2). In prepend_row_security_policies(), I think it is better to have any table RLS policies applied before any hook policies, so that a hook cannot be used to bypass built-in RLS.
A hook really has to be able to ensure that built-in RLS cannot bypass the hook's policies, too, i.e. the hook policy *must* return true for the row to be visible.
This is necessary for mandatory access control hooks, which need to be able to say "permit if and only if..."
I'll take a closer look at this.
3). The infinite recursion detection in fireRIRrules() didn't properly manage the activeRIRs list in the case of WCOs, so it would incorrectly report infinite recusion if the same relation with RLS appeared more than once in the rtable, for example "UPDATE t ... FROM t ...".
