From owner-p4-projects@FreeBSD.ORG Tue May 10 13:43:00 2005 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 8282016A4D1; Tue, 10 May 2005 13:43:00 +0000 (GMT) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4512B16A4CE for ; Tue, 10 May 2005 13:43:00 +0000 (GMT) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2727043D69 for ; Tue, 10 May 2005 13:43:00 +0000 (GMT) (envelope-from areisse@nailabs.com) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id j4ADh004073729 for ; Tue, 10 May 2005 13:43:00 GMT (envelope-from areisse@nailabs.com) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.1/8.13.1/Submit) id j4ADgxbt073724 for perforce@freebsd.org; Tue, 10 May 2005 13:42:59 GMT (envelope-from areisse@nailabs.com) Date: Tue, 10 May 2005 13:42:59 GMT Message-Id: <200505101342.j4ADgxbt073724@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to areisse@nailabs.com using -f From: Andrew Reisse To: Perforce Change Reviews Subject: PERFORCE change 76784 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 May 2005 13:43:01 -0000 http://perforce.freebsd.org/chv.cgi?CH=76784 Change 76784 by areisse@areisse_ibook on 2005/05/10 13:42:32 Post-merge fixes: -Include file paths -32 vs 64bit access_vector_t -Conditional policy support Affected files ... .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/Makefile#3 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/avc.c#3 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd_syscall.c#3 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/conditional.c#2 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/conditional.h#2 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/policydb.c#3 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/services.c#3 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/Makefile#3 (text+ko) ==== @@ -5,7 +5,7 @@ OBJS = sebsd.o sebsd_syscall.o sebsd_sysctl.o ss/avtab.o ss/ebitmap.o \ ss/hashtab.o ss/init.o ss/policydb.o ss/queue.o ss/services.o \ - ss/sidtab.o ss/symtab.o avc/avc.o ss/mach_av.o + ss/sidtab.o ss/symtab.o avc/avc.o ss/mach_av.o ss/conditional.o sedarwin.kext.tar: sedarwin.o ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/avc.c#3 (text+ko) ==== @@ -96,11 +96,12 @@ #else static inline void avc_cache_stats_incr(int type) { } - if (rc) + static inline void avc_cache_stats_add(int type, unsigned val) { } #endif +#if 0 /** * avc_dump_av - Display an access vector in human-readable form. * @tclass: target security class @@ -151,6 +152,7 @@ printk(" }"); } +#endif /** * avc_dump_query - Display a SID pair and a class in human-readable form. ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd_syscall.c#3 (text+ko) ==== @@ -223,10 +223,11 @@ } int -sebsd_syscall(struct proc *td, int call, void *args) +sebsd_syscall(struct proc *td, int call, void *args, int *retv) { int err = EINVAL; struct lp_args p; + struct sebsd_get_bools gb; switch(call) { case SEBSDCALL_LOAD_POLICY: @@ -317,7 +318,7 @@ if (err) return (err); security_get_bool(str, &active, &pending); - *td->td_retval = active | (pending << 1); + *retv = active | (pending << 1); return (0); } @@ -325,7 +326,7 @@ { char *str; - err = thread_has_security(td, SECURITY__SETBOOL); + err = cred_has_security(td->p_ucred, SECURITY__SETBOOL); if (err) return (err); @@ -346,7 +347,7 @@ } case SEBSDCALL_COMMIT_BOOLS: - err = thread_has_security(td, SECURITY__SETBOOL); + err = cred_has_security(td->p_ucred, SECURITY__SETBOOL); if (err) return (err); ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/conditional.c#2 (text+ko) ==== @@ -14,9 +14,9 @@ #include #endif /* FreeBSD _KERNEL */ -#include -#include -#include +#include +#include +#include /* * cond_evaluate_expr evaluates a conditional expr ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/conditional.h#2 (text+ko) ==== @@ -10,10 +10,10 @@ #ifndef _CONDITIONAL_H_ #define _CONDITIONAL_H_ -#include -#include -#include -#include +#include +#include +#include +#include #define COND_EXPR_MAXDEPTH 10 ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/policydb.c#3 (text+ko) ==== @@ -27,6 +27,7 @@ #include #include #include +#include #define _DEBUG_HASHES ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/services.c#3 (text+ko) ==== @@ -26,6 +26,7 @@ #include #include #include +#include #include #include #include @@ -221,9 +222,9 @@ * Initialize the access vectors to the default values. */ avd->allowed = 0; - avd->decided = 0xffffffffffffffffLL; + avd->decided = 0xffffffff; avd->auditallow = 0; - avd->auditdeny = 0xffffffffffffffffLL; + avd->auditdeny = 0xffffffff; avd->seqno = latest_granting; /* @@ -310,7 +311,7 @@ avd->allowed = requested; avd->decided = requested; avd->auditallow = 0; - avd->auditdeny = 0xffffffffffffffffLL; + avd->auditdeny = 0xffffffffLL; avd->seqno = latest_granting; return 0; }