52#define AVC_NUM_SLOTS 512
53#define AVC_NUM_RECLAIM 16
54#define AVC_DEF_THRESHOLD 384
69 return hash_any((
const unsigned char *) scontext, strlen(scontext))
70 ^
hash_any((
const unsigned char *) tcontext, strlen(tcontext))
154 if (selinux_status_updated() > 0)
176 if (security_get_initial_context_raw(
"unlabeled", &unlabeled) < 0)
178 (
errcode(ERRCODE_INTERNAL_ERROR),
179 errmsg(
"SELinux: failed to get initial security label: %m")));
202 char *ucontext = NULL;
203 char *ncontext = NULL;
208 struct av_decision avd;
219 if (security_check_context_raw(tcontext) != 0)
248 if (strcmp(scontext, ncontext) == 0)
271 if (avd.flags & SELINUX_AVD_FLAGS_PERMISSIVE)
312 cache->
tclass == tclass &&
313 strcmp(cache->
tcontext, tcontext) == 0 &&
314 strcmp(cache->
scontext, scontext) == 0)
339 const char *audit_name,
340 bool abort_on_violation)
363 denied =
required & ~cache->allowed;
369 audited = (denied ? (denied & ~0) : (
required & ~0));
371 audited = denied ? (denied & cache->
auditdeny)
411 if (abort_on_violation && !result)
413 (
errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
414 errmsg(
"SELinux: security policy violation")));
422 const char *audit_name,
423 bool abort_on_violation)
430 audit_name, abort_on_violation);
452 tobject.
classId = ProcedureRelationId;
479 selinux_status_close();
496 "userspace access vector cache",
510 rc = selinux_status_open(1);
513 (
errcode(ERRCODE_INTERNAL_ERROR),
514 errmsg(
"SELinux: could not open selinux status : %m")));
517 (
errmsg(
"SELinux: kernel status page uses fallback mode")));
int errcode(int sqlerrcode)
int errmsg(const char *fmt,...)
#define ereport(elevel,...)
static Datum hash_any(const unsigned char *k, int keylen)
bool sepgsql_get_debug_audit(void)
void on_proc_exit(pg_on_exit_callback function, Datum arg)
char * sepgsql_get_client_label(void)
List * lcons(void *datum, List *list)
char * MemoryContextStrdup(MemoryContext context, const char *string)
void MemoryContextReset(MemoryContext context)
char * pstrdup(const char *in)
void pfree(void *pointer)
void * palloc0(Size size)
MemoryContext TopMemoryContext
#define AllocSetContextCreate
#define ALLOCSET_DEFAULT_SIZES
#define foreach_delete_current(lst, var_or_cell)
MemoryContextSwitchTo(old_ctx)
static unsigned hash(unsigned *uv, int n)
char * GetSecurityLabel(const ObjectAddress *object, const char *provider)
char * sepgsql_compute_create(const char *scontext, const char *tcontext, uint16 tclass, const char *objname)
int sepgsql_get_mode(void)
void sepgsql_compute_avd(const char *scontext, const char *tcontext, uint16 tclass, struct av_decision *avd)
void sepgsql_audit_log(bool denied, bool enforcing, const char *scontext, const char *tcontext, uint16 tclass, uint32 audited, const char *audit_name)
bool sepgsql_getenforce(void)
#define SEPGSQL_MODE_INTERNAL
#define SEPG_CLASS_DB_PROCEDURE
#define SEPGSQL_AVC_NOAUDIT
#define SEPGSQL_LABEL_TAG
#define SEPG_CLASS_PROCESS
static uint32 sepgsql_avc_hash(const char *scontext, const char *tcontext, uint16 tclass)
static void sepgsql_avc_reclaim(void)
char * sepgsql_avc_trusted_proc(Oid functionId)
bool sepgsql_avc_check_perms_label(const char *tcontext, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)
static MemoryContext avc_mem_cxt
static bool sepgsql_avc_check_valid(void)
static char * sepgsql_avc_unlabeled(void)
static void sepgsql_avc_reset(void)
static void sepgsql_avc_exit(int code, Datum arg)
static List * avc_slots[AVC_NUM_SLOTS]
static int avc_num_caches
static char * avc_unlabeled
#define AVC_DEF_THRESHOLD
static avc_cache * sepgsql_avc_lookup(const char *scontext, const char *tcontext, uint16 tclass)
static avc_cache * sepgsql_avc_compute(const char *scontext, const char *tcontext, uint16 tclass)
void sepgsql_avc_init(void)
bool sepgsql_avc_check_perms(const ObjectAddress *tobject, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation)