Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitd885a6b

Browse files
Remove unused code from sepgsql
Commit4232c4b removed all callers of sepgsql_check_perms but leftthe function in place. This removes the function as well.Reviewed-by: Robert Haas <robertmhaas@gmail.com>Discussion:https://postgr.es/m/3BD5C3BF-FECA-4496-AE53-5E447997AA0B@yesql.se
1 parent1c3aa54 commitd885a6b

File tree

2 files changed

+0
-73
lines changed

2 files changed

+0
-73
lines changed

‎contrib/sepgsql/selinux.c

Lines changed: 0 additions & 66 deletions
Original file line numberDiff line numberDiff line change
@@ -886,69 +886,3 @@ sepgsql_compute_create(const char *scontext,
886886

887887
returnresult;
888888
}
889-
890-
/*
891-
* sepgsql_check_perms
892-
*
893-
* It makes access control decision without userspace caching mechanism.
894-
* If SELinux denied the required accesses on the pair of security labels,
895-
* it raises an error or returns false.
896-
*
897-
* scontext: security label of the subject (mostly, peer process)
898-
* tcontext: security label of the object being referenced
899-
* tclass: class code (SEPG_CLASS_*) of the object being referenced
900-
* required: a mask of required permissions (SEPG_<class>__<perm>)
901-
* audit_name: a human-readable object name for audit logs, or NULL.
902-
* abort_on_violation: true, if error shall be raised on access violation
903-
*/
904-
bool
905-
sepgsql_check_perms(constchar*scontext,
906-
constchar*tcontext,
907-
uint16tclass,
908-
uint32required,
909-
constchar*audit_name,
910-
boolabort_on_violation)
911-
{
912-
structav_decisionavd;
913-
uint32denied;
914-
uint32audited;
915-
boolresult= true;
916-
boolenforcing;
917-
918-
sepgsql_compute_avd(scontext,tcontext,tclass,&avd);
919-
920-
denied=required& ~avd.allowed;
921-
922-
if (sepgsql_get_debug_audit())
923-
audited= (denied ?denied :required);
924-
else
925-
audited= (denied ? (denied&avd.auditdeny)
926-
: (required&avd.auditallow));
927-
928-
enforcing=sepgsql_getenforce()>0&&
929-
(avd.flags&SELINUX_AVD_FLAGS_PERMISSIVE)==0;
930-
931-
if (denied&&enforcing)
932-
result= false;
933-
934-
/*
935-
* It records a security audit for the request, if needed. But, when
936-
* SE-PgSQL performs 'internal' mode, it needs to keep silent.
937-
*/
938-
if (audited&&sepgsql_mode!=SEPGSQL_MODE_INTERNAL)
939-
{
940-
sepgsql_audit_log(denied,
941-
enforcing,
942-
scontext,
943-
tcontext,
944-
tclass,
945-
audited,
946-
audit_name);
947-
}
948-
949-
if (!result&&abort_on_violation)
950-
ereport(ERROR,
951-
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
952-
errmsg("SELinux: security policy violation")));
953-
returnresult;
954-
}

‎contrib/sepgsql/sepgsql.h

Lines changed: 0 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -244,13 +244,6 @@ extern char *sepgsql_compute_create(const char *scontext,
244244
uint16tclass,
245245
constchar*objname);
246246

247-
externboolsepgsql_check_perms(constchar*scontext,
248-
constchar*tcontext,
249-
uint16tclass,
250-
uint32required,
251-
constchar*audit_name,
252-
boolabort_on_violation);
253-
254247
/*
255248
* uavc.c
256249
*/

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp