mirror of
https://git.postgresql.org/git/postgresql.git
synced 2025-02-23 19:39:53 +08:00
sepgsql DROP support.
KaiGai Kohei
This commit is contained in:
Robert Haas
parent
07d1edb954
commit
e914a144d3
@ -118,6 +118,33 @@ sepgsql_database_post_create(Oid databaseId, const char *dtemplate)
|
||||
pfree(tcontext);
|
||||
}
|
||||
|
||||
/*
|
||||
* sepgsql_database_drop
|
||||
*
|
||||
* It checks privileges to drop the supplied database
|
||||
*/
|
||||
void
|
||||
sepgsql_database_drop(Oid databaseId)
|
||||
{
|
||||
ObjectAddress object;
|
||||
char *audit_name;
|
||||
|
||||
/*
|
||||
* check db_database:{drop} permission
|
||||
*/
|
||||
object.classId = DatabaseRelationId;
|
||||
object.objectId = databaseId;
|
||||
object.objectSubId = 0;
|
||||
audit_name = getObjectDescription(&object);
|
||||
|
||||
sepgsql_avc_check_perms(&object,
|
||||
SEPG_CLASS_DB_DATABASE,
|
||||
SEPG_DB_DATABASE__DROP,
|
||||
audit_name,
|
||||
true);
|
||||
pfree(audit_name);
|
||||
}
|
||||
|
||||
/*
|
||||
* sepgsql_database_relabel
|
||||
*
|
||||
|
||||
@ -1,80 +0,0 @@
|
||||
--
|
||||
-- Regression Test for Creation of Object Permission Checks
|
||||
--
|
||||
-- confirm required permissions using audit messages
|
||||
SELECT sepgsql_getcon(); -- confirm client privilege
|
||||
sepgsql_getcon
|
||||
-------------------------------------------
|
||||
unconfined_u:unconfined_r:unconfined_t:s0
|
||||
(1 row)
|
||||
|
||||
SET sepgsql.debug_audit = true;
|
||||
SET client_min_messages = LOG;
|
||||
CREATE DATABASE regtest_sepgsql_test_database;
|
||||
LOG: SELinux: allowed { getattr } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=system_u:object_r:sepgsql_db_t:s0 tclass=db_database name="database template1"
|
||||
LOG: SELinux: allowed { create } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_db_t:s0 tclass=db_database name="database regtest_sepgsql_test_database"
|
||||
CREATE SCHEMA regtest_schema;
|
||||
LOG: SELinux: allowed { create } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_schema_t:s0 tclass=db_schema name="schema regtest_schema"
|
||||
SET search_path = regtest_schema, public;
|
||||
CREATE TABLE regtest_table (x serial primary key, y text);
|
||||
NOTICE: CREATE TABLE will create implicit sequence "regtest_table_x_seq" for serial column "regtest_table.x"
|
||||
LOG: SELinux: allowed { add_name } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_schema_t:s0 tclass=db_schema name="schema regtest_schema"
|
||||
LOG: SELinux: allowed { create } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_seq_t:s0 tclass=db_sequence name="sequence regtest_table_x_seq"
|
||||
LOG: SELinux: allowed { add_name } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_schema_t:s0 tclass=db_schema name="schema regtest_schema"
|
||||
LOG: SELinux: allowed { create } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_table name="table regtest_table"
|
||||
LOG: SELinux: allowed { create } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table regtest_table column tableoid"
|
||||
LOG: SELinux: allowed { create } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table regtest_table column cmax"
|
||||
LOG: SELinux: allowed { create } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table regtest_table column xmax"
|
||||
LOG: SELinux: allowed { create } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table regtest_table column cmin"
|
||||
LOG: SELinux: allowed { create } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table regtest_table column xmin"
|
||||
LOG: SELinux: allowed { create } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table regtest_table column ctid"
|
||||
LOG: SELinux: allowed { create } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table regtest_table column x"
|
||||
LOG: SELinux: allowed { create } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table regtest_table column y"
|
||||
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "regtest_table_pkey" for table "regtest_table"
|
||||
ALTER TABLE regtest_table ADD COLUMN z int;
|
||||
LOG: SELinux: allowed { create } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table regtest_table column z"
|
||||
CREATE TABLE regtest_table_2 (a int) WITH OIDS;
|
||||
LOG: SELinux: allowed { add_name } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_schema_t:s0 tclass=db_schema name="schema regtest_schema"
|
||||
LOG: SELinux: allowed { create } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_table name="table regtest_table_2"
|
||||
LOG: SELinux: allowed { create } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table regtest_table_2 column tableoid"
|
||||
LOG: SELinux: allowed { create } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table regtest_table_2 column cmax"
|
||||
LOG: SELinux: allowed { create } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table regtest_table_2 column xmax"
|
||||
LOG: SELinux: allowed { create } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table regtest_table_2 column cmin"
|
||||
LOG: SELinux: allowed { create } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table regtest_table_2 column xmin"
|
||||
LOG: SELinux: allowed { create } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table regtest_table_2 column oid"
|
||||
LOG: SELinux: allowed { create } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table regtest_table_2 column ctid"
|
||||
LOG: SELinux: allowed { create } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table regtest_table_2 column a"
|
||||
-- corresponding toast table should not have label and permission checks
|
||||
ALTER TABLE regtest_table_2 ADD COLUMN b text;
|
||||
LOG: SELinux: allowed { create } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table regtest_table_2 column b"
|
||||
-- VACUUM FULL internally create a new table and swap them later.
|
||||
VACUUM FULL regtest_table;
|
||||
CREATE VIEW regtest_view AS SELECT * FROM regtest_table WHERE x < 100;
|
||||
LOG: SELinux: allowed { add_name } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_schema_t:s0 tclass=db_schema name="schema regtest_schema"
|
||||
LOG: SELinux: allowed { create } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_view_t:s0 tclass=db_view name="view regtest_view"
|
||||
CREATE SEQUENCE regtest_seq;
|
||||
LOG: SELinux: allowed { add_name } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_schema_t:s0 tclass=db_schema name="schema regtest_schema"
|
||||
LOG: SELinux: allowed { create } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_seq_t:s0 tclass=db_sequence name="sequence regtest_seq"
|
||||
CREATE TYPE regtest_comptype AS (a int, b text);
|
||||
CREATE FUNCTION regtest_func(text,int[]) RETURNS bool LANGUAGE plpgsql
|
||||
AS 'BEGIN RAISE NOTICE ''regtest_func => %'', $1; RETURN true; END';
|
||||
LOG: SELinux: allowed { add_name } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_schema_t:s0 tclass=db_schema name="schema regtest_schema"
|
||||
LOG: SELinux: allowed { create } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_proc_exec_t:s0 tclass=db_procedure name="function regtest_func(text,integer[])"
|
||||
CREATE AGGREGATE regtest_agg (
|
||||
sfunc1 = int4pl, basetype = int4, stype1 = int4, initcond1 = '0'
|
||||
);
|
||||
LOG: SELinux: allowed { add_name } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_schema_t:s0 tclass=db_schema name="schema regtest_schema"
|
||||
LOG: SELinux: allowed { create } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_proc_exec_t:s0 tclass=db_procedure name="function regtest_agg(integer)"
|
||||
--
|
||||
-- clean-up
|
||||
--
|
||||
DROP DATABASE IF EXISTS regtest_sepgsql_test_database;
|
||||
DROP SCHEMA IF EXISTS regtest_schema CASCADE;
|
||||
NOTICE: drop cascades to 7 other objects
|
||||
DETAIL: drop cascades to table regtest_table
|
||||
drop cascades to table regtest_table_2
|
||||
drop cascades to view regtest_view
|
||||
drop cascades to sequence regtest_seq
|
||||
drop cascades to type regtest_comptype
|
||||
drop cascades to function regtest_func(text,integer[])
|
||||
drop cascades to function regtest_agg(integer)
|
||||
164
contrib/sepgsql/expected/ddl.out
Normal file
164
contrib/sepgsql/expected/ddl.out
Normal file
@ -0,0 +1,164 @@
|
||||
--
|
||||
-- Regression Test for DDL of Object Permission Checks
|
||||
--
|
||||
-- confirm required permissions using audit messages
|
||||
SELECT sepgsql_getcon(); -- confirm client privilege
|
||||
sepgsql_getcon
|
||||
-------------------------------------------
|
||||
unconfined_u:unconfined_r:unconfined_t:s0
|
||||
(1 row)
|
||||
|
||||
SET sepgsql.debug_audit = true;
|
||||
SET client_min_messages = LOG;
|
||||
--
|
||||
-- CREATE Permission checks
|
||||
--
|
||||
CREATE DATABASE regtest_sepgsql_test_database;
|
||||
LOG: SELinux: allowed { getattr } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=system_u:object_r:sepgsql_db_t:s0 tclass=db_database name="database template1"
|
||||
LOG: SELinux: allowed { create } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_db_t:s0 tclass=db_database name="database regtest_sepgsql_test_database"
|
||||
CREATE USER regtest_sepgsql_test_user;
|
||||
CREATE SCHEMA regtest_schema;
|
||||
LOG: SELinux: allowed { create } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_schema_t:s0 tclass=db_schema name="schema regtest_schema"
|
||||
GRANT ALL ON SCHEMA regtest_schema TO regtest_sepgsql_test_user;
|
||||
SET search_path = regtest_schema, public;
|
||||
CREATE TABLE regtest_table (x serial primary key, y text);
|
||||
NOTICE: CREATE TABLE will create implicit sequence "regtest_table_x_seq" for serial column "regtest_table.x"
|
||||
LOG: SELinux: allowed { add_name } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_schema_t:s0 tclass=db_schema name="schema regtest_schema"
|
||||
LOG: SELinux: allowed { create } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_seq_t:s0 tclass=db_sequence name="sequence regtest_table_x_seq"
|
||||
LOG: SELinux: allowed { add_name } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_schema_t:s0 tclass=db_schema name="schema regtest_schema"
|
||||
LOG: SELinux: allowed { create } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_table name="table regtest_table"
|
||||
LOG: SELinux: allowed { create } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table regtest_table column tableoid"
|
||||
LOG: SELinux: allowed { create } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table regtest_table column cmax"
|
||||
LOG: SELinux: allowed { create } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table regtest_table column xmax"
|
||||
LOG: SELinux: allowed { create } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table regtest_table column cmin"
|
||||
LOG: SELinux: allowed { create } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table regtest_table column xmin"
|
||||
LOG: SELinux: allowed { create } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table regtest_table column ctid"
|
||||
LOG: SELinux: allowed { create } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table regtest_table column x"
|
||||
LOG: SELinux: allowed { create } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table regtest_table column y"
|
||||
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index "regtest_table_pkey" for table "regtest_table"
|
||||
ALTER TABLE regtest_table ADD COLUMN z int;
|
||||
LOG: SELinux: allowed { create } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table regtest_table column z"
|
||||
CREATE TABLE regtest_table_2 (a int) WITH OIDS;
|
||||
LOG: SELinux: allowed { add_name } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_schema_t:s0 tclass=db_schema name="schema regtest_schema"
|
||||
LOG: SELinux: allowed { create } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_table name="table regtest_table_2"
|
||||
LOG: SELinux: allowed { create } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table regtest_table_2 column tableoid"
|
||||
LOG: SELinux: allowed { create } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table regtest_table_2 column cmax"
|
||||
LOG: SELinux: allowed { create } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table regtest_table_2 column xmax"
|
||||
LOG: SELinux: allowed { create } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table regtest_table_2 column cmin"
|
||||
LOG: SELinux: allowed { create } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table regtest_table_2 column xmin"
|
||||
LOG: SELinux: allowed { create } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table regtest_table_2 column oid"
|
||||
LOG: SELinux: allowed { create } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table regtest_table_2 column ctid"
|
||||
LOG: SELinux: allowed { create } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table regtest_table_2 column a"
|
||||
-- corresponding toast table should not have label and permission checks
|
||||
ALTER TABLE regtest_table_2 ADD COLUMN b text;
|
||||
LOG: SELinux: allowed { create } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table regtest_table_2 column b"
|
||||
-- VACUUM FULL internally create a new table and swap them later.
|
||||
VACUUM FULL regtest_table;
|
||||
CREATE VIEW regtest_view AS SELECT * FROM regtest_table WHERE x < 100;
|
||||
LOG: SELinux: allowed { add_name } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_schema_t:s0 tclass=db_schema name="schema regtest_schema"
|
||||
LOG: SELinux: allowed { create } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_view_t:s0 tclass=db_view name="view regtest_view"
|
||||
CREATE SEQUENCE regtest_seq;
|
||||
LOG: SELinux: allowed { add_name } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_schema_t:s0 tclass=db_schema name="schema regtest_schema"
|
||||
LOG: SELinux: allowed { create } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_seq_t:s0 tclass=db_sequence name="sequence regtest_seq"
|
||||
CREATE TYPE regtest_comptype AS (a int, b text);
|
||||
CREATE FUNCTION regtest_func(text,int[]) RETURNS bool LANGUAGE plpgsql
|
||||
AS 'BEGIN RAISE NOTICE ''regtest_func => %'', $1; RETURN true; END';
|
||||
LOG: SELinux: allowed { add_name } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_schema_t:s0 tclass=db_schema name="schema regtest_schema"
|
||||
LOG: SELinux: allowed { create } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_proc_exec_t:s0 tclass=db_procedure name="function regtest_func(text,integer[])"
|
||||
CREATE AGGREGATE regtest_agg (
|
||||
sfunc1 = int4pl, basetype = int4, stype1 = int4, initcond1 = '0'
|
||||
);
|
||||
LOG: SELinux: allowed { add_name } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_schema_t:s0 tclass=db_schema name="schema regtest_schema"
|
||||
LOG: SELinux: allowed { create } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_proc_exec_t:s0 tclass=db_procedure name="function regtest_agg(integer)"
|
||||
-- CREATE objects owned by others
|
||||
SET SESSION AUTHORIZATION regtest_sepgsql_test_user;
|
||||
SET search_path = regtest_schema, public;
|
||||
CREATE TABLE regtest_table_3 (x int, y serial);
|
||||
NOTICE: CREATE TABLE will create implicit sequence "regtest_table_3_y_seq" for serial column "regtest_table_3.y"
|
||||
LOG: SELinux: allowed { add_name } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_schema_t:s0 tclass=db_schema name="schema regtest_schema"
|
||||
LOG: SELinux: allowed { create } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_seq_t:s0 tclass=db_sequence name="sequence regtest_table_3_y_seq"
|
||||
LOG: SELinux: allowed { add_name } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_schema_t:s0 tclass=db_schema name="schema regtest_schema"
|
||||
LOG: SELinux: allowed { create } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_table name="table regtest_table_3"
|
||||
LOG: SELinux: allowed { create } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table regtest_table_3 column tableoid"
|
||||
LOG: SELinux: allowed { create } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table regtest_table_3 column cmax"
|
||||
LOG: SELinux: allowed { create } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table regtest_table_3 column xmax"
|
||||
LOG: SELinux: allowed { create } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table regtest_table_3 column cmin"
|
||||
LOG: SELinux: allowed { create } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table regtest_table_3 column xmin"
|
||||
LOG: SELinux: allowed { create } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table regtest_table_3 column ctid"
|
||||
LOG: SELinux: allowed { create } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table regtest_table_3 column x"
|
||||
LOG: SELinux: allowed { create } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table regtest_table_3 column y"
|
||||
CREATE VIEW regtest_view_2 AS SELECT * FROM regtest_table_3 WHERE x < y;
|
||||
LOG: SELinux: allowed { add_name } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_schema_t:s0 tclass=db_schema name="schema regtest_schema"
|
||||
LOG: SELinux: allowed { create } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_view_t:s0 tclass=db_view name="view regtest_view_2"
|
||||
CREATE FUNCTION regtest_func_2(int) RETURNS bool LANGUAGE plpgsql
|
||||
AS 'BEGIN RETURN $1 * $1 < 100; END';
|
||||
LOG: SELinux: allowed { add_name } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_schema_t:s0 tclass=db_schema name="schema regtest_schema"
|
||||
LOG: SELinux: allowed { create } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_proc_exec_t:s0 tclass=db_procedure name="function regtest_func_2(integer)"
|
||||
RESET SESSION AUTHORIZATION;
|
||||
--
|
||||
-- DROP Permission checks (with clean-up)
|
||||
--
|
||||
DROP FUNCTION regtest_func(text,int[]);
|
||||
LOG: SELinux: allowed { remove_name } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_schema_t:s0 tclass=db_schema name="schema regtest_schema"
|
||||
LOG: SELinux: allowed { drop } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_proc_exec_t:s0 tclass=db_procedure name="function regtest_func(text,integer[])"
|
||||
DROP AGGREGATE regtest_agg(int);
|
||||
LOG: SELinux: allowed { remove_name } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_schema_t:s0 tclass=db_schema name="schema regtest_schema"
|
||||
LOG: SELinux: allowed { drop } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_proc_exec_t:s0 tclass=db_procedure name="function regtest_agg(integer)"
|
||||
DROP SEQUENCE regtest_seq;
|
||||
LOG: SELinux: allowed { remove_name } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_schema_t:s0 tclass=db_schema name="schema regtest_schema"
|
||||
LOG: SELinux: allowed { drop } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_seq_t:s0 tclass=db_sequence name="sequence regtest_seq"
|
||||
DROP VIEW regtest_view;
|
||||
LOG: SELinux: allowed { remove_name } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_schema_t:s0 tclass=db_schema name="schema regtest_schema"
|
||||
LOG: SELinux: allowed { drop } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_view_t:s0 tclass=db_view name="view regtest_view"
|
||||
ALTER TABLE regtest_table DROP COLUMN y;
|
||||
LOG: SELinux: allowed { drop } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table regtest_table column y"
|
||||
ALTER TABLE regtest_table_2 SET WITHOUT OIDS;
|
||||
LOG: SELinux: allowed { drop } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table regtest_table_2 column oid"
|
||||
DROP TABLE regtest_table;
|
||||
LOG: SELinux: allowed { remove_name } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_schema_t:s0 tclass=db_schema name="schema regtest_schema"
|
||||
LOG: SELinux: allowed { drop } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_seq_t:s0 tclass=db_sequence name="sequence regtest_table_x_seq"
|
||||
LOG: SELinux: allowed { remove_name } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_schema_t:s0 tclass=db_schema name="schema regtest_schema"
|
||||
LOG: SELinux: allowed { drop } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_table name="table regtest_table"
|
||||
LOG: SELinux: allowed { drop } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table regtest_table column tableoid"
|
||||
LOG: SELinux: allowed { drop } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table regtest_table column cmax"
|
||||
LOG: SELinux: allowed { drop } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table regtest_table column xmax"
|
||||
LOG: SELinux: allowed { drop } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table regtest_table column cmin"
|
||||
LOG: SELinux: allowed { drop } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table regtest_table column xmin"
|
||||
LOG: SELinux: allowed { drop } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table regtest_table column ctid"
|
||||
LOG: SELinux: allowed { drop } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table regtest_table column x"
|
||||
LOG: SELinux: allowed { drop } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table regtest_table column z"
|
||||
DROP OWNED BY regtest_sepgsql_test_user;
|
||||
LOG: SELinux: allowed { remove_name } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_schema_t:s0 tclass=db_schema name="schema regtest_schema"
|
||||
LOG: SELinux: allowed { drop } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_proc_exec_t:s0 tclass=db_procedure name="function regtest_func_2(integer)"
|
||||
LOG: SELinux: allowed { remove_name } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_schema_t:s0 tclass=db_schema name="schema regtest_schema"
|
||||
LOG: SELinux: allowed { drop } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_view_t:s0 tclass=db_view name="view regtest_view_2"
|
||||
LOG: SELinux: allowed { remove_name } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_schema_t:s0 tclass=db_schema name="schema regtest_schema"
|
||||
LOG: SELinux: allowed { drop } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_seq_t:s0 tclass=db_sequence name="sequence regtest_table_3_y_seq"
|
||||
LOG: SELinux: allowed { remove_name } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_schema_t:s0 tclass=db_schema name="schema regtest_schema"
|
||||
LOG: SELinux: allowed { drop } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_table name="table regtest_table_3"
|
||||
LOG: SELinux: allowed { drop } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table regtest_table_3 column tableoid"
|
||||
LOG: SELinux: allowed { drop } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table regtest_table_3 column cmax"
|
||||
LOG: SELinux: allowed { drop } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table regtest_table_3 column xmax"
|
||||
LOG: SELinux: allowed { drop } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table regtest_table_3 column cmin"
|
||||
LOG: SELinux: allowed { drop } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table regtest_table_3 column xmin"
|
||||
LOG: SELinux: allowed { drop } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table regtest_table_3 column ctid"
|
||||
LOG: SELinux: allowed { drop } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table regtest_table_3 column x"
|
||||
LOG: SELinux: allowed { drop } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table regtest_table_3 column y"
|
||||
DROP DATABASE regtest_sepgsql_test_database;
|
||||
LOG: SELinux: allowed { drop } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_db_t:s0 tclass=db_database name="database regtest_sepgsql_test_database"
|
||||
DROP USER regtest_sepgsql_test_user;
|
||||
DROP SCHEMA IF EXISTS regtest_schema CASCADE;
|
||||
NOTICE: drop cascades to 2 other objects
|
||||
DETAIL: drop cascades to table regtest_table_2
|
||||
drop cascades to type regtest_comptype
|
||||
LOG: SELinux: allowed { remove_name } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_schema_t:s0 tclass=db_schema name="schema regtest_schema"
|
||||
LOG: SELinux: allowed { drop } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_table name="table regtest_table_2"
|
||||
LOG: SELinux: allowed { drop } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table regtest_table_2 column tableoid"
|
||||
LOG: SELinux: allowed { drop } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table regtest_table_2 column cmax"
|
||||
LOG: SELinux: allowed { drop } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table regtest_table_2 column xmax"
|
||||
LOG: SELinux: allowed { drop } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table regtest_table_2 column cmin"
|
||||
LOG: SELinux: allowed { drop } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table regtest_table_2 column xmin"
|
||||
LOG: SELinux: allowed { drop } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table regtest_table_2 column ctid"
|
||||
LOG: SELinux: allowed { drop } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table regtest_table_2 column a"
|
||||
LOG: SELinux: allowed { drop } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table regtest_table_2 column b"
|
||||
LOG: SELinux: allowed { drop } scontext=unconfined_u:unconfined_r:unconfined_t:s0 tcontext=unconfined_u:object_r:sepgsql_schema_t:s0 tclass=db_schema name="schema regtest_schema"
|
||||
@ -10,6 +10,7 @@
|
||||
*/
|
||||
#include "postgres.h"
|
||||
|
||||
#include "catalog/dependency.h"
|
||||
#include "catalog/objectaccess.h"
|
||||
#include "catalog/pg_class.h"
|
||||
#include "catalog/pg_database.h"
|
||||
@ -87,10 +88,11 @@ static void
|
||||
sepgsql_object_access(ObjectAccessType access,
|
||||
Oid classId,
|
||||
Oid objectId,
|
||||
int subId)
|
||||
int subId,
|
||||
void *arg)
|
||||
{
|
||||
if (next_object_access_hook)
|
||||
(*next_object_access_hook) (access, classId, objectId, subId);
|
||||
(*next_object_access_hook) (access, classId, objectId, subId, arg);
|
||||
|
||||
switch (access)
|
||||
{
|
||||
@ -146,6 +148,46 @@ sepgsql_object_access(ObjectAccessType access,
|
||||
}
|
||||
break;
|
||||
|
||||
case OAT_DROP:
|
||||
{
|
||||
ObjectAccessDrop *drop_arg = (ObjectAccessDrop *)arg;
|
||||
|
||||
/*
|
||||
* No need to apply permission checks on object deletion
|
||||
* due to internal cleanups; such as removal of temporary
|
||||
* database object on session closed.
|
||||
*/
|
||||
if ((drop_arg->dropflags & PERFORM_DELETION_INTERNAL) != 0)
|
||||
break;
|
||||
|
||||
switch (classId)
|
||||
{
|
||||
case DatabaseRelationId:
|
||||
sepgsql_database_drop(objectId);
|
||||
break;
|
||||
|
||||
case NamespaceRelationId:
|
||||
sepgsql_schema_drop(objectId);
|
||||
break;
|
||||
|
||||
case RelationRelationId:
|
||||
if (subId == 0)
|
||||
sepgsql_relation_drop(objectId);
|
||||
else
|
||||
sepgsql_attribute_drop(objectId, subId);
|
||||
break;
|
||||
|
||||
case ProcedureRelationId:
|
||||
sepgsql_proc_drop(objectId);
|
||||
break;
|
||||
|
||||
default:
|
||||
/* Ignore unsupported object classes */
|
||||
break;
|
||||
}
|
||||
}
|
||||
break;
|
||||
|
||||
default:
|
||||
elog(ERROR, "unexpected object access type: %d", (int) access);
|
||||
break;
|
||||
|
||||
@ -130,6 +130,48 @@ sepgsql_proc_post_create(Oid functionId)
|
||||
pfree(ncontext);
|
||||
}
|
||||
|
||||
/*
|
||||
* sepgsql_proc_drop
|
||||
*
|
||||
* It checks privileges to drop the supplied function.
|
||||
*/
|
||||
void
|
||||
sepgsql_proc_drop(Oid functionId)
|
||||
{
|
||||
ObjectAddress object;
|
||||
char *audit_name;
|
||||
|
||||
/*
|
||||
* check db_schema:{remove_name} permission
|
||||
*/
|
||||
object.classId = NamespaceRelationId;
|
||||
object.objectId = get_func_namespace(functionId);
|
||||
object.objectSubId = 0;
|
||||
audit_name = getObjectDescription(&object);
|
||||
|
||||
sepgsql_avc_check_perms(&object,
|
||||
SEPG_CLASS_DB_SCHEMA,
|
||||
SEPG_DB_SCHEMA__REMOVE_NAME,
|
||||
audit_name,
|
||||
true);
|
||||
pfree(audit_name);
|
||||
|
||||
/*
|
||||
* check db_procedure:{drop} permission
|
||||
*/
|
||||
object.classId = ProcedureRelationId;
|
||||
object.objectId = functionId;
|
||||
object.objectSubId = 0;
|
||||
audit_name = getObjectDescription(&object);
|
||||
|
||||
sepgsql_avc_check_perms(&object,
|
||||
SEPG_CLASS_DB_PROCEDURE,
|
||||
SEPG_DB_PROCEDURE__DROP,
|
||||
audit_name,
|
||||
true);
|
||||
pfree(audit_name);
|
||||
}
|
||||
|
||||
/*
|
||||
* sepgsql_proc_relabel
|
||||
*
|
||||
|
||||
@ -21,6 +21,7 @@
|
||||
#include "commands/seclabel.h"
|
||||
#include "utils/fmgroids.h"
|
||||
#include "utils/lsyscache.h"
|
||||
#include "utils/syscache.h"
|
||||
#include "utils/tqual.h"
|
||||
|
||||
#include "sepgsql.h"
|
||||
@ -109,6 +110,36 @@ sepgsql_attribute_post_create(Oid relOid, AttrNumber attnum)
|
||||
pfree(ncontext);
|
||||
}
|
||||
|
||||
/*
|
||||
* sepgsql_attribute_drop
|
||||
*
|
||||
* It checks privileges to drop the supplied column.
|
||||
*/
|
||||
void
|
||||
sepgsql_attribute_drop(Oid relOid, AttrNumber attnum)
|
||||
{
|
||||
ObjectAddress object;
|
||||
char *audit_name;
|
||||
|
||||
if (get_rel_relkind(relOid) != RELKIND_RELATION)
|
||||
return;
|
||||
|
||||
/*
|
||||
* check db_column:{drop} permission
|
||||
*/
|
||||
object.classId = RelationRelationId;
|
||||
object.objectId = relOid;
|
||||
object.objectSubId = attnum;
|
||||
audit_name = getObjectDescription(&object);
|
||||
|
||||
sepgsql_avc_check_perms(&object,
|
||||
SEPG_CLASS_DB_COLUMN,
|
||||
SEPG_DB_COLUMN__DROP,
|
||||
audit_name,
|
||||
true);
|
||||
pfree(audit_name);
|
||||
}
|
||||
|
||||
/*
|
||||
* sepgsql_attribute_relabel
|
||||
*
|
||||
@ -309,6 +340,94 @@ out:
|
||||
heap_close(rel, AccessShareLock);
|
||||
}
|
||||
|
||||
/*
|
||||
* sepgsql_relation_drop
|
||||
*
|
||||
* It checks privileges to drop the supplied relation.
|
||||
*/
|
||||
void
|
||||
sepgsql_relation_drop(Oid relOid)
|
||||
{
|
||||
ObjectAddress object;
|
||||
char *audit_name;
|
||||
uint16_t tclass = 0;
|
||||
char relkind;
|
||||
|
||||
relkind = get_rel_relkind(relOid);
|
||||
if (relkind == RELKIND_RELATION)
|
||||
tclass = SEPG_CLASS_DB_TABLE;
|
||||
else if (relkind == RELKIND_SEQUENCE)
|
||||
tclass = SEPG_CLASS_DB_SEQUENCE;
|
||||
else if (relkind == RELKIND_VIEW)
|
||||
tclass = SEPG_CLASS_DB_VIEW;
|
||||
else
|
||||
return;
|
||||
|
||||
/*
|
||||
* check db_schema:{remove_name} permission
|
||||
*/
|
||||
object.classId = NamespaceRelationId;
|
||||
object.objectId = get_rel_namespace(relOid);
|
||||
object.objectSubId = 0;
|
||||
audit_name = getObjectDescription(&object);
|
||||
|
||||
sepgsql_avc_check_perms(&object,
|
||||
SEPG_CLASS_DB_SCHEMA,
|
||||
SEPG_DB_SCHEMA__REMOVE_NAME,
|
||||
audit_name,
|
||||
true);
|
||||
pfree(audit_name);
|
||||
|
||||
/*
|
||||
* check db_table/sequence/view:{drop} permission
|
||||
*/
|
||||
object.classId = RelationRelationId;
|
||||
object.objectId = relOid;
|
||||
object.objectSubId = 0;
|
||||
audit_name = getObjectDescription(&object);
|
||||
|
||||
sepgsql_avc_check_perms(&object,
|
||||
tclass,
|
||||
SEPG_DB_TABLE__DROP,
|
||||
audit_name,
|
||||
true);
|
||||
pfree(audit_name);
|
||||
|
||||
/*
|
||||
* check db_column:{drop} permission
|
||||
*/
|
||||
if (relkind == RELKIND_RELATION)
|
||||
{
|
||||
Form_pg_attribute attForm;
|
||||
CatCList *attrList;
|
||||
HeapTuple atttup;
|
||||
int i;
|
||||
|
||||
attrList = SearchSysCacheList1(ATTNUM, ObjectIdGetDatum(relOid));
|
||||
for (i=0; i < attrList->n_members; i++)
|
||||
{
|
||||
atttup = &attrList->members[i]->tuple;
|
||||
attForm = (Form_pg_attribute) GETSTRUCT(atttup);
|
||||
|
||||
if (attForm->attisdropped)
|
||||
continue;
|
||||
|
||||
object.classId = RelationRelationId;
|
||||
object.objectId = relOid;
|
||||
object.objectSubId = attForm->attnum;
|
||||
audit_name = getObjectDescription(&object);
|
||||
|
||||
sepgsql_avc_check_perms(&object,
|
||||
SEPG_CLASS_DB_COLUMN,
|
||||
SEPG_DB_COLUMN__DROP,
|
||||
audit_name,
|
||||
true);
|
||||
pfree(audit_name);
|
||||
}
|
||||
ReleaseCatCacheList(attrList);
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* sepgsql_relation_relabel
|
||||
*
|
||||
|
||||
@ -96,6 +96,33 @@ sepgsql_schema_post_create(Oid namespaceId)
|
||||
pfree(tcontext);
|
||||
}
|
||||
|
||||
/*
|
||||
* sepgsql_schema_drop
|
||||
*
|
||||
* It checks privileges to drop the supplied schema object.
|
||||
*/
|
||||
void
|
||||
sepgsql_schema_drop(Oid namespaceId)
|
||||
{
|
||||
ObjectAddress object;
|
||||
char *audit_name;
|
||||
|
||||
/*
|
||||
* check db_schema:{drop} permission
|
||||
*/
|
||||
object.classId = NamespaceRelationId;
|
||||
object.objectId = namespaceId;
|
||||
object.objectSubId = 0;
|
||||
audit_name = getObjectDescription(&object);
|
||||
|
||||
sepgsql_avc_check_perms(&object,
|
||||
SEPG_CLASS_DB_SCHEMA,
|
||||
SEPG_DB_SCHEMA__DROP,
|
||||
audit_name,
|
||||
true);
|
||||
pfree(audit_name);
|
||||
}
|
||||
|
||||
/*
|
||||
* sepgsql_schema_relabel
|
||||
*
|
||||
|
||||
@ -288,27 +288,32 @@ extern bool sepgsql_dml_privileges(List *rangeTabls, bool abort);
|
||||
*/
|
||||
extern void sepgsql_database_post_create(Oid databaseId,
|
||||
const char *dtemplate);
|
||||
extern void sepgsql_database_drop(Oid databaseId);
|
||||
extern void sepgsql_database_relabel(Oid databaseId, const char *seclabel);
|
||||
|
||||
/*
|
||||
* schema.c
|
||||
*/
|
||||
extern void sepgsql_schema_post_create(Oid namespaceId);
|
||||
extern void sepgsql_schema_drop(Oid namespaceId);
|
||||
extern void sepgsql_schema_relabel(Oid namespaceId, const char *seclabel);
|
||||
|
||||
/*
|
||||
* relation.c
|
||||
*/
|
||||
extern void sepgsql_attribute_post_create(Oid relOid, AttrNumber attnum);
|
||||
extern void sepgsql_attribute_drop(Oid relOid, AttrNumber attnum);
|
||||
extern void sepgsql_attribute_relabel(Oid relOid, AttrNumber attnum,
|
||||
const char *seclabel);
|
||||
extern void sepgsql_relation_post_create(Oid relOid);
|
||||
extern void sepgsql_relation_drop(Oid relOid);
|
||||
extern void sepgsql_relation_relabel(Oid relOid, const char *seclabel);
|
||||
|
||||
/*
|
||||
* proc.c
|
||||
*/
|
||||
extern void sepgsql_proc_post_create(Oid functionId);
|
||||
extern void sepgsql_proc_drop(Oid functionId);
|
||||
extern void sepgsql_proc_relabel(Oid functionId, const char *seclabel);
|
||||
|
||||
#endif /* SEPGSQL_H */
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
--
|
||||
-- Regression Test for Creation of Object Permission Checks
|
||||
-- Regression Test for DDL of Object Permission Checks
|
||||
--
|
||||
|
||||
-- confirm required permissions using audit messages
|
||||
@ -7,10 +7,17 @@
|
||||
SET sepgsql.debug_audit = true;
|
||||
SET client_min_messages = LOG;
|
||||
|
||||
--
|
||||
-- CREATE Permission checks
|
||||
--
|
||||
CREATE DATABASE regtest_sepgsql_test_database;
|
||||
|
||||
CREATE USER regtest_sepgsql_test_user;
|
||||
|
||||
CREATE SCHEMA regtest_schema;
|
||||
|
||||
GRANT ALL ON SCHEMA regtest_schema TO regtest_sepgsql_test_user;
|
||||
|
||||
SET search_path = regtest_schema, public;
|
||||
|
||||
CREATE TABLE regtest_table (x serial primary key, y text);
|
||||
@ -38,9 +45,37 @@ CREATE AGGREGATE regtest_agg (
|
||||
sfunc1 = int4pl, basetype = int4, stype1 = int4, initcond1 = '0'
|
||||
);
|
||||
|
||||
--
|
||||
-- clean-up
|
||||
--
|
||||
DROP DATABASE IF EXISTS regtest_sepgsql_test_database;
|
||||
-- CREATE objects owned by others
|
||||
SET SESSION AUTHORIZATION regtest_sepgsql_test_user;
|
||||
|
||||
SET search_path = regtest_schema, public;
|
||||
|
||||
CREATE TABLE regtest_table_3 (x int, y serial);
|
||||
|
||||
CREATE VIEW regtest_view_2 AS SELECT * FROM regtest_table_3 WHERE x < y;
|
||||
|
||||
CREATE FUNCTION regtest_func_2(int) RETURNS bool LANGUAGE plpgsql
|
||||
AS 'BEGIN RETURN $1 * $1 < 100; END';
|
||||
|
||||
RESET SESSION AUTHORIZATION;
|
||||
|
||||
--
|
||||
-- DROP Permission checks (with clean-up)
|
||||
--
|
||||
|
||||
DROP FUNCTION regtest_func(text,int[]);
|
||||
DROP AGGREGATE regtest_agg(int);
|
||||
|
||||
DROP SEQUENCE regtest_seq;
|
||||
DROP VIEW regtest_view;
|
||||
|
||||
ALTER TABLE regtest_table DROP COLUMN y;
|
||||
ALTER TABLE regtest_table_2 SET WITHOUT OIDS;
|
||||
|
||||
DROP TABLE regtest_table;
|
||||
|
||||
DROP OWNED BY regtest_sepgsql_test_user;
|
||||
|
||||
DROP DATABASE regtest_sepgsql_test_database;
|
||||
DROP USER regtest_sepgsql_test_user;
|
||||
DROP SCHEMA IF EXISTS regtest_schema CASCADE;
|
||||
@ -259,6 +259,6 @@ echo "found ${NUM}"
|
||||
echo
|
||||
echo "============== running sepgsql regression tests =============="
|
||||
|
||||
make REGRESS="label dml create misc" REGRESS_OPTS="--launcher ./launcher" installcheck
|
||||
make REGRESS="label dml ddl misc" REGRESS_OPTS="--launcher ./launcher" installcheck
|
||||
|
||||
# exit with the exit code provided by "make"
|
||||
|
||||
@ -440,6 +440,20 @@ UPDATE t1 SET x = 2, y = md5sum(y) WHERE z = 100;
|
||||
on the schema, not only <literal>create</> on the new object itself.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
When <literal>DROP</> command is executed, <literal>drop</> will be
|
||||
checked on the object being removed for each object types.
|
||||
Please note that it shall not be checked on the objects removed by
|
||||
cascaded deletion according to the standard manner in SQL.
|
||||
</para>
|
||||
<para>
|
||||
A few additional checks are applied depending on object types.
|
||||
On deletion of objects underlying a particula schema (tables, views,
|
||||
sequences and procedures), <literal>remove_name</> shall be also checked
|
||||
on the schema, not only <literal>drop</> on the object being removed
|
||||
itself.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
When <xref linkend="sql-security-label"> is executed, <literal>setattr</>
|
||||
and <literal>relabelfrom</> will be checked on the object being relabeled
|
||||
|
||||
Loading…
Reference in New Issue
Block a user