Header And Logo
|
#include "catalog/objectaddress.h"#include "fmgr.h"#include <selinux/selinux.h>#include <selinux/avc.h>
Go to the source code of this file.
Defines | |
| #define | SEPGSQL_LABEL_TAG "selinux" |
| #define | SEPGSQL_MODE_DEFAULT 1 |
| #define | SEPGSQL_MODE_PERMISSIVE 2 |
| #define | SEPGSQL_MODE_INTERNAL 3 |
| #define | SEPGSQL_MODE_DISABLED 4 |
| #define | SEPG_CLASS_PROCESS 0 |
| #define | SEPG_CLASS_FILE 1 |
| #define | SEPG_CLASS_DIR 2 |
| #define | SEPG_CLASS_LNK_FILE 3 |
| #define | SEPG_CLASS_CHR_FILE 4 |
| #define | SEPG_CLASS_BLK_FILE 5 |
| #define | SEPG_CLASS_SOCK_FILE 6 |
| #define | SEPG_CLASS_FIFO_FILE 7 |
| #define | SEPG_CLASS_DB_DATABASE 8 |
| #define | SEPG_CLASS_DB_SCHEMA 9 |
| #define | SEPG_CLASS_DB_TABLE 10 |
| #define | SEPG_CLASS_DB_SEQUENCE 11 |
| #define | SEPG_CLASS_DB_PROCEDURE 12 |
| #define | SEPG_CLASS_DB_COLUMN 13 |
| #define | SEPG_CLASS_DB_TUPLE 14 |
| #define | SEPG_CLASS_DB_BLOB 15 |
| #define | SEPG_CLASS_DB_LANGUAGE 16 |
| #define | SEPG_CLASS_DB_VIEW 17 |
| #define | SEPG_CLASS_MAX 18 |
| #define | SEPG_PROCESS__TRANSITION (1<<0) |
| #define | SEPG_PROCESS__DYNTRANSITION (1<<1) |
| #define | SEPG_PROCESS__SETCURRENT (1<<2) |
| #define | SEPG_FILE__READ (1<<0) |
| #define | SEPG_FILE__WRITE (1<<1) |
| #define | SEPG_FILE__CREATE (1<<2) |
| #define | SEPG_FILE__GETATTR (1<<3) |
| #define | SEPG_FILE__UNLINK (1<<4) |
| #define | SEPG_FILE__RENAME (1<<5) |
| #define | SEPG_FILE__APPEND (1<<6) |
| #define | SEPG_DIR__READ (SEPG_FILE__READ) |
| #define | SEPG_DIR__WRITE (SEPG_FILE__WRITE) |
| #define | SEPG_DIR__CREATE (SEPG_FILE__CREATE) |
| #define | SEPG_DIR__GETATTR (SEPG_FILE__GETATTR) |
| #define | SEPG_DIR__UNLINK (SEPG_FILE__UNLINK) |
| #define | SEPG_DIR__RENAME (SEPG_FILE__RENAME) |
| #define | SEPG_DIR__SEARCH (1<<6) |
| #define | SEPG_DIR__ADD_NAME (1<<7) |
| #define | SEPG_DIR__REMOVE_NAME (1<<8) |
| #define | SEPG_DIR__RMDIR (1<<9) |
| #define | SEPG_DIR__REPARENT (1<<10) |
| #define | SEPG_LNK_FILE__READ (SEPG_FILE__READ) |
| #define | SEPG_LNK_FILE__WRITE (SEPG_FILE__WRITE) |
| #define | SEPG_LNK_FILE__CREATE (SEPG_FILE__CREATE) |
| #define | SEPG_LNK_FILE__GETATTR (SEPG_FILE__GETATTR) |
| #define | SEPG_LNK_FILE__UNLINK (SEPG_FILE__UNLINK) |
| #define | SEPG_LNK_FILE__RENAME (SEPG_FILE__RENAME) |
| #define | SEPG_CHR_FILE__READ (SEPG_FILE__READ) |
| #define | SEPG_CHR_FILE__WRITE (SEPG_FILE__WRITE) |
| #define | SEPG_CHR_FILE__CREATE (SEPG_FILE__CREATE) |
| #define | SEPG_CHR_FILE__GETATTR (SEPG_FILE__GETATTR) |
| #define | SEPG_CHR_FILE__UNLINK (SEPG_FILE__UNLINK) |
| #define | SEPG_CHR_FILE__RENAME (SEPG_FILE__RENAME) |
| #define | SEPG_BLK_FILE__READ (SEPG_FILE__READ) |
| #define | SEPG_BLK_FILE__WRITE (SEPG_FILE__WRITE) |
| #define | SEPG_BLK_FILE__CREATE (SEPG_FILE__CREATE) |
| #define | SEPG_BLK_FILE__GETATTR (SEPG_FILE__GETATTR) |
| #define | SEPG_BLK_FILE__UNLINK (SEPG_FILE__UNLINK) |
| #define | SEPG_BLK_FILE__RENAME (SEPG_FILE__RENAME) |
| #define | SEPG_SOCK_FILE__READ (SEPG_FILE__READ) |
| #define | SEPG_SOCK_FILE__WRITE (SEPG_FILE__WRITE) |
| #define | SEPG_SOCK_FILE__CREATE (SEPG_FILE__CREATE) |
| #define | SEPG_SOCK_FILE__GETATTR (SEPG_FILE__GETATTR) |
| #define | SEPG_SOCK_FILE__UNLINK (SEPG_FILE__UNLINK) |
| #define | SEPG_SOCK_FILE__RENAME (SEPG_FILE__RENAME) |
| #define | SEPG_FIFO_FILE__READ (SEPG_FILE__READ) |
| #define | SEPG_FIFO_FILE__WRITE (SEPG_FILE__WRITE) |
| #define | SEPG_FIFO_FILE__CREATE (SEPG_FILE__CREATE) |
| #define | SEPG_FIFO_FILE__GETATTR (SEPG_FILE__GETATTR) |
| #define | SEPG_FIFO_FILE__UNLINK (SEPG_FILE__UNLINK) |
| #define | SEPG_FIFO_FILE__RENAME (SEPG_FILE__RENAME) |
| #define | SEPG_DB_DATABASE__CREATE (1<<0) |
| #define | SEPG_DB_DATABASE__DROP (1<<1) |
| #define | SEPG_DB_DATABASE__GETATTR (1<<2) |
| #define | SEPG_DB_DATABASE__SETATTR (1<<3) |
| #define | SEPG_DB_DATABASE__RELABELFROM (1<<4) |
| #define | SEPG_DB_DATABASE__RELABELTO (1<<5) |
| #define | SEPG_DB_DATABASE__ACCESS (1<<6) |
| #define | SEPG_DB_DATABASE__LOAD_MODULE (1<<7) |
| #define | SEPG_DB_SCHEMA__CREATE (SEPG_DB_DATABASE__CREATE) |
| #define | SEPG_DB_SCHEMA__DROP (SEPG_DB_DATABASE__DROP) |
| #define | SEPG_DB_SCHEMA__GETATTR (SEPG_DB_DATABASE__GETATTR) |
| #define | SEPG_DB_SCHEMA__SETATTR (SEPG_DB_DATABASE__SETATTR) |
| #define | SEPG_DB_SCHEMA__RELABELFROM (SEPG_DB_DATABASE__RELABELFROM) |
| #define | SEPG_DB_SCHEMA__RELABELTO (SEPG_DB_DATABASE__RELABELTO) |
| #define | SEPG_DB_SCHEMA__SEARCH (1<<6) |
| #define | SEPG_DB_SCHEMA__ADD_NAME (1<<7) |
| #define | SEPG_DB_SCHEMA__REMOVE_NAME (1<<8) |
| #define | SEPG_DB_TABLE__CREATE (SEPG_DB_DATABASE__CREATE) |
| #define | SEPG_DB_TABLE__DROP (SEPG_DB_DATABASE__DROP) |
| #define | SEPG_DB_TABLE__GETATTR (SEPG_DB_DATABASE__GETATTR) |
| #define | SEPG_DB_TABLE__SETATTR (SEPG_DB_DATABASE__SETATTR) |
| #define | SEPG_DB_TABLE__RELABELFROM (SEPG_DB_DATABASE__RELABELFROM) |
| #define | SEPG_DB_TABLE__RELABELTO (SEPG_DB_DATABASE__RELABELTO) |
| #define | SEPG_DB_TABLE__SELECT (1<<6) |
| #define | SEPG_DB_TABLE__UPDATE (1<<7) |
| #define | SEPG_DB_TABLE__INSERT (1<<8) |
| #define | SEPG_DB_TABLE__DELETE (1<<9) |
| #define | SEPG_DB_TABLE__LOCK (1<<10) |
| #define | SEPG_DB_SEQUENCE__CREATE (SEPG_DB_DATABASE__CREATE) |
| #define | SEPG_DB_SEQUENCE__DROP (SEPG_DB_DATABASE__DROP) |
| #define | SEPG_DB_SEQUENCE__GETATTR (SEPG_DB_DATABASE__GETATTR) |
| #define | SEPG_DB_SEQUENCE__SETATTR (SEPG_DB_DATABASE__SETATTR) |
| #define | SEPG_DB_SEQUENCE__RELABELFROM (SEPG_DB_DATABASE__RELABELFROM) |
| #define | SEPG_DB_SEQUENCE__RELABELTO (SEPG_DB_DATABASE__RELABELTO) |
| #define | SEPG_DB_SEQUENCE__GET_VALUE (1<<6) |
| #define | SEPG_DB_SEQUENCE__NEXT_VALUE (1<<7) |
| #define | SEPG_DB_SEQUENCE__SET_VALUE (1<<8) |
| #define | SEPG_DB_PROCEDURE__CREATE (SEPG_DB_DATABASE__CREATE) |
| #define | SEPG_DB_PROCEDURE__DROP (SEPG_DB_DATABASE__DROP) |
| #define | SEPG_DB_PROCEDURE__GETATTR (SEPG_DB_DATABASE__GETATTR) |
| #define | SEPG_DB_PROCEDURE__SETATTR (SEPG_DB_DATABASE__SETATTR) |
| #define | SEPG_DB_PROCEDURE__RELABELFROM (SEPG_DB_DATABASE__RELABELFROM) |
| #define | SEPG_DB_PROCEDURE__RELABELTO (SEPG_DB_DATABASE__RELABELTO) |
| #define | SEPG_DB_PROCEDURE__EXECUTE (1<<6) |
| #define | SEPG_DB_PROCEDURE__ENTRYPOINT (1<<7) |
| #define | SEPG_DB_PROCEDURE__INSTALL (1<<8) |
| #define | SEPG_DB_COLUMN__CREATE (SEPG_DB_DATABASE__CREATE) |
| #define | SEPG_DB_COLUMN__DROP (SEPG_DB_DATABASE__DROP) |
| #define | SEPG_DB_COLUMN__GETATTR (SEPG_DB_DATABASE__GETATTR) |
| #define | SEPG_DB_COLUMN__SETATTR (SEPG_DB_DATABASE__SETATTR) |
| #define | SEPG_DB_COLUMN__RELABELFROM (SEPG_DB_DATABASE__RELABELFROM) |
| #define | SEPG_DB_COLUMN__RELABELTO (SEPG_DB_DATABASE__RELABELTO) |
| #define | SEPG_DB_COLUMN__SELECT (1<<6) |
| #define | SEPG_DB_COLUMN__UPDATE (1<<7) |
| #define | SEPG_DB_COLUMN__INSERT (1<<8) |
| #define | SEPG_DB_TUPLE__RELABELFROM (SEPG_DB_DATABASE__RELABELFROM) |
| #define | SEPG_DB_TUPLE__RELABELTO (SEPG_DB_DATABASE__RELABELTO) |
| #define | SEPG_DB_TUPLE__SELECT (SEPG_DB_DATABASE__GETATTR) |
| #define | SEPG_DB_TUPLE__UPDATE (SEPG_DB_DATABASE__SETATTR) |
| #define | SEPG_DB_TUPLE__INSERT (SEPG_DB_DATABASE__CREATE) |
| #define | SEPG_DB_TUPLE__DELETE (SEPG_DB_DATABASE__DROP) |
| #define | SEPG_DB_BLOB__CREATE (SEPG_DB_DATABASE__CREATE) |
| #define | SEPG_DB_BLOB__DROP (SEPG_DB_DATABASE__DROP) |
| #define | SEPG_DB_BLOB__GETATTR (SEPG_DB_DATABASE__GETATTR) |
| #define | SEPG_DB_BLOB__SETATTR (SEPG_DB_DATABASE__SETATTR) |
| #define | SEPG_DB_BLOB__RELABELFROM (SEPG_DB_DATABASE__RELABELFROM) |
| #define | SEPG_DB_BLOB__RELABELTO (SEPG_DB_DATABASE__RELABELTO) |
| #define | SEPG_DB_BLOB__READ (1<<6) |
| #define | SEPG_DB_BLOB__WRITE (1<<7) |
| #define | SEPG_DB_BLOB__IMPORT (1<<8) |
| #define | SEPG_DB_BLOB__EXPORT (1<<9) |
| #define | SEPG_DB_LANGUAGE__CREATE (SEPG_DB_DATABASE__CREATE) |
| #define | SEPG_DB_LANGUAGE__DROP (SEPG_DB_DATABASE__DROP) |
| #define | SEPG_DB_LANGUAGE__GETATTR (SEPG_DB_DATABASE__GETATTR) |
| #define | SEPG_DB_LANGUAGE__SETATTR (SEPG_DB_DATABASE__SETATTR) |
| #define | SEPG_DB_LANGUAGE__RELABELFROM (SEPG_DB_DATABASE__RELABELFROM) |
| #define | SEPG_DB_LANGUAGE__RELABELTO (SEPG_DB_DATABASE__RELABELTO) |
| #define | SEPG_DB_LANGUAGE__IMPLEMENT (1<<6) |
| #define | SEPG_DB_LANGUAGE__EXECUTE (1<<7) |
| #define | SEPG_DB_VIEW__CREATE (SEPG_DB_DATABASE__CREATE) |
| #define | SEPG_DB_VIEW__DROP (SEPG_DB_DATABASE__DROP) |
| #define | SEPG_DB_VIEW__GETATTR (SEPG_DB_DATABASE__GETATTR) |
| #define | SEPG_DB_VIEW__SETATTR (SEPG_DB_DATABASE__SETATTR) |
| #define | SEPG_DB_VIEW__RELABELFROM (SEPG_DB_DATABASE__RELABELFROM) |
| #define | SEPG_DB_VIEW__RELABELTO (SEPG_DB_DATABASE__RELABELTO) |
| #define | SEPG_DB_VIEW__EXPAND (1<<6) |
| #define | SEPGSQL_AVC_NOAUDIT ((void *)(-1)) |
Functions | |
| bool | sepgsql_get_permissive (void) |
| bool | sepgsql_get_debug_audit (void) |
| bool | sepgsql_is_enabled (void) |
| int | sepgsql_get_mode (void) |
| int | sepgsql_set_mode (int new_mode) |
| bool | sepgsql_getenforce (void) |
| void | sepgsql_audit_log (bool denied, const char *scontext, const char *tcontext, uint16 tclass, uint32 audited, const char *audit_name) |
| void | sepgsql_compute_avd (const char *scontext, const char *tcontext, uint16 tclass, struct av_decision *avd) |
| char * | sepgsql_compute_create (const char *scontext, const char *tcontext, uint16 tclass, const char *objname) |
| bool | sepgsql_check_perms (const char *scontext, const char *tcontext, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation) |
| bool | sepgsql_avc_check_perms_label (const char *tcontext, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation) |
| bool | sepgsql_avc_check_perms (const ObjectAddress *tobject, uint16 tclass, uint32 required, const char *audit_name, bool abort_on_violation) |
| char * | sepgsql_avc_trusted_proc (Oid functionId) |
| void | sepgsql_avc_init (void) |
| char * | sepgsql_get_client_label (void) |
| void | sepgsql_init_client_label (void) |
| char * | sepgsql_get_label (Oid relOid, Oid objOid, int32 subId) |
| void | sepgsql_object_relabel (const ObjectAddress *object, const char *seclabel) |
| Datum | sepgsql_getcon (PG_FUNCTION_ARGS) |
| Datum | sepgsql_setcon (PG_FUNCTION_ARGS) |
| Datum | sepgsql_mcstrans_in (PG_FUNCTION_ARGS) |
| Datum | sepgsql_mcstrans_out (PG_FUNCTION_ARGS) |
| Datum | sepgsql_restorecon (PG_FUNCTION_ARGS) |
| bool | sepgsql_dml_privileges (List *rangeTabls, bool abort_on_violation) |
| void | sepgsql_database_post_create (Oid databaseId, const char *dtemplate) |
| void | sepgsql_database_drop (Oid databaseId) |
| void | sepgsql_database_relabel (Oid databaseId, const char *seclabel) |
| void | sepgsql_database_setattr (Oid databaseId) |
| void | sepgsql_schema_post_create (Oid namespaceId) |
| void | sepgsql_schema_drop (Oid namespaceId) |
| void | sepgsql_schema_relabel (Oid namespaceId, const char *seclabel) |
| void | sepgsql_schema_setattr (Oid namespaceId) |
| bool | sepgsql_schema_search (Oid namespaceId, bool abort_on_violation) |
| void | sepgsql_schema_add_name (Oid namespaceId) |
| void | sepgsql_schema_remove_name (Oid namespaceId) |
| void | sepgsql_schema_rename (Oid namespaceId) |
| void | sepgsql_attribute_post_create (Oid relOid, AttrNumber attnum) |
| void | sepgsql_attribute_drop (Oid relOid, AttrNumber attnum) |
| void | sepgsql_attribute_relabel (Oid relOid, AttrNumber attnum, const char *seclabel) |
| void | sepgsql_attribute_setattr (Oid relOid, AttrNumber attnum) |
| void | sepgsql_relation_post_create (Oid relOid) |
| void | sepgsql_relation_drop (Oid relOid) |
| void | sepgsql_relation_relabel (Oid relOid, const char *seclabel) |
| void | sepgsql_relation_setattr (Oid relOid) |
| void | sepgsql_proc_post_create (Oid functionId) |
| void | sepgsql_proc_drop (Oid functionId) |
| void | sepgsql_proc_relabel (Oid functionId, const char *seclabel) |
| void | sepgsql_proc_setattr (Oid functionId) |
| void | sepgsql_proc_execute (Oid functionId) |
| #define SEPG_CLASS_DB_COLUMN 13 |
Definition at line 49 of file sepgsql.h.
Referenced by check_relation_privileges(), sepgsql_attribute_drop(), sepgsql_attribute_post_create(), sepgsql_attribute_relabel(), sepgsql_attribute_setattr(), sepgsql_relation_drop(), and sepgsql_relation_post_create().
| #define SEPG_CLASS_DB_DATABASE 8 |
Definition at line 44 of file sepgsql.h.
Referenced by sepgsql_database_drop(), sepgsql_database_post_create(), sepgsql_database_relabel(), and sepgsql_database_setattr().
| #define SEPG_CLASS_DB_PROCEDURE 12 |
Definition at line 48 of file sepgsql.h.
Referenced by sepgsql_avc_compute(), sepgsql_avc_trusted_proc(), sepgsql_fmgr_hook(), sepgsql_needs_fmgr_hook(), sepgsql_proc_drop(), sepgsql_proc_execute(), sepgsql_proc_post_create(), sepgsql_proc_relabel(), and sepgsql_proc_setattr().
| #define SEPG_CLASS_DB_SCHEMA 9 |
Definition at line 45 of file sepgsql.h.
Referenced by check_schema_perms(), sepgsql_proc_drop(), sepgsql_proc_post_create(), sepgsql_relation_drop(), sepgsql_relation_post_create(), sepgsql_schema_drop(), sepgsql_schema_post_create(), and sepgsql_schema_relabel().
| #define SEPG_CLASS_DB_SEQUENCE 11 |
Definition at line 47 of file sepgsql.h.
Referenced by check_relation_privileges().
| #define SEPG_CLASS_DB_TABLE 10 |
Definition at line 46 of file sepgsql.h.
Referenced by check_relation_privileges().
| #define SEPG_CLASS_DB_VIEW 17 |
Definition at line 53 of file sepgsql.h.
Referenced by check_relation_privileges().
| #define SEPG_CLASS_MAX 18 |
Definition at line 54 of file sepgsql.h.
Referenced by sepgsql_audit_log(), sepgsql_compute_avd(), and sepgsql_compute_create().
| #define SEPG_CLASS_PROCESS 0 |
Definition at line 36 of file sepgsql.h.
Referenced by sepgsql_avc_compute(), sepgsql_fmgr_hook(), and sepgsql_set_client_label().
| #define SEPG_DB_BLOB__RELABELFROM (SEPG_DB_DATABASE__RELABELFROM) |
| #define SEPG_DB_BLOB__RELABELTO (SEPG_DB_DATABASE__RELABELTO) |
| #define SEPG_DB_COLUMN__CREATE (SEPG_DB_DATABASE__CREATE) |
Definition at line 169 of file sepgsql.h.
Referenced by sepgsql_attribute_post_create(), and sepgsql_relation_post_create().
| #define SEPG_DB_COLUMN__DROP (SEPG_DB_DATABASE__DROP) |
Definition at line 170 of file sepgsql.h.
Referenced by sepgsql_attribute_drop(), and sepgsql_relation_drop().
| #define SEPG_DB_COLUMN__GETATTR (SEPG_DB_DATABASE__GETATTR) |
| #define SEPG_DB_COLUMN__RELABELFROM (SEPG_DB_DATABASE__RELABELFROM) |
Definition at line 173 of file sepgsql.h.
Referenced by sepgsql_attribute_relabel().
| #define SEPG_DB_COLUMN__RELABELTO (SEPG_DB_DATABASE__RELABELTO) |
| #define SEPG_DB_COLUMN__SETATTR (SEPG_DB_DATABASE__SETATTR) |
Definition at line 172 of file sepgsql.h.
Referenced by sepgsql_attribute_relabel(), and sepgsql_attribute_setattr().
| #define SEPG_DB_DATABASE__CREATE (1<<0) |
Definition at line 118 of file sepgsql.h.
Referenced by sepgsql_database_post_create(), and sepgsql_relation_post_create().
| #define SEPG_DB_DATABASE__DROP (1<<1) |
Definition at line 119 of file sepgsql.h.
Referenced by sepgsql_database_drop().
| #define SEPG_DB_DATABASE__GETATTR (1<<2) |
Definition at line 120 of file sepgsql.h.
Referenced by sepgsql_database_post_create().
| #define SEPG_DB_DATABASE__RELABELFROM (1<<4) |
Definition at line 122 of file sepgsql.h.
Referenced by sepgsql_database_relabel().
| #define SEPG_DB_DATABASE__RELABELTO (1<<5) |
Definition at line 123 of file sepgsql.h.
Referenced by sepgsql_database_relabel().
| #define SEPG_DB_DATABASE__SETATTR (1<<3) |
Definition at line 121 of file sepgsql.h.
Referenced by sepgsql_database_relabel(), and sepgsql_database_setattr().
| #define SEPG_DB_LANGUAGE__CREATE (SEPG_DB_DATABASE__CREATE) |
| #define SEPG_DB_LANGUAGE__GETATTR (SEPG_DB_DATABASE__GETATTR) |
| #define SEPG_DB_LANGUAGE__RELABELFROM (SEPG_DB_DATABASE__RELABELFROM) |
| #define SEPG_DB_LANGUAGE__RELABELTO (SEPG_DB_DATABASE__RELABELTO) |
| #define SEPG_DB_LANGUAGE__SETATTR (SEPG_DB_DATABASE__SETATTR) |
| #define SEPG_DB_PROCEDURE__CREATE (SEPG_DB_DATABASE__CREATE) |
| #define SEPG_DB_PROCEDURE__DROP (SEPG_DB_DATABASE__DROP) |
Definition at line 160 of file sepgsql.h.
Referenced by sepgsql_proc_drop().
| #define SEPG_DB_PROCEDURE__ENTRYPOINT (1<<7) |
Definition at line 166 of file sepgsql.h.
Referenced by sepgsql_fmgr_hook(), and sepgsql_needs_fmgr_hook().
| #define SEPG_DB_PROCEDURE__EXECUTE (1<<6) |
Definition at line 165 of file sepgsql.h.
Referenced by sepgsql_needs_fmgr_hook(), and sepgsql_proc_execute().
| #define SEPG_DB_PROCEDURE__GETATTR (SEPG_DB_DATABASE__GETATTR) |
| #define SEPG_DB_PROCEDURE__RELABELFROM (SEPG_DB_DATABASE__RELABELFROM) |
Definition at line 163 of file sepgsql.h.
Referenced by sepgsql_proc_relabel().
| #define SEPG_DB_PROCEDURE__RELABELTO (SEPG_DB_DATABASE__RELABELTO) |
Definition at line 164 of file sepgsql.h.
Referenced by sepgsql_attribute_relabel(), and sepgsql_proc_relabel().
| #define SEPG_DB_PROCEDURE__SETATTR (SEPG_DB_DATABASE__SETATTR) |
Definition at line 162 of file sepgsql.h.
Referenced by sepgsql_proc_relabel().
| #define SEPG_DB_SCHEMA__ADD_NAME (1<<7) |
Definition at line 134 of file sepgsql.h.
Referenced by sepgsql_proc_post_create(), sepgsql_relation_post_create(), sepgsql_schema_add_name(), and sepgsql_schema_rename().
| #define SEPG_DB_SCHEMA__CREATE (SEPG_DB_DATABASE__CREATE) |
Definition at line 127 of file sepgsql.h.
Referenced by sepgsql_schema_post_create().
| #define SEPG_DB_SCHEMA__DROP (SEPG_DB_DATABASE__DROP) |
Definition at line 128 of file sepgsql.h.
Referenced by sepgsql_schema_drop().
| #define SEPG_DB_SCHEMA__GETATTR (SEPG_DB_DATABASE__GETATTR) |
| #define SEPG_DB_SCHEMA__RELABELFROM (SEPG_DB_DATABASE__RELABELFROM) |
Definition at line 131 of file sepgsql.h.
Referenced by sepgsql_schema_relabel().
| #define SEPG_DB_SCHEMA__RELABELTO (SEPG_DB_DATABASE__RELABELTO) |
Definition at line 132 of file sepgsql.h.
Referenced by sepgsql_schema_relabel().
| #define SEPG_DB_SCHEMA__REMOVE_NAME (1<<8) |
Definition at line 135 of file sepgsql.h.
Referenced by sepgsql_proc_drop(), sepgsql_relation_drop(), sepgsql_schema_remove_name(), and sepgsql_schema_rename().
| #define SEPG_DB_SCHEMA__SEARCH (1<<6) |
Definition at line 133 of file sepgsql.h.
Referenced by sepgsql_schema_search().
| #define SEPG_DB_SCHEMA__SETATTR (SEPG_DB_DATABASE__SETATTR) |
Definition at line 130 of file sepgsql.h.
Referenced by sepgsql_schema_relabel(), and sepgsql_schema_setattr().
| #define SEPG_DB_SEQUENCE__CREATE (SEPG_DB_DATABASE__CREATE) |
| #define SEPG_DB_SEQUENCE__GET_VALUE (1<<6) |
Definition at line 155 of file sepgsql.h.
Referenced by check_relation_privileges().
| #define SEPG_DB_SEQUENCE__GETATTR (SEPG_DB_DATABASE__GETATTR) |
| #define SEPG_DB_SEQUENCE__RELABELFROM (SEPG_DB_DATABASE__RELABELFROM) |
| #define SEPG_DB_SEQUENCE__RELABELTO (SEPG_DB_DATABASE__RELABELTO) |
| #define SEPG_DB_SEQUENCE__SETATTR (SEPG_DB_DATABASE__SETATTR) |
| #define SEPG_DB_TABLE__DELETE (1<<9) |
Definition at line 146 of file sepgsql.h.
Referenced by check_relation_privileges().
| #define SEPG_DB_TABLE__DROP (SEPG_DB_DATABASE__DROP) |
Definition at line 138 of file sepgsql.h.
Referenced by sepgsql_relation_drop().
| #define SEPG_DB_TABLE__GETATTR (SEPG_DB_DATABASE__GETATTR) |
| #define SEPG_DB_TABLE__INSERT (1<<8) |
Definition at line 145 of file sepgsql.h.
Referenced by check_relation_privileges().
| #define SEPG_DB_TABLE__RELABELFROM (SEPG_DB_DATABASE__RELABELFROM) |
Definition at line 141 of file sepgsql.h.
Referenced by sepgsql_relation_relabel().
| #define SEPG_DB_TABLE__RELABELTO (SEPG_DB_DATABASE__RELABELTO) |
Definition at line 142 of file sepgsql.h.
Referenced by sepgsql_relation_relabel().
| #define SEPG_DB_TABLE__SELECT (1<<6) |
Definition at line 143 of file sepgsql.h.
Referenced by check_relation_privileges().
| #define SEPG_DB_TABLE__SETATTR (SEPG_DB_DATABASE__SETATTR) |
Definition at line 140 of file sepgsql.h.
Referenced by sepgsql_relation_relabel(), and sepgsql_relation_setattr().
| #define SEPG_DB_TABLE__UPDATE (1<<7) |
Definition at line 144 of file sepgsql.h.
Referenced by check_relation_privileges().
| #define SEPG_DB_TUPLE__RELABELFROM (SEPG_DB_DATABASE__RELABELFROM) |
| #define SEPG_DB_TUPLE__RELABELTO (SEPG_DB_DATABASE__RELABELTO) |
| #define SEPG_DB_VIEW__EXPAND (1<<6) |
Definition at line 212 of file sepgsql.h.
Referenced by check_relation_privileges().
| #define SEPG_DB_VIEW__RELABELFROM (SEPG_DB_DATABASE__RELABELFROM) |
| #define SEPG_DB_VIEW__RELABELTO (SEPG_DB_DATABASE__RELABELTO) |
| #define SEPG_PROCESS__DYNTRANSITION (1<<1) |
Definition at line 60 of file sepgsql.h.
Referenced by sepgsql_set_client_label().
| #define SEPG_PROCESS__SETCURRENT (1<<2) |
Definition at line 61 of file sepgsql.h.
Referenced by sepgsql_set_client_label().
| #define SEPG_PROCESS__TRANSITION (1<<0) |
Definition at line 59 of file sepgsql.h.
Referenced by sepgsql_fmgr_hook().
| #define SEPGSQL_AVC_NOAUDIT ((void *)(-1)) |
Definition at line 255 of file sepgsql.h.
Referenced by sepgsql_avc_check_perms_label(), and sepgsql_needs_fmgr_hook().
| #define SEPGSQL_LABEL_TAG "selinux" |
Definition at line 23 of file sepgsql.h.
Referenced by _PG_init(), exec_object_restorecon(), sepgsql_attribute_post_create(), sepgsql_avc_check_perms(), sepgsql_avc_trusted_proc(), sepgsql_database_post_create(), sepgsql_get_label(), sepgsql_proc_post_create(), sepgsql_relation_post_create(), and sepgsql_schema_post_create().
| #define SEPGSQL_MODE_DEFAULT 1 |
Definition at line 28 of file sepgsql.h.
Referenced by sepgsql_client_auth(), and sepgsql_getenforce().
| #define SEPGSQL_MODE_DISABLED 4 |
Definition at line 31 of file sepgsql.h.
Referenced by _PG_init(), and sepgsql_is_enabled().
| #define SEPGSQL_MODE_INTERNAL 3 |
Definition at line 30 of file sepgsql.h.
Referenced by sepgsql_avc_check_perms_label(), and sepgsql_check_perms().
| #define SEPGSQL_MODE_PERMISSIVE 2 |
Definition at line 29 of file sepgsql.h.
Referenced by sepgsql_client_auth().
| void sepgsql_attribute_drop | ( | Oid | relOid, | |
| AttrNumber | attnum | |||
| ) |
Definition at line 134 of file relation.c.
References get_rel_relkind(), getObjectIdentity(), pfree(), RELKIND_RELATION, SEPG_CLASS_DB_COLUMN, SEPG_DB_COLUMN__DROP, and sepgsql_avc_check_perms().
Referenced by sepgsql_object_access().
{
ObjectAddress object;
char *audit_name;
if (get_rel_relkind(relOid) != RELKIND_RELATION)
return;
/*
* check db_column:{drop} permission
*/
object.classId = RelationRelationId;
object.objectId = relOid;
object.objectSubId = attnum;
audit_name = getObjectIdentity(&object);
sepgsql_avc_check_perms(&object,
SEPG_CLASS_DB_COLUMN,
SEPG_DB_COLUMN__DROP,
audit_name,
true);
pfree(audit_name);
}
| void sepgsql_attribute_post_create | ( | Oid | relOid, | |
| AttrNumber | attnum | |||
| ) |
Definition at line 45 of file relation.c.
References AccessShareLock, Anum_pg_attribute_attnum, Anum_pg_attribute_attrelid, appendStringInfo(), AttributeRelationId, AttributeRelidNumIndexId, BTEqualStrategyNumber, StringInfoData::data, elog, ERROR, get_rel_relkind(), getObjectIdentity(), GETSTRUCT, heap_close, heap_open(), HeapTupleIsValid, initStringInfo(), Int16GetDatum, NameStr, ObjectIdGetDatum, pfree(), quote_identifier(), RelationRelationId, RELKIND_RELATION, ScanKeyInit(), SEPG_CLASS_DB_COLUMN, SEPG_DB_COLUMN__CREATE, sepgsql_avc_check_perms_label(), sepgsql_compute_create(), sepgsql_get_client_label(), sepgsql_get_label(), SEPGSQL_LABEL_TAG, SetSecurityLabel(), SnapshotSelf, systable_beginscan(), systable_endscan(), and systable_getnext().
Referenced by sepgsql_object_access().
{
Relation rel;
ScanKeyData skey[2];
SysScanDesc sscan;
HeapTuple tuple;
char *scontext;
char *tcontext;
char *ncontext;
ObjectAddress object;
Form_pg_attribute attForm;
StringInfoData audit_name;
/*
* Only attributes within regular relation have individual security
* labels.
*/
if (get_rel_relkind(relOid) != RELKIND_RELATION)
return;
/*
* Compute a default security label of the new column underlying the
* specified relation, and check permission to create it.
*/
rel = heap_open(AttributeRelationId, AccessShareLock);
ScanKeyInit(&skey[0],
Anum_pg_attribute_attrelid,
BTEqualStrategyNumber, F_OIDEQ,
ObjectIdGetDatum(relOid));
ScanKeyInit(&skey[1],
Anum_pg_attribute_attnum,
BTEqualStrategyNumber, F_INT2EQ,
Int16GetDatum(attnum));
sscan = systable_beginscan(rel, AttributeRelidNumIndexId, true,
SnapshotSelf, 2, &skey[0]);
tuple = systable_getnext(sscan);
if (!HeapTupleIsValid(tuple))
elog(ERROR, "catalog lookup failed for column %d of relation %u",
attnum, relOid);
attForm = (Form_pg_attribute) GETSTRUCT(tuple);
scontext = sepgsql_get_client_label();
tcontext = sepgsql_get_label(RelationRelationId, relOid, 0);
ncontext = sepgsql_compute_create(scontext, tcontext,
SEPG_CLASS_DB_COLUMN,
NameStr(attForm->attname));
/*
* check db_column:{create} permission
*/
object.classId = RelationRelationId;
object.objectId = relOid;
object.objectSubId = 0;
initStringInfo(&audit_name);
appendStringInfo(&audit_name, "%s.%s",
getObjectIdentity(&object),
quote_identifier(NameStr(attForm->attname)));
sepgsql_avc_check_perms_label(ncontext,
SEPG_CLASS_DB_COLUMN,
SEPG_DB_COLUMN__CREATE,
audit_name.data,
true);
/*
* Assign the default security label on a new procedure
*/
object.classId = RelationRelationId;
object.objectId = relOid;
object.objectSubId = attnum;
SetSecurityLabel(&object, SEPGSQL_LABEL_TAG, ncontext);
systable_endscan(sscan);
heap_close(rel, AccessShareLock);
pfree(tcontext);
pfree(ncontext);
}
| void sepgsql_attribute_relabel | ( | Oid | relOid, | |
| AttrNumber | attnum, | |||
| const char * | seclabel | |||
| ) |
Definition at line 165 of file relation.c.
References ereport, errcode(), errmsg(), ERROR, get_rel_relkind(), getObjectIdentity(), pfree(), RELKIND_RELATION, SEPG_CLASS_DB_COLUMN, SEPG_DB_COLUMN__RELABELFROM, SEPG_DB_COLUMN__SETATTR, SEPG_DB_PROCEDURE__RELABELTO, sepgsql_avc_check_perms(), and sepgsql_avc_check_perms_label().
Referenced by sepgsql_object_relabel().
{
ObjectAddress object;
char *audit_name;
if (get_rel_relkind(relOid) != RELKIND_RELATION)
ereport(ERROR,
(errcode(ERRCODE_WRONG_OBJECT_TYPE),
errmsg("cannot set security label on non-regular columns")));
object.classId = RelationRelationId;
object.objectId = relOid;
object.objectSubId = attnum;
audit_name = getObjectIdentity(&object);
/*
* check db_column:{setattr relabelfrom} permission
*/
sepgsql_avc_check_perms(&object,
SEPG_CLASS_DB_COLUMN,
SEPG_DB_COLUMN__SETATTR |
SEPG_DB_COLUMN__RELABELFROM,
audit_name,
true);
/*
* check db_column:{relabelto} permission
*/
sepgsql_avc_check_perms_label(seclabel,
SEPG_CLASS_DB_COLUMN,
SEPG_DB_PROCEDURE__RELABELTO,
audit_name,
true);
pfree(audit_name);
}
| void sepgsql_attribute_setattr | ( | Oid | relOid, | |
| AttrNumber | attnum | |||
| ) |
Definition at line 208 of file relation.c.
References get_rel_relkind(), getObjectIdentity(), pfree(), RELKIND_RELATION, SEPG_CLASS_DB_COLUMN, SEPG_DB_COLUMN__SETATTR, and sepgsql_avc_check_perms().
Referenced by sepgsql_object_access().
{
ObjectAddress object;
char *audit_name;
if (get_rel_relkind(relOid) != RELKIND_RELATION)
return;
/*
* check db_column:{setattr} permission
*/
object.classId = RelationRelationId;
object.objectId = relOid;
object.objectSubId = attnum;
audit_name = getObjectIdentity(&object);
sepgsql_avc_check_perms(&object,
SEPG_CLASS_DB_COLUMN,
SEPG_DB_COLUMN__SETATTR,
audit_name,
true);
pfree(audit_name);
}
| void sepgsql_audit_log | ( | bool | denied, | |
| const char * | scontext, | |||
| const char * | tcontext, | |||
| uint16 | tclass, | |||
| uint32 | audited, | |||
| const char * | audit_name | |||
| ) |
Definition at line 677 of file selinux.c.
References appendStringInfo(), Assert, av_name, buf, class_name, StringInfoData::data, ereport, errmsg(), i, initStringInfo(), LOG, selinux_catalog, and SEPG_CLASS_MAX.
Referenced by sepgsql_avc_check_perms_label(), and sepgsql_check_perms().
{
StringInfoData buf;
const char *class_name;
const char *av_name;
int i;
/* lookup name of the object class */
Assert(tclass < SEPG_CLASS_MAX);
class_name = selinux_catalog[tclass].class_name;
/* lookup name of the permissions */
initStringInfo(&buf);
appendStringInfo(&buf, "%s {",
(denied ? "denied" : "allowed"));
for (i = 0; selinux_catalog[tclass].av[i].av_name; i++)
{
if (audited & (1UL << i))
{
av_name = selinux_catalog[tclass].av[i].av_name;
appendStringInfo(&buf, " %s", av_name);
}
}
appendStringInfo(&buf, " }");
/*
* Call external audit module, if loaded
*/
appendStringInfo(&buf, " scontext=%s tcontext=%s tclass=%s",
scontext, tcontext, class_name);
if (audit_name)
appendStringInfo(&buf, " name=\"%s\"", audit_name);
ereport(LOG, (errmsg("SELinux: %s", buf.data)));
}
| bool sepgsql_avc_check_perms | ( | const ObjectAddress * | tobject, | |
| uint16 | tclass, | |||
| uint32 | required, | |||
| const char * | audit_name, | |||
| bool | abort_on_violation | |||
| ) |
Definition at line 428 of file uavc.c.
References GetSecurityLabel(), pfree(), sepgsql_avc_check_perms_label(), and SEPGSQL_LABEL_TAG.
