PostgreSQL Source Code  git master
sepgsql.h File Reference
#include "catalog/objectaddress.h"
#include "fmgr.h"
#include <selinux/selinux.h>
#include <selinux/avc.h>
Include dependency graph for sepgsql.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Macros

#define SEPGSQL_LABEL_TAG   "selinux"
 
#define SEPGSQL_MODE_DEFAULT   1
 
#define SEPGSQL_MODE_PERMISSIVE   2
 
#define SEPGSQL_MODE_INTERNAL   3
 
#define SEPGSQL_MODE_DISABLED   4
 
#define SEPG_CLASS_PROCESS   0
 
#define SEPG_CLASS_FILE   1
 
#define SEPG_CLASS_DIR   2
 
#define SEPG_CLASS_LNK_FILE   3
 
#define SEPG_CLASS_CHR_FILE   4
 
#define SEPG_CLASS_BLK_FILE   5
 
#define SEPG_CLASS_SOCK_FILE   6
 
#define SEPG_CLASS_FIFO_FILE   7
 
#define SEPG_CLASS_DB_DATABASE   8
 
#define SEPG_CLASS_DB_SCHEMA   9
 
#define SEPG_CLASS_DB_TABLE   10
 
#define SEPG_CLASS_DB_SEQUENCE   11
 
#define SEPG_CLASS_DB_PROCEDURE   12
 
#define SEPG_CLASS_DB_COLUMN   13
 
#define SEPG_CLASS_DB_TUPLE   14
 
#define SEPG_CLASS_DB_BLOB   15
 
#define SEPG_CLASS_DB_LANGUAGE   16
 
#define SEPG_CLASS_DB_VIEW   17
 
#define SEPG_CLASS_MAX   18
 
#define SEPG_PROCESS__TRANSITION   (1<<0)
 
#define SEPG_PROCESS__DYNTRANSITION   (1<<1)
 
#define SEPG_PROCESS__SETCURRENT   (1<<2)
 
#define SEPG_FILE__READ   (1<<0)
 
#define SEPG_FILE__WRITE   (1<<1)
 
#define SEPG_FILE__CREATE   (1<<2)
 
#define SEPG_FILE__GETATTR   (1<<3)
 
#define SEPG_FILE__UNLINK   (1<<4)
 
#define SEPG_FILE__RENAME   (1<<5)
 
#define SEPG_FILE__APPEND   (1<<6)
 
#define SEPG_DIR__READ   (SEPG_FILE__READ)
 
#define SEPG_DIR__WRITE   (SEPG_FILE__WRITE)
 
#define SEPG_DIR__CREATE   (SEPG_FILE__CREATE)
 
#define SEPG_DIR__GETATTR   (SEPG_FILE__GETATTR)
 
#define SEPG_DIR__UNLINK   (SEPG_FILE__UNLINK)
 
#define SEPG_DIR__RENAME   (SEPG_FILE__RENAME)
 
#define SEPG_DIR__SEARCH   (1<<6)
 
#define SEPG_DIR__ADD_NAME   (1<<7)
 
#define SEPG_DIR__REMOVE_NAME   (1<<8)
 
#define SEPG_DIR__RMDIR   (1<<9)
 
#define SEPG_DIR__REPARENT   (1<<10)
 
#define SEPG_LNK_FILE__READ   (SEPG_FILE__READ)
 
#define SEPG_LNK_FILE__WRITE   (SEPG_FILE__WRITE)
 
#define SEPG_LNK_FILE__CREATE   (SEPG_FILE__CREATE)
 
#define SEPG_LNK_FILE__GETATTR   (SEPG_FILE__GETATTR)
 
#define SEPG_LNK_FILE__UNLINK   (SEPG_FILE__UNLINK)
 
#define SEPG_LNK_FILE__RENAME   (SEPG_FILE__RENAME)
 
#define SEPG_CHR_FILE__READ   (SEPG_FILE__READ)
 
#define SEPG_CHR_FILE__WRITE   (SEPG_FILE__WRITE)
 
#define SEPG_CHR_FILE__CREATE   (SEPG_FILE__CREATE)
 
#define SEPG_CHR_FILE__GETATTR   (SEPG_FILE__GETATTR)
 
#define SEPG_CHR_FILE__UNLINK   (SEPG_FILE__UNLINK)
 
#define SEPG_CHR_FILE__RENAME   (SEPG_FILE__RENAME)
 
#define SEPG_BLK_FILE__READ   (SEPG_FILE__READ)
 
#define SEPG_BLK_FILE__WRITE   (SEPG_FILE__WRITE)
 
#define SEPG_BLK_FILE__CREATE   (SEPG_FILE__CREATE)
 
#define SEPG_BLK_FILE__GETATTR   (SEPG_FILE__GETATTR)
 
#define SEPG_BLK_FILE__UNLINK   (SEPG_FILE__UNLINK)
 
#define SEPG_BLK_FILE__RENAME   (SEPG_FILE__RENAME)
 
#define SEPG_SOCK_FILE__READ   (SEPG_FILE__READ)
 
#define SEPG_SOCK_FILE__WRITE   (SEPG_FILE__WRITE)
 
#define SEPG_SOCK_FILE__CREATE   (SEPG_FILE__CREATE)
 
#define SEPG_SOCK_FILE__GETATTR   (SEPG_FILE__GETATTR)
 
#define SEPG_SOCK_FILE__UNLINK   (SEPG_FILE__UNLINK)
 
#define SEPG_SOCK_FILE__RENAME   (SEPG_FILE__RENAME)
 
#define SEPG_FIFO_FILE__READ   (SEPG_FILE__READ)
 
#define SEPG_FIFO_FILE__WRITE   (SEPG_FILE__WRITE)
 
#define SEPG_FIFO_FILE__CREATE   (SEPG_FILE__CREATE)
 
#define SEPG_FIFO_FILE__GETATTR   (SEPG_FILE__GETATTR)
 
#define SEPG_FIFO_FILE__UNLINK   (SEPG_FILE__UNLINK)
 
#define SEPG_FIFO_FILE__RENAME   (SEPG_FILE__RENAME)
 
#define SEPG_DB_DATABASE__CREATE   (1<<0)
 
#define SEPG_DB_DATABASE__DROP   (1<<1)
 
#define SEPG_DB_DATABASE__GETATTR   (1<<2)
 
#define SEPG_DB_DATABASE__SETATTR   (1<<3)
 
#define SEPG_DB_DATABASE__RELABELFROM   (1<<4)
 
#define SEPG_DB_DATABASE__RELABELTO   (1<<5)
 
#define SEPG_DB_DATABASE__ACCESS   (1<<6)
 
#define SEPG_DB_DATABASE__LOAD_MODULE   (1<<7)
 
#define SEPG_DB_SCHEMA__CREATE   (SEPG_DB_DATABASE__CREATE)
 
#define SEPG_DB_SCHEMA__DROP   (SEPG_DB_DATABASE__DROP)
 
#define SEPG_DB_SCHEMA__GETATTR   (SEPG_DB_DATABASE__GETATTR)
 
#define SEPG_DB_SCHEMA__SETATTR   (SEPG_DB_DATABASE__SETATTR)
 
#define SEPG_DB_SCHEMA__RELABELFROM   (SEPG_DB_DATABASE__RELABELFROM)
 
#define SEPG_DB_SCHEMA__RELABELTO   (SEPG_DB_DATABASE__RELABELTO)
 
#define SEPG_DB_SCHEMA__SEARCH   (1<<6)
 
#define SEPG_DB_SCHEMA__ADD_NAME   (1<<7)
 
#define SEPG_DB_SCHEMA__REMOVE_NAME   (1<<8)
 
#define SEPG_DB_TABLE__CREATE   (SEPG_DB_DATABASE__CREATE)
 
#define SEPG_DB_TABLE__DROP   (SEPG_DB_DATABASE__DROP)
 
#define SEPG_DB_TABLE__GETATTR   (SEPG_DB_DATABASE__GETATTR)
 
#define SEPG_DB_TABLE__SETATTR   (SEPG_DB_DATABASE__SETATTR)
 
#define SEPG_DB_TABLE__RELABELFROM   (SEPG_DB_DATABASE__RELABELFROM)
 
#define SEPG_DB_TABLE__RELABELTO   (SEPG_DB_DATABASE__RELABELTO)
 
#define SEPG_DB_TABLE__SELECT   (1<<6)
 
#define SEPG_DB_TABLE__UPDATE   (1<<7)
 
#define SEPG_DB_TABLE__INSERT   (1<<8)
 
#define SEPG_DB_TABLE__DELETE   (1<<9)
 
#define SEPG_DB_TABLE__LOCK   (1<<10)
 
#define SEPG_DB_TABLE__TRUNCATE   (1<<11)
 
#define SEPG_DB_SEQUENCE__CREATE   (SEPG_DB_DATABASE__CREATE)
 
#define SEPG_DB_SEQUENCE__DROP   (SEPG_DB_DATABASE__DROP)
 
#define SEPG_DB_SEQUENCE__GETATTR   (SEPG_DB_DATABASE__GETATTR)
 
#define SEPG_DB_SEQUENCE__SETATTR   (SEPG_DB_DATABASE__SETATTR)
 
#define SEPG_DB_SEQUENCE__RELABELFROM   (SEPG_DB_DATABASE__RELABELFROM)
 
#define SEPG_DB_SEQUENCE__RELABELTO   (SEPG_DB_DATABASE__RELABELTO)
 
#define SEPG_DB_SEQUENCE__GET_VALUE   (1<<6)
 
#define SEPG_DB_SEQUENCE__NEXT_VALUE   (1<<7)
 
#define SEPG_DB_SEQUENCE__SET_VALUE   (1<<8)
 
#define SEPG_DB_PROCEDURE__CREATE   (SEPG_DB_DATABASE__CREATE)
 
#define SEPG_DB_PROCEDURE__DROP   (SEPG_DB_DATABASE__DROP)
 
#define SEPG_DB_PROCEDURE__GETATTR   (SEPG_DB_DATABASE__GETATTR)
 
#define SEPG_DB_PROCEDURE__SETATTR   (SEPG_DB_DATABASE__SETATTR)
 
#define SEPG_DB_PROCEDURE__RELABELFROM   (SEPG_DB_DATABASE__RELABELFROM)
 
#define SEPG_DB_PROCEDURE__RELABELTO   (SEPG_DB_DATABASE__RELABELTO)
 
#define SEPG_DB_PROCEDURE__EXECUTE   (1<<6)
 
#define SEPG_DB_PROCEDURE__ENTRYPOINT   (1<<7)
 
#define SEPG_DB_PROCEDURE__INSTALL   (1<<8)
 
#define SEPG_DB_COLUMN__CREATE   (SEPG_DB_DATABASE__CREATE)
 
#define SEPG_DB_COLUMN__DROP   (SEPG_DB_DATABASE__DROP)
 
#define SEPG_DB_COLUMN__GETATTR   (SEPG_DB_DATABASE__GETATTR)
 
#define SEPG_DB_COLUMN__SETATTR   (SEPG_DB_DATABASE__SETATTR)
 
#define SEPG_DB_COLUMN__RELABELFROM   (SEPG_DB_DATABASE__RELABELFROM)
 
#define SEPG_DB_COLUMN__RELABELTO   (SEPG_DB_DATABASE__RELABELTO)
 
#define SEPG_DB_COLUMN__SELECT   (1<<6)
 
#define SEPG_DB_COLUMN__UPDATE   (1<<7)
 
#define SEPG_DB_COLUMN__INSERT   (1<<8)
 
#define SEPG_DB_TUPLE__RELABELFROM   (SEPG_DB_DATABASE__RELABELFROM)
 
#define SEPG_DB_TUPLE__RELABELTO   (SEPG_DB_DATABASE__RELABELTO)
 
#define SEPG_DB_TUPLE__SELECT   (SEPG_DB_DATABASE__GETATTR)
 
#define SEPG_DB_TUPLE__UPDATE   (SEPG_DB_DATABASE__SETATTR)
 
#define SEPG_DB_TUPLE__INSERT   (SEPG_DB_DATABASE__CREATE)
 
#define SEPG_DB_TUPLE__DELETE   (SEPG_DB_DATABASE__DROP)
 
#define SEPG_DB_BLOB__CREATE   (SEPG_DB_DATABASE__CREATE)
 
#define SEPG_DB_BLOB__DROP   (SEPG_DB_DATABASE__DROP)
 
#define SEPG_DB_BLOB__GETATTR   (SEPG_DB_DATABASE__GETATTR)
 
#define SEPG_DB_BLOB__SETATTR   (SEPG_DB_DATABASE__SETATTR)
 
#define SEPG_DB_BLOB__RELABELFROM   (SEPG_DB_DATABASE__RELABELFROM)
 
#define SEPG_DB_BLOB__RELABELTO   (SEPG_DB_DATABASE__RELABELTO)
 
#define SEPG_DB_BLOB__READ   (1<<6)
 
#define SEPG_DB_BLOB__WRITE   (1<<7)
 
#define SEPG_DB_BLOB__IMPORT   (1<<8)
 
#define SEPG_DB_BLOB__EXPORT   (1<<9)
 
#define SEPG_DB_LANGUAGE__CREATE   (SEPG_DB_DATABASE__CREATE)
 
#define SEPG_DB_LANGUAGE__DROP   (SEPG_DB_DATABASE__DROP)
 
#define SEPG_DB_LANGUAGE__GETATTR   (SEPG_DB_DATABASE__GETATTR)
 
#define SEPG_DB_LANGUAGE__SETATTR   (SEPG_DB_DATABASE__SETATTR)
 
#define SEPG_DB_LANGUAGE__RELABELFROM   (SEPG_DB_DATABASE__RELABELFROM)
 
#define SEPG_DB_LANGUAGE__RELABELTO   (SEPG_DB_DATABASE__RELABELTO)
 
#define SEPG_DB_LANGUAGE__IMPLEMENT   (1<<6)
 
#define SEPG_DB_LANGUAGE__EXECUTE   (1<<7)
 
#define SEPG_DB_VIEW__CREATE   (SEPG_DB_DATABASE__CREATE)
 
#define SEPG_DB_VIEW__DROP   (SEPG_DB_DATABASE__DROP)
 
#define SEPG_DB_VIEW__GETATTR   (SEPG_DB_DATABASE__GETATTR)
 
#define SEPG_DB_VIEW__SETATTR   (SEPG_DB_DATABASE__SETATTR)
 
#define SEPG_DB_VIEW__RELABELFROM   (SEPG_DB_DATABASE__RELABELFROM)
 
#define SEPG_DB_VIEW__RELABELTO   (SEPG_DB_DATABASE__RELABELTO)
 
#define SEPG_DB_VIEW__EXPAND   (1<<6)
 
#define SEPGSQL_AVC_NOAUDIT   ((void *)(-1))
 

Functions

bool sepgsql_get_permissive (void)
 
bool sepgsql_get_debug_audit (void)
 
bool sepgsql_is_enabled (void)
 
int sepgsql_get_mode (void)
 
int sepgsql_set_mode (int new_mode)
 
bool sepgsql_getenforce (void)
 
void sepgsql_audit_log (bool denied, const char *scontext, const char *tcontext, uint16 tclass, uint32 audited, const char *audit_name)
 
void sepgsql_compute_avd (const char *scontext, const char *tcontext, uint16 tclass, struct av_decision *avd)
 
char * sepgsql_compute_create (const char *scontext, const char *tcontext, uint16 tclass, const char *objname)
 
bool sepgsql_check_perms (const char *scontext, const char *tcontext, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
 
bool sepgsql_avc_check_perms_label (const char *tcontext, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
 
bool sepgsql_avc_check_perms (const ObjectAddress *tobject, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
 
char * sepgsql_avc_trusted_proc (Oid functionId)
 
void sepgsql_avc_init (void)
 
char * sepgsql_get_client_label (void)
 
void sepgsql_init_client_label (void)
 
char * sepgsql_get_label (Oid classId, Oid objectId, int32 subId)
 
void sepgsql_object_relabel (const ObjectAddress *object, const char *seclabel)
 
bool sepgsql_dml_privileges (List *rangeTabls, bool abort_on_violation)
 
void sepgsql_database_post_create (Oid databaseId, const char *dtemplate)
 
void sepgsql_database_drop (Oid databaseId)
 
void sepgsql_database_relabel (Oid databaseId, const char *seclabel)
 
void sepgsql_database_setattr (Oid databaseId)
 
void sepgsql_schema_post_create (Oid namespaceId)
 
void sepgsql_schema_drop (Oid namespaceId)
 
void sepgsql_schema_relabel (Oid namespaceId, const char *seclabel)
 
void sepgsql_schema_setattr (Oid namespaceId)
 
bool sepgsql_schema_search (Oid namespaceId, bool abort_on_violation)
 
void sepgsql_schema_add_name (Oid namespaceId)
 
void sepgsql_schema_remove_name (Oid namespaceId)
 
void sepgsql_schema_rename (Oid namespaceId)
 
void sepgsql_attribute_post_create (Oid relOid, AttrNumber attnum)
 
void sepgsql_attribute_drop (Oid relOid, AttrNumber attnum)
 
void sepgsql_attribute_relabel (Oid relOid, AttrNumber attnum, const char *seclabel)
 
void sepgsql_attribute_setattr (Oid relOid, AttrNumber attnum)
 
void sepgsql_relation_post_create (Oid relOid)
 
void sepgsql_relation_drop (Oid relOid)
 
void sepgsql_relation_truncate (Oid relOid)
 
void sepgsql_relation_relabel (Oid relOid, const char *seclabel)
 
void sepgsql_relation_setattr (Oid relOid)
 
void sepgsql_proc_post_create (Oid functionId)
 
void sepgsql_proc_drop (Oid functionId)
 
void sepgsql_proc_relabel (Oid functionId, const char *seclabel)
 
void sepgsql_proc_setattr (Oid functionId)
 
void sepgsql_proc_execute (Oid functionId)
 

Macro Definition Documentation

◆ SEPG_BLK_FILE__CREATE

#define SEPG_BLK_FILE__CREATE   (SEPG_FILE__CREATE)

Definition at line 99 of file sepgsql.h.

◆ SEPG_BLK_FILE__GETATTR

#define SEPG_BLK_FILE__GETATTR   (SEPG_FILE__GETATTR)

Definition at line 100 of file sepgsql.h.

◆ SEPG_BLK_FILE__READ

#define SEPG_BLK_FILE__READ   (SEPG_FILE__READ)

Definition at line 97 of file sepgsql.h.

◆ SEPG_BLK_FILE__RENAME

#define SEPG_BLK_FILE__RENAME   (SEPG_FILE__RENAME)

Definition at line 102 of file sepgsql.h.

◆ SEPG_BLK_FILE__UNLINK

#define SEPG_BLK_FILE__UNLINK   (SEPG_FILE__UNLINK)

Definition at line 101 of file sepgsql.h.

◆ SEPG_BLK_FILE__WRITE

#define SEPG_BLK_FILE__WRITE   (SEPG_FILE__WRITE)

Definition at line 98 of file sepgsql.h.

◆ SEPG_CHR_FILE__CREATE

#define SEPG_CHR_FILE__CREATE   (SEPG_FILE__CREATE)

Definition at line 92 of file sepgsql.h.

◆ SEPG_CHR_FILE__GETATTR

#define SEPG_CHR_FILE__GETATTR   (SEPG_FILE__GETATTR)

Definition at line 93 of file sepgsql.h.

◆ SEPG_CHR_FILE__READ

#define SEPG_CHR_FILE__READ   (SEPG_FILE__READ)

Definition at line 90 of file sepgsql.h.

◆ SEPG_CHR_FILE__RENAME

#define SEPG_CHR_FILE__RENAME   (SEPG_FILE__RENAME)

Definition at line 95 of file sepgsql.h.

◆ SEPG_CHR_FILE__UNLINK

#define SEPG_CHR_FILE__UNLINK   (SEPG_FILE__UNLINK)

Definition at line 94 of file sepgsql.h.

◆ SEPG_CHR_FILE__WRITE

#define SEPG_CHR_FILE__WRITE   (SEPG_FILE__WRITE)

Definition at line 91 of file sepgsql.h.

◆ SEPG_CLASS_BLK_FILE

#define SEPG_CLASS_BLK_FILE   5

Definition at line 41 of file sepgsql.h.

◆ SEPG_CLASS_CHR_FILE

#define SEPG_CLASS_CHR_FILE   4

Definition at line 40 of file sepgsql.h.

◆ SEPG_CLASS_DB_BLOB

#define SEPG_CLASS_DB_BLOB   15

Definition at line 51 of file sepgsql.h.

◆ SEPG_CLASS_DB_COLUMN

◆ SEPG_CLASS_DB_DATABASE

#define SEPG_CLASS_DB_DATABASE   8

◆ SEPG_CLASS_DB_LANGUAGE

#define SEPG_CLASS_DB_LANGUAGE   16

Definition at line 52 of file sepgsql.h.

◆ SEPG_CLASS_DB_PROCEDURE

◆ SEPG_CLASS_DB_SCHEMA

◆ SEPG_CLASS_DB_SEQUENCE

#define SEPG_CLASS_DB_SEQUENCE   11

◆ SEPG_CLASS_DB_TABLE

◆ SEPG_CLASS_DB_TUPLE

#define SEPG_CLASS_DB_TUPLE   14

Definition at line 50 of file sepgsql.h.

◆ SEPG_CLASS_DB_VIEW

◆ SEPG_CLASS_DIR

#define SEPG_CLASS_DIR   2

Definition at line 38 of file sepgsql.h.

◆ SEPG_CLASS_FIFO_FILE

#define SEPG_CLASS_FIFO_FILE   7

Definition at line 43 of file sepgsql.h.

◆ SEPG_CLASS_FILE

#define SEPG_CLASS_FILE   1

Definition at line 37 of file sepgsql.h.

◆ SEPG_CLASS_LNK_FILE

#define SEPG_CLASS_LNK_FILE   3

Definition at line 39 of file sepgsql.h.

◆ SEPG_CLASS_MAX

#define SEPG_CLASS_MAX   18

Definition at line 54 of file sepgsql.h.

Referenced by sepgsql_audit_log(), sepgsql_compute_avd(), and sepgsql_compute_create().

◆ SEPG_CLASS_PROCESS

#define SEPG_CLASS_PROCESS   0

Definition at line 36 of file sepgsql.h.

Referenced by sepgsql_avc_compute(), sepgsql_fmgr_hook(), and sepgsql_set_client_label().

◆ SEPG_CLASS_SOCK_FILE

#define SEPG_CLASS_SOCK_FILE   6

Definition at line 42 of file sepgsql.h.

◆ SEPG_DB_BLOB__CREATE

#define SEPG_DB_BLOB__CREATE   (SEPG_DB_DATABASE__CREATE)

Definition at line 187 of file sepgsql.h.

◆ SEPG_DB_BLOB__DROP

#define SEPG_DB_BLOB__DROP   (SEPG_DB_DATABASE__DROP)

Definition at line 188 of file sepgsql.h.

◆ SEPG_DB_BLOB__EXPORT

#define SEPG_DB_BLOB__EXPORT   (1<<9)

Definition at line 196 of file sepgsql.h.

◆ SEPG_DB_BLOB__GETATTR

#define SEPG_DB_BLOB__GETATTR   (SEPG_DB_DATABASE__GETATTR)

Definition at line 189 of file sepgsql.h.

◆ SEPG_DB_BLOB__IMPORT

#define SEPG_DB_BLOB__IMPORT   (1<<8)

Definition at line 195 of file sepgsql.h.

◆ SEPG_DB_BLOB__READ

#define SEPG_DB_BLOB__READ   (1<<6)

Definition at line 193 of file sepgsql.h.

◆ SEPG_DB_BLOB__RELABELFROM

#define SEPG_DB_BLOB__RELABELFROM   (SEPG_DB_DATABASE__RELABELFROM)

Definition at line 191 of file sepgsql.h.

◆ SEPG_DB_BLOB__RELABELTO

#define SEPG_DB_BLOB__RELABELTO   (SEPG_DB_DATABASE__RELABELTO)

Definition at line 192 of file sepgsql.h.

◆ SEPG_DB_BLOB__SETATTR

#define SEPG_DB_BLOB__SETATTR   (SEPG_DB_DATABASE__SETATTR)

Definition at line 190 of file sepgsql.h.

◆ SEPG_DB_BLOB__WRITE

#define SEPG_DB_BLOB__WRITE   (1<<7)

Definition at line 194 of file sepgsql.h.

◆ SEPG_DB_COLUMN__CREATE

#define SEPG_DB_COLUMN__CREATE   (SEPG_DB_DATABASE__CREATE)

Definition at line 170 of file sepgsql.h.

Referenced by sepgsql_attribute_post_create(), and sepgsql_relation_post_create().

◆ SEPG_DB_COLUMN__DROP

#define SEPG_DB_COLUMN__DROP   (SEPG_DB_DATABASE__DROP)

Definition at line 171 of file sepgsql.h.

Referenced by sepgsql_attribute_drop(), and sepgsql_relation_drop().

◆ SEPG_DB_COLUMN__GETATTR

#define SEPG_DB_COLUMN__GETATTR   (SEPG_DB_DATABASE__GETATTR)

Definition at line 172 of file sepgsql.h.

◆ SEPG_DB_COLUMN__INSERT

#define SEPG_DB_COLUMN__INSERT   (1<<8)

Definition at line 178 of file sepgsql.h.

Referenced by check_relation_privileges().

◆ SEPG_DB_COLUMN__RELABELFROM

#define SEPG_DB_COLUMN__RELABELFROM   (SEPG_DB_DATABASE__RELABELFROM)

Definition at line 174 of file sepgsql.h.

Referenced by sepgsql_attribute_relabel().

◆ SEPG_DB_COLUMN__RELABELTO

#define SEPG_DB_COLUMN__RELABELTO   (SEPG_DB_DATABASE__RELABELTO)

Definition at line 175 of file sepgsql.h.

◆ SEPG_DB_COLUMN__SELECT

#define SEPG_DB_COLUMN__SELECT   (1<<6)

Definition at line 176 of file sepgsql.h.

Referenced by check_relation_privileges().

◆ SEPG_DB_COLUMN__SETATTR

#define SEPG_DB_COLUMN__SETATTR   (SEPG_DB_DATABASE__SETATTR)

Definition at line 173 of file sepgsql.h.

Referenced by sepgsql_attribute_relabel(), and sepgsql_attribute_setattr().

◆ SEPG_DB_COLUMN__UPDATE

#define SEPG_DB_COLUMN__UPDATE   (1<<7)

Definition at line 177 of file sepgsql.h.

Referenced by check_relation_privileges().

◆ SEPG_DB_DATABASE__ACCESS

#define SEPG_DB_DATABASE__ACCESS   (1<<6)

Definition at line 124 of file sepgsql.h.

◆ SEPG_DB_DATABASE__CREATE

#define SEPG_DB_DATABASE__CREATE   (1<<0)

Definition at line 118 of file sepgsql.h.

Referenced by sepgsql_database_post_create(), and sepgsql_relation_post_create().

◆ SEPG_DB_DATABASE__DROP

#define SEPG_DB_DATABASE__DROP   (1<<1)

Definition at line 119 of file sepgsql.h.

Referenced by sepgsql_database_drop().

◆ SEPG_DB_DATABASE__GETATTR

#define SEPG_DB_DATABASE__GETATTR   (1<<2)

Definition at line 120 of file sepgsql.h.

Referenced by sepgsql_database_post_create().

◆ SEPG_DB_DATABASE__LOAD_MODULE

#define SEPG_DB_DATABASE__LOAD_MODULE   (1<<7)

Definition at line 125 of file sepgsql.h.

◆ SEPG_DB_DATABASE__RELABELFROM

#define SEPG_DB_DATABASE__RELABELFROM   (1<<4)

Definition at line 122 of file sepgsql.h.

Referenced by sepgsql_database_relabel().

◆ SEPG_DB_DATABASE__RELABELTO

#define SEPG_DB_DATABASE__RELABELTO   (1<<5)

Definition at line 123 of file sepgsql.h.

Referenced by sepgsql_database_relabel().

◆ SEPG_DB_DATABASE__SETATTR

#define SEPG_DB_DATABASE__SETATTR   (1<<3)

Definition at line 121 of file sepgsql.h.

Referenced by sepgsql_database_relabel(), and sepgsql_database_setattr().

◆ SEPG_DB_LANGUAGE__CREATE

#define SEPG_DB_LANGUAGE__CREATE   (SEPG_DB_DATABASE__CREATE)

Definition at line 198 of file sepgsql.h.

◆ SEPG_DB_LANGUAGE__DROP

#define SEPG_DB_LANGUAGE__DROP   (SEPG_DB_DATABASE__DROP)

Definition at line 199 of file sepgsql.h.

◆ SEPG_DB_LANGUAGE__EXECUTE

#define SEPG_DB_LANGUAGE__EXECUTE   (1<<7)

Definition at line 205 of file sepgsql.h.

◆ SEPG_DB_LANGUAGE__GETATTR

#define SEPG_DB_LANGUAGE__GETATTR   (SEPG_DB_DATABASE__GETATTR)

Definition at line 200 of file sepgsql.h.

◆ SEPG_DB_LANGUAGE__IMPLEMENT

#define SEPG_DB_LANGUAGE__IMPLEMENT   (1<<6)

Definition at line 204 of file sepgsql.h.

◆ SEPG_DB_LANGUAGE__RELABELFROM

#define SEPG_DB_LANGUAGE__RELABELFROM   (SEPG_DB_DATABASE__RELABELFROM)

Definition at line 202 of file sepgsql.h.

◆ SEPG_DB_LANGUAGE__RELABELTO

#define SEPG_DB_LANGUAGE__RELABELTO   (SEPG_DB_DATABASE__RELABELTO)

Definition at line 203 of file sepgsql.h.

◆ SEPG_DB_LANGUAGE__SETATTR

#define SEPG_DB_LANGUAGE__SETATTR   (SEPG_DB_DATABASE__SETATTR)

Definition at line 201 of file sepgsql.h.

◆ SEPG_DB_PROCEDURE__CREATE

#define SEPG_DB_PROCEDURE__CREATE   (SEPG_DB_DATABASE__CREATE)

Definition at line 160 of file sepgsql.h.

Referenced by sepgsql_proc_post_create().

◆ SEPG_DB_PROCEDURE__DROP

#define SEPG_DB_PROCEDURE__DROP   (SEPG_DB_DATABASE__DROP)

Definition at line 161 of file sepgsql.h.

Referenced by sepgsql_proc_drop().

◆ SEPG_DB_PROCEDURE__ENTRYPOINT

#define SEPG_DB_PROCEDURE__ENTRYPOINT   (1<<7)

Definition at line 167 of file sepgsql.h.

Referenced by sepgsql_fmgr_hook(), and sepgsql_needs_fmgr_hook().

◆ SEPG_DB_PROCEDURE__EXECUTE

#define SEPG_DB_PROCEDURE__EXECUTE   (1<<6)

Definition at line 166 of file sepgsql.h.

Referenced by sepgsql_needs_fmgr_hook(), and sepgsql_proc_execute().

◆ SEPG_DB_PROCEDURE__GETATTR

#define SEPG_DB_PROCEDURE__GETATTR   (SEPG_DB_DATABASE__GETATTR)

Definition at line 162 of file sepgsql.h.

◆ SEPG_DB_PROCEDURE__INSTALL

#define SEPG_DB_PROCEDURE__INSTALL   (1<<8)

Definition at line 168 of file sepgsql.h.

Referenced by sepgsql_proc_post_create(), and sepgsql_proc_setattr().

◆ SEPG_DB_PROCEDURE__RELABELFROM

#define SEPG_DB_PROCEDURE__RELABELFROM   (SEPG_DB_DATABASE__RELABELFROM)

Definition at line 164 of file sepgsql.h.

Referenced by sepgsql_proc_relabel().

◆ SEPG_DB_PROCEDURE__RELABELTO

#define SEPG_DB_PROCEDURE__RELABELTO   (SEPG_DB_DATABASE__RELABELTO)

Definition at line 165 of file sepgsql.h.

Referenced by sepgsql_attribute_relabel(), and sepgsql_proc_relabel().

◆ SEPG_DB_PROCEDURE__SETATTR

#define SEPG_DB_PROCEDURE__SETATTR   (SEPG_DB_DATABASE__SETATTR)

Definition at line 163 of file sepgsql.h.

Referenced by sepgsql_proc_relabel(), and sepgsql_proc_setattr().

◆ SEPG_DB_SCHEMA__ADD_NAME

#define SEPG_DB_SCHEMA__ADD_NAME   (1<<7)

◆ SEPG_DB_SCHEMA__CREATE

#define SEPG_DB_SCHEMA__CREATE   (SEPG_DB_DATABASE__CREATE)

Definition at line 127 of file sepgsql.h.

Referenced by sepgsql_schema_post_create().

◆ SEPG_DB_SCHEMA__DROP

#define SEPG_DB_SCHEMA__DROP   (SEPG_DB_DATABASE__DROP)

Definition at line 128 of file sepgsql.h.

Referenced by sepgsql_schema_drop().

◆ SEPG_DB_SCHEMA__GETATTR

#define SEPG_DB_SCHEMA__GETATTR   (SEPG_DB_DATABASE__GETATTR)

Definition at line 129 of file sepgsql.h.

◆ SEPG_DB_SCHEMA__RELABELFROM

#define SEPG_DB_SCHEMA__RELABELFROM   (SEPG_DB_DATABASE__RELABELFROM)

Definition at line 131 of file sepgsql.h.

Referenced by sepgsql_schema_relabel().

◆ SEPG_DB_SCHEMA__RELABELTO

#define SEPG_DB_SCHEMA__RELABELTO   (SEPG_DB_DATABASE__RELABELTO)

Definition at line 132 of file sepgsql.h.

Referenced by sepgsql_schema_relabel().

◆ SEPG_DB_SCHEMA__REMOVE_NAME

#define SEPG_DB_SCHEMA__REMOVE_NAME   (1<<8)

◆ SEPG_DB_SCHEMA__SEARCH

#define SEPG_DB_SCHEMA__SEARCH   (1<<6)

Definition at line 133 of file sepgsql.h.

Referenced by sepgsql_schema_search().

◆ SEPG_DB_SCHEMA__SETATTR

#define SEPG_DB_SCHEMA__SETATTR   (SEPG_DB_DATABASE__SETATTR)

Definition at line 130 of file sepgsql.h.

Referenced by sepgsql_schema_relabel(), and sepgsql_schema_setattr().

◆ SEPG_DB_SEQUENCE__CREATE

#define SEPG_DB_SEQUENCE__CREATE   (SEPG_DB_DATABASE__CREATE)

Definition at line 150 of file sepgsql.h.

◆ SEPG_DB_SEQUENCE__DROP

#define SEPG_DB_SEQUENCE__DROP   (SEPG_DB_DATABASE__DROP)

Definition at line 151 of file sepgsql.h.

◆ SEPG_DB_SEQUENCE__GET_VALUE

#define SEPG_DB_SEQUENCE__GET_VALUE   (1<<6)

Definition at line 156 of file sepgsql.h.

Referenced by check_relation_privileges().

◆ SEPG_DB_SEQUENCE__GETATTR

#define SEPG_DB_SEQUENCE__GETATTR   (SEPG_DB_DATABASE__GETATTR)

Definition at line 152 of file sepgsql.h.

◆ SEPG_DB_SEQUENCE__NEXT_VALUE

#define SEPG_DB_SEQUENCE__NEXT_VALUE   (1<<7)

Definition at line 157 of file sepgsql.h.

◆ SEPG_DB_SEQUENCE__RELABELFROM

#define SEPG_DB_SEQUENCE__RELABELFROM   (SEPG_DB_DATABASE__RELABELFROM)

Definition at line 154 of file sepgsql.h.

◆ SEPG_DB_SEQUENCE__RELABELTO

#define SEPG_DB_SEQUENCE__RELABELTO   (SEPG_DB_DATABASE__RELABELTO)

Definition at line 155 of file sepgsql.h.

◆ SEPG_DB_SEQUENCE__SET_VALUE

#define SEPG_DB_SEQUENCE__SET_VALUE   (1<<8)

Definition at line 158 of file sepgsql.h.

◆ SEPG_DB_SEQUENCE__SETATTR

#define SEPG_DB_SEQUENCE__SETATTR   (SEPG_DB_DATABASE__SETATTR)

Definition at line 153 of file sepgsql.h.

◆ SEPG_DB_TABLE__CREATE

#define SEPG_DB_TABLE__CREATE   (SEPG_DB_DATABASE__CREATE)

Definition at line 137 of file sepgsql.h.

◆ SEPG_DB_TABLE__DELETE

#define SEPG_DB_TABLE__DELETE   (1<<9)

Definition at line 146 of file sepgsql.h.

Referenced by check_relation_privileges(), and sepgsql_dml_privileges().

◆ SEPG_DB_TABLE__DROP

#define SEPG_DB_TABLE__DROP   (SEPG_DB_DATABASE__DROP)

Definition at line 138 of file sepgsql.h.

Referenced by sepgsql_relation_drop().

◆ SEPG_DB_TABLE__GETATTR

#define SEPG_DB_TABLE__GETATTR   (SEPG_DB_DATABASE__GETATTR)

Definition at line 139 of file sepgsql.h.

◆ SEPG_DB_TABLE__INSERT

#define SEPG_DB_TABLE__INSERT   (1<<8)

Definition at line 145 of file sepgsql.h.

Referenced by check_relation_privileges(), and sepgsql_dml_privileges().

◆ SEPG_DB_TABLE__LOCK

#define SEPG_DB_TABLE__LOCK   (1<<10)

Definition at line 147 of file sepgsql.h.

Referenced by sepgsql_dml_privileges().

◆ SEPG_DB_TABLE__RELABELFROM

#define SEPG_DB_TABLE__RELABELFROM   (SEPG_DB_DATABASE__RELABELFROM)

Definition at line 141 of file sepgsql.h.

Referenced by sepgsql_relation_relabel().

◆ SEPG_DB_TABLE__RELABELTO

#define SEPG_DB_TABLE__RELABELTO   (SEPG_DB_DATABASE__RELABELTO)

Definition at line 142 of file sepgsql.h.

Referenced by sepgsql_relation_relabel().

◆ SEPG_DB_TABLE__SELECT

#define SEPG_DB_TABLE__SELECT   (1<<6)

Definition at line 143 of file sepgsql.h.

Referenced by check_relation_privileges(), and sepgsql_dml_privileges().

◆ SEPG_DB_TABLE__SETATTR

#define SEPG_DB_TABLE__SETATTR   (SEPG_DB_DATABASE__SETATTR)

Definition at line 140 of file sepgsql.h.

Referenced by sepgsql_relation_relabel(), and sepgsql_relation_setattr().

◆ SEPG_DB_TABLE__TRUNCATE

#define SEPG_DB_TABLE__TRUNCATE   (1<<11)

Definition at line 148 of file sepgsql.h.

Referenced by sepgsql_relation_truncate().

◆ SEPG_DB_TABLE__UPDATE

#define SEPG_DB_TABLE__UPDATE   (1<<7)

Definition at line 144 of file sepgsql.h.

Referenced by check_relation_privileges(), and sepgsql_dml_privileges().

◆ SEPG_DB_TUPLE__DELETE

#define SEPG_DB_TUPLE__DELETE   (SEPG_DB_DATABASE__DROP)

Definition at line 185 of file sepgsql.h.

◆ SEPG_DB_TUPLE__INSERT

#define SEPG_DB_TUPLE__INSERT   (SEPG_DB_DATABASE__CREATE)

Definition at line 184 of file sepgsql.h.

◆ SEPG_DB_TUPLE__RELABELFROM

#define SEPG_DB_TUPLE__RELABELFROM   (SEPG_DB_DATABASE__RELABELFROM)

Definition at line 180 of file sepgsql.h.

◆ SEPG_DB_TUPLE__RELABELTO

#define SEPG_DB_TUPLE__RELABELTO   (SEPG_DB_DATABASE__RELABELTO)

Definition at line 181 of file sepgsql.h.

◆ SEPG_DB_TUPLE__SELECT

#define SEPG_DB_TUPLE__SELECT   (SEPG_DB_DATABASE__GETATTR)

Definition at line 182 of file sepgsql.h.

◆ SEPG_DB_TUPLE__UPDATE

#define SEPG_DB_TUPLE__UPDATE   (SEPG_DB_DATABASE__SETATTR)

Definition at line 183 of file sepgsql.h.

◆ SEPG_DB_VIEW__CREATE

#define SEPG_DB_VIEW__CREATE   (SEPG_DB_DATABASE__CREATE)

Definition at line 207 of file sepgsql.h.

◆ SEPG_DB_VIEW__DROP

#define SEPG_DB_VIEW__DROP   (SEPG_DB_DATABASE__DROP)

Definition at line 208 of file sepgsql.h.

◆ SEPG_DB_VIEW__EXPAND

#define SEPG_DB_VIEW__EXPAND   (1<<6)

Definition at line 213 of file sepgsql.h.

Referenced by check_relation_privileges().

◆ SEPG_DB_VIEW__GETATTR

#define SEPG_DB_VIEW__GETATTR   (SEPG_DB_DATABASE__GETATTR)

Definition at line 209 of file sepgsql.h.

◆ SEPG_DB_VIEW__RELABELFROM

#define SEPG_DB_VIEW__RELABELFROM   (SEPG_DB_DATABASE__RELABELFROM)

Definition at line 211 of file sepgsql.h.

◆ SEPG_DB_VIEW__RELABELTO

#define SEPG_DB_VIEW__RELABELTO   (SEPG_DB_DATABASE__RELABELTO)

Definition at line 212 of file sepgsql.h.

◆ SEPG_DB_VIEW__SETATTR

#define SEPG_DB_VIEW__SETATTR   (SEPG_DB_DATABASE__SETATTR)

Definition at line 210 of file sepgsql.h.

◆ SEPG_DIR__ADD_NAME

#define SEPG_DIR__ADD_NAME   (1<<7)

Definition at line 78 of file sepgsql.h.

