sepgsql: Support for new post-ALTER access hook.

KaiGai Kohei
2025-07-27 12:41:57 +03:00 · 2013-03-27 08:10:14 -04:00
parent bc5334d867
commit 1cea9bbb21
12 changed files with 693 additions and 13 deletions
--- a/contrib/sepgsql/relation.c
+++ b/contrib/sepgsql/relation.c
@ -190,6 +190,36 @@ sepgsql_attribute_relabel(Oid relOid, AttrNumber attnum,
 	pfree(audit_name);
 }

+/*
+ * sepgsql_attribute_setattr
+ *
+ * It checks privileges to alter the supplied column.
+ */
+void
+sepgsql_attribute_setattr(Oid relOid, AttrNumber attnum)
+{
+	ObjectAddress object;
+	char	   *audit_name;
+
+	if (get_rel_relkind(relOid) != RELKIND_RELATION)
+		return;
+
+	/*
+	 * check db_column:{setattr} permission
+	 */
+	object.classId = RelationRelationId;
+	object.objectId = relOid;
+	object.objectSubId = attnum;
+	audit_name = getObjectDescription(&object);
+
+	sepgsql_avc_check_perms(&object,
+							SEPG_CLASS_DB_COLUMN,
+							SEPG_DB_COLUMN__SETATTR,
+							audit_name,
+							true);
+	pfree(audit_name);
+}
+
 /*
 * sepgsql_relation_post_create
 *
@ -529,6 +559,13 @@ sepgsql_relation_relabel(Oid relOid, const char *seclabel)
 void
 sepgsql_relation_setattr(Oid relOid)
 {
+	Relation		rel;
+	ScanKeyData		skey;
+	SysScanDesc		sscan;
+	HeapTuple		oldtup;
+	HeapTuple		newtup;
+	Form_pg_class	oldform;
+	Form_pg_class	newform;
 	ObjectAddress object;
 	char	   *audit_name;
 	uint16_t	tclass;
@ -553,26 +590,66 @@ sepgsql_relation_setattr(Oid relOid)
 			return;
 	}

-	object.classId = RelationRelationId;
-	object.objectId = relOid;
-	object.objectSubId = 0;
-	audit_name = getObjectDescription(&object);
+	/*
+	 * Fetch newer catalog
+	 */
+	rel = heap_open(RelationRelationId, AccessShareLock);
+
+	ScanKeyInit(&skey,
+				ObjectIdAttributeNumber,
+				BTEqualStrategyNumber, F_OIDEQ,
+				ObjectIdGetDatum(relOid));
+
+	sscan = systable_beginscan(rel, ClassOidIndexId, true,
+							   SnapshotSelf, 1, &skey);
+
+	newtup = systable_getnext(sscan);
+	if (!HeapTupleIsValid(newtup))
+		elog(ERROR, "catalog lookup failed for relation %u", relOid);
+	newform = (Form_pg_class) GETSTRUCT(newtup);

 	/*
-	 * XXX - we should add checks related to namespace stuff, when
-	 * object_access_hook get support for ALTER statement.  Right now, there is
-	 * no invocation path on ALTER ...  RENAME TO / SET SCHEMA.
+	 * Fetch older catalog
+	 */
+	oldtup = SearchSysCache1(RELOID, ObjectIdGetDatum(relOid));
+	if (!HeapTupleIsValid(oldtup))
+		elog(ERROR, "cache lookup failed for relation %u", relOid);
+	oldform = (Form_pg_class) GETSTRUCT(oldtup);
+
+	/*
+	 * Does this ALTER command takes operation to namespace?
+	 */
+	if (newform->relnamespace != oldform->relnamespace)
+	{
+		sepgsql_schema_remove_name(oldform->relnamespace);
+		sepgsql_schema_add_name(newform->relnamespace);
+	}
+	if (strcmp(NameStr(newform->relname), NameStr(oldform->relname)) != 0)
+		sepgsql_schema_rename(oldform->relnamespace);
+
+	/*
+	 * XXX - In the future version, db_tuple:{use} of system catalog entry
+	 * shall be checked, if tablespace configuration is changed.
 	 */

 	/*
 	 * check db_xxx:{setattr} permission
 	 */
+	object.classId = RelationRelationId;
+	object.objectId = relOid;
+	object.objectSubId = 0;
+	audit_name = getObjectDescription(&object);
+
 	sepgsql_avc_check_perms(&object,
 							tclass,
 							SEPG_DB_TABLE__SETATTR,
 							audit_name,
 							true);
 	pfree(audit_name);
+
+	ReleaseSysCache(oldtup);
+	systable_endscan(sscan);
+	heap_close(rel, AccessShareLock);
 }

 /*