Referenced by check_relation_privileges(), check_schema_perms(), sepgsql_attribute_drop(), sepgsql_attribute_relabel(), sepgsql_attribute_setattr(), sepgsql_database_drop(), sepgsql_database_relabel(), sepgsql_database_setattr(), sepgsql_fmgr_hook(), sepgsql_needs_fmgr_hook(), sepgsql_proc_drop(), sepgsql_proc_execute(), sepgsql_proc_post_create(), sepgsql_proc_relabel(), sepgsql_proc_setattr(), sepgsql_relation_drop(), sepgsql_relation_post_create(), sepgsql_relation_relabel(), sepgsql_relation_setattr(), sepgsql_schema_drop(), and sepgsql_schema_relabel().
{
char *tcontext = GetSecurityLabel(tobject, SEPGSQL_LABEL_TAG);
bool rc;
rc = sepgsql_avc_check_perms_label(tcontext,
tclass, required,
audit_name, abort_on_violation);
if (tcontext)
pfree(tcontext);
return rc;
}
| bool sepgsql_avc_check_perms_label | ( | const char * | tcontext, | |
| uint16 | tclass, | |||
| uint32 | required, | |||
| const char * | audit_name, | |||
| bool | abort_on_violation | |||
| ) |
Definition at line 346 of file uavc.c.
References avc_cache::allowed, avc_cache::auditallow, avc_cache::auditdeny, ereport, errcode(), errmsg(), ERROR, avc_cache::permissive, avc_cache::scontext, sepgsql_audit_log(), sepgsql_avc_check_valid(), sepgsql_avc_lookup(), SEPGSQL_AVC_NOAUDIT, sepgsql_avc_unlabeled(), sepgsql_get_client_label(), sepgsql_get_debug_audit(), sepgsql_get_mode(), sepgsql_getenforce(), SEPGSQL_MODE_INTERNAL, avc_cache::tclass, avc_cache::tcontext, and avc_cache::tcontext_is_valid.
Referenced by sepgsql_attribute_post_create(), sepgsql_attribute_relabel(), sepgsql_avc_check_perms(), sepgsql_database_post_create(), sepgsql_database_relabel(), sepgsql_fmgr_hook(), sepgsql_proc_post_create(), sepgsql_proc_relabel(), sepgsql_relation_post_create(), sepgsql_relation_relabel(), sepgsql_schema_post_create(), sepgsql_schema_relabel(), and sepgsql_set_client_label().
{
char *scontext = sepgsql_get_client_label();
avc_cache *cache;
uint32 denied;
uint32 audited;
bool result;
sepgsql_avc_check_valid();
do
{
result = true;
/*
* If the target object is unlabeled, we perform the check using the
* label supplied by sepgsql_avc_unlabeled().
*/
if (tcontext)
cache = sepgsql_avc_lookup(scontext, tcontext, tclass);
else
cache = sepgsql_avc_lookup(scontext,
sepgsql_avc_unlabeled(), tclass);
denied = required & ~cache->allowed;
/*
* Compute permissions to be audited
*/
if (sepgsql_get_debug_audit())
audited = (denied ? (denied & ~0) : (required & ~0));
else
audited = denied ? (denied & cache->auditdeny)
: (required & cache->auditallow);
if (denied)
{
/*
* In permissive mode or permissive domain, violated permissions
* shall be audited to the log files at once, and then implicitly
* allowed to avoid a flood of access denied logs, because the
* purpose of permissive mode/domain is to collect a violation log
* that will make it possible to fix up the security policy.
*/
if (!sepgsql_getenforce() || cache->permissive)
cache->allowed |= required;
else
result = false;
}
} while (!sepgsql_avc_check_valid());
/*
* In the case when we have something auditable actions here,
* sepgsql_audit_log shall be called with text representation of security
* labels for both of subject and object. It records this access
* violation, so DBA will be able to find out unexpected security problems
* later.
*/
if (audited != 0 &&
audit_name != SEPGSQL_AVC_NOAUDIT &&
sepgsql_get_mode() != SEPGSQL_MODE_INTERNAL)
{
sepgsql_audit_log(!!denied,
cache->scontext,
cache->tcontext_is_valid ?
cache->tcontext : sepgsql_avc_unlabeled(),
cache->tclass,
audited,
audit_name);
}
if (abort_on_violation && !result)
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
errmsg("SELinux: security policy violation")));
return result;
}
| void sepgsql_avc_init | ( | void | ) |
Definition at line 496 of file uavc.c.
References ALLOCSET_DEFAULT_INITSIZE, ALLOCSET_DEFAULT_MAXSIZE, ALLOCSET_DEFAULT_MINSIZE, AllocSetContextCreate(), avc_lru_hint, avc_num_caches, avc_threshold, ereport, errcode(), errmsg(), ERROR, LOG, on_proc_exit(), sepgsql_avc_exit(), and TopMemoryContext.
Referenced by _PG_init().
{
int rc;
/*
* All the avc stuff shall be allocated on avc_mem_cxt
*/
avc_mem_cxt = AllocSetContextCreate(TopMemoryContext,
"userspace access vector cache",
ALLOCSET_DEFAULT_MINSIZE,
ALLOCSET_DEFAULT_INITSIZE,
ALLOCSET_DEFAULT_MAXSIZE);
memset(avc_slots, 0, sizeof(avc_slots));
avc_num_caches = 0;
avc_lru_hint = 0;
avc_threshold = AVC_DEF_THRESHOLD;
/*
* SELinux allows to mmap(2) its kernel status page in read-only mode to
* inform userspace applications its status updating (such as policy
* reloading) without system-call invocations. This feature is only
* supported in Linux-2.6.38 or later, however, libselinux provides a
* fallback mode to know its status using netlink sockets.
*/
rc = selinux_status_open(1);
if (rc < 0)
ereport(ERROR,
(errcode(ERRCODE_INTERNAL_ERROR),
errmsg("SELinux: could not open selinux status : %m")));
else if (rc > 0)
ereport(LOG,
(errmsg("SELinux: kernel status page uses fallback mode")));
/* Arrange to close selinux status page on process exit. */
on_proc_exit(sepgsql_avc_exit, 0);
}
| char* sepgsql_avc_trusted_proc | ( | Oid | functionId | ) |
Definition at line 453 of file uavc.c.
References ObjectAddress::classId, GetSecurityLabel(), avc_cache::ncontext, ObjectAddress::objectId, ObjectAddress::objectSubId, SEPG_CLASS_DB_PROCEDURE, sepgsql_avc_check_valid(), sepgsql_avc_lookup(), sepgsql_avc_unlabeled(), sepgsql_get_client_label(), and SEPGSQL_LABEL_TAG.
Referenced by sepgsql_fmgr_hook(), and sepgsql_needs_fmgr_hook().
{
char *scontext = sepgsql_get_client_label();
char *tcontext;
ObjectAddress tobject;
avc_cache *cache;
tobject.classId = ProcedureRelationId;
tobject.objectId = functionId;
tobject.objectSubId = 0;
tcontext = GetSecurityLabel(&tobject, SEPGSQL_LABEL_TAG);
sepgsql_avc_check_valid();
do
{
if (tcontext)
cache = sepgsql_avc_lookup(scontext, tcontext,
SEPG_CLASS_DB_PROCEDURE);
else
cache = sepgsql_avc_lookup(scontext, sepgsql_avc_unlabeled(),
SEPG_CLASS_DB_PROCEDURE);
} while (!sepgsql_avc_check_valid());
return cache->ncontext;
}
| bool sepgsql_check_perms | ( | const char * | scontext, | |
| const char * | tcontext, | |||
| uint16 | tclass, | |||
| uint32 | required, | |||
| const char * | audit_name, | |||
| bool | abort_on_violation | |||
| ) |
Definition at line 902 of file selinux.c.
References ereport, errcode(), errmsg(), ERROR, sepgsql_audit_log(), sepgsql_compute_avd(), sepgsql_get_debug_audit(), sepgsql_getenforce(), sepgsql_mode, and SEPGSQL_MODE_INTERNAL.
{
struct av_decision avd;
uint32 denied;
uint32 audited;
bool result = true;
sepgsql_compute_avd(scontext, tcontext, tclass, &avd);
denied = required & ~avd.allowed;
if (sepgsql_get_debug_audit())
audited = (denied ? denied : required);
else
audited = (denied ? (denied & avd.auditdeny)
: (required & avd.auditallow));
if (denied &&
sepgsql_getenforce() > 0 &&
(avd.flags & SELINUX_AVD_FLAGS_PERMISSIVE) == 0)
result = false;
/*
* It records a security audit for the request, if needed. But, when
* SE-PgSQL performs 'internal' mode, it needs to keep silent.
*/
if (audited && sepgsql_mode != SEPGSQL_MODE_INTERNAL)
{
sepgsql_audit_log(denied,
scontext,
tcontext,
tclass,
audited,
audit_name);
}
if (!result && abort_on_violation)
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
errmsg("SELinux: security policy violation")));
return result;
}
| void sepgsql_compute_avd | ( | const char * | scontext, | |
| const char * | tcontext, | |||
| uint16 | tclass, | |||
| struct av_decision * | avd | |||
| ) |
Definition at line 732 of file selinux.c.
References Assert, av_code, av_name, class_code, ereport, errcode(), errmsg(), ERROR, i, selinux_catalog, and SEPG_CLASS_MAX.
Referenced by sepgsql_avc_compute(), and sepgsql_check_perms().
{
const char *tclass_name;
security_class_t tclass_ex;
struct av_decision avd_ex;
int i,
deny_unknown = security_deny_unknown();
/* Get external code of the object class */
Assert(tclass < SEPG_CLASS_MAX);
Assert(tclass == selinux_catalog[tclass].class_code);
tclass_name = selinux_catalog[tclass].class_name;
tclass_ex = string_to_security_class(tclass_name);
if (tclass_ex == 0)
{
/*
* If the current security policy does not support permissions
* corresponding to database objects, we fill up them with dummy data.
* If security_deny_unknown() returns positive value, undefined
* permissions should be denied. Otherwise, allowed
*/
avd->allowed = (security_deny_unknown() > 0 ? 0 : ~0);
avd->auditallow = 0U;
avd->auditdeny = ~0U;
avd->flags = 0;
return;
}
/*
* Ask SELinux what is allowed set of permissions on a pair of the
* security contexts and the given object class.
*/
if (security_compute_av_flags_raw((security_context_t) scontext,
(security_context_t) tcontext,
tclass_ex, 0, &avd_ex) < 0)
ereport(ERROR,
(errcode(ERRCODE_INTERNAL_ERROR),
errmsg("SELinux could not compute av_decision: "
"scontext=%s tcontext=%s tclass=%s: %m",
scontext, tcontext, tclass_name)));
/*
* SELinux returns its access control decision as a set of permissions
* represented in external code which depends on run-time environment. So,
* we need to translate it to the internal representation before returning
* results for the caller.
*/
memset(avd, 0, sizeof(struct av_decision));
for (i = 0; selinux_catalog[tclass].av[i].av_name; i++)
{
access_vector_t av_code_ex;
const char *av_name = selinux_catalog[tclass].av[i].av_name;
uint32 av_code = selinux_catalog[tclass].av[i].av_code;
av_code_ex = string_to_av_perm(tclass_ex, av_name);
if (av_code_ex == 0)
{
/* fill up undefined permissions */
if (!deny_unknown)
avd->allowed |= av_code;
avd->auditdeny |= av_code;
continue;
}
if (avd_ex.allowed & av_code_ex)
avd->allowed |= av_code;
if (avd_ex.auditallow & av_code_ex)
avd->auditallow |= av_code;
if (avd_ex.auditdeny & av_code_ex)
avd->auditdeny |= av_code;
}
return;
}
| char* sepgsql_compute_create | ( | const char * | scontext, | |
| const char * | tcontext, | |||
| uint16 | tclass, | |||
| const char * | objname | |||
| ) |
Definition at line 837 of file selinux.c.
References Assert, ereport, errcode(), errmsg(), ERROR, PG_CATCH, PG_END_TRY, PG_RE_THROW, PG_TRY, pstrdup(), selinux_catalog, and SEPG_CLASS_MAX.
Referenced by sepgsql_attribute_post_create(), sepgsql_avc_compute(), sepgsql_database_post_create(), sepgsql_proc_post_create(), sepgsql_relation_post_create(), and sepgsql_schema_post_create().
{
security_context_t ncontext;
security_class_t tclass_ex;
const char *tclass_name;
char *result;
/* Get external code of the object class */
Assert(tclass < SEPG_CLASS_MAX);
tclass_name = selinux_catalog[tclass].class_name;
tclass_ex = string_to_security_class(tclass_name);
/*
* Ask SELinux what is the default context for the given object class on a
* pair of security contexts
*/
if (security_compute_create_name_raw((security_context_t) scontext,
(security_context_t) tcontext,
tclass_ex,
objname,
&ncontext) < 0)
ereport(ERROR,
(errcode(ERRCODE_INTERNAL_ERROR),
errmsg("SELinux could not compute a new context: "
"scontext=%s tcontext=%s tclass=%s: %m",
scontext, tcontext, tclass_name)));
/*
* libselinux returns malloc()'ed string, so we need to copy it on the
* palloc()'ed region.
*/
PG_TRY();
{
result = pstrdup(ncontext);
}
PG_CATCH();
{
freecon(ncontext);
PG_RE_THROW();
}
PG_END_TRY();
freecon(ncontext);
return result;
}
| void sepgsql_database_drop | ( | Oid | databaseId | ) |
Definition at line 134 of file database.c.
References getObjectIdentity(), pfree(), SEPG_CLASS_DB_DATABASE, SEPG_DB_DATABASE__DROP, and sepgsql_avc_check_perms().
Referenced by sepgsql_object_access().
{
ObjectAddress object;
char *audit_name;
/*
* check db_database:{drop} permission
*/
object.classId = DatabaseRelationId;
object.objectId = databaseId;
object.objectSubId = 0;
audit_name = getObjectIdentity(&object);
sepgsql_avc_check_perms(&object,
SEPG_CLASS_DB_DATABASE,
SEPG_DB_DATABASE__DROP,
audit_name,
true);
pfree(audit_name);
}
| void sepgsql_database_post_create | ( | Oid | databaseId, | |
| const char * | dtemplate | |||
| ) |
Definition at line 34 of file database.c.
References AccessShareLock, appendStringInfo(), BTEqualStrategyNumber, StringInfoData::data, DatabaseOidIndexId, DatabaseRelationId, elog, ERROR, get_database_oid(), GETSTRUCT, heap_close, heap_open(), HeapTupleIsValid, initStringInfo(), NameStr, ObjectIdAttributeNumber, ObjectIdGetDatum, pfree(), quote_identifier(), resetStringInfo(), ScanKeyInit(), SEPG_CLASS_DB_DATABASE, SEPG_DB_DATABASE__CREATE, SEPG_DB_DATABASE__GETATTR, sepgsql_avc_check_perms_label(), sepgsql_compute_create(), sepgsql_get_client_label(), sepgsql_get_label(), SEPGSQL_LABEL_TAG, SetSecurityLabel(), SnapshotSelf, systable_beginscan(), systable_endscan(), and systable_getnext().
Referenced by sepgsql_object_access().
{
Relation rel;
ScanKeyData skey;
SysScanDesc sscan;
HeapTuple tuple;
char *tcontext;
char *ncontext;
ObjectAddress object;
Form_pg_database datForm;
StringInfoData audit_name;
/*
* Oid of the source database is not saved in pg_database catalog, so we
* collect its identifier using contextual information. If NULL, its
* default is "template1" according to createdb().
*/
if (!dtemplate)
dtemplate = "template1";
object.classId = DatabaseRelationId;
object.objectId = get_database_oid(dtemplate, false);
object.objectSubId = 0;
tcontext = sepgsql_get_label(object.classId,
object.objectId,
object.objectSubId);
/*
* check db_database:{getattr} permission
*/
initStringInfo(&audit_name);
appendStringInfo(&audit_name, "%s", quote_identifier(dtemplate));
sepgsql_avc_check_perms_label(tcontext,
SEPG_CLASS_DB_DATABASE,
SEPG_DB_DATABASE__GETATTR,
audit_name.data,
true);
/*
* Compute a default security label of the newly created database based on
* a pair of security label of client and source database.
*
* XXX - uncoming version of libselinux supports to take object name to
* handle special treatment on default security label.
*/
rel = heap_open(DatabaseRelationId, AccessShareLock);
ScanKeyInit(&skey,
ObjectIdAttributeNumber,
BTEqualStrategyNumber, F_OIDEQ,
ObjectIdGetDatum(databaseId));
sscan = systable_beginscan(rel, DatabaseOidIndexId, true,
SnapshotSelf, 1, &skey);
tuple = systable_getnext(sscan);
if (!HeapTupleIsValid(tuple))
elog(ERROR, "catalog lookup failed for database %u", databaseId);
datForm = (Form_pg_database) GETSTRUCT(tuple);
ncontext = sepgsql_compute_create(sepgsql_get_client_label(),
tcontext,
SEPG_CLASS_DB_DATABASE,
NameStr(datForm->datname));
/*
* check db_database:{create} permission
*/
resetStringInfo(&audit_name);
appendStringInfo(&audit_name, "%s",
quote_identifier(NameStr(datForm->datname)));
sepgsql_avc_check_perms_label(ncontext,
SEPG_CLASS_DB_DATABASE,
SEPG_DB_DATABASE__CREATE,
audit_name.data,
true);
systable_endscan(sscan);
heap_close(rel, AccessShareLock);
/*
* Assign the default security label on the new database
*/
object.classId = DatabaseRelationId;
object.objectId = databaseId;
object.objectSubId = 0;
SetSecurityLabel(&object, SEPGSQL_LABEL_TAG, ncontext);
pfree(ncontext);
pfree(tcontext);
}
| void sepgsql_database_relabel | ( | Oid | databaseId, | |
| const char * | seclabel | |||
| ) |
Definition at line 188 of file database.c.
References getObjectIdentity(), pfree(), SEPG_CLASS_DB_DATABASE, SEPG_DB_DATABASE__RELABELFROM, SEPG_DB_DATABASE__RELABELTO, SEPG_DB_DATABASE__SETATTR, sepgsql_avc_check_perms(), and sepgsql_avc_check_perms_label().
Referenced by sepgsql_object_relabel().
{
ObjectAddress object;
char *audit_name;
object.classId = DatabaseRelationId;
object.objectId = databaseId;
object.objectSubId = 0;
audit_name = getObjectIdentity(&object);
/*
* check db_database:{setattr relabelfrom} permission
*/
sepgsql_avc_check_perms(&object,
SEPG_CLASS_DB_DATABASE,
SEPG_DB_DATABASE__SETATTR |
SEPG_DB_DATABASE__RELABELFROM,
audit_name,
true);
/*
* check db_database:{relabelto} permission
*/
sepgsql_avc_check_perms_label(seclabel,
SEPG_CLASS_DB_DATABASE,
SEPG_DB_DATABASE__RELABELTO,
audit_name,
true);
pfree(audit_name);
}
| void sepgsql_database_setattr | ( | Oid | databaseId | ) |
Definition at line 161 of file database.c.
References getObjectIdentity(), pfree(), SEPG_CLASS_DB_DATABASE, SEPG_DB_DATABASE__SETATTR, and sepgsql_avc_check_perms().
Referenced by sepgsql_object_access().
{
ObjectAddress object;
char *audit_name;
/*
* check db_database:{setattr} permission
*/
object.classId = DatabaseRelationId;
object.objectId = databaseId;
object.objectSubId = 0;
audit_name = getObjectIdentity(&object);
sepgsql_avc_check_perms(&object,
SEPG_CLASS_DB_DATABASE,
SEPG_DB_DATABASE__SETATTR,
audit_name,
true);
pfree(audit_name);
}
Definition at line 283 of file dml.c.
References ACL_DELETE, ACL_INSERT, ACL_SELECT, ACL_UPDATE, bms_is_empty(), check_relation_privileges(), find_all_inheritors(), fixup_inherited_columns(), RangeTblEntry::inh, lfirst, lfirst_oid, list_free(), list_make1_oid, RangeTblEntry::modifiedCols, NoLock, NULL, RangeTblEntry::relid, RangeTblEntry::requiredPerms, RTE_RELATION, RangeTblEntry::rtekind, and RangeTblEntry::selectedCols.
Referenced by sepgsql_exec_check_perms().
{
ListCell *lr;
foreach(lr, rangeTabls)
{
RangeTblEntry *rte = lfirst(lr);
uint32 required = 0;
List *tableIds;
ListCell *li;
/*
* Only regular relations shall be checked
*/
if (rte->rtekind != RTE_RELATION)
continue;
/*
* Find out required permissions
*/
if (rte->requiredPerms & ACL_SELECT)
required |= SEPG_DB_TABLE__SELECT;
if (rte->requiredPerms & ACL_INSERT)
required |= SEPG_DB_TABLE__INSERT;
if (rte->requiredPerms & ACL_UPDATE)
{
if (!bms_is_empty(rte->modifiedCols))
required |= SEPG_DB_TABLE__UPDATE;
else
required |= SEPG_DB_TABLE__LOCK;
}
if (rte->requiredPerms & ACL_DELETE)
required |= SEPG_DB_TABLE__DELETE;
/*
* Skip, if nothing to be checked
*/
if (required == 0)
continue;
/*
* If this RangeTblEntry is also supposed to reference inherited
* tables, we need to check security label of the child tables. So, we
* expand rte->relid into list of OIDs of inheritance hierarchy, then
* checker routine will be invoked for each relations.
*/
if (!rte->inh)
tableIds = list_make1_oid(rte->relid);
else
tableIds = find_all_inheritors(rte->relid, NoLock, NULL);
foreach(li, tableIds)
{
Oid tableOid = lfirst_oid(li);
Bitmapset *selectedCols;
Bitmapset *modifiedCols;
/*
* child table has different attribute numbers, so we need to fix
* up them.
*/
selectedCols = fixup_inherited_columns(rte->relid, tableOid,
rte->selectedCols);
modifiedCols = fixup_inherited_columns(rte->relid, tableOid,
rte->modifiedCols);
/*
* check permissions on individual tables
*/
if (!check_relation_privileges(tableOid,
selectedCols,
modifiedCols,
required, abort_on_violation))
return false;
}
list_free(tableIds);
}
return true;
}
| char* sepgsql_get_client_label | ( | void | ) |
Definition at line 83 of file label.c.
References Assert, client_label_committed, client_label_func, client_label_peer, pending_label::label, llast, and NULL.
Referenced by sepgsql_attribute_post_create(), sepgsql_avc_check_perms_label(), sepgsql_avc_trusted_proc(), sepgsql_database_post_create(), sepgsql_getcon(), sepgsql_proc_post_create(), sepgsql_relation_post_create(), sepgsql_schema_post_create(), and sepgsql_set_client_label().
{
/* trusted procedure client label override */
if (client_label_func)
return client_label_func;
/* uncommitted sepgsql_setcon() value */
if (client_label_pending)
{
pending_label *plabel = llast(client_label_pending);
if (plabel->label)
return plabel->label;
}
else if (client_label_committed)
return client_label_committed; /* set by sepgsql_setcon() committed */
/* default label */
Assert(client_label_peer != NULL);
return client_label_peer;
}
| bool sepgsql_get_debug_audit | ( | void | ) |
Definition at line 75 of file hooks.c.
References sepgsql_debug_audit.
Referenced by sepgsql_avc_check_perms_label(), and sepgsql_check_perms().
{
return sepgsql_debug_audit;
}
Definition at line 456 of file label.c.
References ereport, errcode(), errmsg(), ERROR, GetSecurityLabel(), label, PG_CATCH, PG_END_TRY, PG_RE_THROW, PG_TRY, pstrdup(), and SEPGSQL_LABEL_TAG.
Referenced by sepgsql_attribute_post_create(), sepgsql_database_post_create(), sepgsql_proc_post_create(), sepgsql_relation_post_create(), and sepgsql_schema_post_create().
{
ObjectAddress object;
char *label;
object.classId = classId;
object.objectId = objectId;
object.objectSubId = subId;
label = GetSecurityLabel(&object, SEPGSQL_LABEL_TAG);
if (!label || security_check_context_raw((security_context_t) label))
{
security_context_t unlabeled;
if (security_get_initial_context_raw("unlabeled", &unlabeled) < 0)
ereport(ERROR,
(errcode(ERRCODE_INTERNAL_ERROR),
errmsg("SELinux: failed to get initial security label: %m")));
PG_TRY();
{
label = pstrdup(unlabeled);
}
PG_CATCH();
{
freecon(unlabeled);
PG_RE_THROW();
}
PG_END_TRY();
freecon(unlabeled);
}
return label;
}
| int sepgsql_get_mode | ( | void | ) |
Definition at line 622 of file selinux.c.
References sepgsql_mode.
Referenced by sepgsql_avc_check_perms_label().
{
return sepgsql_mode;
}
| bool sepgsql_get_permissive | ( | void | ) |
Definition at line 64 of file hooks.c.
References sepgsql_permissive.
Referenced by sepgsql_client_auth().
{
return sepgsql_permissive;
}
| Datum sepgsql_getcon | ( | PG_FUNCTION_ARGS | ) |
Definition at line 548 of file label.c.
References cstring_to_text(), PG_RETURN_NULL, PG_RETURN_TEXT_P, sepgsql_get_client_label(), and sepgsql_is_enabled().
{
char *client_label;
if (!sepgsql_is_enabled())
PG_RETURN_NULL();
client_label = sepgsql_get_client_label();
PG_RETURN_TEXT_P(cstring_to_text(client_label));
}
| bool sepgsql_getenforce | ( | void | ) |
Definition at line 648 of file selinux.c.
References sepgsql_mode, and SEPGSQL_MODE_DEFAULT.
Referenced by check_relation_privileges(), sepgsql_avc_check_perms_label(), sepgsql_check_perms(), and sepgsql_utility_command().
{
if (sepgsql_mode == SEPGSQL_MODE_DEFAULT &&
selinux_status_getenforce() > 0)
return true;
return false;
}
| void sepgsql_init_client_label | ( | void | ) |
Definition at line 415 of file label.c.
References client_label_peer, ClientAuthentication_hook, ereport, errcode(), errmsg(), ERROR, fmgr_hook, needs_fmgr_hook, next_client_auth_hook, next_fmgr_hook, next_needs_fmgr_hook, NULL, RegisterSubXactCallback(), RegisterXactCallback(), sepgsql_subxact_callback(), and sepgsql_xact_callback().
Referenced by _PG_init().
{
/*
* Set up dummy client label.
*
* XXX - note that PostgreSQL launches background worker process like
* autovacuum without authentication steps. So, we initialize sepgsql_mode
* with SEPGSQL_MODE_INTERNAL, and client_label with the security context
* of server process. Later, it also launches background of user session.
* In this case, the process is always hooked on post-authentication, and
* we can initialize the sepgsql_mode and client_label correctly.
*/
if (getcon_raw(&client_label_peer) < 0)
ereport(ERROR,
(errcode(ERRCODE_INTERNAL_ERROR),
errmsg("SELinux: failed to get server security label: %m")));
/* Client authentication hook */
next_client_auth_hook = ClientAuthentication_hook;
ClientAuthentication_hook = sepgsql_client_auth;
/* Trusted procedure hooks */
next_needs_fmgr_hook = needs_fmgr_hook;
needs_fmgr_hook = sepgsql_needs_fmgr_hook;
next_fmgr_hook = fmgr_hook;
fmgr_hook = sepgsql_fmgr_hook;
/* Transaction/Sub-transaction callbacks */
RegisterXactCallback(sepgsql_xact_callback, NULL);
RegisterSubXactCallback(sepgsql_subxact_callback, NULL);
}
| bool sepgsql_is_enabled | ( | void | ) |
Definition at line 613 of file selinux.c.
