Date: Mon, 13 Oct 2003 08:10:51 -0700 (PDT) From: Chris Vance <cvance@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 39641 for review Message-ID: <200310131510.h9DFApTt044030@repoman.freebsd.org>
index | next in thread | raw e-mail
http://perforce.freebsd.org/chv.cgi?CH=39641 Change 39641 by cvance@cvance_osx_laptop on 2003/10/13 08:10:02 Another batch of changes to get the sebsd "module" to compile on Darwin. Somehow managed to miss these on the last mass-commit. Affected files ... .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/avc/avc.c#3 edit .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/avc/avc.h#3 edit .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/ss/context.h#3 edit .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/ss/ebitmap.h#3 edit .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/ss/global.h#3 edit .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/ss/init.c#3 edit .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/ss/queue.c#3 edit .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/ss/sidtab.c#3 edit .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/ss/sidtab.h#3 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/avc/avc.c#3 (text+ko) ==== @@ -11,8 +11,6 @@ * as published by the Free Software Foundation. */ -#include "opt_mac.h" - #include <sys/types.h> #include <sys/param.h> #include <sys/conf.h> @@ -20,18 +18,16 @@ #include <sys/mac.h> #include <sys/malloc.h> #include <sys/mount.h> -#include <sys/mutex.h> #include <sys/proc.h> #include <sys/systm.h> -#include <sys/sysproto.h> -#include <sys/sysent.h> #include <sys/vnode.h> +#ifdef CAPABILITIES #include <sys/capability.h> +#endif -#include <vm/vm.h> - #include <sys/mac_policy.h> +#include <security/sebsd/linux-compat.h> #include <security/sebsd/avc/avc.h> #include <security/sebsd/avc/avc_ss.h> #include <security/sebsd/avc/class_to_string.h> @@ -76,8 +72,10 @@ struct avc_callback_node *next; }; +#ifndef __APPLE__ static struct mtx avc_lock; static struct mtx avc_log_lock; +#endif static struct avc_node *avc_node_freelist = NULL; static struct avc_cache avc_cache; static char *avc_audit_buffer = NULL; @@ -196,7 +194,7 @@ "%d entries\n", i); break; } - memset(new, 0, sizeof(*new)); + bzero(new, sizeof(*new)); new->next = avc_node_freelist; avc_node_freelist = new; } @@ -209,8 +207,7 @@ mtx_init(&avc_log_lock, "SEBSD message lock", NULL, MTX_DEF); /* The fetch may or may not occur; if not, it doesn't change int *. */ - TUNABLE_INT_FETCH("security.mac.sebsd.enforcing", - &selinux_enforcing); + TUNABLE_INT_FETCH("security.mac.sebsd.enforcing", &selinux_enforcing); } #if 0 @@ -525,6 +522,9 @@ security_class_t tclass, access_vector_t requested, struct av_decision *avd, int result, struct avc_audit_data *a) { +#ifdef __APPLE__ + struct proc *curproc = current_proc(); +#endif struct proc *tsk = curproc; access_vector_t denied, audited; @@ -560,6 +560,7 @@ case AVC_AUDIT_DATA_IPC: printk(" key=%d", a->u.ipc_id); break; +#ifdef CAPABILITIES case AVC_AUDIT_DATA_CAP: { const char *capt = capv_to_text (a->u.cap); @@ -569,14 +570,23 @@ printk(" capability=%s", capv_to_text (a->u.cap)); } break; +#endif case AVC_AUDIT_DATA_FS: if (a->u.fs.vp) { struct vnode *vp = a->u.fs.vp; struct vattr va; +#ifdef __APPLE__ + struct proc *curproc = current_proc(); + if (VOP_ISLOCKED(vp) && + !VOP_GETATTR(vp, &va, + curproc->p_ucred, + curproc)) { +#else if (VOP_ISLOCKED(vp, curthread) && !VOP_GETATTR(vp, &va, curthread->td_ucred, curthread)) { +#endif printf(" inode=%ld, mountpoint=%s, ", va.va_fileid, vp->v_mount->mnt_stat.f_mntonname); ==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/avc/avc.h#3 (text+ko) ==== @@ -6,15 +6,19 @@ #ifndef _SELINUX_AVC_H_ #define _SELINUX_AVC_H_ -#ifdef _KERNEL +#if defined(_KERNEL) || defined(KERNEL) #include <sys/malloc.h> #include <sys/lock.h> +#ifndef __APPLE__ #include <sys/mutex.h> +#endif #else /* _KERNEL */ #include <unistd.h> #endif /* _KERNEL */ +#ifdef CAPABILITIES #include <sys/capability.h> +#endif #include <security/sebsd/flask.h> #include <security/sebsd/sebsd.h> @@ -65,15 +69,21 @@ u16 port; u32 daddr; } net; +#ifdef CAPABILITIES cap_value_t cap; +#endif int ipc_id; } u; }; /* Initialize an AVC audit data structure. */ +#ifdef __APPLE__ #define AVC_AUDIT_DATA_INIT(_d,_t) \ + { bzero((_d), sizeof(struct avc_audit_data)); (_d)->type = AVC_AUDIT_DATA_##_t; } +#else +#define AVC_AUDIT_DATA_INIT(_d,_t) \ { memset((_d), 0, sizeof(struct avc_audit_data)); (_d)->type = AVC_AUDIT_DATA_##_t; } - +#endif /* * AVC statistics */ ==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/ss/context.h#3 (text+ko) ==== @@ -88,7 +88,7 @@ static inline void context_init(struct context *c) { - memset(c, 0, sizeof(*c)); + bzero(c, sizeof(*c)); } static inline int context_cpy(struct context *dst, struct context *src) ==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/ss/ebitmap.h#3 (text+ko) ==== @@ -14,12 +14,16 @@ #ifndef _SS_EBITMAP_H_ #define _SS_EBITMAP_H_ +#ifdef __APPLE__ +#include <sys/systm.h> +#else #ifdef _KERNEL #include <sys/libkern.h> #else #include <stdlib.h> #include <stdio.h> #endif +#endif #include <security/sebsd/linux-compat.h> @@ -43,7 +47,7 @@ static inline void ebitmap_init(struct ebitmap *e) { - memset(e, 0, sizeof(*e)); + bzero(e, sizeof(*e)); } int ebitmap_cmp(struct ebitmap *e1, struct ebitmap *e2); @@ -55,7 +59,7 @@ void ebitmap_destroy(struct ebitmap *e); int ebitmap_read(struct ebitmap *e, void *fp); -#if !defined(__KERNEL__) && !defined(_KERNEL) +#if !defined(__KERNEL__) && !defined(_KERNEL) && !defined(KERNEL) int ebitmap_write(struct ebitmap * e, FILE * fp); #endif ==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/ss/global.h#3 (text+ko) ==== @@ -23,7 +23,7 @@ */ #include <sys/malloc.h> -#ifdef _KERNEL +#if defined(_KERNEL) || defined(KERNEL) #define sebsd_malloc(a,b,c) malloc(a,b,c) #define sebsd_free(a,b) free(a,b) #else /* _KERNEL */ ==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/ss/init.c#3 (text+ko) ==== @@ -14,7 +14,9 @@ #include <sys/kernel.h> #include <sys/malloc.h> #include <sys/systm.h> +#ifndef __APPLE__ #include <sys/linker.h> +#endif #include <security/sebsd/linux-compat.h> #include <security/sebsd/sebsd.h> @@ -36,6 +38,10 @@ printf("security: starting up (compiled " __DATE__ ")\n"); +#ifndef __APPLE__ +/* + * TBD: No way to load policy on Darwin (yet) + */ lh = preload_search_by_type ("sebsd_policy"); if (lh == NULL) goto loaderr; @@ -56,6 +62,7 @@ printf("security: error while reading policy, cannot initialize.\n"); return EINVAL; } +#endif return 0; ==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/ss/queue.c#3 (text+ko) ==== @@ -7,7 +7,7 @@ * Implementation of the double-ended queue type. */ -#if defined(__FreeBSD__) && defined(_KERNEL) +#if (defined(__FreeBSD__) && defined(_KERNEL)) || defined(__APPLE__) && defined(KERNEL) #include <sys/param.h> #include <sys/conf.h> #include <sys/kernel.h> ==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/ss/sidtab.c#3 (text+ko) ==== @@ -7,7 +7,9 @@ #include <sys/param.h> #include <sys/types.h> #include <sys/errno.h> +#ifndef __APPLE__ #include <sys/limits.h> +#endif #include <sys/time.h> #include <security/sebsd/ss/sidtab.h> #include <security/sebsd/linux-compat.h> ==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/ss/sidtab.h#3 (text+ko) ==== @@ -12,7 +12,10 @@ #include <security/sebsd/flask_types.h> #include <sys/lock.h> + +#ifndef __APPLE__ #include <sys/mutex.h> +#endif struct sidtab_node { security_id_t sid; /* security identifier */help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200310131510.h9DFApTt044030>