database/postgres
database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-04-25 21:42:33 +03:00
Code

sepgsql cleanups.

Browse Source 
This is needed to match recent changes elsewhere.  Along the way, some
renaming for clarity.

KaiGai Kohei
This commit is contained in:
Robert Haas 2012-09-05 14:01:15 -04:00
parent 46c508fbcf
commit aa2b237ce5
10 changed files with 33 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
contrib/sepgsql/database.c
View File

@ -12,6 +12,7 @@
#include "access/genam.h"
#include "access/heapam.h"
#include "access/htup_details.h"
#include "access/sysattr.h"
#include "catalog/dependency.h"
#include "catalog/pg_database.h"

15
contrib/sepgsql/dml.c
View File

@ -10,6 +10,7 @@
*/
#include "postgres.h"
#include "access/htup_details.h"
#include "access/sysattr.h"
#include "access/tupdesc.h"
#include "catalog/catalog.h"
@ -148,7 +149,7 @@ check_relation_privileges(Oid relOid,
Bitmapset *selected,
Bitmapset *modified,
uint32 required,
bool abort)
bool abort_on_violation)
{
ObjectAddress object;
char *audit_name;
@ -194,7 +195,7 @@ check_relation_privileges(Oid relOid,
SEPG_CLASS_DB_TABLE,
required,
audit_name,
abort);
abort_on_violation);
break;
case RELKIND_SEQUENCE:
@ -205,7 +206,7 @@ check_relation_privileges(Oid relOid,
SEPG_CLASS_DB_SEQUENCE,
SEPG_DB_SEQUENCE__GET_VALUE,
audit_name,
abort);
abort_on_violation);
break;
case RELKIND_VIEW:
@ -213,7 +214,7 @@ check_relation_privileges(Oid relOid,
SEPG_CLASS_DB_VIEW,
SEPG_DB_VIEW__EXPAND,
audit_name,
abort);
abort_on_violation);
break;
default:
@ -264,7 +265,7 @@ check_relation_privileges(Oid relOid,
SEPG_CLASS_DB_COLUMN,
column_perms,
audit_name,
abort);
abort_on_violation);
pfree(audit_name);
if (!result)
@ -279,7 +280,7 @@ check_relation_privileges(Oid relOid,
* Entrypoint of the DML permission checks
*/
bool
sepgsql_dml_privileges(List *rangeTabls, bool abort)
sepgsql_dml_privileges(List *rangeTabls, bool abort_on_violation)
{
ListCell *lr;
@ -351,7 +352,7 @@ sepgsql_dml_privileges(List *rangeTabls, bool abort)
if (!check_relation_privileges(tableOid,
selectedCols,
modifiedCols,
required, abort))
required, abort_on_violation))
return false;
}
list_free(tableIds);

8
contrib/sepgsql/hooks.c
View File

@ -265,9 +265,9 @@ static void
sepgsql_utility_command(Node *parsetree,
const char *queryString,
ParamListInfo params,
bool isTopLevel,
DestReceiver *dest,
char *completionTag)
char *completionTag,
ProcessUtilityContext context)
{
sepgsql_context_info_t saved_context_info = sepgsql_context_info;
ListCell *cell;
@ -328,10 +328,10 @@ sepgsql_utility_command(Node *parsetree,
if (next_ProcessUtility_hook)
(*next_ProcessUtility_hook) (parsetree, queryString, params,
isTopLevel, dest, completionTag);
dest, completionTag, context);
else
standard_ProcessUtility(parsetree, queryString, params,
isTopLevel, dest, completionTag);
dest, completionTag, context);
}
PG_CATCH();
{

1
contrib/sepgsql/label.c
View File

@ -11,6 +11,7 @@
#include "postgres.h"
#include "access/heapam.h"
#include "access/htup_details.h"
#include "access/genam.h"
#include "access/xact.h"
#include "catalog/catalog.h"

2
contrib/sepgsql/proc.c
View File

@ -12,12 +12,14 @@
#include "access/genam.h"
#include "access/heapam.h"
#include "access/htup_details.h"
#include "access/sysattr.h"
#include "catalog/dependency.h"
#include "catalog/indexing.h"
#include "catalog/pg_namespace.h"
#include "catalog/pg_proc.h"
#include "commands/seclabel.h"
#include "lib/stringinfo.h"
#include "utils/builtins.h"
#include "utils/fmgroids.h"
#include "utils/lsyscache.h"

2
contrib/sepgsql/relation.c
View File

@ -12,6 +12,7 @@
#include "access/genam.h"
#include "access/heapam.h"
#include "access/htup_details.h"
#include "access/sysattr.h"
#include "catalog/indexing.h"
#include "catalog/dependency.h"
@ -20,6 +21,7 @@
#include "catalog/pg_namespace.h"
#include "commands/seclabel.h"
#include "utils/fmgroids.h"
#include "utils/catcache.h"
#include "utils/lsyscache.h"
#include "utils/syscache.h"
#include "utils/tqual.h"

1
contrib/sepgsql/schema.c
View File

@ -12,6 +12,7 @@
#include "access/genam.h"
#include "access/heapam.h"
#include "access/htup_details.h"
#include "access/sysattr.h"
#include "catalog/dependency.h"
#include "catalog/indexing.h"

6
contrib/sepgsql/selinux.c
View File

@ -893,7 +893,7 @@ sepgsql_compute_create(const char *scontext,
* tclass: class code (SEPG_CLASS_*) of the object being referenced
* required: a mask of required permissions (SEPG_<class>__<perm>)
* audit_name: a human readable object name for audit logs, or NULL.
* abort: true, if caller wants to raise an error on access violation
* abort_on_violation: true, if error shall be raised on access violation
*/
bool
sepgsql_check_perms(const char *scontext,
@ -901,7 +901,7 @@ sepgsql_check_perms(const char *scontext,
uint16 tclass,
uint32 required,
const char *audit_name,
bool abort)
bool abort_on_violation)
{
struct av_decision avd;
uint32 denied;
@ -937,7 +937,7 @@ sepgsql_check_perms(const char *scontext,
audit_name);
}
if (!result && abort)
if (!result && abort_on_violation)
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
errmsg("SELinux: security policy violation")));

8
contrib/sepgsql/sepgsql.h
View File

@ -247,7 +247,7 @@ extern bool sepgsql_check_perms(const char *scontext,
uint16 tclass,
uint32 required,
const char *audit_name,
bool abort);
bool abort_on_violation);
/*
* uavc.c
@ -257,12 +257,12 @@ extern bool sepgsql_avc_check_perms_label(const char *tcontext,
uint16 tclass,
uint32 required,
const char *audit_name,
bool abort);
bool abort_on_violation);
extern bool sepgsql_avc_check_perms(const ObjectAddress *tobject,
uint16 tclass,
uint32 required,
const char *audit_name,
bool abort);
bool abort_on_violation);
extern char *sepgsql_avc_trusted_proc(Oid functionId);
extern void sepgsql_avc_init(void);
@ -285,7 +285,7 @@ extern Datum sepgsql_restorecon(PG_FUNCTION_ARGS);
/*
* dml.c
*/
extern bool sepgsql_dml_privileges(List *rangeTabls, bool abort);
extern bool sepgsql_dml_privileges(List *rangeTabls, bool abort_on_violation);
/*
* database.c

12
contrib/sepgsql/uavc.c
View File

@ -335,7 +335,7 @@ sepgsql_avc_lookup(const char *scontext, const char *tcontext, uint16 tclass)
*
* It returns 'true', if the security policy suggested to allow the required
* permissions. Otherwise, it returns 'false' or raises an error according
* to the 'abort' argument.
* to the 'abort_on_violation' argument.
* The 'tobject' and 'tclass' identify the target object being referenced,
* and 'required' is a bitmask of permissions (SEPG_*__*) defined for each
* object classes.
@ -345,7 +345,8 @@ sepgsql_avc_lookup(const char *scontext, const char *tcontext, uint16 tclass)
bool
sepgsql_avc_check_perms_label(const char *tcontext,
uint16 tclass, uint32 required,
const char *audit_name, bool abort)
const char *audit_name,
bool abort_on_violation)
{
char *scontext = sepgsql_get_client_label();
avc_cache *cache;
@ -415,7 +416,7 @@ sepgsql_avc_check_perms_label(const char *tcontext,
audit_name);
}
if (abort && !result)
if (abort_on_violation && !result)
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
errmsg("SELinux: security policy violation")));
@ -426,14 +427,15 @@ sepgsql_avc_check_perms_label(const char *tcontext,
bool
sepgsql_avc_check_perms(const ObjectAddress *tobject,
uint16 tclass, uint32 required,
const char *audit_name, bool abort)
const char *audit_name,
bool abort_on_violation)
{
char *tcontext = GetSecurityLabel(tobject, SEPGSQL_LABEL_TAG);
bool rc;
rc = sepgsql_avc_check_perms_label(tcontext,
tclass, required,
audit_name, abort);
audit_name, abort_on_violation);
if (tcontext)
pfree(tcontext);