Date: Tue, 15 Aug 2006 18:26:24 GMT From: Todd Miller <millert@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 104088 for review Message-ID: <200608151826.k7FIQOcI041744@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=104088 Change 104088 by millert@millert_macbook on 2006/08/15 18:25:27 Update to libselinux 1.30.22 from sourceforge Affected files ... .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/ChangeLog#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/Makefile#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/VERSION#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/include/selinux/av_permissions.h#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/include/selinux/avc.h#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/include/selinux/context.h#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/include/selinux/flask.h#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/include/selinux/get_context_list.h#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/include/selinux/get_default_type.h#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/include/selinux/selinux.h#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/getfscreatecon.3#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/matchpathcon.3#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man8/booleans.8#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man8/matchpathcon.8#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/Makefile#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/av_inherit.h#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/av_perm_to_string.h#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/avc.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/avc_internal.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/avc_internal.h#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/avc_sidtab.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/avc_sidtab.h#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/booleans.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/canonicalize_context.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/checkAccess.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/check_context.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/class_to_string.h#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/common_perm_to_string.h#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/compat_file_path.h#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/compute_av.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/compute_create.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/compute_member.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/compute_relabel.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/compute_user.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/context.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/context_internal.h#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/disable.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/enabled.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/fgetfilecon.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/file_path_suffixes.h#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/freecon.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/freeconary.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/fsetfilecon.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/get_context_list.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/get_context_list_internal.h#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/get_default_type.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/get_file_contexts.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/getcon.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/getenforce.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/getexeccon.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/getfilecon.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/getfscreatecon.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/getkeycreatecon.c#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/getpeercon.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/getpidcon.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/getprevcon.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/getprocattrcon.c#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/init.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/is_customizable_type.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/lgetfilecon.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/load_migscs.