PostgreSQL Source Code  git master
sepgsql.h File Reference
#include "catalog/objectaddress.h"
#include "fmgr.h"
#include <selinux/selinux.h>
#include <selinux/avc.h>
Include dependency graph for sepgsql.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Macros

#define SEPGSQL_LABEL_TAG   "selinux"
 
#define SEPGSQL_MODE_DEFAULT   1
 
#define SEPGSQL_MODE_PERMISSIVE   2
 
#define SEPGSQL_MODE_INTERNAL   3
 
#define SEPGSQL_MODE_DISABLED   4
 
#define SEPG_CLASS_PROCESS   0
 
#define SEPG_CLASS_FILE   1
 
#define SEPG_CLASS_DIR   2
 
#define SEPG_CLASS_LNK_FILE   3
 
#define SEPG_CLASS_CHR_FILE   4
 
#define SEPG_CLASS_BLK_FILE   5
 
#define SEPG_CLASS_SOCK_FILE   6
 
#define SEPG_CLASS_FIFO_FILE   7
 
#define SEPG_CLASS_DB_DATABASE   8
 
#define SEPG_CLASS_DB_SCHEMA   9
 
#define SEPG_CLASS_DB_TABLE   10
 
#define SEPG_CLASS_DB_SEQUENCE   11
 
#define SEPG_CLASS_DB_PROCEDURE   12
 
#define SEPG_CLASS_DB_COLUMN   13
 
#define SEPG_CLASS_DB_TUPLE   14
 
#define SEPG_CLASS_DB_BLOB   15
 
#define SEPG_CLASS_DB_LANGUAGE   16
 
#define SEPG_CLASS_DB_VIEW   17
 
#define SEPG_CLASS_MAX   18
 
#define SEPG_PROCESS__TRANSITION   (1<<0)
 
#define SEPG_PROCESS__DYNTRANSITION   (1<<1)
 
#define SEPG_PROCESS__SETCURRENT   (1<<2)
 
#define SEPG_FILE__READ   (1<<0)
 
#define SEPG_FILE__WRITE   (1<<1)
 
#define SEPG_FILE__CREATE   (1<<2)
 
#define SEPG_FILE__GETATTR   (1<<3)
 
#define SEPG_FILE__UNLINK   (1<<4)
 
#define SEPG_FILE__RENAME   (1<<5)
 
#define SEPG_FILE__APPEND   (1<<6)
 
#define SEPG_DIR__READ   (SEPG_FILE__READ)
 
#define SEPG_DIR__WRITE   (SEPG_FILE__WRITE)
 
#define SEPG_DIR__CREATE   (SEPG_FILE__CREATE)
 
#define SEPG_DIR__GETATTR   (SEPG_FILE__GETATTR)
 
#define SEPG_DIR__UNLINK   (SEPG_FILE__UNLINK)
 
#define SEPG_DIR__RENAME   (SEPG_FILE__RENAME)
 
#define SEPG_DIR__SEARCH   (1<<6)
 
#define SEPG_DIR__ADD_NAME   (1<<7)
 
#define SEPG_DIR__REMOVE_NAME   (1<<8)
 
#define SEPG_DIR__RMDIR   (1<<9)
 
#define SEPG_DIR__REPARENT   (1<<10)
 
#define SEPG_LNK_FILE__READ   (SEPG_FILE__READ)
 
#define SEPG_LNK_FILE__WRITE   (SEPG_FILE__WRITE)
 
#define SEPG_LNK_FILE__CREATE   (SEPG_FILE__CREATE)
 
#define SEPG_LNK_FILE__GETATTR   (SEPG_FILE__GETATTR)
 
#define SEPG_LNK_FILE__UNLINK   (SEPG_FILE__UNLINK)
 
#define SEPG_LNK_FILE__RENAME   (SEPG_FILE__RENAME)
 
#define SEPG_CHR_FILE__READ   (SEPG_FILE__READ)
 
#define SEPG_CHR_FILE__WRITE   (SEPG_FILE__WRITE)
 
#define SEPG_CHR_FILE__CREATE   (SEPG_FILE__CREATE)
 
#define SEPG_CHR_FILE__GETATTR   (SEPG_FILE__GETATTR)
 
#define SEPG_CHR_FILE__UNLINK   (SEPG_FILE__UNLINK)
 
#define SEPG_CHR_FILE__RENAME   (SEPG_FILE__RENAME)
 
#define SEPG_BLK_FILE__READ   (SEPG_FILE__READ)
 
#define SEPG_BLK_FILE__WRITE   (SEPG_FILE__WRITE)
 
#define SEPG_BLK_FILE__CREATE   (SEPG_FILE__CREATE)
 
#define SEPG_BLK_FILE__GETATTR   (SEPG_FILE__GETATTR)
 
#define SEPG_BLK_FILE__UNLINK   (SEPG_FILE__UNLINK)
 
#define SEPG_BLK_FILE__RENAME   (SEPG_FILE__RENAME)
 
#define SEPG_SOCK_FILE__READ   (SEPG_FILE__READ)
 
#define SEPG_SOCK_FILE__WRITE   (SEPG_FILE__WRITE)
 
#define SEPG_SOCK_FILE__CREATE   (SEPG_FILE__CREATE)
 
#define SEPG_SOCK_FILE__GETATTR   (SEPG_FILE__GETATTR)
 
#define SEPG_SOCK_FILE__UNLINK   (SEPG_FILE__UNLINK)
 
#define SEPG_SOCK_FILE__RENAME   (SEPG_FILE__RENAME)
 
#define SEPG_FIFO_FILE__READ   (SEPG_FILE__READ)
 
#define SEPG_FIFO_FILE__WRITE   (SEPG_FILE__WRITE)
 
#define SEPG_FIFO_FILE__CREATE   (SEPG_FILE__CREATE)
 
#define SEPG_FIFO_FILE__GETATTR   (SEPG_FILE__GETATTR)
 
#define SEPG_FIFO_FILE__UNLINK   (SEPG_FILE__UNLINK)
 
#define SEPG_FIFO_FILE__RENAME   (SEPG_FILE__RENAME)
 
#define SEPG_DB_DATABASE__CREATE   (1<<0)
 
#define SEPG_DB_DATABASE__DROP   (1<<1)
 
#define SEPG_DB_DATABASE__GETATTR   (1<<2)
 
#define SEPG_DB_DATABASE__SETATTR   (1<<3)
 
#define SEPG_DB_DATABASE__RELABELFROM   (1<<4)
 
#define SEPG_DB_DATABASE__RELABELTO   (1<<5)
 
#define SEPG_DB_DATABASE__ACCESS   (1<<6)
 
#define SEPG_DB_DATABASE__LOAD_MODULE   (1<<7)
 
#define SEPG_DB_SCHEMA__CREATE   (SEPG_DB_DATABASE__CREATE)
 
#define SEPG_DB_SCHEMA__DROP   (SEPG_DB_DATABASE__DROP)
 
#define SEPG_DB_SCHEMA__GETATTR   (SEPG_DB_DATABASE__GETATTR)
 
#define SEPG_DB_SCHEMA__SETATTR   (SEPG_DB_DATABASE__SETATTR)
 
#define SEPG_DB_SCHEMA__RELABELFROM   (SEPG_DB_DATABASE__RELABELFROM)
 
#define SEPG_DB_SCHEMA__RELABELTO   (SEPG_DB_DATABASE__RELABELTO)
 
#define SEPG_DB_SCHEMA__SEARCH   (1<<6)
 
#define SEPG_DB_SCHEMA__ADD_NAME   (1<<7)
 
#define SEPG_DB_SCHEMA__REMOVE_NAME   (1<<8)
 
#define SEPG_DB_TABLE__CREATE   (SEPG_DB_DATABASE__CREATE)
 
#define SEPG_DB_TABLE__DROP   (SEPG_DB_DATABASE__DROP)
 
#define SEPG_DB_TABLE__GETATTR   (SEPG_DB_DATABASE__GETATTR)
 
#define SEPG_DB_TABLE__SETATTR   (SEPG_DB_DATABASE__SETATTR)
 
#define SEPG_DB_TABLE__RELABELFROM   (SEPG_DB_DATABASE__RELABELFROM)
 
#define SEPG_DB_TABLE__RELABELTO   (SEPG_DB_DATABASE__RELABELTO)
 
#define SEPG_DB_TABLE__SELECT   (1<<6)
 
#define SEPG_DB_TABLE__UPDATE   (1<<7)
 
#define SEPG_DB_TABLE__INSERT   (1<<8)
 
#define SEPG_DB_TABLE__DELETE   (1<<9)
 
#define SEPG_DB_TABLE__LOCK   (1<<10)
 
#define SEPG_DB_TABLE__TRUNCATE   (1<<11)
 
#define SEPG_DB_SEQUENCE__CREATE   (SEPG_DB_DATABASE__CREATE)
 
#define SEPG_DB_SEQUENCE__DROP   (SEPG_DB_DATABASE__DROP)
 
#define SEPG_DB_SEQUENCE__GETATTR   (SEPG_DB_DATABASE__GETATTR)
 
#define SEPG_DB_SEQUENCE__SETATTR   (SEPG_DB_DATABASE__SETATTR)
 
#define SEPG_DB_SEQUENCE__RELABELFROM   (SEPG_DB_DATABASE__RELABELFROM)
 
#define SEPG_DB_SEQUENCE__RELABELTO   (SEPG_DB_DATABASE__RELABELTO)
 
#define SEPG_DB_SEQUENCE__GET_VALUE   (1<<6)
 
#define SEPG_DB_SEQUENCE__NEXT_VALUE   (1<<7)
 
#define SEPG_DB_SEQUENCE__SET_VALUE   (1<<8)
 
#define SEPG_DB_PROCEDURE__CREATE   (SEPG_DB_DATABASE__CREATE)
 
#define SEPG_DB_PROCEDURE__DROP   (SEPG_DB_DATABASE__DROP)
 
#define SEPG_DB_PROCEDURE__GETATTR   (SEPG_DB_DATABASE__GETATTR)
 
#define SEPG_DB_PROCEDURE__SETATTR   (SEPG_DB_DATABASE__SETATTR)
 
#define SEPG_DB_PROCEDURE__RELABELFROM   (SEPG_DB_DATABASE__RELABELFROM)
 
#define SEPG_DB_PROCEDURE__RELABELTO   (SEPG_DB_DATABASE__RELABELTO)
 
#define SEPG_DB_PROCEDURE__EXECUTE   (1<<6)
 
#define SEPG_DB_PROCEDURE__ENTRYPOINT   (1<<7)
 
#define SEPG_DB_PROCEDURE__INSTALL   (1<<8)
 
#define SEPG_DB_COLUMN__CREATE   (SEPG_DB_DATABASE__CREATE)
 
#define SEPG_DB_COLUMN__DROP   (SEPG_DB_DATABASE__DROP)
 
#define SEPG_DB_COLUMN__GETATTR   (SEPG_DB_DATABASE__GETATTR)
 
#define SEPG_DB_COLUMN__SETATTR   (SEPG_DB_DATABASE__SETATTR)
 
#define SEPG_DB_COLUMN__RELABELFROM   (SEPG_DB_DATABASE__RELABELFROM)
 
#define SEPG_DB_COLUMN__RELABELTO   (SEPG_DB_DATABASE__RELABELTO)
 
#define SEPG_DB_COLUMN__SELECT   (1<<6)
 
#define SEPG_DB_COLUMN__UPDATE   (1<<7)
 
#define SEPG_DB_COLUMN__INSERT   (1<<8)
 
#define SEPG_DB_TUPLE__RELABELFROM   (SEPG_DB_DATABASE__RELABELFROM)
 
#define SEPG_DB_TUPLE__RELABELTO   (SEPG_DB_DATABASE__RELABELTO)
 
#define SEPG_DB_TUPLE__SELECT   (SEPG_DB_DATABASE__GETATTR)
 
#define SEPG_DB_TUPLE__UPDATE   (SEPG_DB_DATABASE__SETATTR)
 
#define SEPG_DB_TUPLE__INSERT   (SEPG_DB_DATABASE__CREATE)
 
#define SEPG_DB_TUPLE__DELETE   (SEPG_DB_DATABASE__DROP)
 
#define SEPG_DB_BLOB__CREATE   (SEPG_DB_DATABASE__CREATE)
 
#define SEPG_DB_BLOB__DROP   (SEPG_DB_DATABASE__DROP)
 
#define SEPG_DB_BLOB__GETATTR   (SEPG_DB_DATABASE__GETATTR)
 
#define SEPG_DB_BLOB__SETATTR   (SEPG_DB_DATABASE__SETATTR)
 
#define SEPG_DB_BLOB__RELABELFROM   (SEPG_DB_DATABASE__RELABELFROM)
 
#define SEPG_DB_BLOB__RELABELTO   (SEPG_DB_DATABASE__RELABELTO)
 
#define SEPG_DB_BLOB__READ   (1<<6)
 
#define SEPG_DB_BLOB__WRITE   (1<<7)
 
#define SEPG_DB_BLOB__IMPORT   (1<<8)
 
#define SEPG_DB_BLOB__EXPORT   (1<<9)
 
#define SEPG_DB_LANGUAGE__CREATE   (SEPG_DB_DATABASE__CREATE)
 
#define SEPG_DB_LANGUAGE__DROP   (SEPG_DB_DATABASE__DROP)
 
#define SEPG_DB_LANGUAGE__GETATTR   (SEPG_DB_DATABASE__GETATTR)
 
#define SEPG_DB_LANGUAGE__SETATTR   (SEPG_DB_DATABASE__SETATTR)
 
#define SEPG_DB_LANGUAGE__RELABELFROM   (SEPG_DB_DATABASE__RELABELFROM)
 
#define SEPG_DB_LANGUAGE__RELABELTO   (SEPG_DB_DATABASE__RELABELTO)
 
#define SEPG_DB_LANGUAGE__IMPLEMENT   (1<<6)
 
#define SEPG_DB_LANGUAGE__EXECUTE   (1<<7)
 
#define SEPG_DB_VIEW__CREATE   (SEPG_DB_DATABASE__CREATE)
 
#define SEPG_DB_VIEW__DROP   (SEPG_DB_DATABASE__DROP)
 
#define SEPG_DB_VIEW__GETATTR   (SEPG_DB_DATABASE__GETATTR)
 
#define SEPG_DB_VIEW__SETATTR   (SEPG_DB_DATABASE__SETATTR)
 
#define SEPG_DB_VIEW__RELABELFROM   (SEPG_DB_DATABASE__RELABELFROM)
 
#define SEPG_DB_VIEW__RELABELTO   (SEPG_DB_DATABASE__RELABELTO)
 
#define SEPG_DB_VIEW__EXPAND   (1<<6)
 
#define SEPGSQL_AVC_NOAUDIT   ((void *)(-1))
 

Functions

bool sepgsql_get_permissive (void)
 
bool sepgsql_get_debug_audit (void)
 
bool sepgsql_is_enabled (void)
 
int sepgsql_get_mode (void)
 
int sepgsql_set_mode (int new_mode)
 
bool sepgsql_getenforce (void)
 
void sepgsql_audit_log (bool denied, bool enforcing, const char *scontext, const char *tcontext, uint16 tclass, uint32 audited, const char *audit_name)
 
void sepgsql_compute_avd (const char *scontext, const char *tcontext, uint16 tclass, struct av_decision *avd)
 
char * sepgsql_compute_create (const char *scontext, const char *tcontext, uint16 tclass, const char *objname)
 
bool sepgsql_avc_check_perms_label (const char *tcontext, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
 
bool sepgsql_avc_check_perms (const ObjectAddress *tobject, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
 
char * sepgsql_avc_trusted_proc (Oid functionId)
 
void sepgsql_avc_init (void)
 
char * sepgsql_get_client_label (void)
 
void sepgsql_init_client_label (void)
 
char * sepgsql_get_label (Oid classId, Oid objectId, int32 subId)
 
void sepgsql_object_relabel (const ObjectAddress *object, const char *seclabel)
 
bool sepgsql_dml_privileges (List *rangeTabls, List *rteperminfos, bool abort_on_violation)
 
void sepgsql_database_post_create (Oid databaseId, const char *dtemplate)
 
void sepgsql_database_drop (Oid databaseId)
 
void sepgsql_database_relabel (Oid databaseId, const char *seclabel)
 
void sepgsql_database_setattr (Oid databaseId)
 
void sepgsql_schema_post_create (Oid namespaceId)
 
void sepgsql_schema_drop (Oid namespaceId)
 
void sepgsql_schema_relabel (Oid namespaceId, const char *seclabel)
 
void sepgsql_schema_setattr (Oid namespaceId)
 
bool sepgsql_schema_search (Oid namespaceId, bool abort_on_violation)
 
void sepgsql_schema_add_name (Oid namespaceId)
 
void sepgsql_schema_remove_name (Oid namespaceId)
 
void sepgsql_schema_rename (Oid namespaceId)
 
void sepgsql_attribute_post_create (Oid relOid, AttrNumber attnum)
 
void sepgsql_attribute_drop (Oid relOid, AttrNumber attnum)
 
void sepgsql_attribute_relabel (Oid relOid, AttrNumber attnum, const char *seclabel)
 
void sepgsql_attribute_setattr (Oid relOid, AttrNumber attnum)
 
void sepgsql_relation_post_create (Oid relOid)
 
void sepgsql_relation_drop (Oid relOid)
 
void sepgsql_relation_truncate (Oid relOid)
 
void sepgsql_relation_relabel (Oid relOid, const char *seclabel)
 
void sepgsql_relation_setattr (Oid relOid)
 
void sepgsql_proc_post_create (Oid functionId)
 
void sepgsql_proc_drop (Oid functionId)
 
void sepgsql_proc_relabel (Oid functionId, const char *seclabel)
 
void sepgsql_proc_setattr (Oid functionId)
 
void sepgsql_proc_execute (Oid functionId)
 

Macro Definition Documentation

◆ SEPG_BLK_FILE__CREATE

#define SEPG_BLK_FILE__CREATE   (SEPG_FILE__CREATE)

Definition at line 99 of file sepgsql.h.

◆ SEPG_BLK_FILE__GETATTR

#define SEPG_BLK_FILE__GETATTR   (SEPG_FILE__GETATTR)

Definition at line 100 of file sepgsql.h.

◆ SEPG_BLK_FILE__READ

#define SEPG_BLK_FILE__READ   (SEPG_FILE__READ)

Definition at line 97 of file sepgsql.h.

◆ SEPG_BLK_FILE__RENAME

#define SEPG_BLK_FILE__RENAME   (SEPG_FILE__RENAME)

Definition at line 102 of file sepgsql.h.

◆ SEPG_BLK_FILE__UNLINK

#define SEPG_BLK_FILE__UNLINK   (SEPG_FILE__UNLINK)

Definition at line 101 of file sepgsql.h.

◆ SEPG_BLK_FILE__WRITE

#define SEPG_BLK_FILE__WRITE   (SEPG_FILE__WRITE)

Definition at line 98 of file sepgsql.h.

◆ SEPG_CHR_FILE__CREATE

#define SEPG_CHR_FILE__CREATE   (SEPG_FILE__CREATE)

Definition at line 92 of file sepgsql.h.

◆ SEPG_CHR_FILE__GETATTR

#define SEPG_CHR_FILE__GETATTR   (SEPG_FILE__GETATTR)

Definition at line 93 of file sepgsql.h.

◆ SEPG_CHR_FILE__READ

#define SEPG_CHR_FILE__READ   (SEPG_FILE__READ)

Definition at line 90 of file sepgsql.h.

◆ SEPG_CHR_FILE__RENAME

#define SEPG_CHR_FILE__RENAME   (SEPG_FILE__RENAME)

Definition at line 95 of file sepgsql.h.

◆ SEPG_CHR_FILE__UNLINK

#define SEPG_CHR_FILE__UNLINK   (SEPG_FILE__UNLINK)

Definition at line 94 of file sepgsql.h.

◆ SEPG_CHR_FILE__WRITE

#define SEPG_CHR_FILE__WRITE   (SEPG_FILE__WRITE)

Definition at line 91 of file sepgsql.h.

◆ SEPG_CLASS_BLK_FILE

#define SEPG_CLASS_BLK_FILE   5

Definition at line 41 of file sepgsql.h.

◆ SEPG_CLASS_CHR_FILE

#define SEPG_CLASS_CHR_FILE   4

Definition at line 40 of file sepgsql.h.

◆ SEPG_CLASS_DB_BLOB

#define SEPG_CLASS_DB_BLOB   15

Definition at line 51 of file sepgsql.h.

◆ SEPG_CLASS_DB_COLUMN

#define SEPG_CLASS_DB_COLUMN   13

Definition at line 49 of file sepgsql.h.

◆ SEPG_CLASS_DB_DATABASE

#define SEPG_CLASS_DB_DATABASE   8

Definition at line 44 of file sepgsql.h.

◆ SEPG_CLASS_DB_LANGUAGE

#define SEPG_CLASS_DB_LANGUAGE   16

Definition at line 52 of file sepgsql.h.

◆ SEPG_CLASS_DB_PROCEDURE

#define SEPG_CLASS_DB_PROCEDURE   12

Definition at line 48 of file sepgsql.h.

◆ SEPG_CLASS_DB_SCHEMA

#define SEPG_CLASS_DB_SCHEMA   9

Definition at line 45 of file sepgsql.h.

◆ SEPG_CLASS_DB_SEQUENCE

#define SEPG_CLASS_DB_SEQUENCE   11

Definition at line 47 of file sepgsql.h.

◆ SEPG_CLASS_DB_TABLE

#define SEPG_CLASS_DB_TABLE   10

Definition at line 46 of file sepgsql.h.

◆ SEPG_CLASS_DB_TUPLE

#define SEPG_CLASS_DB_TUPLE   14

Definition at line 50 of file sepgsql.h.

◆ SEPG_CLASS_DB_VIEW

#define SEPG_CLASS_DB_VIEW   17

Definition at line 53 of file sepgsql.h.

◆ SEPG_CLASS_DIR

#define SEPG_CLASS_DIR   2

Definition at line 38 of file sepgsql.h.

◆ SEPG_CLASS_FIFO_FILE

#define SEPG_CLASS_FIFO_FILE   7

Definition at line 43 of file sepgsql.h.

◆ SEPG_CLASS_FILE

#define SEPG_CLASS_FILE   1

Definition at line 37 of file sepgsql.h.

◆ SEPG_CLASS_LNK_FILE

#define SEPG_CLASS_LNK_FILE   3

Definition at line 39 of file sepgsql.h.

◆ SEPG_CLASS_MAX

#define SEPG_CLASS_MAX   18

Definition at line 54 of file sepgsql.h.

◆ SEPG_CLASS_PROCESS

#define SEPG_CLASS_PROCESS   0

Definition at line 36 of file sepgsql.h.

◆ SEPG_CLASS_SOCK_FILE

#define SEPG_CLASS_SOCK_FILE   6

Definition at line 42 of file sepgsql.h.

◆ SEPG_DB_BLOB__CREATE

#define SEPG_DB_BLOB__CREATE   (SEPG_DB_DATABASE__CREATE)

Definition at line 187 of file sepgsql.h.

◆ SEPG_DB_BLOB__DROP

#define SEPG_DB_BLOB__DROP   (SEPG_DB_DATABASE__DROP)

Definition at line 188 of file sepgsql.h.

◆ SEPG_DB_BLOB__EXPORT

#define SEPG_DB_BLOB__EXPORT   (1<<9)

Definition at line 196 of file sepgsql.h.

◆ SEPG_DB_BLOB__GETATTR

#define SEPG_DB_BLOB__GETATTR   (SEPG_DB_DATABASE__GETATTR)

Definition at line 189 of file sepgsql.h.

◆ SEPG_DB_BLOB__IMPORT

#define SEPG_DB_BLOB__IMPORT   (1<<8)

Definition at line 195 of file sepgsql.h.

◆ SEPG_DB_BLOB__READ

#define SEPG_DB_BLOB__READ   (1<<6)

Definition at line 193 of file sepgsql.h.

◆ SEPG_DB_BLOB__RELABELFROM

#define SEPG_DB_BLOB__RELABELFROM   (SEPG_DB_DATABASE__RELABELFROM)

Definition at line 191 of file sepgsql.h.

◆ SEPG_DB_BLOB__RELABELTO

#define SEPG_DB_BLOB__RELABELTO   (SEPG_DB_DATABASE__RELABELTO)

Definition at line 192 of file sepgsql.h.

◆ SEPG_DB_BLOB__SETATTR

#define SEPG_DB_BLOB__SETATTR   (SEPG_DB_DATABASE__SETATTR)

Definition at line 190 of file sepgsql.h.

◆ SEPG_DB_BLOB__WRITE

#define SEPG_DB_BLOB__WRITE   (1<<7)

Definition at line 194 of file sepgsql.h.

◆ SEPG_DB_COLUMN__CREATE

#define SEPG_DB_COLUMN__CREATE   (SEPG_DB_DATABASE__CREATE)

Definition at line 170 of file sepgsql.h.

◆ SEPG_DB_COLUMN__DROP

#define SEPG_DB_COLUMN__DROP   (SEPG_DB_DATABASE__DROP)

Definition at line 171 of file sepgsql.h.

◆ SEPG_DB_COLUMN__GETATTR

#define SEPG_DB_COLUMN__GETATTR   (SEPG_DB_DATABASE__GETATTR)

Definition at line 172 of file sepgsql.h.

◆ SEPG_DB_COLUMN__INSERT

#define SEPG_DB_COLUMN__INSERT   (1<<8)

Definition at line 178 of file sepgsql.h.

◆ SEPG_DB_COLUMN__RELABELFROM

#define SEPG_DB_COLUMN__RELABELFROM   (SEPG_DB_DATABASE__RELABELFROM)

Definition at line 174 of file sepgsql.h.

◆ SEPG_DB_COLUMN__RELABELTO

#define SEPG_DB_COLUMN__RELABELTO   (SEPG_DB_DATABASE__RELABELTO)

Definition at line 175 of file sepgsql.h.

◆ SEPG_DB_COLUMN__SELECT

#define SEPG_DB_COLUMN__SELECT   (1<<6)

Definition at line 176 of file sepgsql.h.

◆ SEPG_DB_COLUMN__SETATTR

#define SEPG_DB_COLUMN__SETATTR   (SEPG_DB_DATABASE__SETATTR)

Definition at line 173 of file sepgsql.h.

◆ SEPG_DB_COLUMN__UPDATE

#define SEPG_DB_COLUMN__UPDATE   (1<<7)

Definition at line 177 of file sepgsql.h.

◆ SEPG_DB_DATABASE__ACCESS

#define SEPG_DB_DATABASE__ACCESS   (1<<6)

Definition at line 124 of file sepgsql.h.

◆ SEPG_DB_DATABASE__CREATE

#define SEPG_DB_DATABASE__CREATE   (1<<0)

Definition at line 118 of file sepgsql.h.

◆ SEPG_DB_DATABASE__DROP

#define SEPG_DB_DATABASE__DROP   (1<<1)

Definition at line 119 of file sepgsql.h.

◆ SEPG_DB_DATABASE__GETATTR

#define SEPG_DB_DATABASE__GETATTR   (1<<2)

Definition at line 120 of file sepgsql.h.

◆ SEPG_DB_DATABASE__LOAD_MODULE

#define SEPG_DB_DATABASE__LOAD_MODULE   (1<<7)

Definition at line 125 of file sepgsql.h.

◆ SEPG_DB_DATABASE__RELABELFROM

#define SEPG_DB_DATABASE__RELABELFROM   (1<<4)

Definition at line 122 of file sepgsql.h.

◆ SEPG_DB_DATABASE__RELABELTO

#define SEPG_DB_DATABASE__RELABELTO   (1<<5)

Definition at line 123 of file sepgsql.h.

◆ SEPG_DB_DATABASE__SETATTR

#define SEPG_DB_DATABASE__SETATTR   (1<<3)

Definition at line 121 of file sepgsql.h.

◆ SEPG_DB_LANGUAGE__CREATE

#define SEPG_DB_LANGUAGE__CREATE   (SEPG_DB_DATABASE__CREATE)

Definition at line 198 of file sepgsql.h.

◆ SEPG_DB_LANGUAGE__DROP

#define SEPG_DB_LANGUAGE__DROP   (SEPG_DB_DATABASE__DROP)

Definition at line 199 of file sepgsql.h.

◆ SEPG_DB_LANGUAGE__EXECUTE

#define SEPG_DB_LANGUAGE__EXECUTE   (1<<7)

Definition at line 205 of file sepgsql.h.

◆ SEPG_DB_LANGUAGE__GETATTR

#define SEPG_DB_LANGUAGE__GETATTR   (SEPG_DB_DATABASE__GETATTR)

Definition at line 200 of file sepgsql.h.

◆ SEPG_DB_LANGUAGE__IMPLEMENT

#define SEPG_DB_LANGUAGE__IMPLEMENT   (1<<6)

Definition at line 204 of file sepgsql.h.

◆ SEPG_DB_LANGUAGE__RELABELFROM

#define SEPG_DB_LANGUAGE__RELABELFROM   (SEPG_DB_DATABASE__RELABELFROM)

Definition at line 202 of file sepgsql.h.

◆ SEPG_DB_LANGUAGE__RELABELTO

#define SEPG_DB_LANGUAGE__RELABELTO   (SEPG_DB_DATABASE__RELABELTO)

Definition at line 203 of file sepgsql.h.

◆ SEPG_DB_LANGUAGE__SETATTR

#define SEPG_DB_LANGUAGE__SETATTR   (SEPG_DB_DATABASE__SETATTR)

Definition at line 201 of file sepgsql.h.

◆ SEPG_DB_PROCEDURE__CREATE

#define SEPG_DB_PROCEDURE__CREATE   (SEPG_DB_DATABASE__CREATE)

Definition at line 160 of file sepgsql.h.

◆ SEPG_DB_PROCEDURE__DROP

#define SEPG_DB_PROCEDURE__DROP   (SEPG_DB_DATABASE__DROP)

Definition at line 161 of file sepgsql.h.

◆ SEPG_DB_PROCEDURE__ENTRYPOINT

#define SEPG_DB_PROCEDURE__ENTRYPOINT   (1<<7)

Definition at line 167 of file sepgsql.h.

◆ SEPG_DB_PROCEDURE__EXECUTE

#define SEPG_DB_PROCEDURE__EXECUTE   (1<<6)

Definition at line 166 of file sepgsql.h.

◆ SEPG_DB_PROCEDURE__GETATTR

#define SEPG_DB_PROCEDURE__GETATTR   (SEPG_DB_DATABASE__GETATTR)

Definition at line 162 of file sepgsql.h.

◆ SEPG_DB_PROCEDURE__INSTALL

#define SEPG_DB_PROCEDURE__INSTALL   (1<<8)

Definition at line 168 of file sepgsql.h.

◆ SEPG_DB_PROCEDURE__RELABELFROM

#define SEPG_DB_PROCEDURE__RELABELFROM   (SEPG_DB_DATABASE__RELABELFROM)

Definition at line 164 of file sepgsql.h.

◆ SEPG_DB_PROCEDURE__RELABELTO

#define SEPG_DB_PROCEDURE__RELABELTO   (SEPG_DB_DATABASE__RELABELTO)

Definition at line 165 of file sepgsql.h.

◆ SEPG_DB_PROCEDURE__SETATTR

#define SEPG_DB_PROCEDURE__SETATTR   (SEPG_DB_DATABASE__SETATTR)

Definition at line 163 of file sepgsql.h.

◆ SEPG_DB_SCHEMA__ADD_NAME

#define SEPG_DB_SCHEMA__ADD_NAME   (1<<7)

Definition at line 134 of file sepgsql.h.

◆ SEPG_DB_SCHEMA__CREATE

#define SEPG_DB_SCHEMA__CREATE   (SEPG_DB_DATABASE__CREATE)

Definition at line 127 of file sepgsql.h.

◆ SEPG_DB_SCHEMA__DROP

#define SEPG_DB_SCHEMA__DROP   (SEPG_DB_DATABASE__DROP)

Definition at line 128 of file sepgsql.h.

◆ SEPG_DB_SCHEMA__GETATTR

#define SEPG_DB_SCHEMA__GETATTR   (SEPG_DB_DATABASE__GETATTR)

Definition at line 129 of file sepgsql.h.

◆ SEPG_DB_SCHEMA__RELABELFROM

#define SEPG_DB_SCHEMA__RELABELFROM   (SEPG_DB_DATABASE__RELABELFROM)

Definition at line 131 of file sepgsql.h.

◆ SEPG_DB_SCHEMA__RELABELTO

#define SEPG_DB_SCHEMA__RELABELTO   (SEPG_DB_DATABASE__RELABELTO)

Definition at line 132 of file sepgsql.h.

◆ SEPG_DB_SCHEMA__REMOVE_NAME

#define SEPG_DB_SCHEMA__REMOVE_NAME   (1<<8)

Definition at line 135 of file sepgsql.h.

◆ SEPG_DB_SCHEMA__SEARCH

#define SEPG_DB_SCHEMA__SEARCH   (1<<6)

Definition at line 133 of file sepgsql.h.

◆ SEPG_DB_SCHEMA__SETATTR

#define SEPG_DB_SCHEMA__SETATTR   (SEPG_DB_DATABASE__SETATTR)

Definition at line 130 of file sepgsql.h.

◆ SEPG_DB_SEQUENCE__CREATE

#define SEPG_DB_SEQUENCE__CREATE   (SEPG_DB_DATABASE__CREATE)

Definition at line 150 of file sepgsql.h.

◆ SEPG_DB_SEQUENCE__DROP

#define SEPG_DB_SEQUENCE__DROP   (SEPG_DB_DATABASE__DROP)

Definition at line 151 of file sepgsql.h.

◆ SEPG_DB_SEQUENCE__GET_VALUE

#define SEPG_DB_SEQUENCE__GET_VALUE   (1<<6)

Definition at line 156 of file sepgsql.h.

◆ SEPG_DB_SEQUENCE__GETATTR

#define SEPG_DB_SEQUENCE__GETATTR   (SEPG_DB_DATABASE__GETATTR)

Definition at line 152 of file sepgsql.h.

◆ SEPG_DB_SEQUENCE__NEXT_VALUE

#define SEPG_DB_SEQUENCE__NEXT_VALUE   (1<<7)

Definition at line 157 of file sepgsql.h.

◆ SEPG_DB_SEQUENCE__RELABELFROM

#define SEPG_DB_SEQUENCE__RELABELFROM   (SEPG_DB_DATABASE__RELABELFROM)

Definition at line 154 of file sepgsql.h.

◆ SEPG_DB_SEQUENCE__RELABELTO

#define SEPG_DB_SEQUENCE__RELABELTO   (SEPG_DB_DATABASE__RELABELTO)

Definition at line 155 of file sepgsql.h.

◆ SEPG_DB_SEQUENCE__SET_VALUE

#define SEPG_DB_SEQUENCE__SET_VALUE   (1<<8)

Definition at line 158 of file sepgsql.h.

◆ SEPG_DB_SEQUENCE__SETATTR

#define SEPG_DB_SEQUENCE__SETATTR   (SEPG_DB_DATABASE__SETATTR)

Definition at line 153 of file sepgsql.h.

◆ SEPG_DB_TABLE__CREATE

#define SEPG_DB_TABLE__CREATE   (SEPG_DB_DATABASE__CREATE)

Definition at line 137 of file sepgsql.h.

◆ SEPG_DB_TABLE__DELETE

#define SEPG_DB_TABLE__DELETE   (1<<9)

Definition at line 146 of file sepgsql.h.

◆ SEPG_DB_TABLE__DROP

#define SEPG_DB_TABLE__DROP   (SEPG_DB_DATABASE__DROP)

Definition at line 138 of file sepgsql.h.

◆ SEPG_DB_TABLE__GETATTR

#define SEPG_DB_TABLE__GETATTR   (SEPG_DB_DATABASE__GETATTR)

Definition at line 139 of file sepgsql.h.

◆ SEPG_DB_TABLE__INSERT

#define SEPG_DB_TABLE__INSERT   (1<<8)

Definition at line 145 of file sepgsql.h.

◆ SEPG_DB_TABLE__LOCK

#define SEPG_DB_TABLE__LOCK   (1<<10)

Definition at line 147 of file sepgsql.h.

◆ SEPG_DB_TABLE__RELABELFROM

#define SEPG_DB_TABLE__RELABELFROM   (SEPG_DB_DATABASE__RELABELFROM)

Definition at line 141 of file sepgsql.h.

◆ SEPG_DB_TABLE__RELABELTO

#define SEPG_DB_TABLE__RELABELTO   (SEPG_DB_DATABASE__RELABELTO)

Definition at line 142 of file sepgsql.h.

◆ SEPG_DB_TABLE__SELECT

#define SEPG_DB_TABLE__SELECT   (1<<6)

Definition at line 143 of file sepgsql.h.

◆ SEPG_DB_TABLE__SETATTR

#define SEPG_DB_TABLE__SETATTR   (SEPG_DB_DATABASE__SETATTR)

Definition at line 140 of file sepgsql.h.

◆ SEPG_DB_TABLE__TRUNCATE

#define SEPG_DB_TABLE__TRUNCATE   (1<<11)

Definition at line 148 of file sepgsql.h.

◆ SEPG_DB_TABLE__UPDATE

#define SEPG_DB_TABLE__UPDATE   (1<<7)

Definition at line 144 of file sepgsql.h.

◆ SEPG_DB_TUPLE__DELETE

#define SEPG_DB_TUPLE__DELETE   (SEPG_DB_DATABASE__DROP)

Definition at line 185 of file sepgsql.h.

◆ SEPG_DB_TUPLE__INSERT

#define SEPG_DB_TUPLE__INSERT   (SEPG_DB_DATABASE__CREATE)

Definition at line 184 of file sepgsql.h.

◆ SEPG_DB_TUPLE__RELABELFROM

#define SEPG_DB_TUPLE__RELABELFROM   (SEPG_DB_DATABASE__RELABELFROM)

Definition at line 180 of file sepgsql.h.

◆ SEPG_DB_TUPLE__RELABELTO

#define SEPG_DB_TUPLE__RELABELTO   (SEPG_DB_DATABASE__RELABELTO)

Definition at line 181 of file sepgsql.h.

◆ SEPG_DB_TUPLE__SELECT

#define SEPG_DB_TUPLE__SELECT   (SEPG_DB_DATABASE__GETATTR)

Definition at line 182 of file sepgsql.h.

◆ SEPG_DB_TUPLE__UPDATE

#define SEPG_DB_TUPLE__UPDATE   (SEPG_DB_DATABASE__SETATTR)

Definition at line 183 of file sepgsql.h.

◆ SEPG_DB_VIEW__CREATE

#define SEPG_DB_VIEW__CREATE   (SEPG_DB_DATABASE__CREATE)

Definition at line 207 of file sepgsql.h.

◆ SEPG_DB_VIEW__DROP

#define SEPG_DB_VIEW__DROP   (SEPG_DB_DATABASE__DROP)

Definition at line 208 of file sepgsql.h.

◆ SEPG_DB_VIEW__EXPAND

#define SEPG_DB_VIEW__EXPAND   (1<<6)

Definition at line 213 of file sepgsql.h.

◆ SEPG_DB_VIEW__GETATTR

#define SEPG_DB_VIEW__GETATTR   (SEPG_DB_DATABASE__GETATTR)

Definition at line 209 of file sepgsql.h.

◆ SEPG_DB_VIEW__RELABELFROM

#define SEPG_DB_VIEW__RELABELFROM   (SEPG_DB_DATABASE__RELABELFROM)

Definition at line 211 of file sepgsql.h.

◆ SEPG_DB_VIEW__RELABELTO

#define SEPG_DB_VIEW__RELABELTO   (SEPG_DB_DATABASE__RELABELTO)

Definition at line 212 of file sepgsql.h.

◆ SEPG_DB_VIEW__SETATTR

#define SEPG_DB_VIEW__SETATTR   (SEPG_DB_DATABASE__SETATTR)

Definition at line 210 of file sepgsql.h.

◆ SEPG_DIR__ADD_NAME

#define SEPG_DIR__ADD_NAME   (1<<7)

Definition at line 78 of file sepgsql.h.

◆ SEPG_DIR__CREATE

#define SEPG_DIR__CREATE   (SEPG_FILE__CREATE)

Definition at line 73 of file sepgsql.h.

◆ SEPG_DIR__GETATTR

#define SEPG_DIR__GETATTR   (SEPG_FILE__GETATTR)

Definition at line 74 of file sepgsql.h.

◆ SEPG_DIR__READ

#define SEPG_DIR__READ   (SEPG_FILE__READ)

Definition at line 71 of file sepgsql.h.

◆ SEPG_DIR__REMOVE_NAME

#define SEPG_DIR__REMOVE_NAME   (1<<8)

Definition at line 79 of file sepgsql.h.

◆ SEPG_DIR__RENAME

#define SEPG_DIR__RENAME   (SEPG_FILE__RENAME)

Definition at line 76 of file sepgsql.h.

◆ SEPG_DIR__REPARENT

#define SEPG_DIR__REPARENT   (1<<10)

Definition at line 81 of file sepgsql.h.

◆ SEPG_DIR__RMDIR

#define SEPG_DIR__RMDIR   (1<<9)

Definition at line 80 of file sepgsql.h.

◆ SEPG_DIR__SEARCH

#define SEPG_DIR__SEARCH   (1<<6)

Definition at line 77 of file sepgsql.h.

◆ SEPG_DIR__UNLINK

#define SEPG_DIR__UNLINK   (SEPG_FILE__UNLINK)

Definition at line 75 of file sepgsql.h.

◆ SEPG_DIR__WRITE

#define SEPG_DIR__WRITE   (SEPG_FILE__WRITE)

Definition at line 72 of file sepgsql.h.

◆ SEPG_FIFO_FILE__CREATE

#define SEPG_FIFO_FILE__CREATE   (SEPG_FILE__CREATE)

Definition at line 113 of file sepgsql.h.

◆ SEPG_FIFO_FILE__GETATTR

#define SEPG_FIFO_FILE__GETATTR   (SEPG_FILE__GETATTR)

Definition at line 114 of file sepgsql.h.

◆ SEPG_FIFO_FILE__READ

#define SEPG_FIFO_FILE__READ   (SEPG_FILE__READ)

Definition at line 111 of file sepgsql.h.

◆ SEPG_FIFO_FILE__RENAME

#define SEPG_FIFO_FILE__RENAME   (SEPG_FILE__RENAME)

Definition at line 116 of file sepgsql.h.

◆ SEPG_FIFO_FILE__UNLINK

#define SEPG_FIFO_FILE__UNLINK   (SEPG_FILE__UNLINK)

Definition at line 115 of file sepgsql.h.

◆ SEPG_FIFO_FILE__WRITE

#define SEPG_FIFO_FILE__WRITE   (SEPG_FILE__WRITE)

Definition at line 112 of file sepgsql.h.

◆ SEPG_FILE__APPEND

#define SEPG_FILE__APPEND   (1<<6)

Definition at line 69 of file sepgsql.h.

◆ SEPG_FILE__CREATE

#define SEPG_FILE__CREATE   (1<<2)

Definition at line 65 of file sepgsql.h.

◆ SEPG_FILE__GETATTR

#define SEPG_FILE__GETATTR   (1<<3)

Definition at line 66 of file sepgsql.h.

◆ SEPG_FILE__READ

#define SEPG_FILE__READ   (1<<0)

Definition at line 63 of file sepgsql.h.

◆ SEPG_FILE__RENAME

#define SEPG_FILE__RENAME   (1<<5)

Definition at line 68 of file sepgsql.h.

◆ SEPG_FILE__UNLINK

#define SEPG_FILE__UNLINK   (1<<4)

Definition at line 67 of file sepgsql.h.

◆ SEPG_FILE__WRITE

#define SEPG_FILE__WRITE   (1<<1)

Definition at line 64 of file sepgsql.h.

◆ SEPG_LNK_FILE__CREATE

#define SEPG_LNK_FILE__CREATE   (SEPG_FILE__CREATE)

Definition at line 85 of file sepgsql.h.

◆ SEPG_LNK_FILE__GETATTR

#define SEPG_LNK_FILE__GETATTR   (SEPG_FILE__GETATTR)

Definition at line 86 of file sepgsql.h.

◆ SEPG_LNK_FILE__READ

#define SEPG_LNK_FILE__READ   (SEPG_FILE__READ)

Definition at line 83 of file sepgsql.h.

◆ SEPG_LNK_FILE__RENAME

#define SEPG_LNK_FILE__RENAME   (SEPG_FILE__RENAME)

Definition at line 88 of file sepgsql.h.

◆ SEPG_LNK_FILE__UNLINK

#define SEPG_LNK_FILE__UNLINK   (SEPG_FILE__UNLINK)

Definition at line 87 of file sepgsql.h.

◆ SEPG_LNK_FILE__WRITE

#define SEPG_LNK_FILE__WRITE   (SEPG_FILE__WRITE)

Definition at line 84 of file sepgsql.h.

◆ SEPG_PROCESS__DYNTRANSITION

#define SEPG_PROCESS__DYNTRANSITION   (1<<1)

Definition at line 60 of file sepgsql.h.

◆ SEPG_PROCESS__SETCURRENT

#define SEPG_PROCESS__SETCURRENT   (1<<2)

Definition at line 61 of file sepgsql.h.

◆ SEPG_PROCESS__TRANSITION

#define SEPG_PROCESS__TRANSITION   (1<<0)

Definition at line 59 of file sepgsql.h.

◆ SEPG_SOCK_FILE__CREATE

#define SEPG_SOCK_FILE__CREATE   (SEPG_FILE__CREATE)

Definition at line 106 of file sepgsql.h.

◆ SEPG_SOCK_FILE__GETATTR

#define SEPG_SOCK_FILE__GETATTR   (SEPG_FILE__GETATTR)

Definition at line 107 of file sepgsql.h.

◆ SEPG_SOCK_FILE__READ

#define SEPG_SOCK_FILE__READ   (SEPG_FILE__READ)

Definition at line 104 of file sepgsql.h.

◆ SEPG_SOCK_FILE__RENAME

#define SEPG_SOCK_FILE__RENAME   (SEPG_FILE__RENAME)

Definition at line 109 of file sepgsql.h.

◆ SEPG_SOCK_FILE__UNLINK

#define SEPG_SOCK_FILE__UNLINK   (SEPG_FILE__UNLINK)

Definition at line 108 of file sepgsql.h.

◆ SEPG_SOCK_FILE__WRITE

#define SEPG_SOCK_FILE__WRITE   (SEPG_FILE__WRITE)

Definition at line 105 of file sepgsql.h.

◆ SEPGSQL_AVC_NOAUDIT

#define SEPGSQL_AVC_NOAUDIT   ((void *)(-1))

Definition at line 250 of file sepgsql.h.

◆ SEPGSQL_LABEL_TAG

#define SEPGSQL_LABEL_TAG   "selinux"

Definition at line 23 of file sepgsql.h.

◆ SEPGSQL_MODE_DEFAULT

#define SEPGSQL_MODE_DEFAULT   1

Definition at line 28 of file sepgsql.h.

◆ SEPGSQL_MODE_DISABLED

#define SEPGSQL_MODE_DISABLED   4

Definition at line 31 of file sepgsql.h.

◆ SEPGSQL_MODE_INTERNAL

#define SEPGSQL_MODE_INTERNAL   3

Definition at line 30 of file sepgsql.h.

◆ SEPGSQL_MODE_PERMISSIVE

#define SEPGSQL_MODE_PERMISSIVE   2

Definition at line 29 of file sepgsql.h.

Function Documentation

◆ sepgsql_attribute_drop()

void sepgsql_attribute_drop ( Oid  relOid,
AttrNumber  attnum 
)

Definition at line 133 of file relation.c.

134 {
135  ObjectAddress object;
136  char *audit_name;
137  char relkind = get_rel_relkind(relOid);
138 
139  if (relkind != RELKIND_RELATION && relkind != RELKIND_PARTITIONED_TABLE)
140  return;
141 
142  /*
143  * check db_column:{drop} permission
144  */
145  object.classId = RelationRelationId;
146  object.objectId = relOid;
147  object.objectSubId = attnum;
148  audit_name = getObjectIdentity(&object, false);
149 
150  sepgsql_avc_check_perms(&object,
153  audit_name,
154  true);
155  pfree(audit_name);
156 }
char get_rel_relkind(Oid relid)
Definition: lsyscache.c:2003
void pfree(void *pointer)
Definition: mcxt.c:1521
char * getObjectIdentity(const ObjectAddress *object, bool missing_ok)
int16 attnum
Definition: pg_attribute.h:74
#define SEPG_DB_COLUMN__DROP
Definition: sepgsql.h:171
#define SEPG_CLASS_DB_COLUMN
Definition: sepgsql.h:49
bool sepgsql_avc_check_perms(const ObjectAddress *tobject, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:420

References attnum, get_rel_relkind(), getObjectIdentity(), pfree(), SEPG_CLASS_DB_COLUMN, SEPG_DB_COLUMN__DROP, and sepgsql_avc_check_perms().

Referenced by sepgsql_object_access().

◆ sepgsql_attribute_post_create()

void sepgsql_attribute_post_create ( Oid  relOid,
AttrNumber  attnum 
)

Definition at line 43 of file relation.c.

44 {
45  Relation rel;
46  ScanKeyData skey[2];
47  SysScanDesc sscan;
48  HeapTuple tuple;
49  char *scontext;
50  char *tcontext;
51  char *ncontext;
52  ObjectAddress object;
53  Form_pg_attribute attForm;
54  StringInfoData audit_name;
55  char relkind = get_rel_relkind(relOid);
56 
57  /*
58  * Only attributes within regular relations or partition relations have
59  * individual security labels.
60  */
61  if (relkind != RELKIND_RELATION && relkind != RELKIND_PARTITIONED_TABLE)
62  return;
63 
64  /*
65  * Compute a default security label of the new column underlying the
66  * specified relation, and check permission to create it.
67  */
68  rel = table_open(AttributeRelationId, AccessShareLock);
69 
70  ScanKeyInit(&skey[0],
71  Anum_pg_attribute_attrelid,
72  BTEqualStrategyNumber, F_OIDEQ,
73  ObjectIdGetDatum(relOid));
74  ScanKeyInit(&skey[1],
75  Anum_pg_attribute_attnum,
76  BTEqualStrategyNumber, F_INT2EQ,
78 
79  sscan = systable_beginscan(rel, AttributeRelidNumIndexId, true,
80  SnapshotSelf, 2, &skey[0]);
81 
82  tuple = systable_getnext(sscan);
83  if (!HeapTupleIsValid(tuple))
84  elog(ERROR, "could not find tuple for column %d of relation %u",
85  attnum, relOid);
86 
87  attForm = (Form_pg_attribute) GETSTRUCT(tuple);
88 
89  scontext = sepgsql_get_client_label();
90  tcontext = sepgsql_get_label(RelationRelationId, relOid, 0);
91  ncontext = sepgsql_compute_create(scontext, tcontext,
93  NameStr(attForm->attname));
94 
95  /*
96  * check db_column:{create} permission
97  */
98  object.classId = RelationRelationId;
99  object.objectId = relOid;
100  object.objectSubId = 0;
101 
102  initStringInfo(&audit_name);
103  appendStringInfo(&audit_name, "%s.%s",
104  getObjectIdentity(&object, false),
105  quote_identifier(NameStr(attForm->attname)));
109  audit_name.data,
110  true);
111 
112  /*
113  * Assign the default security label on a new procedure
114  */
115  object.classId = RelationRelationId;
116  object.objectId = relOid;
117  object.objectSubId = attnum;
118  SetSecurityLabel(&object, SEPGSQL_LABEL_TAG, ncontext);
119 
120  systable_endscan(sscan);
122 
123  pfree(tcontext);
124  pfree(ncontext);
125 }
#define NameStr(name)
Definition: c.h:725
#define ERROR
Definition: elog.h:39
#define elog(elevel,...)
Definition: elog.h:225
void systable_endscan(SysScanDesc sysscan)
Definition: genam.c:604
HeapTuple systable_getnext(SysScanDesc sysscan)
Definition: genam.c:511
SysScanDesc systable_beginscan(Relation heapRelation, Oid indexId, bool indexOK, Snapshot snapshot, int nkeys, ScanKey key)
Definition: genam.c:387
#define HeapTupleIsValid(tuple)
Definition: htup.h:78
#define GETSTRUCT(TUP)
Definition: htup_details.h:653
char * sepgsql_get_label(Oid classId, Oid objectId, int32 subId)
Definition: label.c:445
char * sepgsql_get_client_label(void)
Definition: label.c:80
#define AccessShareLock
Definition: lockdefs.h:36
FormData_pg_attribute * Form_pg_attribute
Definition: pg_attribute.h:209
static Datum Int16GetDatum(int16 X)
Definition: postgres.h:172
static Datum ObjectIdGetDatum(Oid X)
Definition: postgres.h:252
const char * quote_identifier(const char *ident)
Definition: ruleutils.c:12868
void ScanKeyInit(ScanKey entry, AttrNumber attributeNumber, StrategyNumber strategy, RegProcedure procedure, Datum argument)
Definition: scankey.c:76
void SetSecurityLabel(const ObjectAddress *object, const char *provider, const char *label)
Definition: seclabel.c:404
char * sepgsql_compute_create(const char *scontext, const char *tcontext, uint16 tclass, const char *objname)
Definition: selinux.c:842
#define SEPG_DB_COLUMN__CREATE
Definition: sepgsql.h:170
bool sepgsql_avc_check_perms_label(const char *tcontext, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:337
#define SEPGSQL_LABEL_TAG
Definition: sepgsql.h:23
#define SnapshotSelf
Definition: snapmgr.h:32
#define BTEqualStrategyNumber
Definition: stratnum.h:31
void appendStringInfo(StringInfo str, const char *fmt,...)
Definition: stringinfo.c:94
void initStringInfo(StringInfo str)
Definition: stringinfo.c:56
void table_close(Relation relation, LOCKMODE lockmode)
Definition: table.c:126
Relation table_open(Oid relationId, LOCKMODE lockmode)
Definition: table.c:40

References AccessShareLock, appendStringInfo(), attnum, BTEqualStrategyNumber, StringInfoData::data, elog, ERROR, get_rel_relkind(), getObjectIdentity(), GETSTRUCT, HeapTupleIsValid, initStringInfo(), Int16GetDatum(), NameStr, ObjectIdGetDatum(), pfree(), quote_identifier(), ScanKeyInit(), SEPG_CLASS_DB_COLUMN, SEPG_DB_COLUMN__CREATE, sepgsql_avc_check_perms_label(), sepgsql_compute_create(), sepgsql_get_client_label(), sepgsql_get_label(), SEPGSQL_LABEL_TAG, SetSecurityLabel(), SnapshotSelf, systable_beginscan(), systable_endscan(), systable_getnext(), table_close(), and table_open().

Referenced by sepgsql_object_access().

◆ sepgsql_attribute_relabel()

void sepgsql_attribute_relabel ( Oid  relOid,
AttrNumber  attnum,
const char *  seclabel 
)

Definition at line 165 of file relation.c.

167 {
168  ObjectAddress object;
169  char *audit_name;
170  char relkind = get_rel_relkind(relOid);
171 
172  if (relkind != RELKIND_RELATION && relkind != RELKIND_PARTITIONED_TABLE)
173  ereport(ERROR,
174  (errcode(ERRCODE_WRONG_OBJECT_TYPE),
175  errmsg("cannot set security label on non-regular columns")));
176 
177  object.classId = RelationRelationId;
178  object.objectId = relOid;
179  object.objectSubId = attnum;
180  audit_name = getObjectIdentity(&object, false);
181 
182  /*
183  * check db_column:{setattr relabelfrom} permission
184  */
185  sepgsql_avc_check_perms(&object,
189  audit_name,
190  true);
191 
192  /*
193  * check db_column:{relabelto} permission
194  */
198  audit_name,
199  true);
200  pfree(audit_name);
201 }
int errcode(int sqlerrcode)
Definition: elog.c:853
int errmsg(const char *fmt,...)
Definition: elog.c:1070
#define ereport(elevel,...)
Definition: elog.h:149
#define SEPG_DB_COLUMN__SETATTR
Definition: sepgsql.h:173
#define SEPG_DB_COLUMN__RELABELFROM
Definition: sepgsql.h:174
#define SEPG_DB_PROCEDURE__RELABELTO
Definition: sepgsql.h:165

References attnum, ereport, errcode(), errmsg(), ERROR, get_rel_relkind(), getObjectIdentity(), pfree(), SEPG_CLASS_DB_COLUMN, SEPG_DB_COLUMN__RELABELFROM, SEPG_DB_COLUMN__SETATTR, SEPG_DB_PROCEDURE__RELABELTO, sepgsql_avc_check_perms(), and sepgsql_avc_check_perms_label().

Referenced by sepgsql_object_relabel().

◆ sepgsql_attribute_setattr()

void sepgsql_attribute_setattr ( Oid  relOid,
AttrNumber  attnum 
)

Definition at line 209 of file relation.c.

210 {
211  ObjectAddress object;
212  char *audit_name;
213  char relkind = get_rel_relkind(relOid);
214 
215  if (relkind != RELKIND_RELATION && relkind != RELKIND_PARTITIONED_TABLE)
216  return;
217 
218  /*
219  * check db_column:{setattr} permission
220  */
221  object.classId = RelationRelationId;
222  object.objectId = relOid;
223  object.objectSubId = attnum;
224  audit_name = getObjectIdentity(&object, false);
225 
226  sepgsql_avc_check_perms(&object,
229  audit_name,
230  true);
231  pfree(audit_name);
232 }

References attnum, get_rel_relkind(), getObjectIdentity(), pfree(), SEPG_CLASS_DB_COLUMN, SEPG_DB_COLUMN__SETATTR, and sepgsql_avc_check_perms().

Referenced by sepgsql_object_access().

◆ sepgsql_audit_log()

void sepgsql_audit_log ( bool  denied,
bool  enforcing,
const char *  scontext,
const char *  tcontext,
uint16  tclass,
uint32  audited,
const char *  audit_name 
)

Definition at line 678 of file selinux.c.

685 {
687  const char *class_name;
688  const char *av_name;
689  int i;
690 
691  /* lookup name of the object class */
692  Assert(tclass < SEPG_CLASS_MAX);
693  class_name = selinux_catalog[tclass].class_name;
694 
695  /* lookup name of the permissions */
697  appendStringInfo(&buf, "%s {",
698  (denied ? "denied" : "allowed"));
699  for (i = 0; selinux_catalog[tclass].av[i].av_name; i++)
700  {
701  if (audited & (1UL << i))
702  {
703  av_name = selinux_catalog[tclass].av[i].av_name;
704  appendStringInfo(&buf, " %s", av_name);
705  }
706  }
707  appendStringInfoString(&buf, " }");
708 
709  /*
710  * Call external audit module, if loaded
711  */
712  appendStringInfo(&buf, " scontext=%s tcontext=%s tclass=%s",
713  scontext, tcontext, class_name);
714  if (audit_name)
715  appendStringInfo(&buf, " name=\"%s\"", audit_name);
716 
717  if (enforcing)
718  appendStringInfoString(&buf, " permissive=0");
719  else
720  appendStringInfoString(&buf, " permissive=1");
721 
722  ereport(LOG, (errmsg("SELinux: %s", buf.data)));
723 }
#define Assert(condition)
Definition: c.h:837
#define LOG
Definition: elog.h:31
int i
Definition: isn.c:72
static char * buf
Definition: pg_test_fsync.c:72
const char * av_name
Definition: selinux.c:36
const char * class_name
Definition: selinux.c:32
static struct @10 selinux_catalog[]
#define SEPG_CLASS_MAX
Definition: sepgsql.h:54
void appendStringInfoString(StringInfo str, const char *s)
Definition: stringinfo.c:179

References appendStringInfo(), appendStringInfoString(), Assert, av_name, buf, class_name, ereport, errmsg(), i, initStringInfo(), LOG, selinux_catalog, and SEPG_CLASS_MAX.

Referenced by sepgsql_avc_check_perms_label().

◆ sepgsql_avc_check_perms()

bool sepgsql_avc_check_perms ( const ObjectAddress tobject,
uint16  tclass,
uint32  required,
const char *  audit_name,
bool  abort_on_violation 
)

Definition at line 420 of file uavc.c.

424 {
425  char *tcontext = GetSecurityLabel(tobject, SEPGSQL_LABEL_TAG);
426  bool rc;
427 
428  rc = sepgsql_avc_check_perms_label(tcontext,
429  tclass, required,
430  audit_name, abort_on_violation);
431  if (tcontext)
432  pfree(tcontext);
433 
434  return rc;
435 }
char * GetSecurityLabel(const ObjectAddress *object, const char *provider)
Definition: seclabel.c:272
bool sepgsql_avc_check_perms_label(const char *tcontext, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:337

References GetSecurityLabel(), pfree(), generate_unaccent_rules::required, sepgsql_avc_check_perms_label(), and SEPGSQL_LABEL_TAG.

Referenced by check_relation_privileges(), check_schema_perms(), sepgsql_attribute_drop(), sepgsql_attribute_relabel(), sepgsql_attribute_setattr(), sepgsql_database_drop(), sepgsql_database_relabel(), sepgsql_database_setattr(), sepgsql_fmgr_hook(), sepgsql_needs_fmgr_hook(), sepgsql_proc_drop(), sepgsql_proc_execute(), sepgsql_proc_post_create(), sepgsql_proc_relabel(), sepgsql_proc_setattr(), sepgsql_relation_drop(), sepgsql_relation_post_create(), sepgsql_relation_relabel(), sepgsql_relation_setattr(), sepgsql_relation_truncate(), sepgsql_schema_drop(), and sepgsql_schema_relabel().

◆ sepgsql_avc_check_perms_label()

bool sepgsql_avc_check_perms_label ( const char *  tcontext,
uint16  tclass,
uint32  required,
const char *  audit_name,
bool  abort_on_violation 
)

Definition at line 337 of file uavc.c.

341 {
342  char *scontext = sepgsql_get_client_label();
343  avc_cache *cache;
344  uint32 denied;
345  uint32 audited;
346  bool result;
347 
349  do
350  {
351  result = true;
352 
353  /*
354  * If the target object is unlabeled, we perform the check using the
355  * label supplied by sepgsql_avc_unlabeled().
356  */
357  if (tcontext)
358  cache = sepgsql_avc_lookup(scontext, tcontext, tclass);
359  else
360  cache = sepgsql_avc_lookup(scontext,
361  sepgsql_avc_unlabeled(), tclass);
362 
363  denied = required & ~cache->allowed;
364 
365  /*
366  * Compute permissions to be audited
367  */
369  audited = (denied ? (denied & ~0) : (required & ~0));
370  else
371  audited = denied ? (denied & cache->auditdeny)
372  : (required & cache->auditallow);
373 
374  if (denied)
375  {
376  /*
377  * In permissive mode or permissive domain, violated permissions
378  * shall be audited to the log files at once, and then implicitly
379  * allowed to avoid a flood of access denied logs, because the
380  * purpose of permissive mode/domain is to collect a violation log
381  * that will make it possible to fix up the security policy.
382  */
383  if (!sepgsql_getenforce() || cache->permissive)
384  cache->allowed |= required;
385  else
386  result = false;
387  }
388  } while (!sepgsql_avc_check_valid());
389 
390  /*
391  * In the case when we have something auditable actions here,
392  * sepgsql_audit_log shall be called with text representation of security
393  * labels for both of subject and object. It records this access
394  * violation, so DBA will be able to find out unexpected security problems
395  * later.
396  */
397  if (audited != 0 &&
398  audit_name != SEPGSQL_AVC_NOAUDIT &&
400  {
401  sepgsql_audit_log(denied != 0,
402  (sepgsql_getenforce() && !cache->permissive),
403  cache->scontext,
404  cache->tcontext_is_valid ?
405  cache->tcontext : sepgsql_avc_unlabeled(),
406  cache->tclass,
407  audited,
408  audit_name);
409  }
410 
411  if (abort_on_violation && !result)
412  ereport(ERROR,
413  (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
414  errmsg("SELinux: security policy violation")));
415 
416  return result;
417 }
unsigned int uint32
Definition: c.h:492
bool sepgsql_get_debug_audit(void)
Definition: hooks.c:74
int sepgsql_get_mode(void)
Definition: selinux.c:625
void sepgsql_audit_log(bool denied, bool enforcing, const char *scontext, const char *tcontext, uint16 tclass, uint32 audited, const char *audit_name)
Definition: selinux.c:678
bool sepgsql_getenforce(void)
Definition: selinux.c:651
#define SEPGSQL_MODE_INTERNAL
Definition: sepgsql.h:30
#define SEPGSQL_AVC_NOAUDIT
Definition: sepgsql.h:250
Definition: uavc.c:31
uint16 tclass
Definition: uavc.c:35
uint32 allowed
Definition: uavc.c:37
uint32 auditdeny
Definition: uavc.c:39
char * scontext
Definition: uavc.c:33
char * tcontext
Definition: uavc.c:34
bool tcontext_is_valid
Definition: uavc.c:43
bool permissive
Definition: uavc.c:41
uint32 auditallow
Definition: uavc.c:38
static char * sepgsql_avc_unlabeled(void)
Definition: uavc.c:170
static bool sepgsql_avc_check_valid(void)
Definition: uavc.c:152
static avc_cache * sepgsql_avc_lookup(const char *scontext, const char *tcontext, uint16 tclass)
Definition: uavc.c:297

References avc_cache::allowed, avc_cache::auditallow, avc_cache::auditdeny, ereport, errcode(), errmsg(), ERROR, avc_cache::permissive, generate_unaccent_rules::required, avc_cache::scontext, sepgsql_audit_log(), sepgsql_avc_check_valid(), sepgsql_avc_lookup(), SEPGSQL_AVC_NOAUDIT, sepgsql_avc_unlabeled(), sepgsql_get_client_label(), sepgsql_get_debug_audit(), sepgsql_get_mode(), sepgsql_getenforce(), SEPGSQL_MODE_INTERNAL, avc_cache::tclass, avc_cache::tcontext, and avc_cache::tcontext_is_valid.

Referenced by sepgsql_attribute_post_create(), sepgsql_attribute_relabel(), sepgsql_avc_check_perms(), sepgsql_database_post_create(), sepgsql_database_relabel(), sepgsql_fmgr_hook(), sepgsql_proc_post_create(), sepgsql_proc_relabel(), sepgsql_relation_post_create(), sepgsql_relation_relabel(), sepgsql_schema_post_create(), sepgsql_schema_relabel(), and sepgsql_set_client_label().

◆ sepgsql_avc_init()

void sepgsql_avc_init ( void  )

Definition at line 488 of file uavc.c.

489 {
490  int rc;
491 
492  /*
493  * All the avc stuff shall be allocated in avc_mem_cxt
494  */
496  "userspace access vector cache",
498  memset(avc_slots, 0, sizeof(avc_slots));
499  avc_num_caches = 0;
500  avc_lru_hint = 0;
502 
503  /*
504  * SELinux allows to mmap(2) its kernel status page in read-only mode to
505  * inform userspace applications its status updating (such as policy
506  * reloading) without system-call invocations. This feature is only
507  * supported in Linux-2.6.38 or later, however, libselinux provides a
508  * fallback mode to know its status using netlink sockets.
509  */
510  rc = selinux_status_open(1);
511  if (rc < 0)
512  ereport(ERROR,
513  (errcode(ERRCODE_INTERNAL_ERROR),
514  errmsg("SELinux: could not open selinux status : %m")));
515  else if (rc > 0)
516  ereport(LOG,
517  (errmsg("SELinux: kernel status page uses fallback mode")));
518 
519  /* Arrange to close selinux status page on process exit. */
521 }
void on_proc_exit(pg_on_exit_callback function, Datum arg)
Definition: ipc.c:309
MemoryContext TopMemoryContext
Definition: mcxt.c:149
#define AllocSetContextCreate
Definition: memutils.h:129
#define ALLOCSET_DEFAULT_SIZES
Definition: memutils.h:160
static int avc_lru_hint
Definition: uavc.c:59
static int avc_threshold
Definition: uavc.c:60
static MemoryContext avc_mem_cxt
Definition: uavc.c:56
static void sepgsql_avc_exit(int code, Datum arg)
Definition: uavc.c:477
static List * avc_slots[AVC_NUM_SLOTS]
Definition: uavc.c:57
static int avc_num_caches
Definition: uavc.c:58
#define AVC_DEF_THRESHOLD
Definition: uavc.c:54

References ALLOCSET_DEFAULT_SIZES, AllocSetContextCreate, AVC_DEF_THRESHOLD, avc_lru_hint, avc_mem_cxt, avc_num_caches, avc_slots, avc_threshold, ereport, errcode(), errmsg(), ERROR, LOG, on_proc_exit(), sepgsql_avc_exit(), and TopMemoryContext.

Referenced by _PG_init().

◆ sepgsql_avc_trusted_proc()

char* sepgsql_avc_trusted_proc ( Oid  functionId)

Definition at line 445 of file uavc.c.

446 {
447  char *scontext = sepgsql_get_client_label();
448  char *tcontext;
449  ObjectAddress tobject;
450  avc_cache *cache;
451 
452  tobject.classId = ProcedureRelationId;
453  tobject.objectId = functionId;
454  tobject.objectSubId = 0;
455  tcontext = GetSecurityLabel(&tobject, SEPGSQL_LABEL_TAG);
456 
458  do
459  {
460  if (tcontext)
461  cache = sepgsql_avc_lookup(scontext, tcontext,
463  else
464  cache = sepgsql_avc_lookup(scontext, sepgsql_avc_unlabeled(),
466  } while (!sepgsql_avc_check_valid());
467 
468  return cache->ncontext;
469 }
#define SEPG_CLASS_DB_PROCEDURE
Definition: sepgsql.h:48
char * ncontext
Definition: uavc.c:45

References ObjectAddress::classId, GetSecurityLabel(), avc_cache::ncontext, ObjectAddress::objectId, ObjectAddress::objectSubId, SEPG_CLASS_DB_PROCEDURE, sepgsql_avc_check_valid(), sepgsql_avc_lookup(), sepgsql_avc_unlabeled(), sepgsql_get_client_label(), and SEPGSQL_LABEL_TAG.

Referenced by sepgsql_fmgr_hook(), and sepgsql_needs_fmgr_hook().

◆ sepgsql_compute_avd()

void sepgsql_compute_avd ( const char *  scontext,
const char *  tcontext,
uint16  tclass,
struct av_decision *  avd 
)

Definition at line 739 of file selinux.c.

743 {
744  const char *tclass_name;
745  security_class_t tclass_ex;
746  struct av_decision avd_ex;
747  int i,
748  deny_unknown = security_deny_unknown();
749 
750  /* Get external code of the object class */
751  Assert(tclass < SEPG_CLASS_MAX);
752  Assert(tclass == selinux_catalog[tclass].class_code);
753 
754  tclass_name = selinux_catalog[tclass].class_name;
755  tclass_ex = string_to_security_class(tclass_name);
756 
757  if (tclass_ex == 0)
758  {
759  /*
760  * If the current security policy does not support permissions
761  * corresponding to database objects, we fill up them with dummy data.
762  * If security_deny_unknown() returns positive value, undefined
763  * permissions should be denied. Otherwise, allowed
764  */
765  avd->allowed = (security_deny_unknown() > 0 ? 0 : ~0);
766  avd->auditallow = 0U;
767  avd->auditdeny = ~0U;
768  avd->flags = 0;
769 
770  return;
771  }
772 
773  /*
774  * Ask SELinux what is allowed set of permissions on a pair of the
775  * security contexts and the given object class.
776  */
777  if (security_compute_av_flags_raw(scontext,
778  tcontext,
779  tclass_ex, 0, &avd_ex) < 0)
780  ereport(ERROR,
781  (errcode(ERRCODE_INTERNAL_ERROR),
782  errmsg("SELinux could not compute av_decision: "
783  "scontext=%s tcontext=%s tclass=%s: %m",
784  scontext, tcontext, tclass_name)));
785 
786  /*
787  * SELinux returns its access control decision as a set of permissions
788  * represented in external code which depends on run-time environment. So,
789  * we need to translate it to the internal representation before returning
790  * results for the caller.
791  */
792  memset(avd, 0, sizeof(struct av_decision));
793 
794  for (i = 0; selinux_catalog[tclass].av[i].av_name; i++)
795  {
796  access_vector_t av_code_ex;
797  const char *av_name = selinux_catalog[tclass].av[i].av_name;
798  uint32 av_code = selinux_catalog[tclass].av[i].av_code;
799 
800  av_code_ex = string_to_av_perm(tclass_ex, av_name);
801  if (av_code_ex == 0)
802  {
803  /* fill up undefined permissions */
804  if (!deny_unknown)
805  avd->allowed |= av_code;
806  avd->auditdeny |= av_code;
807 
808  continue;
809  }
810 
811  if (avd_ex.allowed & av_code_ex)
812  avd->allowed |= av_code;
813  if (avd_ex.auditallow & av_code_ex)
814  avd->auditallow |= av_code;
815  if (avd_ex.auditdeny & av_code_ex)
816  avd->auditdeny |= av_code;
817  }
818 }
uint16 class_code
Definition: selinux.c:33
uint32 av_code
Definition: selinux.c:37

References Assert, av_code, av_name, class_code, ereport, errcode(), errmsg(), ERROR, i, selinux_catalog, and SEPG_CLASS_MAX.

Referenced by sepgsql_avc_compute().

◆ sepgsql_compute_create()

char* sepgsql_compute_create ( const char *  scontext,
const char *  tcontext,
uint16  tclass,
const char *  objname 
)

Definition at line 842 of file selinux.c.

846 {
847  char *ncontext;
848  security_class_t tclass_ex;
849  const char *tclass_name;
850  char *result;
851 
852  /* Get external code of the object class */
853  Assert(tclass < SEPG_CLASS_MAX);
854 
855  tclass_name = selinux_catalog[tclass].class_name;
856  tclass_ex = string_to_security_class(tclass_name);
857 
858  /*
859  * Ask SELinux what is the default context for the given object class on a
860  * pair of security contexts
861  */
862  if (security_compute_create_name_raw(scontext,
863  tcontext,
864  tclass_ex,
865  objname,
866  &ncontext) < 0)
867  ereport(ERROR,
868  (errcode(ERRCODE_INTERNAL_ERROR),
869  errmsg("SELinux could not compute a new context: "
870  "scontext=%s tcontext=%s tclass=%s: %m",
871  scontext, tcontext, tclass_name)));
872 
873  /*
874  * libselinux returns malloc()'ed string, so we need to copy it on the
875  * palloc()'ed region.
876  */
877  PG_TRY();
878  {
879  result = pstrdup(ncontext);
880  }
881  PG_FINALLY();
882  {
883  freecon(ncontext);
884  }
885  PG_END_TRY();
886 
887  return result;
888 }
#define PG_TRY(...)
Definition: elog.h:371
#define PG_END_TRY(...)
Definition: elog.h:396
#define PG_FINALLY(...)
Definition: elog.h:388
char * pstrdup(const char *in)
Definition: mcxt.c:1696

References Assert, ereport, errcode(), errmsg(), ERROR, PG_END_TRY, PG_FINALLY, PG_TRY, pstrdup(), selinux_catalog, and SEPG_CLASS_MAX.

Referenced by sepgsql_attribute_post_create(), sepgsql_avc_compute(), sepgsql_database_post_create(), sepgsql_proc_post_create(), sepgsql_relation_post_create(), and sepgsql_schema_post_create().

◆ sepgsql_database_drop()

void sepgsql_database_drop ( Oid  databaseId)

Definition at line 133 of file database.c.

134 {
135  ObjectAddress object;
136  char *audit_name;
137 
138  /*
139  * check db_database:{drop} permission
140  */
141  object.classId = DatabaseRelationId;
142  object.objectId = databaseId;
143  object.objectSubId = 0;
144  audit_name = getObjectIdentity(&object, false);
145 
146  sepgsql_avc_check_perms(&object,
149  audit_name,
150  true);
151  pfree(audit_name);
152 }
#define SEPG_CLASS_DB_DATABASE
Definition: sepgsql.h:44
#define SEPG_DB_DATABASE__DROP
Definition: sepgsql.h:119

References ObjectAddress::classId, getObjectIdentity(), pfree(), SEPG_CLASS_DB_DATABASE, SEPG_DB_DATABASE__DROP, and sepgsql_avc_check_perms().

Referenced by sepgsql_object_access().

◆ sepgsql_database_post_create()

void sepgsql_database_post_create ( Oid  databaseId,
const char *  dtemplate 
)

Definition at line 33 of file database.c.

34 {
35  Relation rel;
36  ScanKeyData skey;
37  SysScanDesc sscan;
38  HeapTuple tuple;
39  char *tcontext;
40  char *ncontext;
41  ObjectAddress object;
42  Form_pg_database datForm;
43  StringInfoData audit_name;
44 
45  /*
46  * Oid of the source database is not saved in pg_database catalog, so we
47  * collect its identifier using contextual information. If NULL, its
48  * default is "template1" according to createdb().
49  */
50  if (!dtemplate)
51  dtemplate = "template1";
52 
53  object.classId = DatabaseRelationId;
54  object.objectId = get_database_oid(dtemplate, false);
55  object.objectSubId = 0;
56 
57  tcontext = sepgsql_get_label(object.classId,
58  object.objectId,
59  object.objectSubId);
60 
61  /*
62  * check db_database:{getattr} permission
63  */
64  initStringInfo(&audit_name);
65  appendStringInfoString(&audit_name, quote_identifier(dtemplate));
69  audit_name.data,
70  true);
71 
72  /*
73  * Compute a default security label of the newly created database based on
74  * a pair of security label of client and source database.
75  *
76  * XXX - upcoming version of libselinux supports to take object name to
77  * handle special treatment on default security label.
78  */
79  rel = table_open(DatabaseRelationId, AccessShareLock);
80 
81  ScanKeyInit(&skey,
82  Anum_pg_database_oid,
83  BTEqualStrategyNumber, F_OIDEQ,
84  ObjectIdGetDatum(databaseId));
85 
86  sscan = systable_beginscan(rel, DatabaseOidIndexId, true,
87  SnapshotSelf, 1, &skey);
88  tuple = systable_getnext(sscan);
89  if (!HeapTupleIsValid(tuple))
90  elog(ERROR, "could not find tuple for database %u", databaseId);
91 
92  datForm = (Form_pg_database) GETSTRUCT(tuple);
93 
95  tcontext,
97  NameStr(datForm->datname));
98 
99  /*
100  * check db_database:{create} permission
101  */
102  resetStringInfo(&audit_name);
103  appendStringInfoString(&audit_name,
104  quote_identifier(NameStr(datForm->datname)));
108  audit_name.data,
109  true);
110 
111  systable_endscan(sscan);
113 
114  /*
115  * Assign the default security label on the new database
116  */
117  object.classId = DatabaseRelationId;
118  object.objectId = databaseId;
119  object.objectSubId = 0;
120 
121  SetSecurityLabel(&object, SEPGSQL_LABEL_TAG, ncontext);
122 
123  pfree(ncontext);
124  pfree(tcontext);
125 }
Oid get_database_oid(const char *dbname, bool missing_ok)
Definition: dbcommands.c:3140
FormData_pg_database * Form_pg_database
Definition: pg_database.h:96
#define SEPG_DB_DATABASE__CREATE
Definition: sepgsql.h:118
#define SEPG_DB_DATABASE__GETATTR
Definition: sepgsql.h:120
void resetStringInfo(StringInfo str)
Definition: stringinfo.c:75

References AccessShareLock, appendStringInfoString(), BTEqualStrategyNumber, StringInfoData::data, elog, ERROR, get_database_oid(), GETSTRUCT, HeapTupleIsValid, initStringInfo(), NameStr, ObjectIdGetDatum(), pfree(), quote_identifier(), resetStringInfo(), ScanKeyInit(), SEPG_CLASS_DB_DATABASE, SEPG_DB_DATABASE__CREATE, SEPG_DB_DATABASE__GETATTR, sepgsql_avc_check_perms_label(), sepgsql_compute_create(), sepgsql_get_client_label(), sepgsql_get_label(), SEPGSQL_LABEL_TAG, SetSecurityLabel(), SnapshotSelf, systable_beginscan(), systable_endscan(), systable_getnext(), table_close(), and table_open().

Referenced by sepgsql_object_access().

◆ sepgsql_database_relabel()

void sepgsql_database_relabel ( Oid  databaseId,
const char *  seclabel 
)

Definition at line 187 of file database.c.

188 {
189  ObjectAddress object;
190  char *audit_name;
191 
192  object.classId = DatabaseRelationId;
193  object.objectId = databaseId;
194  object.objectSubId = 0;
195  audit_name = getObjectIdentity(&object, false);
196 
197  /*
198  * check db_database:{setattr relabelfrom} permission
199  */
200  sepgsql_avc_check_perms(&object,
204  audit_name,
205  true);
206 
207  /*
208  * check db_database:{relabelto} permission
209  */
213  audit_name,
214  true);
215  pfree(audit_name);
216 }
#define SEPG_DB_DATABASE__SETATTR
Definition: sepgsql.h:121
#define SEPG_DB_DATABASE__RELABELTO
Definition: sepgsql.h:123
#define SEPG_DB_DATABASE__RELABELFROM
Definition: sepgsql.h:122

References ObjectAddress::classId, getObjectIdentity(), pfree(), SEPG_CLASS_DB_DATABASE, SEPG_DB_DATABASE__RELABELFROM, SEPG_DB_DATABASE__RELABELTO, SEPG_DB_DATABASE__SETATTR, sepgsql_avc_check_perms(), and sepgsql_avc_check_perms_label().

Referenced by sepgsql_object_relabel().

◆ sepgsql_database_setattr()

void sepgsql_database_setattr ( Oid  databaseId)

Definition at line 160 of file database.c.

161 {
162  ObjectAddress object;
163  char *audit_name;
164 
165  /*
166  * check db_database:{setattr} permission
167  */
168  object.classId = DatabaseRelationId;
169  object.objectId = databaseId;
170  object.objectSubId = 0;
171  audit_name = getObjectIdentity(&object, false);
172 
173  sepgsql_avc_check_perms(&object,
176  audit_name,
177  true);
178  pfree(audit_name);
179 }

References ObjectAddress::classId, getObjectIdentity(), pfree(), SEPG_CLASS_DB_DATABASE, SEPG_DB_DATABASE__SETATTR, and sepgsql_avc_check_perms().

Referenced by sepgsql_object_access().

◆ sepgsql_dml_privileges()

bool sepgsql_dml_privileges ( List rangeTabls,
List rteperminfos,
bool  abort_on_violation 
)

Definition at line 282 of file dml.c.

284 {
285  ListCell *lr;
286 
287  foreach(lr, rteperminfos)
288  {
290  uint32 required = 0;
291  List *tableIds;
292  ListCell *li;
293 
294  /*
295  * Find out required permissions
296  */
297  if (perminfo->requiredPerms & ACL_SELECT)
299  if (perminfo->requiredPerms & ACL_INSERT)
301  if (perminfo->requiredPerms & ACL_UPDATE)
302  {
303  if (!bms_is_empty(perminfo->updatedCols))
305  else
307  }
308  if (perminfo->requiredPerms & ACL_DELETE)
310 
311  /*
312  * Skip, if nothing to be checked
313  */
314  if (required == 0)
315  continue;
316 
317  /*
318  * If this RangeTblEntry is also supposed to reference inherited
319  * tables, we need to check security label of the child tables. So, we
320  * expand rte->relid into list of OIDs of inheritance hierarchy, then
321  * checker routine will be invoked for each relations.
322  */
323  if (!perminfo->inh)
324  tableIds = list_make1_oid(perminfo->relid);
325  else
326  tableIds = find_all_inheritors(perminfo->relid, NoLock, NULL);
327 
328  foreach(li, tableIds)
329  {
330  Oid tableOid = lfirst_oid(li);
331  Bitmapset *selectedCols;
332  Bitmapset *insertedCols;
333  Bitmapset *updatedCols;
334 
335  /*
336  * child table has different attribute numbers, so we need to fix
337  * up them.
338  */
339  selectedCols = fixup_inherited_columns(perminfo->relid, tableOid,
340  perminfo->selectedCols);
341  insertedCols = fixup_inherited_columns(perminfo->relid, tableOid,
342  perminfo->insertedCols);
343  updatedCols = fixup_inherited_columns(perminfo->relid, tableOid,
344  perminfo->updatedCols);
345 
346  /*
347  * check permissions on individual tables
348  */
349  if (!check_relation_privileges(tableOid,
350  selectedCols,
351  insertedCols,
352  updatedCols,
353  required, abort_on_violation))
354  return false;
355  }
356  list_free(tableIds);
357  }
358  return true;
359 }
#define bms_is_empty(a)
Definition: bitmapset.h:118
static Bitmapset * fixup_inherited_columns(Oid parentId, Oid childId, Bitmapset *columns)
Definition: dml.c:93
static bool check_relation_privileges(Oid relOid, Bitmapset *selected, Bitmapset *inserted, Bitmapset *updated, uint32 required, bool abort_on_violation)
Definition: dml.c:142
void list_free(List *list)
Definition: list.c:1546
#define NoLock
Definition: lockdefs.h:34
#define ACL_DELETE
Definition: parsenodes.h:79
#define ACL_INSERT
Definition: parsenodes.h:76
#define ACL_UPDATE
Definition: parsenodes.h:78
#define ACL_SELECT
Definition: parsenodes.h:77
List * find_all_inheritors(Oid parentrelId, LOCKMODE lockmode, List **numparents)
Definition: pg_inherits.c:255
#define lfirst_node(type, lc)
Definition: pg_list.h:176
#define list_make1_oid(x1)
Definition: pg_list.h:242
#define lfirst_oid(lc)
Definition: pg_list.h:174
unsigned int Oid
Definition: postgres_ext.h:31
#define SEPG_DB_TABLE__DELETE
Definition: sepgsql.h:146
#define SEPG_DB_TABLE__LOCK
Definition: sepgsql.h:147
#define SEPG_DB_TABLE__INSERT
Definition: sepgsql.h:145
#define SEPG_DB_TABLE__UPDATE
Definition: sepgsql.h:144
#define SEPG_DB_TABLE__SELECT
Definition: sepgsql.h:143
Definition: pg_list.h:54
Bitmapset * selectedCols
Definition: parsenodes.h:1293
AclMode requiredPerms
Definition: parsenodes.h:1291
Bitmapset * insertedCols
Definition: parsenodes.h:1294
Bitmapset * updatedCols
Definition: parsenodes.h:1295

References ACL_DELETE, ACL_INSERT, ACL_SELECT, ACL_UPDATE, bms_is_empty, check_relation_privileges(), find_all_inheritors(), fixup_inherited_columns(), RTEPermissionInfo::inh, RTEPermissionInfo::insertedCols, lfirst_node, lfirst_oid, list_free(), list_make1_oid, NoLock, RTEPermissionInfo::relid, generate_unaccent_rules::required, RTEPermissionInfo::requiredPerms, RTEPermissionInfo::selectedCols, SEPG_DB_TABLE__DELETE, SEPG_DB_TABLE__INSERT, SEPG_DB_TABLE__LOCK, SEPG_DB_TABLE__SELECT, SEPG_DB_TABLE__UPDATE, and RTEPermissionInfo::updatedCols.

Referenced by sepgsql_exec_check_perms().

◆ sepgsql_get_client_label()

char* sepgsql_get_client_label ( void  )

Definition at line 80 of file label.c.

81 {
82  /* trusted procedure client label override */
84  return client_label_func;
85 
86  /* uncommitted sepgsql_setcon() value */
88  {
90 
91  if (plabel->label)
92  return plabel->label;
93  }
94  else if (client_label_committed)
95  return client_label_committed; /* set by sepgsql_setcon() committed */
96 
97  /* default label */
98  Assert(client_label_peer != NULL);
99  return client_label_peer;
100 }
static char * client_label_committed
Definition: label.c:62
static char * client_label_peer
Definition: label.c:59
static List * client_label_pending
Definition: label.c:60
static char * client_label_func
Definition: label.c:64
#define llast(l)
Definition: pg_list.h:198
char * label
Definition: label.c:69

References Assert, client_label_committed, client_label_func, client_label_peer, client_label_pending, pending_label::label, and llast.

Referenced by sepgsql_attribute_post_create(), sepgsql_avc_check_perms_label(), sepgsql_avc_trusted_proc(), sepgsql_database_post_create(), sepgsql_getcon(), sepgsql_proc_post_create(), sepgsql_relation_post_create(), sepgsql_schema_post_create(), and sepgsql_set_client_label().

◆ sepgsql_get_debug_audit()

bool sepgsql_get_debug_audit ( void  )

Definition at line 74 of file hooks.c.

75 {
76  return sepgsql_debug_audit;
77 }
static bool sepgsql_debug_audit
Definition: hooks.c:71

References sepgsql_debug_audit.

Referenced by sepgsql_avc_check_perms_label().

◆ sepgsql_get_label()

char* sepgsql_get_label ( Oid  classId,
Oid  objectId,
int32  subId 
)

Definition at line 445 of file label.c.

446 {
447  ObjectAddress object;
448  char *label;
449 
450  object.classId = classId;
451  object.objectId = objectId;
452  object.objectSubId = subId;
453 
455  if (!label || security_check_context_raw(label))
456  {
457  char *unlabeled;
458 
459  if (security_get_initial_context_raw("unlabeled", &unlabeled) < 0)
460  ereport(ERROR,
461  (errcode(ERRCODE_INTERNAL_ERROR),
462  errmsg("SELinux: failed to get initial security label: %m")));
463  PG_TRY();
464  {
465  label = pstrdup(unlabeled);
466  }
467  PG_FINALLY();
468  {
469  freecon(unlabeled);
470  }
471  PG_END_TRY();
472  }
473  return label;
474 }
static char * label

References ereport, errcode(), errmsg(), ERROR, GetSecurityLabel(), label, PG_END_TRY, PG_FINALLY, PG_TRY, pstrdup(), and SEPGSQL_LABEL_TAG.

Referenced by sepgsql_attribute_post_create(), sepgsql_database_post_create(), sepgsql_proc_post_create(), sepgsql_relation_post_create(), and sepgsql_schema_post_create().

◆ sepgsql_get_mode()

int sepgsql_get_mode ( void  )

Definition at line 625 of file selinux.c.

626 {
627  return sepgsql_mode;
628 }
static int sepgsql_mode
Definition: selinux.c:610

References sepgsql_mode.

Referenced by sepgsql_avc_check_perms_label().

◆ sepgsql_get_permissive()

bool sepgsql_get_permissive ( void  )

Definition at line 63 of file hooks.c.

64 {
65  return sepgsql_permissive;
66 }
static bool sepgsql_permissive
Definition: hooks.c:60

References sepgsql_permissive.

Referenced by sepgsql_client_auth().

◆ sepgsql_getenforce()

bool sepgsql_getenforce ( void  )

Definition at line 651 of file selinux.c.

652 {
654  selinux_status_getenforce() > 0)
655  return true;
656 
657  return false;
658 }
#define SEPGSQL_MODE_DEFAULT
Definition: sepgsql.h:28

References sepgsql_mode, and SEPGSQL_MODE_DEFAULT.

Referenced by check_relation_privileges(), sepgsql_avc_check_perms_label(), and sepgsql_utility_command().

◆ sepgsql_init_client_label()

void sepgsql_init_client_label ( void  )

Definition at line 404 of file label.c.

405 {
406  /*
407  * Set up dummy client label.
408  *
409  * XXX - note that PostgreSQL launches background worker process like
410  * autovacuum without authentication steps. So, we initialize sepgsql_mode
411  * with SEPGSQL_MODE_INTERNAL, and client_label with the security context
412  * of server process. Later, it also launches background of user session.
413  * In this case, the process is always hooked on post-authentication, and
414  * we can initialize the sepgsql_mode and client_label correctly.
415  */
416  if (getcon_raw(&client_label_peer) < 0)
417  ereport(ERROR,
418  (errcode(ERRCODE_INTERNAL_ERROR),
419  errmsg("SELinux: failed to get server security label: %m")));
420 
421  /* Client authentication hook */
424 
425  /* Trusted procedure hooks */
428 
431 
432  /* Transaction/Sub-transaction callbacks */
435 }
ClientAuthentication_hook_type ClientAuthentication_hook
Definition: auth.c:230
PGDLLIMPORT needs_fmgr_hook_type needs_fmgr_hook
Definition: fmgr.c:39
PGDLLIMPORT fmgr_hook_type fmgr_hook
Definition: fmgr.c:40
static fmgr_hook_type next_fmgr_hook
Definition: label.c:44
static void sepgsql_fmgr_hook(FmgrHookEventType event, FmgrInfo *flinfo, Datum *private)
Definition: label.c:311
static needs_fmgr_hook_type next_needs_fmgr_hook
Definition: label.c:43
static void sepgsql_subxact_callback(SubXactEvent event, SubTransactionId mySubid, SubTransactionId parentSubid, void *arg)
Definition: label.c:204
static void sepgsql_client_auth(Port *port, int status)
Definition: label.c:230
static void sepgsql_xact_callback(XactEvent event, void *arg)
Definition: label.c:165
static ClientAuthentication_hook_type next_client_auth_hook
Definition: label.c:42
static bool sepgsql_needs_fmgr_hook(Oid functionId)
Definition: label.c:268
void RegisterXactCallback(XactCallback callback, void *arg)
Definition: xact.c:3796
void RegisterSubXactCallback(SubXactCallback callback, void *arg)
Definition: xact.c:3856

References client_label_peer, ClientAuthentication_hook, ereport, errcode(), errmsg(), ERROR, fmgr_hook, needs_fmgr_hook, next_client_auth_hook, next_fmgr_hook, next_needs_fmgr_hook, RegisterSubXactCallback(), RegisterXactCallback(), sepgsql_client_auth(), sepgsql_fmgr_hook(), sepgsql_needs_fmgr_hook(), sepgsql_subxact_callback(), and sepgsql_xact_callback().

Referenced by _PG_init().

◆ sepgsql_is_enabled()

bool sepgsql_is_enabled ( void  )

Definition at line 616 of file selinux.c.

617 {
619 }
#define SEPGSQL_MODE_DISABLED
Definition: sepgsql.h:31

References sepgsql_mode, and SEPGSQL_MODE_DISABLED.

Referenced by sepgsql_getcon(), sepgsql_mcstrans_in(), sepgsql_mcstrans_out(), and sepgsql_restorecon().

◆ sepgsql_object_relabel()

void sepgsql_object_relabel ( const ObjectAddress object,
const char *  seclabel 
)

Definition at line 482 of file label.c.

483 {
484  /*
485  * validate format of the supplied security label, if it is security
486  * context of selinux.
487  */
488  if (seclabel &&
489  security_check_context_raw(seclabel) < 0)
490  ereport(ERROR,
491  (errcode(ERRCODE_INVALID_NAME),
492  errmsg("SELinux: invalid security label: \"%s\"", seclabel)));
493 
494  /*
495  * Do actual permission checks for each object classes
496  */
497  switch (object->classId)
498  {
499  case DatabaseRelationId:
500  sepgsql_database_relabel(object->objectId, seclabel);
501  break;
502 
503  case NamespaceRelationId:
504  sepgsql_schema_relabel(object->objectId, seclabel);
505  break;
506 
507  case RelationRelationId:
508  if (object->objectSubId == 0)
510  seclabel);
511  else
513  object->objectSubId,
514  seclabel);
515  break;
516 
517  case ProcedureRelationId:
518  sepgsql_proc_relabel(object->objectId, seclabel);
519  break;
520 
521  default:
522  ereport(ERROR,
523  (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
524  errmsg("sepgsql provider does not support labels on %s",
525  getObjectTypeDescription(object, false))));
526  break;
527  }
528 }
void sepgsql_proc_relabel(Oid functionId, const char *seclabel)
Definition: proc.c:198
void sepgsql_attribute_relabel(Oid relOid, AttrNumber attnum, const char *seclabel)
Definition: relation.c:165
void sepgsql_relation_relabel(Oid relOid, const char *seclabel)
Definition: relation.c:564
void sepgsql_database_relabel(Oid databaseId, const char *seclabel)
Definition: database.c:187
char * getObjectTypeDescription(const ObjectAddress *object, bool missing_ok)
void sepgsql_schema_relabel(Oid namespaceId, const char *seclabel)
Definition: schema.c:142

References ObjectAddress::classId, ereport, errcode(), errmsg(), ERROR, getObjectTypeDescription(), ObjectAddress::objectId, ObjectAddress::objectSubId, sepgsql_attribute_relabel(), sepgsql_database_relabel(), sepgsql_proc_relabel(), sepgsql_relation_relabel(), and sepgsql_schema_relabel().

Referenced by _PG_init(), and exec_object_restorecon().

◆ sepgsql_proc_drop()

void sepgsql_proc_drop ( Oid  functionId)

Definition at line 155 of file proc.c.

156 {
157  ObjectAddress object;
158  char *audit_name;
159 
160  /*
161  * check db_schema:{remove_name} permission
162  */
163  object.classId = NamespaceRelationId;
164  object.objectId = get_func_namespace(functionId);
165  object.objectSubId = 0;
166  audit_name = getObjectIdentity(&object, false);
167 
168  sepgsql_avc_check_perms(&object,
171  audit_name,
172  true);
173  pfree(audit_name);
174 
175  /*
176  * check db_procedure:{drop} permission
177  */
178  object.classId = ProcedureRelationId;
179  object.objectId = functionId;
180  object.objectSubId = 0;
181  audit_name = getObjectIdentity(&object, false);
182 
183  sepgsql_avc_check_perms(&object,
186  audit_name,
187  true);
188  pfree(audit_name);
189 }
Oid get_func_namespace(Oid funcid)
Definition: lsyscache.c:1632
#define SEPG_CLASS_DB_SCHEMA
Definition: sepgsql.h:45
#define SEPG_DB_SCHEMA__REMOVE_NAME
Definition: sepgsql.h:135
#define SEPG_DB_PROCEDURE__DROP
Definition: sepgsql.h:161

References ObjectAddress::classId, get_func_namespace(), getObjectIdentity(), pfree(), SEPG_CLASS_DB_PROCEDURE, SEPG_CLASS_DB_SCHEMA, SEPG_DB_PROCEDURE__DROP, SEPG_DB_SCHEMA__REMOVE_NAME, and sepgsql_avc_check_perms().

Referenced by sepgsql_object_access().

◆ sepgsql_proc_execute()

void sepgsql_proc_execute ( Oid  functionId)

Definition at line 315 of file proc.c.

316 {
317  ObjectAddress object;
318  char *audit_name;
319 
320  /*
321  * check db_procedure:{execute} permission
322  */
323  object.classId = ProcedureRelationId;
324  object.objectId = functionId;
325  object.objectSubId = 0;
326  audit_name = getObjectIdentity(&object, false);
327  sepgsql_avc_check_perms(&object,
330  audit_name,
331  true);
332  pfree(audit_name);
333 }
#define SEPG_DB_PROCEDURE__EXECUTE
Definition: sepgsql.h:166

References ObjectAddress::classId, getObjectIdentity(), pfree(), SEPG_CLASS_DB_PROCEDURE, SEPG_DB_PROCEDURE__EXECUTE, and sepgsql_avc_check_perms().

Referenced by sepgsql_object_access().

◆ sepgsql_proc_post_create()

void sepgsql_proc_post_create ( Oid  functionId)

Definition at line 37 of file proc.c.

38 {
39  Relation rel;
40  ScanKeyData skey;
41  SysScanDesc sscan;
42  HeapTuple tuple;
43  char *nsp_name;
44  char *scontext;
45  char *tcontext;
46  char *ncontext;
48  int i;
49  StringInfoData audit_name;
50  ObjectAddress object;
51  Form_pg_proc proForm;
52 
53  /*
54  * Fetch namespace of the new procedure. Because pg_proc entry is not
55  * visible right now, we need to scan the catalog using SnapshotSelf.
56  */
57  rel = table_open(ProcedureRelationId, AccessShareLock);
58 
59  ScanKeyInit(&skey,
60  Anum_pg_proc_oid,
61  BTEqualStrategyNumber, F_OIDEQ,
62  ObjectIdGetDatum(functionId));
63 
64  sscan = systable_beginscan(rel, ProcedureOidIndexId, true,
65  SnapshotSelf, 1, &skey);
66 
67  tuple = systable_getnext(sscan);
68  if (!HeapTupleIsValid(tuple))
69  elog(ERROR, "could not find tuple for function %u", functionId);
70 
71  proForm = (Form_pg_proc) GETSTRUCT(tuple);
72 
73  /*
74  * check db_schema:{add_name} permission of the namespace
75  */
76  object.classId = NamespaceRelationId;
77  object.objectId = proForm->pronamespace;
78  object.objectSubId = 0;
82  getObjectIdentity(&object, false),
83  true);
84 
85  /*
86  * XXX - db_language:{implement} also should be checked here
87  */
88 
89 
90  /*
91  * Compute a default security label when we create a new procedure object
92  * under the specified namespace.
93  */
94  scontext = sepgsql_get_client_label();
95  tcontext = sepgsql_get_label(NamespaceRelationId,
96  proForm->pronamespace, 0);
97  ncontext = sepgsql_compute_create(scontext, tcontext,
99  NameStr(proForm->proname));
100 
101  /*
102  * check db_procedure:{create (install)} permission
103  */
104  initStringInfo(&audit_name);
105  nsp_name = get_namespace_name(proForm->pronamespace);
106  appendStringInfo(&audit_name, "%s(",
107  quote_qualified_identifier(nsp_name, NameStr(proForm->proname)));
108  for (i = 0; i < proForm->pronargs; i++)
109  {
110  if (i > 0)
111  appendStringInfoChar(&audit_name, ',');
112 
113  object.classId = TypeRelationId;
114  object.objectId = proForm->proargtypes.values[i];
115  object.objectSubId = 0;
116  appendStringInfoString(&audit_name, getObjectIdentity(&object, false));
117  }
118  appendStringInfoChar(&audit_name, ')');
119 
121  if (proForm->proleakproof)
123 
126  required,
127  audit_name.data,
128  true);
129 
130  /*
131  * Assign the default security label on a new procedure
132  */
133  object.classId = ProcedureRelationId;
134  object.objectId = functionId;
135  object.objectSubId = 0;
136  SetSecurityLabel(&object, SEPGSQL_LABEL_TAG, ncontext);
137 
138  /*
139  * Cleanup
140  */
141  systable_endscan(sscan);
143 
144  pfree(audit_name.data);
145  pfree(tcontext);
146  pfree(ncontext);
147 }
char * get_namespace_name(Oid nspid)
Definition: lsyscache.c:3366
FormData_pg_proc * Form_pg_proc
Definition: pg_proc.h:136
char * quote_qualified_identifier(const char *qualifier, const char *ident)
Definition: ruleutils.c:12952
#define SEPG_DB_PROCEDURE__CREATE
Definition: sepgsql.h:160
#define SEPG_DB_PROCEDURE__INSTALL
Definition: sepgsql.h:168
#define SEPG_DB_SCHEMA__ADD_NAME
Definition: sepgsql.h:134
void appendStringInfoChar(StringInfo str, char ch)
Definition: stringinfo.c:191

References AccessShareLock, appendStringInfo(), appendStringInfoChar(), appendStringInfoString(), BTEqualStrategyNumber, StringInfoData::data, elog, ERROR, get_namespace_name(), getObjectIdentity(), GETSTRUCT, HeapTupleIsValid, i, initStringInfo(), NameStr, ObjectIdGetDatum(), pfree(), quote_qualified_identifier(), generate_unaccent_rules::required, ScanKeyInit(), SEPG_CLASS_DB_PROCEDURE, SEPG_CLASS_DB_SCHEMA, SEPG_DB_PROCEDURE__CREATE, SEPG_DB_PROCEDURE__INSTALL, SEPG_DB_SCHEMA__ADD_NAME, sepgsql_avc_check_perms(), sepgsql_avc_check_perms_label(), sepgsql_compute_create(), sepgsql_get_client_label(), sepgsql_get_label(), SEPGSQL_LABEL_TAG, SetSecurityLabel(), SnapshotSelf, systable_beginscan(), systable_endscan(), systable_getnext(), table_close(), and table_open().

