From owner-p4-projects@FreeBSD.ORG Thu Jun 23 15:49:31 2005 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 3629316A420; Thu, 23 Jun 2005 15:49:31 +0000 (GMT) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EB02116A41C for ; Thu, 23 Jun 2005 15:49:30 +0000 (GMT) (envelope-from areisse@nailabs.com) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id C901143D55 for ; Thu, 23 Jun 2005 15:49:30 +0000 (GMT) (envelope-from areisse@nailabs.com) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id j5NFnUAA047782 for ; Thu, 23 Jun 2005 15:49:30 GMT (envelope-from areisse@nailabs.com) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.1/8.13.1/Submit) id j5NFnUql047778 for perforce@freebsd.org; Thu, 23 Jun 2005 15:49:30 GMT (envelope-from areisse@nailabs.com) Date: Thu, 23 Jun 2005 15:49:30 GMT Message-Id: <200506231549.j5NFnUql047778@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to areisse@nailabs.com using -f From: Andrew Reisse To: Perforce Change Reviews Cc: Subject: PERFORCE change 78862 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Jun 2005 15:49:32 -0000 http://perforce.freebsd.org/chv.cgi?CH=78862 Change 78862 by areisse@areisse_tislabs on 2005/06/23 15:48:39 Install new flask autogenerated files in the kernel source, so that avc messages use the correct names. Affected files ... .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/av_perm_to_string.h#7 edit .. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/av_permissions.h#8 edit Differences ... ==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/av_perm_to_string.h#7 (text+ko) ==== @@ -105,23 +105,11 @@ { SECCLASS_CAPABILITY, CAPABILITY__FOWNER, "fowner" }, { SECCLASS_CAPABILITY, CAPABILITY__FSETID, "fsetid" }, { SECCLASS_CAPABILITY, CAPABILITY__KILL, "kill" }, - { SECCLASS_CAPABILITY, CAPABILITY__LINK_DIR, "link_dir" }, { SECCLASS_CAPABILITY, CAPABILITY__SETFCAP, "setfcap" }, { SECCLASS_CAPABILITY, CAPABILITY__SETGID, "setgid" }, { SECCLASS_CAPABILITY, CAPABILITY__SETUID, "setuid" }, - { SECCLASS_CAPABILITY, CAPABILITY__MAC_DOWNGRADE, "mac_downgrade" }, - { SECCLASS_CAPABILITY, CAPABILITY__MAC_READ, "mac_read" }, - { SECCLASS_CAPABILITY, CAPABILITY__MAC_RELABEL_SUBJ, "mac_relabel_subj" }, - { SECCLASS_CAPABILITY, CAPABILITY__MAC_UPGRADE, "mac_upgrade" }, - { SECCLASS_CAPABILITY, CAPABILITY__MAC_WRITE, "mac_write" }, - { SECCLASS_CAPABILITY, CAPABILITY__INF_NOFLOAT_OBJ, "inf_nofloat_obj" }, - { SECCLASS_CAPABILITY, CAPABILITY__INF_NOFLOAT_SUBJ, "inf_nofloat_subj" }, - { SECCLASS_CAPABILITY, CAPABILITY__INF_RELABEL_OBJ, "inf_relabel_obj" }, - { SECCLASS_CAPABILITY, CAPABILITY__INF_RELABEL_SUBJ, "inf_relabel_subj" }, { SECCLASS_CAPABILITY, CAPABILITY__AUDIT_CONTROL, "audit_control" }, { SECCLASS_CAPABILITY, CAPABILITY__AUDIT_WRITE, "audit_write" }, - { SECCLASS_CAPABILITY, CAPABILITY__SETPCAP, "setpcap" }, - { SECCLASS_CAPABILITY, CAPABILITY__XXX_INVALID1, "xxx_invalid1" }, { SECCLASS_CAPABILITY, CAPABILITY__LINUX_IMMUTABLE, "linux_immutable" }, { SECCLASS_CAPABILITY, CAPABILITY__NET_BIND_SERVICE, "net_bind_service" }, { SECCLASS_CAPABILITY, CAPABILITY__NET_BROADCAST, "net_broadcast" }, @@ -141,7 +129,6 @@ { SECCLASS_CAPABILITY, CAPABILITY__SYS_TIME, "sys_time" }, { SECCLASS_CAPABILITY, CAPABILITY__SYS_TTY_CONFIG, "sys_tty_config" }, { SECCLASS_CAPABILITY, CAPABILITY__MKNOD, "mknod" }, - { SECCLASS_CAPABILITY, CAPABILITY__LEASE, "lease" }, { SECCLASS_PASSWD, PASSWD__PASSWD, "passwd" }, { SECCLASS_PASSWD, PASSWD__CHFN, "chfn" }, { SECCLASS_PASSWD, PASSWD__CHSH, "chsh" }, ==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/av_permissions.h#8 (text+ko) ==== @@ -582,43 +582,30 @@ #define CAPABILITY__FOWNER 0x0000000000000010UL #define CAPABILITY__FSETID 0x0000000000000020UL #define CAPABILITY__KILL 0x0000000000000040UL -#define CAPABILITY__LINK_DIR 0x0000000000000080UL -#define CAPABILITY__SETFCAP 0x0000000000000100UL -#define CAPABILITY__SETGID 0x0000000000000200UL -#define CAPABILITY__SETUID 0x0000000000000400UL -#define CAPABILITY__MAC_DOWNGRADE 0x0000000000000800UL -#define CAPABILITY__MAC_READ 0x0000000000001000UL -#define CAPABILITY__MAC_RELABEL_SUBJ 0x0000000000002000UL -#define CAPABILITY__MAC_UPGRADE 0x0000000000004000UL -#define CAPABILITY__MAC_WRITE 0x0000000000008000UL -#define CAPABILITY__INF_NOFLOAT_OBJ 0x0000000000010000UL -#define CAPABILITY__INF_NOFLOAT_SUBJ 0x0000000000020000UL -#define CAPABILITY__INF_RELABEL_OBJ 0x0000000000040000UL -#define CAPABILITY__INF_RELABEL_SUBJ 0x0000000000080000UL -#define CAPABILITY__AUDIT_CONTROL 0x0000000000100000UL -#define CAPABILITY__AUDIT_WRITE 0x0000000000200000UL -#define CAPABILITY__SETPCAP 0x0000000000400000UL -#define CAPABILITY__XXX_INVALID1 0x0000000000800000UL -#define CAPABILITY__LINUX_IMMUTABLE 0x0000000001000000UL -#define CAPABILITY__NET_BIND_SERVICE 0x0000000002000000UL -#define CAPABILITY__NET_BROADCAST 0x0000000004000000UL -#define CAPABILITY__NET_ADMIN 0x0000000008000000UL -#define CAPABILITY__NET_RAW 0x0000000010000000UL -#define CAPABILITY__IPC_LOCK 0x0000000020000000UL -#define CAPABILITY__IPC_OWNER 0x0000000040000000UL -#define CAPABILITY__SYS_MODULE 0x0000000080000000UL -#define CAPABILITY__SYS_RAWIO 0x0000000100000000UL -#define CAPABILITY__SYS_CHROOT 0x0000000200000000UL -#define CAPABILITY__SYS_PTRACE 0x0000000400000000UL -#define CAPABILITY__SYS_PACCT 0x0000000800000000UL -#define CAPABILITY__SYS_ADMIN 0x0000001000000000UL -#define CAPABILITY__SYS_BOOT 0x0000002000000000UL -#define CAPABILITY__SYS_NICE 0x0000004000000000UL -#define CAPABILITY__SYS_RESOURCE 0x0000008000000000UL -#define CAPABILITY__SYS_TIME 0x0000010000000000UL -#define CAPABILITY__SYS_TTY_CONFIG 0x0000020000000000UL -#define CAPABILITY__MKNOD 0x0000040000000000UL -#define CAPABILITY__LEASE 0x0000080000000000UL +#define CAPABILITY__SETFCAP 0x0000000000000080UL +#define CAPABILITY__SETGID 0x0000000000000100UL +#define CAPABILITY__SETUID 0x0000000000000200UL +#define CAPABILITY__AUDIT_CONTROL 0x0000000000000400UL +#define CAPABILITY__AUDIT_WRITE 0x0000000000000800UL +#define CAPABILITY__LINUX_IMMUTABLE 0x0000000000001000UL +#define CAPABILITY__NET_BIND_SERVICE 0x0000000000002000UL +#define CAPABILITY__NET_BROADCAST 0x0000000000004000UL +#define CAPABILITY__NET_ADMIN 0x0000000000008000UL +#define CAPABILITY__NET_RAW 0x0000000000010000UL +#define CAPABILITY__IPC_LOCK 0x0000000000020000UL +#define CAPABILITY__IPC_OWNER 0x0000000000040000UL +#define CAPABILITY__SYS_MODULE 0x0000000000080000UL +#define CAPABILITY__SYS_RAWIO 0x0000000000100000UL +#define CAPABILITY__SYS_CHROOT 0x0000000000200000UL +#define CAPABILITY__SYS_PTRACE 0x0000000000400000UL +#define CAPABILITY__SYS_PACCT 0x0000000000800000UL +#define CAPABILITY__SYS_ADMIN 0x0000000001000000UL +#define CAPABILITY__SYS_BOOT 0x0000000002000000UL +#define CAPABILITY__SYS_NICE 0x0000000004000000UL +#define CAPABILITY__SYS_RESOURCE 0x0000000008000000UL +#define CAPABILITY__SYS_TIME 0x0000000010000000UL +#define CAPABILITY__SYS_TTY_CONFIG 0x0000000020000000UL +#define CAPABILITY__MKNOD 0x0000000040000000UL #define PASSWD__PASSWD 0x0000000000000001UL #define PASSWD__CHFN 0x0000000000000002UL