]> granicus.if.org Git - postgresql/commitdiff
sepgsql cleanups.
authorRobert Haas <rhaas@postgresql.org>
Wed, 5 Sep 2012 18:01:15 +0000 (14:01 -0400)
committerRobert Haas <rhaas@postgresql.org>
Wed, 5 Sep 2012 18:01:59 +0000 (14:01 -0400)
This is needed to match recent changes elsewhere.  Along the way, some
renaming for clarity.

KaiGai Kohei

contrib/sepgsql/database.c
contrib/sepgsql/dml.c
contrib/sepgsql/hooks.c
contrib/sepgsql/label.c
contrib/sepgsql/proc.c
contrib/sepgsql/relation.c
contrib/sepgsql/schema.c
contrib/sepgsql/selinux.c
contrib/sepgsql/sepgsql.h
contrib/sepgsql/uavc.c

index 5a4246752a3d358a0483f5f1f1f5615bad221ce7..c15f2d0e0cf917279e592bced73af6275109863f 100644 (file)
@@ -12,6 +12,7 @@
 
 #include "access/genam.h"
 #include "access/heapam.h"
+#include "access/htup_details.h"
 #include "access/sysattr.h"
 #include "catalog/dependency.h"
 #include "catalog/pg_database.h"
index 47a108741746f99f9a542051f13f68812a43e585..49502f50e7e17da92d6080569f3864edee0fa8c4 100644 (file)
@@ -10,6 +10,7 @@
  */
 #include "postgres.h"
 
+#include "access/htup_details.h"
 #include "access/sysattr.h"
 #include "access/tupdesc.h"
 #include "catalog/catalog.h"
@@ -148,7 +149,7 @@ check_relation_privileges(Oid relOid,
                                                  Bitmapset *selected,
                                                  Bitmapset *modified,
                                                  uint32 required,
-                                                 bool abort)
+                                                 bool abort_on_violation)
 {
        ObjectAddress object;
        char       *audit_name;
@@ -194,7 +195,7 @@ check_relation_privileges(Oid relOid,
                                                                                         SEPG_CLASS_DB_TABLE,
                                                                                         required,
                                                                                         audit_name,
-                                                                                        abort);
+                                                                                        abort_on_violation);
                        break;
 
                case RELKIND_SEQUENCE:
@@ -205,7 +206,7 @@ check_relation_privileges(Oid relOid,
                                                                                                 SEPG_CLASS_DB_SEQUENCE,
                                                                                                 SEPG_DB_SEQUENCE__GET_VALUE,
                                                                                                 audit_name,
-                                                                                                abort);
+                                                                                                abort_on_violation);
                        break;
 
                case RELKIND_VIEW:
@@ -213,7 +214,7 @@ check_relation_privileges(Oid relOid,
                                                                                         SEPG_CLASS_DB_VIEW,
                                                                                         SEPG_DB_VIEW__EXPAND,
                                                                                         audit_name,
-                                                                                        abort);
+                                                                                        abort_on_violation);
                        break;
 
                default:
@@ -264,7 +265,7 @@ check_relation_privileges(Oid relOid,
                                                                                 SEPG_CLASS_DB_COLUMN,
                                                                                 column_perms,
                                                                                 audit_name,
-                                                                                abort);
+                                                                                abort_on_violation);
                pfree(audit_name);
 
                if (!result)
@@ -279,7 +280,7 @@ check_relation_privileges(Oid relOid,
  * Entrypoint of the DML permission checks
  */
 bool
-sepgsql_dml_privileges(List *rangeTabls, bool abort)
+sepgsql_dml_privileges(List *rangeTabls, bool abort_on_violation)
 {
        ListCell   *lr;
 
@@ -351,7 +352,7 @@ sepgsql_dml_privileges(List *rangeTabls, bool abort)
                        if (!check_relation_privileges(tableOid,
                                                                                   selectedCols,
                                                                                   modifiedCols,
-                                                                                  required, abort))
+                                                                                  required, abort_on_violation))
                                return false;
                }
                list_free(tableIds);
index 914519109c84bb1053bb3eef9fde06d92a79904d..f3cf1c5f88c5551230f66a15fa1d14963ee6d81b 100644 (file)
@@ -265,9 +265,9 @@ static void
 sepgsql_utility_command(Node *parsetree,
                                                const char *queryString,
                                                ParamListInfo params,
-                                               bool isTopLevel,
                                                DestReceiver *dest,
-                                               char *completionTag)
+                                               char *completionTag,
+                                               ProcessUtilityContext context)
 {
        sepgsql_context_info_t saved_context_info = sepgsql_context_info;
        ListCell   *cell;
@@ -328,10 +328,10 @@ sepgsql_utility_command(Node *parsetree,
 
                if (next_ProcessUtility_hook)
                        (*next_ProcessUtility_hook) (parsetree, queryString, params,
-                                                                                isTopLevel, dest, completionTag);
+                                                                                dest, completionTag, context);
                else
                        standard_ProcessUtility(parsetree, queryString, params,
-                                                                       isTopLevel, dest, completionTag);
+                                                                       dest, completionTag, context);
        }
        PG_CATCH();
        {
index 23577b5844db3d37e3a6aaddbaf39cd6b980b140..3ebf2733265d2f8e6269deaa92e0775b8b7c26fd 100644 (file)
@@ -11,6 +11,7 @@
 #include "postgres.h"
 
 #include "access/heapam.h"
+#include "access/htup_details.h"
 #include "access/genam.h"
 #include "access/xact.h"
 #include "catalog/catalog.h"
index b68314d87851de0dea8cab5f501e9c33e9dcdbb1..fbd358a8c1d7df8e5818d324d7ac220e8ff487f0 100644 (file)
 
 #include "access/genam.h"
 #include "access/heapam.h"
+#include "access/htup_details.h"
 #include "access/sysattr.h"
 #include "catalog/dependency.h"
 #include "catalog/indexing.h"
 #include "catalog/pg_namespace.h"
 #include "catalog/pg_proc.h"
 #include "commands/seclabel.h"
+#include "lib/stringinfo.h"
 #include "utils/builtins.h"
 #include "utils/fmgroids.h"
 #include "utils/lsyscache.h"
index e759a7d98ee686ded63385ce4475a127817bd44a..4ab7fc8be94e039dfc60445a7de5dbab9fdfe626 100644 (file)
@@ -12,6 +12,7 @@
 
 #include "access/genam.h"
 #include "access/heapam.h"
+#include "access/htup_details.h"
 #include "access/sysattr.h"
 #include "catalog/indexing.h"
 #include "catalog/dependency.h"
@@ -20,6 +21,7 @@
 #include "catalog/pg_namespace.h"
 #include "commands/seclabel.h"
 #include "utils/fmgroids.h"
+#include "utils/catcache.h"
 #include "utils/lsyscache.h"
 #include "utils/syscache.h"
 #include "utils/tqual.h"
index 230449dc4b3558d9c1d67cd2111afa0e846e7496..e063e394da091de4e40610d41af3d6b869cb454e 100644 (file)
@@ -12,6 +12,7 @@
 
 #include "access/genam.h"
 #include "access/heapam.h"
+#include "access/htup_details.h"
 #include "access/sysattr.h"
 #include "catalog/dependency.h"
 #include "catalog/indexing.h"
index baf92b6f6db3b623135a192171c2d30d92d77d88..7df98175ddf2a2473a54f0d85f1aa592c9a011eb 100644 (file)
@@ -893,7 +893,7 @@ sepgsql_compute_create(const char *scontext,
  * tclass: class code (SEPG_CLASS_*) of the object being referenced
  * required: a mask of required permissions (SEPG_<class>__<perm>)
  * audit_name: a human readable object name for audit logs, or NULL.
- * abort: true, if caller wants to raise an error on access violation
+ * abort_on_violation: true, if error shall be raised on access violation
  */
 bool
 sepgsql_check_perms(const char *scontext,
@@ -901,7 +901,7 @@ sepgsql_check_perms(const char *scontext,
                                        uint16 tclass,
                                        uint32 required,
                                        const char *audit_name,
-                                       bool abort)
+                                       bool abort_on_violation)
 {
        struct av_decision avd;
        uint32          denied;
@@ -937,7 +937,7 @@ sepgsql_check_perms(const char *scontext,
                                                  audit_name);
        }
 