Referenced by sepgsql_object_access().

◆ sepgsql_proc_relabel()

void sepgsql_proc_relabel ( Oid  functionId,
const char *  seclabel 
)

Definition at line 198 of file proc.c.

199 {
200  ObjectAddress object;
201  char *audit_name;
202 
203  object.classId = ProcedureRelationId;
204  object.objectId = functionId;
205  object.objectSubId = 0;
206  audit_name = getObjectIdentity(&object, false);
207 
208  /*
209  * check db_procedure:{setattr relabelfrom} permission
210  */
211  sepgsql_avc_check_perms(&object,
215  audit_name,
216  true);
217 
218  /*
219  * check db_procedure:{relabelto} permission
220  */
224  audit_name,
225  true);
226  pfree(audit_name);
227 }
#define SEPG_DB_PROCEDURE__RELABELFROM
Definition: sepgsql.h:164
#define SEPG_DB_PROCEDURE__SETATTR
Definition: sepgsql.h:163

References ObjectAddress::classId, getObjectIdentity(), pfree(), SEPG_CLASS_DB_PROCEDURE, SEPG_DB_PROCEDURE__RELABELFROM, SEPG_DB_PROCEDURE__RELABELTO, SEPG_DB_PROCEDURE__SETATTR, sepgsql_avc_check_perms(), and sepgsql_avc_check_perms_label().

Referenced by sepgsql_object_relabel().

◆ sepgsql_proc_setattr()

void sepgsql_proc_setattr ( Oid  functionId)

Definition at line 235 of file proc.c.

236 {
237  Relation rel;
238  ScanKeyData skey;
239  SysScanDesc sscan;
240  HeapTuple oldtup;
241  HeapTuple newtup;
242  Form_pg_proc oldform;
243  Form_pg_proc newform;
245  ObjectAddress object;
246  char *audit_name;
247 
248  /*
249  * Fetch newer catalog
250  */
251  rel = table_open(ProcedureRelationId, AccessShareLock);
252 
253  ScanKeyInit(&skey,
254  Anum_pg_proc_oid,
255  BTEqualStrategyNumber, F_OIDEQ,
256  ObjectIdGetDatum(functionId));
257 
258  sscan = systable_beginscan(rel, ProcedureOidIndexId, true,
259  SnapshotSelf, 1, &skey);
260  newtup = systable_getnext(sscan);
261  if (!HeapTupleIsValid(newtup))
262  elog(ERROR, "could not find tuple for function %u", functionId);
263  newform = (Form_pg_proc) GETSTRUCT(newtup);
264 
265  /*
266  * Fetch older catalog
267  */
268  oldtup = SearchSysCache1(PROCOID, ObjectIdGetDatum(functionId));
269  if (!HeapTupleIsValid(oldtup))
270  elog(ERROR, "cache lookup failed for function %u", functionId);
271  oldform = (Form_pg_proc) GETSTRUCT(oldtup);
272 
273  /*
274  * Does this ALTER command takes operation to namespace?
275  */
276  if (newform->pronamespace != oldform->pronamespace)
277  {
278  sepgsql_schema_remove_name(oldform->pronamespace);
279  sepgsql_schema_add_name(oldform->pronamespace);
280  }
281  if (strcmp(NameStr(newform->proname), NameStr(oldform->proname)) != 0)
282  sepgsql_schema_rename(oldform->pronamespace);
283 
284  /*
285  * check db_procedure:{setattr (install)} permission
286  */
288  if (!oldform->proleakproof && newform->proleakproof)
290 
291  object.classId = ProcedureRelationId;
292  object.objectId = functionId;
293  object.objectSubId = 0;
294  audit_name = getObjectIdentity(&object, false);
295 
296  sepgsql_avc_check_perms(&object,
298  required,
299  audit_name,
300  true);
301  /* cleanups */
302  pfree(audit_name);
303 
304  ReleaseSysCache(oldtup);
305  systable_endscan(sscan);
307 }
void sepgsql_schema_rename(Oid namespaceId)
Definition: schema.c:229
void sepgsql_schema_remove_name(Oid namespaceId)
Definition: schema.c:223
void sepgsql_schema_add_name(Oid namespaceId)
Definition: schema.c:217
void ReleaseSysCache(HeapTuple tuple)
Definition: syscache.c:269
HeapTuple SearchSysCache1(int cacheId, Datum key1)
Definition: syscache.c:221

References AccessShareLock, BTEqualStrategyNumber, elog, ERROR, getObjectIdentity(), GETSTRUCT, HeapTupleIsValid, NameStr, ObjectIdGetDatum(), pfree(), ReleaseSysCache(), generate_unaccent_rules::required, ScanKeyInit(), SearchSysCache1(), SEPG_CLASS_DB_PROCEDURE, SEPG_DB_PROCEDURE__INSTALL, SEPG_DB_PROCEDURE__SETATTR, sepgsql_avc_check_perms(), sepgsql_schema_add_name(), sepgsql_schema_remove_name(), sepgsql_schema_rename(), SnapshotSelf, systable_beginscan(), systable_endscan(), systable_getnext(), table_close(), and table_open().

Referenced by sepgsql_object_access().

◆ sepgsql_relation_drop()

void sepgsql_relation_drop ( Oid  relOid)

Definition at line 416 of file relation.c.

417 {
418  ObjectAddress object;
419  char *audit_name;
420  uint16_t tclass = 0;
421  char relkind = get_rel_relkind(relOid);
422 
423  switch (relkind)
424  {
425  case RELKIND_RELATION:
426  case RELKIND_PARTITIONED_TABLE:
427  tclass = SEPG_CLASS_DB_TABLE;
428  break;
429  case RELKIND_SEQUENCE:
430  tclass = SEPG_CLASS_DB_SEQUENCE;
431  break;
432  case RELKIND_VIEW:
433  tclass = SEPG_CLASS_DB_VIEW;
434  break;
435  case RELKIND_INDEX:
436  /* ignore indexes on toast tables */
437  if (get_rel_namespace(relOid) == PG_TOAST_NAMESPACE)
438  return;
439  /* other indexes are handled specially below; no need for tclass */
440  break;
441  default:
442  /* ignore other relkinds */
443  return;
444  }
445 
446  /*
447  * check db_schema:{remove_name} permission
448  */
449  object.classId = NamespaceRelationId;
450  object.objectId = get_rel_namespace(relOid);
451  object.objectSubId = 0;
452  audit_name = getObjectIdentity(&object, false);
453 
454  sepgsql_avc_check_perms(&object,
457  audit_name,
458  true);
459  pfree(audit_name);
460 
461  /* deal with indexes specially */
462  if (relkind == RELKIND_INDEX)
463  {
464  sepgsql_index_modify(relOid);
465  return;
466  }
467 
468  /*
469  * check db_table/sequence/view:{drop} permission
470  */
471  object.classId = RelationRelationId;
472  object.objectId = relOid;
473  object.objectSubId = 0;
474  audit_name = getObjectIdentity(&object, false);
475 
476  sepgsql_avc_check_perms(&object,
477  tclass,
479  audit_name,
480  true);
481  pfree(audit_name);
482 
483  /*
484  * check db_column:{drop} permission
485  */
486  if (relkind == RELKIND_RELATION || relkind == RELKIND_PARTITIONED_TABLE)
487  {
488  Form_pg_attribute attForm;
489  CatCList *attrList;
490  HeapTuple atttup;
491  int i;
492 
493  attrList = SearchSysCacheList1(ATTNUM, ObjectIdGetDatum(relOid));
494  for (i = 0; i < attrList->n_members; i++)
495  {
496  atttup = &attrList->members[i]->tuple;
497  attForm = (Form_pg_attribute) GETSTRUCT(atttup);
498 
499  if (attForm->attisdropped)
500  continue;
501 
502  object.classId = RelationRelationId;
503  object.objectId = relOid;
504  object.objectSubId = attForm->attnum;
505  audit_name = getObjectIdentity(&object, false);
506 
507  sepgsql_avc_check_perms(&object,
510  audit_name,
511  true);
512  pfree(audit_name);
513  }
514  ReleaseCatCacheList(attrList);
515  }
516 }
void ReleaseCatCacheList(CatCList *list)
Definition: catcache.c:1985
static void sepgsql_index_modify(Oid indexOid)
Definition: relation.c:762
Oid get_rel_namespace(Oid relid)
Definition: lsyscache.c:1952
#define SEPG_CLASS_DB_TABLE
Definition: sepgsql.h:46
#define SEPG_DB_TABLE__DROP
Definition: sepgsql.h:138
#define SEPG_CLASS_DB_VIEW
Definition: sepgsql.h:53
#define SEPG_CLASS_DB_SEQUENCE
Definition: sepgsql.h:47
CatCTup * members[FLEXIBLE_ARRAY_MEMBER]
Definition: catcache.h:180
int n_members
Definition: catcache.h:178
HeapTupleData tuple
Definition: catcache.h:123
#define SearchSysCacheList1(cacheId, key1)
Definition: syscache.h:127

References get_rel_namespace(), get_rel_relkind(), getObjectIdentity(), GETSTRUCT, i, catclist::members, catclist::n_members, ObjectIdGetDatum(), pfree(), ReleaseCatCacheList(), SearchSysCacheList1, SEPG_CLASS_DB_COLUMN, SEPG_CLASS_DB_SCHEMA, SEPG_CLASS_DB_SEQUENCE, SEPG_CLASS_DB_TABLE, SEPG_CLASS_DB_VIEW, SEPG_DB_COLUMN__DROP, SEPG_DB_SCHEMA__REMOVE_NAME, SEPG_DB_TABLE__DROP, sepgsql_avc_check_perms(), sepgsql_index_modify(), and catctup::tuple.

Referenced by sepgsql_object_access().

◆ sepgsql_relation_post_create()

void sepgsql_relation_post_create ( Oid  relOid)

Definition at line 240 of file relation.c.

241 {
242  Relation rel;
243  ScanKeyData skey;
244  SysScanDesc sscan;
245  HeapTuple tuple;
246  Form_pg_class classForm;
247  ObjectAddress object;
248  uint16_t tclass;
249  char *scontext; /* subject */
250  char *tcontext; /* schema */
251  char *rcontext; /* relation */
252  char *ccontext; /* column */
253  char *nsp_name;
254  StringInfoData audit_name;
255 
256  /*
257  * Fetch catalog record of the new relation. Because pg_class entry is not
258  * visible right now, we need to scan the catalog using SnapshotSelf.
259  */
260  rel = table_open(RelationRelationId, AccessShareLock);
261 
262  ScanKeyInit(&skey,
263  Anum_pg_class_oid,
264  BTEqualStrategyNumber, F_OIDEQ,
265  ObjectIdGetDatum(relOid));
266 
267  sscan = systable_beginscan(rel, ClassOidIndexId, true,
268  SnapshotSelf, 1, &skey);
269 
270  tuple = systable_getnext(sscan);
271  if (!HeapTupleIsValid(tuple))
272  elog(ERROR, "could not find tuple for relation %u", relOid);
273 
274  classForm = (Form_pg_class) GETSTRUCT(tuple);
275 
276  /* ignore indexes on toast tables */
277  if (classForm->relkind == RELKIND_INDEX &&
278  classForm->relnamespace == PG_TOAST_NAMESPACE)
279  goto out;
280 
281  /*
282  * check db_schema:{add_name} permission of the namespace
283  */
284  object.classId = NamespaceRelationId;
285  object.objectId = classForm->relnamespace;
286  object.objectSubId = 0;
287  sepgsql_avc_check_perms(&object,
290  getObjectIdentity(&object, false),
291  true);
292 
293  switch (classForm->relkind)
294  {
295  case RELKIND_RELATION:
296  case RELKIND_PARTITIONED_TABLE:
297  tclass = SEPG_CLASS_DB_TABLE;
298  break;
299  case RELKIND_SEQUENCE:
300  tclass = SEPG_CLASS_DB_SEQUENCE;
301  break;
302  case RELKIND_VIEW:
303  tclass = SEPG_CLASS_DB_VIEW;
304  break;
305  case RELKIND_INDEX:
306  /* deal with indexes specially; no need for tclass */
307  sepgsql_index_modify(relOid);
308  goto out;
309  default:
310  /* ignore other relkinds */
311  goto out;
312  }
313 
314  /*
315  * Compute a default security label when we create a new relation object
316  * under the specified namespace.
317  */
318  scontext = sepgsql_get_client_label();
319  tcontext = sepgsql_get_label(NamespaceRelationId,
320  classForm->relnamespace, 0);
321  rcontext = sepgsql_compute_create(scontext, tcontext, tclass,
322  NameStr(classForm->relname));
323 
324  /*
325  * check db_xxx:{create} permission
326  */
327  nsp_name = get_namespace_name(classForm->relnamespace);
328  initStringInfo(&audit_name);
329  appendStringInfo(&audit_name, "%s.%s",
330  quote_identifier(nsp_name),
331  quote_identifier(NameStr(classForm->relname)));
333  tclass,
335  audit_name.data,
336  true);
337 
338  /*
339  * Assign the default security label on the new regular or partitioned
340  * relation.
341  */
342  object.classId = RelationRelationId;
343  object.objectId = relOid;
344  object.objectSubId = 0;
345  SetSecurityLabel(&object, SEPGSQL_LABEL_TAG, rcontext);
346 
347  /*
348  * We also assign a default security label on columns of a new table.
349  */
350  if (classForm->relkind == RELKIND_RELATION ||
351  classForm->relkind == RELKIND_PARTITIONED_TABLE)
352  {
353  Relation arel;
354  ScanKeyData akey;
355  SysScanDesc ascan;
356  HeapTuple atup;
357  Form_pg_attribute attForm;
358 
359  arel = table_open(AttributeRelationId, AccessShareLock);
360 
361  ScanKeyInit(&akey,
362  Anum_pg_attribute_attrelid,
363  BTEqualStrategyNumber, F_OIDEQ,
364  ObjectIdGetDatum(relOid));
365 
366  ascan = systable_beginscan(arel, AttributeRelidNumIndexId, true,
367  SnapshotSelf, 1, &akey);
368 
369  while (HeapTupleIsValid(atup = systable_getnext(ascan)))
370  {
371  attForm = (Form_pg_attribute) GETSTRUCT(atup);
372 
373  resetStringInfo(&audit_name);
374  appendStringInfo(&audit_name, "%s.%s.%s",
375  quote_identifier(nsp_name),
376  quote_identifier(NameStr(classForm->relname)),
377  quote_identifier(NameStr(attForm->attname)));
378 
379  ccontext = sepgsql_compute_create(scontext,
380  rcontext,
382  NameStr(attForm->attname));
383 
384  /*
385  * check db_column:{create} permission
386  */
390  audit_name.data,
391  true);
392 
393  object.classId = RelationRelationId;
394  object.objectId = relOid;
395  object.objectSubId = attForm->attnum;
396  SetSecurityLabel(&object, SEPGSQL_LABEL_TAG, ccontext);
397 
398  pfree(ccontext);
399  }
400  systable_endscan(ascan);
402  }
403  pfree(rcontext);
404 
405 out:
406  systable_endscan(sscan);
408 }
FormData_pg_class * Form_pg_class
Definition: pg_class.h:153

References AccessShareLock, appendStringInfo(), BTEqualStrategyNumber, StringInfoData::data, elog, ERROR, get_namespace_name(), getObjectIdentity(), GETSTRUCT, HeapTupleIsValid, initStringInfo(), NameStr, ObjectIdGetDatum(), pfree(), quote_identifier(), resetStringInfo(), ScanKeyInit(), SEPG_CLASS_DB_COLUMN, SEPG_CLASS_DB_SCHEMA, SEPG_CLASS_DB_SEQUENCE, SEPG_CLASS_DB_TABLE, SEPG_CLASS_DB_VIEW, SEPG_DB_COLUMN__CREATE, SEPG_DB_DATABASE__CREATE, SEPG_DB_SCHEMA__ADD_NAME, sepgsql_avc_check_perms(), sepgsql_avc_check_perms_label(), sepgsql_compute_create(), sepgsql_get_client_label(), sepgsql_get_label(), sepgsql_index_modify(), SEPGSQL_LABEL_TAG, SetSecurityLabel(), SnapshotSelf, systable_beginscan(), systable_endscan(), systable_getnext(), table_close(), and table_open().

