From owner-p4-projects@FreeBSD.ORG  Mon Jan 22 20:03:12 2007
Return-Path: <owner-p4-projects@FreeBSD.ORG>
X-Original-To: p4-projects@freebsd.org
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 6B1BE16A4EA; Mon, 22 Jan 2007 20:03:12 +0000 (UTC)
X-Original-To: perforce@freebsd.org
Delivered-To: perforce@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 3F11F16A421
	for <perforce@freebsd.org>; Mon, 22 Jan 2007 20:03:12 +0000 (UTC)
	(envelope-from millert@freebsd.org)
Received: from repoman.freebsd.org (repoman.freebsd.org [69.147.83.41])
	by mx1.freebsd.org (Postfix) with ESMTP id 2A94A13C467
	for <perforce@freebsd.org>; Mon, 22 Jan 2007 20:03:12 +0000 (UTC)
	(envelope-from millert@freebsd.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id l0MK3Cj3088887
	for <perforce@freebsd.org>; Mon, 22 Jan 2007 20:03:12 GMT
	(envelope-from millert@freebsd.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.13.6/8.13.4/Submit) id l0MK3BY2088882
	for perforce@freebsd.org; Mon, 22 Jan 2007 20:03:11 GMT
	(envelope-from millert@freebsd.org)
Date: Mon, 22 Jan 2007 20:03:11 GMT
Message-Id: <200701222003.l0MK3BY2088882@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	millert@freebsd.org using -f
From: Todd Miller <millert@FreeBSD.org>
To: Perforce Change Reviews <perforce@freebsd.org>
Cc: 
Subject: PERFORCE change 113404 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Jan 2007 20:03:12 -0000

http://perforce.freebsd.org/chv.cgi?CH=113404

Change 113404 by millert@millert_macbook on 2007/01/22 20:02:38

	Label and permit access to /Library/Caches.

Affected files ...

.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/securityd.te#14 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/darwin.fc#7 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/init.te#11 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/securityd.te#14 (text+ko) ====

@@ -117,6 +117,7 @@
 # Allow reading of security_t files
 darwin_allow_security_read(securityd_t)
 
-# Access cache files
-allow securityd_t darwin_cache_t:dir search;
+# Read/write caches
+darwin_allow_cache_rw(securityd_t)
+allow securityd_t darwin_cache_t:dir { search getattr };
 allow securityd_t darwin_cache_t:file { read lock };

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/darwin.fc#7 (text+ko) ====

@@ -14,8 +14,8 @@
 /System/Library/Caches.*			gen_context(system_u:object_r:darwin_cache_t,s0)
 /System/Library/Services.*			gen_context(system_u:object_r:darwin_services_t,s0)
 /System/Library/Security.*			gen_context(system_u:object_r:darwin_security_t,s0)
-/System/Library/CoreServices.*				gen_context(system_u:object_r:darwin_CoreServices_t,s0)
-/System/Library/ColorSync.*					gen_context(system_u:object_r:darwin_resource_t,s0)
+/System/Library/CoreServices.*			gen_context(system_u:object_r:darwin_CoreServices_t,s0)
+/System/Library/ColorSync.*			gen_context(system_u:object_r:darwin_resource_t,s0)
 
 #
 # Applications
@@ -25,11 +25,12 @@
 #
 # /Library
 #
+/Library/Caches.*					gen_context(system_u:object_r:darwin_cache_t,s0)
 /Library/ColorSync.*					gen_context(system_u:object_r:darwin_resource_t,s0)
 /Library/Preferences/.GlobalPreferences.plist	--	gen_context(system_u:object_r:darwin_global_pref_t,s0)
 /Library/Preferences.*					gen_context(system_u:object_r:darwin_global_pref_t,s0)
 /Library/Preferences/SystemConfiguration.*		gen_context(system_u:object_r:darwin_global_pref_t,s0)
-/Library/Keychains.*		gen_context(system_u:object_r:darwin_keychain_t,s0)
+/Library/Keychains.*					gen_context(system_u:object_r:darwin_keychain_t,s0)
 
 # Kernel
 /mach_kernel					--	gen_context(system_u:object_r:boot_t,s0)

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/init.te#11 (text+ko) ====

@@ -684,5 +684,6 @@
 allow init_t dynamic_pager_swapfile_t:file { getattr unlink };
 
 # Allow access to Cache files
-allow init_t darwin_cache_t:dir search;
-allow init_t darwin_cache_t:file { read write lock };
+darwin_allow_cache_rw(init_t)
+allow init_t darwin_cache_t:dir { getattr search add_name remove_name };
+allow init_t darwin_cache_t:file { create setattr unlink };