From aa2b237ce51ef12c213ac55d4d3aba509cb3133e Mon Sep 17 00:00:00 2001
From: Robert Haas <rhaas@postgresql.org>
Date: Wed, 5 Sep 2012 14:01:15 -0400
Subject: [PATCH] sepgsql cleanups.
This is needed to match recent changes elsewhere. Along the way, some
renaming for clarity.
KaiGai Kohei
---
contrib/sepgsql/database.c | 1 +
contrib/sepgsql/dml.c | 15 ++++++++-------
contrib/sepgsql/hooks.c | 8 ++++----
contrib/sepgsql/label.c | 1 +
contrib/sepgsql/proc.c | 2 ++
contrib/sepgsql/relation.c | 2 ++
contrib/sepgsql/schema.c | 1 +
contrib/sepgsql/selinux.c | 6 +++---
contrib/sepgsql/sepgsql.h | 8 ++++----
contrib/sepgsql/uavc.c | 12 +++++++-----
10 files changed, 33 insertions(+), 23 deletions(-)
diff --git a/contrib/sepgsql/database.c b/contrib/sepgsql/database.c
index 5a4246752a3..c15f2d0e0cf 100644
--- a/contrib/sepgsql/database.c
+++ b/contrib/sepgsql/database.c
@@ -12,6 +12,7 @@
#include "access/genam.h"
#include "access/heapam.h"
+#include "access/htup_details.h"
#include "access/sysattr.h"
#include "catalog/dependency.h"
#include "catalog/pg_database.h"
diff --git a/contrib/sepgsql/dml.c b/contrib/sepgsql/dml.c
index 47a10874174..49502f50e7e 100644
--- a/contrib/sepgsql/dml.c
+++ b/contrib/sepgsql/dml.c
@@ -10,6 +10,7 @@
*/
#include "postgres.h"
+#include "access/htup_details.h"
#include "access/sysattr.h"
#include "access/tupdesc.h"
#include "catalog/catalog.h"
@@ -148,7 +149,7 @@ check_relation_privileges(Oid relOid,
Bitmapset *selected,
Bitmapset *modified,
uint32 required,
- bool abort)
+ bool abort_on_violation)
{
ObjectAddress object;
char *audit_name;
@@ -194,7 +195,7 @@ check_relation_privileges(Oid relOid,
SEPG_CLASS_DB_TABLE,
required,
audit_name,
- abort);
+ abort_on_violation);
break;
case RELKIND_SEQUENCE:
@@ -205,7 +206,7 @@ check_relation_privileges(Oid relOid,
SEPG_CLASS_DB_SEQUENCE,
SEPG_DB_SEQUENCE__GET_VALUE,
audit_name,
- abort);
+ abort_on_violation);
break;
case RELKIND_VIEW:
@@ -213,7 +214,7 @@ check_relation_privileges(Oid relOid,
SEPG_CLASS_DB_VIEW,
SEPG_DB_VIEW__EXPAND,
audit_name,
- abort);
+ abort_on_violation);
break;
default:
@@ -264,7 +265,7 @@ check_relation_privileges(Oid relOid,
SEPG_CLASS_DB_COLUMN,
column_perms,
audit_name,
- abort);
+ abort_on_violation);
pfree(audit_name);
if (!result)
@@ -279,7 +280,7 @@ check_relation_privileges(Oid relOid,
* Entrypoint of the DML permission checks
*/
bool
-sepgsql_dml_privileges(List *rangeTabls, bool abort)
+sepgsql_dml_privileges(List *rangeTabls, bool abort_on_violation)
{
ListCell *lr;
@@ -351,7 +352,7 @@ sepgsql_dml_privileges(List *rangeTabls, bool abort)
if (!check_relation_privileges(tableOid,
selectedCols,
modifiedCols,
- required, abort))
+ required, abort_on_violation))
return false;
}
list_free(tableIds);
diff --git a/contrib/sepgsql/hooks.c b/contrib/sepgsql/hooks.c
index 914519109c8..f3cf1c5f88c 100644
--- a/contrib/sepgsql/hooks.c
+++ b/contrib/sepgsql/hooks.c
@@ -265,9 +265,9 @@ static void