Referenced by sepgsql_object_access().

◆ sepgsql_relation_relabel()

void sepgsql_relation_relabel ( Oid  relOid,
const char *  seclabel 
)

Definition at line 564 of file relation.c.

565 {
566  ObjectAddress object;
567  char *audit_name;
568  char relkind = get_rel_relkind(relOid);
569  uint16_t tclass = 0;
570 
571  if (relkind == RELKIND_RELATION || relkind == RELKIND_PARTITIONED_TABLE)
572  tclass = SEPG_CLASS_DB_TABLE;
573  else if (relkind == RELKIND_SEQUENCE)
574  tclass = SEPG_CLASS_DB_SEQUENCE;
575  else if (relkind == RELKIND_VIEW)
576  tclass = SEPG_CLASS_DB_VIEW;
577  else
578  ereport(ERROR,
579  (errcode(ERRCODE_WRONG_OBJECT_TYPE),
580  errmsg("cannot set security labels on relations except "
581  "for tables, sequences or views")));
582 
583  object.classId = RelationRelationId;
584  object.objectId = relOid;
585  object.objectSubId = 0;
586  audit_name = getObjectIdentity(&object, false);
587 
588  /*
589  * check db_xxx:{setattr relabelfrom} permission
590  */
591  sepgsql_avc_check_perms(&object,
592  tclass,
595  audit_name,
596  true);
597 
598  /*
599  * check db_xxx:{relabelto} permission
600  */
602  tclass,
604  audit_name,
605  true);
606  pfree(audit_name);
607 }
#define SEPG_DB_TABLE__SETATTR
Definition: sepgsql.h:140
#define SEPG_DB_TABLE__RELABELFROM
Definition: sepgsql.h:141
#define SEPG_DB_TABLE__RELABELTO
Definition: sepgsql.h:142

References ereport, errcode(), errmsg(), ERROR, get_rel_relkind(), getObjectIdentity(), pfree(), SEPG_CLASS_DB_SEQUENCE, SEPG_CLASS_DB_TABLE, SEPG_CLASS_DB_VIEW, SEPG_DB_TABLE__RELABELFROM, SEPG_DB_TABLE__RELABELTO, SEPG_DB_TABLE__SETATTR, sepgsql_avc_check_perms(), and sepgsql_avc_check_perms_label().

Referenced by sepgsql_object_relabel().

◆ sepgsql_relation_setattr()

void sepgsql_relation_setattr ( Oid  relOid)

Definition at line 615 of file relation.c.

616 {
617  Relation rel;
618  ScanKeyData skey;
619  SysScanDesc sscan;
620  HeapTuple oldtup;
621  HeapTuple newtup;
622  Form_pg_class oldform;
623  Form_pg_class newform;
624  ObjectAddress object;
625  char *audit_name;
626  uint16_t tclass;
627 
628  switch (get_rel_relkind(relOid))
629  {
630  case RELKIND_RELATION:
631  case RELKIND_PARTITIONED_TABLE:
632  tclass = SEPG_CLASS_DB_TABLE;
633  break;
634  case RELKIND_SEQUENCE:
635  tclass = SEPG_CLASS_DB_SEQUENCE;
636  break;
637  case RELKIND_VIEW:
638  tclass = SEPG_CLASS_DB_VIEW;
639  break;
640  case RELKIND_INDEX:
641  /* deal with indexes specially */
642  sepgsql_index_modify(relOid);
643  return;
644  default:
645  /* other relkinds don't need additional work */
646  return;
647  }
648 
649  /*
650  * Fetch newer catalog
651  */
652  rel = table_open(RelationRelationId, AccessShareLock);
653 
654  ScanKeyInit(&skey,
655  Anum_pg_class_oid,
656  BTEqualStrategyNumber, F_OIDEQ,
657  ObjectIdGetDatum(relOid));
658 
659  sscan = systable_beginscan(rel, ClassOidIndexId, true,
660  SnapshotSelf, 1, &skey);
661 
662  newtup = systable_getnext(sscan);
663  if (!HeapTupleIsValid(newtup))
664  elog(ERROR, "could not find tuple for relation %u", relOid);
665  newform = (Form_pg_class) GETSTRUCT(newtup);
666 
667  /*
668  * Fetch older catalog
669  */
670  oldtup = SearchSysCache1(RELOID, ObjectIdGetDatum(relOid));
671  if (!HeapTupleIsValid(oldtup))
672  elog(ERROR, "cache lookup failed for relation %u", relOid);
673  oldform = (Form_pg_class) GETSTRUCT(oldtup);
674 
675  /*
676  * Does this ALTER command takes operation to namespace?
677  */
678  if (newform->relnamespace != oldform->relnamespace)
679  {
680  sepgsql_schema_remove_name(oldform->relnamespace);
681  sepgsql_schema_add_name(newform->relnamespace);
682  }
683  if (strcmp(NameStr(newform->relname), NameStr(oldform->relname)) != 0)
684  sepgsql_schema_rename(oldform->relnamespace);
685 
686  /*
687  * XXX - In the future version, db_tuple:{use} of system catalog entry
688  * shall be checked, if tablespace configuration is changed.
689  */
690 
691  /*
692  * check db_xxx:{setattr} permission
693  */
694  object.classId = RelationRelationId;
695  object.objectId = relOid;
696  object.objectSubId = 0;
697  audit_name = getObjectIdentity(&object, false);
698 
699  sepgsql_avc_check_perms(&object,
700  tclass,
702  audit_name,
703  true);
704  pfree(audit_name);
705 
706  ReleaseSysCache(oldtup);
707  systable_endscan(sscan);
709 }

References AccessShareLock, BTEqualStrategyNumber, elog, ERROR, get_rel_relkind(), getObjectIdentity(), GETSTRUCT, HeapTupleIsValid, NameStr, ObjectIdGetDatum(), pfree(), ReleaseSysCache(), ScanKeyInit(), SearchSysCache1(), SEPG_CLASS_DB_SEQUENCE, SEPG_CLASS_DB_TABLE, SEPG_CLASS_DB_VIEW, SEPG_DB_TABLE__SETATTR, sepgsql_avc_check_perms(), sepgsql_index_modify(), sepgsql_schema_add_name(), sepgsql_schema_remove_name(), sepgsql_schema_rename(), SnapshotSelf, systable_beginscan(), systable_endscan(), systable_getnext(), table_close(), and table_open().

Referenced by sepgsql_object_access(), and sepgsql_relation_setattr_extra().

◆ sepgsql_relation_truncate()

void sepgsql_relation_truncate ( Oid  relOid)

Definition at line 524 of file relation.c.

525 {
526  ObjectAddress object;
527  char *audit_name;
528  uint16_t tclass = 0;
529  char relkind = get_rel_relkind(relOid);
530 
531  switch (relkind)
532  {
533  case RELKIND_RELATION:
534  case RELKIND_PARTITIONED_TABLE:
535  tclass = SEPG_CLASS_DB_TABLE;
536  break;
537  default:
538  /* ignore other relkinds */
539  return;
540  }
541 
542  /*
543  * check db_table:{truncate} permission
544  */
545  object.classId = RelationRelationId;
546  object.objectId = relOid;
547  object.objectSubId = 0;
548  audit_name = getObjectIdentity(&object, false);
549 
550  sepgsql_avc_check_perms(&object,
551  tclass,
553  audit_name,
554  true);
555  pfree(audit_name);
556 }
#define SEPG_DB_TABLE__TRUNCATE
Definition: sepgsql.h:148

References get_rel_relkind(), getObjectIdentity(), pfree(), SEPG_CLASS_DB_TABLE, SEPG_DB_TABLE__TRUNCATE, and sepgsql_avc_check_perms().

Referenced by sepgsql_object_access().

◆ sepgsql_schema_add_name()

void sepgsql_schema_add_name ( Oid  namespaceId)

Definition at line 217 of file schema.c.

218 {
219  check_schema_perms(namespaceId, SEPG_DB_SCHEMA__ADD_NAME, true);
220 }
static bool check_schema_perms(Oid namespaceId, uint32 required, bool abort_on_violation)
Definition: schema.c:179

References check_schema_perms(), and SEPG_DB_SCHEMA__ADD_NAME.

Referenced by sepgsql_proc_setattr(), and sepgsql_relation_setattr().

◆ sepgsql_schema_drop()

void sepgsql_schema_drop ( Oid  namespaceId)

Definition at line 114 of file schema.c.

115 {
116  ObjectAddress object;
117  char *audit_name;
118 
119  /*
120  * check db_schema:{drop} permission
121  */
122  object.classId = NamespaceRelationId;
123  object.objectId = namespaceId;
124  object.objectSubId = 0;
125  audit_name = getObjectIdentity(&object, false);
126 
127  sepgsql_avc_check_perms(&object,
130  audit_name,
131  true);
132  pfree(audit_name);
133 }
#define SEPG_DB_SCHEMA__DROP
Definition: sepgsql.h:128

References ObjectAddress::classId, getObjectIdentity(), pfree(), SEPG_CLASS_DB_SCHEMA, SEPG_DB_SCHEMA__DROP, and sepgsql_avc_check_perms().

Referenced by sepgsql_object_access().

◆ sepgsql_schema_post_create()

void sepgsql_schema_post_create ( Oid  namespaceId)

Definition at line 36 of file schema.c.

37 {
38  Relation rel;
39  ScanKeyData skey;
40  SysScanDesc sscan;
41  HeapTuple tuple;
42  char *tcontext;
43  char *ncontext;
44  const char *nsp_name;
45  ObjectAddress object;
46  Form_pg_namespace nspForm;
47  StringInfoData audit_name;
48 
49  /*
50  * Compute a default security label when we create a new schema object
51  * under the working database.
52  *
53  * XXX - upcoming version of libselinux supports to take object name to
54  * handle special treatment on default security label; such as special
55  * label on "pg_temp" schema.
56  */
57  rel = table_open(NamespaceRelationId, AccessShareLock);
58 
59  ScanKeyInit(&skey,
60  Anum_pg_namespace_oid,
61  BTEqualStrategyNumber, F_OIDEQ,
62  ObjectIdGetDatum(namespaceId));
63 
64  sscan = systable_beginscan(rel, NamespaceOidIndexId, true,
65  SnapshotSelf, 1, &skey);
66  tuple = systable_getnext(sscan);
67  if (!HeapTupleIsValid(tuple))
68  elog(ERROR, "could not find tuple for namespace %u", namespaceId);
69 
70  nspForm = (Form_pg_namespace) GETSTRUCT(tuple);
71  nsp_name = NameStr(nspForm->nspname);
72  if (strncmp(nsp_name, "pg_temp_", 8) == 0)
73  nsp_name = "pg_temp";
74  else if (strncmp(nsp_name, "pg_toast_temp_", 14) == 0)
75  nsp_name = "pg_toast_temp";
76 
77  tcontext = sepgsql_get_label(DatabaseRelationId, MyDatabaseId, 0);
79  tcontext,
81  nsp_name);
82 
83  /*
84  * check db_schema:{create}
85  */
86  initStringInfo(&audit_name);
87  appendStringInfoString(&audit_name, quote_identifier(nsp_name));
91  audit_name.data,
92  true);
93  systable_endscan(sscan);
95 
96  /*
97  * Assign the default security label on a new procedure
98  */
99  object.classId = NamespaceRelationId;
100  object.objectId = namespaceId;
101  object.objectSubId = 0;
102  SetSecurityLabel(&object, SEPGSQL_LABEL_TAG, ncontext);
103 
104  pfree(ncontext);
105  pfree(tcontext);
106 }
Oid MyDatabaseId
Definition: globals.c:93
FormData_pg_namespace * Form_pg_namespace
Definition: pg_namespace.h:52
#define SEPG_DB_SCHEMA__CREATE
Definition: sepgsql.h:127

References AccessShareLock, appendStringInfoString(), BTEqualStrategyNumber, StringInfoData::data, elog, ERROR, GETSTRUCT, HeapTupleIsValid, initStringInfo(), MyDatabaseId, NameStr, ObjectIdGetDatum(), pfree(), quote_identifier(), ScanKeyInit(), SEPG_CLASS_DB_SCHEMA, SEPG_DB_SCHEMA__CREATE, sepgsql_avc_check_perms_label(), sepgsql_compute_create(), sepgsql_get_client_label(), sepgsql_get_label(), SEPGSQL_LABEL_TAG, SetSecurityLabel(), SnapshotSelf, systable_beginscan(), systable_endscan(), systable_getnext(), table_close(), and table_open().

Referenced by sepgsql_object_access().

◆ sepgsql_schema_relabel()

void sepgsql_schema_relabel ( Oid  namespaceId,
const char *  seclabel 
)

Definition at line 142 of file schema.c.

143 {
144  ObjectAddress object;
145  char *audit_name;
146 
147  object.classId = NamespaceRelationId;
148  object.objectId = namespaceId;
149  object.objectSubId = 0;
150  audit_name = getObjectIdentity(&object, false);
151 
152  /*
153  * check db_schema:{setattr relabelfrom} permission
154  */
155  sepgsql_avc_check_perms(&object,
159  audit_name,
160  true);
161 
162  /*
163  * check db_schema:{relabelto} permission
164  */
168  audit_name,
169  true);
170  pfree(audit_name);
171 }
#define SEPG_DB_SCHEMA__SETATTR
Definition: sepgsql.h:130
#define SEPG_DB_SCHEMA__RELABELFROM
Definition: sepgsql.h:131
#define SEPG_DB_SCHEMA__RELABELTO
Definition: sepgsql.h:132

References ObjectAddress::classId, getObjectIdentity(), pfree(), SEPG_CLASS_DB_SCHEMA, SEPG_DB_SCHEMA__RELABELFROM, SEPG_DB_SCHEMA__RELABELTO, SEPG_DB_SCHEMA__SETATTR, sepgsql_avc_check_perms(), and sepgsql_avc_check_perms_label().

Referenced by sepgsql_object_relabel().

◆ sepgsql_schema_remove_name()

void sepgsql_schema_remove_name ( Oid  namespaceId)

Definition at line 223 of file schema.c.

224 {
226 }

References check_schema_perms(), and SEPG_DB_SCHEMA__REMOVE_NAME.

Referenced by sepgsql_proc_setattr(), and sepgsql_relation_setattr().

◆ sepgsql_schema_rename()

void sepgsql_schema_rename ( Oid  namespaceId)

Definition at line 229 of file schema.c.

230 {
231  check_schema_perms(namespaceId,
234  true);
235 }

References check_schema_perms(), SEPG_DB_SCHEMA__ADD_NAME, and SEPG_DB_SCHEMA__REMOVE_NAME.

Referenced by sepgsql_proc_setattr(), and sepgsql_relation_setattr().

◆ sepgsql_schema_search()

bool sepgsql_schema_search ( Oid  namespaceId,
bool  abort_on_violation 
)

Definition at line 209 of file schema.c.

210 {
211  return check_schema_perms(namespaceId,
213  abort_on_violation);
214 }
#define SEPG_DB_SCHEMA__SEARCH
Definition: sepgsql.h:133

References check_schema_perms(), and SEPG_DB_SCHEMA__SEARCH.

Referenced by sepgsql_object_access().

◆ sepgsql_schema_setattr()

void sepgsql_schema_setattr ( Oid  namespaceId)

Definition at line 202 of file schema.c.

203 {
204  check_schema_perms(namespaceId, SEPG_DB_SCHEMA__SETATTR, true);
205 }

References check_schema_perms(), and SEPG_DB_SCHEMA__SETATTR.

Referenced by sepgsql_object_access().

◆ sepgsql_set_mode()

int sepgsql_set_mode ( int  new_mode)

Definition at line 634 of file selinux.c.

635 {
636  int old_mode = sepgsql_mode;
637 
638  sepgsql_mode = new_mode;
639 
640  return old_mode;
641 }

References sepgsql_mode.

Referenced by _PG_init(), and sepgsql_client_auth().