References sepgsql_mode, and SEPGSQL_MODE_DISABLED.
Referenced by sepgsql_getcon(), sepgsql_mcstrans_in(), sepgsql_mcstrans_out(), and sepgsql_restorecon().
{
return (sepgsql_mode != SEPGSQL_MODE_DISABLED ? true : false);
}
| Datum sepgsql_mcstrans_in | ( | PG_FUNCTION_ARGS | ) |
Definition at line 589 of file label.c.
References cstring_to_text(), ereport, errcode(), errmsg(), ERROR, label, PG_CATCH, PG_END_TRY, PG_GETARG_TEXT_P, PG_RE_THROW, PG_RETURN_TEXT_P, PG_TRY, pstrdup(), sepgsql_is_enabled(), and text_to_cstring().
{
text *label = PG_GETARG_TEXT_P(0);
char *raw_label;
char *result;
if (!sepgsql_is_enabled())
ereport(ERROR,
(errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
errmsg("sepgsql is not enabled")));
if (selinux_trans_to_raw_context(text_to_cstring(label),
&raw_label) < 0)
ereport(ERROR,
(errcode(ERRCODE_INTERNAL_ERROR),
errmsg("SELinux: could not translate security label: %m")));
PG_TRY();
{
result = pstrdup(raw_label);
}
PG_CATCH();
{
freecon(raw_label);
PG_RE_THROW();
}
PG_END_TRY();
freecon(raw_label);
PG_RETURN_TEXT_P(cstring_to_text(result));
}
| Datum sepgsql_mcstrans_out | ( | PG_FUNCTION_ARGS | ) |
Definition at line 629 of file label.c.
References cstring_to_text(), ereport, errcode(), errmsg(), ERROR, label, PG_CATCH, PG_END_TRY, PG_GETARG_TEXT_P, PG_RE_THROW, PG_RETURN_TEXT_P, PG_TRY, pstrdup(), sepgsql_is_enabled(), and text_to_cstring().
{
text *label = PG_GETARG_TEXT_P(0);
char *qual_label;
char *result;
if (!sepgsql_is_enabled())
ereport(ERROR,
(errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
errmsg("sepgsql is not currently enabled")));
if (selinux_raw_to_trans_context(text_to_cstring(label),
&qual_label) < 0)
ereport(ERROR,
(errcode(ERRCODE_INTERNAL_ERROR),
errmsg("SELinux: could not translate security label: %m")));
PG_TRY();
{
result = pstrdup(qual_label);
}
PG_CATCH();
{
freecon(qual_label);
PG_RE_THROW();
}
PG_END_TRY();
freecon(qual_label);
PG_RETURN_TEXT_P(cstring_to_text(result));
}
| void sepgsql_object_relabel | ( | const ObjectAddress * | object, | |
| const char * | seclabel | |||
| ) |
Definition at line 496 of file label.c.
References ObjectAddress::classId, DatabaseRelationId, elog, ereport, errcode(), errmsg(), ERROR, NamespaceRelationId, ObjectAddress::objectId, ObjectAddress::objectSubId, ProcedureRelationId, RelationRelationId, sepgsql_attribute_relabel(), sepgsql_database_relabel(), sepgsql_proc_relabel(), sepgsql_relation_relabel(), and sepgsql_schema_relabel().
Referenced by _PG_init(), and exec_object_restorecon().
{
/*
* validate format of the supplied security label, if it is security
* context of selinux.
*/
if (seclabel &&
security_check_context_raw((security_context_t) seclabel) < 0)
ereport(ERROR,
(errcode(ERRCODE_INVALID_NAME),
errmsg("SELinux: invalid security label: \"%s\"", seclabel)));
/*
* Do actual permission checks for each object classes
*/
switch (object->classId)
{
case DatabaseRelationId:
sepgsql_database_relabel(object->objectId, seclabel);
break;
case NamespaceRelationId:
sepgsql_schema_relabel(object->objectId, seclabel);
break;
case RelationRelationId:
if (object->objectSubId == 0)
sepgsql_relation_relabel(object->objectId,
seclabel);
else
sepgsql_attribute_relabel(object->objectId,
object->objectSubId,
seclabel);
break;
case ProcedureRelationId:
sepgsql_proc_relabel(object->objectId, seclabel);
break;
default:
elog(ERROR, "unsupported object type: %u", object->classId);
break;
}
}
| void sepgsql_proc_drop | ( | Oid | functionId | ) |
Definition at line 157 of file proc.c.
References get_func_namespace(), getObjectIdentity(), pfree(), SEPG_CLASS_DB_PROCEDURE, SEPG_CLASS_DB_SCHEMA, SEPG_DB_PROCEDURE__DROP, SEPG_DB_SCHEMA__REMOVE_NAME, and sepgsql_avc_check_perms().
Referenced by sepgsql_object_access().
{
ObjectAddress object;
char *audit_name;
/*
* check db_schema:{remove_name} permission
*/
object.classId = NamespaceRelationId;
object.objectId = get_func_namespace(functionId);
object.objectSubId = 0;
audit_name = getObjectIdentity(&object);
sepgsql_avc_check_perms(&object,
SEPG_CLASS_DB_SCHEMA,
SEPG_DB_SCHEMA__REMOVE_NAME,
audit_name,
true);
pfree(audit_name);
/*
* check db_procedure:{drop} permission
*/
object.classId = ProcedureRelationId;
object.objectId = functionId;
object.objectSubId = 0;
audit_name = getObjectIdentity(&object);
sepgsql_avc_check_perms(&object,
SEPG_CLASS_DB_PROCEDURE,
SEPG_DB_PROCEDURE__DROP,
audit_name,
true);
pfree(audit_name);
}
| void sepgsql_proc_execute | ( | Oid | functionId | ) |
Definition at line 317 of file proc.c.
References getObjectIdentity(), pfree(), SEPG_CLASS_DB_PROCEDURE, SEPG_DB_PROCEDURE__EXECUTE, and sepgsql_avc_check_perms().
Referenced by sepgsql_object_access().
{
ObjectAddress object;
char *audit_name;
/*
* check db_procedure:{execute} permission
*/
object.classId = ProcedureRelationId;
object.objectId = functionId;
object.objectSubId = 0;
audit_name = getObjectIdentity(&object);
sepgsql_avc_check_perms(&object,
SEPG_CLASS_DB_PROCEDURE,
SEPG_DB_PROCEDURE__EXECUTE,
audit_name,
true);
pfree(audit_name);
}
| void sepgsql_proc_post_create | ( | Oid | functionId | ) |
Definition at line 39 of file proc.c.
References AccessShareLock, appendStringInfo(), appendStringInfoChar(), appendStringInfoString(), BTEqualStrategyNumber, StringInfoData::data, elog, ERROR, get_namespace_name(), getObjectIdentity(), GETSTRUCT, heap_close, heap_open(), HeapTupleIsValid, i, initStringInfo(), NamespaceRelationId, NameStr, ObjectIdAttributeNumber, ObjectIdGetDatum, pfree(), ProcedureOidIndexId, ProcedureRelationId, quote_qualified_identifier(), ScanKeyInit(), SEPG_CLASS_DB_PROCEDURE, SEPG_CLASS_DB_SCHEMA, SEPG_DB_SCHEMA__ADD_NAME, sepgsql_avc_check_perms(), sepgsql_avc_check_perms_label(), sepgsql_compute_create(), sepgsql_get_client_label(), sepgsql_get_label(), SEPGSQL_LABEL_TAG, SetSecurityLabel(), SnapshotSelf, systable_beginscan(), systable_endscan(), and systable_getnext().
Referenced by sepgsql_object_access().
{
Relation rel;
ScanKeyData skey;
SysScanDesc sscan;
HeapTuple tuple;
char *nsp_name;
char *scontext;
char *tcontext;
char *ncontext;
uint32 required;
int i;
StringInfoData audit_name;
ObjectAddress object;
Form_pg_proc proForm;
/*
* Fetch namespace of the new procedure. Because pg_proc entry is not
* visible right now, we need to scan the catalog using SnapshotSelf.
*/
rel = heap_open(ProcedureRelationId, AccessShareLock);
ScanKeyInit(&skey,
ObjectIdAttributeNumber,
BTEqualStrategyNumber, F_OIDEQ,
ObjectIdGetDatum(functionId));
sscan = systable_beginscan(rel, ProcedureOidIndexId, true,
SnapshotSelf, 1, &skey);
tuple = systable_getnext(sscan);
if (!HeapTupleIsValid(tuple))
elog(ERROR, "catalog lookup failed for proc %u", functionId);
proForm = (Form_pg_proc) GETSTRUCT(tuple);
/*
* check db_schema:{add_name} permission of the namespace
*/
object.classId = NamespaceRelationId;
object.objectId = proForm->pronamespace;
object.objectSubId = 0;
sepgsql_avc_check_perms(&object,
SEPG_CLASS_DB_SCHEMA,
SEPG_DB_SCHEMA__ADD_NAME,
getObjectIdentity(&object),
true);
/*
* XXX - db_language:{implement} also should be checked here
*/
/*
* Compute a default security label when we create a new procedure object
* under the specified namespace.
*/
scontext = sepgsql_get_client_label();
tcontext = sepgsql_get_label(NamespaceRelationId,
proForm->pronamespace, 0);
ncontext = sepgsql_compute_create(scontext, tcontext,
SEPG_CLASS_DB_PROCEDURE,
NameStr(proForm->proname));
/*
* check db_procedure:{create (install)} permission
*/
initStringInfo(&audit_name);
nsp_name = get_namespace_name(proForm->pronamespace);
appendStringInfo(&audit_name, "%s(",
quote_qualified_identifier(nsp_name, NameStr(proForm->proname)));
for (i = 0; i < proForm->pronargs; i++)
{
if (i > 0)
appendStringInfoChar(&audit_name, ',');
object.classId = TypeRelationId;
object.objectId = proForm->proargtypes.values[i];
object.objectSubId = 0;
appendStringInfoString(&audit_name, getObjectIdentity(&object));
}
appendStringInfoChar(&audit_name, ')');
required = SEPG_DB_PROCEDURE__CREATE;
if (proForm->proleakproof)
required |= SEPG_DB_PROCEDURE__INSTALL;
sepgsql_avc_check_perms_label(ncontext,
SEPG_CLASS_DB_PROCEDURE,
required,
audit_name.data,
true);
/*
* Assign the default security label on a new procedure
*/
object.classId = ProcedureRelationId;
object.objectId = functionId;
object.objectSubId = 0;
SetSecurityLabel(&object, SEPGSQL_LABEL_TAG, ncontext);
/*
* Cleanup
*/
systable_endscan(sscan);
heap_close(rel, AccessShareLock);
pfree(audit_name.data);
pfree(tcontext);
pfree(ncontext);
}
| void sepgsql_proc_relabel | ( | Oid | functionId, | |
| const char * | seclabel | |||
| ) |
Definition at line 200 of file proc.c.
References getObjectIdentity(), pfree(), SEPG_CLASS_DB_PROCEDURE, SEPG_DB_PROCEDURE__RELABELFROM, SEPG_DB_PROCEDURE__RELABELTO, SEPG_DB_PROCEDURE__SETATTR, sepgsql_avc_check_perms(), and sepgsql_avc_check_perms_label().
Referenced by sepgsql_object_relabel().
{
ObjectAddress object;
char *audit_name;
object.classId = ProcedureRelationId;
object.objectId = functionId;
object.objectSubId = 0;
audit_name = getObjectIdentity(&object);
/*
* check db_procedure:{setattr relabelfrom} permission
*/
sepgsql_avc_check_perms(&object,
SEPG_CLASS_DB_PROCEDURE,
SEPG_DB_PROCEDURE__SETATTR |
SEPG_DB_PROCEDURE__RELABELFROM,
audit_name,
true);
/*
* check db_procedure:{relabelto} permission
*/
sepgsql_avc_check_perms_label(seclabel,
SEPG_CLASS_DB_PROCEDURE,
SEPG_DB_PROCEDURE__RELABELTO,
audit_name,
true);
pfree(audit_name);
}
| void sepgsql_proc_setattr | ( | Oid | functionId | ) |
Definition at line 237 of file proc.c.
References AccessShareLock, BTEqualStrategyNumber, elog, ERROR, getObjectIdentity(), GETSTRUCT, heap_close, heap_open(), HeapTupleIsValid, NameStr, ObjectIdAttributeNumber, ObjectIdGetDatum, pfree(), ProcedureOidIndexId, ProcedureRelationId, PROCOID, ReleaseSysCache(), ScanKeyInit(), SearchSysCache1, SEPG_CLASS_DB_PROCEDURE, sepgsql_avc_check_perms(), sepgsql_schema_add_name(), sepgsql_schema_remove_name(), sepgsql_schema_rename(), SnapshotSelf, systable_beginscan(), systable_endscan(), and systable_getnext().
Referenced by sepgsql_object_access().
{
Relation rel;
ScanKeyData skey;
SysScanDesc sscan;
HeapTuple oldtup;
HeapTuple newtup;
Form_pg_proc oldform;
Form_pg_proc newform;
uint32 required;
ObjectAddress object;
char *audit_name;
/*
* Fetch newer catalog
*/
rel = heap_open(ProcedureRelationId, AccessShareLock);
ScanKeyInit(&skey,
ObjectIdAttributeNumber,
BTEqualStrategyNumber, F_OIDEQ,
ObjectIdGetDatum(functionId));
sscan = systable_beginscan(rel, ProcedureOidIndexId, true,
SnapshotSelf, 1, &skey);
newtup = systable_getnext(sscan);
if (!HeapTupleIsValid(newtup))
elog(ERROR, "catalog lookup failed for function %u", functionId);
newform = (Form_pg_proc) GETSTRUCT(newtup);
/*
* Fetch older catalog
*/
oldtup = SearchSysCache1(PROCOID, ObjectIdGetDatum(functionId));
if (!HeapTupleIsValid(oldtup))
elog(ERROR, "cache lookup failed for function %u", functionId);
oldform = (Form_pg_proc) GETSTRUCT(oldtup);
/*
* Does this ALTER command takes operation to namespace?
*/
if (newform->pronamespace != oldform->pronamespace)
{
sepgsql_schema_remove_name(oldform->pronamespace);
sepgsql_schema_add_name(oldform->pronamespace);
}
if (strcmp(NameStr(newform->proname), NameStr(oldform->proname)) != 0)
sepgsql_schema_rename(oldform->pronamespace);
/*
* check db_procedure:{setattr (install)} permission
*/
required = SEPG_DB_PROCEDURE__SETATTR;
if (!oldform->proleakproof && newform->proleakproof)
required |= SEPG_DB_PROCEDURE__INSTALL;
object.classId = ProcedureRelationId;
object.objectId = functionId;
object.objectSubId = 0;
audit_name = getObjectIdentity(&object);
sepgsql_avc_check_perms(&object,
SEPG_CLASS_DB_PROCEDURE,
required,
audit_name,
true);
/* cleanups */
pfree(audit_name);
ReleaseSysCache(oldtup);
systable_endscan(sscan);
heap_close(rel, AccessShareLock);
}
| void sepgsql_relation_drop | ( | Oid | relOid | ) |
Definition at line 412 of file relation.c.
References ATTNUM, get_rel_namespace(), get_rel_relkind(), getObjectIdentity(), GETSTRUCT, i, catclist::members, catclist::n_members, ObjectIdGetDatum, pfree(), PG_TOAST_NAMESPACE, ReleaseCatCacheList(), RELKIND_INDEX, RELKIND_RELATION, RELKIND_SEQUENCE, RELKIND_VIEW, SearchSysCacheList1, SEPG_CLASS_DB_COLUMN, SEPG_CLASS_DB_SCHEMA, SEPG_DB_COLUMN__DROP, SEPG_DB_SCHEMA__REMOVE_NAME, SEPG_DB_TABLE__DROP, sepgsql_avc_check_perms(), sepgsql_index_modify(), and catctup::tuple.
Referenced by sepgsql_object_access().
{
ObjectAddress object;
char *audit_name;
uint16_t tclass;
char relkind;
relkind = get_rel_relkind(relOid);
switch (relkind)
{
case RELKIND_RELATION:
tclass = SEPG_CLASS_DB_TABLE;
break;
case RELKIND_SEQUENCE:
tclass = SEPG_CLASS_DB_SEQUENCE;
break;
case RELKIND_VIEW:
tclass = SEPG_CLASS_DB_VIEW;
break;
case RELKIND_INDEX:
/* ignore indexes on toast tables */
if (get_rel_namespace(relOid) == PG_TOAST_NAMESPACE)
return;
/* other indexes are handled specially below; no need for tclass */
break;
default:
/* ignore other relkinds */
return;
}
/*
* check db_schema:{remove_name} permission
*/
object.classId = NamespaceRelationId;
object.objectId = get_rel_namespace(relOid);
object.objectSubId = 0;
audit_name = getObjectIdentity(&object);
sepgsql_avc_check_perms(&object,
SEPG_CLASS_DB_SCHEMA,
SEPG_DB_SCHEMA__REMOVE_NAME,
audit_name,
true);
pfree(audit_name);
/* deal with indexes specially */
if (relkind == RELKIND_INDEX)
{
sepgsql_index_modify(relOid);
return;
}
/*
* check db_table/sequence/view:{drop} permission
*/
object.classId = RelationRelationId;
object.objectId = relOid;
object.objectSubId = 0;
audit_name = getObjectIdentity(&object);
sepgsql_avc_check_perms(&object,
tclass,
SEPG_DB_TABLE__DROP,
audit_name,
true);
pfree(audit_name);
/*
* check db_column:{drop} permission
*/
if (relkind == RELKIND_RELATION)
{
Form_pg_attribute attForm;
CatCList *attrList;
HeapTuple atttup;
int i;
attrList = SearchSysCacheList1(ATTNUM, ObjectIdGetDatum(relOid));
for (i = 0; i < attrList->n_members; i++)
{
atttup = &attrList->members[i]->tuple;
attForm = (Form_pg_attribute) GETSTRUCT(atttup);
if (attForm->attisdropped)
continue;
object.classId = RelationRelationId;
object.objectId = relOid;
object.objectSubId = attForm->attnum;
audit_name = getObjectIdentity(&object);
sepgsql_avc_check_perms(&object,
SEPG_CLASS_DB_COLUMN,
SEPG_DB_COLUMN__DROP,
audit_name,
true);
pfree(audit_name);
}
ReleaseCatCacheList(attrList);
}
}
| void sepgsql_relation_post_create | ( | Oid | relOid | ) |
Definition at line 238 of file relation.c.
References AccessShareLock, Anum_pg_attribute_attrelid, appendStringInfo(), AttributeRelationId, AttributeRelidNumIndexId, BTEqualStrategyNumber, ClassOidIndexId, StringInfoData::data, elog, ERROR, get_namespace_name(), getObjectIdentity(), GETSTRUCT, heap_close, heap_open(), HeapTupleIsValid, initStringInfo(), NamespaceRelationId, NameStr, ObjectIdAttributeNumber, ObjectIdGetDatum, pfree(), PG_TOAST_NAMESPACE, quote_identifier(), RelationRelationId, RELKIND_INDEX, RELKIND_RELATION, RELKIND_SEQUENCE, RELKIND_VIEW, resetStringInfo(), ScanKeyInit(), SEPG_CLASS_DB_COLUMN, SEPG_CLASS_DB_SCHEMA, SEPG_DB_COLUMN__CREATE, SEPG_DB_DATABASE__CREATE, SEPG_DB_SCHEMA__ADD_NAME, sepgsql_avc_check_perms(), sepgsql_avc_check_perms_label(), sepgsql_compute_create(), sepgsql_get_client_label(), sepgsql_get_label(), sepgsql_index_modify(), SEPGSQL_LABEL_TAG, SetSecurityLabel(), SnapshotSelf, systable_beginscan(), systable_endscan(), and systable_getnext().
Referenced by sepgsql_object_access().
{
Relation rel;
ScanKeyData skey;
SysScanDesc sscan;
HeapTuple tuple;
Form_pg_class classForm;
ObjectAddress object;
uint16 tclass;
char *scontext; /* subject */
char *tcontext; /* schema */
char *rcontext; /* relation */
char *ccontext; /* column */
char *nsp_name;
StringInfoData audit_name;
/*
* Fetch catalog record of the new relation. Because pg_class entry is not
* visible right now, we need to scan the catalog using SnapshotSelf.
*/
rel = heap_open(RelationRelationId, AccessShareLock);
ScanKeyInit(&skey,
ObjectIdAttributeNumber,
BTEqualStrategyNumber, F_OIDEQ,
ObjectIdGetDatum(relOid));
sscan = systable_beginscan(rel, ClassOidIndexId, true,
SnapshotSelf, 1, &skey);
tuple = systable_getnext(sscan);
if (!HeapTupleIsValid(tuple))
elog(ERROR, "catalog lookup failed for relation %u", relOid);
classForm = (Form_pg_class) GETSTRUCT(tuple);
/* ignore indexes on toast tables */
if (classForm->relkind == RELKIND_INDEX &&
classForm->relnamespace == PG_TOAST_NAMESPACE)
goto out;
/*
* check db_schema:{add_name} permission of the namespace
*/
object.classId = NamespaceRelationId;
object.objectId = classForm->relnamespace;
object.objectSubId = 0;
sepgsql_avc_check_perms(&object,
SEPG_CLASS_DB_SCHEMA,
SEPG_DB_SCHEMA__ADD_NAME,
getObjectIdentity(&object),
true);
switch (classForm->relkind)
{
case RELKIND_RELATION:
tclass = SEPG_CLASS_DB_TABLE;
break;
case RELKIND_SEQUENCE:
tclass = SEPG_CLASS_DB_SEQUENCE;
break;
case RELKIND_VIEW:
tclass = SEPG_CLASS_DB_VIEW;
break;
case RELKIND_INDEX:
/* deal with indexes specially; no need for tclass */
sepgsql_index_modify(relOid);
goto out;
default:
/* ignore other relkinds */
goto out;
}
/*
* Compute a default security label when we create a new relation object
* under the specified namespace.
*/
scontext = sepgsql_get_client_label();
tcontext = sepgsql_get_label(NamespaceRelationId,
classForm->relnamespace, 0);
rcontext = sepgsql_compute_create(scontext, tcontext, tclass,
NameStr(classForm->relname));
/*
* check db_xxx:{create} permission
*/
nsp_name = get_namespace_name(classForm->relnamespace);
initStringInfo(&audit_name);
appendStringInfo(&audit_name, "%s.%s",
quote_identifier(nsp_name),
quote_identifier(NameStr(classForm->relname)));
sepgsql_avc_check_perms_label(rcontext,
tclass,
SEPG_DB_DATABASE__CREATE,
audit_name.data,
true);
/*
* Assign the default security label on the new relation
*/
object.classId = RelationRelationId;
object.objectId = relOid;
object.objectSubId = 0;
SetSecurityLabel(&object, SEPGSQL_LABEL_TAG, rcontext);
/*
* We also assigns a default security label on columns of the new regular
* tables.
*/
if (classForm->relkind == RELKIND_RELATION)
{
Relation arel;
ScanKeyData akey;
SysScanDesc ascan;
HeapTuple atup;
Form_pg_attribute attForm;
arel = heap_open(AttributeRelationId, AccessShareLock);
ScanKeyInit(&akey,
Anum_pg_attribute_attrelid,
BTEqualStrategyNumber, F_OIDEQ,
ObjectIdGetDatum(relOid));
ascan = systable_beginscan(arel, AttributeRelidNumIndexId, true,
SnapshotSelf, 1, &akey);
while (HeapTupleIsValid(atup = systable_getnext(ascan)))
{
attForm = (Form_pg_attribute) GETSTRUCT(atup);
resetStringInfo(&audit_name);
appendStringInfo(&audit_name, "%s.%s.%s",
quote_identifier(nsp_name),
quote_identifier(NameStr(classForm->relname)),
quote_identifier(NameStr(attForm->attname)));
ccontext = sepgsql_compute_create(scontext,
rcontext,
SEPG_CLASS_DB_COLUMN,
NameStr(attForm->attname));
/*
* check db_column:{create} permission
*/
sepgsql_avc_check_perms_label(ccontext,
SEPG_CLASS_DB_COLUMN,
SEPG_DB_COLUMN__CREATE,
audit_name.data,
true);
object.classId = RelationRelationId;
object.objectId = relOid;
object.objectSubId = attForm->attnum;
SetSecurityLabel(&object, SEPGSQL_LABEL_TAG, ccontext);
pfree(ccontext);
}
systable_endscan(ascan);
heap_close(arel, AccessShareLock);
}
pfree(rcontext);
out:
systable_endscan(sscan);
heap_close(rel, AccessShareLock);
}
| void sepgsql_relation_relabel | ( | Oid | relOid, | |
| const char * | seclabel | |||
| ) |
Definition at line 520 of file relation.c.
References ereport, errcode(), errmsg(), ERROR, get_rel_relkind(), getObjectIdentity(), pfree(), RELKIND_RELATION, RELKIND_SEQUENCE, RELKIND_VIEW, SEPG_DB_TABLE__RELABELFROM, SEPG_DB_TABLE__RELABELTO, SEPG_DB_TABLE__SETATTR, sepgsql_avc_check_perms(), and sepgsql_avc_check_perms_label().
Referenced by sepgsql_object_relabel().
{
ObjectAddress object;
char *audit_name;
char relkind;
uint16_t tclass = 0;
relkind = get_rel_relkind(relOid);
if (relkind == RELKIND_RELATION)
tclass = SEPG_CLASS_DB_TABLE;
else if (relkind == RELKIND_SEQUENCE)
tclass = SEPG_CLASS_DB_SEQUENCE;
else if (relkind == RELKIND_VIEW)
tclass = SEPG_CLASS_DB_VIEW;
else
ereport(ERROR,
(errcode(ERRCODE_WRONG_OBJECT_TYPE),
errmsg("cannot set security labels on relations except "
"for tables, sequences or views")));
object.classId = RelationRelationId;
object.objectId = relOid;
object.objectSubId = 0;
audit_name = getObjectIdentity(&object);
/*
* check db_xxx:{setattr relabelfrom} permission
*/
sepgsql_avc_check_perms(&object,
tclass,
SEPG_DB_TABLE__SETATTR |
SEPG_DB_TABLE__RELABELFROM,
audit_name,
true);
/*
* check db_xxx:{relabelto} permission
*/
sepgsql_avc_check_perms_label(seclabel,
tclass,
SEPG_DB_TABLE__RELABELTO,
audit_name,
true);
pfree(audit_name);
}
| void sepgsql_relation_setattr | ( | Oid | relOid | ) |
Definition at line 572 of file relation.c.
References AccessShareLock, BTEqualStrategyNumber, ClassOidIndexId, elog, ERROR, get_rel_relkind(), getObjectIdentity(), GETSTRUCT, heap_close, heap_open(), HeapTupleIsValid, NameStr, ObjectIdAttributeNumber, ObjectIdGetDatum, pfree(), RelationRelationId, ReleaseSysCache(), RELKIND_INDEX, RELKIND_RELATION, RELKIND_SEQUENCE, RELKIND_VIEW, RELOID, ScanKeyInit(), SearchSysCache1, SEPG_DB_TABLE__SETATTR, sepgsql_avc_check_perms(), sepgsql_index_modify(), sepgsql_schema_add_name(), sepgsql_schema_remove_name(), sepgsql_schema_rename(), SnapshotSelf, systable_beginscan(), systable_endscan(), and systable_getnext().
Referenced by sepgsql_object_access(), and sepgsql_relation_setattr_extra().
{
Relation rel;
ScanKeyData skey;
SysScanDesc sscan;
HeapTuple oldtup;
HeapTuple newtup;
Form_pg_class oldform;
Form_pg_class newform;
ObjectAddress object;
char *audit_name;
uint16_t tclass;
switch (get_rel_relkind(relOid))
{
case RELKIND_RELATION:
tclass = SEPG_CLASS_DB_TABLE;
break;
case RELKIND_SEQUENCE:
tclass = SEPG_CLASS_DB_SEQUENCE;
break;
case RELKIND_VIEW:
tclass = SEPG_CLASS_DB_VIEW;
break;
case RELKIND_INDEX:
/* deal with indexes specially */
sepgsql_index_modify(relOid);
return;
default:
/* other relkinds don't need additional work */
return;
}
/*
* Fetch newer catalog
*/
rel = heap_open(RelationRelationId, AccessShareLock);
ScanKeyInit(&skey,
ObjectIdAttributeNumber,
BTEqualStrategyNumber, F_OIDEQ,
ObjectIdGetDatum(relOid));
sscan = systable_beginscan(rel, ClassOidIndexId, true,
SnapshotSelf, 1, &skey);
newtup = systable_getnext(sscan);
if (!HeapTupleIsValid(newtup))
elog(ERROR, "catalog lookup failed for relation %u", relOid);
newform = (Form_pg_class) GETSTRUCT(newtup);
/*
* Fetch older catalog
*/
oldtup = SearchSysCache1(RELOID, ObjectIdGetDatum(relOid));
if (!HeapTupleIsValid(oldtup))
elog(ERROR, "cache lookup failed for relation %u", relOid);
oldform = (Form_pg_class) GETSTRUCT(oldtup);
/*
* Does this ALTER command takes operation to namespace?
*/
if (newform->relnamespace != oldform->relnamespace)
{
sepgsql_schema_remove_name(oldform->relnamespace);
sepgsql_schema_add_name(newform->relnamespace);
}
if (strcmp(NameStr(newform->relname), NameStr(oldform->relname)) != 0)
sepgsql_schema_rename(oldform->relnamespace);
/*
* XXX - In the future version, db_tuple:{use} of system catalog entry
* shall be checked, if tablespace configuration is changed.
*/
/*
* check db_xxx:{setattr} permission
*/
object.classId = RelationRelationId;
object.objectId = relOid;
object.objectSubId = 0;
audit_name = getObjectIdentity(&object);
sepgsql_avc_check_perms(&object,
tclass,
SEPG_DB_TABLE__SETATTR,
audit_name,
true);
pfree(audit_name);
ReleaseSysCache(oldtup);
systable_endscan(sscan);
heap_close(rel, AccessShareLock);
}
| Datum sepgsql_restorecon | ( | PG_FUNCTION_ARGS | ) |
Definition at line 896 of file label.c.
References AttributeRelationId, DatabaseRelationId, ereport, errcode(), errmsg(), ERROR, exec_object_restorecon(), NamespaceRelationId, PG_ARGISNULL, PG_CATCH, PG_END_TRY, PG_GETARG_DATUM, PG_RE_THROW, PG_RETURN_BOOL, PG_TRY, ProcedureRelationId, RelationRelationId, sepgsql_is_enabled(), superuser(), and TextDatumGetCString.
{
struct selabel_handle *sehnd;
struct selinux_opt seopts;
/*
* SELinux has to be enabled on the running platform.
*/
if (!sepgsql_is_enabled())
ereport(ERROR,
(errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),
errmsg("sepgsql is not currently enabled")));
/*
* Check DAC permission. Only superuser can set up initial security
* labels, like root-user in filesystems
*/
if (!superuser())
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
errmsg("SELinux: must be superuser to restore initial contexts")));
/*
* Open selabel_lookup(3) stuff. It provides a set of mapping between an
* initial security label and object class/name due to the system setting.
*/
if (PG_ARGISNULL(0))
{
seopts.type = SELABEL_OPT_UNUSED;
seopts.value = NULL;
}
else
{
seopts.type = SELABEL_OPT_PATH;
seopts.value = TextDatumGetCString(PG_GETARG_DATUM(0));
}
sehnd = selabel_open(SELABEL_CTX_DB, &seopts, 1);
if (!sehnd)
ereport(ERROR,
(errcode(ERRCODE_INTERNAL_ERROR),
errmsg("SELinux: failed to initialize labeling handle: %m")));
PG_TRY();
{
exec_object_restorecon(sehnd, DatabaseRelationId);
exec_object_restorecon(sehnd, NamespaceRelationId);
exec_object_restorecon(sehnd, RelationRelationId);
exec_object_restorecon(sehnd, AttributeRelationId);
exec_object_restorecon(sehnd, ProcedureRelationId);
}
PG_CATCH();
{
selabel_close(sehnd);
PG_RE_THROW();
}
PG_END_TRY();
selabel_close(sehnd);
PG_RETURN_BOOL(true);
}
| void sepgsql_schema_add_name | ( | Oid | namespaceId | ) |
Definition at line 218 of file schema.c.
References check_schema_perms(), and SEPG_DB_SCHEMA__ADD_NAME.
Referenced by sepgsql_proc_setattr(), and sepgsql_relation_setattr().
{
check_schema_perms(namespaceId, SEPG_DB_SCHEMA__ADD_NAME, true);
}
| void sepgsql_schema_drop | ( | Oid | namespaceId | ) |
Definition at line 115 of file schema.c.
References getObjectIdentity(), pfree(), SEPG_CLASS_DB_SCHEMA, SEPG_DB_SCHEMA__DROP, and sepgsql_avc_check_perms().
Referenced by sepgsql_object_access().
{
ObjectAddress object;
char *audit_name;
/*
* check db_schema:{drop} permission
*/
object.classId = NamespaceRelationId;
object.objectId = namespaceId;
object.objectSubId = 0;
audit_name = getObjectIdentity(&object);
sepgsql_avc_check_perms(&object,
SEPG_CLASS_DB_SCHEMA,
SEPG_DB_SCHEMA__DROP,
audit_name,
true);
pfree(audit_name);
}
| void sepgsql_schema_post_create | ( | Oid | namespaceId | ) |
Definition at line 38 of file schema.c.
References AccessShareLock, appendStringInfo(), BTEqualStrategyNumber, StringInfoData::data, DatabaseRelationId, elog, ERROR, GETSTRUCT, heap_close, heap_open(), HeapTupleIsValid, initStringInfo(), MyDatabaseId, NamespaceOidIndexId, NamespaceRelationId, NameStr, ObjectIdAttributeNumber, ObjectIdGetDatum, pfree(), quote_identifier(), ScanKeyInit(), SEPG_CLASS_DB_SCHEMA, SEPG_DB_SCHEMA__CREATE, sepgsql_avc_check_perms_label(), sepgsql_compute_create(), sepgsql_get_client_label(), sepgsql_get_label(), SEPGSQL_LABEL_TAG, SetSecurityLabel(), SnapshotSelf, systable_beginscan(), systable_endscan(), and systable_getnext().
Referenced by sepgsql_object_access().
{
Relation rel;
ScanKeyData skey;
SysScanDesc sscan;
HeapTuple tuple;
char *tcontext;
char *ncontext;
const char *nsp_name;
ObjectAddress object;
Form_pg_namespace nspForm;
StringInfoData audit_name;
/*
* Compute a default security label when we create a new schema object
* under the working database.
*
* XXX - uncoming version of libselinux supports to take object name to
* handle special treatment on default security label; such as special
* label on "pg_temp" schema.
*/
rel = heap_open(NamespaceRelationId, AccessShareLock);
ScanKeyInit(&skey,
ObjectIdAttributeNumber,
BTEqualStrategyNumber, F_OIDEQ,
ObjectIdGetDatum(namespaceId));
sscan = systable_beginscan(rel, NamespaceOidIndexId, true,
SnapshotSelf, 1, &skey);
tuple = systable_getnext(sscan);
if (!HeapTupleIsValid(tuple))
elog(ERROR, "catalog lookup failed for namespace %u", namespaceId);
nspForm = (Form_pg_namespace) GETSTRUCT(tuple);
nsp_name = NameStr(nspForm->nspname);
if (strncmp(nsp_name, "pg_temp_", 8) == 0)
nsp_name = "pg_temp";
else if (strncmp(nsp_name, "pg_toast_temp_", 14) == 0)
nsp_name = "pg_toast_temp";
tcontext = sepgsql_get_label(DatabaseRelationId, MyDatabaseId, 0);
ncontext = sepgsql_compute_create(sepgsql_get_client_label(),
tcontext,
SEPG_CLASS_DB_SCHEMA,
nsp_name);
/*
* check db_schema:{create}
*/
initStringInfo(&audit_name);
appendStringInfo(&audit_name, "%s", quote_identifier(nsp_name));
sepgsql_avc_check_perms_label(ncontext,
SEPG_CLASS_DB_SCHEMA,
SEPG_DB_SCHEMA__CREATE,
audit_name.data,
true);
systable_endscan(sscan);
heap_close(rel, AccessShareLock);
/*
* Assign the default security label on a new procedure
*/
object.classId = NamespaceRelationId;
object.objectId = namespaceId;
object.objectSubId = 0;
SetSecurityLabel(&object, SEPGSQL_LABEL_TAG, ncontext);
pfree(ncontext);
pfree(tcontext);
}
| void sepgsql_schema_relabel | ( | Oid | namespaceId, | |
| const char * | seclabel | |||
| ) |
Definition at line 143 of file schema.c.
References getObjectIdentity(), pfree(), SEPG_CLASS_DB_SCHEMA, SEPG_DB_SCHEMA__RELABELFROM, SEPG_DB_SCHEMA__RELABELTO, SEPG_DB_SCHEMA__SETATTR, sepgsql_avc_check_perms(), and sepgsql_avc_check_perms_label().
Referenced by sepgsql_object_relabel().
{
ObjectAddress object;
char *audit_name;
object.classId = NamespaceRelationId;
object.objectId = namespaceId;
object.objectSubId = 0;
audit_name = getObjectIdentity(&object);
/*
* check db_schema:{setattr relabelfrom} permission
*/
sepgsql_avc_check_perms(&object,
SEPG_CLASS_DB_SCHEMA,
SEPG_DB_SCHEMA__SETATTR |
SEPG_DB_SCHEMA__RELABELFROM,
audit_name,
true);
/*
* check db_schema:{relabelto} permission
*/
sepgsql_avc_check_perms_label(seclabel,
SEPG_CLASS_DB_SCHEMA,
SEPG_DB_SCHEMA__RELABELTO,
audit_name,
true);
pfree(audit_name);
}
| void sepgsql_schema_remove_name | ( | Oid | namespaceId | ) |
Definition at line 224 of file schema.c.
References check_schema_perms(), and SEPG_DB_SCHEMA__REMOVE_NAME.
Referenced by sepgsql_proc_setattr(), and sepgsql_relation_setattr().
{
check_schema_perms(namespaceId, SEPG_DB_SCHEMA__REMOVE_NAME, true);
}
| void sepgsql_schema_rename | ( | Oid | namespaceId | ) |
Definition at line 230 of file schema.c.
References check_schema_perms(), SEPG_DB_SCHEMA__ADD_NAME, and SEPG_DB_SCHEMA__REMOVE_NAME.
Referenced by sepgsql_proc_setattr(), and sepgsql_relation_setattr().
{
check_schema_perms(namespaceId,
SEPG_DB_SCHEMA__ADD_NAME |
SEPG_DB_SCHEMA__REMOVE_NAME,
true);
}
Definition at line 210 of file schema.c.
References check_schema_perms(), and SEPG_DB_SCHEMA__SEARCH.
Referenced by sepgsql_object_access().
{
return check_schema_perms(namespaceId,
SEPG_DB_SCHEMA__SEARCH,
abort_on_violation);
}
| void sepgsql_schema_setattr | ( | Oid | namespaceId | ) |
Definition at line 203 of file schema.c.
References check_schema_perms(), and SEPG_DB_SCHEMA__SETATTR.
Referenced by sepgsql_object_access().
{
check_schema_perms(namespaceId, SEPG_DB_SCHEMA__SETATTR, true);
}
| int sepgsql_set_mode | ( | int | new_mode | ) |
Definition at line 631 of file selinux.c.
References sepgsql_mode.
Referenced by _PG_init(), and sepgsql_client_auth().
{
int old_mode = sepgsql_mode;
sepgsql_mode = new_mode;
return old_mode;
}
| Datum sepgsql_setcon | ( | PG_FUNCTION_ARGS | ) |
Definition at line 567 of file label.c.
References PG_ARGISNULL, PG_GETARG_DATUM, PG_RETURN_BOOL, sepgsql_set_client_label(), and TextDatumGetCString.
{
const char *new_label;
if (PG_ARGISNULL(0))
new_label = NULL;
else
new_label = TextDatumGetCString(PG_GETARG_DATUM(0));
sepgsql_set_client_label(new_label);
PG_RETURN_BOOL(true);
}
1.7.1