From owner-trustedbsd-cvs@FreeBSD.ORG Wed Feb 15 18:15:27 2006 Return-Path: X-Original-To: trustedbsd-cvs@freebsd.org Delivered-To: trustedbsd-cvs@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7037816A420 for ; Wed, 15 Feb 2006 18:15:27 +0000 (GMT) (envelope-from owner-perforce@freebsd.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id F1AFA43D4C for ; Wed, 15 Feb 2006 18:15:24 +0000 (GMT) (envelope-from owner-perforce@freebsd.org) Received: from mx2.freebsd.org (mx2.freebsd.org [216.136.204.119]) by cyrus.watson.org (Postfix) with ESMTP id CB6E446BDA for ; Wed, 15 Feb 2006 13:15:09 -0500 (EST) Received: from hub.freebsd.org (hub.freebsd.org [216.136.204.18]) by mx2.freebsd.org (Postfix) with ESMTP id 19ACC56E23; Wed, 15 Feb 2006 18:15:22 +0000 (GMT) (envelope-from owner-perforce@freebsd.org) Received: by hub.freebsd.org (Postfix, from userid 32767) id 0A98416A423; Wed, 15 Feb 2006 18:15:22 +0000 (GMT) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C0ED216A420 for ; Wed, 15 Feb 2006 18:15:21 +0000 (GMT) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 84F9643D4C for ; Wed, 15 Feb 2006 18:15:21 +0000 (GMT) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id k1FIFLCO033196 for ; Wed, 15 Feb 2006 18:15:21 GMT (envelope-from millert@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.1/8.13.1/Submit) id k1FIFLoI033193 for perforce@freebsd.org; Wed, 15 Feb 2006 18:15:21 GMT (envelope-from millert@freebsd.org) Date: Wed, 15 Feb 2006 18:15:21 GMT Message-Id: <200602151815.k1FIFLoI033193@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to millert@freebsd.org using -f From: Todd Miller To: Perforce Change Reviews Cc: Subject: PERFORCE change 91815 for review X-BeenThere: trustedbsd-cvs@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD CVS and Perforce commit message list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Feb 2006 18:15:27 -0000 http://perforce.freebsd.org/chv.cgi?CH=91815 Change 91815 by millert@millert_g4tower on 2006/02/15 18:14:27 Update for new Mach message entry points. Affected files ... .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/policy/macros/global_macros.te#5 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/policy/rules#7 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/policy/macros/global_macros.te#5 (text+ko) ==== @@ -1219,28 +1219,28 @@ ##### define(`allow_mach_ipc', ` -allow $1 $2:mach_port { send copy_send make_send hold_send hold_recv }; -allow $2 $1:mach_port { send copy_send make_send hold_send hold_recv }; +allow $1 $2:mach_port { send copy_send move_send move_send_once make_send make_send_once hold_send hold_send_once recv hold_recv }; +allow $2 $1:mach_port { send copy_send move_send move_send_once make_send make_send_once hold_send hold_send_once recv hold_recv }; ') define(`mach_bootstrap', ` -allow $1 $2:mach_port { send copy_send make_send hold_send hold_recv }; +allow $1 $2:mach_port { send copy_send move_send move_send_once make_send make_send_once hold_send hold_send_once recv hold_recv }; allow $1 $2:mi_bootstrap { bootstrap_look_up bootstrap_look_up_array }; -allow mach_init_d $1:mach_port { send copy_send hold_send hold_recv }; +allow mach_init_d $1:mach_port { send copy_send move_send move_send_once hold_send hold_send_once recv hold_recv }; ') define(`mach_bootstrap_register', ` allow $1 $2:mi_bootstrap *; -allow $1 $2:mach_port { send copy_send hold_send hold_recv }; -allow mach_init_d $1:mach_port { send copy_send hold_send hold_recv }; +allow $1 $2:mach_port { send copy_send move_send move_send_once hold_send hold_send_once recv hold_recv }; +allow mach_init_d $1:mach_port { send copy_send move_send move_send_once hold_send hold_send_once recv hold_recv }; ') define(`allow_notify_ipc', ` allow $1 mach_init_d:mi_notify_ipc *; allow $1 notifyd_d:mi_notify_ipc *; allow notifyd_d $1:mi_notify_ipc *; -allow $1 notifyd_d:mach_port { send copy_send hold_send hold_recv }; -allow notifyd_d $1:mach_port { send copy_send hold_send hold_recv }; +allow $1 notifyd_d:mach_port { send copy_send move_send move_send_once hold_send hold_send_once recv hold_recv }; +allow notifyd_d $1:mach_port { send copy_send move_send move_send_once hold_send hold_send_once recv hold_recv }; ') ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/policy/rules#7 (text+ko) ==== @@ -167,13 +167,13 @@ type_change user_d devpts_t:chr_file user_devpts_t; -allow domain2 self:mach_port { send make_send copy_send hold_send move_recv hold_recv }; -allow domain2 kernel_d:mach_port { send make_send copy_send hold_send }; +allow domain2 self:mach_port { send make_send make_send_once copy_send move_send move_send_once hold_send hold_send_once recv move_recv hold_recv }; +allow domain2 kernel_d:mach_port { send make_send make_send_once copy_send move_send move_send_once hold_send hold_send_once }; allow domain2 self:mach_task set_special_port; allow domain2 self:mi_bootstrap { bootstrap_look_up }; allow domain2 root_t:dir { search getattr read }; allow domain2 self:process getsched; -allow kernel_d domain2:mach_port { send make_send copy_send hold_send }; +allow kernel_d domain2:mach_port { send make_send make_send_once copy_send move_send move_send_once hold_send hold_send_once }; allow domain2 file:{file lnk_file sock_file fifo_file} {create_file_perms execute }; allow domain2 file:file execute_no_trans; @@ -246,7 +246,7 @@ allow mach_init_d mach_init_d:mach_port relabelfrom; allow mach_init_d boot_names_t:mach_port relabelto; allow mach_init_d {loginwindow_d windowserver_d}:mach_port relabelto; -allow mach_init_d user_names_t:mach_port { copy_send hold_send relabelto }; +allow mach_init_d user_names_t:mach_port { copy_send move_send move_send_once hold_send hold_send_once relabelto }; allow_mach_ipc(systemstarter_d,unlabeled_t); allow_mach_ipc(systemstarter_d,boot_names_t); @@ -311,8 +311,8 @@ #diskarbitrationd rules mach_bootstrap(diskarbitrationd_d,mach_init_d); #allow diskarbitrationd_d notifyd_d:mi_notify_ipc { _notify_server_register_check _notify_server_register_mach_port }; -#allow notifyd_d diskarbitrationd_d:mach_port { copy_send hold_send }; -#allow diskarbitrationd_d notifyd_d:mach_port { copy_send hold_send }; +#allow notifyd_d diskarbitrationd_d:mach_port { copy_send move_send move_send_once hold_send hold_send_once }; +#allow diskarbitrationd_d notifyd_d:mach_port { copy_send move_send move_send_once hold_send hold_send_once }; allow_notify_ipc(diskarbitrationd_d); allow_mach_ipc(diskarbitrationd_d,unlabeled_t); allow_mach_ipc(diskarbitrationd_d,mach_servers_d); @@ -425,7 +425,7 @@ allow_mach_ipc($1,lookupd_d); allow_mach_ipc(pbs_d,$1); -allow pbs_d $1:mach_port { send copy_send hold_send }; +allow pbs_d $1:mach_port { send copy_send move_send move_send_once hold_send hold_send_once }; mach_bootstrap_register(pbs_d,$2); mach_bootstrap(pbs_d,$2); @@ -439,4 +439,4 @@ bool lookups false; if (lookups) { allow user_d {mach_init_d init_d systemstarter_d loginwindow_d user_d}:mi_bootstrap bootstrap_info; -}+}