◆ SEPG_DIR__CREATE

#define SEPG_DIR__CREATE   (SEPG_FILE__CREATE)

Definition at line 73 of file sepgsql.h.

◆ SEPG_DIR__GETATTR

#define SEPG_DIR__GETATTR   (SEPG_FILE__GETATTR)

Definition at line 74 of file sepgsql.h.

◆ SEPG_DIR__READ

#define SEPG_DIR__READ   (SEPG_FILE__READ)

Definition at line 71 of file sepgsql.h.

◆ SEPG_DIR__REMOVE_NAME

#define SEPG_DIR__REMOVE_NAME   (1<<8)

Definition at line 79 of file sepgsql.h.

◆ SEPG_DIR__RENAME

#define SEPG_DIR__RENAME   (SEPG_FILE__RENAME)

Definition at line 76 of file sepgsql.h.

◆ SEPG_DIR__REPARENT

#define SEPG_DIR__REPARENT   (1<<10)

Definition at line 81 of file sepgsql.h.

◆ SEPG_DIR__RMDIR

#define SEPG_DIR__RMDIR   (1<<9)

Definition at line 80 of file sepgsql.h.

◆ SEPG_DIR__SEARCH

#define SEPG_DIR__SEARCH   (1<<6)

Definition at line 77 of file sepgsql.h.

◆ SEPG_DIR__UNLINK

#define SEPG_DIR__UNLINK   (SEPG_FILE__UNLINK)

Definition at line 75 of file sepgsql.h.

◆ SEPG_DIR__WRITE

#define SEPG_DIR__WRITE   (SEPG_FILE__WRITE)

Definition at line 72 of file sepgsql.h.

◆ SEPG_FIFO_FILE__CREATE

#define SEPG_FIFO_FILE__CREATE   (SEPG_FILE__CREATE)

Definition at line 113 of file sepgsql.h.

◆ SEPG_FIFO_FILE__GETATTR

#define SEPG_FIFO_FILE__GETATTR   (SEPG_FILE__GETATTR)

Definition at line 114 of file sepgsql.h.

◆ SEPG_FIFO_FILE__READ

#define SEPG_FIFO_FILE__READ   (SEPG_FILE__READ)

Definition at line 111 of file sepgsql.h.

◆ SEPG_FIFO_FILE__RENAME

#define SEPG_FIFO_FILE__RENAME   (SEPG_FILE__RENAME)

Definition at line 116 of file sepgsql.h.

◆ SEPG_FIFO_FILE__UNLINK

#define SEPG_FIFO_FILE__UNLINK   (SEPG_FILE__UNLINK)

Definition at line 115 of file sepgsql.h.

◆ SEPG_FIFO_FILE__WRITE

#define SEPG_FIFO_FILE__WRITE   (SEPG_FILE__WRITE)

Definition at line 112 of file sepgsql.h.

◆ SEPG_FILE__APPEND

#define SEPG_FILE__APPEND   (1<<6)

Definition at line 69 of file sepgsql.h.

◆ SEPG_FILE__CREATE

#define SEPG_FILE__CREATE   (1<<2)

Definition at line 65 of file sepgsql.h.

◆ SEPG_FILE__GETATTR

#define SEPG_FILE__GETATTR   (1<<3)

Definition at line 66 of file sepgsql.h.

◆ SEPG_FILE__READ

#define SEPG_FILE__READ   (1<<0)

Definition at line 63 of file sepgsql.h.

◆ SEPG_FILE__RENAME

#define SEPG_FILE__RENAME   (1<<5)

Definition at line 68 of file sepgsql.h.

◆ SEPG_FILE__UNLINK

#define SEPG_FILE__UNLINK   (1<<4)

Definition at line 67 of file sepgsql.h.

◆ SEPG_FILE__WRITE

#define SEPG_FILE__WRITE   (1<<1)

Definition at line 64 of file sepgsql.h.

◆ SEPG_LNK_FILE__CREATE

#define SEPG_LNK_FILE__CREATE   (SEPG_FILE__CREATE)

Definition at line 85 of file sepgsql.h.

◆ SEPG_LNK_FILE__GETATTR

#define SEPG_LNK_FILE__GETATTR   (SEPG_FILE__GETATTR)

Definition at line 86 of file sepgsql.h.

◆ SEPG_LNK_FILE__READ

#define SEPG_LNK_FILE__READ   (SEPG_FILE__READ)

Definition at line 83 of file sepgsql.h.

◆ SEPG_LNK_FILE__RENAME

#define SEPG_LNK_FILE__RENAME   (SEPG_FILE__RENAME)

Definition at line 88 of file sepgsql.h.

◆ SEPG_LNK_FILE__UNLINK

#define SEPG_LNK_FILE__UNLINK   (SEPG_FILE__UNLINK)

Definition at line 87 of file sepgsql.h.

◆ SEPG_LNK_FILE__WRITE

#define SEPG_LNK_FILE__WRITE   (SEPG_FILE__WRITE)

Definition at line 84 of file sepgsql.h.

◆ SEPG_PROCESS__DYNTRANSITION

#define SEPG_PROCESS__DYNTRANSITION   (1<<1)

Definition at line 60 of file sepgsql.h.

Referenced by sepgsql_set_client_label().

◆ SEPG_PROCESS__SETCURRENT

#define SEPG_PROCESS__SETCURRENT   (1<<2)

Definition at line 61 of file sepgsql.h.

Referenced by sepgsql_set_client_label().

◆ SEPG_PROCESS__TRANSITION

#define SEPG_PROCESS__TRANSITION   (1<<0)

Definition at line 59 of file sepgsql.h.

Referenced by sepgsql_fmgr_hook().

◆ SEPG_SOCK_FILE__CREATE

#define SEPG_SOCK_FILE__CREATE   (SEPG_FILE__CREATE)

Definition at line 106 of file sepgsql.h.

◆ SEPG_SOCK_FILE__GETATTR

#define SEPG_SOCK_FILE__GETATTR   (SEPG_FILE__GETATTR)

Definition at line 107 of file sepgsql.h.

◆ SEPG_SOCK_FILE__READ

#define SEPG_SOCK_FILE__READ   (SEPG_FILE__READ)

Definition at line 104 of file sepgsql.h.

◆ SEPG_SOCK_FILE__RENAME

#define SEPG_SOCK_FILE__RENAME   (SEPG_FILE__RENAME)

Definition at line 109 of file sepgsql.h.

◆ SEPG_SOCK_FILE__UNLINK

#define SEPG_SOCK_FILE__UNLINK   (SEPG_FILE__UNLINK)

Definition at line 108 of file sepgsql.h.

◆ SEPG_SOCK_FILE__WRITE

#define SEPG_SOCK_FILE__WRITE   (SEPG_FILE__WRITE)

Definition at line 105 of file sepgsql.h.

◆ SEPGSQL_AVC_NOAUDIT

#define SEPGSQL_AVC_NOAUDIT   ((void *)(-1))

Definition at line 256 of file sepgsql.h.

Referenced by sepgsql_avc_check_perms_label(), and sepgsql_needs_fmgr_hook().

◆ SEPGSQL_LABEL_TAG

◆ SEPGSQL_MODE_DEFAULT

#define SEPGSQL_MODE_DEFAULT   1

Definition at line 28 of file sepgsql.h.

Referenced by sepgsql_client_auth(), and sepgsql_getenforce().

◆ SEPGSQL_MODE_DISABLED

#define SEPGSQL_MODE_DISABLED   4

Definition at line 31 of file sepgsql.h.

Referenced by _PG_init(), and sepgsql_is_enabled().

◆ SEPGSQL_MODE_INTERNAL

#define SEPGSQL_MODE_INTERNAL   3

Definition at line 30 of file sepgsql.h.

Referenced by sepgsql_avc_check_perms_label(), and sepgsql_check_perms().

◆ SEPGSQL_MODE_PERMISSIVE

#define SEPGSQL_MODE_PERMISSIVE   2

Definition at line 29 of file sepgsql.h.

Referenced by sepgsql_client_auth().

Function Documentation

◆ sepgsql_attribute_drop()

void sepgsql_attribute_drop ( Oid  relOid,
AttrNumber  attnum 
)

Definition at line 134 of file relation.c.

References attnum, get_rel_relkind(), getObjectIdentity(), pfree(), SEPG_CLASS_DB_COLUMN, SEPG_DB_COLUMN__DROP, and sepgsql_avc_check_perms().

Referenced by sepgsql_object_access().

135 {
136  ObjectAddress object;
137  char *audit_name;
138  char relkind = get_rel_relkind(relOid);
139 
140  if (relkind != RELKIND_RELATION && relkind != RELKIND_PARTITIONED_TABLE)
141  return;
142 
143  /*
144  * check db_column:{drop} permission
145  */
146  object.classId = RelationRelationId;
147  object.objectId = relOid;
148  object.objectSubId = attnum;
149  audit_name = getObjectIdentity(&object, false);
150 
151  sepgsql_avc_check_perms(&object,
154  audit_name,
155  true);
156  pfree(audit_name);
157 }
#define SEPG_CLASS_DB_COLUMN
Definition: sepgsql.h:49
char get_rel_relkind(Oid relid)
Definition: lsyscache.c:1915
bool sepgsql_avc_check_perms(const ObjectAddress *tobject, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:419
void pfree(void *pointer)
Definition: mcxt.c:1057
char * getObjectIdentity(const ObjectAddress *object, bool missing_ok)
#define SEPG_DB_COLUMN__DROP
Definition: sepgsql.h:171
int16 attnum
Definition: pg_attribute.h:79

◆ sepgsql_attribute_post_create()

void sepgsql_attribute_post_create ( Oid  relOid,
AttrNumber  attnum 
)

Definition at line 44 of file relation.c.

References AccessShareLock, appendStringInfo(), attnum, AttributeRelidNumIndexId, BTEqualStrategyNumber, StringInfoData::data, elog, ERROR, get_rel_relkind(), getObjectIdentity(), GETSTRUCT, HeapTupleIsValid, initStringInfo(), Int16GetDatum, NameStr, ObjectIdGetDatum, pfree(), quote_identifier(), ScanKeyInit(), SEPG_CLASS_DB_COLUMN, SEPG_DB_COLUMN__CREATE, sepgsql_avc_check_perms_label(), sepgsql_compute_create(), sepgsql_get_client_label(), sepgsql_get_label(), SEPGSQL_LABEL_TAG, SetSecurityLabel(), SnapshotSelf, systable_beginscan(), systable_endscan(), systable_getnext(), table_close(), and table_open().

Referenced by sepgsql_object_access().

45 {
46  Relation rel;
47  ScanKeyData skey[2];
48  SysScanDesc sscan;
49  HeapTuple tuple;
50  char *scontext;
51  char *tcontext;
52  char *ncontext;
53  ObjectAddress object;
54  Form_pg_attribute attForm;
55  StringInfoData audit_name;
56  char relkind = get_rel_relkind(relOid);
57 
58  /*
59  * Only attributes within regular relations or partition relations have
60  * individual security labels.
61  */
62  if (relkind != RELKIND_RELATION && relkind != RELKIND_PARTITIONED_TABLE)
63  return;
64 
65  /*
66  * Compute a default security label of the new column underlying the
67  * specified relation, and check permission to create it.
68  */
69  rel = table_open(AttributeRelationId, AccessShareLock);
70 
71  ScanKeyInit(&skey[0],
72  Anum_pg_attribute_attrelid,
73  BTEqualStrategyNumber, F_OIDEQ,
74  ObjectIdGetDatum(relOid));
75  ScanKeyInit(&skey[1],
76  Anum_pg_attribute_attnum,
77  BTEqualStrategyNumber, F_INT2EQ,
79 
81  SnapshotSelf, 2, &skey[0]);
82 
83  tuple = systable_getnext(sscan);
84  if (!HeapTupleIsValid(tuple))
85  elog(ERROR, "could not find tuple for column %d of relation %u",
86  attnum, relOid);
87 
88  attForm = (Form_pg_attribute) GETSTRUCT(tuple);
89 
90  scontext = sepgsql_get_client_label();
91  tcontext = sepgsql_get_label(RelationRelationId, relOid, 0);
92  ncontext = sepgsql_compute_create(scontext, tcontext,
94  NameStr(attForm->attname));
95 
96  /*
97  * check db_column:{create} permission
98  */
99  object.classId = RelationRelationId;
100  object.objectId = relOid;
101  object.objectSubId = 0;
102 
103  initStringInfo(&audit_name);
104  appendStringInfo(&audit_name, "%s.%s",
105  getObjectIdentity(&object, false),
106  quote_identifier(NameStr(attForm->attname)));
110  audit_name.data,
111  true);
112 
113  /*
114  * Assign the default security label on a new procedure
115  */
116  object.classId = RelationRelationId;
117  object.objectId = relOid;
118  object.objectSubId = attnum;
119  SetSecurityLabel(&object, SEPGSQL_LABEL_TAG, ncontext);
120 
121  systable_endscan(sscan);
123 
124  pfree(tcontext);
125  pfree(ncontext);
126 }
#define AttributeRelidNumIndexId
Definition: indexing.h:107
bool sepgsql_avc_check_perms_label(const char *tcontext, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:337
void table_close(Relation relation, LOCKMODE lockmode)
Definition: table.c:167
void systable_endscan(SysScanDesc sysscan)
Definition: genam.c:569
#define GETSTRUCT(TUP)
Definition: htup_details.h:655
#define SEPG_CLASS_DB_COLUMN
Definition: sepgsql.h:49
void SetSecurityLabel(const ObjectAddress *object, const char *provider, const char *label)
Definition: seclabel.c:401
const char * quote_identifier(const char *ident)
Definition: ruleutils.c:10706
char get_rel_relkind(Oid relid)
Definition: lsyscache.c:1915
char * sepgsql_get_label(Oid classId, Oid objectId, int32 subId)
Definition: label.c:446
#define Int16GetDatum(X)
Definition: postgres.h:451
#define AccessShareLock
Definition: lockdefs.h:36
SysScanDesc systable_beginscan(Relation heapRelation, Oid indexId, bool indexOK, Snapshot snapshot, int nkeys, ScanKey key)
Definition: genam.c:357
HeapTuple systable_getnext(SysScanDesc sysscan)
Definition: genam.c:476
void pfree(void *pointer)
Definition: mcxt.c:1057
void appendStringInfo(StringInfo str, const char *fmt,...)
Definition: stringinfo.c:91
#define ObjectIdGetDatum(X)
Definition: postgres.h:507
#define ERROR
Definition: elog.h:43
char * getObjectIdentity(const ObjectAddress *object, bool missing_ok)
#define SnapshotSelf
Definition: snapmgr.h:67
#define SEPGSQL_LABEL_TAG
Definition: sepgsql.h:23
FormData_pg_attribute * Form_pg_attribute
Definition: pg_attribute.h:193
void initStringInfo(StringInfo str)
Definition: stringinfo.c:59
int16 attnum
Definition: pg_attribute.h:79
#define SEPG_DB_COLUMN__CREATE
Definition: sepgsql.h:170
#define HeapTupleIsValid(tuple)
Definition: htup.h:78
char * sepgsql_get_client_label(void)
Definition: label.c:81
char * sepgsql_compute_create(const char *scontext, const char *tcontext, uint16 tclass, const char *objname)
Definition: selinux.c:836
#define elog(elevel,...)
Definition: elog.h:214
#define NameStr(name)
Definition: c.h:622
void ScanKeyInit(ScanKey entry, AttrNumber attributeNumber, StrategyNumber strategy, RegProcedure procedure, Datum argument)
Definition: scankey.c:76
Relation table_open(Oid relationId, LOCKMODE lockmode)
Definition: table.c:39
#define BTEqualStrategyNumber
Definition: stratnum.h:31

◆ sepgsql_attribute_relabel()

void sepgsql_attribute_relabel ( Oid  relOid,
AttrNumber  attnum,
const char *  seclabel 
)

Definition at line 166 of file relation.c.

References attnum, ereport, errcode(), errmsg(), ERROR, get_rel_relkind(), getObjectIdentity(), pfree(), SEPG_CLASS_DB_COLUMN, SEPG_DB_COLUMN__RELABELFROM, SEPG_DB_COLUMN__SETATTR, SEPG_DB_PROCEDURE__RELABELTO, sepgsql_avc_check_perms(), and sepgsql_avc_check_perms_label().

Referenced by sepgsql_object_relabel().

168 {
169  ObjectAddress object;
170  char *audit_name;
171  char relkind = get_rel_relkind(relOid);
172 
173  if (relkind != RELKIND_RELATION && relkind != RELKIND_PARTITIONED_TABLE)
174  ereport(ERROR,
175  (errcode(ERRCODE_WRONG_OBJECT_TYPE),
176  errmsg("cannot set security label on non-regular columns")));
177 
178  object.classId = RelationRelationId;
179  object.objectId = relOid;
180  object.objectSubId = attnum;
181  audit_name = getObjectIdentity(&object, false);
182 
183  /*
184  * check db_column:{setattr relabelfrom} permission
185  */
186  sepgsql_avc_check_perms(&object,
190  audit_name,
191  true);
192 
193  /*
194  * check db_column:{relabelto} permission
195  */
199  audit_name,
200  true);
201  pfree(audit_name);
202 }
bool sepgsql_avc_check_perms_label(const char *tcontext, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:337
#define SEPG_CLASS_DB_COLUMN
Definition: sepgsql.h:49
#define SEPG_DB_COLUMN__SETATTR
Definition: sepgsql.h:173
char get_rel_relkind(Oid relid)
Definition: lsyscache.c:1915
bool sepgsql_avc_check_perms(const ObjectAddress *tobject, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:419
int errcode(int sqlerrcode)
Definition: elog.c:610
#define SEPG_DB_COLUMN__RELABELFROM
Definition: sepgsql.h:174
void pfree(void *pointer)
Definition: mcxt.c:1057
#define ERROR
Definition: elog.h:43
char * getObjectIdentity(const ObjectAddress *object, bool missing_ok)
#define SEPG_DB_PROCEDURE__RELABELTO
Definition: sepgsql.h:165
int16 attnum
Definition: pg_attribute.h:79
#define ereport(elevel,...)
Definition: elog.h:144
int errmsg(const char *fmt,...)
Definition: elog.c:824

◆ sepgsql_attribute_setattr()

void sepgsql_attribute_setattr ( Oid  relOid,
AttrNumber  attnum 
)

Definition at line 210 of file relation.c.

References attnum, get_rel_relkind(), getObjectIdentity(), pfree(), SEPG_CLASS_DB_COLUMN, SEPG_DB_COLUMN__SETATTR, and sepgsql_avc_check_perms().

Referenced by sepgsql_object_access().

211 {
212  ObjectAddress object;
213  char *audit_name;
214  char relkind = get_rel_relkind(relOid);
215 
216  if (relkind != RELKIND_RELATION && relkind != RELKIND_PARTITIONED_TABLE)
217  return;
218 
219  /*
220  * check db_column:{setattr} permission
221  */
222  object.classId = RelationRelationId;
223  object.objectId = relOid;
224  object.objectSubId = attnum;
225  audit_name = getObjectIdentity(&object, false);
226 
227  sepgsql_avc_check_perms(&object,
230  audit_name,
231  true);
232  pfree(audit_name);
233 }
#define SEPG_CLASS_DB_COLUMN
Definition: sepgsql.h:49
#define SEPG_DB_COLUMN__SETATTR
Definition: sepgsql.h:173
char get_rel_relkind(Oid relid)
Definition: lsyscache.c:1915
bool sepgsql_avc_check_perms(const ObjectAddress *tobject, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:419
void pfree(void *pointer)
Definition: mcxt.c:1057
char * getObjectIdentity(const ObjectAddress *object, bool missing_ok)
int16 attnum
Definition: pg_attribute.h:79

◆ sepgsql_audit_log()

void sepgsql_audit_log ( bool  denied,
const char *  scontext,
const char *  tcontext,
uint16  tclass,
uint32  audited,
const char *  audit_name 
)

Definition at line 678 of file selinux.c.

References appendStringInfo(), appendStringInfoString(), Assert, av_name, buf, class_name, StringInfoData::data, ereport, errmsg(), i, initStringInfo(), LOG, selinux_catalog, and SEPG_CLASS_MAX.

Referenced by sepgsql_avc_check_perms_label(), and sepgsql_check_perms().

684 {
686  const char *class_name;
687  const char *av_name;
688  int i;
689 
690  /* lookup name of the object class */
691  Assert(tclass < SEPG_CLASS_MAX);
692  class_name = selinux_catalog[tclass].class_name;
693 
694  /* lookup name of the permissions */
695  initStringInfo(&buf);
696  appendStringInfo(&buf, "%s {",
697  (denied ? "denied" : "allowed"));
698  for (i = 0; selinux_catalog[tclass].av[i].av_name; i++)
699  {
700  if (audited & (1UL << i))
701  {
702  av_name = selinux_catalog[tclass].av[i].av_name;
703  appendStringInfo(&buf, " %s", av_name);
704  }
705  }
706  appendStringInfoString(&buf, " }");
707 
708  /*
709  * Call external audit module, if loaded
710  */
711  appendStringInfo(&buf, " scontext=%s tcontext=%s tclass=%s",
712  scontext, tcontext, class_name);
713  if (audit_name)
714  appendStringInfo(&buf, " name=\"%s\"", audit_name);
715 
716  ereport(LOG, (errmsg("SELinux: %s", buf.data)));
717 }
static struct @17 selinux_catalog[]
#define SEPG_CLASS_MAX
Definition: sepgsql.h:54
const char * av_name
Definition: selinux.c:36
#define LOG
Definition: elog.h:26
void appendStringInfo(StringInfo str, const char *fmt,...)
Definition: stringinfo.c:91
void appendStringInfoString(StringInfo str, const char *s)
Definition: stringinfo.c:176
static char * buf
Definition: pg_test_fsync.c:67
void initStringInfo(StringInfo str)
Definition: stringinfo.c:59
#define ereport(elevel,...)
Definition: elog.h:144
#define Assert(condition)
Definition: c.h:745
const char * class_name
Definition: selinux.c:32
int errmsg(const char *fmt,...)
Definition: elog.c:824
int i

◆ sepgsql_avc_check_perms()

bool sepgsql_avc_check_perms ( const ObjectAddress tobject,
uint16  tclass,
uint32  required,
const char *  audit_name,
bool  abort_on_violation 
)

Definition at line 419 of file uavc.c.

References GetSecurityLabel(), pfree(), sepgsql_avc_check_perms_label(), and SEPGSQL_LABEL_TAG.

Referenced by check_relation_privileges(), check_schema_perms(), sepgsql_attribute_drop(), sepgsql_attribute_relabel(), sepgsql_attribute_setattr(), sepgsql_database_drop(), sepgsql_database_relabel(), sepgsql_database_setattr(), sepgsql_fmgr_hook(), sepgsql_needs_fmgr_hook(), sepgsql_proc_drop(), sepgsql_proc_execute(), sepgsql_proc_post_create(), sepgsql_proc_relabel(), sepgsql_proc_setattr(), sepgsql_relation_drop(), sepgsql_relation_post_create(), sepgsql_relation_relabel(), sepgsql_relation_setattr(), sepgsql_relation_truncate(), sepgsql_schema_drop(), and sepgsql_schema_relabel().

423 {
424  char *tcontext = GetSecurityLabel(tobject, SEPGSQL_LABEL_TAG);
425  bool rc;
426 
427  rc = sepgsql_avc_check_perms_label(tcontext,
428  tclass, required,
429  audit_name, abort_on_violation);
430  if (tcontext)
431  pfree(tcontext);
432 
433  return rc;
434 }
void pfree(void *pointer)
Definition: mcxt.c:1057
char * GetSecurityLabel(const ObjectAddress *object, const char *provider)
Definition: seclabel.c:269
#define SEPGSQL_LABEL_TAG
Definition: sepgsql.h:23
bool sepgsql_avc_check_perms_label(const char *tcontext, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:337

◆ sepgsql_avc_check_perms_label()

bool sepgsql_avc_check_perms_label ( const char *  tcontext,
uint16  tclass,
uint32  required,
const char *  audit_name,
bool  abort_on_violation 
)

Definition at line 337 of file uavc.c.

References avc_cache::allowed, avc_cache::auditallow, avc_cache::auditdeny, ereport, errcode(), errmsg(), ERROR, avc_cache::permissive, generate_unaccent_rules::required, avc_cache::scontext, sepgsql_audit_log(), sepgsql_avc_check_valid(), sepgsql_avc_lookup(), SEPGSQL_AVC_NOAUDIT, sepgsql_avc_unlabeled(), sepgsql_get_client_label(), sepgsql_get_debug_audit(), sepgsql_get_mode(), sepgsql_getenforce(), SEPGSQL_MODE_INTERNAL, avc_cache::tclass, avc_cache::tcontext, and avc_cache::tcontext_is_valid.

Referenced by sepgsql_attribute_post_create(), sepgsql_attribute_relabel(), sepgsql_avc_check_perms(), sepgsql_database_post_create(), sepgsql_database_relabel(), sepgsql_fmgr_hook(), sepgsql_proc_post_create(), sepgsql_proc_relabel(), sepgsql_relation_post_create(), sepgsql_relation_relabel(), sepgsql_schema_post_create(), sepgsql_schema_relabel(), and sepgsql_set_client_label().

341 {
342  char *scontext = sepgsql_get_client_label();
343  avc_cache *cache;
344  uint32 denied;
345  uint32 audited;
346  bool result;
347 
349  do
350  {
351  result = true;
352 
353  /*
354  * If the target object is unlabeled, we perform the check using the
355  * label supplied by sepgsql_avc_unlabeled().
356  */
357  if (tcontext)
358  cache = sepgsql_avc_lookup(scontext, tcontext, tclass);
359  else
360  cache = sepgsql_avc_lookup(scontext,
361  sepgsql_avc_unlabeled(), tclass);
362 
363  denied = required & ~cache->allowed;
364 
365  /*
366  * Compute permissions to be audited
367  */
369  audited = (denied ? (denied & ~0) : (required & ~0));
370  else
371  audited = denied ? (denied & cache->auditdeny)
372  : (required & cache->auditallow);
373 
374  if (denied)
375  {
376  /*
377  * In permissive mode or permissive domain, violated permissions
378  * shall be audited to the log files at once, and then implicitly
379  * allowed to avoid a flood of access denied logs, because the
380  * purpose of permissive mode/domain is to collect a violation log
381  * that will make it possible to fix up the security policy.
382  */
383  if (!sepgsql_getenforce() || cache->permissive)
384  cache->allowed |= required;
385  else
386  result = false;
387  }
388  } while (!sepgsql_avc_check_valid());
389 
390  /*
391  * In the case when we have something auditable actions here,
392  * sepgsql_audit_log shall be called with text representation of security
393  * labels for both of subject and object. It records this access
394  * violation, so DBA will be able to find out unexpected security problems
395  * later.
396  */
397  if (audited != 0 &&
398  audit_name != SEPGSQL_AVC_NOAUDIT &&
400  {
401  sepgsql_audit_log(denied != 0,
402  cache->scontext,
403  cache->tcontext_is_valid ?
404  cache->tcontext : sepgsql_avc_unlabeled(),
405  cache->tclass,
406  audited,
407  audit_name);
408  }
409 
410  if (abort_on_violation && !result)
411  ereport(ERROR,
412  (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
413  errmsg("SELinux: security policy violation")));
414 
415  return result;
416 }
#define SEPGSQL_MODE_INTERNAL
Definition: sepgsql.h:30
bool permissive
Definition: uavc.c:41
Definition: uavc.c:30
int errcode(int sqlerrcode)
Definition: elog.c:610
bool sepgsql_getenforce(void)
Definition: selinux.c:651
static char * sepgsql_avc_unlabeled(void)
Definition: uavc.c:170
uint32 allowed
Definition: uavc.c:37
uint32 auditallow
Definition: uavc.c:38
static avc_cache * sepgsql_avc_lookup(const char *scontext, const char *tcontext, uint16 tclass)
Definition: uavc.c:297
#define SEPGSQL_AVC_NOAUDIT
Definition: sepgsql.h:256
uint16 tclass
Definition: uavc.c:35
int sepgsql_get_mode(void)
Definition: selinux.c:625
bool tcontext_is_valid
Definition: uavc.c:43
#define ERROR
Definition: elog.h:43
void sepgsql_audit_log(bool denied, const char *scontext, const char *tcontext, uint16 tclass, uint32 audited, const char *audit_name)
Definition: selinux.c:678
char * tcontext
Definition: uavc.c:34
bool sepgsql_get_debug_audit(void)
Definition: hooks.c:75
char * scontext
Definition: uavc.c:33
unsigned int uint32
Definition: c.h:374
#define ereport(elevel,...)
Definition: elog.h:144
char * sepgsql_get_client_label(void)
Definition: label.c:81
static bool sepgsql_avc_check_valid(void)
Definition: uavc.c:152
uint32 auditdeny
Definition: uavc.c:39
int errmsg(const char *fmt,...)
Definition: elog.c:824

◆ sepgsql_avc_init()

void sepgsql_avc_init ( void  )

Definition at line 487 of file uavc.c.

References ALLOCSET_DEFAULT_SIZES, AllocSetContextCreate, AVC_DEF_THRESHOLD, avc_lru_hint, avc_num_caches, avc_threshold, ereport, errcode(), errmsg(), ERROR, LOG, on_proc_exit(), sepgsql_avc_exit(), and TopMemoryContext.

Referenced by _PG_init().

488 {
489  int rc;
490 
491  /*
492  * All the avc stuff shall be allocated in avc_mem_cxt
493  */
495  "userspace access vector cache",
497  memset(avc_slots, 0, sizeof(avc_slots));
498  avc_num_caches = 0;
499  avc_lru_hint = 0;
501 
502  /*
503  * SELinux allows to mmap(2) its kernel status page in read-only mode to
504  * inform userspace applications its status updating (such as policy
505  * reloading) without system-call invocations. This feature is only
506  * supported in Linux-2.6.38 or later, however, libselinux provides a
507  * fallback mode to know its status using netlink sockets.
508  */
509  rc = selinux_status_open(1);
510  if (rc < 0)
511  ereport(ERROR,
512  (errcode(ERRCODE_INTERNAL_ERROR),
513  errmsg("SELinux: could not open selinux status : %m")));
514  else if (rc > 0)
515  ereport(LOG,
516  (errmsg("SELinux: kernel status page uses fallback mode")));
517 
518  /* Arrange to close selinux status page on process exit. */
520 }
#define AllocSetContextCreate
Definition: memutils.h:170
#define AVC_DEF_THRESHOLD
Definition: uavc.c:54
void on_proc_exit(pg_on_exit_callback function, Datum arg)
Definition: ipc.c:305
int errcode(int sqlerrcode)
Definition: elog.c:610
#define LOG
Definition: elog.h:26
static MemoryContext avc_mem_cxt
Definition: uavc.c:56
#define ERROR
Definition: elog.h:43
#define ALLOCSET_DEFAULT_SIZES
Definition: memutils.h:192
static void sepgsql_avc_exit(int code, Datum arg)
Definition: uavc.c:476
static int avc_lru_hint
Definition: uavc.c:59
MemoryContext TopMemoryContext
Definition: mcxt.c:44
static int avc_num_caches
Definition: uavc.c:58
#define ereport(elevel,...)
Definition: elog.h:144
static List * avc_slots[AVC_NUM_SLOTS]
Definition: uavc.c:57
int errmsg(const char *fmt,...)
Definition: elog.c:824
static int avc_threshold
Definition: uavc.c:60

◆ sepgsql_avc_trusted_proc()

char* sepgsql_avc_trusted_proc ( Oid  functionId)

Definition at line 444 of file uavc.c.

References ObjectAddress::classId, GetSecurityLabel(), avc_cache::ncontext, ObjectAddress::objectId, ObjectAddress::objectSubId, SEPG_CLASS_DB_PROCEDURE, sepgsql_avc_check_valid(), sepgsql_avc_lookup(), sepgsql_avc_unlabeled(), sepgsql_get_client_label(), and SEPGSQL_LABEL_TAG.

Referenced by sepgsql_fmgr_hook(), and sepgsql_needs_fmgr_hook().

445 {
446  char *scontext = sepgsql_get_client_label();
447  char *tcontext;
448  ObjectAddress tobject;
449  avc_cache *cache;
450 
451  tobject.classId = ProcedureRelationId;
452  tobject.objectId = functionId;
453  tobject.objectSubId = 0;
454  tcontext = GetSecurityLabel(&tobject, SEPGSQL_LABEL_TAG);
455 
457  do
458  {
459  if (tcontext)
460  cache = sepgsql_avc_lookup(scontext, tcontext,
462  else
463  cache = sepgsql_avc_lookup(scontext, sepgsql_avc_unlabeled(),
465  } while (!sepgsql_avc_check_valid());
466 
467  return cache->ncontext;
468 }
char * ncontext
Definition: uavc.c:45
Definition: uavc.c:30
static char * sepgsql_avc_unlabeled(void)
Definition: uavc.c:170
static avc_cache * sepgsql_avc_lookup(const char *scontext, const char *tcontext, uint16 tclass)
Definition: uavc.c:297
char * GetSecurityLabel(const ObjectAddress *object, const char *provider)
Definition: seclabel.c:269
#define SEPG_CLASS_DB_PROCEDURE
Definition: sepgsql.h:48
#define SEPGSQL_LABEL_TAG
Definition: sepgsql.h:23
char * sepgsql_get_client_label(void)
Definition: label.c:81
static bool sepgsql_avc_check_valid(void)
Definition: uavc.c:152

◆ sepgsql_check_perms()

bool sepgsql_check_perms ( const char *  scontext,
const char *  tcontext,
uint16  tclass,
uint32  required,
const char *  audit_name,
bool  abort_on_violation 
)

Definition at line 899 of file selinux.c.

References ereport, errcode(), errmsg(), ERROR, generate_unaccent_rules::required, sepgsql_audit_log(), sepgsql_compute_avd(), sepgsql_get_debug_audit(), sepgsql_getenforce(), sepgsql_mode, and SEPGSQL_MODE_INTERNAL.

905 {
906  struct av_decision avd;
907  uint32 denied;
908  uint32 audited;
909  bool result = true;
910 
911  sepgsql_compute_avd(scontext, tcontext, tclass, &avd);
912 
913  denied = required & ~avd.allowed;
914 
916  audited = (denied ? denied : required);
917  else
918  audited = (denied ? (denied & avd.auditdeny)
919  : (required & avd.auditallow));
920 
921  if (denied &&
922  sepgsql_getenforce() > 0 &&
923  (avd.flags & SELINUX_AVD_FLAGS_PERMISSIVE) == 0)
924  result = false;
925 
926  /*
927  * It records a security audit for the request, if needed. But, when
928  * SE-PgSQL performs 'internal' mode, it needs to keep silent.
929  */
930  if (audited && sepgsql_mode != SEPGSQL_MODE_INTERNAL)
931  {
932  sepgsql_audit_log(denied,
933  scontext,
934  tcontext,
935  tclass,
936  audited,
937  audit_name);
938  }
939 
940  if (!result && abort_on_violation)
941  ereport(ERROR,
942  (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
943  errmsg("SELinux: security policy violation")));
944  return result;
945 }
#define SEPGSQL_MODE_INTERNAL
Definition: sepgsql.h:30
static int sepgsql_mode
Definition: selinux.c:610
void sepgsql_compute_avd(const char *scontext, const char *tcontext, uint16 tclass, struct av_decision *avd)
Definition: selinux.c:733
int errcode(int sqlerrcode)
Definition: elog.c:610
bool sepgsql_getenforce(void)
Definition: selinux.c:651
#define ERROR
Definition: elog.h:43
void sepgsql_audit_log(bool denied, const char *scontext, const char *tcontext, uint16 tclass, uint32 audited, const char *audit_name)
Definition: selinux.c:678
bool sepgsql_get_debug_audit(void)
Definition: hooks.c:75
unsigned int uint32
Definition: c.h:374
#define ereport(elevel,...)
Definition: elog.h:144
int errmsg(const char *fmt,...)
Definition: elog.c:824

◆ sepgsql_compute_avd()

void sepgsql_compute_avd ( const char *  scontext,
const char *  tcontext,
uint16  tclass,
struct av_decision *  avd 
)

Definition at line 733 of file selinux.c.

References Assert, av_code, av_name, class_code, ereport, errcode(), errmsg(), ERROR, i, selinux_catalog, and SEPG_CLASS_MAX.

Referenced by sepgsql_avc_compute(), and sepgsql_check_perms().

737 {
738  const char *tclass_name;
739  security_class_t tclass_ex;
740  struct av_decision avd_ex;
741  int i,
742  deny_unknown = security_deny_unknown();
743 
744  /* Get external code of the object class */
745  Assert(tclass < SEPG_CLASS_MAX);
746  Assert(tclass == selinux_catalog[tclass].class_code);
747 
748  tclass_name = selinux_catalog[tclass].class_name;
749  tclass_ex = string_to_security_class(tclass_name);
750 
751  if (tclass_ex == 0)
752  {
753  /*
754  * If the current security policy does not support permissions
755  * corresponding to database objects, we fill up them with dummy data.
756  * If security_deny_unknown() returns positive value, undefined
757  * permissions should be denied. Otherwise, allowed
758  */
759  avd->allowed = (security_deny_unknown() > 0 ? 0 : ~0);
760  avd->auditallow = 0U;
761  avd->auditdeny = ~0U;
762  avd->flags = 0;
763 
764  return;
765  }
766 
767  /*
768  * Ask SELinux what is allowed set of permissions on a pair of the
769  * security contexts and the given object class.
770  */
771  if (security_compute_av_flags_raw(scontext,
772  tcontext,
773  tclass_ex, 0, &avd_ex) < 0)
774  ereport(ERROR,
775  (errcode(ERRCODE_INTERNAL_ERROR),
776  errmsg("SELinux could not compute av_decision: "
777  "scontext=%s tcontext=%s tclass=%s: %m",
778  scontext, tcontext, tclass_name)));
779 
780  /*
781  * SELinux returns its access control decision as a set of permissions
782  * represented in external code which depends on run-time environment. So,
783  * we need to translate it to the internal representation before returning
784  * results for the caller.
785  */
786  memset(avd, 0, sizeof(struct av_decision));
787 
788  for (i = 0; selinux_catalog[tclass].av[i].av_name; i++)
789  {
790  access_vector_t av_code_ex;
791  const char *av_name = selinux_catalog[tclass].av[i].av_name;
792  uint32 av_code = selinux_catalog[tclass].av[i].av_code;
793 
794  av_code_ex = string_to_av_perm(tclass_ex, av_name);
795  if (av_code_ex == 0)
796  {
797  /* fill up undefined permissions */
798  if (!deny_unknown)
799  avd->allowed |= av_code;
800  avd->auditdeny |= av_code;
801 
802  continue;
803  }
804 
805  if (avd_ex.allowed & av_code_ex)
806  avd->allowed |= av_code;
807  if (avd_ex.auditallow & av_code_ex)
808  avd->auditallow |= av_code;
809  if (avd_ex.auditdeny & av_code_ex)
810  avd->auditdeny |= av_code;
811  }
812 }
static struct @17 selinux_catalog[]
#define SEPG_CLASS_MAX
Definition: sepgsql.h:54
const char * av_name
Definition: selinux.c:36
int errcode(int sqlerrcode)
Definition: elog.c:610
#define ERROR
Definition: elog.h:43
uint32 av_code
Definition: selinux.c:37
unsigned int uint32
Definition: c.h:374
#define ereport(elevel,...)
Definition: elog.h:144
uint16 class_code
Definition: selinux.c:33
#define Assert(condition)
Definition: c.h:745
int errmsg(const char *fmt,...)
Definition: elog.c:824
int i

◆ sepgsql_compute_create()

char* sepgsql_compute_create ( const char *  scontext,
const char *  tcontext,
uint16  tclass,
const char *  objname 
)

Definition at line 836 of file selinux.c.

References Assert, ereport, errcode(), errmsg(), ERROR, PG_END_TRY, PG_FINALLY, PG_TRY, pstrdup(), selinux_catalog, and SEPG_CLASS_MAX.

Referenced by sepgsql_attribute_post_create(), sepgsql_avc_compute(), sepgsql_database_post_create(), sepgsql_proc_post_create(), sepgsql_relation_post_create(), and sepgsql_schema_post_create().

840 {
841  char *ncontext;
842  security_class_t tclass_ex;
843  const char *tclass_name;
844  char *result;
845 
846  /* Get external code of the object class */
847  Assert(tclass < SEPG_CLASS_MAX);
848 
849  tclass_name = selinux_catalog[tclass].class_name;
850  tclass_ex = string_to_security_class(tclass_name);
851 
852  /*
853  * Ask SELinux what is the default context for the given object class on a
854  * pair of security contexts
855  */
856  if (security_compute_create_name_raw(scontext,
857  tcontext,
858  tclass_ex,
859  objname,
860  &ncontext) < 0)
861  ereport(ERROR,
862  (errcode(ERRCODE_INTERNAL_ERROR),
863  errmsg("SELinux could not compute a new context: "
864  "scontext=%s tcontext=%s tclass=%s: %m",
865  scontext, tcontext, tclass_name)));
866 
867  /*
868  * libselinux returns malloc()'ed string, so we need to copy it on the
869  * palloc()'ed region.
870  */
871  PG_TRY();
872  {
873  result = pstrdup(ncontext);
874  }
875  PG_FINALLY();
876  {
877  freecon(ncontext);
878  }
879  PG_END_TRY();
880 
881  return result;
882 }
static struct @17 selinux_catalog[]
#define SEPG_CLASS_MAX
Definition: sepgsql.h:54
char * pstrdup(const char *in)
Definition: mcxt.c:1187
int errcode(int sqlerrcode)
Definition: elog.c:610
#define ERROR
Definition: elog.h:43
#define PG_FINALLY()
Definition: elog.h:312
#define ereport(elevel,...)
Definition: elog.h:144
#define Assert(condition)
Definition: c.h:745
int errmsg(const char *fmt,...)
Definition: elog.c:824
#define PG_TRY()
Definition: elog.h:295
#define PG_END_TRY()
Definition: elog.h:320

◆ sepgsql_database_drop()

void sepgsql_database_drop ( Oid  databaseId)

Definition at line 134 of file database.c.

