), systable_endscan(), systable_getnext(), table_close(), and table_open().
Referenced by sepgsql_object_access().
void sepgsql_schema_relabel | ( | Oid | namespaceId, |
const char * | seclabel | ||
) |
Definition at line 142 of file schema.c.
References ObjectAddress::classId, getObjectIdentity(), pfree(), SEPG_CLASS_DB_SCHEMA, SEPG_DB_SCHEMA__RELABELFROM, SEPG_DB_SCHEMA__RELABELTO, SEPG_DB_SCHEMA__SETATTR, sepgsql_avc_check_perms(), and sepgsql_avc_check_perms_label().
Referenced by sepgsql_object_relabel().
void sepgsql_schema_remove_name | ( | Oid | namespaceId | ) |
Definition at line 223 of file schema.c.
References check_schema_perms(), and SEPG_DB_SCHEMA__REMOVE_NAME.
Referenced by sepgsql_proc_setattr(), and sepgsql_relation_setattr().
void sepgsql_schema_rename | ( | Oid | namespaceId | ) |
Definition at line 229 of file schema.c.
References check_schema_perms(), SEPG_DB_SCHEMA__ADD_NAME, and SEPG_DB_SCHEMA__REMOVE_NAME.
Referenced by sepgsql_proc_setattr(), and sepgsql_relation_setattr().
bool sepgsql_schema_search | ( | Oid | namespaceId, |
bool | abort_on_violation | ||
) |
Definition at line 209 of file schema.c.
References check_schema_perms(), and SEPG_DB_SCHEMA__SEARCH.
Referenced by sepgsql_object_access().
void sepgsql_schema_setattr | ( | Oid | namespaceId | ) |
Definition at line 202 of file schema.c.
References check_schema_perms(), and SEPG_DB_SCHEMA__SETATTR.
Referenced by sepgsql_object_access().
int sepgsql_set_mode | ( | int | new_mode | ) |
Definition at line 634 of file selinux.c.
References sepgsql_mode.
Referenced by _PG_init(), and sepgsql_client_auth().