Date: Tue, 10 May 2005 13:42:59 GMT From: Andrew Reisse <areisse@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 76784 for review Message-ID: <200505101342.j4ADgxbt073724@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=76784 Change 76784 by areisse@areisse_ibook on 2005/05/10 13:42:32 Post-merge fixes: -Include file paths -32 vs 64bit access_vector_t -Conditional policy support Affected files ... .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/Makefile#3 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/avc.c#3 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd_syscall.c#3 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/conditional.c#2 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/conditional.h#2 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/policydb.c#3 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/services.c#3 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/Makefile#3 (text+ko) ==== @@ -5,7 +5,7 @@ OBJS = sebsd.o sebsd_syscall.o sebsd_sysctl.o ss/avtab.o ss/ebitmap.o \ ss/hashtab.o ss/init.o ss/policydb.o ss/queue.o ss/services.o \ - ss/sidtab.o ss/symtab.o avc/avc.o ss/mach_av.o + ss/sidtab.o ss/symtab.o avc/avc.o ss/mach_av.o ss/conditional.o sedarwin.kext.tar: sedarwin.o ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/avc.c#3 (text+ko) ==== @@ -96,11 +96,12 @@ #else static inline void avc_cache_stats_incr(int type) { } - if (rc) + static inline void avc_cache_stats_add(int type, unsigned val) { } #endif +#if 0 /** * avc_dump_av - Display an access vector in human-readable form. * @tclass: target security class @@ -151,6 +152,7 @@ printk(" }"); } +#endif /** * avc_dump_query - Display a SID pair and a class in human-readable form. ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd_syscall.c#3 (text+ko) ==== @@ -223,10 +223,11 @@ } int -sebsd_syscall(struct proc *td, int call, void *args) +sebsd_syscall(struct proc *td, int call, void *args, int *retv) { int err = EINVAL; struct lp_args p; + struct sebsd_get_bools gb; switch(call) { case SEBSDCALL_LOAD_POLICY: @@ -317,7 +318,7 @@ if (err) return (err); security_get_bool(str, &active, &pending); - *td->td_retval = active | (pending << 1); + *retv = active | (pending << 1); return (0); } @@ -325,7 +326,7 @@ { char *str; - err = thread_has_security(td, SECURITY__SETBOOL); + err = cred_has_security(td->p_ucred, SECURITY__SETBOOL); if (err) return (err); @@ -346,7 +347,7 @@ } case SEBSDCALL_COMMIT_BOOLS: - err = thread_has_security(td, SECURITY__SETBOOL); + err = cred_has_security(td->p_ucred, SECURITY__SETBOOL); if (err) return (err); ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/conditional.c#2 (text+ko) ==== @@ -14,9 +14,9 @@ #include <sys/systm.h> #endif /* FreeBSD _KERNEL */ -#include <security/sebsd/linux-compat.h> -#include <security/sebsd/ss/security.h> -#include <security/sebsd/ss/conditional.h> +#include <sedarwin/linux-compat.h> +#include <sedarwin/ss/security.h> +#include <sedarwin/ss/conditional.h> /* * cond_evaluate_expr evaluates a conditional expr ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/conditional.h#2 (text+ko) ==== @@ -10,10 +10,10 @@ #ifndef _CONDITIONAL_H_ #define _CONDITIONAL_H_ -#include <security/sebsd/ss/avtab.h> -#include <security/sebsd/ss/symtab.h> -#include <security/sebsd/ss/sidtab.h> -#include <security/sebsd/ss/policydb.h> +#include <sedarwin/ss/avtab.h> +#include <sedarwin/ss/symtab.h> +#include <sedarwin/ss/sidtab.h> +#include <sedarwin/ss/policydb.h> #define COND_EXPR_MAXDEPTH 10 ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/policydb.c#3 (text+ko) ==== @@ -27,6 +27,7 @@ #include <sedarwin/ss/services.h> #include <sedarwin/ss/security.h> #include <sedarwin/ss/mls.h> +#include <sedarwin/ss/conditional.h> #define _DEBUG_HASHES ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/services.c#3 (text+ko) ==== @@ -26,6 +26,7 @@ #include <sedarwin/ss/services.h> #include <sedarwin/ss/security.h> #include <sedarwin/ss/mls.h> +#include <sedarwin/ss/conditional.h> #include <sedarwin/avc/avc.h> #include <sedarwin/avc/avc_ss.h> #include <sys/socket.h> @@ -221,9 +222,9 @@ * Initialize the access vectors to the default values. */ avd->allowed = 0; - avd->decided = 0xffffffffffffffffLL; + avd->decided = 0xffffffff; avd->auditallow = 0; - avd->auditdeny = 0xffffffffffffffffLL; + avd->auditdeny = 0xffffffff; avd->seqno = latest_granting; /* @@ -310,7 +311,7 @@ avd->allowed = requested; avd->decided = requested; avd->auditallow = 0; - avd->auditdeny = 0xffffffffffffffffLL; + avd->auditdeny = 0xffffffffLL; avd->seqno = latest_granting; return 0; }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200505101342.j4ADgxbt073724>