diff options
| author | Robert Haas | 2011-09-01 12:37:33 +0000 |
|---|---|---|
| committer | Robert Haas | 2011-09-01 12:38:40 +0000 |
| commit | 4232c4b406c94b433c149ac792d7e68665948cf1 (patch) | |
| tree | dd68778f4d0deae517fedba57b698e744ed66b30 /contrib/sepgsql/proc.c | |
| parent | 3d14bd2563cc527f250eed8d6d83e3ff62318675 (diff) | |
Userspace access vector cache for contrib/sepgsql.
KaiGai Kohei
Diffstat (limited to 'contrib/sepgsql/proc.c')
| -rw-r--r-- | contrib/sepgsql/proc.c | 68 |
1 files changed, 17 insertions, 51 deletions
diff --git a/contrib/sepgsql/proc.c b/contrib/sepgsql/proc.c index 3b8bf23ba39..9630d456896 100644 --- a/contrib/sepgsql/proc.c +++ b/contrib/sepgsql/proc.c @@ -96,64 +96,30 @@ sepgsql_proc_post_create(Oid functionId) void sepgsql_proc_relabel(Oid functionId, const char *seclabel) { - char *scontext = sepgsql_get_client_label(); - char *tcontext; - char *audit_name; + ObjectAddress object; + char *audit_name; - audit_name = getObjectDescriptionOids(ProcedureRelationId, functionId); + object.classId = ProcedureRelationId; + object.objectId = functionId; + object.objectSubId = 0; + audit_name = getObjectDescription(&object); /* * check db_procedure:{setattr relabelfrom} permission */ - tcontext = sepgsql_get_label(ProcedureRelationId, functionId, 0); - sepgsql_check_perms(scontext, - tcontext, - SEPG_CLASS_DB_PROCEDURE, - SEPG_DB_PROCEDURE__SETATTR | - SEPG_DB_PROCEDURE__RELABELFROM, - audit_name, - true); - pfree(tcontext); - + sepgsql_avc_check_perms(&object, + SEPG_CLASS_DB_PROCEDURE, + SEPG_DB_PROCEDURE__SETATTR | + SEPG_DB_PROCEDURE__RELABELFROM, + audit_name, + true); /* * check db_procedure:{relabelto} permission */ - sepgsql_check_perms(scontext, - seclabel, - SEPG_CLASS_DB_PROCEDURE, - SEPG_DB_PROCEDURE__RELABELTO, - audit_name, - true); + sepgsql_avc_check_perms_label(seclabel, + SEPG_CLASS_DB_PROCEDURE, + SEPG_DB_PROCEDURE__RELABELTO, + audit_name, + true); pfree(audit_name); } - -/* - * sepgsql_proc_get_domtrans - * - * It computes security label of the client that shall be applied when - * the current client invokes the supplied function. - * This computed label is either same or different from the current one. - * If security policy informed the function is a trusted-procedure, - * we need to switch security label of the client during execution of - * the function. - * - * Also note that the translated label shall be allocated using palloc(). - * So, need to switch memory context, if you want to hold the string in - * someone except for CurrentMemoryContext. - */ -char * -sepgsql_proc_get_domtrans(Oid functionId) -{ - char *scontext = sepgsql_get_client_label(); - char *tcontext; - char *ncontext; - - tcontext = sepgsql_get_label(ProcedureRelationId, functionId, 0); - - ncontext = sepgsql_compute_create(scontext, - tcontext, - SEPG_CLASS_PROCESS); - pfree(tcontext); - - return ncontext; -} |