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/load_policy.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/lsetfilecon.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/matchmediacon.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/matchpathcon.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/policy.h#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/policyvers.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/query_user_context.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/rpm.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/sedarwin_config.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/selinux.py#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/selinux_config.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/selinux_internal.h#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/selinux_netlink.h#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/selinuxswig.i#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/selinuxswig_wrap.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/setcon.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/setenforce.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/setexeccon.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/setfilecon.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/setfscreatecon.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/setkeycreatecon.c#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/setprocattrcon.c#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/setrans_client.c#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/setrans_internal.h#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/seusers.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/trans.c#2 delete .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/utils/Makefile#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/utils/avcstat.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/utils/compute_av.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/utils/compute_create.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/utils/compute_member.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/utils/compute_relabel.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/utils/compute_user.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/utils/getcon.c#2 delete .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/utils/getconlist.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/utils/getenforce.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/utils/getfilecon.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/utils/getpidcon.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/utils/getsebool.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/utils/getseuser.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/utils/matchpathcon.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/utils/policyvers.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/utils/selinuxenabled.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/utils/setenforce.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/utils/setfilecon.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/utils/setsebool.c#2 delete .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/utils/togglesebool.c#2 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/ChangeLog#2 (text+ko) ==== @@ -1,3 +1,90 @@ +1.30.22 2006-08-03 + * Merged no-tls-direct-seg-refs patch from Jeremy Katz. + +1.30.21 2006-08-03 + * Merged netfilter_contexts support patch from Chris PeBenito. + +1.30.20 2006-08-01 + * Merged context_*_set errno patch from Jim Meyering. + +1.30.19 2006-06-29 + * Lindent. + +1.30.18 2006-06-27 + * Merged {get,set}procattrcon patch set from Eric Paris. + * Merged re-base of keycreate patch originally by Michael LeMay from Eric Paris. + +1.30.17 2006-06-27 + * Regenerated Flask headers from refpolicy. + +1.30.16 2006-06-26 + * Merged patch from Dan Walsh with: + - Added selinux_file_context_{cmp,verify}. + - Added selinux_lsetfilecon_default. + - Delay translation of contexts in matchpathcon. + +1.30.15 2006-06-16 + * Merged patch from Dan Walsh with: + * Added selinux_getpolicytype() function. + * Modified setrans code to skip processing if !mls_enabled. + +1.30.14 2006-06-16 + * Set errno in the !selinux_mnt case. + +1.30.13 2006-06-02 + * Allocate large buffers from the heap, not on stack. + Affects is_context_customizable, selinux_init_load_policy, + and selinux_getenforcemode. + +1.30.12 2006-06-02 + * Merged !selinux_mnt