sepgsql: Check CREATE permissions for some object types.

KaiGai Kohei, reviewed by Dimitri Fontaine and me.

1 files changed, 49 insertions, 6 deletions

diff --git a/contrib/sepgsql/proc.c b/contrib/sepgsql/proc.c
index 9630d456896..14231c4aa85 100644
--- a/contrib/sepgsql/proc.c
+++ b/contrib/sepgsql/proc.c
@@ -18,6 +18,7 @@
 #include "catalog/pg_namespace.h"
 #include "catalog/pg_proc.h"
 #include "commands/seclabel.h"
+#include "utils/builtins.h"
 #include "utils/fmgroids.h"
 #include "utils/lsyscache.h"
 #include "utils/tqual.h"
@@ -37,11 +38,13 @@ sepgsql_proc_post_create(Oid functionId)
 	ScanKeyData skey;
 	SysScanDesc sscan;
 	HeapTuple	tuple;
-	Oid			namespaceId;
-	ObjectAddress object;
 	char	   *scontext;
 	char	   *tcontext;
 	char	   *ncontext;
+	int			i;
+	StringInfoData	audit_name;
+	ObjectAddress	object;
+	Form_pg_proc	proForm;
 
 	/*
 	 * Fetch namespace of the new procedure. Because pg_proc entry is not
@@ -61,21 +64,54 @@ sepgsql_proc_post_create(Oid functionId)
 	if (!HeapTupleIsValid(tuple))
 		elog(ERROR, "catalog lookup failed for proc %u", functionId);
 
-	namespaceId = ((Form_pg_proc) GETSTRUCT(tuple))->pronamespace;
+	proForm = (Form_pg_proc) GETSTRUCT(tuple);
+
+	/*
+	 * check db_schema:{add_name} permission of the namespace
+	 */
+	object.classId = NamespaceRelationId;
+	object.objectId = proForm->pronamespace;
+	object.objectSubId = 0;
+	sepgsql_avc_check_perms(&object,
+							SEPG_CLASS_DB_SCHEMA,
+							SEPG_DB_SCHEMA__ADD_NAME,
+							getObjectDescription(&object),
+							true);
+	/*
+	 * XXX - db_language:{implement} also should be checked here
+	 */
 
-	systable_endscan(sscan);
-	heap_close(rel, AccessShareLock);
 
 	/*
 	 * Compute a default security label when we create a new procedure object
 	 * under the specified namespace.
 	 */
 	scontext = sepgsql_get_client_label();
-	tcontext = sepgsql_get_label(NamespaceRelationId, namespaceId, 0);
+	tcontext = sepgsql_get_label(NamespaceRelationId,
+								 proForm->pronamespace, 0);
 	ncontext = sepgsql_compute_create(scontext, tcontext,
 									  SEPG_CLASS_DB_PROCEDURE);
 
 	/*
+	 * check db_procedure:{create} permission
+	 */
+	initStringInfo(&audit_name);
+	appendStringInfo(&audit_name, "function %s(", NameStr(proForm->proname));
+	for (i=0; i < proForm->pronargs; i++)
+	{
+		Oid		typeoid = proForm->proargtypes.values[i];
+		if (i > 0)
+			appendStringInfoChar(&audit_name, ',');
+		appendStringInfoString(&audit_name, format_type_be(typeoid));
+	}
+	appendStringInfoChar(&audit_name, ')');
+
+	sepgsql_avc_check_perms_label(ncontext,
+								  SEPG_CLASS_DB_PROCEDURE,
+								  SEPG_DB_PROCEDURE__CREATE,
+								  audit_name.data,
+								  true);
+	/*
 	 * Assign the default security label on a new procedure
 	 */
 	object.classId = ProcedureRelationId;
@@ -83,6 +119,13 @@ sepgsql_proc_post_create(Oid functionId)
 	object.objectSubId = 0;
 	SetSecurityLabel(&object, SEPGSQL_LABEL_TAG, ncontext);
 
+	/*
+	 * Cleanup
+	 */
+	systable_endscan(sscan);
+	heap_close(rel, AccessShareLock);
+
+	pfree(audit_name.data);
 	pfree(tcontext);
 	pfree(ncontext);
 }