database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-07-30 11:03:19 +03:00
Code Activity

pgindent run before PG 9.1 beta 1.

Browse Source
This commit is contained in:
Bruce Momjian
2011-04-10 11:42:00 -04:00
parent 9a8b73147c
commit bf50caf105
446 changed files with 5737 additions and 5258 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
contrib/sepgsql/dml.c
View File

@ -59,7 +59,7 @@ fixup_whole_row_references(Oid relOid, Bitmapset *columns)
result = bms_copy(columns);
result = bms_del_member(result, index);
for (attno=1; attno <= natts; attno++)
for (attno = 1; attno <= natts; attno++)
{
tuple = SearchSysCache2(ATTNUM,
ObjectIdGetDatum(relOid),
@ -108,6 +108,7 @@ fixup_inherited_columns(Oid parentId, Oid childId, Bitmapset *columns)
while ((index = bms_first_member(tmpset)) > 0)
{
attno = index + FirstLowInvalidHeapAttributeNumber;
/*
* whole-row-reference shall be fixed-up later
*/
@ -158,14 +159,13 @@ check_relation_privileges(Oid relOid,
bool result = true;
/*
* Hardwired Policies:
* SE-PostgreSQL enforces
* - clients cannot modify system catalogs using DMLs
* - clients cannot reference/modify toast relations using DMLs
* Hardwired Policies: SE-PostgreSQL enforces - clients cannot modify
* system catalogs using DMLs - clients cannot reference/modify toast
* relations using DMLs
*/
if (sepgsql_getenforce() > 0)
{
Oid relnamespace = get_rel_namespace(relOid);
Oid relnamespace = get_rel_namespace(relOid);
if (IsSystemNamespace(relnamespace) &&
(required & (SEPG_DB_TABLE__UPDATE |
@ -242,7 +242,7 @@ check_relation_privileges(Oid relOid,
{
AttrNumber attnum;
uint32 column_perms = 0;
ObjectAddress object;
ObjectAddress object;
if (bms_is_member(index, selected))
column_perms |= SEPG_DB_COLUMN__SELECT;
@ -290,12 +290,12 @@ sepgsql_dml_privileges(List *rangeTabls, bool abort)
{
ListCell *lr;
foreach (lr, rangeTabls)
foreach(lr, rangeTabls)
{
RangeTblEntry *rte = lfirst(lr);
uint32 required = 0;
List *tableIds;
ListCell *li;
RangeTblEntry *rte = lfirst(lr);
uint32 required = 0;
List *tableIds;
ListCell *li;
/*
* Only regular relations shall be checked
@ -328,25 +328,24 @@ sepgsql_dml_privileges(List *rangeTabls, bool abort)
/*
* If this RangeTblEntry is also supposed to reference inherited
* tables, we need to check security label of the child tables.
* So, we expand rte->relid into list of OIDs of inheritance
* hierarchy, then checker routine will be invoked for each
* relations.
* tables, we need to check security label of the child tables. So, we
* expand rte->relid into list of OIDs of inheritance hierarchy, then
* checker routine will be invoked for each relations.
*/
if (!rte->inh)
tableIds = list_make1_oid(rte->relid);
else
tableIds = find_all_inheritors(rte->relid, NoLock, NULL);
foreach (li, tableIds)
foreach(li, tableIds)
{
Oid tableOid = lfirst_oid(li);
Bitmapset *selectedCols;
Bitmapset *modifiedCols;
/*
* child table has different attribute numbers, so we need
* to fix up them.
* child table has different attribute numbers, so we need to fix
* up them.
*/
selectedCols = fixup_inherited_columns(rte->relid, tableOid,
rte->selectedCols);

142
contrib/sepgsql/hooks.c
View File

@ -29,17 +29,17 @@ PG_MODULE_MAGIC;
/*
* Declarations
*/
void _PG_init(void);
void _PG_init(void);
/*
* Saved hook entries (if stacked)
*/
static object_access_hook_type next_object_access_hook = NULL;
static ClientAuthentication_hook_type next_client_auth_hook = NULL;
static ExecutorCheckPerms_hook_type next_exec_check_perms_hook = NULL;
static needs_fmgr_hook_type next_needs_fmgr_hook = NULL;
static fmgr_hook_type next_fmgr_hook = NULL;
static ProcessUtility_hook_type next_ProcessUtility_hook = NULL;
static object_access_hook_type next_object_access_hook = NULL;
static ClientAuthentication_hook_type next_client_auth_hook = NULL;
static ExecutorCheckPerms_hook_type next_exec_check_perms_hook = NULL;
static needs_fmgr_hook_type next_needs_fmgr_hook = NULL;
static fmgr_hook_type next_fmgr_hook = NULL;
static ProcessUtility_hook_type next_ProcessUtility_hook = NULL;
/*
* GUC: sepgsql.permissive = (on|off)
@ -73,14 +73,14 @@ sepgsql_get_debug_audit(void)
static void
sepgsql_client_auth(Port *port, int status)
{
char *context;
char *context;
if (next_client_auth_hook)
(*next_client_auth_hook)(port, status);
(*next_client_auth_hook) (port, status);
/*
* In the case when authentication failed, the supplied socket
* shall be closed soon, so we don't need to do anything here.
* In the case when authentication failed, the supplied socket shall be
* closed soon, so we don't need to do anything here.
*/
if (status != STATUS_OK)
return;
@ -96,8 +96,8 @@ sepgsql_client_auth(Port *port, int status)
sepgsql_set_client_label(context);
/*
* Switch the current performing mode from INTERNAL to either
* DEFAULT or PERMISSIVE.
* Switch the current performing mode from INTERNAL to either DEFAULT or
* PERMISSIVE.
*/
if (sepgsql_permissive)
sepgsql_set_mode(SEPGSQL_MODE_PERMISSIVE);
@ -113,12 +113,12 @@ sepgsql_client_auth(Port *port, int status)
*/
static void
sepgsql_object_access(ObjectAccessType access,
Oid classId,
Oid objectId,
int subId)
Oid classId,
Oid objectId,
int subId)
{
if (next_object_access_hook)
(*next_object_access_hook)(access, classId, objectId, subId);
(*next_object_access_hook) (access, classId, objectId, subId);
switch (access)
{
@ -147,7 +147,7 @@ sepgsql_object_access(ObjectAccessType access,
break;
default:
elog(ERROR, "unexpected object access type: %d", (int)access);
elog(ERROR, "unexpected object access type: %d", (int) access);
break;
}
}
@ -161,11 +161,11 @@ static bool
sepgsql_exec_check_perms(List *rangeTabls, bool abort)
{
/*
* If security provider is stacking and one of them replied 'false'
* at least, we don't need to check any more.
* If security provider is stacking and one of them replied 'false' at
* least, we don't need to check any more.
*/
if (next_exec_check_perms_hook &&
!(*next_exec_check_perms_hook)(rangeTabls, abort))
!(*next_exec_check_perms_hook) (rangeTabls, abort))
return false;
if (!sepgsql_dml_privileges(rangeTabls, abort))
@ -184,20 +184,19 @@ sepgsql_exec_check_perms(List *rangeTabls, bool abort)
static bool
sepgsql_needs_fmgr_hook(Oid functionId)
{
char *old_label;
char *new_label;
char *function_label;
char *old_label;
char *new_label;
char *function_label;
if (next_needs_fmgr_hook &&
(*next_needs_fmgr_hook)(functionId))
(*next_needs_fmgr_hook) (functionId))
return true;
/*
* SELinux needs the function to be called via security_definer
* wrapper, if this invocation will take a domain-transition.
* We call these functions as trusted-procedure, if the security
* policy has a rule that switches security label of the client
* on execution.
* SELinux needs the function to be called via security_definer wrapper,
* if this invocation will take a domain-transition. We call these
* functions as trusted-procedure, if the security policy has a rule that
* switches security label of the client on execution.
*/
old_label = sepgsql_get_client_label();
new_label = sepgsql_proc_get_domtrans(functionId);
@ -210,9 +209,9 @@ sepgsql_needs_fmgr_hook(Oid functionId)
/*
* Even if not a trusted-procedure, this function should not be inlined
* unless the client has db_procedure:{execute} permission.
* Please note that it shall be actually failed later because of same
* reason with ACL_EXECUTE.
* unless the client has db_procedure:{execute} permission. Please note
* that it shall be actually failed later because of same reason with
* ACL_EXECUTE.
*/
function_label = sepgsql_get_label(ProcedureRelationId, functionId, 0);
if (sepgsql_check_perms(sepgsql_get_client_label(),
@ -238,20 +237,21 @@ static void
sepgsql_fmgr_hook(FmgrHookEventType event,
FmgrInfo *flinfo, Datum *private)
{
struct {
char *old_label;
char *new_label;
Datum next_private;
} *stack;
struct
{
char *old_label;
char *new_label;
Datum next_private;
} *stack;
switch (event)
{
case FHET_START:
stack = (void *)DatumGetPointer(*private);
stack = (void *) DatumGetPointer(*private);
if (!stack)
{
MemoryContext oldcxt;
const char *cur_label = sepgsql_get_client_label();
MemoryContext oldcxt;
const char *cur_label = sepgsql_get_client_label();
oldcxt = MemoryContextSwitchTo(flinfo->fn_mcxt);
stack = palloc(sizeof(*stack));
@ -265,8 +265,8 @@ sepgsql_fmgr_hook(FmgrHookEventType event,
{
/*
* process:transition permission between old and new
* label, when user tries to switch security label of
* the client on execution of trusted procedure.
* label, when user tries to switch security label of the
* client on execution of trusted procedure.
*/
sepgsql_check_perms(cur_label, stack->new_label,
SEPG_CLASS_PROCESS,
@ -280,22 +280,22 @@ sepgsql_fmgr_hook(FmgrHookEventType event,
stack->old_label = sepgsql_set_client_label(stack->new_label);
if (next_fmgr_hook)
(*next_fmgr_hook)(event, flinfo, &stack->next_private);
(*next_fmgr_hook) (event, flinfo, &stack->next_private);
break;
case FHET_END:
case FHET_ABORT:
stack = (void *)DatumGetPointer(*private);
stack = (void *) DatumGetPointer(*private);
if (next_fmgr_hook)
(*next_fmgr_hook)(event, flinfo, &stack->next_private);
(*next_fmgr_hook) (event, flinfo, &stack->next_private);
sepgsql_set_client_label(stack->old_label);
stack->old_label = NULL;
break;
default:
elog(ERROR, "unexpected event type: %d", (int)event);
elog(ERROR, "unexpected event type: %d", (int) event);
break;
}
}
@ -315,8 +315,8 @@ sepgsql_utility_command(Node *parsetree,
char *completionTag)
{
if (next_ProcessUtility_hook)
(*next_ProcessUtility_hook)(parsetree, queryString, params,
isTopLevel, dest, completionTag);
(*next_ProcessUtility_hook) (parsetree, queryString, params,
isTopLevel, dest, completionTag);
/*
* Check command tag to avoid nefarious operations
@ -324,6 +324,7 @@ sepgsql_utility_command(Node *parsetree,
switch (nodeTag(parsetree))
{
case T_LoadStmt:
/*
* We reject LOAD command across the board on enforcing mode,
* because a binary module can arbitrarily override hooks.
@ -336,11 +337,12 @@ sepgsql_utility_command(Node *parsetree,
}
break;
default:
/*
* Right now we don't check any other utility commands,
* because it needs more detailed information to make
* access control decision here, but we don't want to
* have two parse and analyze routines individually.
* Right now we don't check any other utility commands, because it
* needs more detailed information to make access control decision
* here, but we don't want to have two parse and analyze routines
* individually.
*/
break;
}
@ -358,7 +360,7 @@ sepgsql_utility_command(Node *parsetree,
void
_PG_init(void)
{
char *context;
char *context;
/*
* We allow to load the SE-PostgreSQL module on single-user-mode or
@ -367,12 +369,12 @@ _PG_init(void)
if (IsUnderPostmaster)
ereport(ERROR,
(errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
errmsg("sepgsql must be loaded via shared_preload_libraries")));
errmsg("sepgsql must be loaded via shared_preload_libraries")));
/*
* Check availability of SELinux on the platform.
* If disabled, we cannot activate any SE-PostgreSQL features,
* and we have to skip rest of initialization.
* Check availability of SELinux on the platform. If disabled, we cannot
* activate any SE-PostgreSQL features, and we have to skip rest of
* initialization.
*/
if (is_selinux_enabled() < 1)
{
@ -383,8 +385,8 @@ _PG_init(void)
/*
* sepgsql.permissive = (on|off)
*
* This variable controls performing mode of SE-PostgreSQL
* on user's session.
* This variable controls performing mode of SE-PostgreSQL on user's
* session.
*/
DefineCustomBoolVariable("sepgsql.permissive",
"Turn on/off permissive mode in SE-PostgreSQL",
@ -400,10 +402,9 @@ _PG_init(void)
/*
* sepgsql.debug_audit = (on|off)
*
* This variable allows users to turn on/off audit logs on access
* control decisions, independent from auditallow/auditdeny setting
* in the security policy.
* We intend to use this option for debugging purpose.
* This variable allows users to turn on/off audit logs on access control
* decisions, independent from auditallow/auditdeny setting in the
* security policy. We intend to use this option for debugging purpose.
*/
DefineCustomBoolVariable("sepgsql.debug_audit",
"Turn on/off debug audit messages",
@ -419,13 +420,12 @@ _PG_init(void)
/*
* Set up dummy client label.
*
* XXX - note that PostgreSQL launches background worker process
* like autovacuum without authentication steps. So, we initialize
* sepgsql_mode with SEPGSQL_MODE_INTERNAL, and client_label with
* the security context of server process.
* Later, it also launches background of user session. In this case,
* the process is always hooked on post-authentication, and we can
* initialize the sepgsql_mode and client_label correctly.
* XXX - note that PostgreSQL launches background worker process like
* autovacuum without authentication steps. So, we initialize sepgsql_mode
* with SEPGSQL_MODE_INTERNAL, and client_label with the security context
* of server process. Later, it also launches background of user session.
* In this case, the process is always hooked on post-authentication, and
* we can initialize the sepgsql_mode and client_label correctly.
*/
if (getcon_raw(&context) < 0)
ereport(ERROR,

121
contrib/sepgsql/label.c
View File

@ -38,7 +38,7 @@
*
* security label of the client process
*/
static char *client_label = NULL;
static char *client_label = NULL;
char *
sepgsql_get_client_label(void)
@ -49,7 +49,7 @@ sepgsql_get_client_label(void)
char *
sepgsql_set_client_label(char *new_label)
{
char *old_label = client_label;
char *old_label = client_label;
client_label = new_label;
@ -66,22 +66,22 @@ sepgsql_set_client_label(char *new_label)
char *
sepgsql_get_label(Oid classId, Oid objectId, int32 subId)
{
ObjectAddress object;
char *label;
ObjectAddress object;
char *label;
object.classId = classId;
object.objectId = objectId;
object.objectSubId = subId;
object.classId = classId;
object.objectId = objectId;
object.objectSubId = subId;
label = GetSecurityLabel(&object, SEPGSQL_LABEL_TAG);
if (!label || security_check_context_raw((security_context_t)label))
if (!label || security_check_context_raw((security_context_t) label))
{
security_context_t unlabeled;
security_context_t unlabeled;
if (security_get_initial_context_raw("unlabeled", &unlabeled) < 0)
ereport(ERROR,
(errcode(ERRCODE_INTERNAL_ERROR),
errmsg("SELinux: failed to get initial security label: %m")));
errmsg("SELinux: failed to get initial security label: %m")));
PG_TRY();
{
label = pstrdup(unlabeled);
@ -107,21 +107,22 @@ void
sepgsql_object_relabel(const ObjectAddress *object, const char *seclabel)
{
/*
* validate format of the supplied security label,
* if it is security context of selinux.
* validate format of the supplied security label, if it is security
* context of selinux.
*/
if (seclabel &&
security_check_context_raw((security_context_t) seclabel) < 0)
ereport(ERROR,
(errcode(ERRCODE_INVALID_NAME),
errmsg("SELinux: invalid security label: \"%s\"", seclabel)));
errmsg("SELinux: invalid security label: \"%s\"", seclabel)));
/*
* Do actual permission checks for each object classes
*/
switch (object->classId)
{
case NamespaceRelationId:
sepgsql_schema_relabel(object->objectId, seclabel);
sepgsql_schema_relabel(object->objectId, seclabel);
break;
case RelationRelationId:
if (object->objectSubId == 0)
@ -151,7 +152,7 @@ PG_FUNCTION_INFO_V1(sepgsql_getcon);
Datum
sepgsql_getcon(PG_FUNCTION_ARGS)
{
char *client_label;
char *client_label;
if (!sepgsql_is_enabled())
PG_RETURN_NULL();
@ -171,9 +172,9 @@ PG_FUNCTION_INFO_V1(sepgsql_mcstrans_in);
Datum
sepgsql_mcstrans_in(PG_FUNCTION_ARGS)
{
text *label = PG_GETARG_TEXT_P(0);
char *raw_label;
char *result;
text *label = PG_GETARG_TEXT_P(0);
char *raw_label;
char *result;
if (!sepgsql_is_enabled())
ereport(ERROR,
@ -211,9 +212,9 @@ PG_FUNCTION_INFO_V1(sepgsql_mcstrans_out);
Datum
sepgsql_mcstrans_out(PG_FUNCTION_ARGS)
{
text *label = PG_GETARG_TEXT_P(0);
char *qual_label;
char *result;
text *label = PG_GETARG_TEXT_P(0);
char *qual_label;
char *result;
if (!sepgsql_is_enabled())
ereport(ERROR,
@ -250,8 +251,8 @@ static char *
quote_object_name(const char *src1, const char *src2,
const char *src3, const char *src4)
{
StringInfoData result;
const char *temp;
StringInfoData result;
const char *temp;
initStringInfo(&result);
@ -260,28 +261,28 @@ quote_object_name(const char *src1, const char *src2,
temp = quote_identifier(src1);
appendStringInfo(&result, "%s", temp);
if (src1 != temp)
pfree((void *)temp);
pfree((void *) temp);
}
if (src2)
{
temp = quote_identifier(src2);
appendStringInfo(&result, ".%s", temp);
if (src2 != temp)
pfree((void *)temp);
pfree((void *) temp);
}
if (src3)
{
temp = quote_identifier(src3);
appendStringInfo(&result, ".%s", temp);
if (src3 != temp)
pfree((void *)temp);
pfree((void *) temp);
}
if (src4)
{
temp = quote_identifier(src4);
appendStringInfo(&result, ".%s", temp);
if (src4 != temp)
pfree((void *)temp);
pfree((void *) temp);
}
return result.data;
}
@ -294,19 +295,19 @@ quote_object_name(const char *src1, const char *src2,
* catalog OID.
*/
static void
exec_object_restorecon(struct selabel_handle *sehnd, Oid catalogId)
exec_object_restorecon(struct selabel_handle * sehnd, Oid catalogId)
{
Relation rel;
SysScanDesc sscan;
HeapTuple tuple;
char *database_name = get_database_name(MyDatabaseId);
char *namespace_name;
Oid namespace_id;
char *relation_name;
Relation rel;
SysScanDesc sscan;
HeapTuple tuple;
char *database_name = get_database_name(MyDatabaseId);
char *namespace_name;
Oid namespace_id;
char *relation_name;
/*
* Open the target catalog. We don't want to allow writable
* accesses by other session during initial labeling.
* Open the target catalog. We don't want to allow writable accesses by
* other session during initial labeling.
*/
rel = heap_open(catalogId, AccessShareLock);
@ -314,18 +315,18 @@ exec_object_restorecon(struct selabel_handle *sehnd, Oid catalogId)
SnapshotNow, 0, NULL);
while (HeapTupleIsValid(tuple = systable_getnext(sscan)))
{
Form_pg_namespace nspForm;
Form_pg_class relForm;
Form_pg_attribute attForm;
Form_pg_proc proForm;
char *objname;
int objtype = 1234;
ObjectAddress object;
security_context_t context;
Form_pg_namespace nspForm;
Form_pg_class relForm;
Form_pg_attribute attForm;
Form_pg_proc proForm;
char *objname;
int objtype = 1234;
ObjectAddress object;
security_context_t context;
/*
* The way to determine object name depends on object classes.
* So, any branches set up `objtype', `objname' and `object' here.
* The way to determine object name depends on object classes. So, any
* branches set up `objtype', `objname' and `object' here.
*/
switch (catalogId)
{
@ -409,7 +410,7 @@ exec_object_restorecon(struct selabel_handle *sehnd, Oid catalogId)
default:
elog(ERROR, "unexpected catalog id: %u", catalogId);
objname = NULL; /* for compiler quiet */
objname = NULL; /* for compiler quiet */
break;
}
@ -464,8 +465,8 @@ PG_FUNCTION_INFO_V1(sepgsql_restorecon);
Datum
sepgsql_restorecon(PG_FUNCTION_ARGS)
{
struct selabel_handle *sehnd;
struct selinux_opt seopts;
struct selabel_handle *sehnd;
struct selinux_opt seopts;
/*
* SELinux has to be enabled on the running platform.
@ -474,19 +475,19 @@ sepgsql_restorecon(PG_FUNCTION_ARGS)
ereport(ERROR,
(errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
errmsg("sepgsql is not currently enabled")));
/*
* Check DAC permission. Only superuser can set up initial
* security labels, like root-user in filesystems
* Check DAC permission. Only superuser can set up initial security
* labels, like root-user in filesystems
*/
if (!superuser())
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
errmsg("SELinux: must be superuser to restore initial contexts")));
errmsg("SELinux: must be superuser to restore initial contexts")));
/*
* Open selabel_lookup(3) stuff. It provides a set of mapping
* between an initial security label and object class/name due
* to the system setting.
* Open selabel_lookup(3) stuff. It provides a set of mapping between an
* initial security label and object class/name due to the system setting.
*/
if (PG_ARGISNULL(0))
{
@ -502,12 +503,12 @@ sepgsql_restorecon(PG_FUNCTION_ARGS)
if (!sehnd)
ereport(ERROR,
(errcode(ERRCODE_INTERNAL_ERROR),
errmsg("SELinux: failed to initialize labeling handle: %m")));
errmsg("SELinux: failed to initialize labeling handle: %m")));
PG_TRY();
{
/*
* Right now, we have no support labeling on the shared
* database objects, such as database, role, or tablespace.
* Right now, we have no support labeling on the shared database
* objects, such as database, role, or tablespace.
*/
exec_object_restorecon(sehnd, NamespaceRelationId);
exec_object_restorecon(sehnd, RelationRelationId);
@ -519,7 +520,7 @@ sepgsql_restorecon(PG_FUNCTION_ARGS)
selabel_close(sehnd);
PG_RE_THROW();
}
PG_END_TRY();
PG_END_TRY();
selabel_close(sehnd);

28
contrib/sepgsql/proc.c
View File

@ -33,15 +33,15 @@
void
sepgsql_proc_post_create(Oid functionId)
{
Relation rel;
ScanKeyData skey;
SysScanDesc sscan;
HeapTuple tuple;
Oid namespaceId;
ObjectAddress object;
char *scontext;
char *tcontext;
char *ncontext;
Relation rel;
ScanKeyData skey;
SysScanDesc sscan;
HeapTuple tuple;
Oid namespaceId;
ObjectAddress object;
char *scontext;
char *tcontext;
char *ncontext;
/*
* Fetch namespace of the new procedure. Because pg_proc entry is not
@ -67,8 +67,8 @@ sepgsql_proc_post_create(Oid functionId)
heap_close(rel, AccessShareLock);
/*
* Compute a default security label when we create a new procedure
* object under the specified namespace.
* Compute a default security label when we create a new procedure object
* under the specified namespace.
*/
scontext = sepgsql_get_client_label();
tcontext = sepgsql_get_label(NamespaceRelationId, namespaceId, 0);
@ -144,9 +144,9 @@ sepgsql_proc_relabel(Oid functionId, const char *seclabel)
char *
sepgsql_proc_get_domtrans(Oid functionId)
{
char *scontext = sepgsql_get_client_label();
char *tcontext;
char *ncontext;
char *scontext = sepgsql_get_client_label();
char *tcontext;
char *ncontext;
tcontext = sepgsql_get_label(ProcedureRelationId, functionId, 0);

55
contrib/sepgsql/relation.c
View File

@ -36,26 +36,27 @@
void
sepgsql_attribute_post_create(Oid relOid, AttrNumber attnum)
{
char *scontext = sepgsql_get_client_label();
char *tcontext;
char *ncontext;
ObjectAddress object;
char *scontext = sepgsql_get_client_label();
char *tcontext;
char *ncontext;
ObjectAddress object;
/*
* Only attributes within regular relation have individual
* security labels.
* Only attributes within regular relation have individual security
* labels.
*/
if (get_rel_relkind(relOid) != RELKIND_RELATION)
return;
/*
* Compute a default security label when we create a new procedure
* object under the specified namespace.
* Compute a default security label when we create a new procedure object
* under the specified namespace.
*/
scontext = sepgsql_get_client_label();
tcontext = sepgsql_get_label(RelationRelationId, relOid, 0);
ncontext = sepgsql_compute_create(scontext, tcontext,
SEPG_CLASS_DB_COLUMN);
/*
* Assign the default security label on a new procedure
*/
@ -81,7 +82,7 @@ sepgsql_attribute_relabel(Oid relOid, AttrNumber attnum,
char *scontext = sepgsql_get_client_label();
char *tcontext;
char *audit_name;
ObjectAddress object;
ObjectAddress object;
if (get_rel_relkind(relOid) != RELKIND_RELATION)
ereport(ERROR,
@ -127,21 +128,21 @@ sepgsql_attribute_relabel(Oid relOid, AttrNumber attnum,
void
sepgsql_relation_post_create(Oid relOid)
{
Relation rel;
ScanKeyData skey;
SysScanDesc sscan;
HeapTuple tuple;
Form_pg_class classForm;
ObjectAddress object;
uint16 tclass;
char *scontext; /* subject */
char *tcontext; /* schema */
char *rcontext; /* relation */
char *ccontext; /* column */
Relation rel;
ScanKeyData skey;
SysScanDesc sscan;
HeapTuple tuple;
Form_pg_class classForm;
ObjectAddress object;
uint16 tclass;
char *scontext; /* subject */
char *tcontext; /* schema */
char *rcontext; /* relation */
char *ccontext; /* column */
/*
* Fetch catalog record of the new relation. Because pg_class entry is
* not visible right now, we need to scan the catalog using SnapshotSelf.
* Fetch catalog record of the new relation. Because pg_class entry is not
* visible right now, we need to scan the catalog using SnapshotSelf.
*/
rel = heap_open(RelationRelationId, AccessShareLock);
@ -166,11 +167,11 @@ sepgsql_relation_post_create(Oid relOid)
else if (classForm->relkind == RELKIND_VIEW)
tclass = SEPG_CLASS_DB_VIEW;
else
goto out; /* No need to assign individual labels */
goto out; /* No need to assign individual labels */
/*
* Compute a default security label when we create a new relation
* object under the specified namespace.
* Compute a default security label when we create a new relation object
* under the specified namespace.
*/
scontext = sepgsql_get_client_label();
tcontext = sepgsql_get_label(NamespaceRelationId,
@ -186,8 +187,8 @@ sepgsql_relation_post_create(Oid relOid)
SetSecurityLabel(&object, SEPGSQL_LABEL_TAG, rcontext);
/*
* We also assigns a default security label on columns of the new
* regular tables.
* We also assigns a default security label on columns of the new regular
* tables.
*/
if (classForm->relkind == RELKIND_RELATION)
{

18
contrib/sepgsql/schema.c
View File

@ -26,21 +26,21 @@
void
sepgsql_schema_post_create(Oid namespaceId)
{
char *scontext = sepgsql_get_client_label();
char *tcontext;
char *ncontext;
ObjectAddress object;
char *scontext = sepgsql_get_client_label();
char *tcontext;
char *ncontext;
ObjectAddress object;
/*
* FIXME: Right now, we assume pg_database object has a fixed
* security label, because pg_seclabel does not support to store
* label of shared database objects.
* FIXME: Right now, we assume pg_database object has a fixed security
* label, because pg_seclabel does not support to store label of shared
* database objects.
*/
tcontext = "system_u:object_r:sepgsql_db_t:s0";
/*
* Compute a default security label when we create a new schema
* object under the working database.
* Compute a default security label when we create a new schema object
* under the working database.
*/
ncontext = sepgsql_compute_create(scontext, tcontext,
SEPG_CLASS_DB_SCHEMA);

740
contrib/sepgsql/selinux.c
View File

@ -29,255 +29,563 @@
*/
static struct
{
const char *class_name;
uint16 class_code;
const char *class_name;
uint16 class_code;
struct
{
const char *av_name;
uint32 av_code;
} av[32];
} selinux_catalog[] = {
const char *av_name;
uint32 av_code;
} av[32];
} selinux_catalog[] =
{
{
"process", SEPG_CLASS_PROCESS,
"process", SEPG_CLASS_PROCESS,
{
{ "transition", SEPG_PROCESS__TRANSITION },
{ NULL, 0UL }
{
"transition", SEPG_PROCESS__TRANSITION
},
{
NULL, 0UL
}
}
},
{
"file", SEPG_CLASS_FILE,
"file", SEPG_CLASS_FILE,
{
{ "read", SEPG_FILE__READ },
{ "write", SEPG_FILE__WRITE },
{ "create", SEPG_FILE__CREATE },
{ "getattr", SEPG_FILE__GETATTR },
{ "unlink", SEPG_FILE__UNLINK },
{ "rename", SEPG_FILE__RENAME },
{ "append", SEPG_FILE__APPEND },
{ NULL, 0UL }
{
"read", SEPG_FILE__READ
},
{
"write", SEPG_FILE__WRITE
},
{
"create", SEPG_FILE__CREATE
},
{
"getattr", SEPG_FILE__GETATTR
},
{
"unlink", SEPG_FILE__UNLINK
},
{
"rename", SEPG_FILE__RENAME
},
{
"append", SEPG_FILE__APPEND
},
{
NULL, 0UL
}
}
},
{
"dir", SEPG_CLASS_DIR,
"dir", SEPG_CLASS_DIR,
{
{ "read", SEPG_DIR__READ },
{ "write", SEPG_DIR__WRITE },
{ "create", SEPG_DIR__CREATE },
{ "getattr", SEPG_DIR__GETATTR },
{ "unlink", SEPG_DIR__UNLINK },
{ "rename", SEPG_DIR__RENAME },
{ "search", SEPG_DIR__SEARCH },
{ "add_name", SEPG_DIR__ADD_NAME },
{ "remove_name", SEPG_DIR__REMOVE_NAME },
{ "rmdir", SEPG_DIR__RMDIR },
{ "reparent", SEPG_DIR__REPARENT },
{ NULL, 0UL }
{
"read", SEPG_DIR__READ
},
{
"write", SEPG_DIR__WRITE
},
{
"create", SEPG_DIR__CREATE
},
{
"getattr", SEPG_DIR__GETATTR
},
{
"unlink", SEPG_DIR__UNLINK
},
{
"rename", SEPG_DIR__RENAME
},
{
"search", SEPG_DIR__SEARCH
},
{
"add_name", SEPG_DIR__ADD_NAME
},
{
"remove_name", SEPG_DIR__REMOVE_NAME
},
{
"rmdir", SEPG_DIR__RMDIR
},
{
"reparent", SEPG_DIR__REPARENT
},
{
NULL, 0UL
}
}
},
{
"lnk_file", SEPG_CLASS_LNK_FILE,
"lnk_file", SEPG_CLASS_LNK_FILE,
{
{ "read", SEPG_LNK_FILE__READ },
{ "write", SEPG_LNK_FILE__WRITE },
{ "create", SEPG_LNK_FILE__CREATE },
{ "getattr", SEPG_LNK_FILE__GETATTR },
{ "unlink", SEPG_LNK_FILE__UNLINK },
{ "rename", SEPG_LNK_FILE__RENAME },
{ NULL, 0UL }
{
"read", SEPG_LNK_FILE__READ
},
{
"write", SEPG_LNK_FILE__WRITE
},
{
"create", SEPG_LNK_FILE__CREATE
},
{
"getattr", SEPG_LNK_FILE__GETATTR
},
{
"unlink", SEPG_LNK_FILE__UNLINK
},
{
"rename", SEPG_LNK_FILE__RENAME
},
{
NULL, 0UL
}
}
},
{
"chr_file", SEPG_CLASS_CHR_FILE,
"chr_file", SEPG_CLASS_CHR_FILE,
{
{ "read", SEPG_CHR_FILE__READ },
{ "write", SEPG_CHR_FILE__WRITE },
{ "create", SEPG_CHR_FILE__CREATE },
{ "getattr", SEPG_CHR_FILE__GETATTR },
{ "unlink", SEPG_CHR_FILE__UNLINK },
{ "rename", SEPG_CHR_FILE__RENAME },
{ NULL, 0UL }
{
"read", SEPG_CHR_FILE__READ
},
{
"write", SEPG_CHR_FILE__WRITE
},
{
"create", SEPG_CHR_FILE__CREATE
},
{
"getattr", SEPG_CHR_FILE__GETATTR
},
{
"unlink", SEPG_CHR_FILE__UNLINK
},
{
"rename", SEPG_CHR_FILE__RENAME
},
{
NULL, 0UL
}
}
},
{
"blk_file", SEPG_CLASS_BLK_FILE,
"blk_file", SEPG_CLASS_BLK_FILE,
{
{ "read", SEPG_BLK_FILE__READ },
{ "write", SEPG_BLK_FILE__WRITE },
{ "create", SEPG_BLK_FILE__CREATE },
{ "getattr", SEPG_BLK_FILE__GETATTR },
{ "unlink", SEPG_BLK_FILE__UNLINK },
{ "rename", SEPG_BLK_FILE__RENAME },
{ NULL, 0UL }
{
"read", SEPG_BLK_FILE__READ
},
{
"write", SEPG_BLK_FILE__WRITE
},
{
"create", SEPG_BLK_FILE__CREATE
},
{
"getattr", SEPG_BLK_FILE__GETATTR
},
{
"unlink", SEPG_BLK_FILE__UNLINK
},
{
"rename", SEPG_BLK_FILE__RENAME
},
{
NULL, 0UL
}
}
},
{
"sock_file", SEPG_CLASS_SOCK_FILE,
"sock_file", SEPG_CLASS_SOCK_FILE,
{
{ "read", SEPG_SOCK_FILE__READ },
{ "write", SEPG_SOCK_FILE__WRITE },
{ "create", SEPG_SOCK_FILE__CREATE },
{ "getattr", SEPG_SOCK_FILE__GETATTR },
{ "unlink", SEPG_SOCK_FILE__UNLINK },
{ "rename", SEPG_SOCK_FILE__RENAME },
{ NULL, 0UL }
{
"read", SEPG_SOCK_FILE__READ
},
{
"write", SEPG_SOCK_FILE__WRITE
},
{
"create", SEPG_SOCK_FILE__CREATE
},
{
"getattr", SEPG_SOCK_FILE__GETATTR
},
{
"unlink", SEPG_SOCK_FILE__UNLINK
},
{
"rename", SEPG_SOCK_FILE__RENAME
},
{
NULL, 0UL
}
}
},
{
"fifo_file", SEPG_CLASS_FIFO_FILE,
"fifo_file", SEPG_CLASS_FIFO_FILE,
{
{ "read", SEPG_FIFO_FILE__READ },
{ "write", SEPG_FIFO_FILE__WRITE },
{ "create", SEPG_FIFO_FILE__CREATE },
{ "getattr", SEPG_FIFO_FILE__GETATTR },
{ "unlink", SEPG_FIFO_FILE__UNLINK },
{ "rename", SEPG_FIFO_FILE__RENAME },
{ NULL, 0UL }
{
"read", SEPG_FIFO_FILE__READ
},
{
"write", SEPG_FIFO_FILE__WRITE
},
{
"create", SEPG_FIFO_FILE__CREATE
},
{
"getattr", SEPG_FIFO_FILE__GETATTR
},
{
"unlink", SEPG_FIFO_FILE__UNLINK
},
{
"rename", SEPG_FIFO_FILE__RENAME
},
{
NULL, 0UL
}
}
},
{
"db_database", SEPG_CLASS_DB_DATABASE,
"db_database", SEPG_CLASS_DB_DATABASE,
{
{ "create", SEPG_DB_DATABASE__CREATE },
{ "drop", SEPG_DB_DATABASE__DROP },
{ "getattr", SEPG_DB_DATABASE__GETATTR },
{ "setattr", SEPG_DB_DATABASE__SETATTR },
{ "relabelfrom", SEPG_DB_DATABASE__RELABELFROM },
{ "relabelto", SEPG_DB_DATABASE__RELABELTO },
{ "access", SEPG_DB_DATABASE__ACCESS },
{ "load_module", SEPG_DB_DATABASE__LOAD_MODULE },
{ NULL, 0UL },
{
"create", SEPG_DB_DATABASE__CREATE
},
{
"drop", SEPG_DB_DATABASE__DROP
},
{
"getattr", SEPG_DB_DATABASE__GETATTR
},
{
"setattr", SEPG_DB_DATABASE__SETATTR
},
{
"relabelfrom", SEPG_DB_DATABASE__RELABELFROM
},
{
"relabelto", SEPG_DB_DATABASE__RELABELTO
},
{
"access", SEPG_DB_DATABASE__ACCESS
},
{
"load_module", SEPG_DB_DATABASE__LOAD_MODULE
},
{
NULL, 0UL
},
}
},
{
"db_schema", SEPG_CLASS_DB_SCHEMA,
"db_schema", SEPG_CLASS_DB_SCHEMA,
{
{ "create", SEPG_DB_SCHEMA__CREATE },
{ "drop", SEPG_DB_SCHEMA__DROP },
{ "getattr", SEPG_DB_SCHEMA__GETATTR },
{ "setattr", SEPG_DB_SCHEMA__SETATTR },
{ "relabelfrom", SEPG_DB_SCHEMA__RELABELFROM },
{ "relabelto", SEPG_DB_SCHEMA__RELABELTO },
{ "search", SEPG_DB_SCHEMA__SEARCH },
{ "add_name", SEPG_DB_SCHEMA__ADD_NAME },
{ "remove_name", SEPG_DB_SCHEMA__REMOVE_NAME },
{ NULL, 0UL },
{
"create", SEPG_DB_SCHEMA__CREATE
},
{
"drop", SEPG_DB_SCHEMA__DROP
},
{
"getattr", SEPG_DB_SCHEMA__GETATTR
},
{
"setattr", SEPG_DB_SCHEMA__SETATTR
},
{
"relabelfrom", SEPG_DB_SCHEMA__RELABELFROM
},
{
"relabelto", SEPG_DB_SCHEMA__RELABELTO
},
{
"search", SEPG_DB_SCHEMA__SEARCH
},
{
"add_name", SEPG_DB_SCHEMA__ADD_NAME
},
{
"remove_name", SEPG_DB_SCHEMA__REMOVE_NAME
},
{
NULL, 0UL
},
}
},
{
"db_table", SEPG_CLASS_DB_TABLE,
"db_table", SEPG_CLASS_DB_TABLE,
{
{ "create", SEPG_DB_TABLE__CREATE },
{ "drop", SEPG_DB_TABLE__DROP },
{ "getattr", SEPG_DB_TABLE__GETATTR },
{ "setattr", SEPG_DB_TABLE__SETATTR },
{ "relabelfrom", SEPG_DB_TABLE__RELABELFROM },
{ "relabelto", SEPG_DB_TABLE__RELABELTO },
{ "select", SEPG_DB_TABLE__SELECT },
{ "update", SEPG_DB_TABLE__UPDATE },
{ "insert", SEPG_DB_TABLE__INSERT },
{ "delete", SEPG_DB_TABLE__DELETE },
{ "lock", SEPG_DB_TABLE__LOCK },
{ NULL, 0UL },
{
"create", SEPG_DB_TABLE__CREATE
},
{
"drop", SEPG_DB_TABLE__DROP
},
{
"getattr", SEPG_DB_TABLE__GETATTR
},
{
"setattr", SEPG_DB_TABLE__SETATTR
},
{
"relabelfrom", SEPG_DB_TABLE__RELABELFROM
},
{
"relabelto", SEPG_DB_TABLE__RELABELTO
},
{
"select", SEPG_DB_TABLE__SELECT
},
{
"update", SEPG_DB_TABLE__UPDATE
},
{
"insert", SEPG_DB_TABLE__INSERT
},
{
"delete", SEPG_DB_TABLE__DELETE
},
{
"lock", SEPG_DB_TABLE__LOCK
},
{
NULL, 0UL
},
}
},
{
"db_sequence", SEPG_CLASS_DB_SEQUENCE,
"db_sequence", SEPG_CLASS_DB_SEQUENCE,
{
{ "create", SEPG_DB_SEQUENCE__CREATE },
{ "drop", SEPG_DB_SEQUENCE__DROP },
{ "getattr", SEPG_DB_SEQUENCE__GETATTR },
{ "setattr", SEPG_DB_SEQUENCE__SETATTR },
{ "relabelfrom", SEPG_DB_SEQUENCE__RELABELFROM },
{ "relabelto", SEPG_DB_SEQUENCE__RELABELTO },
{ "get_value", SEPG_DB_SEQUENCE__GET_VALUE },
{ "next_value", SEPG_DB_SEQUENCE__NEXT_VALUE },
{ "set_value", SEPG_DB_SEQUENCE__SET_VALUE },
{ NULL, 0UL },
{
"create", SEPG_DB_SEQUENCE__CREATE
},
{
"drop", SEPG_DB_SEQUENCE__DROP
},
{
"getattr", SEPG_DB_SEQUENCE__GETATTR
},
{
"setattr", SEPG_DB_SEQUENCE__SETATTR
},
{
"relabelfrom", SEPG_DB_SEQUENCE__RELABELFROM
},
{
"relabelto", SEPG_DB_SEQUENCE__RELABELTO
},
{
"get_value", SEPG_DB_SEQUENCE__GET_VALUE
},
{
"next_value", SEPG_DB_SEQUENCE__NEXT_VALUE
},
{
"set_value", SEPG_DB_SEQUENCE__SET_VALUE
},
{
NULL, 0UL
},
}
},
{
"db_procedure", SEPG_CLASS_DB_PROCEDURE,
"db_procedure", SEPG_CLASS_DB_PROCEDURE,
{
{ "create", SEPG_DB_PROCEDURE__CREATE },
{ "drop", SEPG_DB_PROCEDURE__DROP },
{ "getattr", SEPG_DB_PROCEDURE__GETATTR },
{ "setattr", SEPG_DB_PROCEDURE__SETATTR },
{ "relabelfrom", SEPG_DB_PROCEDURE__RELABELFROM },
{ "relabelto", SEPG_DB_PROCEDURE__RELABELTO },
{ "execute", SEPG_DB_PROCEDURE__EXECUTE },
{ "entrypoint", SEPG_DB_PROCEDURE__ENTRYPOINT },
{ "install", SEPG_DB_PROCEDURE__INSTALL },
{ NULL, 0UL },
{
"create", SEPG_DB_PROCEDURE__CREATE
},
{
"drop", SEPG_DB_PROCEDURE__DROP
},
{
"getattr", SEPG_DB_PROCEDURE__GETATTR
},
{
"setattr", SEPG_DB_PROCEDURE__SETATTR
},
{
"relabelfrom", SEPG_DB_PROCEDURE__RELABELFROM
},
{
"relabelto", SEPG_DB_PROCEDURE__RELABELTO
},
{
"execute", SEPG_DB_PROCEDURE__EXECUTE
},
{
"entrypoint", SEPG_DB_PROCEDURE__ENTRYPOINT
},
{
"install", SEPG_DB_PROCEDURE__INSTALL
},
{
NULL, 0UL
},
}
},
{
"db_column", SEPG_CLASS_DB_COLUMN,
"db_column", SEPG_CLASS_DB_COLUMN,
{
{ "create", SEPG_DB_COLUMN__CREATE },
{ "drop", SEPG_DB_COLUMN__DROP },
{ "getattr", SEPG_DB_COLUMN__GETATTR },
{ "setattr", SEPG_DB_COLUMN__SETATTR },
{ "relabelfrom", SEPG_DB_COLUMN__RELABELFROM },
{ "relabelto", SEPG_DB_COLUMN__RELABELTO },
{ "select", SEPG_DB_COLUMN__SELECT },
{ "update", SEPG_DB_COLUMN__UPDATE },
{ "insert", SEPG_DB_COLUMN__INSERT },
{ NULL, 0UL },
{
"create", SEPG_DB_COLUMN__CREATE
},
{
"drop", SEPG_DB_COLUMN__DROP
},
{
"getattr", SEPG_DB_COLUMN__GETATTR
},
{
"setattr", SEPG_DB_COLUMN__SETATTR
},
{
"relabelfrom", SEPG_DB_COLUMN__RELABELFROM
},
{
"relabelto", SEPG_DB_COLUMN__RELABELTO
},
{
"select", SEPG_DB_COLUMN__SELECT
},
{
"update", SEPG_DB_COLUMN__UPDATE
},
{
"insert", SEPG_DB_COLUMN__INSERT
},
{
NULL, 0UL
},
}
},
{
"db_tuple", SEPG_CLASS_DB_TUPLE,
"db_tuple", SEPG_CLASS_DB_TUPLE,
{
{ "relabelfrom", SEPG_DB_TUPLE__RELABELFROM },
{ "relabelto", SEPG_DB_TUPLE__RELABELTO },
{ "select", SEPG_DB_TUPLE__SELECT },
{ "update", SEPG_DB_TUPLE__UPDATE },
{ "insert", SEPG_DB_TUPLE__INSERT },
{ "delete", SEPG_DB_TUPLE__DELETE },
{ NULL, 0UL },
{
"relabelfrom", SEPG_DB_TUPLE__RELABELFROM
},
{
"relabelto", SEPG_DB_TUPLE__RELABELTO
},
{
"select", SEPG_DB_TUPLE__SELECT
},
{
"update", SEPG_DB_TUPLE__UPDATE
},
{
"insert", SEPG_DB_TUPLE__INSERT
},
{
"delete", SEPG_DB_TUPLE__DELETE
},
{
NULL, 0UL
},
}
},
{
"db_blob", SEPG_CLASS_DB_BLOB,
"db_blob", SEPG_CLASS_DB_BLOB,
{
{ "create", SEPG_DB_BLOB__CREATE },
{ "drop", SEPG_DB_BLOB__DROP },
{ "getattr", SEPG_DB_BLOB__GETATTR },
{ "setattr", SEPG_DB_BLOB__SETATTR },
{ "relabelfrom", SEPG_DB_BLOB__RELABELFROM },
{ "relabelto", SEPG_DB_BLOB__RELABELTO },
{ "read", SEPG_DB_BLOB__READ },
{ "write", SEPG_DB_BLOB__WRITE },
{ "import", SEPG_DB_BLOB__IMPORT },
{ "export", SEPG_DB_BLOB__EXPORT },
{ NULL, 0UL },
{
"create", SEPG_DB_BLOB__CREATE
},
{
"drop", SEPG_DB_BLOB__DROP
},
{
"getattr", SEPG_DB_BLOB__GETATTR
},
{
"setattr", SEPG_DB_BLOB__SETATTR
},
{
"relabelfrom", SEPG_DB_BLOB__RELABELFROM
},
{
"relabelto", SEPG_DB_BLOB__RELABELTO
},
{
"read", SEPG_DB_BLOB__READ
},
{
"write", SEPG_DB_BLOB__WRITE
},
{
"import", SEPG_DB_BLOB__IMPORT
},
{
"export", SEPG_DB_BLOB__EXPORT
},
{
NULL, 0UL
},
}
},
{
"db_language", SEPG_CLASS_DB_LANGUAGE,
"db_language", SEPG_CLASS_DB_LANGUAGE,
{
{ "create", SEPG_DB_LANGUAGE__CREATE },
{ "drop", SEPG_DB_LANGUAGE__DROP },
{ "getattr", SEPG_DB_LANGUAGE__GETATTR },
{ "setattr", SEPG_DB_LANGUAGE__SETATTR },
{ "relabelfrom", SEPG_DB_LANGUAGE__RELABELFROM },
{ "relabelto", SEPG_DB_LANGUAGE__RELABELTO },
{ "implement", SEPG_DB_LANGUAGE__IMPLEMENT },
{ "execute", SEPG_DB_LANGUAGE__EXECUTE },
{ NULL, 0UL },
{
"create", SEPG_DB_LANGUAGE__CREATE
},
{
"drop", SEPG_DB_LANGUAGE__DROP
},
{
"getattr", SEPG_DB_LANGUAGE__GETATTR
},
{
"setattr", SEPG_DB_LANGUAGE__SETATTR
},
{
"relabelfrom", SEPG_DB_LANGUAGE__RELABELFROM
},
{
"relabelto", SEPG_DB_LANGUAGE__RELABELTO
},
{
"implement", SEPG_DB_LANGUAGE__IMPLEMENT
},
{
"execute", SEPG_DB_LANGUAGE__EXECUTE
},
{
NULL, 0UL
},
}
},
{
"db_view", SEPG_CLASS_DB_VIEW,
"db_view", SEPG_CLASS_DB_VIEW,
{
{ "create", SEPG_DB_VIEW__CREATE },
{ "drop", SEPG_DB_VIEW__DROP },
{ "getattr", SEPG_DB_VIEW__GETATTR },
{ "setattr", SEPG_DB_VIEW__SETATTR },
{ "relabelfrom", SEPG_DB_VIEW__RELABELFROM },
{ "relabelto", SEPG_DB_VIEW__RELABELTO },
{ "expand", SEPG_DB_VIEW__EXPAND },
{ NULL, 0UL },
{
"create", SEPG_DB_VIEW__CREATE
},
{
"drop", SEPG_DB_VIEW__DROP
},
{
"getattr", SEPG_DB_VIEW__GETATTR
},
{
"setattr", SEPG_DB_VIEW__SETATTR
},
{
"relabelfrom", SEPG_DB_VIEW__RELABELFROM
},
{
"relabelto", SEPG_DB_VIEW__RELABELTO
},
{
"expand", SEPG_DB_VIEW__EXPAND
},
{
NULL, 0UL
},
}
},
};
@ -316,7 +624,7 @@ sepgsql_get_mode(void)
int
sepgsql_set_mode(int new_mode)
{
int old_mode = sepgsql_mode;
int old_mode = sepgsql_mode;
sepgsql_mode = new_mode;
@ -367,10 +675,10 @@ sepgsql_audit_log(bool denied,
uint32 audited,
const char *audit_name)
{
StringInfoData buf;
const char *class_name;
const char *av_name;
int i;
StringInfoData buf;
const char *class_name;
const char *av_name;
int i;
/* lookup name of the object class */
Assert(tclass < SEPG_CLASS_MAX);
@ -380,7 +688,7 @@ sepgsql_audit_log(bool denied,
initStringInfo(&buf);
appendStringInfo(&buf, "%s {",
(denied ? "denied" : "allowed"));
for (i=0; selinux_catalog[tclass].av[i].av_name; i++)
for (i = 0; selinux_catalog[tclass].av[i].av_name; i++)
{
if (audited & (1UL << i))
{
@ -418,14 +726,15 @@ void
sepgsql_compute_avd(const char *scontext,
const char *tcontext,
uint16 tclass,
struct av_decision *avd)
struct av_decision * avd)
{
const char *tclass_name;
security_class_t tclass_ex;
struct av_decision avd_ex;
int i, deny_unknown = security_deny_unknown();
const char *tclass_name;
security_class_t tclass_ex;
struct av_decision avd_ex;
int i,
deny_unknown = security_deny_unknown();
/* Get external code of the object class*/
/* Get external code of the object class */
Assert(tclass < SEPG_CLASS_MAX);
Assert(tclass == selinux_catalog[tclass].class_code);
@ -436,14 +745,13 @@ sepgsql_compute_avd(const char *scontext,
{
/*
* If the current security policy does not support permissions
* corresponding to database objects, we fill up them with dummy
* data.
* corresponding to database objects, we fill up them with dummy data.
* If security_deny_unknown() returns positive value, undefined
* permissions should be denied. Otherwise, allowed
*/
avd->allowed = (security_deny_unknown() > 0 ? 0 : ~0);
avd->auditallow = 0U;
avd->auditdeny = ~0U;
avd->auditdeny = ~0U;
avd->flags = 0;
return;
@ -453,8 +761,8 @@ sepgsql_compute_avd(const char *scontext,
* Ask SELinux what is allowed set of permissions on a pair of the
* security contexts and the given object class.
*/
if (security_compute_av_flags_raw((security_context_t)scontext,
(security_context_t)tcontext,
if (security_compute_av_flags_raw((security_context_t) scontext,
(security_context_t) tcontext,
tclass_ex, 0, &avd_ex) < 0)
ereport(ERROR,
(errcode(ERRCODE_INTERNAL_ERROR),
@ -464,17 +772,17 @@ sepgsql_compute_avd(const char *scontext,
/*
* SELinux returns its access control decision as a set of permissions
* represented in external code which depends on run-time environment.
* So, we need to translate it to the internal representation before
* returning results for the caller.
* represented in external code which depends on run-time environment. So,
* we need to translate it to the internal representation before returning
* results for the caller.
*/
memset(avd, 0, sizeof(struct av_decision));
for (i=0; selinux_catalog[tclass].av[i].av_name; i++)
for (i = 0; selinux_catalog[tclass].av[i].av_name; i++)
{
access_vector_t av_code_ex;
const char *av_name = selinux_catalog[tclass].av[i].av_name;
uint32 av_code = selinux_catalog[tclass].av[i].av_code;
access_vector_t av_code_ex;
const char *av_name = selinux_catalog[tclass].av[i].av_name;
uint32 av_code = selinux_catalog[tclass].av[i].av_code;
av_code_ex = string_to_av_perm(tclass_ex, av_name);
if (av_code_ex == 0)
@ -524,23 +832,23 @@ sepgsql_compute_create(const char *scontext,
const char *tcontext,
uint16 tclass)
{
security_context_t ncontext;
security_class_t tclass_ex;
const char *tclass_name;
char *result;
security_context_t ncontext;
security_class_t tclass_ex;
const char *tclass_name;
char *result;
/* Get external code of the object class*/
/* Get external code of the object class */
Assert(tclass < SEPG_CLASS_MAX);
tclass_name = selinux_catalog[tclass].class_name;
tclass_ex = string_to_security_class(tclass_name);
/*
* Ask SELinux what is the default context for the given object class
* on a pair of security contexts
* Ask SELinux what is the default context for the given object class on a
* pair of security contexts
*/
if (security_compute_create_raw((security_context_t)scontext,
(security_context_t)tcontext,
if (security_compute_create_raw((security_context_t) scontext,
(security_context_t) tcontext,
tclass_ex, &ncontext) < 0)
ereport(ERROR,
(errcode(ERRCODE_INTERNAL_ERROR),
@ -549,8 +857,8 @@ sepgsql_compute_create(const char *scontext,
scontext, tcontext, tclass_name)));
/*
* libselinux returns malloc()'ed string, so we need to copy it
* on the palloc()'ed region.
* libselinux returns malloc()'ed string, so we need to copy it on the
* palloc()'ed region.
*/
PG_TRY();
{
@ -589,7 +897,7 @@ sepgsql_check_perms(const char *scontext,
const char *audit_name,
bool abort)
{
struct av_decision avd;
struct av_decision avd;
uint32 denied;
uint32 audited;
bool result = true;
@ -602,7 +910,7 @@ sepgsql_check_perms(const char *scontext,
audited = (denied ? denied : required);
else
audited = (denied ? (denied & avd.auditdeny)
: (required & avd.auditallow));
: (required & avd.auditallow));
if (denied &&
sepgsql_getenforce() > 0 &&
@ -610,8 +918,8 @@ sepgsql_check_perms(const char *scontext,
result = false;
/*
* It records a security audit for the request, if needed.
* But, when SE-PgSQL performs 'internal' mode, it needs to keep silent.
* It records a security audit for the request, if needed. But, when
* SE-PgSQL performs 'internal' mode, it needs to keep silent.
*/
if (audited && sepgsql_mode != SEPGSQL_MODE_INTERNAL)
{

41
contrib/sepgsql/sepgsql.h
View File

@ -218,33 +218,34 @@ extern bool sepgsql_get_debug_audit(void);
/*
* selinux.c
*/
extern bool sepgsql_is_enabled(void);
extern bool sepgsql_is_enabled(void);
extern int sepgsql_get_mode(void);
extern int sepgsql_set_mode(int new_mode);
extern bool sepgsql_getenforce(void);
extern void sepgsql_audit_log(bool denied,
const char *scontext,
const char *tcontext,
uint16 tclass,
uint32 audited,
const char *audit_name);
const char *scontext,
const char *tcontext,
uint16 tclass,
uint32 audited,
const char *audit_name);
extern void sepgsql_compute_avd(const char *scontext,
const char *tcontext,
uint16 tclass,
struct av_decision *avd);
const char *tcontext,
uint16 tclass,
struct av_decision * avd);
extern char *sepgsql_compute_create(const char *scontext,
const char *tcontext,
uint16 tclass);
const char *tcontext,
uint16 tclass);
extern bool sepgsql_check_perms(const char *scontext,
const char *tcontext,
uint16 tclass,
uint32 required,
const char *audit_name,
bool abort);
const char *tcontext,
uint16 tclass,
uint32 required,
const char *audit_name,
bool abort);
/*
* label.c
*/
@ -252,8 +253,8 @@ extern char *sepgsql_get_client_label(void);
extern char *sepgsql_set_client_label(char *new_label);
extern char *sepgsql_get_label(Oid relOid, Oid objOid, int32 subId);
extern void sepgsql_object_relabel(const ObjectAddress *object,
const char *seclabel);
extern void sepgsql_object_relabel(const ObjectAddress *object,
const char *seclabel);
extern Datum sepgsql_getcon(PG_FUNCTION_ARGS);
extern Datum sepgsql_mcstrans_in(PG_FUNCTION_ARGS);
@ -276,7 +277,7 @@ extern void sepgsql_schema_relabel(Oid namespaceId, const char *seclabel);
*/
extern void sepgsql_attribute_post_create(Oid relOid, AttrNumber attnum);
extern void sepgsql_attribute_relabel(Oid relOid, AttrNumber attnum,
const char *seclabel);
const char *seclabel);
extern void sepgsql_relation_post_create(Oid relOid);
extern void sepgsql_relation_relabel(Oid relOid, const char *seclabel);
@ -287,4 +288,4 @@ extern void sepgsql_proc_post_create(Oid functionId);
extern void sepgsql_proc_relabel(Oid functionId, const char *seclabel);
extern char *sepgsql_proc_get_domtrans(Oid functionId);
#endif /* SEPGSQL_H */
#endif /* SEPGSQL_H */