-       if (!result && abort)
+       if (!result && abort_on_violation)
                ereport(ERROR,
                                (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
                                 errmsg("SELinux: security policy violation")));
index 479b136909bca0b49c8a8e67dbc4ae87867e56be..9c89eaa8938ce7f3d341a86e607a0d609ef09bfe 100644 (file)
@@ -247,7 +247,7 @@ extern bool sepgsql_check_perms(const char *scontext,
                                        uint16 tclass,
                                        uint32 required,
                                        const char *audit_name,
-                                       bool abort);
+                                       bool abort_on_violation);
 
 /*
  * uavc.c
@@ -257,12 +257,12 @@ extern bool sepgsql_avc_check_perms_label(const char *tcontext,
                                                          uint16 tclass,
                                                          uint32 required,
                                                          const char *audit_name,
-                                                         bool abort);
+                                                         bool abort_on_violation);
 extern bool sepgsql_avc_check_perms(const ObjectAddress *tobject,
                                                uint16 tclass,
                                                uint32 required,
                                                const char *audit_name,
-                                               bool abort);
+                                               bool abort_on_violation);
 extern char *sepgsql_avc_trusted_proc(Oid functionId);
 extern void sepgsql_avc_init(void);
 
@@ -285,7 +285,7 @@ extern Datum sepgsql_restorecon(PG_FUNCTION_ARGS);
 /*
  * dml.c
  */
-extern bool sepgsql_dml_privileges(List *rangeTabls, bool abort);
+extern bool sepgsql_dml_privileges(List *rangeTabls, bool abort_on_violation);
 
 /*
  * database.c
index 9641a17d79e84aec4fe8c521516e3d2d7662a595..04ec30560690c16bce9d0b56237038f857db5c1d 100644 (file)
@@ -335,7 +335,7 @@ sepgsql_avc_lookup(const char *scontext, const char *tcontext, uint16 tclass)
  *
  * It returns 'true', if the security policy suggested to allow the required
  * permissions. Otherwise, it returns 'false' or raises an error according
- * to the 'abort' argument.
+ * to the 'abort_on_violation' argument.
  * The 'tobject' and 'tclass' identify the target object being referenced,
  * and 'required' is a bitmask of permissions (SEPG_*__*) defined for each
  * object classes.
@@ -345,7 +345,8 @@ sepgsql_avc_lookup(const char *scontext, const char *tcontext, uint16 tclass)
 bool
 sepgsql_avc_check_perms_label(const char *tcontext,
                                                          uint16 tclass, uint32 required,
-                                                         const char *audit_name, bool abort)
+                                                         const char *audit_name,
+                                                         bool abort_on_violation)
 {
        char       *scontext = sepgsql_get_client_label();
        avc_cache  *cache;
@@ -415,7 +416,7 @@ sepgsql_avc_check_perms_label(const char *tcontext,
                                                  audit_name);
        }
 
-       if (abort && !result)
+       if (abort_on_violation && !result)
                ereport(ERROR,
                                (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
                                 errmsg("SELinux: security policy violation")));
@@ -426,14 +427,15 @@ sepgsql_avc_check_perms_label(const char *tcontext,
 bool
 sepgsql_avc_check_perms(const ObjectAddress *tobject,
                                                uint16 tclass, uint32 required,
-                                               const char *audit_name, bool abort)
+                                               const char *audit_name,
+                                               bool abort_on_violation)
 {
        char       *tcontext = GetSecurityLabel(tobject, SEPGSQL_LABEL_TAG);
        bool            rc;
 
        rc = sepgsql_avc_check_perms_label(tcontext,
                                                                           tclass, required,
-                                                                          audit_name, abort);
+                                                                          audit_name, abort_on_violation);
        if (tcontext)
                pfree(tcontext);