/* * sepgsql_avc_unlabeled * * Returns an alternative label to be applied when no label or an invalid * label would otherwise be assigned. */ static char * sepgsql_avc_unlabeled(void) { if (!avc_unlabeled) { security_context_t unlabeled; if (security_get_initial_context_raw("unlabeled", &unlabeled) < 0) ereport(ERROR, (errcode(ERRCODE_INTERNAL_ERROR), errmsg("SELinux: failed to get initial security label: %m"))); PG_TRY(); { avc_unlabeled = MemoryContextStrdup(avc_mem_cxt, unlabeled); } PG_CATCH(); { freecon(unlabeled); PG_RE_THROW(); } PG_END_TRY(); freecon(unlabeled); } return avc_unlabeled; }
/* * sepgsql_get_label * * It returns a security context of the specified database object. * If unlabeled or incorrectly labeled, the system "unlabeled" label * shall be returned. */ char * sepgsql_get_label(Oid classId, Oid objectId, int32 subId) { ObjectAddress object; char *label; object.classId = classId; object.objectId = objectId; object.objectSubId = subId; label = GetSecurityLabel(&object, SEPGSQL_LABEL_TAG); if (!label || security_check_context_raw((security_context_t)label)) { security_context_t unlabeled; if (security_get_initial_context_raw("unlabeled", &unlabeled) < 0) ereport(ERROR, (errcode(ERRCODE_INTERNAL_ERROR), errmsg("SELinux: failed to get initial security label: %m"))); PG_TRY(); { label = pstrdup(unlabeled); } PG_CATCH(); { freecon(unlabeled); PG_RE_THROW(); } PG_END_TRY(); freecon(unlabeled); } return label; }
int security_get_initial_context(const char * name, char ** con) { int ret; char * rcon; ret = security_get_initial_context_raw(name, &rcon); if (!ret) { ret = selinux_raw_to_trans_context(rcon, con); freecon(rcon); } return ret; }