From owner-p4-projects@FreeBSD.ORG Wed Aug 16 13:34:22 2006 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 6BA6716A4E8; Wed, 16 Aug 2006 13:34:22 +0000 (UTC) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 43B6116A53A for ; Wed, 16 Aug 2006 13:34:22 +0000 (UTC) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3592D43DCD for ; Wed, 16 Aug 2006 13:34:08 +0000 (GMT) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id k7GDXqXJ069897 for ; Wed, 16 Aug 2006 13:33:52 GMT (envelope-from millert@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.6/8.13.4/Submit) id k7GDXqEA069894 for perforce@freebsd.org; Wed, 16 Aug 2006 13:33:52 GMT (envelope-from millert@freebsd.org) Date: Wed, 16 Aug 2006 13:33:52 GMT Message-Id: <200608161333.k7GDXqEA069894@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to millert@freebsd.org using -f From: Todd Miller To: Perforce Change Reviews Cc: Subject: PERFORCE change 104220 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Aug 2006 13:34:23 -0000 http://perforce.freebsd.org/chv.cgi?CH=104220 Change 104220 by millert@millert_macbook on 2006/08/16 13:33:44 Include userspace avc in libselinux Affected files ... .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/Makefile#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/avc.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/avc_internal.c#3 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/Makefile#3 (text+ko) ==== @@ -4,21 +4,20 @@ -I../include -I../../libsepol/include -I../../libsecompat -Wall LIB = selinux -OBJS = booleans.o canonicalize_context.o checkAccess.o check_context.o \ - compute_av.o compute_create.o compute_member.o compute_relabel.o \ - compute_user.o context.o disable.o enabled.o fgetfilecon.o freecon.o \ - freeconary.o fsetfilecon.o get_context_list.o get_default_type.o \ - get_file_contexts.o getcon.o getenforce.o getexeccon.o getfilecon.o \ - getpeercon.o getpidcon.o getprevcon.o init.o is_customizable_type.o \ - lgetfilecon.o load_migscs.o load_policy.o lsetfilecon.o \ - matchmediacon.o matchpathcon.o policyvers.o query_user_context.o \ - sedarwin_config.o setcon.o setenforce.o setfilecon.o \ - setrans_client.o seusers.o +OBJS = + avc.o avc_internal.o avc_sidtab.o booleans.o canonicalize_context.o \ + checkAccess.o check_context.o compute_av.o compute_create.o \ + compute_member.o compute_relabel.o compute_user.o context.o \ + disable.o enabled.o fgetfilecon.o freecon.o freeconary.o \ + fsetfilecon.o get_context_list.o get_default_type.o \ + get_file_contexts.o getcon.o getenforce.o getexeccon.o \ + getfilecon.o getpeercon.o getpidcon.o getprevcon.o init.o \ + is_customizable_type.o lgetfilecon.o load_migscs.o load_policy.o \ + lsetfilecon.o matchmediacon.o matchpathcon.o policyvers.o \ + query_user_context.o sedarwin_config.o setcon.o setenforce.o \ + setfilecon.o setrans_client.o seusers.o -# The user-space AVC is not currently built -#OBJS += avc.o avc_internal.o avc_sidtab.o - -# The following require support for fs and exec contexts +# The following require kernel support for fs and exec contexts #OBJS += getfscreatecon.o setfscreatecon.o setexeccon.o # The following are Linux-specific ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/avc.c#3 (text+ko) ==== @@ -186,7 +186,9 @@ struct avc_callback_node *next; }; +#ifdef __linux__ static void *avc_netlink_thread = NULL; +#endif static void *avc_lock = NULL; static void *avc_log_lock = NULL; static struct avc_node *avc_node_freelist = NULL; @@ -306,6 +308,7 @@ } avc_enforcing = rc; +#ifdef __linux__ rc = avc_netlink_open(avc_using_threads); if (rc < 0) { avc_log("%s: can't open netlink socket: %d (%s)\n", avc_prefix, @@ -316,6 +319,7 @@ avc_netlink_thread = avc_create_thread(&avc_netlink_loop); avc_netlink_trouble = 0; } +#endif out: return rc; } @@ -672,9 +676,11 @@ avc_get_lock(avc_lock); +#ifdef __linux__ if (avc_using_threads) avc_stop_thread(avc_netlink_thread); avc_netlink_close(); +#endif for (i = 0; i < AVC_CACHE_SLOTS; i++) { node = avc_cache.slots[i]; @@ -901,9 +907,11 @@ access_vector_t denied; struct avc_entry_ref ref; +#ifdef __linux__ if (!avc_using_threads) { (void)avc_netlink_check_nb(); } +#endif if (!aeref) { avc_entry_ref_init(&ref); ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/avc_internal.c#3 (text+ko) ==== @@ -16,9 +16,11 @@ #include #include #include -//#include +#ifdef __linux__ +#include #include #include "selinux_netlink.h" +#endif #include "avc_internal.h" #ifndef NETLINK_SELINUX @@ -44,6 +46,8 @@ /* message prefix string and avc enforcing mode */ char avc_prefix[AVC_PREFIX_SIZE] = "uavc"; int avc_enforcing = 1; + +#ifdef __linux__ int avc_netlink_trouble = 0; /* netlink socket code */ @@ -294,3 +298,4 @@ avc_log("%s: netlink thread: errors encountered, terminating\n", avc_prefix); } +#endif /* __linux__ */