From owner-p4-projects@FreeBSD.ORG  Mon Sep 22 08:20:06 2003
Return-Path: <owner-p4-projects@FreeBSD.ORG>
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 391D916A4C0; Mon, 22 Sep 2003 08:20:06 -0700 (PDT)
Delivered-To: perforce@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 14BFE16A4B3
	for <perforce@freebsd.org>; Mon, 22 Sep 2003 08:20:06 -0700 (PDT)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP id B62A343FBD
	for <perforce@freebsd.org>; Mon, 22 Sep 2003 08:20:04 -0700 (PDT)
	(envelope-from areisse@nailabs.com)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.12.9/8.12.9) with ESMTP id h8MFK4XJ000987
	for <perforce@freebsd.org>; Mon, 22 Sep 2003 08:20:04 -0700 (PDT)
	(envelope-from areisse@nailabs.com)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.12.9/8.12.9/Submit) id h8MFK4FA000984
	for perforce@freebsd.org; Mon, 22 Sep 2003 08:20:04 -0700 (PDT)
	(envelope-from areisse@nailabs.com)
Date: Mon, 22 Sep 2003 08:20:04 -0700 (PDT)
Message-Id: <200309221520.h8MFK4FA000984@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	areisse@nailabs.com using -f
From: Andrew Reisse <areisse@FreeBSD.org>
To: Perforce Change Reviews <perforce@freebsd.org>
Subject: PERFORCE change 38418 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Sep 2003 15:20:06 -0000

http://perforce.freebsd.org/chv.cgi?CH=38418

Change 38418 by areisse@areisse_tislabs on 2003/09/22 08:19:32

	remove avc_enforcing and avc_toggle syscalls
	also, it should build again...

Affected files ...

.. //depot/projects/trustedbsd/sebsd/lib/libsebsd/sebsd_ss.h#2 edit
.. //depot/projects/trustedbsd/sebsd/lib/libsebsd/system.c#2 edit

Differences ...

==== //depot/projects/trustedbsd/sebsd/lib/libsebsd/sebsd_ss.h#2 (text+ko) ====

@@ -36,13 +36,6 @@
 #ifndef _SELINUX_SS_H_
 #define _SELINUX_SS_H_
 
-
-/* Individual AVC calls. */
-
-extern int avc_toggle(void);
-
-extern int avc_enforcing(void);
-
 /* Individual security server calls. */
 
 extern int security_compute_av(struct security_query *query, 
@@ -70,16 +63,16 @@
 
 extern int security_sid_to_context(security_id_t sid, 
 				   security_context_t scontext, 
-				   __u32 *scontext_len);
+				   u32 *scontext_len);
 
 extern int security_context_to_sid(const security_context_t scontext, 
-				   __u32 scontext_len, 
+				   u32 scontext_len, 
 				   security_id_t *out_sid);
 
 extern int security_load_policy(const char *path);
 
 extern int security_get_sids(security_id_t *sids, 
-			     __u32 *nel);
+			     u32 *nel);
 
 extern int security_mls(void);
 

==== //depot/projects/trustedbsd/sebsd/lib/libsebsd/system.c#2 (text+ko) ====

@@ -40,21 +40,21 @@
 
 int sebsd_enabled()
 {
-	int error;
-	error = mac_syscall(SEBSD_ID_STRING, SEBSDCALL_AVC_ENFORCING , NULL);
-	return (error != ENOSYS);
+	int error, i;
+	error = sysctlbyname ("security.mac.sebsd.enforcing", 
+                              &i, sizeof(int), NULL, 0);
+	return (error != ENOENT);
 }
 
 int
 sebsd_enforcing()
 {
-	return mac_syscall(SEBSD_ID_STRING, SEBSDCALL_AVC_ENFORCING , NULL);
-}
-
-int
-sebsd_avc_toggle()
-{
-	return mac_syscall(SEBSD_ID_STRING, SEBSDCALL_AVC_TOGGLE , NULL);
+	int i, error;
+	error = sysctlbyname ("security.mac.sebsd.enforcing", 
+			      &i, sizeof (int), NULL, 0);
+	if (error)
+		return 0;
+	return i;
 }
 
 int