PostgreSQL Source Code: contrib/sepgsql/hooks.c Source File (original) (raw)

1

2

3

4

5

6

7

8

9

10

12

27

29 .name = "sepgsql",

30 .version = PG_VERSION

31);

32

33

34

35

36

37

38

39

43

44

45

46

47typedef struct

48{

50

51

52

53

54

57

59

60

61

62

64

65bool

67{

69}

70

71

72

73

75

76bool

78{

80}

81

82

83

84

85

86

87

88static void

90 Oid classId,

91 Oid objectId,

92 int subId,

93 void *arg)

94{

96 (*next_object_access_hook) (access, classId, objectId, subId, arg);

97

99 {

101 {

103 bool is_internal;

104

105 is_internal = pc_arg ? pc_arg->is_internal : false;

106

107 switch (classId)

108 {

109 case DatabaseRelationId:

110 Assert(!is_internal);

113 break;

114

115 case NamespaceRelationId:

116 Assert(!is_internal);

118 break;

119

120 case RelationRelationId:

121 if (subId == 0)

122 {

123

124

125

126

127

128

129

130

131

132 if (is_internal)

133 break;

134

136 }

137 else

139 break;

140

141 case ProcedureRelationId:

142 Assert(!is_internal);

144 break;

145

146 default:

147

148 break;

149 }

150 }

151 break;

152

154 {

156

157

158

159

160

161

163 break;

164

165 switch (classId)

166 {

167 case DatabaseRelationId:

169 break;

170

171 case NamespaceRelationId:

173 break;

174

175 case RelationRelationId:

176 if (subId == 0)

178 else

180 break;

181

182 case ProcedureRelationId:

184 break;

185

186 default:

187

188 break;

189 }

190 }

191 break;

192

194 {

195 switch (classId)

196 {

197 case RelationRelationId:

199 break;

200 default:

201

202 break;

203 }

204 }

205 break;

206

208 {

211

212 switch (classId)

213 {

214 case DatabaseRelationId:

215 Assert(!is_internal);

217 break;

218

219 case NamespaceRelationId:

220 Assert(!is_internal);

222 break;

223

224 case RelationRelationId:

225 if (subId == 0)

226 {

227

228

229

230

231

232

233

234 if (is_internal)

235 break;

236

238 }

239 else

241 break;

242

243 case ProcedureRelationId:

244 Assert(!is_internal);

246 break;

247

248 default:

249

250 break;

251 }

252 }

253 break;

254

256 {

258

259

260

261

262

264 break;

265

266 Assert(classId == NamespaceRelationId);

271 }

272 break;

273

275 {

276 Assert(classId == ProcedureRelationId);

278 }

279 break;

280

281 default:

282 elog(ERROR, "unexpected object access type: %d", (int) access);

283 break;

284 }

285}

286

287

288

289

290

291

292static bool

294{

295

296

297

298

301 return false;

302

304 return false;

305

306 return true;

307}

308

309

310

311

312

313

314

315static void

317 const char *queryString,

318 bool readOnlyTree,

324{

328

330 {

331

332

333

334

335

337

338 switch (nodeTag(parsetree))

339 {

340 case T_CreatedbStmt:

341

342

343

344

345

347 {

349

350 if (strcmp(defel->defname, "template") == 0)

351 {

354 break;

355 }

356 }

357 break;

358

359 case T_LoadStmt:

360

361

362

363

364

366 {

368 (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),

369 errmsg("SELinux: LOAD is not permitted")));

370 }

371 break;

372 default:

373

374

375

376

377

378

379

380 break;

381 }

382

384 (*next_ProcessUtility_hook) (pstmt, queryString, readOnlyTree,

385 context, params, queryEnv,

387 else

389 context, params, queryEnv,

391 }

393 {

395 }

397}

398

399

400

401

402void

404{

405

406

407

408

411 (errcode(ERRCODE_OBJECT_NOT_IN_PREREQUISITE_STATE),

412 errmsg("sepgsql must be loaded via \"shared_preload_libraries\"")));

413

414

415

416

417

418

419 if (is_selinux_enabled() < 1)

420 {

422 return;

423 }

424

425

426

427

428

429

430

432 "Turn on/off permissive mode in SE-PostgreSQL",

433 NULL,

435 false,

438 NULL,

439 NULL,

440 NULL);

441

442

443

444

445

446

447

448

450 "Turn on/off debug audit messages",

451 NULL,

453 false,

456 NULL,

457 NULL,

458 NULL);

459

461

462

464

465

467

468

471

472

475

476

479

480

483

484

486}

void sepgsql_proc_post_create(Oid functionId)

void sepgsql_proc_setattr(Oid functionId)

void sepgsql_proc_drop(Oid functionId)

void sepgsql_proc_execute(Oid functionId)

void sepgsql_attribute_setattr(Oid relOid, AttrNumber attnum)

void sepgsql_attribute_post_create(Oid relOid, AttrNumber attnum)

void sepgsql_relation_post_create(Oid relOid)

void sepgsql_relation_truncate(Oid relOid)

void sepgsql_relation_setattr(Oid relOid)

void sepgsql_relation_drop(Oid relOid)

void sepgsql_attribute_drop(Oid relOid, AttrNumber attnum)

void sepgsql_database_post_create(Oid databaseId, const char *dtemplate)

void sepgsql_database_drop(Oid databaseId)

void sepgsql_database_setattr(Oid databaseId)

#define PERFORM_DELETION_INTERNAL

bool sepgsql_dml_privileges(List *rangeTbls, List *rteperminfos, bool abort_on_violation)

int errcode(int sqlerrcode)

int errmsg(const char *fmt,...)

#define ereport(elevel,...)

ExecutorCheckPerms_hook_type ExecutorCheckPerms_hook

bool(* ExecutorCheckPerms_hook_type)(List *rangeTable, List *rtePermInfos, bool ereport_on_violation)

void DefineCustomBoolVariable(const char *name, const char *short_desc, const char *long_desc, bool *valueAddr, bool bootValue, GucContext context, int flags, GucBoolCheckHook check_hook, GucBoolAssignHook assign_hook, GucShowHook show_hook)

void MarkGUCPrefixReserved(const char *className)

#define GUC_NOT_IN_SAMPLE

Assert(PointerIsAligned(start, uint64))

static sepgsql_context_info_t sepgsql_context_info

bool sepgsql_get_permissive(void)

static ExecutorCheckPerms_hook_type next_exec_check_perms_hook

PG_MODULE_MAGIC_EXT(.name="sepgsql",.version=PG_VERSION)

static ProcessUtility_hook_type next_ProcessUtility_hook

static void sepgsql_object_access(ObjectAccessType access, Oid classId, Oid objectId, int subId, void *arg)

static bool sepgsql_debug_audit

bool sepgsql_get_debug_audit(void)

static bool sepgsql_permissive

static bool sepgsql_exec_check_perms(List *rangeTbls, List *rteperminfos, bool abort)

static object_access_hook_type next_object_access_hook

static void sepgsql_utility_command(PlannedStmt *pstmt, const char *queryString, bool readOnlyTree, ProcessUtilityContext context, ParamListInfo params, QueryEnvironment *queryEnv, DestReceiver *dest, QueryCompletion *qc)

void sepgsql_init_client_label(void)

void sepgsql_object_relabel(const ObjectAddress *object, const char *seclabel)

object_access_hook_type object_access_hook

void(* object_access_hook_type)(ObjectAccessType access, Oid classId, Oid objectId, int subId, void *arg)

void sepgsql_schema_post_create(Oid namespaceId)

void sepgsql_schema_setattr(Oid namespaceId)

bool sepgsql_schema_search(Oid namespaceId, bool abort_on_violation)

void sepgsql_schema_drop(Oid namespaceId)

void register_label_provider(const char *provider_name, check_object_relabel_type hook)

int sepgsql_set_mode(int new_mode)

bool sepgsql_getenforce(void)

#define SEPGSQL_LABEL_TAG

#define SEPGSQL_MODE_DISABLED

void sepgsql_avc_init(void)

bool ereport_on_violation

const char * createdb_dtemplate

void standard_ProcessUtility(PlannedStmt *pstmt, const char *queryString, bool readOnlyTree, ProcessUtilityContext context, ParamListInfo params, QueryEnvironment *queryEnv, DestReceiver *dest, QueryCompletion *qc)

ProcessUtility_hook_type ProcessUtility_hook

void(* ProcessUtility_hook_type)(PlannedStmt *pstmt, const char *queryString, bool readOnlyTree, ProcessUtilityContext context, ParamListInfo params, QueryEnvironment *queryEnv, DestReceiver *dest, QueryCompletion *qc)