Date: Wed, 1 Feb 2006 23:09:28 GMT From: Todd Miller <millert@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 90905 for review Message-ID: <200602012309.k11N9SrQ009833@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=90905 Change 90905 by millert@millert_g4tower on 2006/02/01 23:09:27 We only want/need a single copy of the flask dir in the source tree. When installing the policy dir, just copy the flask bits from the sedarwin sources. Also sync the generated headers with the flask access_vectors file. Affected files ... .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/policy/Makefile#6 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/policy/excludes#2 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/policy/flask/Makefile#4 delete .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/policy/flask/access_vectors#6 delete .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/policy/flask/initial_sids#4 delete .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/policy/flask/mkaccess_vector.sh#4 delete .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/policy/flask/mkflask.sh#4 delete .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/policy/flask/security_classes#5 delete .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/av_perm_to_string.h#5 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/av_permissions.h#5 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/class_to_string.h#4 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/flask.h#5 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/flask/access_vectors#5 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/policy/Makefile#6 (text+ko) ==== @@ -2,14 +2,15 @@ include $(DARWIN_ROOT)/build/Mig.mk POLICY= policy.16 +FLASK= ../sedarwin/flask SCRIPTS= create-extattr.sh sebsd-relabel.sh INSTALL?= install all: $(POLICY) sebsd_migscs -INPUTS = flask/security_classes mig_classes initial_sids \ - flask/access_vectors mig_access_vectors rules.m4 users initial_sid_contexts fs_use \ - devfs +INPUTS = $(FLASK)/security_classes mig_classes initial_sids \ + $(FLASK)/access_vectors mig_access_vectors rules.m4 users \ + initial_sid_contexts fs_use devfs policy.conf: $(INPUTS) cat $(INPUTS) > policy.conf @@ -38,12 +39,13 @@ $(INSTALL) -o ${BINOWN} -g ${BINGRP} -m 644 sebsd_migscs ${DESTDIR} $(INSTALL) -o ${BINOWN} -g ${BINGRP} -m 644 failsafe_context ${DESTDIR}/private/etc/sedarwin $(INSTALL) -o ${BINOWN} -g ${BINGRP} -m 700 ${SCRIPTS} ${DESTDIR}/private/etc/sedarwin - (cd $(CURDIR)/..; tar -X policy/excludes -cf - policy) | (cd $(DESTDIR)/private/etc/sedarwin/; tar -xf -) + (cd $(CURDIR)/.. && tar -X policy/excludes -cf - policy) | (cd $(DESTDIR)/private/etc/sedarwin/ && tar -xf -) + (cd $(FLASK)/.. && tar -cf - flask) | (cd $(DESTDIR)/private/etc/sedarwin/policy && tar -xf -) cp -f Makefile.install $(DESTDIR)/private/etc/sedarwin/policy/Makefile # Mig security classes and access vectors -DEFS = $(DARWIN_ROOT)/system_cmds/mach_init.tproj/bootstrap.defs +DEFS = $(DARWIN_ROOT)/system_cmds/mach_init.tproj/bootstrap.defs $(DARWIN_ROOT)/netinfo/servers/notifyd/notify_ipc.defs $(DARWIN_ROOT)/../../examples/mig/mtest.defs mig_msgids: $(DEFS) echo > $@ @@ -56,5 +58,5 @@ mig_classes: mig_access_vectors grep '^class' $< > $@ -sebsd_migscs: flask/security_classes mig_msgids - cat flask/security_classes mig_msgids | perl migscs.pl +sebsd_migscs: $(FLASK)/security_classes mig_msgids + cat $(FLASK)/security_classes mig_msgids | perl migscs.pl ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/policy/excludes#2 (text+ko) ==== @@ -3,3 +3,4 @@ policy/create-extattr.sh policy/sebsd-relabel.sh policy/failsafe_context +policy/flask ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/av_perm_to_string.h#5 (text+ko) ==== @@ -124,7 +124,6 @@ { SECCLASS_CAPABILITY, CAPABILITY__SYS_TIME, "sys_time" }, { SECCLASS_CAPABILITY, CAPABILITY__SYS_TTY_CONFIG, "sys_tty_config" }, { SECCLASS_CAPABILITY, CAPABILITY__MKNOD, "mknod" }, - { SECCLASS_CAPABILITY, CAPABILITY__LEASE, "lease" }, { SECCLASS_MACH_PORT, MACH_PORT__RELABELFROM, "relabelfrom" }, { SECCLASS_MACH_PORT, MACH_PORT__RELABELTO, "relabelto" }, { SECCLASS_MACH_PORT, MACH_PORT__SEND, "send" }, @@ -136,11 +135,6 @@ { SECCLASS_MACH_PORT, MACH_PORT__HOLD_RECV, "hold_recv" }, { SECCLASS_MACH_TASK, MACH_TASK__TERMINATE, "terminate" }, { SECCLASS_MACH_TASK, MACH_TASK__SET_SPECIAL_PORT, "set_special_port" }, - { SECCLASS_MACH_NAMES, MACH_NAMES__REGISTER, "register" }, - { SECCLASS_MACH_NAMES, MACH_NAMES__LOOK_UP, "look_up" }, - { SECCLASS_MACH_NAMES, MACH_NAMES__GETPARENT, "getparent" }, - { SECCLASS_MACH_NAMES, MACH_NAMES__MAKESUBSET, "makesubset" }, - { SECCLASS_MACH_NAMES, MACH_NAMES__CREATE_SERVER, "create_server" }, }; #define AV_PERM_TO_STRING_SIZE (sizeof(av_perm_to_string)/sizeof(av_perm_to_string_t)) ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/av_permissions.h#5 (text+ko) ==== @@ -600,7 +600,6 @@ #define CAPABILITY__SYS_TIME 0x0000000010000000UL #define CAPABILITY__SYS_TTY_CONFIG 0x0000000020000000UL #define CAPABILITY__MKNOD 0x0000000040000000UL -#define CAPABILITY__LEASE 0x000000007fffffffUL #define MACH_PORT__RELABELFROM 0x0000000000000001UL #define MACH_PORT__RELABELTO 0x0000000000000002UL @@ -615,11 +614,5 @@ #define MACH_TASK__TERMINATE 0x0000000000000001UL #define MACH_TASK__SET_SPECIAL_PORT 0x0000000000000002UL -#define MACH_NAMES__REGISTER 0x0000000000000001UL -#define MACH_NAMES__LOOK_UP 0x0000000000000002UL -#define MACH_NAMES__GETPARENT 0x0000000000000004UL -#define MACH_NAMES__MAKESUBSET 0x0000000000000008UL -#define MACH_NAMES__CREATE_SERVER 0x0000000000000010UL - /* FLASK */ ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/class_to_string.h#4 (text+ko) ==== @@ -35,10 +35,6 @@ "shm", "ipc", "mach_port", - "port_methods1", - "port_methods2", - "port_methods3", - "port_methods4", "mach_task", }; ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/flask.h#5 (text+ko) ==== @@ -37,11 +37,7 @@ #define SECCLASS_SHM 28 #define SECCLASS_IPC 29 #define SECCLASS_MACH_PORT 30 -#define SECCLASS_PORT_METHODS1 31 -#define SECCLASS_PORT_METHODS2 32 -#define SECCLASS_PORT_METHODS3 33 -#define SECCLASS_PORT_METHODS4 34 -#define SECCLASS_MACH_TASK 35 +#define SECCLASS_MACH_TASK 31 /* * Security identifier indices for initial entities ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/flask/access_vectors#5 (text+ko) ====
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200602012309.k11N9SrQ009833>