sepgsql DROP support.

KaiGai Kohei
2025-07-27 12:41:57 +03:00 · 2012-03-09 15:18:45 -05:00
parent 07d1edb954
commit e914a144d3
11 changed files with 483 additions and 88 deletions
--- a/contrib/sepgsql/proc.c
+++ b/contrib/sepgsql/proc.c
@ -130,6 +130,48 @@ sepgsql_proc_post_create(Oid functionId)
 	pfree(ncontext);
 }

+/*
+ * sepgsql_proc_drop
+ *
+ * It checks privileges to drop the supplied function.
+ */
+void
+sepgsql_proc_drop(Oid functionId)
+{
+	ObjectAddress	object;
+	char		   *audit_name;
+
+	/*
+	 * check db_schema:{remove_name} permission
+	 */
+	object.classId = NamespaceRelationId;
+	object.objectId = get_func_namespace(functionId);
+	object.objectSubId = 0;
+	audit_name = getObjectDescription(&object);
+
+	sepgsql_avc_check_perms(&object,
+							SEPG_CLASS_DB_SCHEMA,
+							SEPG_DB_SCHEMA__REMOVE_NAME,
+							audit_name,
+							true);
+	pfree(audit_name);
+
+    /*
+     * check db_procedure:{drop} permission
+     */
+	object.classId = ProcedureRelationId;
+	object.objectId = functionId;
+	object.objectSubId = 0;
+	audit_name = getObjectDescription(&object);
+
+    sepgsql_avc_check_perms(&object,
+                            SEPG_CLASS_DB_PROCEDURE,
+                            SEPG_DB_PROCEDURE__DROP,
+                            audit_name,
+                            true);
+	pfree(audit_name);
+}
+
 /*
 * sepgsql_proc_relabel
 *