From owner-p4-projects@FreeBSD.ORG Sat Jun 21 20:00:00 2003 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 024D237B404; Sat, 21 Jun 2003 20:00:00 -0700 (PDT) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 96BE737B401 for ; Sat, 21 Jun 2003 19:59:59 -0700 (PDT) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1B5BB43F85 for ; Sat, 21 Jun 2003 19:59:59 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.12.6/8.12.6) with ESMTP id h5M2xw0U099613 for ; Sat, 21 Jun 2003 19:59:58 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.12.6/8.12.6/Submit) id h5M2xwKb099610 for perforce@freebsd.org; Sat, 21 Jun 2003 19:59:58 -0700 (PDT) Date: Sat, 21 Jun 2003 19:59:58 -0700 (PDT) Message-Id: <200306220259.h5M2xwKb099610@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson To: Perforce Change Reviews Subject: PERFORCE change 33494 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 Jun 2003 03:00:00 -0000 http://perforce.freebsd.org/chv.cgi?CH=33494 Change 33494 by rwatson@rwatson_powerbook on 2003/06/21 19:59:09 Remove reference to devfs include file; a different devfs. Temporarily "#if 0" the module versioning support since that's different in Darwin. Stub out TUNABLE and WITNESS support, since they don't exist in Darwin. We'll need to find some substitute for lock order checking, so might need to port WITNESS to the Mach primitives. "#if 0" VM-related functionality, such as memory mapping downgrades, since the VM system is different on Darwin. Affected files ... .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/kern/kern_mac.c#5 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/bsd/kern/kern_mac.c#5 (text+ko) ==== @@ -62,8 +62,6 @@ #include -#include - #include #include #include @@ -81,7 +79,12 @@ * modules to refuse to be loaded if the necessary support isn't present, * even if it's pre-boot. */ +#if 0 MODULE_VERSION(kernel_mac_support, 1); +#endif + +#define TUNABLE_INT(x, y) +#define WITNESS_WARN(x, y, z, ...) SYSCTL_DECL(_security); @@ -222,10 +225,12 @@ static int mac_policy_register(struct mac_policy_conf *mpc); static int mac_policy_unregister(struct mac_policy_conf *mpc); +#if 0 static void mac_check_vnode_mmap_downgrade(struct ucred *cred, struct vnode *vp, int *prot); static void mac_cred_mmapped_drop_perms_recurse(struct thread *td, struct ucred *cred, struct vm_map *map); +#endif static void mac_destroy_socket_label(struct label *label); @@ -2034,6 +2039,7 @@ return (error); } +#if 0 /* * When relabeling a process, call out to the policies for the maximum * permission allowed for each object type we know about in its @@ -2193,6 +2199,7 @@ } vm_map_unlock_read(map); } +#endif /* * When the subject's label changes, it may require revocation of privilege @@ -3466,11 +3473,13 @@ crhold(newcred); PROC_UNLOCK(p); +#if 0 if (mac_enforce_vm) { mtx_lock(&Giant); mac_cred_mmapped_drop_perms(td, newcred); mtx_unlock(&Giant); } +#endif crfree(newcred); /* Free revocation reference. */ crfree(oldcred);