checks from Ian Kent. + +1.30.11 2006-05-24 + * Merged matchmediacon and trans_to_raw_context fixes from + Serge Hallyn. + +1.30.10 2006-05-22 + * Merged simple setrans client cache from Dan Walsh. + Merged avcstat patch from Russell Coker. + +1.30.9 2006-05-22 + * Modified selinux_mkload_policy() to also set /selinux/compat_net + appropriately for the loaded policy. + +1.30.8 2006-05-17 + * Added matchpathcon_fini() function to free memory allocated by + matchpathcon_init(). + +1.30.7 2006-05-16 + * Merged setrans client cleanup patch from Steve Grubb. + +1.30.6 2006-05-08 + * Merged getfscreatecon man page fix from Dan Walsh. + * Updated booleans(8) man page to drop references to the old + booleans file and to note that setsebool can be used to set + the boot-time defaults via -P. + +1.30.5 2006-05-05 + * Merged fix warnings patch from Karl MacMillan. + +1.30.4 2006-05-05 + * Merged setrans client support from Dan Walsh. + This removes use of libsetrans. + * Merged patch to eliminate use of PAGE_SIZE constant from Dan Walsh. + * Merged swig typemap fixes from Glauber de Oliveira Costa. + +1.30.3 2006-04-12 + * Added distclean target to Makefile. + * Regenerated swig files. + +1.30.2 2006-04-11 + * Changed matchpathcon_init to verify that the spec file is + a regular file. + * Merged python binding t_output_helper removal patch from Dan Walsh. + +1.30.1 2006-03-20 + * Merged Makefile PYLIBVER definition patch from Dan Walsh. + 1.30 2006-03-14 * Updated version for release. ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/Makefile#2 (text+ko) ==== @@ -17,7 +17,8 @@ relabel: $(MAKE) -C src relabel -clean: - $(MAKE) -C src clean +clean distclean: + $(MAKE) -C src $@ $(MAKE) -C utils clean +test: ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/VERSION#2 (text+ko) ==== @@ -1,1 +1,1 @@ -1.30 +1.30.22 ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/include/selinux/av_permissions.h#2 (text+ko) ==== @@ -253,6 +253,7 @@ #define TCP_SOCKET__NEWCONN 0x00800000UL #define TCP_SOCKET__ACCEPTFROM 0x01000000UL #define TCP_SOCKET__NODE_BIND 0x02000000UL +#define TCP_SOCKET__NAME_CONNECT 0x04000000UL #define UDP_SOCKET__IOCTL 0x00000001UL #define UDP_SOCKET__READ 0x00000002UL @@ -464,6 +465,9 @@ #define PROCESS__DYNTRANSITION 0x00800000UL #define PROCESS__SETCURRENT 0x01000000UL #define PROCESS__EXECMEM 0x02000000UL +#define PROCESS__EXECSTACK 0x04000000UL +#define PROCESS__EXECHEAP 0x08000000UL +#define PROCESS__SETKEYCREATE 0x10000000UL #define IPC__CREATE 0x00000001UL #define IPC__DESTROY 0x00000002UL @@ -522,6 +526,7 @@ #define SECURITY__SETENFORCE 0x00000080UL #define SECURITY__SETBOOL 0x00000100UL #define SECURITY__SETSECPARAM 0x00000200UL +#define SECURITY__SETCHECKREQPROT 0x00000400UL #define SYSTEM__IPC_INFO 0x00000001UL #define SYSTEM__SYSLOG_READ 0x00000002UL @@ -838,6 +843,8 @@ #define NETLINK_AUDIT_SOCKET__NLMSG_READ 0x00400000UL #define NETLINK_AUDIT_SOCKET__NLMSG_WRITE 0x00800000UL +#define NETLINK_AUDIT_SOCKET__NLMSG_RELAY 0x01000000UL +#define NETLINK_AUDIT_SOCKET__NLMSG_READPRIV 0x02000000UL #define NETLINK_IP6FW_SOCKET__IOCTL 0x00000001UL #define NETLINK_IP6FW_SOCKET__READ 0x00000002UL @@ -902,4 +909,62 @@ #define ASSOCIATION__SENDTO 0x00000001UL #define ASSOCIATION__RECVFROM 0x00000002UL +#define ASSOCIATION__SETCONTEXT 0x00000004UL +#define NETLINK_KOBJECT_UEVENT_SOCKET__IOCTL 0x00000001UL +#define NETLINK_KOBJECT_UEVENT_SOCKET__READ 0x00000002UL +#define NETLINK_KOBJECT_UEVENT_SOCKET__WRITE 0x00000004UL +#define NETLINK_KOBJECT_UEVENT_SOCKET__CREATE 0x00000008UL +#define NETLINK_KOBJECT_UEVENT_SOCKET__GETATTR 0x00000010UL +#define NETLINK_KOBJECT_UEVENT_SOCKET__SETATTR 0x00000020UL +#define NETLINK_KOBJECT_UEVENT_SOCKET__LOCK 0x00000040UL +#define NETLINK_KOBJECT_UEVENT_SOCKET__RELABELFROM 0x00000080UL +#define NETLINK_KOBJECT_UEVENT_SOCKET__RELABELTO 0x00000100UL +#define NETLINK_KOBJECT_UEVENT_SOCKET__APPEND 0x00000200UL +#define NETLINK_KOBJECT_UEVENT_SOCKET__BIND 0x00000400UL +#define NETLINK_KOBJECT_UEVENT_SOCKET__CONNECT 0x00000800UL +#define NETLINK_KOBJECT_UEVENT_SOCKET__LISTEN 0x00001000UL +#define NETLINK_KOBJECT_UEVENT_SOCKET__ACCEPT 0x00002000UL +#define NETLINK_KOBJECT_UEVENT_SOCKET__GETOPT 0x00004000UL +#define NETLINK_KOBJECT_UEVENT_SOCKET__SETOPT 0x00008000UL +#define NETLINK_KOBJECT_UEVENT_SOCKET__SHUTDOWN 0x00010000UL +#define NETLINK_KOBJECT_UEVENT_SOCKET__RECVFROM 0x00020000UL +#define NETLINK_KOBJECT_UEVENT_SOCKET__SENDTO 0x00040000UL +#define NETLINK_KOBJECT_UEVENT_SOCKET__RECV_MSG 0x00080000UL +#define NETLINK_KOBJECT_UEVENT_SOCKET__SEND_MSG 0x00100000UL +#define NETLINK_KOBJECT_UEVENT_SOCKET__NAME_BIND 0x00200000UL + +#define APPLETALK_SOCKET__IOCTL 0x00000001UL +#define APPLETALK_SOCKET__READ 0x00000002UL +#define APPLETALK_SOCKET__WRITE 0x00000004UL +#define APPLETALK_SOCKET__CREATE 0x00000008UL +#define APPLETALK_SOCKET__GETATTR 0x00000010UL +#define APPLETALK_SOCKET__SETATTR 0x00000020UL +#define APPLETALK_SOCKET__LOCK 0x00000040UL +#define APPLETALK_SOCKET__RELABELFROM 0x00000080UL +#define APPLETALK_SOCKET__RELABELTO 0x00000100UL +#define APPLETALK_SOCKET__APPEND 0x00000200UL +#define APPLETALK_SOCKET__BIND 0x00000400UL +#define APPLETALK_SOCKET__CONNECT 0x00000800UL +#define APPLETALK_SOCKET__LISTEN 0x00001000UL +#define APPLETALK_SOCKET__ACCEPT 0x00002000UL +#define APPLETALK_SOCKET__GETOPT 0x00004000UL +#define APPLETALK_SOCKET__SETOPT 0x00008000UL +#define APPLETALK_SOCKET__SHUTDOWN 0x00010000UL +#define APPLETALK_SOCKET__RECVFROM 0x00020000UL +#define APPLETALK_SOCKET__SENDTO 0x00040000UL +#define APPLETALK_SOCKET__RECV_MSG 0x00080000UL +#define APPLETALK_SOCKET__SEND_MSG 0x00100000UL +#define APPLETALK_SOCKET__NAME_BIND 0x00200000UL + +#define PACKET__SEND 0x00000001UL +#define PACKET__RECV 0x00000002UL +#define PACKET__RELABELTO 0x00000004UL + +#define KEY__VIEW 0x00000001UL +#define KEY__READ 0x00000002UL +#define KEY__WRITE 0x00000004UL +#define KEY__SEARCH 0x00000008UL +#define KEY__LINK 0x00000010UL +#define KEY__SETATTR 0x00000020UL +#define KEY__CREATE 0x00000040UL ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/include/selinux/avc.h#2 (text+ko) ==== @@ -12,20 +12,19 @@ #include <selinux/selinux.h> #ifdef __cplusplus -extern "C" -{ +extern "C" { #endif /* * SID format and operations */ -struct security_id { - security_context_t ctx; - unsigned int refcnt; -}; -typedef struct security_id *security_id_t; + struct security_id { + security_context_t ctx; + unsigned int refcnt; + }; + typedef struct security_id *security_id_t; -#define SECSID_WILD (security_id_t)NULL /* unspecified SID */ +#define SECSID_WILD (security_id_t)NULL /* unspecified SID */ /** * avc_sid_to_context - get copy of context corresponding to SID. @@ -38,7 +37,7 @@ * failure, with @errno set to %ENOMEM if insufficient memory was * available to make the copy, or %EINVAL if the input SID is invalid. */ -int avc_sid_to_context(security_id_t sid, security_context_t *ctx); + int avc_sid_to_context(security_id_t sid, security_context_t * ctx); /** * avc_context_to_sid - get SID for context. @@ -51,7 +50,7 @@ * to the SID structure into the memory referenced by @sid, * returning %0 on success or -%1 on error with @errno set. */ -int avc_context_to_sid(security_context_t ctx, security_id_t *sid); + int avc_context_to_sid(security_context_t ctx, security_id_t * sid); /** * sidget - increment SID reference counter. @@ -63,7 +62,7 @@ * reference count). Note that avc_context_to_sid() also * increments reference counts. */ -int sidget(security_id_t sid); + int sidget(security_id_t sid); /** * sidput - decrement SID reference counter. @@ -75,16 +74,15 @@ * zero, the SID is invalid, and avc_context_to_sid() must * be called to obtain a new SID for the security context. */ -int sidput(security_id_t sid); - + int sidput(security_id_t sid); /* * AVC entry */ -struct avc_entry; -struct avc_entry_ref { - struct avc_entry *ae; -}; + struct avc_entry; + struct avc_entry_ref { + struct avc_entry *ae; + }; /** * avc_entry_ref_init - initialize an AVC entry reference. @@ -108,43 +106,42 @@ * listening thread won't be started for kernel policy change messages. * If no locking callbacks are passed, no locking will take place. */ -struct avc_memory_callback { - /* malloc() equivalent. */ - void *(*func_malloc)(size_t size); - /* free() equivalent. */ - void (*func_free) (void *ptr); - /* Note that these functions should set errno on failure. - If not, some avc routines may return -1 without errno set. */ -}; + struct avc_memory_callback { + /* malloc() equivalent. */ + void *(*func_malloc) (size_t size); + /* free() equivalent. */ + void (*func_free) (void *ptr); + /* Note that these functions should set errno on failure. + If not, some avc routines may return -1 without errno set. */ + }; -struct avc_log_callback { - /* log the printf-style format and arguments. */ - void (*func_log)(const char *fmt, ...); - /* store a string representation of auditdata (corresponding - to the given security class) into msgbuf. */ - void (*func_audit)(void *auditdata, security_class_t class, - char *msgbuf, size_t msgbufsize); -}; + struct avc_log_callback { + /* log the printf-style format and arguments. */ + void (*func_log) (const char *fmt, ...); + /* store a string representation of auditdata (corresponding + to the given security class) into msgbuf. */ + void (*func_audit) (void *auditdata, security_class_t class, + char *msgbuf, size_t msgbufsize); + }; -struct avc_thread_callback { - /* create and start a thread, returning an opaque pointer to it; - the thread should run the given function. */ - void *(*func_create_thread)(void (*run)(void)); - /* cancel a given thread and free its resources. */ - void (*func_stop_thread)(void *thread); -}; + struct avc_thread_callback { + /* create and start a thread, returning an opaque pointer to it; + the thread should run the given function. */ + void *(*func_create_thread) (void (*run) (void)); + /* cancel a given thread and free its resources. */ + void (*func_stop_thread) (void *thread); + }; -struct avc_lock_callback { - /* create a lock and return an opaque pointer to it. */ - void *(*func_alloc_lock)(void); - /* obtain a given lock, blocking if necessary. */ - void (*func_get_lock)(void *lock); - /* release a given lock. */ - void (*func_release_lock)(void *lock); - /* destroy a given lock (free memory, etc.) */ - void (*func_free_lock)(void *lock); -}; - + struct avc_lock_callback { + /* create a lock and return an opaque pointer to it. */ + void *(*func_alloc_lock) (void); + /* obtain a given lock, blocking if necessary. */ + void (*func_get_lock) (void *lock); + /* release a given lock. */ + void (*func_release_lock) (void *lock); + /* destroy a given lock (free memory, etc.) */ + void (*func_free_lock) (void *lock); + }; /* * AVC operations @@ -165,11 +162,11 @@ * for those callbacks (see the definition of the callback * structures above). */ -int avc_init(const char *msgprefix, - const struct avc_memory_callback *mem_callbacks, - const struct avc_log_callback *log_callbacks, - const struct avc_thread_callback *thread_callbacks, - const struct avc_lock_callback *lock_callbacks); + int avc_init(const char *msgprefix, + const struct avc_memory_callback *mem_callbacks, + const struct avc_log_callback *log_callbacks, + const struct avc_thread_callback *thread_callbacks, + const struct avc_lock_callback *lock_callbacks); /** * avc_cleanup - Remove unused SIDs and AVC entries. @@ -179,7 +176,7 @@ * AVC entries that reference them. This can be used * to return memory to the system. */ -void avc_cleanup(void); + void avc_cleanup(void); /** * avc_reset - Flush the cache and reset statistics. @@ -189,7 +186,7 @@ * The SID mapping is not affected. Return %0 on success, * -%1 with @errno set on error. */ -int avc_reset(void); + int avc_reset(void); /** * avc_destroy - Free all AVC structures. @@ -200,7 +197,7 @@ * callbacks will not. All SID's will be invalidated. * User must call avc_init() if further use of AVC is desired. */ -void avc_destroy(void); + void avc_destroy(void); /** * avc_has_perm_noaudit - Check permissions but perform no auditing. @@ -223,12 +220,12 @@ * auditing, e.g. in cases where a lock must be held for the check but * should be released for the auditing. */ -int avc_has_perm_noaudit(security_id_t ssid, - security_id_t tsid, - security_class_t tclass, - access_vector_t requested, - struct avc_entry_ref *aeref, - struct av_decision *avd); + int avc_has_perm_noaudit(security_id_t ssid, + security_id_t tsid, + security_class_t tclass, + access_vector_t requested, + struct avc_entry_ref *aeref, + struct av_decision *avd); /** * avc_has_perm - Check permissions and perform any appropriate auditing. @@ -248,9 +245,9 @@ * permissions are granted, -%1 with @errno set to %EACCES if any permissions * are denied or to another value upon other errors. */ -int avc_has_perm(security_id_t ssid, security_id_t tsid, - security_class_t tclass, access_vector_t requested, - struct avc_entry_ref *aeref, void *auditdata); + int avc_has_perm(security_id_t ssid, security_id_t tsid, + security_class_t tclass, access_vector_t requested, + struct avc_entry_ref *aeref, void *auditdata); /** * avc_audit - Audit the granting or denial of permissions. @@ -271,11 +268,9 @@ * be performed under a lock, to allow the lock to be released * before calling the auditing code. */ -void avc_audit(security_id_t ssid, security_id_t tsid, - security_class_t tclass, access_vector_t requested, - struct av_decision *avd, int result, void *auditdata); - - + void avc_audit(security_id_t ssid, security_id_t tsid, + security_class_t tclass, access_vector_t requested, + struct av_decision *avd, int result, void *auditdata); /* * security event callback facility @@ -306,16 +301,14 @@ * @perms based on @tclass. Returns %0 on success or * -%1 if insufficient memory exists to add the callback. */ -int avc_add_callback(int (*callback)(u_int32_t event, security_id_t ssid, - security_id_t tsid, - security_class_t tclass, - access_vector_t perms, - access_vector_t *out_retained), - u_int32_t events, security_id_t ssid, - security_id_t tsid, - security_class_t tclass, access_vector_t perms); - - + int avc_add_callback(int (*callback) + (u_int32_t event, security_id_t ssid, + security_id_t tsid, security_class_t tclass, + access_vector_t perms, + access_vector_t * out_retained), + u_int32_t events, security_id_t ssid, + security_id_t tsid, security_class_t tclass, + access_vector_t perms); /* * AVC statistics @@ -326,16 +319,16 @@ */ #define AVC_CACHE_STATS 1 -struct avc_cache_stats { - unsigned entry_lookups; - unsigned entry_hits; - unsigned entry_misses; - unsigned entry_discards; - unsigned cav_lookups; - unsigned cav_hits; - unsigned cav_probes; - unsigned cav_misses; -}; + struct avc_cache_stats { + unsigned entry_lookups; + unsigned entry_hits; + unsigned entry_misses; + unsigned entry_discards; + unsigned cav_lookups; + unsigned cav_hits; + unsigned cav_probes; + unsigned cav_misses; + }; /** * avc_cache_stats - get cache access statistics. @@ -346,7 +339,7 @@ * avc_reset(). See the structure definition for * details. */ -void avc_cache_stats(struct avc_cache_stats *stats); + void avc_cache_stats(struct avc_cache_stats *stats); /** * avc_av_stats - log av table statistics. @@ -355,7 +348,7 @@ * distribution of the access vector table. The audit * callback is used to print the message. */ -void avc_av_stats(void); + void avc_av_stats(void); /** * avc_sid_stats - log SID table statistics. @@ -364,10 +357,9 @@ * distribution of the SID table. The audit callback * is used to print the message. */ -void avc_sid_stats(void); + void avc_sid_stats(void); #ifdef __cplusplus } #endif - -#endif /* _SELINUX_AVC_H_ */ +#endif /* _SELINUX_AVC_H_ */ ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/include/selinux/context.h#2 (text+ko) ==== @@ -2,23 +2,22 @@ #define _SELINUX_CONTEXT_H_ #ifdef __cplusplus -extern "C" -{ +extern "C" { #endif /* * Functions to deal with security contexts in user space. */ -typedef struct { - void * ptr; -} context_s_t; + typedef struct { + void *ptr; + } context_s_t; -typedef context_s_t *context_t; + typedef context_s_t *context_t; /* Return a new context initialized to a context string */ -extern context_t context_new(const char *); + extern context_t context_new(const char *); /* * Return a pointer to the string value of the context_t @@ -26,27 +25,26 @@ * for the same context_t* */ -extern char* context_str(context_t); + extern char *context_str(context_t); /* Free the storage used by a context */ -extern void context_free(context_t); + extern void context_free(context_t); /* Get a pointer to the string value of a context component */ -extern const char* context_type_get(context_t); -extern const char* context_range_get(context_t); -extern const char* context_role_get(context_t); -extern const char* context_user_get(context_t); + extern const char *context_type_get(context_t); + extern const char *context_range_get(context_t); + extern const char *context_role_get(context_t); + extern const char *context_user_get(context_t); /* Set a context component. Returns nonzero if unsuccessful */ -extern int context_type_set(context_t,const char*); -extern int context_range_set(context_t,const char*); -extern int context_role_set(context_t,const char*); -extern int context_user_set(context_t,const char*); + extern int context_type_set(context_t, const char *); + extern int context_range_set(context_t, const char *); + extern int context_role_set(context_t, const char *); + extern int context_user_set(context_t, const char *); #ifdef __cplusplus } #endif - #endif ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/include/selinux/flask.h#2 (text+ko) ==== @@ -59,6 +59,10 @@ #define SECCLASS_DBUS 52 #define SECCLASS_NSCD 53 #define SECCLASS_ASSOCIATION 54 +#define SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET 55 +#define SECCLASS_APPLETALK_SOCKET 56 +#define SECCLASS_PACKET 57 +#define SECCLASS_KEY 58 /* * Security identifier indices for initial entities ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/include/selinux/get_context_list.h#2 (text+ko) ==== @@ -4,8 +4,7 @@ #include <selinux/selinux.h> #ifdef __cplusplus -extern "C" -{ +extern "C" { #endif #define SELINUX_DEFAULTUSER "user_u" @@ -17,16 +16,16 @@ customizable preferences. Returns number of entries in *conary. If 'fromcon' is NULL, defaults to current context. Caller must free via freeconary. */ -extern int get_ordered_context_list(const char *user, - security_context_t fromcon, - security_context_t **list); + extern int get_ordered_context_list(const char *user, + security_context_t fromcon, + security_context_t ** list); /* As above, but use the provided MLS level rather than the default level for the user. */ -int get_ordered_context_list_with_level (const char *user, - const char *level, - security_context_t fromcon, - security_context_t **list); + int get_ordered_context_list_with_level(const char *user, + const char *level, + security_context_t fromcon, + security_context_t ** list); /* Get the default security context for a user session for 'user' spawned by 'fromcon' and set *newcon to refer to it. The context @@ -35,50 +34,49 @@ If 'fromcon' is NULL, defaults to current context. Returns 0 on success or -1 otherwise. Caller must free via freecon. */ -extern int get_default_context(const char* user, - security_context_t fromcon, - security_context_t *newcon); + extern int get_default_context(const char *user, + security_context_t fromcon, + security_context_t * newcon); /* As above, but use the provided MLS level rather than the default level for the user. */ -int get_default_context_with_level(const char *user, - const char *level, - security_context_t fromcon, - security_context_t *newcon); + int get_default_context_with_level(const char *user, + const char *level, + security_context_t fromcon, + security_context_t * newcon); /* Same as get_default_context, but only return a context that has the specified role. If no reachable context exists for the user with that role, then return -1. */ -int get_default_context_with_role(const char* user, - const char *role, - security_context_t fromcon, - security_context_t *newcon); + int get_default_context_with_role(const char *user, + const char *role, + security_context_t fromcon, + security_context_t * newcon); /* Same as get_default_context, but only return a context that has the specified role and level. If no reachable context exists for the user with that role, then return -1. */ -int get_default_context_with_rolelevel(const char* user, - const char *level, - const char *role, - security_context_t fromcon, - security_context_t *newcon); + int get_default_context_with_rolelevel(const char *user, + const char *level, + const char *role, + security_context_t fromcon, + security_context_t * newcon); /* Given a list of authorized security contexts for the user, query the user to select one and set *newcon to refer to it. Caller must free via freecon. Returns 0 on sucess or -1 otherwise. */ -extern int query_user_context(security_context_t *list, - security_context_t *newcon); + extern int query_user_context(security_context_t * list, + security_context_t * newcon); /* Allow the user to manually enter a context as a fallback if a list of authorized contexts could not be obtained. Caller must free via freecon. Returns 0 on success or -1 otherwise. */ -extern int manual_user_enter_context(const char *user, - security_context_t *newcon); + extern int manual_user_enter_context(const char *user, + security_context_t * newcon); #ifdef __cplusplus } #endif - #endif ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/include/selinux/get_default_type.h#2 (text+ko) ==== @@ -6,20 +6,18 @@ #define _SELINUX_GET_DEFAULT_TYPE_H_ #ifdef __cplusplus -extern "C" -{ +extern "C" { #endif /* Return path to default type file. */ -const char *selinux_default_type_path(void); + const char *selinux_default_type_path(void); /* Get the default type (domain) for 'role' and set 'type' to refer to it. Caller must free via free(). Return 0 on success or -1 otherwise. */ -int get_default_type (const char* role, char** type); + int get_default_type(const char *role, char **type); #ifdef __cplusplus } #endif - -#endif /* ifndef _GET_DEFAULT_TYPE_H_ */ +#endif /* ifndef _GET_DEFAULT_TYPE_H_ */ ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/include/selinux/selinux.h#2 (text+ko) ==== @@ -5,29 +5,28 @@ #include <stdarg.h> #ifdef __cplusplus -extern "C" -{ +extern "C" { #endif /* Return 1 if we are running on a SELinux kernel, or 0 if not or -1 if we get an error. */ -extern int is_selinux_enabled(void); + extern int is_selinux_enabled(void); /* Return 1 if we are running on a SELinux MLS kernel, or 0 otherwise. */ -extern int is_selinux_mls_enabled(void); + extern int is_selinux_mls_enabled(void); -typedef char* security_context_t; + typedef char *security_context_t; /* Free the memory allocated for a context by any of the below get* calls. */ -extern void freecon(security_context_t con); + extern void freecon(security_context_t con); /* Free the memory allocated for a context array by security_compute_user. */ -extern void freeconary(security_context_t *con); + extern void freeconary(security_context_t * con); /* Wrappers for the /proc/pid/attr API. */ /* Get current context, and set *con to refer to it. Caller must free via freecon. */ -extern int getcon(security_context_t *con); -extern int getcon_raw(security_context_t *con); + extern int getcon(security_context_t * con); + extern int getcon_raw(security_context_t * con); /* Set the current security context to con. Note that use of this function requires that the entire application @@ -37,142 +36,151 @@ instead. Note that the application may lose access to its open descriptors as a result of a setcon() unless policy allows it to use descriptors opened by the old context. */ -extern int setcon(security_context_t con); -extern int setcon_raw(security_context_t con); + extern int setcon(security_context_t con); + extern int setcon_raw(security_context_t con); /* Get context of process identified by pid, and set *con to refer to it. Caller must free via freecon. This has not been ported to SEBSD yet. */ -//extern int getpidcon(pid_t pid, security_context_t *con); -//extern int getpidcon_raw(pid_t pid, security_context_t *con); +// extern int getpidcon(pid_t pid, security_context_t * con); +// extern int getpidcon_raw(pid_t pid, security_context_t * con); /* Get previous context (prior to last exec), and set *con to refer to it. - Caller must free via freecon. + Caller must free via freecon. This has not been ported to SEBSD yet.*/ -//extern int getprevcon(security_context_t *con); -//extern int getprevcon_raw(security_context_t *con); +// extern int getprevcon(security_context_t * con); +// extern int getprevcon_raw(security_context_t * con); /* Get exec context, and set *con to refer to it. Sets *con to NULL if no exec context has been set, i.e. using default. If non-NULL, caller must free via freecon. */ -extern int getexeccon(security_context_t *con); -extern int getexeccon_raw(security_context_t *con); + extern int getexeccon(security_context_t * con); + extern int getexeccon_raw(security_context_t * con); /* Set exec security context for the next execve. - Call with NULL if you want to reset to the default. + Call with NULL if you want to reset to the default. This is not yet supported by SEBSD. */ -//extern int setexeccon(security_context_t con); -//extern int setexeccon_raw(security_context_t con); +// extern int setexeccon(security_context_t con); +// extern int setexeccon_raw(security_context_t con); /* Get fscreate context, and set *con to refer to it. Sets *con to NULL if no fs create context has been set, i.e. using default. - If non-NULL, caller must free via freecon. + If non-NULL, caller must free via freecon. This has not been ported to SEBSD yet. */ -//extern int getfscreatecon(security_context_t *con); -//extern int getfscreatecon_raw(security_context_t *con); +// extern int getfscreatecon(security_context_t * con); +// extern int getfscreatecon_raw(security_context_t * con); /* Set the fscreate security context for subsequent file creations. - Call with NULL if you want to reset to the default. + Call with NULL if you want to reset to the default. This has not been ported to SEBSD yet. */ -//extern int setfscreatecon(security_context_t context); -//extern int setfscreatecon_raw(security_context_t context); +// extern int setfscreatecon(security_context_t context); +// extern int setfscreatecon_raw(security_context_t context); + +/* Get keycreate context, and set *con to refer to it. + Sets *con to NULL if no key create context has been set, i.e. using default. + If non-NULL, caller must free via freecon. */ + extern int getkeycreatecon(security_context_t * con); + extern int getkeycreatecon_raw(security_context_t * con); +/* Set the keycreate security context for subsequent key creations. + Call with NULL if you want to reset to the default. */ + extern int setkeycreatecon(security_context_t context); + extern int setkeycreatecon_raw(security_context_t context); /* Wrappers for the xattr API. */ /* Get file context, and set *con to refer to it. Caller must free via freecon. */ >>> TRUNCATED FOR MAIL (1000 lines) <<<
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200608151826.k7FIQOcI041744>