Date: Wed, 16 Aug 2006 13:33:52 GMT From: Todd Miller <millert@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 104220 for review Message-ID: <200608161333.k7GDXqEA069894@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=104220 Change 104220 by millert@millert_macbook on 2006/08/16 13:33:44 Include userspace avc in libselinux Affected files ... .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/Makefile#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/avc.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/avc_internal.c#3 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/Makefile#3 (text+ko) ==== @@ -4,21 +4,20 @@ -I../include -I../../libsepol/include -I../../libsecompat -Wall LIB = selinux -OBJS = booleans.o canonicalize_context.o checkAccess.o check_context.o \ - compute_av.o compute_create.o compute_member.o compute_relabel.o \ - compute_user.o context.o disable.o enabled.o fgetfilecon.o freecon.o \ - freeconary.o fsetfilecon.o get_context_list.o get_default_type.o \ - get_file_contexts.o getcon.o getenforce.o getexeccon.o getfilecon.o \ - getpeercon.o getpidcon.o getprevcon.o init.o is_customizable_type.o \ - lgetfilecon.o load_migscs.o load_policy.o lsetfilecon.o \ - matchmediacon.o matchpathcon.o policyvers.o query_user_context.o \ - sedarwin_config.o setcon.o setenforce.o setfilecon.o \ - setrans_client.o seusers.o +OBJS = + avc.o avc_internal.o avc_sidtab.o booleans.o canonicalize_context.o \ + checkAccess.o check_context.o compute_av.o compute_create.o \ + compute_member.o compute_relabel.o compute_user.o context.o \ + disable.o enabled.o fgetfilecon.o freecon.o freeconary.o \ + fsetfilecon.o get_context_list.o get_default_type.o \ + get_file_contexts.o getcon.o getenforce.o getexeccon.o \ + getfilecon.o getpeercon.o getpidcon.o getprevcon.o init.o \ + is_customizable_type.o lgetfilecon.o load_migscs.o load_policy.o \ + lsetfilecon.o matchmediacon.o matchpathcon.o policyvers.o \ + query_user_context.o sedarwin_config.o setcon.o setenforce.o \ + setfilecon.o setrans_client.o seusers.o -# The user-space AVC is not currently built -#OBJS += avc.o avc_internal.o avc_sidtab.o - -# The following require support for fs and exec contexts +# The following require kernel support for fs and exec contexts #OBJS += getfscreatecon.o setfscreatecon.o setexeccon.o # The following are Linux-specific ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/avc.c#3 (text+ko) ==== @@ -186,7 +186,9 @@ struct avc_callback_node *next; }; +#ifdef __linux__ static void *avc_netlink_thread = NULL; +#endif static void *avc_lock = NULL; static void *avc_log_lock = NULL; static struct avc_node *avc_node_freelist = NULL; @@ -306,6 +308,7 @@ } avc_enforcing = rc; +#ifdef __linux__ rc = avc_netlink_open(avc_using_threads); if (rc < 0) { avc_log("%s: can't open netlink socket: %d (%s)\n", avc_prefix, @@ -316,6 +319,7 @@ avc_netlink_thread = avc_create_thread(&avc_netlink_loop); avc_netlink_trouble = 0; } +#endif out: return rc; } @@ -672,9 +676,11 @@ avc_get_lock(avc_lock); +#ifdef __linux__ if (avc_using_threads) avc_stop_thread(avc_netlink_thread); avc_netlink_close(); +#endif for (i = 0; i < AVC_CACHE_SLOTS; i++) { node = avc_cache.slots[i]; @@ -901,9 +907,11 @@ access_vector_t denied; struct avc_entry_ref ref; +#ifdef __linux__ if (!avc_using_threads) { (void)avc_netlink_check_nb(); } +#endif if (!aeref) { avc_entry_ref_init(&ref); ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/avc_internal.c#3 (text+ko) ==== @@ -16,9 +16,11 @@ #include <string.h> #include <sys/types.h> #include <sys/socket.h> -//#include <asm/types.h> +#ifdef __linux__ +#include <asm/types.h> #include <linux/netlink.h> #include "selinux_netlink.h" +#endif #include "avc_internal.h" #ifndef NETLINK_SELINUX @@ -44,6 +46,8 @@ /* message prefix string and avc enforcing mode */ char avc_prefix[AVC_PREFIX_SIZE] = "uavc"; int avc_enforcing = 1; + +#ifdef __linux__ int avc_netlink_trouble = 0; /* netlink socket code */ @@ -294,3 +298,4 @@ avc_log("%s: netlink thread: errors encountered, terminating\n", avc_prefix); } +#endif /* __linux__ */
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200608161333.k7GDXqEA069894>