summaryrefslogtreecommitdiff
path: root/contrib/sepgsql/relation.c
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/sepgsql/relation.c')
-rw-r--r--contrib/sepgsql/relation.c44
1 files changed, 25 insertions, 19 deletions
diff --git a/contrib/sepgsql/relation.c b/contrib/sepgsql/relation.c
index 1f1ab04d39..59a6d9be6e 100644
--- a/contrib/sepgsql/relation.c
+++ b/contrib/sepgsql/relation.c
@@ -4,7 +4,7 @@
*
* Routines corresponding to relation/attribute objects
*
- * Copyright (c) 2010-2016, PostgreSQL Global Development Group
+ * Copyright (c) 2010-2017, PostgreSQL Global Development Group
*
* -------------------------------------------------------------------------
*/
@@ -54,12 +54,13 @@ sepgsql_attribute_post_create(Oid relOid, AttrNumber attnum)
ObjectAddress object;
Form_pg_attribute attForm;
StringInfoData audit_name;
+ char relkind = get_rel_relkind(relOid);
/*
- * Only attributes within regular relation have individual security
- * labels.
+ * Only attributes within regular relations or partition relations have
+ * individual security labels.
*/
- if (get_rel_relkind(relOid) != RELKIND_RELATION)
+ if (relkind != RELKIND_RELATION && relkind != RELKIND_PARTITIONED_TABLE)
return;
/*
@@ -135,8 +136,9 @@ sepgsql_attribute_drop(Oid relOid, AttrNumber attnum)
{
ObjectAddress object;
char *audit_name;
+ char relkind = get_rel_relkind(relOid);
- if (get_rel_relkind(relOid) != RELKIND_RELATION)
+ if (relkind != RELKIND_RELATION && relkind != RELKIND_PARTITIONED_TABLE)
return;
/*
@@ -167,8 +169,9 @@ sepgsql_attribute_relabel(Oid relOid, AttrNumber attnum,
{
ObjectAddress object;
char *audit_name;
+ char relkind = get_rel_relkind(relOid);
- if (get_rel_relkind(relOid) != RELKIND_RELATION)
+ if (relkind != RELKIND_RELATION && relkind != RELKIND_PARTITIONED_TABLE)
ereport(ERROR,
(errcode(ERRCODE_WRONG_OBJECT_TYPE),
errmsg("cannot set security label on non-regular columns")));
@@ -209,8 +212,9 @@ sepgsql_attribute_setattr(Oid relOid, AttrNumber attnum)
{
ObjectAddress object;
char *audit_name;
+ char relkind = get_rel_relkind(relOid);
- if (get_rel_relkind(relOid) != RELKIND_RELATION)
+ if (relkind != RELKIND_RELATION && relkind != RELKIND_PARTITIONED_TABLE)
return;
/*
@@ -243,7 +247,7 @@ sepgsql_relation_post_create(Oid relOid)
HeapTuple tuple;
Form_pg_class classForm;
ObjectAddress object;
- uint16 tclass;
+ uint16_t tclass;
char *scontext; /* subject */
char *tcontext; /* schema */
char *rcontext; /* relation */
@@ -291,6 +295,7 @@ sepgsql_relation_post_create(Oid relOid)
switch (classForm->relkind)
{
case RELKIND_RELATION:
+ case RELKIND_PARTITIONED_TABLE:
tclass = SEPG_CLASS_DB_TABLE;
break;
case RELKIND_SEQUENCE:
@@ -333,7 +338,8 @@ sepgsql_relation_post_create(Oid relOid)
true);
/*
- * Assign the default security label on the new relation
+ * Assign the default security label on the new regular or partitioned
+ * relation.
*/
object.classId = RelationRelationId;
object.objectId = relOid;
@@ -341,10 +347,10 @@ sepgsql_relation_post_create(Oid relOid)
SetSecurityLabel(&object, SEPGSQL_LABEL_TAG, rcontext);
/*
- * We also assigns a default security label on columns of the new regular
- * tables.
+ * We also assign a default security label on columns of a new table.
*/
- if (classForm->relkind == RELKIND_RELATION)
+ if (classForm->relkind == RELKIND_RELATION ||
+ classForm->relkind == RELKIND_PARTITIONED_TABLE)
{
Relation arel;
ScanKeyData akey;
@@ -413,13 +419,13 @@ sepgsql_relation_drop(Oid relOid)
{
ObjectAddress object;
char *audit_name;
- uint16_t tclass;
- char relkind;
+ uint16_t tclass = 0;
+ char relkind = get_rel_relkind(relOid);
- relkind = get_rel_relkind(relOid);
switch (relkind)
{
case RELKIND_RELATION:
+ case RELKIND_PARTITIONED_TABLE:
tclass = SEPG_CLASS_DB_TABLE;
break;
case RELKIND_SEQUENCE:
@@ -479,7 +485,7 @@ sepgsql_relation_drop(Oid relOid)
/*
* check db_column:{drop} permission
*/
- if (relkind == RELKIND_RELATION)
+ if (relkind == RELKIND_RELATION || relkind == RELKIND_PARTITIONED_TABLE)
{
Form_pg_attribute attForm;
CatCList *attrList;
@@ -521,11 +527,10 @@ sepgsql_relation_relabel(Oid relOid, const char *seclabel)
{
ObjectAddress object;
char *audit_name;
- char relkind;
+ char relkind = get_rel_relkind(relOid);
uint16_t tclass = 0;
- relkind = get_rel_relkind(relOid);
- if (relkind == RELKIND_RELATION)
+ if (relkind == RELKIND_RELATION || relkind == RELKIND_PARTITIONED_TABLE)
tclass = SEPG_CLASS_DB_TABLE;
else if (relkind == RELKIND_SEQUENCE)
tclass = SEPG_CLASS_DB_SEQUENCE;
@@ -585,6 +590,7 @@ sepgsql_relation_setattr(Oid relOid)
switch (get_rel_relkind(relOid))
{
case RELKIND_RELATION:
+ case RELKIND_PARTITIONED_TABLE:
tclass = SEPG_CLASS_DB_TABLE;
break;
case RELKIND_SEQUENCE: