PostgreSQL Source Code  git master
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros
uavc.c File Reference
#include "postgres.h"
#include "access/hash.h"
#include "catalog/pg_proc.h"
#include "commands/seclabel.h"
#include "storage/ipc.h"
#include "utils/guc.h"
#include "utils/memutils.h"
#include "sepgsql.h"
Include dependency graph for uavc.c:

Go to the source code of this file.

Data Structures

struct  avc_cache
 

Macros

#define AVC_NUM_SLOTS   512
 
#define AVC_NUM_RECLAIM   16
 
#define AVC_DEF_THRESHOLD   384
 

Functions

static uint32 sepgsql_avc_hash (const char *scontext, const char *tcontext, uint16 tclass)
 
static void sepgsql_avc_reset (void)
 
static void sepgsql_avc_reclaim (void)
 
static bool sepgsql_avc_check_valid (void)
 
static char * sepgsql_avc_unlabeled (void)
 
static avc_cachesepgsql_avc_compute (const char *scontext, const char *tcontext, uint16 tclass)
 
static avc_cachesepgsql_avc_lookup (const char *scontext, const char *tcontext, uint16 tclass)
 
bool sepgsql_avc_check_perms_label (const char *tcontext, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
 
bool sepgsql_avc_check_perms (const ObjectAddress *tobject, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
 
char * sepgsql_avc_trusted_proc (Oid functionId)
 
static void sepgsql_avc_exit (int code, Datum arg)
 
void sepgsql_avc_init (void)
 

Variables

static MemoryContext avc_mem_cxt
 
static Listavc_slots [AVC_NUM_SLOTS]
 
static int avc_num_caches
 
static int avc_lru_hint
 
static int avc_threshold
 
static char * avc_unlabeled
 

Macro Definition Documentation

#define AVC_DEF_THRESHOLD   384

Definition at line 55 of file uavc.c.

Referenced by sepgsql_avc_init().

#define AVC_NUM_RECLAIM   16

Definition at line 54 of file uavc.c.

Referenced by sepgsql_avc_reclaim().

#define AVC_NUM_SLOTS   512

Function Documentation

bool sepgsql_avc_check_perms ( const ObjectAddress tobject,
uint16  tclass,
uint32  required,
const char *  audit_name,
bool  abort_on_violation 
)

Definition at line 428 of file uavc.c.

References GetSecurityLabel(), pfree(), sepgsql_avc_check_perms_label(), and SEPGSQL_LABEL_TAG.

Referenced by check_relation_privileges(), check_schema_perms(), sepgsql_attribute_drop(), sepgsql_attribute_relabel(), sepgsql_attribute_setattr(), sepgsql_database_drop(), sepgsql_database_relabel(), sepgsql_database_setattr(), sepgsql_fmgr_hook(), sepgsql_needs_fmgr_hook(), sepgsql_proc_drop(), sepgsql_proc_execute(), sepgsql_proc_post_create(), sepgsql_proc_relabel(), sepgsql_proc_setattr(), sepgsql_relation_drop(), sepgsql_relation_post_create(), sepgsql_relation_relabel(), sepgsql_relation_setattr(), sepgsql_schema_drop(), and sepgsql_schema_relabel().

432 {
433  char *tcontext = GetSecurityLabel(tobject, SEPGSQL_LABEL_TAG);
434  bool rc;
435 
436  rc = sepgsql_avc_check_perms_label(tcontext,
437  tclass, required,
438  audit_name, abort_on_violation);
439  if (tcontext)
440  pfree(tcontext);
441 
442  return rc;
443 }
void pfree(void *pointer)
Definition: mcxt.c:950
char * GetSecurityLabel(const ObjectAddress *object, const char *provider)
Definition: seclabel.c:195
#define SEPGSQL_LABEL_TAG
Definition: sepgsql.h:23
bool sepgsql_avc_check_perms_label(const char *tcontext, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
Definition: uavc.c:346
bool sepgsql_avc_check_perms_label ( const char *  tcontext,
uint16  tclass,
uint32  required,
const char *  audit_name,
bool  abort_on_violation 
)

Definition at line 346 of file uavc.c.

References avc_cache::allowed, avc_cache::auditallow, avc_cache::auditdeny, ereport, errcode(), errmsg(), ERROR, avc_cache::permissive, result, avc_cache::scontext, sepgsql_audit_log(), sepgsql_avc_check_valid(), sepgsql_avc_lookup(), SEPGSQL_AVC_NOAUDIT, sepgsql_avc_unlabeled(), sepgsql_get_client_label(), sepgsql_get_debug_audit(), sepgsql_get_mode(), sepgsql_getenforce(), SEPGSQL_MODE_INTERNAL, avc_cache::tclass, avc_cache::tcontext, and avc_cache::tcontext_is_valid.

Referenced by sepgsql_attribute_post_create(), sepgsql_attribute_relabel(), sepgsql_avc_check_perms(), sepgsql_database_post_create(), sepgsql_database_relabel(), sepgsql_fmgr_hook(), sepgsql_proc_post_create(), sepgsql_proc_relabel(), sepgsql_relation_post_create(), sepgsql_relation_relabel(), sepgsql_schema_post_create(), sepgsql_schema_relabel(), and sepgsql_set_client_label().

350 {
351  char *scontext = sepgsql_get_client_label();
352  avc_cache *cache;
353  uint32 denied;
354  uint32 audited;
355  bool result;
356 
358  do
359  {
360  result = true;
361 
362  /*
363  * If the target object is unlabeled, we perform the check using the
364  * label supplied by sepgsql_avc_unlabeled().
365  */
366  if (tcontext)
367  cache = sepgsql_avc_lookup(scontext, tcontext, tclass);
368  else
369  cache = sepgsql_avc_lookup(scontext,
370  sepgsql_avc_unlabeled(), tclass);
371 
372  denied = required & ~cache->allowed;
373 
374  /*
375  * Compute permissions to be audited
376  */
378  audited = (denied ? (denied & ~0) : (required & ~0));
379  else
380  audited = denied ? (denied & cache->auditdeny)
381  : (required & cache->auditallow);
382 
383  if (denied)
384  {
385  /*
386  * In permissive mode or permissive domain, violated permissions
387  * shall be audited to the log files at once, and then implicitly
388  * allowed to avoid a flood of access denied logs, because the
389  * purpose of permissive mode/domain is to collect a violation log
390  * that will make it possible to fix up the security policy.
391  */
392  if (!sepgsql_getenforce() || cache->permissive)
393  cache->allowed |= required;
394  else
395  result = false;
396  }
397  } while (!sepgsql_avc_check_valid());
398 
399  /*
400  * In the case when we have something auditable actions here,
401  * sepgsql_audit_log shall be called with text representation of security
402  * labels for both of subject and object. It records this access
403  * violation, so DBA will be able to find out unexpected security problems
404  * later.
405  */
406  if (audited != 0 &&
407  audit_name != SEPGSQL_AVC_NOAUDIT &&
409  {
410  sepgsql_audit_log(denied != 0,
411  cache->scontext,
412  cache->tcontext_is_valid ?
413  cache->tcontext : sepgsql_avc_unlabeled(),
414  cache->tclass,
415  audited,
416  audit_name);
417  }
418 
419  if (abort_on_violation && !result)
420  ereport(ERROR,
421  (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
422  errmsg("SELinux: security policy violation")));
423 
424  return result;
425 }
#define SEPGSQL_MODE_INTERNAL
Definition: sepgsql.h:30
bool permissive
Definition: uavc.c:42
Definition: uavc.c:31
int errcode(int sqlerrcode)
Definition: elog.c:575
bool sepgsql_getenforce(void)
Definition: selinux.c:648
static char * sepgsql_avc_unlabeled(void)
Definition: uavc.c:176
return result
Definition: formatting.c:1633
uint32 allowed
Definition: uavc.c:38
uint32 auditallow
Definition: uavc.c:39
static avc_cache * sepgsql_avc_lookup(const char *scontext, const char *tcontext, uint16 tclass)
Definition: uavc.c:306
#define SEPGSQL_AVC_NOAUDIT
Definition: sepgsql.h:255
uint16 tclass
Definition: uavc.c:36
int sepgsql_get_mode(void)
Definition: selinux.c:622
bool tcontext_is_valid
Definition: uavc.c:44
#define ERROR
Definition: elog.h:43
void sepgsql_audit_log(bool denied, const char *scontext, const char *tcontext, uint16 tclass, uint32 audited, const char *audit_name)
Definition: selinux.c:677
char * tcontext
Definition: uavc.c:35
bool sepgsql_get_debug_audit(void)
Definition: hooks.c:76
char * scontext
Definition: uavc.c:34
unsigned int uint32
Definition: c.h:268
#define ereport(elevel, rest)
Definition: elog.h:122
char * sepgsql_get_client_label(void)
Definition: label.c:91
static bool sepgsql_avc_check_valid(void)
Definition: uavc.c:158
uint32 auditdeny
Definition: uavc.c:40
int errmsg(const char *fmt,...)
Definition: elog.c:797
static bool sepgsql_avc_check_valid ( void  )
static

