sepgsql: Check CREATE permissions for some object types.

KaiGai Kohei, reviewed by Dimitri Fontaine and me.
2025-07-28 23:42:10 +03:00 · 2011-12-21 09:12:43 -05:00
parent 7f0e4bb82e
commit e1042a3484
10 changed files with 606 additions and 83 deletions
--- a/contrib/sepgsql/proc.c
+++ b/contrib/sepgsql/proc.c
@ -18,6 +18,7 @@
 #include "catalog/pg_namespace.h"
 #include "catalog/pg_proc.h"
 #include "commands/seclabel.h"
+#include "utils/builtins.h"
 #include "utils/fmgroids.h"
 #include "utils/lsyscache.h"
 #include "utils/tqual.h"
@ -37,11 +38,13 @@ sepgsql_proc_post_create(Oid functionId)
 	ScanKeyData skey;
 	SysScanDesc sscan;
 	HeapTuple	tuple;
-	Oid			namespaceId;
-	ObjectAddress object;
 	char	   *scontext;
 	char	   *tcontext;
 	char	   *ncontext;
+	int			i;
+	StringInfoData	audit_name;
+	ObjectAddress	object;
+	Form_pg_proc	proForm;

 	/*
 	 * Fetch namespace of the new procedure. Because pg_proc entry is not
@ -61,20 +64,53 @@ sepgsql_proc_post_create(Oid functionId)
 	if (!HeapTupleIsValid(tuple))
 		elog(ERROR, "catalog lookup failed for proc %u", functionId);

-	namespaceId = ((Form_pg_proc) GETSTRUCT(tuple))->pronamespace;
+	proForm = (Form_pg_proc) GETSTRUCT(tuple);
+
+	/*
+	 * check db_schema:{add_name} permission of the namespace
+	 */
+	object.classId = NamespaceRelationId;
+	object.objectId = proForm->pronamespace;
+	object.objectSubId = 0;
+	sepgsql_avc_check_perms(&object,
+							SEPG_CLASS_DB_SCHEMA,
+							SEPG_DB_SCHEMA__ADD_NAME,
+							getObjectDescription(&object),
+							true);
+	/*
+	 * XXX - db_language:{implement} also should be checked here
+	 */

-	systable_endscan(sscan);
-	heap_close(rel, AccessShareLock);

 	/*
 	 * Compute a default security label when we create a new procedure object
 	 * under the specified namespace.
 	 */
 	scontext = sepgsql_get_client_label();
-	tcontext = sepgsql_get_label(NamespaceRelationId, namespaceId, 0);
+	tcontext = sepgsql_get_label(NamespaceRelationId,
+								 proForm->pronamespace, 0);
 	ncontext = sepgsql_compute_create(scontext, tcontext,
 									  SEPG_CLASS_DB_PROCEDURE);

+	/*
+	 * check db_procedure:{create} permission
+	 */
+	initStringInfo(&audit_name);
+	appendStringInfo(&audit_name, "function %s(", NameStr(proForm->proname));
+	for (i=0; i < proForm->pronargs; i++)
+	{
+		Oid		typeoid = proForm->proargtypes.values[i];
+		if (i > 0)
+			appendStringInfoChar(&audit_name, ',');
+		appendStringInfoString(&audit_name, format_type_be(typeoid));
+	}
+	appendStringInfoChar(&audit_name, ')');
+
+	sepgsql_avc_check_perms_label(ncontext,
+								  SEPG_CLASS_DB_PROCEDURE,
+								  SEPG_DB_PROCEDURE__CREATE,
+								  audit_name.data,
+								  true);
 	/*
 	 * Assign the default security label on a new procedure
 	 */
@ -83,6 +119,13 @@ sepgsql_proc_post_create(Oid functionId)
 	object.objectSubId = 0;
 	SetSecurityLabel(&object, SEPGSQL_LABEL_TAG, ncontext);

+	/*
+	 * Cleanup
+	 */
+	systable_endscan(sscan);
+	heap_close(rel, AccessShareLock);
+
+	pfree(audit_name.data);
 	pfree(tcontext);
 	pfree(ncontext);
 }