sepgsql: Enforce db_procedure:{execute} permission.

To do this, we add an additional object access hook type,
OAT_FUNCTION_EXECUTE.

KaiGai Kohei

src/backend/catalog/objectaccess.c

@@ -12,6 +12,7 @@
 
 #include "catalog/objectaccess.h"
 #include "catalog/pg_namespace.h"
+#include "catalog/pg_proc.h"
 
 /*
  * Hook on object accesses.  This is intended as infrastructure for security
@@ -109,3 +110,19 @@ RunNamespaceSearchHook(Oid objectId, bool ereport_on_violation)
 
 	return ns_arg.result;
 }
+
+/*
+ * RunFunctionExecuteHook
+ *
+ * It is entrypoint of OAT_FUNCTION_EXECUTE event
+ */
+void
+RunFunctionExecuteHook(Oid objectId)
+{
+	/* caller should check, but just in case... */
+	Assert(object_access_hook != NULL);
+
+	(*object_access_hook)(OAT_FUNCTION_EXECUTE,
+						  ProcedureRelationId, objectId, 0,
+						  NULL);
+}