Definition at line 158 of file uavc.c.

References sepgsql_avc_reset().

Referenced by sepgsql_avc_check_perms_label(), and sepgsql_avc_trusted_proc().

159 {
160  if (selinux_status_updated() > 0)
161  {
163 
164  return false;
165  }
166  return true;
167 }
static void sepgsql_avc_reset(void)
Definition: uavc.c:79
static avc_cache* sepgsql_avc_compute ( const char *  scontext,
const char *  tcontext,
uint16  tclass 
)
static

Definition at line 209 of file uavc.c.

References avc_cache::allowed, avc_cache::auditallow, avc_cache::auditdeny, avc_num_caches, AVC_NUM_SLOTS, avc_threshold, avc_cache::hash, hash(), avc_cache::hot_cache, lcons(), MemoryContextSwitchTo(), avc_cache::ncontext, NULL, palloc0(), avc_cache::permissive, pfree(), pstrdup(), avc_cache::scontext, SEPG_CLASS_DB_PROCEDURE, SEPG_CLASS_PROCESS, sepgsql_avc_hash(), sepgsql_avc_reclaim(), sepgsql_avc_unlabeled(), sepgsql_compute_avd(), sepgsql_compute_create(), avc_cache::tclass, avc_cache::tcontext, and avc_cache::tcontext_is_valid.

Referenced by sepgsql_avc_lookup().

210 {
211  char *ucontext = NULL;
212  char *ncontext = NULL;
213  MemoryContext oldctx;
214  avc_cache *cache;
215  uint32 hash;
216  int index;
217  struct av_decision avd;
218 
219  hash = sepgsql_avc_hash(scontext, tcontext, tclass);
220  index = hash % AVC_NUM_SLOTS;
221 
222  /*
223  * Validation check of the supplied security context. Because it always
224  * invoke system-call, frequent check should be avoided. Unless security
225  * policy is reloaded, validation status shall be kept, so we also cache
226  * whether the supplied security context was valid, or not.
227  */
228  if (security_check_context_raw((security_context_t) tcontext) != 0)
229  ucontext = sepgsql_avc_unlabeled();
230 
231  /*
232  * Ask SELinux its access control decision
233  */
234  if (!ucontext)
235  sepgsql_compute_avd(scontext, tcontext, tclass, &avd);
236  else
237  sepgsql_compute_avd(scontext, ucontext, tclass, &avd);
238 
239  /*
240  * It also caches a security label to be switched when a client labeled as
241  * 'scontext' executes a procedure labeled as 'tcontext', not only access
242  * control decision on the procedure. The security label to be switched
243  * shall be computed uniquely on a pair of 'scontext' and 'tcontext',
244  * thus, it is reasonable to cache the new label on avc, and enables to
245  * reduce unnecessary system calls. It shall be referenced at
246  * sepgsql_needs_fmgr_hook to check whether the supplied function is a
247  * trusted procedure, or not.
248  */
249  if (tclass == SEPG_CLASS_DB_PROCEDURE)
250  {
251  if (!ucontext)
252  ncontext = sepgsql_compute_create(scontext, tcontext,
254  else
255  ncontext = sepgsql_compute_create(scontext, ucontext,
257  if (strcmp(scontext, ncontext) == 0)
258  {
259  pfree(ncontext);
260  ncontext = NULL;
261  }
262  }
263 
264  /*
265  * Set up an avc_cache object
266  */
268 
269  cache = palloc0(sizeof(avc_cache));
270 
271  cache->hash = hash;
272  cache->scontext = pstrdup(scontext);
273  cache->tcontext = pstrdup(tcontext);
274  cache->tclass = tclass;
275 
276  cache->allowed = avd.allowed;
277  cache->auditallow = avd.auditallow;
278  cache->auditdeny = avd.auditdeny;
279  cache->hot_cache = true;
280  if (avd.flags & SELINUX_AVD_FLAGS_PERMISSIVE)
281  cache->permissive = true;
282  if (!ucontext)
283  cache->tcontext_is_valid = true;
284  if (ncontext)
285  cache->ncontext = pstrdup(ncontext);
286 
287  avc_num_caches++;
288 
291 
292  avc_slots[index] = lcons(cache, avc_slots[index]);
293 
294  MemoryContextSwitchTo(oldctx);
295 
296  return cache;
297 }
bool permissive
Definition: uavc.c:42
char * ncontext
Definition: uavc.c:46
static uint32 sepgsql_avc_hash(const char *scontext, const char *tcontext, uint16 tclass)
Definition: uavc.c:68
char * pstrdup(const char *in)
Definition: mcxt.c:1077
void sepgsql_compute_avd(const char *scontext, const char *tcontext, uint16 tclass, struct av_decision *avd)
Definition: selinux.c:732
Definition: uavc.c:31
static MemoryContext MemoryContextSwitchTo(MemoryContext context)
Definition: palloc.h:109
static char * sepgsql_avc_unlabeled(void)
Definition: uavc.c:176
uint32 hash
Definition: uavc.c:33
uint32 allowed
Definition: uavc.c:38
uint32 auditallow
Definition: uavc.c:39
uint16 tclass
Definition: uavc.c:36
Definition: type.h:89
#define SEPG_CLASS_PROCESS
Definition: sepgsql.h:36
void pfree(void *pointer)
Definition: mcxt.c:950
bool hot_cache
Definition: uavc.c:43
bool tcontext_is_valid
Definition: uavc.c:44
static MemoryContext avc_mem_cxt
Definition: uavc.c:57
char * tcontext
Definition: uavc.c:35
char * scontext
Definition: uavc.c:34
#define SEPG_CLASS_DB_PROCEDURE
Definition: sepgsql.h:48
unsigned int uint32
Definition: c.h:268
static int avc_num_caches
Definition: uavc.c:59
#define AVC_NUM_SLOTS
Definition: uavc.c:53
void * palloc0(Size size)
Definition: mcxt.c:878
List * lcons(void *datum, List *list)
Definition: list.c:259
#define NULL
Definition: c.h:229
static List * avc_slots[AVC_NUM_SLOTS]
Definition: uavc.c:58
static void sepgsql_avc_reclaim(void)
Definition: uavc.c:93
uint32 auditdeny
Definition: uavc.c:40
char * sepgsql_compute_create(const char *scontext, const char *tcontext, uint16 tclass, const char *objname)
Definition: selinux.c:837
static unsigned hash(unsigned *uv, int n)
Definition: rege_dfa.c:541
static int avc_threshold
Definition: uavc.c:61
static void sepgsql_avc_exit ( int  code,
Datum  arg 
)
static

Definition at line 485 of file uavc.c.

Referenced by sepgsql_avc_init().

486 {
487  selinux_status_close();
488 }
static uint32 sepgsql_avc_hash ( const char *  scontext,
const char *  tcontext,
uint16  tclass 
)
static

Definition at line 68 of file uavc.c.

References hash_any().

Referenced by sepgsql_avc_compute(), and sepgsql_avc_lookup().

69 {
70  return hash_any((const unsigned char *) scontext, strlen(scontext))
71  ^ hash_any((const unsigned char *) tcontext, strlen(tcontext))
72  ^ tclass;
73 }
Datum hash_any(register const unsigned char *k, register int keylen)
Definition: hashfunc.c:307
void sepgsql_avc_init ( void  )

Definition at line 496 of file uavc.c.

References ALLOCSET_DEFAULT_SIZES, AllocSetContextCreate(), AVC_DEF_THRESHOLD, avc_lru_hint, avc_num_caches, avc_threshold, ereport, errcode(), errmsg(), ERROR, LOG, on_proc_exit(), sepgsql_avc_exit(), and TopMemoryContext.

Referenced by _PG_init().

497 {
498  int rc;
499 
500  /*
501  * All the avc stuff shall be allocated in avc_mem_cxt
502  */
504  "userspace access vector cache",
506  memset(avc_slots, 0, sizeof(avc_slots));
507  avc_num_caches = 0;
508  avc_lru_hint = 0;
510 
511  /*
512  * SELinux allows to mmap(2) its kernel status page in read-only mode to
513  * inform userspace applications its status updating (such as policy
514  * reloading) without system-call invocations. This feature is only
515  * supported in Linux-2.6.38 or later, however, libselinux provides a
516  * fallback mode to know its status using netlink sockets.
517  */
518  rc = selinux_status_open(1);
519  if (rc < 0)
520  ereport(ERROR,
521  (errcode(ERRCODE_INTERNAL_ERROR),
522  errmsg("SELinux: could not open selinux status : %m")));
523  else if (rc > 0)
524  ereport(LOG,
525  (errmsg("SELinux: kernel status page uses fallback mode")));
526 
527  /* Arrange to close selinux status page on process exit. */
529 }
#define AVC_DEF_THRESHOLD
Definition: uavc.c:55
void on_proc_exit(pg_on_exit_callback function, Datum arg)
Definition: ipc.c:292
int errcode(int sqlerrcode)
Definition: elog.c:575
#define LOG
Definition: elog.h:26
static MemoryContext avc_mem_cxt
Definition: uavc.c:57
#define ERROR
Definition: elog.h:43
#define ALLOCSET_DEFAULT_SIZES
Definition: memutils.h:165
static void sepgsql_avc_exit(int code, Datum arg)
Definition: uavc.c:485
static int avc_lru_hint
Definition: uavc.c:60
#define ereport(elevel, rest)
Definition: elog.h:122
MemoryContext TopMemoryContext
Definition: mcxt.c:43
static int avc_num_caches
Definition: uavc.c:59
MemoryContext AllocSetContextCreate(MemoryContext parent, const char *name, Size minContextSize, Size initBlockSize, Size maxBlockSize)
Definition: aset.c:322
static List * avc_slots[AVC_NUM_SLOTS]
Definition: uavc.c:58
int errmsg(const char *fmt,...)
Definition: elog.c:797
static int avc_threshold
Definition: uavc.c:61
static avc_cache* sepgsql_avc_lookup ( const char *  scontext,
const char *  tcontext,
uint16  tclass 
)
static

Definition at line 306 of file uavc.c.

References AVC_NUM_SLOTS, avc_cache::hash, hash(), avc_cache::hot_cache, lfirst, avc_cache::scontext, sepgsql_avc_compute(), sepgsql_avc_hash(), avc_cache::tclass, and avc_cache::tcontext.

Referenced by sepgsql_avc_check_perms_label(), and sepgsql_avc_trusted_proc().

307 {
308  avc_cache *cache;
309  ListCell *cell;
310  uint32 hash;
311  int index;
312 
313  hash = sepgsql_avc_hash(scontext, tcontext, tclass);
314  index = hash % AVC_NUM_SLOTS;
315 
316  foreach(cell, avc_slots[index])
317  {
318  cache = lfirst(cell);
319 
320  if (cache->hash == hash &&
321  cache->tclass == tclass &&
322  strcmp(cache->tcontext, tcontext) == 0 &&
323  strcmp(cache->scontext, scontext) == 0)
324  {
325  cache->hot_cache = true;
326  return cache;
327  }
328  }
329  /* not found, so insert a new cache */
330  return sepgsql_avc_compute(scontext, tcontext, tclass);
331 }
static uint32 sepgsql_avc_hash(const char *scontext, const char *tcontext, uint16 tclass)
Definition: uavc.c:68
Definition: uavc.c:31
uint32 hash
Definition: uavc.c:33
static avc_cache * sepgsql_avc_compute(const char *scontext, const char *tcontext, uint16 tclass)
Definition: uavc.c:209
uint16 tclass
Definition: uavc.c:36
Definition: type.h:89
bool hot_cache
Definition: uavc.c:43
char * tcontext
Definition: uavc.c:35
char * scontext
Definition: uavc.c:34
unsigned int uint32
Definition: c.h:268
#define AVC_NUM_SLOTS
Definition: uavc.c:53
#define lfirst(lc)
Definition: pg_list.h:106
static List * avc_slots[AVC_NUM_SLOTS]
Definition: uavc.c:58
static unsigned hash(unsigned *uv, int n)
Definition: rege_dfa.c:541
static void sepgsql_avc_reclaim ( void  )
static

Definition at line 93 of file uavc.c.

References avc_lru_hint, avc_num_caches, AVC_NUM_RECLAIM, AVC_NUM_SLOTS, avc_threshold, avc_cache::hot_cache, lfirst, list_delete_cell(), list_head(), lnext, avc_cache::ncontext, next, NULL, pfree(), avc_cache::scontext, and avc_cache::tcontext.

Referenced by sepgsql_avc_compute().

94 {
95  ListCell *cell;
96  ListCell *next;
97  ListCell *prev;
98  int index;
99 
101  {
102  index = avc_lru_hint;
103 
104  prev = NULL;
105  for (cell = list_head(avc_slots[index]); cell; cell = next)
106  {
107  avc_cache *cache = lfirst(cell);
108 
109  next = lnext(cell);
110  if (!cache->hot_cache)
111  {
112  avc_slots[index]
113  = list_delete_cell(avc_slots[index], cell, prev);
114 
115  pfree(cache->scontext);
116  pfree(cache->tcontext);
117  if (cache->ncontext)
118  pfree(cache->ncontext);
119  pfree(cache);
120 
121  avc_num_caches--;
122  }
123  else
124  {
125  cache->hot_cache = false;
126  prev = cell;
127  }
128  }
130  }
131 }
static int32 next
Definition: blutils.c:210
char * ncontext
Definition: uavc.c:46
Definition: uavc.c:31
#define AVC_NUM_RECLAIM
Definition: uavc.c:54
Definition: type.h:89
void pfree(void *pointer)
Definition: mcxt.c:950
bool hot_cache
Definition: uavc.c:43
char * tcontext
Definition: uavc.c:35
char * scontext
Definition: uavc.c:34
static ListCell * list_head(const List *l)
Definition: pg_list.h:77
static int avc_lru_hint
Definition: uavc.c:60
#define lnext(lc)
Definition: pg_list.h:105
static int avc_num_caches
Definition: uavc.c:59
#define AVC_NUM_SLOTS
Definition: uavc.c:53
List * list_delete_cell(List *list, ListCell *cell, ListCell *prev)
Definition: list.c:528
#define NULL
Definition: c.h:229
#define lfirst(lc)
Definition: pg_list.h:106
static List * avc_slots[AVC_NUM_SLOTS]
Definition: uavc.c:58
static int avc_threshold
Definition: uavc.c:61
static void sepgsql_avc_reset ( void  )
static

Definition at line 79 of file uavc.c.

References avc_lru_hint, avc_num_caches, AVC_NUM_SLOTS, avc_unlabeled, MemoryContextReset(), and NULL.

Referenced by sepgsql_avc_check_valid().

80 {
82 
83  memset(avc_slots, 0, sizeof(List *) * AVC_NUM_SLOTS);
84  avc_num_caches = 0;
85  avc_lru_hint = 0;
87 }
static char * avc_unlabeled
Definition: uavc.c:62
void MemoryContextReset(MemoryContext context)
Definition: mcxt.c:135
static MemoryContext avc_mem_cxt
Definition: uavc.c:57
static int avc_lru_hint
Definition: uavc.c:60
static int avc_num_caches
Definition: uavc.c:59
#define AVC_NUM_SLOTS
Definition: uavc.c:53
#define NULL
Definition: c.h:229
static List * avc_slots[AVC_NUM_SLOTS]
Definition: uavc.c:58
Definition: pg_list.h:45
char* sepgsql_avc_trusted_proc ( Oid  functionId)

Definition at line 453 of file uavc.c.

References ObjectAddress::classId, GetSecurityLabel(), avc_cache::ncontext, ObjectAddress::objectId, ObjectAddress::objectSubId, ProcedureRelationId, SEPG_CLASS_DB_PROCEDURE, sepgsql_avc_check_valid(), sepgsql_avc_lookup(), sepgsql_avc_unlabeled(), sepgsql_get_client_label(), and SEPGSQL_LABEL_TAG.

Referenced by sepgsql_fmgr_hook(), and sepgsql_needs_fmgr_hook().

454 {
455  char *scontext = sepgsql_get_client_label();
456  char *tcontext;
457  ObjectAddress tobject;
458  avc_cache *cache;
459 
460  tobject.classId = ProcedureRelationId;
461  tobject.objectId = functionId;
462  tobject.objectSubId = 0;
463  tcontext = GetSecurityLabel(&tobject, SEPGSQL_LABEL_TAG);
464 
466  do
467  {
468  if (tcontext)
469  cache = sepgsql_avc_lookup(scontext, tcontext,
471  else
472  cache = sepgsql_avc_lookup(scontext, sepgsql_avc_unlabeled(),
474  } while (!sepgsql_avc_check_valid());
475 
476  return cache->ncontext;
477 }
char * ncontext
Definition: uavc.c:46
#define ProcedureRelationId
Definition: pg_proc.h:33
Definition: uavc.c:31
static char * sepgsql_avc_unlabeled(void)
Definition: uavc.c:176
static avc_cache * sepgsql_avc_lookup(const char *scontext, const char *tcontext, uint16 tclass)
Definition: uavc.c:306
char * GetSecurityLabel(const ObjectAddress *object, const char *provider)
Definition: seclabel.c:195
#define SEPG_CLASS_DB_PROCEDURE
Definition: sepgsql.h:48
#define SEPGSQL_LABEL_TAG
Definition: sepgsql.h:23
char * sepgsql_get_client_label(void)
Definition: label.c:91
static bool sepgsql_avc_check_valid(void)
Definition: uavc.c:158
static char* sepgsql_avc_unlabeled ( void  )
static

Definition at line 176 of file uavc.c.

References avc_unlabeled, ereport, errcode(), errmsg(), ERROR, MemoryContextStrdup(), PG_CATCH, PG_END_TRY, PG_RE_THROW, and PG_TRY.

Referenced by sepgsql_avc_check_perms_label(), sepgsql_avc_compute(), and sepgsql_avc_trusted_proc().

177 {
178  if (!avc_unlabeled)
179  {
180  security_context_t unlabeled;
181 
182  if (security_get_initial_context_raw("unlabeled", &unlabeled) < 0)
183  ereport(ERROR,
184  (errcode(ERRCODE_INTERNAL_ERROR),
185  errmsg("SELinux: failed to get initial security label: %m")));
186  PG_TRY();
187  {
189  }
190  PG_CATCH();
191  {
192  freecon(unlabeled);
193  PG_RE_THROW();
194  }
195  PG_END_TRY();
196 
197  freecon(unlabeled);
198  }
199  return avc_unlabeled;
200 }
static char * avc_unlabeled
Definition: uavc.c:62
int errcode(int sqlerrcode)
Definition: elog.c:575
static MemoryContext avc_mem_cxt
Definition: uavc.c:57
#define ERROR
Definition: elog.h:43
#define ereport(elevel, rest)
Definition: elog.h:122
#define PG_CATCH()
Definition: elog.h:293
#define PG_RE_THROW()
Definition: elog.h:314
int errmsg(const char *fmt,...)
Definition: elog.c:797
char * MemoryContextStrdup(MemoryContext context, const char *string)
Definition: mcxt.c:1064
#define PG_TRY()
Definition: elog.h:284
#define PG_END_TRY()
Definition: elog.h:300

Variable Documentation

int avc_lru_hint
static

Definition at line 60 of file uavc.c.

Referenced by sepgsql_avc_init(), sepgsql_avc_reclaim(), and sepgsql_avc_reset().

MemoryContext avc_mem_cxt
static

Definition at line 57 of file uavc.c.

int avc_num_caches
static
List* avc_slots[AVC_NUM_SLOTS]
static

Definition at line 58 of file uavc.c.

int avc_threshold
static

Definition at line 61 of file uavc.c.

Referenced by sepgsql_avc_compute(), sepgsql_avc_init(), and sepgsql_avc_reclaim().

char* avc_unlabeled
static

Definition at line 62 of file uavc.c.

Referenced by sepgsql_avc_reset(), and sepgsql_avc_unlabeled().