sepgsql_utility_command(Node *parsetree,
const char *queryString,
ParamListInfo params,
- bool isTopLevel,
DestReceiver *dest,
- char *completionTag)
+ char *completionTag,
+ ProcessUtilityContext context)
{
sepgsql_context_info_t saved_context_info = sepgsql_context_info;
ListCell *cell;
@@ -328,10 +328,10 @@ sepgsql_utility_command(Node *parsetree,
if (next_ProcessUtility_hook)
(*next_ProcessUtility_hook) (parsetree, queryString, params,
- isTopLevel, dest, completionTag);
+ dest, completionTag, context);
else
standard_ProcessUtility(parsetree, queryString, params,
- isTopLevel, dest, completionTag);
+ dest, completionTag, context);
}
PG_CATCH();
{
diff --git a/contrib/sepgsql/label.c b/contrib/sepgsql/label.c
index 23577b5844d..3ebf2733265 100644
--- a/contrib/sepgsql/label.c
+++ b/contrib/sepgsql/label.c
@@ -11,6 +11,7 @@
#include "postgres.h"
#include "access/heapam.h"
+#include "access/htup_details.h"
#include "access/genam.h"
#include "access/xact.h"
#include "catalog/catalog.h"
diff --git a/contrib/sepgsql/proc.c b/contrib/sepgsql/proc.c
index b68314d8785..fbd358a8c1d 100644
--- a/contrib/sepgsql/proc.c
+++ b/contrib/sepgsql/proc.c
@@ -12,12 +12,14 @@
#include "access/genam.h"
#include "access/heapam.h"
+#include "access/htup_details.h"
#include "access/sysattr.h"
#include "catalog/dependency.h"
#include "catalog/indexing.h"
#include "catalog/pg_namespace.h"
#include "catalog/pg_proc.h"
#include "commands/seclabel.h"
+#include "lib/stringinfo.h"
#include "utils/builtins.h"
#include "utils/fmgroids.h"
#include "utils/lsyscache.h"
diff --git a/contrib/sepgsql/relation.c b/contrib/sepgsql/relation.c
index e759a7d98ee..4ab7fc8be94 100644
--- a/contrib/sepgsql/relation.c
+++ b/contrib/sepgsql/relation.c
@@ -12,6 +12,7 @@
#include "access/genam.h"
#include "access/heapam.h"
+#include "access/htup_details.h"
#include "access/sysattr.h"
#include "catalog/indexing.h"
#include "catalog/dependency.h"
@@ -20,6 +21,7 @@
#include "catalog/pg_namespace.h"
#include "commands/seclabel.h"
#include "utils/fmgroids.h"
+#include "utils/catcache.h"
#include "utils/lsyscache.h"
#include "utils/syscache.h"
#include "utils/tqual.h"
diff --git a/contrib/sepgsql/schema.c b/contrib/sepgsql/schema.c
index 230449dc4b3..e063e394da0 100644
--- a/contrib/sepgsql/schema.c
+++ b/contrib/sepgsql/schema.c
@@ -12,6 +12,7 @@
#include "access/genam.h"
#include "access/heapam.h"
+#include "access/htup_details.h"
#include "access/sysattr.h"
#include "catalog/dependency.h"
#include "catalog/indexing.h"
diff --git a/contrib/sepgsql/selinux.c b/contrib/sepgsql/selinux.c
index baf92b6f6db..7df98175ddf 100644
--- a/contrib/sepgsql/selinux.c
+++ b/contrib/sepgsql/selinux.c
@@ -893,7 +893,7 @@ sepgsql_compute_create(const char *scontext,
* tclass: class code (SEPG_CLASS_*) of the object being referenced
* required: a mask of required permissions (SEPG_<class>__<perm>)
* audit_name: a human readable object name for audit logs, or NULL.
