#include "access/genam.h"
#include "access/heapam.h"
+#include "access/htup_details.h"
#include "access/sysattr.h"
#include "catalog/dependency.h"
#include "catalog/pg_database.h"
*/
#include "postgres.h"
+#include "access/htup_details.h"
#include "access/sysattr.h"
#include "access/tupdesc.h"
#include "catalog/catalog.h"
Bitmapset *selected,
Bitmapset *modified,
uint32 required,
- bool abort)
+ bool abort_on_violation)
{
ObjectAddress object;
char *audit_name;
SEPG_CLASS_DB_TABLE,
required,
audit_name,
- abort);
+ abort_on_violation);
break;
case RELKIND_SEQUENCE:
SEPG_CLASS_DB_SEQUENCE,
SEPG_DB_SEQUENCE__GET_VALUE,
audit_name,
- abort);
+ abort_on_violation);
break;
case RELKIND_VIEW:
SEPG_CLASS_DB_VIEW,
SEPG_DB_VIEW__EXPAND,
audit_name,
- abort);
+ abort_on_violation);
break;
default:
SEPG_CLASS_DB_COLUMN,
column_perms,
audit_name,
- abort);
+ abort_on_violation);
pfree(audit_name);
if (!result)
* Entrypoint of the DML permission checks
*/
bool
-sepgsql_dml_privileges(List *rangeTabls, bool abort)
+sepgsql_dml_privileges(List *rangeTabls, bool abort_on_violation)
{
ListCell *lr;
if (!check_relation_privileges(tableOid,
selectedCols,
modifiedCols,
- required, abort))
+ required, abort_on_violation))
return false;
}
list_free(tableIds);
sepgsql_utility_command(Node *parsetree,
const char *queryString,
ParamListInfo params,
- bool isTopLevel,
DestReceiver *dest,
- char *completionTag)
+ char *completionTag,
+ ProcessUtilityContext context)
{
sepgsql_context_info_t saved_context_info = sepgsql_context_info;
ListCell *cell;
if (next_ProcessUtility_hook)
(*next_ProcessUtility_hook) (parsetree, queryString, params,
- isTopLevel, dest, completionTag);
+ dest, completionTag, context);
else
standard_ProcessUtility(parsetree, queryString, params,
- isTopLevel, dest, completionTag);
+ dest, completionTag, context);
}
PG_CATCH();
{
#include "postgres.h"
#include "access/heapam.h"
+#include "access/htup_details.h"
#include "access/genam.h"
#include "access/xact.h"
#include "catalog/catalog.h"
#include "access/genam.h"
#include "access/heapam.h"
+#include "access/htup_details.h"
#include "access/sysattr.h"
#include "catalog/dependency.h"
#include "catalog/indexing.h"
#include "catalog/pg_namespace.h"
#include "catalog/pg_proc.h"
#include "commands/seclabel.h"
+#include "lib/stringinfo.h"
#include "utils/builtins.h"
#include "utils/fmgroids.h"
#include "utils/lsyscache.h"
#include "access/genam.h"
#include "access/heapam.h"
+#include "access/htup_details.h"
#include "access/sysattr.h"
#include "catalog/indexing.h"
#include "catalog/dependency.h"
#include "catalog/pg_namespace.h"
#include "commands/seclabel.h"
#include "utils/fmgroids.h"
+#include "utils/catcache.h"
#include "utils/lsyscache.h"
#include "utils/syscache.h"
#include "utils/tqual.h"
#include "access/genam.h"
#include "access/heapam.h"
+#include "access/htup_details.h"
#include "access/sysattr.h"
#include "catalog/dependency.h"
#include "catalog/indexing.h"
* tclass: class code (SEPG_CLASS_*) of the object being referenced
* required: a mask of required permissions (SEPG_<class>__<perm>)
* audit_name: a human readable object name for audit logs, or NULL.
- * abort: true, if caller wants to raise an error on access violation
+ * abort_on_violation: true, if error shall be raised on access violation
*/
bool
sepgsql_check_perms(const char *scontext,
uint16 tclass,
uint32 required,
const char *audit_name,
- bool abort)
+ bool abort_on_violation)
{
struct av_decision avd;
uint32 denied;
audit_name);
}
- if (!result && abort)
+ if (!result && abort_on_violation)
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
errmsg("SELinux: security policy violation")));
uint16 tclass,
uint32 required,
const char *audit_name,
- bool abort);
+ bool abort_on_violation);
/*
* uavc.c
uint16 tclass,
uint32 required,
const char *audit_name,
- bool abort);
+ bool abort_on_violation);
extern bool sepgsql_avc_check_perms(const ObjectAddress *tobject,
uint16 tclass,
uint32 required,
const char *audit_name,
- bool abort);
+ bool abort_on_violation);
extern char *sepgsql_avc_trusted_proc(Oid functionId);
extern void sepgsql_avc_init(void);
/*
* dml.c
*/
-extern bool sepgsql_dml_privileges(List *rangeTabls, bool abort);
+extern bool sepgsql_dml_privileges(List *rangeTabls, bool abort_on_violation);
/*
* database.c
*
* It returns 'true', if the security policy suggested to allow the required
* permissions. Otherwise, it returns 'false' or raises an error according
- * to the 'abort' argument.
+ * to the 'abort_on_violation' argument.
* The 'tobject' and 'tclass' identify the target object being referenced,
* and 'required' is a bitmask of permissions (SEPG_*__*) defined for each
* object classes.
bool
sepgsql_avc_check_perms_label(const char *tcontext,
uint16 tclass, uint32 required,
- const char *audit_name, bool abort)
+ const char *audit_name,
+ bool abort_on_violation)
{
char *scontext = sepgsql_get_client_label();
avc_cache *cache;
audit_name);
}
- if (abort && !result)
+ if (abort_on_violation && !result)
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
errmsg("SELinux: security policy violation")));
bool
sepgsql_avc_check_perms(const ObjectAddress *tobject,
uint16 tclass, uint32 required,
- const char *audit_name, bool abort)
+ const char *audit_name,
+ bool abort_on_violation)
{
char *tcontext = GetSecurityLabel(tobject, SEPGSQL_LABEL_TAG);
bool rc;
rc = sepgsql_avc_check_perms_label(tcontext,
tclass, required,
- audit_name, abort);
+ audit_name, abort_on_violation);
if (tcontext)
pfree(tcontext);