References ObjectAddress::classId, getObjectIdentity(), pfree(), SEPG_CLASS_DB_DATABASE, SEPG_DB_DATABASE__DROP, and sepgsql_avc_check_perms().

Referenced by sepgsql_object_access().

135 {
136  ObjectAddress object;
137  char *audit_name;
138 
139  /*
140  * check db_database:{drop} permission
141  */
142  object.classId = DatabaseRelationId;
143  object.objectId = databaseId;
144  object.objectSubId = 0;
145  audit_name = getObjectIdentity(&object, false);
146 
147  sepgsql_avc_check_perms(&object,
150  audit_name,
151  true);
152  pfree(audit_name);
153 }
bool sepgsql_avc_check_perms(const ObjectAddress *tobject, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:419
#define SEPG_CLASS_DB_DATABASE
Definition: sepgsql.h:44
void pfree(void *pointer)
Definition: mcxt.c:1057
char * getObjectIdentity(const ObjectAddress *object, bool missing_ok)
#define SEPG_DB_DATABASE__DROP
Definition: sepgsql.h:119

◆ sepgsql_database_post_create()

void sepgsql_database_post_create ( Oid  databaseId,
const char *  dtemplate 
)

Definition at line 34 of file database.c.

References AccessShareLock, appendStringInfoString(), BTEqualStrategyNumber, StringInfoData::data, DatabaseOidIndexId, elog, ERROR, get_database_oid(), GETSTRUCT, HeapTupleIsValid, initStringInfo(), NameStr, ObjectIdGetDatum, pfree(), quote_identifier(), resetStringInfo(), ScanKeyInit(), SEPG_CLASS_DB_DATABASE, SEPG_DB_DATABASE__CREATE, SEPG_DB_DATABASE__GETATTR, sepgsql_avc_check_perms_label(), sepgsql_compute_create(), sepgsql_get_client_label(), sepgsql_get_label(), SEPGSQL_LABEL_TAG, SetSecurityLabel(), SnapshotSelf, systable_beginscan(), systable_endscan(), systable_getnext(), table_close(), and table_open().

Referenced by sepgsql_object_access().

35 {
36  Relation rel;
37  ScanKeyData skey;
38  SysScanDesc sscan;
39  HeapTuple tuple;
40  char *tcontext;
41  char *ncontext;
42  ObjectAddress object;
43  Form_pg_database datForm;
44  StringInfoData audit_name;
45 
46  /*
47  * Oid of the source database is not saved in pg_database catalog, so we
48  * collect its identifier using contextual information. If NULL, its
49  * default is "template1" according to createdb().
50  */
51  if (!dtemplate)
52  dtemplate = "template1";
53 
54  object.classId = DatabaseRelationId;
55  object.objectId = get_database_oid(dtemplate, false);
56  object.objectSubId = 0;
57 
58  tcontext = sepgsql_get_label(object.classId,
59  object.objectId,
60  object.objectSubId);
61 
62  /*
63  * check db_database:{getattr} permission
64  */
65  initStringInfo(&audit_name);
66  appendStringInfoString(&audit_name, quote_identifier(dtemplate));
70  audit_name.data,
71  true);
72 
73  /*
74  * Compute a default security label of the newly created database based on
75  * a pair of security label of client and source database.
76  *
77  * XXX - upcoming version of libselinux supports to take object name to
78  * handle special treatment on default security label.
79  */
80  rel = table_open(DatabaseRelationId, AccessShareLock);
81 
82  ScanKeyInit(&skey,
83  Anum_pg_database_oid,
84  BTEqualStrategyNumber, F_OIDEQ,
85  ObjectIdGetDatum(databaseId));
86 
87  sscan = systable_beginscan(rel, DatabaseOidIndexId, true,
88  SnapshotSelf, 1, &skey);
89  tuple = systable_getnext(sscan);
90  if (!HeapTupleIsValid(tuple))
91  elog(ERROR, "could not find tuple for database %u", databaseId);
92 
93  datForm = (Form_pg_database) GETSTRUCT(tuple);
94 
96  tcontext,
98  NameStr(datForm->datname));
99 
100  /*
101  * check db_database:{create} permission
102  */
103  resetStringInfo(&audit_name);
104  appendStringInfoString(&audit_name,
105  quote_identifier(NameStr(datForm->datname)));
109  audit_name.data,
110  true);
111 
112  systable_endscan(sscan);
114 
115  /*
116  * Assign the default security label on the new database
117  */
118  object.classId = DatabaseRelationId;
119  object.objectId = databaseId;
120  object.objectSubId = 0;
121 
122  SetSecurityLabel(&object, SEPGSQL_LABEL_TAG, ncontext);
123 
124  pfree(ncontext);
125  pfree(tcontext);
126 }
bool sepgsql_avc_check_perms_label(const char *tcontext, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:337
void table_close(Relation relation, LOCKMODE lockmode)
Definition: table.c:167
void systable_endscan(SysScanDesc sysscan)
Definition: genam.c:569
#define GETSTRUCT(TUP)
Definition: htup_details.h:655
void SetSecurityLabel(const ObjectAddress *object, const char *provider, const char *label)
Definition: seclabel.c:401
const char * quote_identifier(const char *ident)
Definition: ruleutils.c:10706
FormData_pg_database * Form_pg_database
Definition: pg_database.h:81
char * sepgsql_get_label(Oid classId, Oid objectId, int32 subId)
Definition: label.c:446
#define AccessShareLock
Definition: lockdefs.h:36
#define SEPG_CLASS_DB_DATABASE
Definition: sepgsql.h:44
SysScanDesc systable_beginscan(Relation heapRelation, Oid indexId, bool indexOK, Snapshot snapshot, int nkeys, ScanKey key)
Definition: genam.c:357
HeapTuple systable_getnext(SysScanDesc sysscan)
Definition: genam.c:476
#define SEPG_DB_DATABASE__CREATE
Definition: sepgsql.h:118
void pfree(void *pointer)
Definition: mcxt.c:1057
#define ObjectIdGetDatum(X)
Definition: postgres.h:507
#define ERROR
Definition: elog.h:43
void appendStringInfoString(StringInfo str, const char *s)
Definition: stringinfo.c:176
#define SnapshotSelf
Definition: snapmgr.h:67
#define DatabaseOidIndexId
Definition: indexing.h:157
#define SEPGSQL_LABEL_TAG
Definition: sepgsql.h:23
void resetStringInfo(StringInfo str)
Definition: stringinfo.c:75
#define SEPG_DB_DATABASE__GETATTR
Definition: sepgsql.h:120
void initStringInfo(StringInfo str)
Definition: stringinfo.c:59
Oid get_database_oid(const char *dbname, bool missing_ok)
Definition: dbcommands.c:2108
#define HeapTupleIsValid(tuple)
Definition: htup.h:78
char * sepgsql_get_client_label(void)
Definition: label.c:81
char * sepgsql_compute_create(const char *scontext, const char *tcontext, uint16 tclass, const char *objname)
Definition: selinux.c:836
#define elog(elevel,...)
Definition: elog.h:214
#define NameStr(name)
Definition: c.h:622
void ScanKeyInit(ScanKey entry, AttrNumber attributeNumber, StrategyNumber strategy, RegProcedure procedure, Datum argument)
Definition: scankey.c:76
Relation table_open(Oid relationId, LOCKMODE lockmode)
Definition: table.c:39
#define BTEqualStrategyNumber
Definition: stratnum.h:31

◆ sepgsql_database_relabel()

void sepgsql_database_relabel ( Oid  databaseId,
const char *  seclabel 
)

Definition at line 188 of file database.c.

References ObjectAddress::classId, getObjectIdentity(), pfree(), SEPG_CLASS_DB_DATABASE, SEPG_DB_DATABASE__RELABELFROM, SEPG_DB_DATABASE__RELABELTO, SEPG_DB_DATABASE__SETATTR, sepgsql_avc_check_perms(), and sepgsql_avc_check_perms_label().

Referenced by sepgsql_object_relabel().

189 {
190  ObjectAddress object;
191  char *audit_name;
192 
193  object.classId = DatabaseRelationId;
194  object.objectId = databaseId;
195  object.objectSubId = 0;
196  audit_name = getObjectIdentity(&object, false);
197 
198  /*
199  * check db_database:{setattr relabelfrom} permission
200  */
201  sepgsql_avc_check_perms(&object,
205  audit_name,
206  true);
207 
208  /*
209  * check db_database:{relabelto} permission
210  */
214  audit_name,
215  true);
216  pfree(audit_name);
217 }
bool sepgsql_avc_check_perms_label(const char *tcontext, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:337
bool sepgsql_avc_check_perms(const ObjectAddress *tobject, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:419
#define SEPG_DB_DATABASE__RELABELFROM
Definition: sepgsql.h:122
#define SEPG_CLASS_DB_DATABASE
Definition: sepgsql.h:44
void pfree(void *pointer)
Definition: mcxt.c:1057
char * getObjectIdentity(const ObjectAddress *object, bool missing_ok)
#define SEPG_DB_DATABASE__SETATTR
Definition: sepgsql.h:121
#define SEPG_DB_DATABASE__RELABELTO
Definition: sepgsql.h:123

◆ sepgsql_database_setattr()

void sepgsql_database_setattr ( Oid  databaseId)

Definition at line 161 of file database.c.

References ObjectAddress::classId, getObjectIdentity(), pfree(), SEPG_CLASS_DB_DATABASE, SEPG_DB_DATABASE__SETATTR, and sepgsql_avc_check_perms().

Referenced by sepgsql_object_access().

162 {
163  ObjectAddress object;
164  char *audit_name;
165 
166  /*
167  * check db_database:{setattr} permission
168  */
169  object.classId = DatabaseRelationId;
170  object.objectId = databaseId;
171  object.objectSubId = 0;
172  audit_name = getObjectIdentity(&object, false);
173 
174  sepgsql_avc_check_perms(&object,
177  audit_name,
178  true);
179  pfree(audit_name);
180 }
bool sepgsql_avc_check_perms(const ObjectAddress *tobject, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:419
#define SEPG_CLASS_DB_DATABASE
Definition: sepgsql.h:44
void pfree(void *pointer)
Definition: mcxt.c:1057
char * getObjectIdentity(const ObjectAddress *object, bool missing_ok)
#define SEPG_DB_DATABASE__SETATTR
Definition: sepgsql.h:121

◆ sepgsql_dml_privileges()

bool sepgsql_dml_privileges ( List rangeTabls,
bool  abort_on_violation 
)

Definition at line 280 of file dml.c.

References ACL_DELETE, ACL_INSERT, ACL_SELECT, ACL_UPDATE, bms_is_empty(), check_relation_privileges(), find_all_inheritors(), fixup_inherited_columns(), RangeTblEntry::inh, RangeTblEntry::insertedCols, lfirst, lfirst_oid, list_free(), list_make1_oid, NoLock, RangeTblEntry::relid, generate_unaccent_rules::required, RangeTblEntry::requiredPerms, RTE_RELATION, RangeTblEntry::rtekind, RangeTblEntry::selectedCols, SEPG_DB_TABLE__DELETE, SEPG_DB_TABLE__INSERT, SEPG_DB_TABLE__LOCK, SEPG_DB_TABLE__SELECT, SEPG_DB_TABLE__UPDATE, and RangeTblEntry::updatedCols.

Referenced by sepgsql_exec_check_perms().

281 {
282  ListCell *lr;
283 
284  foreach(lr, rangeTabls)
285  {
286  RangeTblEntry *rte = lfirst(lr);
287  uint32 required = 0;
288  List *tableIds;
289  ListCell *li;
290 
291  /*
292  * Only regular relations shall be checked
293  */
294  if (rte->rtekind != RTE_RELATION)
295  continue;
296 
297  /*
298  * Find out required permissions
299  */
300  if (rte->requiredPerms & ACL_SELECT)
301  required |= SEPG_DB_TABLE__SELECT;
302  if (rte->requiredPerms & ACL_INSERT)
303  required |= SEPG_DB_TABLE__INSERT;
304  if (rte->requiredPerms & ACL_UPDATE)
305  {
306  if (!bms_is_empty(rte->updatedCols))
307  required |= SEPG_DB_TABLE__UPDATE;
308  else
309  required |= SEPG_DB_TABLE__LOCK;
310  }
311  if (rte->requiredPerms & ACL_DELETE)
312  required |= SEPG_DB_TABLE__DELETE;
313 
314  /*
315  * Skip, if nothing to be checked
316  */
317  if (required == 0)
318  continue;
319 
320  /*
321  * If this RangeTblEntry is also supposed to reference inherited
322  * tables, we need to check security label of the child tables. So, we
323  * expand rte->relid into list of OIDs of inheritance hierarchy, then
324  * checker routine will be invoked for each relations.
325  */
326  if (!rte->inh)
327  tableIds = list_make1_oid(rte->relid);
328  else
329  tableIds = find_all_inheritors(rte->relid, NoLock, NULL);
330 
331  foreach(li, tableIds)
332  {
333  Oid tableOid = lfirst_oid(li);
334  Bitmapset *selectedCols;
335  Bitmapset *insertedCols;
336  Bitmapset *updatedCols;
337 
338  /*
339  * child table has different attribute numbers, so we need to fix
340  * up them.
341  */
342  selectedCols = fixup_inherited_columns(rte->relid, tableOid,
343  rte->selectedCols);
344  insertedCols = fixup_inherited_columns(rte->relid, tableOid,
345  rte->insertedCols);
346  updatedCols = fixup_inherited_columns(rte->relid, tableOid,
347  rte->updatedCols);
348 
349  /*
350  * check permissions on individual tables
351  */
352  if (!check_relation_privileges(tableOid,
353  selectedCols,
354  insertedCols,
355  updatedCols,
356  required, abort_on_violation))
357  return false;
358  }
359  list_free(tableIds);
360  }
361  return true;
362 }
static bool check_relation_privileges(Oid relOid, Bitmapset *selected, Bitmapset *inserted, Bitmapset *updated, uint32 required, bool abort_on_violation)
Definition: dml.c:141
#define SEPG_DB_TABLE__DELETE
Definition: sepgsql.h:146
static Bitmapset * fixup_inherited_columns(Oid parentId, Oid childId, Bitmapset *columns)
Definition: dml.c:92
#define ACL_DELETE
Definition: parsenodes.h:77
AclMode requiredPerms
Definition: parsenodes.h:1120
unsigned int Oid
Definition: postgres_ext.h:31
#define SEPG_DB_TABLE__SELECT
Definition: sepgsql.h:143
Bitmapset * selectedCols
Definition: parsenodes.h:1122
#define SEPG_DB_TABLE__UPDATE
Definition: sepgsql.h:144
#define NoLock
Definition: lockdefs.h:34
#define SEPG_DB_TABLE__INSERT
Definition: sepgsql.h:145
unsigned int uint32
Definition: c.h:374
bool bms_is_empty(const Bitmapset *a)
Definition: bitmapset.c:701
#define ACL_UPDATE
Definition: parsenodes.h:76
#define ACL_SELECT
Definition: parsenodes.h:75
#define list_make1_oid(x1)
Definition: pg_list.h:249
Bitmapset * updatedCols
Definition: parsenodes.h:1124
#define lfirst(lc)
Definition: pg_list.h:190
#define ACL_INSERT
Definition: parsenodes.h:74
RTEKind rtekind
Definition: parsenodes.h:977
List * find_all_inheritors(Oid parentrelId, LOCKMODE lockmode, List **numparents)
Definition: pg_inherits.c:165
void list_free(List *list)
Definition: list.c:1376
Bitmapset * insertedCols
Definition: parsenodes.h:1123
Definition: pg_list.h:50
#define SEPG_DB_TABLE__LOCK
Definition: sepgsql.h:147
#define lfirst_oid(lc)
Definition: pg_list.h:192

◆ sepgsql_get_client_label()

char* sepgsql_get_client_label ( void  )

Definition at line 81 of file label.c.

References Assert, client_label_committed, client_label_func, client_label_peer, pending_label::label, and llast.

Referenced by sepgsql_attribute_post_create(), sepgsql_avc_check_perms_label(), sepgsql_avc_trusted_proc(), sepgsql_database_post_create(), sepgsql_getcon(), sepgsql_proc_post_create(), sepgsql_relation_post_create(), sepgsql_schema_post_create(), and sepgsql_set_client_label().

82 {
83  /* trusted procedure client label override */
85  return client_label_func;
86 
87  /* uncommitted sepgsql_setcon() value */
89  {
91 
92  if (plabel->label)
93  return plabel->label;
94  }
95  else if (client_label_committed)
96  return client_label_committed; /* set by sepgsql_setcon() committed */
97 
98  /* default label */
99  Assert(client_label_peer != NULL);
100  return client_label_peer;
101 }
static char * client_label_func
Definition: label.c:65
static char * client_label_committed
Definition: label.c:63
#define llast(l)
Definition: pg_list.h:215
char * label
Definition: label.c:70
static List * client_label_pending
Definition: label.c:61
#define Assert(condition)
Definition: c.h:745
static char * client_label_peer
Definition: label.c:60

◆ sepgsql_get_debug_audit()

bool sepgsql_get_debug_audit ( void  )

Definition at line 75 of file hooks.c.

References sepgsql_debug_audit.

Referenced by sepgsql_avc_check_perms_label(), and sepgsql_check_perms().

76 {
77  return sepgsql_debug_audit;
78 }
static bool sepgsql_debug_audit
Definition: hooks.c:72

◆ sepgsql_get_label()

char* sepgsql_get_label ( Oid  classId,
Oid  objectId,
int32  subId 
)

Definition at line 446 of file label.c.

References ereport, errcode(), errmsg(), ERROR, GetSecurityLabel(), label, PG_END_TRY, PG_FINALLY, PG_TRY, pstrdup(), and SEPGSQL_LABEL_TAG.

Referenced by sepgsql_attribute_post_create(), sepgsql_database_post_create(), sepgsql_proc_post_create(), sepgsql_relation_post_create(), and sepgsql_schema_post_create().

447 {
448  ObjectAddress object;
449  char *label;
450 
451  object.classId = classId;
452  object.objectId = objectId;
453  object.objectSubId = subId;
454 
455  label = GetSecurityLabel(&object, SEPGSQL_LABEL_TAG);
456  if (!label || security_check_context_raw(label))
457  {
458  char *unlabeled;
459 
460  if (security_get_initial_context_raw("unlabeled", &unlabeled) < 0)
461  ereport(ERROR,
462  (errcode(ERRCODE_INTERNAL_ERROR),
463  errmsg("SELinux: failed to get initial security label: %m")));
464  PG_TRY();
465  {
466  label = pstrdup(unlabeled);
467  }
468  PG_FINALLY();
469  {
470  freecon(unlabeled);
471  }
472  PG_END_TRY();
473  }
474  return label;
475 }
char * pstrdup(const char *in)
Definition: mcxt.c:1187
int errcode(int sqlerrcode)
Definition: elog.c:610
#define ERROR
Definition: elog.h:43
char * GetSecurityLabel(const ObjectAddress *object, const char *provider)
Definition: seclabel.c:269
#define SEPGSQL_LABEL_TAG
Definition: sepgsql.h:23
#define PG_FINALLY()
Definition: elog.h:312
static char * label
#define ereport(elevel,...)
Definition: elog.h:144
int errmsg(const char *fmt,...)
Definition: elog.c:824
#define PG_TRY()
Definition: elog.h:295
#define PG_END_TRY()
Definition: elog.h:320

◆ sepgsql_get_mode()

int sepgsql_get_mode ( void  )

Definition at line 625 of file selinux.c.

References sepgsql_mode.

Referenced by sepgsql_avc_check_perms_label().

626 {
627  return sepgsql_mode;
628 }
static int sepgsql_mode
Definition: selinux.c:610

◆ sepgsql_get_permissive()

bool sepgsql_get_permissive ( void  )

Definition at line 64 of file hooks.c.

References sepgsql_permissive.

Referenced by sepgsql_client_auth().

65 {
66  return sepgsql_permissive;
67 }
static bool sepgsql_permissive
Definition: hooks.c:61

◆ sepgsql_getenforce()

bool sepgsql_getenforce ( void  )

Definition at line 651 of file selinux.c.

References sepgsql_mode, and SEPGSQL_MODE_DEFAULT.

Referenced by check_relation_privileges(), sepgsql_avc_check_perms_label(), sepgsql_check_perms(), and sepgsql_utility_command().

652 {
654  selinux_status_getenforce() > 0)
655  return true;
656 
657  return false;
658 }
static int sepgsql_mode
Definition: selinux.c:610
#define SEPGSQL_MODE_DEFAULT
Definition: sepgsql.h:28

◆ sepgsql_init_client_label()

void sepgsql_init_client_label ( void  )

Definition at line 405 of file label.c.

References client_label_peer, ClientAuthentication_hook, ereport, errcode(), errmsg(), ERROR, fmgr_hook, needs_fmgr_hook, next_client_auth_hook, next_fmgr_hook, next_needs_fmgr_hook, RegisterSubXactCallback(), RegisterXactCallback(), sepgsql_client_auth(), sepgsql_fmgr_hook(), sepgsql_needs_fmgr_hook(), sepgsql_subxact_callback(), and sepgsql_xact_callback().

