sepgsql: Support for new post-ALTER access hook.

KaiGai Kohei
2025-06-11 20:28:21 +03:00 · 2013-03-27 08:10:14 -04:00
parent bc5334d867
commit 1cea9bbb21
12 changed files with 693 additions and 13 deletions
--- a/contrib/sepgsql/hooks.c
+++ b/contrib/sepgsql/hooks.c
@ -188,6 +188,54 @@ sepgsql_object_access(ObjectAccessType access,
 			}
 			break;

+		case OAT_POST_ALTER:
+			{
+				ObjectAccessPostAlter  *pa_arg = arg;
+				bool	is_internal = pa_arg->is_internal;
+
+				switch (classId)
+				{
+					case DatabaseRelationId:
+						Assert(!is_internal);
+						sepgsql_database_setattr(objectId);
+						break;
+
+					case NamespaceRelationId:
+						Assert(!is_internal);
+						sepgsql_schema_setattr(objectId);
+						break;
+
+					case RelationRelationId:
+						if (subId == 0)
+                        {
+							/*
+							 * A case when we don't want to apply permission
+							 * check is that relation is internally altered
+							 * without user's intention. E.g, no need to
+							 * check on toast table/index to be renamed at
+							 * end of the table rewrites.
+							 */
+							if (is_internal)
+                                break;
+
+							sepgsql_relation_setattr(objectId);
+                        }
+                        else
+                            sepgsql_attribute_setattr(objectId, subId);
+						break;
+
+					case ProcedureRelationId:
+						Assert(!is_internal);
+						sepgsql_proc_setattr(objectId);
+						break;
+
+					default:
+						/* Ignore unsupported object classes */
+						break;
+				}
+			}
+			break;
+
 		default:
 			elog(ERROR, "unexpected object access type: %d", (int) access);
 			break;