1 /* -------------------------------------------------------------------------
3 * contrib/sepgsql/database.c
5 * Routines corresponding to database objects
7 * Copyright (c) 2010-2018, PostgreSQL Global Development Group
9 * -------------------------------------------------------------------------
13 #include "access/genam.h"
14 #include "access/heapam.h"
15 #include "access/htup_details.h"
16 #include "access/sysattr.h"
17 #include "catalog/dependency.h"
18 #include "catalog/pg_database.h"
19 #include "catalog/indexing.h"
20 #include "commands/dbcommands.h"
21 #include "commands/seclabel.h"
22 #include "utils/builtins.h"
23 #include "utils/fmgroids.h"
24 #include "utils/tqual.h"
28 * sepgsql_database_post_create
30 * This routine assigns a default security label on a newly defined
31 * database, and check permission needed for its creation.
34 sepgsql_database_post_create(Oid databaseId, const char *dtemplate)
43 Form_pg_database datForm;
44 StringInfoData audit_name;
47 * Oid of the source database is not saved in pg_database catalog, so we
48 * collect its identifier using contextual information. If NULL, its
49 * default is "template1" according to createdb().
52 dtemplate = "template1";
54 object.classId = DatabaseRelationId;
55 object.objectId = get_database_oid(dtemplate, false);
56 object.objectSubId = 0;
58 tcontext = sepgsql_get_label(object.classId,
63 * check db_database:{getattr} permission
65 initStringInfo(&audit_name);
66 appendStringInfo(&audit_name, "%s", quote_identifier(dtemplate));
67 sepgsql_avc_check_perms_label(tcontext,
68 SEPG_CLASS_DB_DATABASE,
69 SEPG_DB_DATABASE__GETATTR,
74 * Compute a default security label of the newly created database based on
75 * a pair of security label of client and source database.
77 * XXX - uncoming version of libselinux supports to take object name to
78 * handle special treatment on default security label.
80 rel = heap_open(DatabaseRelationId, AccessShareLock);
83 ObjectIdAttributeNumber,
84 BTEqualStrategyNumber, F_OIDEQ,
85 ObjectIdGetDatum(databaseId));
87 sscan = systable_beginscan(rel, DatabaseOidIndexId, true,
88 SnapshotSelf, 1, &skey);
89 tuple = systable_getnext(sscan);
90 if (!HeapTupleIsValid(tuple))
91 elog(ERROR, "could not find tuple for database %u", databaseId);
93 datForm = (Form_pg_database) GETSTRUCT(tuple);
95 ncontext = sepgsql_compute_create(sepgsql_get_client_label(),
97 SEPG_CLASS_DB_DATABASE,
98 NameStr(datForm->datname));
101 * check db_database:{create} permission
103 resetStringInfo(&audit_name);
104 appendStringInfo(&audit_name, "%s",
105 quote_identifier(NameStr(datForm->datname)));
106 sepgsql_avc_check_perms_label(ncontext,
107 SEPG_CLASS_DB_DATABASE,
108 SEPG_DB_DATABASE__CREATE,
112 systable_endscan(sscan);
113 heap_close(rel, AccessShareLock);
116 * Assign the default security label on the new database
118 object.classId = DatabaseRelationId;
119 object.objectId = databaseId;
120 object.objectSubId = 0;
122 SetSecurityLabel(&object, SEPGSQL_LABEL_TAG, ncontext);
129 * sepgsql_database_drop
131 * It checks privileges to drop the supplied database
134 sepgsql_database_drop(Oid databaseId)
136 ObjectAddress object;
140 * check db_database:{drop} permission
142 object.classId = DatabaseRelationId;
143 object.objectId = databaseId;
144 object.objectSubId = 0;
145 audit_name = getObjectIdentity(&object);
147 sepgsql_avc_check_perms(&object,
148 SEPG_CLASS_DB_DATABASE,
149 SEPG_DB_DATABASE__DROP,
156 * sepgsql_database_post_alter
158 * It checks privileges to alter the supplied database
161 sepgsql_database_setattr(Oid databaseId)
163 ObjectAddress object;
167 * check db_database:{setattr} permission
169 object.classId = DatabaseRelationId;
170 object.objectId = databaseId;
171 object.objectSubId = 0;
172 audit_name = getObjectIdentity(&object);
174 sepgsql_avc_check_perms(&object,
175 SEPG_CLASS_DB_DATABASE,
176 SEPG_DB_DATABASE__SETATTR,
183 * sepgsql_database_relabel
185 * It checks privileges to relabel the supplied database with the `seclabel'
188 sepgsql_database_relabel(Oid databaseId, const char *seclabel)
190 ObjectAddress object;
193 object.classId = DatabaseRelationId;
194 object.objectId = databaseId;
195 object.objectSubId = 0;
196 audit_name = getObjectIdentity(&object);
199 * check db_database:{setattr relabelfrom} permission
201 sepgsql_avc_check_perms(&object,
202 SEPG_CLASS_DB_DATABASE,
203 SEPG_DB_DATABASE__SETATTR |
204 SEPG_DB_DATABASE__RELABELFROM,
209 * check db_database:{relabelto} permission
211 sepgsql_avc_check_perms_label(seclabel,
212 SEPG_CLASS_DB_DATABASE,
213 SEPG_DB_DATABASE__RELABELTO,