sepgsql cleanups.

This is needed to match recent changes elsewhere. Along the way, some renaming for clarity. KaiGai Kohei

sepgsql cleanups.
This is needed to match recent changes elsewhere. Along the way, some renaming for clarity. KaiGai Kohei
aa2b237c · Robert Haas · 46c508fb · aa2b237c · aa2b237c · aa2b237c
10 changed file
--- a/contrib/sepgsql/database.c
+++ b/contrib/sepgsql/database.c
@@ -12,6 +12,7 @@
 #include "access/genam.h"
 #include "access/heapam.h"
+#include "access/htup_details.h"
 #include "access/sysattr.h"
 #include "catalog/dependency.h"
 #include "catalog/pg_database.h"

--- a/contrib/sepgsql/dml.c
+++ b/contrib/sepgsql/dml.c
@@ -10,6 +10,7 @@
 */
 #include "postgres.h"
+#include "access/htup_details.h"
 #include "access/sysattr.h"
 #include "access/tupdesc.h"
 #include "catalog/catalog.h"
@@ -148,7 +149,7 @@ check_relation_privileges(Oid relOid,
 						  Bitmapset *selected,
 						  Bitmapset *modified,
 						  uint32 required,
-						  bool abort)
+						  bool abort_on_violation)
 {
 	ObjectAddress object;
 	char	   *audit_name;
@@ -194,7 +195,7 @@ check_relation_privileges(Oid relOid,
 											 SEPG_CLASS_DB_TABLE,
 											 required,
 											 audit_name,
-											 abort);
+											 abort_on_violation);
 			break;
 		case RELKIND_SEQUENCE:
@@ -205,7 +206,7 @@ check_relation_privileges(Oid relOid,
 												 SEPG_CLASS_DB_SEQUENCE,
 												 SEPG_DB_SEQUENCE__GET_VALUE,
 												 audit_name,
-												 abort);
+												 abort_on_violation);
 			break;
 		case RELKIND_VIEW:
@@ -213,7 +214,7 @@ check_relation_privileges(Oid relOid,
 											 SEPG_CLASS_DB_VIEW,
 											 SEPG_DB_VIEW__EXPAND,
 											 audit_name,
-											 abort);
+											 abort_on_violation);
 			break;
 		default:
@@ -264,7 +265,7 @@ check_relation_privileges(Oid relOid,
 										 SEPG_CLASS_DB_COLUMN,
 										 column_perms,
 										 audit_name,
-										 abort);
+										 abort_on_violation);
 		pfree(audit_name);
 		if (!result)
@@ -279,7 +280,7 @@ check_relation_privileges(Oid relOid,
 * Entrypoint of the DML permission checks
 */
 bool
-sepgsql_dml_privileges(List *rangeTabls, bool abort)
+sepgsql_dml_privileges(List *rangeTabls, bool abort_on_violation)
 {
 	ListCell   *lr;
@@ -351,7 +352,7 @@ sepgsql_dml_privileges(List *rangeTabls, bool abort)
 			if (!check_relation_privileges(tableOid,
 										   selectedCols,
 										   modifiedCols,
-										   required, abort))
+										   required, abort_on_violation))
 				return false;
 		}
 		list_free(tableIds);

--- a/contrib/sepgsql/hooks.c
+++ b/contrib/sepgsql/hooks.c
@@ -265,9 +265,9 @@ static void
 sepgsql_utility_command(Node *parsetree,
 						const char *queryString,
 						ParamListInfo params,
-						bool isTopLevel,
 						DestReceiver *dest,
-						char *completionTag)
+						char *completionTag,
+						ProcessUtilityContext context)
 {
 	sepgsql_context_info_t saved_context_info = sepgsql_context_info;
 	ListCell   *cell;
@@ -328,10 +328,10 @@ sepgsql_utility_command(Node *parsetree,
 		if (next_ProcessUtility_hook)
 			(*next_ProcessUtility_hook) (parsetree, queryString, params,
-										 isTopLevel, dest, completionTag);
+										 dest, completionTag, context);
 		else
 			standard_ProcessUtility(parsetree, queryString, params,
-									isTopLevel, dest, completionTag);
+									dest, completionTag, context);
 	}
 	PG_CATCH();
 	{

--- a/contrib/sepgsql/label.c
+++ b/contrib/sepgsql/label.c
@@ -11,6 +11,7 @@
 #include "postgres.h"
 #include "access/heapam.h"
+#include "access/htup_details.h"
 #include "access/genam.h"
 #include "access/xact.h"
 #include "catalog/catalog.h"

--- a/contrib/sepgsql/proc.c
+++ b/contrib/sepgsql/proc.c
@@ -12,12 +12,14 @@
 #include "access/genam.h"
 #include "access/heapam.h"
+#include "access/htup_details.h"
 #include "access/sysattr.h"
 #include "catalog/dependency.h"
 #include "catalog/indexing.h"
 #include "catalog/pg_namespace.h"
 #include "catalog/pg_proc.h"
 #include "commands/seclabel.h"
+#include "lib/stringinfo.h"
 #include "utils/builtins.h"
 #include "utils/fmgroids.h"
 #include "utils/lsyscache.h"

--- a/contrib/sepgsql/relation.c
+++ b/contrib/sepgsql/relation.c
@@ -12,6 +12,7 @@
 #include "access/genam.h"
 #include "access/heapam.h"
+#include "access/htup_details.h"
 #include "access/sysattr.h"
 #include "catalog/indexing.h"
 #include "catalog/dependency.h"
@@ -20,6 +21,7 @@
 #include "catalog/pg_namespace.h"
 #include "commands/seclabel.h"
 #include "utils/fmgroids.h"
+#include "utils/catcache.h"
 #include "utils/lsyscache.h"
 #include "utils/syscache.h"
 #include "utils/tqual.h"

--- a/contrib/sepgsql/schema.c
+++ b/contrib/sepgsql/schema.c
@@ -12,6 +12,7 @@
 #include "access/genam.h"
 #include "access/heapam.h"
+#include "access/htup_details.h"
 #include "access/sysattr.h"
 #include "catalog/dependency.h"
 #include "catalog/indexing.h"

--- a/contrib/sepgsql/selinux.c
+++ b/contrib/sepgsql/selinux.c
@@ -893,7 +893,7 @@ sepgsql_compute_create(const char *scontext,
 * tclass: class code (SEPG_CLASS_*) of the object being referenced
 * required: a mask of required permissions (SEPG_<class>__<perm>)
 * audit_name: a human readable object name for audit logs, or NULL.
- * abort: true, if caller wants to raise an error on access violation
+ * abort_on_violation: true, if error shall be raised on access violation
 */
 bool
 sepgsql_check_perms(const char *scontext,
@@ -901,7 +901,7 @@ sepgsql_check_perms(const char *scontext,
 					uint16 tclass,
 					uint32 required,
 					const char *audit_name,
-					bool abort)
+					bool abort_on_violation)
 {
 	struct av_decision avd;
 	uint32		denied;
@@ -937,7 +937,7 @@ sepgsql_check_perms(const char *scontext,
 						  audit_name);
 	}
-	if (!result && abort)
+	if (!result && abort_on_violation)
 		ereport(ERROR,
 				(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
 				 errmsg("SELinux: security policy violation")));

--- a/contrib/sepgsql/sepgsql.h
+++ b/contrib/sepgsql/sepgsql.h
@@ -247,7 +247,7 @@ extern bool sepgsql_check_perms(const char *scontext,
 					uint16 tclass,
 					uint32 required,
 					const char *audit_name,
-					bool abort);
+					bool abort_on_violation);
 /*
 * uavc.c
@@ -257,12 +257,12 @@ extern bool sepgsql_avc_check_perms_label(const char *tcontext,
 							  uint16 tclass,
 							  uint32 required,
 							  const char *audit_name,
-							  bool abort);
+							  bool abort_on_violation);
 extern bool sepgsql_avc_check_perms(const ObjectAddress *tobject,
 						uint16 tclass,
 						uint32 required,
 						const char *audit_name,
-						bool abort);
+						bool abort_on_violation);
 extern char *sepgsql_avc_trusted_proc(Oid functionId);
 extern void sepgsql_avc_init(void);
@@ -285,7 +285,7 @@ extern Datum sepgsql_restorecon(PG_FUNCTION_ARGS);
 /*
 * dml.c
 */
-extern bool sepgsql_dml_privileges(List *rangeTabls, bool abort);
+extern bool sepgsql_dml_privileges(List *rangeTabls, bool abort_on_violation);
 /*
 * database.c

--- a/contrib/sepgsql/uavc.c
+++ b/contrib/sepgsql/uavc.c
@@ -335,7 +335,7 @@ sepgsql_avc_lookup(const char *scontext, const char *tcontext, uint16 tclass)
 *
 * It returns 'true', if the security policy suggested to allow the required
 * permissions. Otherwise, it returns 'false' or raises an error according
- * to the 'abort' argument.
+ * to the 'abort_on_violation' argument.
 * The 'tobject' and 'tclass' identify the target object being referenced,
 * and 'required' is a bitmask of permissions (SEPG_*__*) defined for each
 * object classes.
@@ -345,7 +345,8 @@ sepgsql_avc_lookup(const char *scontext, const char *tcontext, uint16 tclass)
 bool
 sepgsql_avc_check_perms_label(const char *tcontext,
 							  uint16 tclass, uint32 required,
-							  const char *audit_name, bool abort)
+							  const char *audit_name,
+							  bool abort_on_violation)
 {
 	char	   *scontext = sepgsql_get_client_label();
 	avc_cache  *cache;
@@ -415,7 +416,7 @@ sepgsql_avc_check_perms_label(const char *tcontext,
 						  audit_name);
 	}
-	if (abort && !result)
+	if (abort_on_violation && !result)
 		ereport(ERROR,
 				(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
 				 errmsg("SELinux: security policy violation")));
@@ -426,14 +427,15 @@ sepgsql_avc_check_perms_label(const char *tcontext,
 bool
 sepgsql_avc_check_perms(const ObjectAddress *tobject,
 						uint16 tclass, uint32 required,
-						const char *audit_name, bool abort)
+						const char *audit_name,
+						bool abort_on_violation)
 {
 	char	   *tcontext = GetSecurityLabel(tobject, SEPGSQL_LABEL_TAG);
 	bool		rc;
 	rc = sepgsql_avc_check_perms_label(tcontext,
 									   tclass, required,
-									   audit_name, abort);
+									   audit_name, abort_on_violation);
 	if (tcontext)
 		pfree(tcontext);