Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
P
Postgres FD Implementation
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Abuhujair Javed
Postgres FD Implementation
Commits
a9d845be
Commit
a9d845be
authored
Sep 27, 2011
by
Robert Haas
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
sepgsql uavc comment improvements.
Robert Haas and KaiGai Kohei
parent
624f155f
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
46 additions
and
28 deletions
+46
-28
contrib/sepgsql/uavc.c
contrib/sepgsql/uavc.c
+46
-28
No files found.
contrib/sepgsql/uavc.c
View file @
a9d845be
...
...
@@ -130,13 +130,29 @@ sepgsql_avc_reclaim(void)
}
}
/*
/* -------------------------------------------------------------------------
*
* sepgsql_avc_check_valid
*
* It checks whether the cached entries are still valid, or not.
* If security policy has been reloaded since last reference of access
* vector cache, we have to release all the entries, because they are
* not valid yet.
* This function checks whether the cached entries are still valid. If
* the security policy has been reloaded (or any other events that requires
* resetting userspace caches has occurred) since the last reference to
* the access vector cache, we must flush the cache.
*
* Access control decisions must be atomic, but multiple system calls may
* be required to make a decision; thus, when referencing the access vector
* cache, we must loop until we complete without an intervening cache flush
* event. In practice, looping even once should be very rare. Callers should
* do something like this:
*
* sepgsql_avc_check_valid();
* do {
* :
* <reference to uavc>
* :
* } while (!sepgsql_avc_check_valid())
*
* -------------------------------------------------------------------------
*/
static
bool
sepgsql_avc_check_valid
(
void
)
...
...
@@ -153,8 +169,8 @@ sepgsql_avc_check_valid(void)
/*
* sepgsql_avc_unlabeled
*
*
It returns an alternative label to be applied when no label or
invalid
* label would
be assigned on objects
.
*
Returns an alternative label to be applied when no label or an
invalid
* label would
otherwise be assigned
.
*/
static
char
*
sepgsql_avc_unlabeled
(
void
)
...
...
@@ -221,9 +237,15 @@ sepgsql_avc_compute(const char *scontext, const char *tcontext, uint16 tclass)
sepgsql_compute_avd
(
scontext
,
ucontext
,
tclass
,
&
avd
);
/*
* To boost up trusted procedure checks on db_procedure object
* class, we also confirm the decision when user calls a procedure
* labeled as 'tcontext'.
* It also caches a security label to be switched when a client
* labeled as 'scontext' executes a procedure labeled as 'tcontext',
* not only access control decision on the procedure.
* The security label to be switched shall be computed uniquely on
* a pair of 'scontext' and 'tcontext', thus, it is reasonable to
* cache the new label on avc, and enables to reduce unnecessary
* system calls.
* It shall be referenced at sepgsql_needs_fmgr_hook to check whether
* the supplied function is a trusted procedure, or not.
*/
if
(
tclass
==
SEPG_CLASS_DB_PROCEDURE
)
{
...
...
@@ -278,9 +300,8 @@ sepgsql_avc_compute(const char *scontext, const char *tcontext, uint16 tclass)
/*
* sepgsql_avc_lookup
*
* It lookups a cache entry that matches with the supplied object
* identifiers and object class. If not found, it tries to create
* a new cache entry.
* Look up a cache entry that matches the supplied security contexts and
* object class. If not found, create a new cache entry.
*/
static
avc_cache
*
sepgsql_avc_lookup
(
const
char
*
scontext
,
const
char
*
tcontext
,
uint16
tclass
)
...
...
@@ -338,8 +359,8 @@ sepgsql_avc_check_perms_label(const char *tcontext,
result
=
true
;
/*
* If t
arget object is unlabeled, we assume it has
*
system 'unlabeled' security context instead
.
* If t
he target object is unlabeled, we perform the check using the
*
label supplied by sepgsql_avc_unlabeled()
.
*/
if
(
tcontext
)
cache
=
sepgsql_avc_lookup
(
scontext
,
tcontext
,
tclass
);
...
...
@@ -362,10 +383,10 @@ sepgsql_avc_check_perms_label(const char *tcontext,
{
/*
* In permissive mode or permissive domain, violated permissions
* shall be audited
on the log files at once, and
implicitly
* allowed t
hem to avoid
flood of access denied logs, because
* the purpose of permissive mode/domain is to collect violation
* log t
o fix up security policy itself
.
* shall be audited
to the log files at once, and then
implicitly
* allowed t
o avoid a
flood of access denied logs, because
* the purpose of permissive mode/domain is to collect
a
violation
* log t
hat will make it possible to fix up the security policy
.
*/
if
(
!
sepgsql_getenforce
()
||
cache
->
permissive
)
cache
->
allowed
|=
required
;
...
...
@@ -422,9 +443,9 @@ sepgsql_avc_check_perms(const ObjectAddress *tobject,
/*
* sepgsql_avc_trusted_proc
*
* I
t returns a security label to be switched on execution of the supplied
*
procedure, if it was configured as a trusted procedure. Otherwise, NULL
*
shall be returned
.
* I
f the supplied function OID is configured as a trusted procedure, this
*
function will return a security label to be used during the execution of
*
that function. Otherwise, it returns NULL
.
*/
char
*
sepgsql_avc_trusted_proc
(
Oid
functionId
)
...
...
@@ -455,7 +476,7 @@ sepgsql_avc_trusted_proc(Oid functionId)
/*
* sepgsql_avc_exit
*
*
It clean up userspace avc stuff on process exit
*
Clean up userspace AVC on process exit.
*/
static
void
sepgsql_avc_exit
(
int
code
,
Datum
arg
)
...
...
@@ -466,8 +487,7 @@ sepgsql_avc_exit(int code, Datum arg)
/*
* sepgsql_avc_init
*
* It shall be invoked at once from _PG_init routine to initialize
* userspace access vector cache stuff.
* Initialize the userspace AVC. This should be called from _PG_init.
*/
void
sepgsql_avc_init
(
void
)
...
...
@@ -504,8 +524,6 @@ sepgsql_avc_init(void)
ereport
(
LOG
,
(
errmsg
(
"SELinux: kernel status page uses fallback mode"
)));
/*
* To close selinux status page on process exit
*/
/* Arrange to close selinux status page on process exit. */
on_proc_exit
(
sepgsql_avc_exit
,
0
);
}
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment