diff options
Diffstat (limited to 'contrib/sepgsql/hooks.c')
| -rw-r--r-- | contrib/sepgsql/hooks.c | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/contrib/sepgsql/hooks.c b/contrib/sepgsql/hooks.c index 83a505ec18d..27e85d25b1d 100644 --- a/contrib/sepgsql/hooks.c +++ b/contrib/sepgsql/hooks.c @@ -251,6 +251,7 @@ sepgsql_fmgr_hook(FmgrHookEventType event, if (!stack) { MemoryContext oldcxt; + const char *cur_label = sepgsql_get_client_label(); oldcxt = MemoryContextSwitchTo(flinfo->fn_mcxt); stack = palloc(sizeof(*stack)); @@ -260,6 +261,19 @@ sepgsql_fmgr_hook(FmgrHookEventType event, MemoryContextSwitchTo(oldcxt); + if (strcmp(cur_label, stack->new_label) != 0) + { + /* + * process:transition permission between old and new + * label, when user tries to switch security label of + * the client on execution of trusted procedure. + */ + sepgsql_check_perms(cur_label, stack->new_label, + SEPG_CLASS_PROCESS, + SEPG_PROCESS__TRANSITION, + NULL, true); + } + *private = PointerGetDatum(stack); } Assert(!stack->old_label); |