Referenced by _PG_init().

406 {
407  /*
408  * Set up dummy client label.
409  *
410  * XXX - note that PostgreSQL launches background worker process like
411  * autovacuum without authentication steps. So, we initialize sepgsql_mode
412  * with SEPGSQL_MODE_INTERNAL, and client_label with the security context
413  * of server process. Later, it also launches background of user session.
414  * In this case, the process is always hooked on post-authentication, and
415  * we can initialize the sepgsql_mode and client_label correctly.
416  */
417  if (getcon_raw(&client_label_peer) < 0)
418  ereport(ERROR,
419  (errcode(ERRCODE_INTERNAL_ERROR),
420  errmsg("SELinux: failed to get server security label: %m")));
421 
422  /* Client authentication hook */
425 
426  /* Trusted procedure hooks */
429 
432 
433  /* Transaction/Sub-transaction callbacks */
436 }
int errcode(int sqlerrcode)
Definition: elog.c:610
static void sepgsql_xact_callback(XactEvent event, void *arg)
Definition: label.c:166
static ClientAuthentication_hook_type next_client_auth_hook
Definition: label.c:43
static bool sepgsql_needs_fmgr_hook(Oid functionId)
Definition: label.c:269
#define ERROR
Definition: elog.h:43
ClientAuthentication_hook_type ClientAuthentication_hook
Definition: auth.c:241
static void sepgsql_client_auth(Port *port, int status)
Definition: label.c:231
static needs_fmgr_hook_type next_needs_fmgr_hook
Definition: label.c:44
void RegisterSubXactCallback(SubXactCallback callback, void *arg)
Definition: xact.c:3583
PGDLLIMPORT fmgr_hook_type fmgr_hook
Definition: fmgr.c:39
PGDLLIMPORT needs_fmgr_hook_type needs_fmgr_hook
Definition: fmgr.c:38
#define ereport(elevel,...)
Definition: elog.h:144
static void sepgsql_subxact_callback(SubXactEvent event, SubTransactionId mySubid, SubTransactionId parentSubid, void *arg)
Definition: label.c:205
void RegisterXactCallback(XactCallback callback, void *arg)
Definition: xact.c:3528
static char * client_label_peer
Definition: label.c:60
static void sepgsql_fmgr_hook(FmgrHookEventType event, FmgrInfo *flinfo, Datum *private)
Definition: label.c:312
int errmsg(const char *fmt,...)
Definition: elog.c:824
static fmgr_hook_type next_fmgr_hook
Definition: label.c:45

◆ sepgsql_is_enabled()

bool sepgsql_is_enabled ( void  )

Definition at line 616 of file selinux.c.

References sepgsql_mode, and SEPGSQL_MODE_DISABLED.

Referenced by sepgsql_getcon(), sepgsql_mcstrans_in(), sepgsql_mcstrans_out(), and sepgsql_restorecon().

617 {
618  return (sepgsql_mode != SEPGSQL_MODE_DISABLED ? true : false);
619 }
static int sepgsql_mode
Definition: selinux.c:610
#define SEPGSQL_MODE_DISABLED
Definition: sepgsql.h:31

◆ sepgsql_object_relabel()

void sepgsql_object_relabel ( const ObjectAddress object,
const char *  seclabel 
)

Definition at line 483 of file label.c.

References ObjectAddress::classId, ereport, errcode(), errmsg(), ERROR, getObjectTypeDescription(), ObjectAddress::objectId, ObjectAddress::objectSubId, PG_FUNCTION_INFO_V1(), sepgsql_attribute_relabel(), sepgsql_database_relabel(), sepgsql_getcon(), sepgsql_proc_relabel(), sepgsql_relation_relabel(), and sepgsql_schema_relabel().

Referenced by _PG_init(), and exec_object_restorecon().

484 {
485  /*
486  * validate format of the supplied security label, if it is security
487  * context of selinux.
488  */
489  if (seclabel &&
490  security_check_context_raw(seclabel) < 0)
491  ereport(ERROR,
492  (errcode(ERRCODE_INVALID_NAME),
493  errmsg("SELinux: invalid security label: \"%s\"", seclabel)));
494 
495  /*
496  * Do actual permission checks for each object classes
497  */
498  switch (object->classId)
499  {
500  case DatabaseRelationId:
501  sepgsql_database_relabel(object->objectId, seclabel);
502  break;
503 
504  case NamespaceRelationId:
505  sepgsql_schema_relabel(object->objectId, seclabel);
506  break;
507 
508  case RelationRelationId:
509  if (object->objectSubId == 0)
511  seclabel);
512  else
514  object->objectSubId,
515  seclabel);
516  break;
517 
518  case ProcedureRelationId:
519  sepgsql_proc_relabel(object->objectId, seclabel);
520  break;
521 
522  default:
523  ereport(ERROR,
524  (errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
525  errmsg("sepgsql provider does not support labels on %s",
526  getObjectTypeDescription(object, false))));
527  break;
528  }
529 }
void sepgsql_schema_relabel(Oid namespaceId, const char *seclabel)
Definition: schema.c:143
int errcode(int sqlerrcode)
Definition: elog.c:610
void sepgsql_database_relabel(Oid databaseId, const char *seclabel)
Definition: database.c:188
#define ERROR
Definition: elog.h:43
#define ereport(elevel,...)
Definition: elog.h:144
void sepgsql_relation_relabel(Oid relOid, const char *seclabel)
Definition: relation.c:565
char * getObjectTypeDescription(const ObjectAddress *object, bool missing_ok)
void sepgsql_attribute_relabel(Oid relOid, AttrNumber attnum, const char *seclabel)
Definition: relation.c:166
void sepgsql_proc_relabel(Oid functionId, const char *seclabel)
Definition: proc.c:199
int errmsg(const char *fmt,...)
Definition: elog.c:824

◆ sepgsql_proc_drop()

void sepgsql_proc_drop ( Oid  functionId)

Definition at line 156 of file proc.c.

References ObjectAddress::classId, get_func_namespace(), getObjectIdentity(), pfree(), SEPG_CLASS_DB_PROCEDURE, SEPG_CLASS_DB_SCHEMA, SEPG_DB_PROCEDURE__DROP, SEPG_DB_SCHEMA__REMOVE_NAME, and sepgsql_avc_check_perms().

Referenced by sepgsql_object_access().

157 {
158  ObjectAddress object;
159  char *audit_name;
160 
161  /*
162  * check db_schema:{remove_name} permission
163  */
164  object.classId = NamespaceRelationId;
165  object.objectId = get_func_namespace(functionId);
166  object.objectSubId = 0;
167  audit_name = getObjectIdentity(&object, false);
168 
169  sepgsql_avc_check_perms(&object,
172  audit_name,
173  true);
174  pfree(audit_name);
175 
176  /*
177  * check db_procedure:{drop} permission
178  */
179  object.classId = ProcedureRelationId;
180  object.objectId = functionId;
181  object.objectSubId = 0;
182  audit_name = getObjectIdentity(&object, false);
183 
184  sepgsql_avc_check_perms(&object,
187  audit_name,
188  true);
189  pfree(audit_name);
190 }
#define SEPG_DB_PROCEDURE__DROP
Definition: sepgsql.h:161
Oid get_func_namespace(Oid funcid)
Definition: lsyscache.c:1544
bool sepgsql_avc_check_perms(const ObjectAddress *tobject, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:419
#define SEPG_CLASS_DB_SCHEMA
Definition: sepgsql.h:45
void pfree(void *pointer)
Definition: mcxt.c:1057
char * getObjectIdentity(const ObjectAddress *object, bool missing_ok)
#define SEPG_CLASS_DB_PROCEDURE
Definition: sepgsql.h:48
#define SEPG_DB_SCHEMA__REMOVE_NAME
Definition: sepgsql.h:135

◆ sepgsql_proc_execute()

void sepgsql_proc_execute ( Oid  functionId)

Definition at line 316 of file proc.c.

References ObjectAddress::classId, getObjectIdentity(), pfree(), SEPG_CLASS_DB_PROCEDURE, SEPG_DB_PROCEDURE__EXECUTE, and sepgsql_avc_check_perms().

Referenced by sepgsql_object_access().

317 {
318  ObjectAddress object;
319  char *audit_name;
320 
321  /*
322  * check db_procedure:{execute} permission
323  */
324  object.classId = ProcedureRelationId;
325  object.objectId = functionId;
326  object.objectSubId = 0;
327  audit_name = getObjectIdentity(&object, false);
328  sepgsql_avc_check_perms(&object,
331  audit_name,
332  true);
333  pfree(audit_name);
334 }
#define SEPG_DB_PROCEDURE__EXECUTE
Definition: sepgsql.h:166
bool sepgsql_avc_check_perms(const ObjectAddress *tobject, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:419
void pfree(void *pointer)
Definition: mcxt.c:1057
char * getObjectIdentity(const ObjectAddress *object, bool missing_ok)
#define SEPG_CLASS_DB_PROCEDURE
Definition: sepgsql.h:48

◆ sepgsql_proc_post_create()

void sepgsql_proc_post_create ( Oid  functionId)

Definition at line 38 of file proc.c.

References AccessShareLock, appendStringInfo(), appendStringInfoChar(), appendStringInfoString(), BTEqualStrategyNumber, StringInfoData::data, elog, ERROR, get_namespace_name(), getObjectIdentity(), GETSTRUCT, HeapTupleIsValid, i, initStringInfo(), NameStr, ObjectIdGetDatum, pfree(), ProcedureOidIndexId, quote_qualified_identifier(), generate_unaccent_rules::required, ScanKeyInit(), SEPG_CLASS_DB_PROCEDURE, SEPG_CLASS_DB_SCHEMA, SEPG_DB_PROCEDURE__CREATE, SEPG_DB_PROCEDURE__INSTALL, SEPG_DB_SCHEMA__ADD_NAME, sepgsql_avc_check_perms(), sepgsql_avc_check_perms_label(), sepgsql_compute_create(), sepgsql_get_client_label(), sepgsql_get_label(), SEPGSQL_LABEL_TAG, SetSecurityLabel(), SnapshotSelf, systable_beginscan(), systable_endscan(), systable_getnext(), table_close(), and table_open().

Referenced by sepgsql_object_access().

39 {
40  Relation rel;
41  ScanKeyData skey;
42  SysScanDesc sscan;
43  HeapTuple tuple;
44  char *nsp_name;
45  char *scontext;
46  char *tcontext;
47  char *ncontext;
49  int i;
50  StringInfoData audit_name;
51  ObjectAddress object;
52  Form_pg_proc proForm;
53 
54  /*
55  * Fetch namespace of the new procedure. Because pg_proc entry is not
56  * visible right now, we need to scan the catalog using SnapshotSelf.
57  */
58  rel = table_open(ProcedureRelationId, AccessShareLock);
59 
60  ScanKeyInit(&skey,
61  Anum_pg_proc_oid,
62  BTEqualStrategyNumber, F_OIDEQ,
63  ObjectIdGetDatum(functionId));
64 
65  sscan = systable_beginscan(rel, ProcedureOidIndexId, true,
66  SnapshotSelf, 1, &skey);
67 
68  tuple = systable_getnext(sscan);
69  if (!HeapTupleIsValid(tuple))
70  elog(ERROR, "could not find tuple for function %u", functionId);
71 
72  proForm = (Form_pg_proc) GETSTRUCT(tuple);
73 
74  /*
75  * check db_schema:{add_name} permission of the namespace
76  */
77  object.classId = NamespaceRelationId;
78  object.objectId = proForm->pronamespace;
79  object.objectSubId = 0;
83  getObjectIdentity(&object, false),
84  true);
85 
86  /*
87  * XXX - db_language:{implement} also should be checked here
88  */
89 
90 
91  /*
92  * Compute a default security label when we create a new procedure object
93  * under the specified namespace.
94  */
95  scontext = sepgsql_get_client_label();
96  tcontext = sepgsql_get_label(NamespaceRelationId,
97  proForm->pronamespace, 0);
98  ncontext = sepgsql_compute_create(scontext, tcontext,
100  NameStr(proForm->proname));
101 
102  /*
103  * check db_procedure:{create (install)} permission
104  */
105  initStringInfo(&audit_name);
106  nsp_name = get_namespace_name(proForm->pronamespace);
107  appendStringInfo(&audit_name, "%s(",
108  quote_qualified_identifier(nsp_name, NameStr(proForm->proname)));
109  for (i = 0; i < proForm->pronargs; i++)
110  {
111  if (i > 0)
112  appendStringInfoChar(&audit_name, ',');
113 
114  object.classId = TypeRelationId;
115  object.objectId = proForm->proargtypes.values[i];
116  object.objectSubId = 0;
117  appendStringInfoString(&audit_name, getObjectIdentity(&object, false));
118  }
119  appendStringInfoChar(&audit_name, ')');
120 
121  required = SEPG_DB_PROCEDURE__CREATE;
122  if (proForm->proleakproof)
123  required |= SEPG_DB_PROCEDURE__INSTALL;
124 
127  required,
128  audit_name.data,
129  true);
130 
131  /*
132  * Assign the default security label on a new procedure
133  */
134  object.classId = ProcedureRelationId;
135  object.objectId = functionId;
136  object.objectSubId = 0;
137  SetSecurityLabel(&object, SEPGSQL_LABEL_TAG, ncontext);
138 
139  /*
140  * Cleanup
141  */
142  systable_endscan(sscan);
144 
145  pfree(audit_name.data);
146  pfree(tcontext);
147  pfree(ncontext);
148 }
bool sepgsql_avc_check_perms_label(const char *tcontext, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:337
#define ProcedureOidIndexId
Definition: indexing.h:221
void table_close(Relation relation, LOCKMODE lockmode)
Definition: table.c:167
void systable_endscan(SysScanDesc sysscan)
Definition: genam.c:569
#define GETSTRUCT(TUP)
Definition: htup_details.h:655
void SetSecurityLabel(const ObjectAddress *object, const char *provider, const char *label)
Definition: seclabel.c:401
char * sepgsql_get_label(Oid classId, Oid objectId, int32 subId)
Definition: label.c:446
bool sepgsql_avc_check_perms(const ObjectAddress *tobject, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:419
#define AccessShareLock
Definition: lockdefs.h:36
#define SEPG_CLASS_DB_SCHEMA
Definition: sepgsql.h:45
SysScanDesc systable_beginscan(Relation heapRelation, Oid indexId, bool indexOK, Snapshot snapshot, int nkeys, ScanKey key)
Definition: genam.c:357
HeapTuple systable_getnext(SysScanDesc sysscan)
Definition: genam.c:476
void pfree(void *pointer)
Definition: mcxt.c:1057
void appendStringInfo(StringInfo str, const char *fmt,...)
Definition: stringinfo.c:91
#define SEPG_DB_PROCEDURE__CREATE
Definition: sepgsql.h:160
#define ObjectIdGetDatum(X)
Definition: postgres.h:507
#define ERROR
Definition: elog.h:43
char * getObjectIdentity(const ObjectAddress *object, bool missing_ok)
void appendStringInfoString(StringInfo str, const char *s)
Definition: stringinfo.c:176
char * get_namespace_name(Oid nspid)
Definition: lsyscache.c:3191
#define SnapshotSelf
Definition: snapmgr.h:67
#define SEPG_CLASS_DB_PROCEDURE
Definition: sepgsql.h:48
#define SEPGSQL_LABEL_TAG
Definition: sepgsql.h:23
unsigned int uint32
Definition: c.h:374
void appendStringInfoChar(StringInfo str, char ch)
Definition: stringinfo.c:188
void initStringInfo(StringInfo str)
Definition: stringinfo.c:59
char * quote_qualified_identifier(const char *qualifier, const char *ident)
Definition: ruleutils.c:10790
#define SEPG_DB_SCHEMA__ADD_NAME
Definition: sepgsql.h:134
FormData_pg_proc * Form_pg_proc
Definition: pg_proc.h:133
#define HeapTupleIsValid(tuple)
Definition: htup.h:78
char * sepgsql_get_client_label(void)
Definition: label.c:81
char * sepgsql_compute_create(const char *scontext, const char *tcontext, uint16 tclass, const char *objname)
Definition: selinux.c:836
#define elog(elevel,...)
Definition: elog.h:214
int i
#define NameStr(name)
Definition: c.h:622
void ScanKeyInit(ScanKey entry, AttrNumber attributeNumber, StrategyNumber strategy, RegProcedure procedure, Datum argument)
Definition: scankey.c:76
Relation table_open(Oid relationId, LOCKMODE lockmode)
Definition: table.c:39
#define BTEqualStrategyNumber
Definition: stratnum.h:31
#define SEPG_DB_PROCEDURE__INSTALL
Definition: sepgsql.h:168

◆ sepgsql_proc_relabel()

void sepgsql_proc_relabel ( Oid  functionId,
const char *  seclabel 
)

Definition at line 199 of file proc.c.

References ObjectAddress::classId, getObjectIdentity(), pfree(), SEPG_CLASS_DB_PROCEDURE, SEPG_DB_PROCEDURE__RELABELFROM, SEPG_DB_PROCEDURE__RELABELTO, SEPG_DB_PROCEDURE__SETATTR, sepgsql_avc_check_perms(), and sepgsql_avc_check_perms_label().

Referenced by sepgsql_object_relabel().

200 {
201  ObjectAddress object;
202  char *audit_name;
203 
204  object.classId = ProcedureRelationId;
205  object.objectId = functionId;
206  object.objectSubId = 0;
207  audit_name = getObjectIdentity(&object, false);
208 
209  /*
210  * check db_procedure:{setattr relabelfrom} permission
211  */
212  sepgsql_avc_check_perms(&object,
216  audit_name,
217  true);
218 
219  /*
220  * check db_procedure:{relabelto} permission
221  */
225  audit_name,
226  true);
227  pfree(audit_name);
228 }
bool sepgsql_avc_check_perms_label(const char *tcontext, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:337
bool sepgsql_avc_check_perms(const ObjectAddress *tobject, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:419
void pfree(void *pointer)
Definition: mcxt.c:1057
char * getObjectIdentity(const ObjectAddress *object, bool missing_ok)
#define SEPG_DB_PROCEDURE__RELABELFROM
Definition: sepgsql.h:164
#define SEPG_CLASS_DB_PROCEDURE
Definition: sepgsql.h:48
#define SEPG_DB_PROCEDURE__RELABELTO
Definition: sepgsql.h:165
#define SEPG_DB_PROCEDURE__SETATTR
Definition: sepgsql.h:163

◆ sepgsql_proc_setattr()

void sepgsql_proc_setattr ( Oid  functionId)

Definition at line 236 of file proc.c.

References AccessShareLock, BTEqualStrategyNumber, elog, ERROR, getObjectIdentity(), GETSTRUCT, HeapTupleIsValid, NameStr, ObjectIdGetDatum, pfree(), ProcedureOidIndexId, PROCOID, ReleaseSysCache(), generate_unaccent_rules::required, ScanKeyInit(), SearchSysCache1(), SEPG_CLASS_DB_PROCEDURE, SEPG_DB_PROCEDURE__INSTALL, SEPG_DB_PROCEDURE__SETATTR, sepgsql_avc_check_perms(), sepgsql_schema_add_name(), sepgsql_schema_remove_name(), sepgsql_schema_rename(), SnapshotSelf, systable_beginscan(), systable_endscan(), systable_getnext(), table_close(), and table_open().

Referenced by sepgsql_object_access().

237 {
238  Relation rel;
239  ScanKeyData skey;
240  SysScanDesc sscan;
241  HeapTuple oldtup;
242  HeapTuple newtup;
243  Form_pg_proc oldform;
244  Form_pg_proc newform;
246  ObjectAddress object;
247  char *audit_name;
248 
249  /*
250  * Fetch newer catalog
251  */
252  rel = table_open(ProcedureRelationId, AccessShareLock);
253 
254  ScanKeyInit(&skey,
255  Anum_pg_proc_oid,
256  BTEqualStrategyNumber, F_OIDEQ,
257  ObjectIdGetDatum(functionId));
258 
259  sscan = systable_beginscan(rel, ProcedureOidIndexId, true,
260  SnapshotSelf, 1, &skey);
261  newtup = systable_getnext(sscan);
262  if (!HeapTupleIsValid(newtup))
263  elog(ERROR, "could not find tuple for function %u", functionId);
264  newform = (Form_pg_proc) GETSTRUCT(newtup);
265 
266  /*
267  * Fetch older catalog
268  */
269  oldtup = SearchSysCache1(PROCOID, ObjectIdGetDatum(functionId));
270  if (!HeapTupleIsValid(oldtup))
271  elog(ERROR, "cache lookup failed for function %u", functionId);
272  oldform = (Form_pg_proc) GETSTRUCT(oldtup);
273 
274  /*
275  * Does this ALTER command takes operation to namespace?
276  */
277  if (newform->pronamespace != oldform->pronamespace)
278  {
279  sepgsql_schema_remove_name(oldform->pronamespace);
280  sepgsql_schema_add_name(oldform->pronamespace);
281  }
282  if (strcmp(NameStr(newform->proname), NameStr(oldform->proname)) != 0)
283  sepgsql_schema_rename(oldform->pronamespace);
284 
285  /*
286  * check db_procedure:{setattr (install)} permission
287  */
288  required = SEPG_DB_PROCEDURE__SETATTR;
289  if (!oldform->proleakproof && newform->proleakproof)
290  required |= SEPG_DB_PROCEDURE__INSTALL;
291 
292  object.classId = ProcedureRelationId;
293  object.objectId = functionId;
294  object.objectSubId = 0;
295  audit_name = getObjectIdentity(&object, false);
296 
297  sepgsql_avc_check_perms(&object,
299  required,
300  audit_name,
301  true);
302  /* cleanups */
303  pfree(audit_name);
304 
305  ReleaseSysCache(oldtup);
306  systable_endscan(sscan);
308 }
#define ProcedureOidIndexId
Definition: indexing.h:221
void table_close(Relation relation, LOCKMODE lockmode)
Definition: table.c:167
void systable_endscan(SysScanDesc sysscan)
Definition: genam.c:569
#define GETSTRUCT(TUP)
Definition: htup_details.h:655
void sepgsql_schema_add_name(Oid namespaceId)
Definition: schema.c:218
bool sepgsql_avc_check_perms(const ObjectAddress *tobject, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:419
void sepgsql_schema_remove_name(Oid namespaceId)
Definition: schema.c:224
#define AccessShareLock
Definition: lockdefs.h:36
SysScanDesc systable_beginscan(Relation heapRelation, Oid indexId, bool indexOK, Snapshot snapshot, int nkeys, ScanKey key)
Definition: genam.c:357
HeapTuple systable_getnext(SysScanDesc sysscan)
Definition: genam.c:476
void pfree(void *pointer)
Definition: mcxt.c:1057
#define ObjectIdGetDatum(X)
Definition: postgres.h:507
#define ERROR
Definition: elog.h:43
char * getObjectIdentity(const ObjectAddress *object, bool missing_ok)
void sepgsql_schema_rename(Oid namespaceId)
Definition: schema.c:230
#define SnapshotSelf
Definition: snapmgr.h:67
#define SEPG_CLASS_DB_PROCEDURE
Definition: sepgsql.h:48
unsigned int uint32
Definition: c.h:374
HeapTuple SearchSysCache1(int cacheId, Datum key1)
Definition: syscache.c:1116
void ReleaseSysCache(HeapTuple tuple)
Definition: syscache.c:1164
FormData_pg_proc * Form_pg_proc
Definition: pg_proc.h:133
#define HeapTupleIsValid(tuple)
Definition: htup.h:78
#define elog(elevel,...)
Definition: elog.h:214
#define NameStr(name)
Definition: c.h:622
void ScanKeyInit(ScanKey entry, AttrNumber attributeNumber, StrategyNumber strategy, RegProcedure procedure, Datum argument)
Definition: scankey.c:76
Relation table_open(Oid relationId, LOCKMODE lockmode)
Definition: table.c:39
#define SEPG_DB_PROCEDURE__SETATTR
Definition: sepgsql.h:163
#define BTEqualStrategyNumber
Definition: stratnum.h:31
#define SEPG_DB_PROCEDURE__INSTALL
Definition: sepgsql.h:168

◆ sepgsql_relation_drop()

void sepgsql_relation_drop ( Oid  relOid)

Definition at line 417 of file relation.c.

References ATTNUM, get_rel_namespace(), get_rel_relkind(), getObjectIdentity(), GETSTRUCT, i, catclist::members, catclist::n_members, ObjectIdGetDatum, pfree(), ReleaseCatCacheList(), SearchSysCacheList1, SEPG_CLASS_DB_COLUMN, SEPG_CLASS_DB_SCHEMA, SEPG_CLASS_DB_SEQUENCE, SEPG_CLASS_DB_TABLE, SEPG_CLASS_DB_VIEW, SEPG_DB_COLUMN__DROP, SEPG_DB_SCHEMA__REMOVE_NAME, SEPG_DB_TABLE__DROP, sepgsql_avc_check_perms(), sepgsql_index_modify(), and catctup::tuple.

Referenced by sepgsql_object_access().

418 {
419  ObjectAddress object;
420  char *audit_name;
421  uint16_t tclass = 0;
422  char relkind = get_rel_relkind(relOid);
423 
424  switch (relkind)
425  {
426  case RELKIND_RELATION:
427  case RELKIND_PARTITIONED_TABLE:
428  tclass = SEPG_CLASS_DB_TABLE;
429  break;
430  case RELKIND_SEQUENCE:
431  tclass = SEPG_CLASS_DB_SEQUENCE;
432  break;
433  case RELKIND_VIEW:
434  tclass = SEPG_CLASS_DB_VIEW;
435  break;
436  case RELKIND_INDEX:
437  /* ignore indexes on toast tables */
438  if (get_rel_namespace(relOid) == PG_TOAST_NAMESPACE)
439  return;
440  /* other indexes are handled specially below; no need for tclass */
441  break;
442  default:
443  /* ignore other relkinds */
444  return;
445  }
446 
447  /*
448  * check db_schema:{remove_name} permission
449  */
450  object.classId = NamespaceRelationId;
451  object.objectId = get_rel_namespace(relOid);
452  object.objectSubId = 0;
453  audit_name = getObjectIdentity(&object, false);
454 
455  sepgsql_avc_check_perms(&object,
458  audit_name,
459  true);
460  pfree(audit_name);
461 
462  /* deal with indexes specially */
463  if (relkind == RELKIND_INDEX)
464  {
465  sepgsql_index_modify(relOid);
466  return;
467  }
468 
469  /*
470  * check db_table/sequence/view:{drop} permission
471  */
472  object.classId = RelationRelationId;
473  object.objectId = relOid;
474  object.objectSubId = 0;
475  audit_name = getObjectIdentity(&object, false);
476 
477  sepgsql_avc_check_perms(&object,
478  tclass,
480  audit_name,
481  true);
482  pfree(audit_name);
483 
484  /*
485  * check db_column:{drop} permission
486  */
487  if (relkind == RELKIND_RELATION || relkind == RELKIND_PARTITIONED_TABLE)
488  {
489  Form_pg_attribute attForm;
490  CatCList *attrList;
491  HeapTuple atttup;
492  int i;
493 
494  attrList = SearchSysCacheList1(ATTNUM, ObjectIdGetDatum(relOid));
495  for (i = 0; i < attrList->n_members; i++)
496  {
497  atttup = &attrList->members[i]->tuple;
498  attForm = (Form_pg_attribute) GETSTRUCT(atttup);
499 
500  if (attForm->attisdropped)
501  continue;
502 
503  object.classId = RelationRelationId;
504  object.objectId = relOid;
505  object.objectSubId = attForm->attnum;
506  audit_name = getObjectIdentity(&object, false);
507 
508  sepgsql_avc_check_perms(&object,
511  audit_name,
512  true);
513  pfree(audit_name);
514  }
515  ReleaseCatCacheList(attrList);
516  }
517 }
int n_members
Definition: catcache.h:176
#define GETSTRUCT(TUP)
Definition: htup_details.h:655
#define SEPG_CLASS_DB_COLUMN
Definition: sepgsql.h:49
char get_rel_relkind(Oid relid)
Definition: lsyscache.c:1915
bool sepgsql_avc_check_perms(const ObjectAddress *tobject, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:419
Oid get_rel_namespace(Oid relid)
Definition: lsyscache.c:1864
#define SEPG_CLASS_DB_SCHEMA
Definition: sepgsql.h:45
void ReleaseCatCacheList(CatCList *list)
Definition: catcache.c:1782
CatCTup * members[FLEXIBLE_ARRAY_MEMBER]
Definition: catcache.h:178
void pfree(void *pointer)
Definition: mcxt.c:1057
#define SEPG_CLASS_DB_SEQUENCE
Definition: sepgsql.h:47
#define ObjectIdGetDatum(X)
Definition: postgres.h:507
char * getObjectIdentity(const ObjectAddress *object, bool missing_ok)
#define SEPG_DB_TABLE__DROP
Definition: sepgsql.h:138
FormData_pg_attribute * Form_pg_attribute
Definition: pg_attribute.h:193
#define SearchSysCacheList1(cacheId, key1)
Definition: syscache.h:210
static void sepgsql_index_modify(Oid indexOid)
Definition: relation.c:763
#define SEPG_CLASS_DB_VIEW
Definition: sepgsql.h:53
#define SEPG_DB_COLUMN__DROP
Definition: sepgsql.h:171
#define SEPG_CLASS_DB_TABLE
Definition: sepgsql.h:46
int i
HeapTupleData tuple
Definition: catcache.h:121
#define SEPG_DB_SCHEMA__REMOVE_NAME
Definition: sepgsql.h:135

◆ sepgsql_relation_post_create()

void sepgsql_relation_post_create ( Oid  relOid)

Definition at line 241 of file relation.c.

References AccessShareLock, appendStringInfo(), AttributeRelidNumIndexId, BTEqualStrategyNumber, ClassOidIndexId, StringInfoData::data, elog, ERROR, get_namespace_name(), getObjectIdentity(), GETSTRUCT, HeapTupleIsValid, initStringInfo(), NameStr, ObjectIdGetDatum, pfree(), quote_identifier(), resetStringInfo(), ScanKeyInit(), SEPG_CLASS_DB_COLUMN, SEPG_CLASS_DB_SCHEMA, SEPG_CLASS_DB_SEQUENCE, SEPG_CLASS_DB_TABLE, SEPG_CLASS_DB_VIEW, SEPG_DB_COLUMN__CREATE, SEPG_DB_DATABASE__CREATE, SEPG_DB_SCHEMA__ADD_NAME, sepgsql_avc_check_perms(), sepgsql_avc_check_perms_label(), sepgsql_compute_create(), sepgsql_get_client_label(), sepgsql_get_label(), sepgsql_index_modify(), SEPGSQL_LABEL_TAG, SetSecurityLabel(), SnapshotSelf, systable_beginscan(), systable_endscan(), systable_getnext(), table_close(), and table_open().

Referenced by sepgsql_object_access().

242 {
243  Relation rel;
244  ScanKeyData skey;
245  SysScanDesc sscan;
246  HeapTuple tuple;
247  Form_pg_class classForm;
248  ObjectAddress object;
249  uint16_t tclass;
250  char *scontext; /* subject */
251  char *tcontext; /* schema */
252  char *rcontext; /* relation */
253  char *ccontext; /* column */
254  char *nsp_name;
255  StringInfoData audit_name;
256 
257  /*
258  * Fetch catalog record of the new relation. Because pg_class entry is not
259  * visible right now, we need to scan the catalog using SnapshotSelf.
260  */
261  rel = table_open(RelationRelationId, AccessShareLock);
262 
263  ScanKeyInit(&skey,
264  Anum_pg_class_oid,
265  BTEqualStrategyNumber, F_OIDEQ,
266  ObjectIdGetDatum(relOid));
267 
268  sscan = systable_beginscan(rel, ClassOidIndexId, true,
269  SnapshotSelf, 1, &skey);
270 
271  tuple = systable_getnext(sscan);
272  if (!HeapTupleIsValid(tuple))
273  elog(ERROR, "could not find tuple for relation %u", relOid);
274 
275  classForm = (Form_pg_class) GETSTRUCT(tuple);
276 
277  /* ignore indexes on toast tables */
278  if (classForm->relkind == RELKIND_INDEX &&
279  classForm->relnamespace == PG_TOAST_NAMESPACE)
280  goto out;
281 
282  /*
283  * check db_schema:{add_name} permission of the namespace
284  */
285  object.classId = NamespaceRelationId;
286  object.objectId = classForm->relnamespace;
287  object.objectSubId = 0;
288  sepgsql_avc_check_perms(&object,
291  getObjectIdentity(&object, false),
292  true);
293 
294  switch (classForm->relkind)
295  {
296  case RELKIND_RELATION:
297  case RELKIND_PARTITIONED_TABLE:
298  tclass = SEPG_CLASS_DB_TABLE;
299  break;
300  case RELKIND_SEQUENCE:
301  tclass = SEPG_CLASS_DB_SEQUENCE;
302  break;
303  case RELKIND_VIEW:
304  tclass = SEPG_CLASS_DB_VIEW;
305  break;
306  case RELKIND_INDEX:
307  /* deal with indexes specially; no need for tclass */
308  sepgsql_index_modify(relOid);
309  goto out;
310  default:
311  /* ignore other relkinds */
312  goto out;
313  }
314 
315  /*
316  * Compute a default security label when we create a new relation object
317  * under the specified namespace.
318  */
319  scontext = sepgsql_get_client_label();
320  tcontext = sepgsql_get_label(NamespaceRelationId,
321  classForm->relnamespace, 0);
322  rcontext = sepgsql_compute_create(scontext, tcontext, tclass,
323  NameStr(classForm->relname));
324 
325  /*
326  * check db_xxx:{create} permission
327  */
328  nsp_name = get_namespace_name(classForm->relnamespace);
329  initStringInfo(&audit_name);
330  appendStringInfo(&audit_name, "%s.%s",
331  quote_identifier(nsp_name),
332  quote_identifier(NameStr(classForm->relname)));
334  tclass,
336  audit_name.data,
337  true);
338 
339  /*
340  * Assign the default security label on the new regular or partitioned
341  * relation.
342  */
343  object.classId = RelationRelationId;
344  object.objectId = relOid;
345  object.objectSubId = 0;
346  SetSecurityLabel(&object, SEPGSQL_LABEL_TAG, rcontext);
347 
348  /*
349  * We also assign a default security label on columns of a new table.
350  */
351  if (classForm->relkind == RELKIND_RELATION ||
352  classForm->relkind == RELKIND_PARTITIONED_TABLE)
353  {
354  Relation arel;
355  ScanKeyData akey;
356  SysScanDesc ascan;
357  HeapTuple atup;
358  Form_pg_attribute attForm;
359 
360  arel = table_open(AttributeRelationId, AccessShareLock);
361 
362  ScanKeyInit(&akey,
363  Anum_pg_attribute_attrelid,
364  BTEqualStrategyNumber, F_OIDEQ,
365  ObjectIdGetDatum(relOid));
366 
367  ascan = systable_beginscan(arel, AttributeRelidNumIndexId, true,
368  SnapshotSelf, 1, &akey);
369 
370  while (HeapTupleIsValid(atup = systable_getnext(ascan)))
371  {
372  attForm = (Form_pg_attribute) GETSTRUCT(atup);
373 
374  resetStringInfo(&audit_name);
375  appendStringInfo(&audit_name, "%s.%s.%s",
376  quote_identifier(nsp_name),
377  quote_identifier(NameStr(classForm->relname)),
378  quote_identifier(NameStr(attForm->attname)));
379 
380  ccontext = sepgsql_compute_create(scontext,
381  rcontext,
383  NameStr(attForm->attname));
384 
385  /*
386  * check db_column:{create} permission
387  */
391  audit_name.data,
392  true);
393 
394  object.classId = RelationRelationId;
395  object.objectId = relOid;
396  object.objectSubId = attForm->attnum;
397  SetSecurityLabel(&object, SEPGSQL_LABEL_TAG, ccontext);
398 
399  pfree(ccontext);
400  }
401  systable_endscan(ascan);
403  }
404  pfree(rcontext);
405 
406 out:
407  systable_endscan(sscan);
409 }
#define AttributeRelidNumIndexId
Definition: indexing.h:107
bool sepgsql_avc_check_perms_label(const char *tcontext, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:337
void table_close(Relation relation, LOCKMODE lockmode)
Definition: table.c:167
void systable_endscan(SysScanDesc sysscan)
Definition: genam.c:569
#define GETSTRUCT(TUP)
Definition: htup_details.h:655
#define SEPG_CLASS_DB_COLUMN
Definition: sepgsql.h:49
void SetSecurityLabel(const ObjectAddress *object, const char *provider, const char *label)
Definition: seclabel.c:401
const char * quote_identifier(const char *ident)
Definition: ruleutils.c:10706
char * sepgsql_get_label(Oid classId, Oid objectId, int32 subId)
Definition: label.c:446
bool sepgsql_avc_check_perms(const ObjectAddress *tobject, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:419
#define AccessShareLock
Definition: lockdefs.h:36
#define SEPG_CLASS_DB_SCHEMA
Definition: sepgsql.h:45
SysScanDesc systable_beginscan(Relation heapRelation, Oid indexId, bool indexOK, Snapshot snapshot, int nkeys, ScanKey key)
Definition: genam.c:357
HeapTuple systable_getnext(SysScanDesc sysscan)
Definition: genam.c:476
#define SEPG_DB_DATABASE__CREATE
Definition: sepgsql.h:118
void pfree(void *pointer)
Definition: mcxt.c:1057
void appendStringInfo(StringInfo str, const char *fmt,...)
Definition: stringinfo.c:91
#define SEPG_CLASS_DB_SEQUENCE
Definition: sepgsql.h:47
#define ObjectIdGetDatum(X)
Definition: postgres.h:507
#define ERROR
Definition: elog.h:43
char * getObjectIdentity(const ObjectAddress *object, bool missing_ok)
char * get_namespace_name(Oid nspid)
Definition: lsyscache.c:3191
#define SnapshotSelf
Definition: snapmgr.h:67
#define SEPGSQL_LABEL_TAG
Definition: sepgsql.h:23
FormData_pg_attribute * Form_pg_attribute
Definition: pg_attribute.h:193
void resetStringInfo(StringInfo str)
Definition: stringinfo.c:75
#define ClassOidIndexId
Definition: indexing.h:125
static void sepgsql_index_modify(Oid indexOid)
Definition: relation.c:763
void initStringInfo(StringInfo str)
Definition: stringinfo.c:59
#define SEPG_CLASS_DB_VIEW
Definition: sepgsql.h:53
#define SEPG_DB_SCHEMA__ADD_NAME
Definition: sepgsql.h:134
#define SEPG_DB_COLUMN__CREATE
Definition: sepgsql.h:170
#define SEPG_CLASS_DB_TABLE
Definition: sepgsql.h:46
#define HeapTupleIsValid(tuple)
Definition: htup.h:78
char * sepgsql_get_client_label(void)
Definition: label.c:81
FormData_pg_class * Form_pg_class
Definition: pg_class.h:153
char * sepgsql_compute_create(const char *scontext, const char *tcontext, uint16 tclass, const char *objname)
Definition: selinux.c:836
#define elog(elevel,...)
Definition: elog.h:214
#define NameStr(name)
Definition: c.h:622
void ScanKeyInit(ScanKey entry, AttrNumber attributeNumber, StrategyNumber strategy, RegProcedure procedure, Datum argument)
Definition: scankey.c:76
Relation table_open(Oid relationId, LOCKMODE lockmode)
Definition: table.c:39
#define BTEqualStrategyNumber
Definition: stratnum.h:31

◆ sepgsql_relation_relabel()

void sepgsql_relation_relabel ( Oid  relOid,
const char *  seclabel 
)

Definition at line 565 of file relation.c.

References ereport, errcode(), errmsg(), ERROR, get_rel_relkind(), getObjectIdentity(), pfree(), SEPG_CLASS_DB_SEQUENCE, SEPG_CLASS_DB_TABLE, SEPG_CLASS_DB_VIEW, SEPG_DB_TABLE__RELABELFROM, SEPG_DB_TABLE__RELABELTO, SEPG_DB_TABLE__SETATTR, sepgsql_avc_check_perms(), and sepgsql_avc_check_perms_label().

Referenced by sepgsql_object_relabel().

566 {
567  ObjectAddress object;
568  char *audit_name;
569  char relkind = get_rel_relkind(relOid);
570  uint16_t tclass = 0;
571 
572  if (relkind == RELKIND_RELATION || relkind == RELKIND_PARTITIONED_TABLE)
573  tclass = SEPG_CLASS_DB_TABLE;
574  else if (relkind == RELKIND_SEQUENCE)
575  tclass = SEPG_CLASS_DB_SEQUENCE;
576  else if (relkind == RELKIND_VIEW)
577  tclass = SEPG_CLASS_DB_VIEW;
578  else
579  ereport(ERROR,
580  (errcode(ERRCODE_WRONG_OBJECT_TYPE),
581  errmsg("cannot set security labels on relations except "
582  "for tables, sequences or views")));
583 
584  object.classId = RelationRelationId;
585  object.objectId = relOid;
586  object.objectSubId = 0;
587  audit_name = getObjectIdentity(&object, false);
588 
589  /*
590  * check db_xxx:{setattr relabelfrom} permission
591  */
592  sepgsql_avc_check_perms(&object,
593  tclass,
596  audit_name,
597  true);
598 
599  /*
600  * check db_xxx:{relabelto} permission
601  */
603  tclass,
605  audit_name,
606  true);
607  pfree(audit_name);
608 }
bool sepgsql_avc_check_perms_label(const char *tcontext, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:337
char get_rel_relkind(Oid relid)
Definition: lsyscache.c:1915
bool sepgsql_avc_check_perms(const ObjectAddress *tobject, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:419
int errcode(int sqlerrcode)
Definition: elog.c:610
#define SEPG_DB_TABLE__SETATTR
Definition: sepgsql.h:140
void pfree(void *pointer)
Definition: mcxt.c:1057
#define SEPG_CLASS_DB_SEQUENCE
Definition: sepgsql.h:47
#define ERROR
Definition: elog.h:43
char * getObjectIdentity(const ObjectAddress *object, bool missing_ok)
#define SEPG_DB_TABLE__RELABELTO
Definition: sepgsql.h:142
#define SEPG_CLASS_DB_VIEW
Definition: sepgsql.h:53
#define SEPG_DB_TABLE__RELABELFROM
Definition: sepgsql.h:141
#define ereport(elevel,...)
Definition: elog.h:144
#define SEPG_CLASS_DB_TABLE
Definition: sepgsql.h:46
int errmsg(const char *fmt,...)
Definition: elog.c:824

◆ sepgsql_relation_setattr()

void sepgsql_relation_setattr ( Oid  relOid)

Definition at line 616 of file relation.c.

References AccessShareLock, BTEqualStrategyNumber, ClassOidIndexId, elog, ERROR, get_rel_relkind(), getObjectIdentity(), GETSTRUCT, HeapTupleIsValid, NameStr, ObjectIdGetDatum, pfree(), ReleaseSysCache(), RELOID, ScanKeyInit(), SearchSysCache1(), SEPG_CLASS_DB_SEQUENCE, SEPG_CLASS_DB_TABLE, SEPG_CLASS_DB_VIEW, SEPG_DB_TABLE__SETATTR, sepgsql_avc_check_perms(), sepgsql_index_modify(), sepgsql_schema_add_name(), sepgsql_schema_remove_name(), sepgsql_schema_rename(), SnapshotSelf, systable_beginscan(), systable_endscan(), systable_getnext(), table_close(), and table_open().

Referenced by sepgsql_object_access(), and sepgsql_relation_setattr_extra().

617 {
618  Relation rel;
619  ScanKeyData skey;
620  SysScanDesc sscan;
621  HeapTuple oldtup;
622  HeapTuple newtup;
623  Form_pg_class oldform;
624  Form_pg_class newform;
625  ObjectAddress object;
626  char *audit_name;
627  uint16_t tclass;
628 
629  switch (get_rel_relkind(relOid))
630  {
631  case RELKIND_RELATION:
632  case RELKIND_PARTITIONED_TABLE:
633  tclass = SEPG_CLASS_DB_TABLE;
634  break;
635  case RELKIND_SEQUENCE:
636  tclass = SEPG_CLASS_DB_SEQUENCE;
637  break;
638  case RELKIND_VIEW:
639  tclass = SEPG_CLASS_DB_VIEW;
640  break;
641  case RELKIND_INDEX:
642  /* deal with indexes specially */
643  sepgsql_index_modify(relOid);
644  return;
645  default:
646  /* other relkinds don't need additional work */
647  return;
648  }
649 
650  /*
651  * Fetch newer catalog
652  */
653  rel = table_open(RelationRelationId, AccessShareLock);
654 
655  ScanKeyInit(&skey,
656  Anum_pg_class_oid,
657  BTEqualStrategyNumber, F_OIDEQ,
658  ObjectIdGetDatum(relOid));
659 
660  sscan = systable_beginscan(rel, ClassOidIndexId, true,
661  SnapshotSelf, 1, &skey);
662 
663  newtup = systable_getnext(sscan);
664  if (!HeapTupleIsValid(newtup))
665  elog(ERROR, "could not find tuple for relation %u", relOid);
666  newform = (Form_pg_class) GETSTRUCT(newtup);
667 
668  /*
669  * Fetch older catalog
670  */
671  oldtup = SearchSysCache1(RELOID, ObjectIdGetDatum(relOid));
672  if (!HeapTupleIsValid(oldtup))
673  elog(ERROR, "cache lookup failed for relation %u", relOid);
674  oldform = (Form_pg_class) GETSTRUCT(oldtup);
675 
676  /*
677  * Does this ALTER command takes operation to namespace?
678  */
679  if (newform->relnamespace != oldform->relnamespace)
680  {
681  sepgsql_schema_remove_name(oldform->relnamespace);
682  sepgsql_schema_add_name(newform->relnamespace);
683  }
684  if (strcmp(NameStr(newform->relname), NameStr(oldform->relname)) != 0)
685  sepgsql_schema_rename(oldform->relnamespace);
686 
687  /*
688  * XXX - In the future version, db_tuple:{use} of system catalog entry
689  * shall be checked, if tablespace configuration is changed.
690  */
691 
692  /*
693  * check db_xxx:{setattr} permission
694  */
695  object.classId = RelationRelationId;
696  object.objectId = relOid;
697  object.objectSubId = 0;
698  audit_name = getObjectIdentity(&object, false);
699 
700  sepgsql_avc_check_perms(&object,
701  tclass,
703  audit_name,
704  true);
705  pfree(audit_name);
706 
707  ReleaseSysCache(oldtup);
708  systable_endscan(sscan);
710 }
void table_close(Relation relation, LOCKMODE lockmode)
Definition: table.c:167
void systable_endscan(SysScanDesc sysscan)
Definition: genam.c:569
#define GETSTRUCT(TUP)
Definition: htup_details.h:655
char get_rel_relkind(Oid relid)
Definition: lsyscache.c:1915
void sepgsql_schema_add_name(Oid namespaceId)
Definition: schema.c:218
bool sepgsql_avc_check_perms(const ObjectAddress *tobject, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:419
void sepgsql_schema_remove_name(Oid namespaceId)
Definition: schema.c:224
#define AccessShareLock
Definition: lockdefs.h:36
SysScanDesc systable_beginscan(Relation heapRelation, Oid indexId, bool indexOK, Snapshot snapshot, int nkeys, ScanKey key)
Definition: genam.c:357
#define SEPG_DB_TABLE__SETATTR
Definition: sepgsql.h:140
HeapTuple systable_getnext(SysScanDesc sysscan)
Definition: genam.c:476
void pfree(void *pointer)
Definition: mcxt.c:1057
#define SEPG_CLASS_DB_SEQUENCE
Definition: sepgsql.h:47
#define ObjectIdGetDatum(X)
Definition: postgres.h:507
#define ERROR
Definition: elog.h:43
char * getObjectIdentity(const ObjectAddress *object, bool missing_ok)
void sepgsql_schema_rename(Oid namespaceId)
Definition: schema.c:230
#define SnapshotSelf
Definition: snapmgr.h:67
#define ClassOidIndexId
Definition: indexing.h:125
static void sepgsql_index_modify(Oid indexOid)
Definition: relation.c:763
#define SEPG_CLASS_DB_VIEW
Definition: sepgsql.h:53
HeapTuple SearchSysCache1(int cacheId, Datum key1)
Definition: syscache.c:1116
void ReleaseSysCache(HeapTuple tuple)
Definition: syscache.c:1164
#define SEPG_CLASS_DB_TABLE
Definition: sepgsql.h:46
#define HeapTupleIsValid(tuple)
Definition: htup.h:78
FormData_pg_class * Form_pg_class
Definition: pg_class.h:153
#define elog(elevel,...)
Definition: elog.h:214
#define NameStr(name)
Definition: c.h:622
void ScanKeyInit(ScanKey entry, AttrNumber attributeNumber, StrategyNumber strategy, RegProcedure procedure, Datum argument)
Definition: scankey.c:76
Relation table_open(Oid relationId, LOCKMODE lockmode)
Definition: table.c:39
#define BTEqualStrategyNumber
Definition: stratnum.h:31

◆ sepgsql_relation_truncate()

void sepgsql_relation_truncate ( Oid  relOid)

Definition at line 525 of file relation.c.

References get_rel_relkind(), getObjectIdentity(), pfree(), SEPG_CLASS_DB_TABLE, SEPG_DB_TABLE__TRUNCATE, and sepgsql_avc_check_perms().

Referenced by sepgsql_object_access().

526 {
527  ObjectAddress object;
528  char *audit_name;
529  uint16_t tclass = 0;
530  char relkind = get_rel_relkind(relOid);
531 
532  switch (relkind)
533  {
534  case RELKIND_RELATION:
535  case RELKIND_PARTITIONED_TABLE:
536  tclass = SEPG_CLASS_DB_TABLE;
537  break;
538  default:
539  /* ignore other relkinds */
540  return;
541  }
542 
543  /*
544  * check db_table:{truncate} permission
545  */
546  object.classId = RelationRelationId;
547  object.objectId = relOid;
548  object.objectSubId = 0;
549  audit_name = getObjectIdentity(&object, false);
550 
551  sepgsql_avc_check_perms(&object,
552  tclass,
554  audit_name,
555  true);
556  pfree(audit_name);
557 }
#define SEPG_DB_TABLE__TRUNCATE
Definition: sepgsql.h:148
char get_rel_relkind(Oid relid)
Definition: lsyscache.c:1915
bool sepgsql_avc_check_perms(const ObjectAddress *tobject, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:419
void pfree(void *pointer)
Definition: mcxt.c:1057
char * getObjectIdentity(const ObjectAddress *object, bool missing_ok)
#define SEPG_CLASS_DB_TABLE
Definition: sepgsql.h:46

◆ sepgsql_schema_add_name()

void sepgsql_schema_add_name ( Oid  namespaceId)

Definition at line 218 of file schema.c.

References check_schema_perms(), and SEPG_DB_SCHEMA__ADD_NAME.

Referenced by sepgsql_proc_setattr(), and sepgsql_relation_setattr().

219 {
220  check_schema_perms(namespaceId, SEPG_DB_SCHEMA__ADD_NAME, true);
221 }
static bool check_schema_perms(Oid namespaceId, uint32 required, bool abort_on_violation)
Definition: schema.c:180
#define SEPG_DB_SCHEMA__ADD_NAME
Definition: sepgsql.h:134

◆ sepgsql_schema_drop()

void sepgsql_schema_drop ( Oid  namespaceId)

Definition at line 115 of file schema.c.

References ObjectAddress::classId, getObjectIdentity(), pfree(), SEPG_CLASS_DB_SCHEMA, SEPG_DB_SCHEMA__DROP, and sepgsql_avc_check_perms().

Referenced by sepgsql_object_access().

116 {
117  ObjectAddress object;
118  char *audit_name;
119 
120  /*
121  * check db_schema:{drop} permission
122  */
123  object.classId = NamespaceRelationId;
124  object.objectId = namespaceId;
125  object.objectSubId = 0;
126  audit_name = getObjectIdentity(&object, false);
127 
128  sepgsql_avc_check_perms(&object,
131  audit_name,
132  true);
133  pfree(audit_name);
134 }
#define SEPG_DB_SCHEMA__DROP
Definition: sepgsql.h:128
bool sepgsql_avc_check_perms(const ObjectAddress *tobject, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:419
#define SEPG_CLASS_DB_SCHEMA
Definition: sepgsql.h:45
void pfree(void *pointer)
Definition: mcxt.c:1057
char * getObjectIdentity(const ObjectAddress *object, bool missing_ok)

◆ sepgsql_schema_post_create()

void sepgsql_schema_post_create ( Oid  namespaceId)

Definition at line 37 of file schema.c.

References AccessShareLock, appendStringInfo(), BTEqualStrategyNumber, StringInfoData::data, elog, ERROR, GETSTRUCT, HeapTupleIsValid, initStringInfo(), MyDatabaseId, NamespaceOidIndexId, NameStr, ObjectIdGetDatum, pfree(), quote_identifier(), ScanKeyInit(), SEPG_CLASS_DB_SCHEMA, SEPG_DB_SCHEMA__CREATE, sepgsql_avc_check_perms_label(), sepgsql_compute_create(), sepgsql_get_client_label(), sepgsql_get_label(), SEPGSQL_LABEL_TAG, SetSecurityLabel(), SnapshotSelf, systable_beginscan(), systable_endscan(), systable_getnext(), table_close(), and table_open().

Referenced by sepgsql_object_access().

38 {
39  Relation rel;
40  ScanKeyData skey;
41  SysScanDesc sscan;
42  HeapTuple tuple;
43  char *tcontext;
44  char *ncontext;
45  const char *nsp_name;
46  ObjectAddress object;
47  Form_pg_namespace nspForm;
48  StringInfoData audit_name;
49 
50  /*
51  * Compute a default security label when we create a new schema object
52  * under the working database.
53  *
54  * XXX - upcoming version of libselinux supports to take object name to
55  * handle special treatment on default security label; such as special
56  * label on "pg_temp" schema.
57  */
58  rel = table_open(NamespaceRelationId, AccessShareLock);
59 
60  ScanKeyInit(&skey,
61  Anum_pg_namespace_oid,
62  BTEqualStrategyNumber, F_OIDEQ,
63  ObjectIdGetDatum(namespaceId));
64 
65  sscan = systable_beginscan(rel, NamespaceOidIndexId, true,
66  SnapshotSelf, 1, &skey);
67  tuple = systable_getnext(sscan);
68  if (!HeapTupleIsValid(tuple))
69  elog(ERROR, "could not find tuple for namespace %u", namespaceId);
70 
71  nspForm = (Form_pg_namespace) GETSTRUCT(tuple);
72  nsp_name = NameStr(nspForm->nspname);
73  if (strncmp(nsp_name, "pg_temp_", 8) == 0)
74  nsp_name = "pg_temp";
75  else if (strncmp(nsp_name, "pg_toast_temp_", 14) == 0)
76  nsp_name = "pg_toast_temp";
77 
78  tcontext = sepgsql_get_label(DatabaseRelationId, MyDatabaseId, 0);
80  tcontext,
82  nsp_name);
83 
84  /*
85  * check db_schema:{create}
86  */
87  initStringInfo(&audit_name);
88  appendStringInfo(&audit_name, "%s", quote_identifier(nsp_name));
92  audit_name.data,
93  true);
94  systable_endscan(sscan);
96 
97  /*
98  * Assign the default security label on a new procedure
99  */
100  object.classId = NamespaceRelationId;
101  object.objectId = namespaceId;
102  object.objectSubId = 0;
103  SetSecurityLabel(&object, SEPGSQL_LABEL_TAG, ncontext);
104 
105  pfree(ncontext);
106  pfree(tcontext);
107 }
bool sepgsql_avc_check_perms_label(const char *tcontext, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:337
#define NamespaceOidIndexId
Definition: indexing.h:203
void table_close(Relation relation, LOCKMODE lockmode)
Definition: table.c:167
void systable_endscan(SysScanDesc sysscan)
Definition: genam.c:569
#define GETSTRUCT(TUP)
Definition: htup_details.h:655
FormData_pg_namespace * Form_pg_namespace
Definition: pg_namespace.h:52
void SetSecurityLabel(const ObjectAddress *object, const char *provider, const char *label)
Definition: seclabel.c:401
const char * quote_identifier(const char *ident)
Definition: ruleutils.c:10706
char * sepgsql_get_label(Oid classId, Oid objectId, int32 subId)
Definition: label.c:446
#define AccessShareLock
Definition: lockdefs.h:36
#define SEPG_CLASS_DB_SCHEMA
Definition: sepgsql.h:45
SysScanDesc systable_beginscan(Relation heapRelation, Oid indexId, bool indexOK, Snapshot snapshot, int nkeys, ScanKey key)
Definition: genam.c:357
HeapTuple systable_getnext(SysScanDesc sysscan)
Definition: genam.c:476
void pfree(void *pointer)
Definition: mcxt.c:1057
void appendStringInfo(StringInfo str, const char *fmt,...)
Definition: stringinfo.c:91
#define ObjectIdGetDatum(X)
Definition: postgres.h:507
#define ERROR
Definition: elog.h:43
#define SnapshotSelf
Definition: snapmgr.h:67
#define SEPGSQL_LABEL_TAG
Definition: sepgsql.h:23
void initStringInfo(StringInfo str)
Definition: stringinfo.c:59
Oid MyDatabaseId
Definition: globals.c:85
#define HeapTupleIsValid(tuple)
Definition: htup.h:78
#define SEPG_DB_SCHEMA__CREATE
Definition: sepgsql.h:127
char * sepgsql_get_client_label(void)
Definition: label.c:81
char * sepgsql_compute_create(const char *scontext, const char *tcontext, uint16 tclass, const char *objname)
Definition: selinux.c:836
#define elog(elevel,...)
Definition: elog.h:214
#define NameStr(name)
Definition: c.h:622
void ScanKeyInit(ScanKey entry, AttrNumber attributeNumber, StrategyNumber strategy, RegProcedure procedure, Datum argument)
Definition: scankey.c:76
Relation table_open(Oid relationId, LOCKMODE lockmode)
Definition: table.c:39
#define BTEqualStrategyNumber
Definition: stratnum.h:31

◆ sepgsql_schema_relabel()

void sepgsql_schema_relabel ( Oid  namespaceId,
const char *  seclabel 
)

Definition at line 143 of file schema.c.

References ObjectAddress::classId, getObjectIdentity(), pfree(), SEPG_CLASS_DB_SCHEMA, SEPG_DB_SCHEMA__RELABELFROM, SEPG_DB_SCHEMA__RELABELTO, SEPG_DB_SCHEMA__SETATTR, sepgsql_avc_check_perms(), and sepgsql_avc_check_perms_label().

Referenced by sepgsql_object_relabel().

144 {
145  ObjectAddress object;
146  char *audit_name;
147 
148  object.classId = NamespaceRelationId;
149  object.objectId = namespaceId;
150  object.objectSubId = 0;
151  audit_name = getObjectIdentity(&object, false);
152 
153  /*
154  * check db_schema:{setattr relabelfrom} permission
155  */
156  sepgsql_avc_check_perms(&object,
160  audit_name,
161  true);
162 
163  /*
164  * check db_schema:{relabelto} permission
165  */
169  audit_name,
170  true);
171  pfree(audit_name);
172 }
bool sepgsql_avc_check_perms_label(const char *tcontext, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:337
bool sepgsql_avc_check_perms(const ObjectAddress *tobject, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:419
#define SEPG_CLASS_DB_SCHEMA
Definition: sepgsql.h:45
#define SEPG_DB_SCHEMA__RELABELFROM
Definition: sepgsql.h:131
void pfree(void *pointer)
Definition: mcxt.c:1057
char * getObjectIdentity(const ObjectAddress *object, bool missing_ok)
#define SEPG_DB_SCHEMA__SETATTR
Definition: sepgsql.h:130
#define SEPG_DB_SCHEMA__RELABELTO
Definition: sepgsql.h:132

◆ sepgsql_schema_remove_name()

void sepgsql_schema_remove_name ( Oid  namespaceId)

Definition at line 224 of file schema.c.

References check_schema_perms(), and SEPG_DB_SCHEMA__REMOVE_NAME.

Referenced by sepgsql_proc_setattr(), and sepgsql_relation_setattr().

225 {
227 }
static bool check_schema_perms(Oid namespaceId, uint32 required, bool abort_on_violation)
Definition: schema.c:180
#define SEPG_DB_SCHEMA__REMOVE_NAME
Definition: sepgsql.h:135

◆ sepgsql_schema_rename()

void sepgsql_schema_rename ( Oid  namespaceId)

Definition at line 230 of file schema.c.

References check_schema_perms(), SEPG_DB_SCHEMA__ADD_NAME, and SEPG_DB_SCHEMA__REMOVE_NAME.

Referenced by sepgsql_proc_setattr(), and sepgsql_relation_setattr().

231 {
232  check_schema_perms(namespaceId,
235  true);
236 }
static bool check_schema_perms(Oid namespaceId, uint32 required, bool abort_on_violation)
Definition: schema.c:180
#define SEPG_DB_SCHEMA__ADD_NAME
Definition: sepgsql.h:134
#define SEPG_DB_SCHEMA__REMOVE_NAME
Definition: sepgsql.h:135

◆ sepgsql_schema_search()

bool sepgsql_schema_search ( Oid  namespaceId,
bool  abort_on_violation 
)

Definition at line 210 of file schema.c.

References check_schema_perms(), and SEPG_DB_SCHEMA__SEARCH.

Referenced by sepgsql_object_access().

211 {
212  return check_schema_perms(namespaceId,
214  abort_on_violation);
215 }
static bool check_schema_perms(Oid namespaceId, uint32 required, bool abort_on_violation)
Definition: schema.c:180
#define SEPG_DB_SCHEMA__SEARCH
Definition: sepgsql.h:133

◆ sepgsql_schema_setattr()

void sepgsql_schema_setattr ( Oid  namespaceId)

Definition at line 203 of file schema.c.

References check_schema_perms(), and SEPG_DB_SCHEMA__SETATTR.

Referenced by sepgsql_object_access().

204 {
205  check_schema_perms(namespaceId, SEPG_DB_SCHEMA__SETATTR, true);
206 }
static bool check_schema_perms(Oid namespaceId, uint32 required, bool abort_on_violation)
Definition: schema.c:180
#define SEPG_DB_SCHEMA__SETATTR
Definition: sepgsql.h:130

◆ sepgsql_set_mode()

int sepgsql_set_mode ( int  new_mode)

Definition at line 634 of file selinux.c.

References sepgsql_mode.

Referenced by _PG_init(), and sepgsql_client_auth().

635 {
636  int old_mode = sepgsql_mode;
637 
638  sepgsql_mode = new_mode;
639 
640  return old_mode;
641 }
static int sepgsql_mode
Definition: selinux.c:610