- * abort: true, if caller wants to raise an error on access violation
+ * abort_on_violation: true, if error shall be raised on access violation
*/
bool
sepgsql_check_perms(const char *scontext,
@@ -901,7 +901,7 @@ sepgsql_check_perms(const char *scontext,
uint16 tclass,
uint32 required,
const char *audit_name,
- bool abort)
+ bool abort_on_violation)
{
struct av_decision avd;
uint32 denied;
@@ -937,7 +937,7 @@ sepgsql_check_perms(const char *scontext,
audit_name);
}
- if (!result && abort)
+ if (!result && abort_on_violation)
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
errmsg("SELinux: security policy violation")));
diff --git a/contrib/sepgsql/sepgsql.h b/contrib/sepgsql/sepgsql.h
index 479b136909b..9c89eaa8938 100644
--- a/contrib/sepgsql/sepgsql.h
+++ b/contrib/sepgsql/sepgsql.h
@@ -247,7 +247,7 @@ extern bool sepgsql_check_perms(const char *scontext,
uint16 tclass,
uint32 required,
const char *audit_name,
- bool abort);
+ bool abort_on_violation);
/*
* uavc.c
@@ -257,12 +257,12 @@ extern bool sepgsql_avc_check_perms_label(const char *tcontext,
uint16 tclass,
uint32 required,
const char *audit_name,
- bool abort);
+ bool abort_on_violation);
extern bool sepgsql_avc_check_perms(const ObjectAddress *tobject,
uint16 tclass,
uint32 required,
const char *audit_name,
- bool abort);
+ bool abort_on_violation);
extern char *sepgsql_avc_trusted_proc(Oid functionId);
extern void sepgsql_avc_init(void);
@@ -285,7 +285,7 @@ extern Datum sepgsql_restorecon(PG_FUNCTION_ARGS);
/*
* dml.c
*/
-extern bool sepgsql_dml_privileges(List *rangeTabls, bool abort);
+extern bool sepgsql_dml_privileges(List *rangeTabls, bool abort_on_violation);
/*
* database.c
diff --git a/contrib/sepgsql/uavc.c b/contrib/sepgsql/uavc.c
index 9641a17d79e..04ec3056069 100644
--- a/contrib/sepgsql/uavc.c
+++ b/contrib/sepgsql/uavc.c
@@ -335,7 +335,7 @@ sepgsql_avc_lookup(const char *scontext, const char *tcontext, uint16 tclass)
*
* It returns 'true', if the security policy suggested to allow the required
* permissions. Otherwise, it returns 'false' or raises an error according
- * to the 'abort' argument.
+ * to the 'abort_on_violation' argument.
* The 'tobject' and 'tclass' identify the target object being referenced,
* and 'required' is a bitmask of permissions (SEPG_*__*) defined for each
* object classes.
@@ -345,7 +345,8 @@ sepgsql_avc_lookup(const char *scontext, const char *tcontext, uint16 tclass)
bool
sepgsql_avc_check_perms_label(const char *tcontext,
uint16 tclass, uint32 required,
- const char *audit_name, bool abort)
+ const char *audit_name,
+ bool abort_on_violation)
{
char *scontext = sepgsql_get_client_label();
avc_cache *cache;
@@ -415,7 +416,7 @@ sepgsql_avc_check_perms_label(const char *tcontext,
audit_name);
}
- if (abort && !result)
+ if (abort_on_violation && !result)
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
errmsg("SELinux: security policy violation")));
@@ -426,14 +427,15 @@ sepgsql_avc_check_perms_label(const char *tcontext,
bool
sepgsql_avc_check_perms(const ObjectAddress *tobject,
uint16 tclass, uint32 required,
- const char *audit_name, bool abort)
+ const char *audit_name,
+ bool abort_on_violation)
{
char *tcontext = GetSecurityLabel(tobject, SEPGSQL_LABEL_TAG);
bool rc;
rc = sepgsql_avc_check_perms_label(tcontext,
tclass, required,
- audit_name, abort);
+ audit_name, abort_on_violation);
if (tcontext)
pfree(tcontext);
--
GitLab