Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to content

Commit aa2b237

Browse files
committed
sepgsql cleanups.
This is needed to match recent changes elsewhere. Along the way, some renaming for clarity. KaiGai Kohei
1 parent 46c508f commit aa2b237

File tree

10 files changed

+33
-23
lines changed

10 files changed

+33
-23
lines changed

contrib/sepgsql/database.c

+1
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@
1212

1313
#include "access/genam.h"
1414
#include "access/heapam.h"
15+
#include "access/htup_details.h"
1516
#include "access/sysattr.h"
1617
#include "catalog/dependency.h"
1718
#include "catalog/pg_database.h"

contrib/sepgsql/dml.c

+8-7
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,7 @@
1010
*/
1111
#include "postgres.h"
1212

13+
#include "access/htup_details.h"
1314
#include "access/sysattr.h"
1415
#include "access/tupdesc.h"
1516
#include "catalog/catalog.h"
@@ -148,7 +149,7 @@ check_relation_privileges(Oid relOid,
148149
Bitmapset *selected,
149150
Bitmapset *modified,
150151
uint32 required,
151-
bool abort)
152+
bool abort_on_violation)
152153
{
153154
ObjectAddress object;
154155
char *audit_name;
@@ -194,7 +195,7 @@ check_relation_privileges(Oid relOid,
194195
SEPG_CLASS_DB_TABLE,
195196
required,
196197
audit_name,
197-
abort);
198+
abort_on_violation);
198199
break;
199200

200201
case RELKIND_SEQUENCE:
@@ -205,15 +206,15 @@ check_relation_privileges(Oid relOid,
205206
SEPG_CLASS_DB_SEQUENCE,
206207
SEPG_DB_SEQUENCE__GET_VALUE,
207208
audit_name,
208-
abort);
209+
abort_on_violation);
209210
break;
210211

211212
case RELKIND_VIEW:
212213
result = sepgsql_avc_check_perms(&object,
213214
SEPG_CLASS_DB_VIEW,
214215
SEPG_DB_VIEW__EXPAND,
215216
audit_name,
216-
abort);
217+
abort_on_violation);
217218
break;
218219

219220
default:
@@ -264,7 +265,7 @@ check_relation_privileges(Oid relOid,
264265
SEPG_CLASS_DB_COLUMN,
265266
column_perms,
266267
audit_name,
267-
abort);
268+
abort_on_violation);
268269
pfree(audit_name);
269270

270271
if (!result)
@@ -279,7 +280,7 @@ check_relation_privileges(Oid relOid,
279280
* Entrypoint of the DML permission checks
280281
*/
281282
bool
282-
sepgsql_dml_privileges(List *rangeTabls, bool abort)
283+
sepgsql_dml_privileges(List *rangeTabls, bool abort_on_violation)
283284
{
284285
ListCell *lr;
285286

@@ -351,7 +352,7 @@ sepgsql_dml_privileges(List *rangeTabls, bool abort)
351352
if (!check_relation_privileges(tableOid,
352353
selectedCols,
353354
modifiedCols,
354-
required, abort))
355+
required, abort_on_violation))
355356
return false;
356357
}
357358
list_free(tableIds);

contrib/sepgsql/hooks.c

+4-4
Original file line numberDiff line numberDiff line change
@@ -265,9 +265,9 @@ static void
265265
sepgsql_utility_command(Node *parsetree,
266266
const char *queryString,
267267
ParamListInfo params,
268-
bool isTopLevel,
269268
DestReceiver *dest,
270-
char *completionTag)
269+
char *completionTag,
270+
ProcessUtilityContext context)
271271
{
272272
sepgsql_context_info_t saved_context_info = sepgsql_context_info;
273273
ListCell *cell;
@@ -328,10 +328,10 @@ sepgsql_utility_command(Node *parsetree,
328328

329329
if (next_ProcessUtility_hook)
330330
(*next_ProcessUtility_hook) (parsetree, queryString, params,
331-
isTopLevel, dest, completionTag);
331+
dest, completionTag, context);
332332
else
333333
standard_ProcessUtility(parsetree, queryString, params,
334-
isTopLevel, dest, completionTag);
334+
dest, completionTag, context);
335335
}
336336
PG_CATCH();
337337
{

contrib/sepgsql/label.c

+1
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@
1111
#include "postgres.h"
1212

1313
#include "access/heapam.h"
14+
#include "access/htup_details.h"
1415
#include "access/genam.h"
1516
#include "access/xact.h"
1617
#include "catalog/catalog.h"

contrib/sepgsql/proc.c

+2
Original file line numberDiff line numberDiff line change
@@ -12,12 +12,14 @@
1212

1313
#include "access/genam.h"
1414
#include "access/heapam.h"
15+
#include "access/htup_details.h"
1516
#include "access/sysattr.h"
1617
#include "catalog/dependency.h"
1718
#include "catalog/indexing.h"
1819
#include "catalog/pg_namespace.h"
1920
#include "catalog/pg_proc.h"
2021
#include "commands/seclabel.h"
22+
#include "lib/stringinfo.h"
2123
#include "utils/builtins.h"
2224
#include "utils/fmgroids.h"
2325
#include "utils/lsyscache.h"

contrib/sepgsql/relation.c

+2
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@
1212

1313
#include "access/genam.h"
1414
#include "access/heapam.h"
15+
#include "access/htup_details.h"
1516
#include "access/sysattr.h"
1617
#include "catalog/indexing.h"
1718
#include "catalog/dependency.h"
@@ -20,6 +21,7 @@
2021
#include "catalog/pg_namespace.h"
2122
#include "commands/seclabel.h"
2223
#include "utils/fmgroids.h"
24+
#include "utils/catcache.h"
2325
#include "utils/lsyscache.h"
2426
#include "utils/syscache.h"
2527
#include "utils/tqual.h"

contrib/sepgsql/schema.c

+1
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@
1212

1313
#include "access/genam.h"
1414
#include "access/heapam.h"
15+
#include "access/htup_details.h"
1516
#include "access/sysattr.h"
1617
#include "catalog/dependency.h"
1718
#include "catalog/indexing.h"

contrib/sepgsql/selinux.c

+3-3
Original file line numberDiff line numberDiff line change
@@ -893,15 +893,15 @@ sepgsql_compute_create(const char *scontext,
893893
* tclass: class code (SEPG_CLASS_*) of the object being referenced
894894
* required: a mask of required permissions (SEPG_<class>__<perm>)
895895
* audit_name: a human readable object name for audit logs, or NULL.
896-
* abort: true, if caller wants to raise an error on access violation
896+
* abort_on_violation: true, if error shall be raised on access violation
897897
*/
898898
bool
899899
sepgsql_check_perms(const char *scontext,
900900
const char *tcontext,
901901
uint16 tclass,
902902
uint32 required,
903903
const char *audit_name,
904-
bool abort)
904+
bool abort_on_violation)
905905
{
906906
struct av_decision avd;
907907
uint32 denied;
@@ -937,7 +937,7 @@ sepgsql_check_perms(const char *scontext,
937937
audit_name);
938938
}
939939

940-
if (!result && abort)
940+
if (!result && abort_on_violation)
941941
ereport(ERROR,
942942
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
943943
errmsg("SELinux: security policy violation")));

contrib/sepgsql/sepgsql.h

+4-4
Original file line numberDiff line numberDiff line change
@@ -247,7 +247,7 @@ extern bool sepgsql_check_perms(const char *scontext,
247247
uint16 tclass,
248248
uint32 required,
249249
const char *audit_name,
250-
bool abort);
250+
bool abort_on_violation);
251251

252252
/*
253253
* uavc.c
@@ -257,12 +257,12 @@ extern bool sepgsql_avc_check_perms_label(const char *tcontext,
257257
uint16 tclass,
258258
uint32 required,
259259
const char *audit_name,
260-
bool abort);
260+
bool abort_on_violation);
261261
extern bool sepgsql_avc_check_perms(const ObjectAddress *tobject,
262262
uint16 tclass,
263263
uint32 required,
264264
const char *audit_name,
265-
bool abort);
265+
bool abort_on_violation);
266266
extern char *sepgsql_avc_trusted_proc(Oid functionId);
267267
extern void sepgsql_avc_init(void);
268268

@@ -285,7 +285,7 @@ extern Datum sepgsql_restorecon(PG_FUNCTION_ARGS);
285285
/*
286286
* dml.c
287287
*/
288-
extern bool sepgsql_dml_privileges(List *rangeTabls, bool abort);
288+
extern bool sepgsql_dml_privileges(List *rangeTabls, bool abort_on_violation);
289289

290290
/*
291291
* database.c

contrib/sepgsql/uavc.c

+7-5
Original file line numberDiff line numberDiff line change
@@ -335,7 +335,7 @@ sepgsql_avc_lookup(const char *scontext, const char *tcontext, uint16 tclass)
335335
*
336336
* It returns 'true', if the security policy suggested to allow the required
337337
* permissions. Otherwise, it returns 'false' or raises an error according
338-
* to the 'abort' argument.
338+
* to the 'abort_on_violation' argument.
339339
* The 'tobject' and 'tclass' identify the target object being referenced,
340340
* and 'required' is a bitmask of permissions (SEPG_*__*) defined for each
341341
* object classes.
@@ -345,7 +345,8 @@ sepgsql_avc_lookup(const char *scontext, const char *tcontext, uint16 tclass)
345345
bool
346346
sepgsql_avc_check_perms_label(const char *tcontext,
347347
uint16 tclass, uint32 required,
348-
const char *audit_name, bool abort)
348+
const char *audit_name,
349+
bool abort_on_violation)
349350
{
350351
char *scontext = sepgsql_get_client_label();
351352
avc_cache *cache;
@@ -415,7 +416,7 @@ sepgsql_avc_check_perms_label(const char *tcontext,
415416
audit_name);
416417
}
417418

418-
if (abort && !result)
419+
if (abort_on_violation && !result)
419420
ereport(ERROR,
420421
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
421422
errmsg("SELinux: security policy violation")));
@@ -426,14 +427,15 @@ sepgsql_avc_check_perms_label(const char *tcontext,
426427
bool
427428
sepgsql_avc_check_perms(const ObjectAddress *tobject,
428429
uint16 tclass, uint32 required,
429-
const char *audit_name, bool abort)
430+
const char *audit_name,
431+
bool abort_on_violation)
430432
{
431433
char *tcontext = GetSecurityLabel(tobject, SEPGSQL_LABEL_TAG);
432434
bool rc;
433435

434436
rc = sepgsql_avc_check_perms_label(tcontext,
435437
tclass, required,
436-
audit_name, abort);
438+
audit_name, abort_on_violation);
437439
if (tcontext)
438440
pfree(tcontext);
439441

0 commit comments

Comments
 (0)