Date: Wed, 15 Oct 2003 07:10:05 -0700 (PDT) From: Chris Vance <cvance@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 39745 for review Message-ID: <200310151410.h9FEA5E5072837@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=39745 Change 39745 by cvance@cvance_osx_laptop on 2003/10/15 07:09:54 Register two sebsd sysctls, so we can at least tell that the module has loaded correctly Affected files ... .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/sebsd.c#5 edit .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/sebsd.h#2 edit .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/sebsd_sysctl.c#3 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/sebsd.c#5 (text+ko) ==== @@ -92,6 +92,7 @@ sebsd_init(struct mac_policy_conf *mpc) { printf("sebsd:: init\n"); + sebsd_register_sysctls(); #if 0 avc_init(); if (security_init()) { ==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/sebsd.h#2 (text+ko) ==== @@ -45,19 +45,22 @@ extern int avc_debug_always_allow; -#ifdef _KERNEL +#if defined(_KERNEL) || defined (KERNEL) -#ifndef _M_SEBSD_DEF +#if !defined(_M_SEBSD_DEF) && !defined(APPLE) MALLOC_DECLARE(M_SEBSD); #define _M_SEBSD_DEF #endif extern int sebsd_verbose; +extern void sebsd_register_sysctls(void); extern int security_init(void); +#if 0 extern int sebsd_syscall(struct thread *td, int call, void *args); extern int thread_has_system(struct thread *td, access_vector_t perm); extern int thread_has_security(struct thread *td, access_vector_t perm); +#endif #endif /* _KERNEL */ #endif /* _SYS_SECURITY_SEBSD_H */ ==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/sebsd_sysctl.c#3 (text+ko) ==== @@ -34,7 +34,6 @@ * $FreeBSD$ */ -#if 0 #include <sys/types.h> #include <sys/param.h> #include <sys/kernel.h> @@ -51,6 +50,11 @@ #include <security/sebsd/sebsd_syscalls.h> #include <security/sebsd/avc/avc.h> +#ifdef APPLE +#define TUNABLE_INT(x, y) +#endif + +#if 0 /* * Sysctl handler for security.mac.sebsd.sids * Lists the SIDs currently active in the security server @@ -96,13 +100,18 @@ FREE(buffer, M_TEMP); return (error); } +#endif /* * Sysctl handler for security.mac.sebsd.enforcing * Get and/or set whether the avc is in enforcement mode. */ static int +#ifdef APPLE +sysctl_sebsd_enforcing SYSCTL_HANDLER_ARGS +#else sysctl_sebsd_enforcing(SYSCTL_HANDLER_ARGS) +#endif { int error, enforcing; @@ -112,6 +121,7 @@ if (error) return (error); +#if 0 if (req->newptr != NULL) { error = SYSCTL_IN(req, &enforcing, sizeof(enforcing)); if (error) @@ -123,10 +133,12 @@ selinux_enforcing = enforcing; } +#endif return (0); } +#if 0 /* * Sysctl handler for security.mac.sebsd.user_sids * Lists the SIDs currently available for transition to by a given @@ -299,6 +311,7 @@ sebsd_free(scontext, M_SEBSD); return (error); } +#endif SYSCTL_DECL(_security_mac); SYSCTL_NODE(_security_mac, OID_AUTO, sebsd, CTLFLAG_RW, 0, @@ -307,7 +320,7 @@ SYSCTL_INT(_security_mac_sebsd, OID_AUTO, verbose, CTLFLAG_RW, &sebsd_verbose, 0, " SEBSD Verbose Debug Stuff"); TUNABLE_INT("security.mac.sebsd.verbose", &sebsd_verbose); - +#if 0 SYSCTL_PROC(_security_mac_sebsd, OID_AUTO, sids, CTLTYPE_STRING|CTLFLAG_RD, NULL, 0, sysctl_list_sids, "A", "SEBSD SIDs"); SYSCTL_PROC(_security_mac_sebsd, OID_AUTO, user_sids, CTLTYPE_STRING | @@ -319,6 +332,15 @@ SYSCTL_PROC(_security_mac_sebsd, OID_AUTO, compute_av, CTLTYPE_STRING | CTLFLAG_RW | CTLFLAG_ANYBODY, NULL, 0, sysctl_compute_av, "A", "SEBSD access vector decision query"); +#endif SYSCTL_PROC(_security_mac_sebsd, OID_AUTO, enforcing, CTLTYPE_INT | CTLFLAG_RW, NULL, 0, sysctl_sebsd_enforcing, "I", "SEBSD avc enforcement"); -#endif /* 0 */ + +void +sebsd_register_sysctls() +{ + sysctl_register_oid(&sysctl__security_mac_sebsd); + sysctl_register_oid(&sysctl__security_mac_sebsd_verbose); + sysctl_register_oid(&sysctl__security_mac_sebsd_enforcing); +} +
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200310151410.h9FEA5E5072837>