From owner-p4-projects@FreeBSD.ORG  Mon Oct 13 08:10:53 2003
Return-Path: <owner-p4-projects@FreeBSD.ORG>
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 4F49716A4C0; Mon, 13 Oct 2003 08:10:53 -0700 (PDT)
Delivered-To: perforce@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 12E5416A4B3
	for <perforce@freebsd.org>; Mon, 13 Oct 2003 08:10:52 -0700 (PDT)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 479B143F93
	for <perforce@freebsd.org>; Mon, 13 Oct 2003 08:10:52 -0700 (PDT)
	(envelope-from cvance@nailabs.com)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.12.9/8.12.9) with ESMTP id h9DFAqXJ044033
	for <perforce@freebsd.org>; Mon, 13 Oct 2003 08:10:52 -0700 (PDT)
	(envelope-from cvance@nailabs.com)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.12.9/8.12.9/Submit) id h9DFApTt044030
	for perforce@freebsd.org; Mon, 13 Oct 2003 08:10:51 -0700 (PDT)
	(envelope-from cvance@nailabs.com)
Date: Mon, 13 Oct 2003 08:10:51 -0700 (PDT)
Message-Id: <200310131510.h9DFApTt044030@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	cvance@nailabs.com using -f
From: Chris Vance <cvance@FreeBSD.org>
To: Perforce Change Reviews <perforce@freebsd.org>
Subject: PERFORCE change 39641 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Oct 2003 15:10:53 -0000

http://perforce.freebsd.org/chv.cgi?CH=39641

Change 39641 by cvance@cvance_osx_laptop on 2003/10/13 08:10:02

	Another batch of changes to get the sebsd "module" to compile on
	Darwin.  Somehow managed to miss these on the last mass-commit.

Affected files ...

.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/avc/avc.c#3 edit
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/avc/avc.h#3 edit
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/ss/context.h#3 edit
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/ss/ebitmap.h#3 edit
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/ss/global.h#3 edit
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/ss/init.c#3 edit
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/ss/queue.c#3 edit
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/ss/sidtab.c#3 edit
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/ss/sidtab.h#3 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/avc/avc.c#3 (text+ko) ====

@@ -11,8 +11,6 @@
  *      as published by the Free Software Foundation.
  */
 
-#include "opt_mac.h"
-
 #include <sys/types.h>
 #include <sys/param.h>
 #include <sys/conf.h>
@@ -20,18 +18,16 @@
 #include <sys/mac.h>
 #include <sys/malloc.h>
 #include <sys/mount.h>
-#include <sys/mutex.h>
 #include <sys/proc.h>
 #include <sys/systm.h>
-#include <sys/sysproto.h>
-#include <sys/sysent.h>
 #include <sys/vnode.h>
+#ifdef CAPABILITIES
 #include <sys/capability.h>
+#endif
 
-#include <vm/vm.h>
-
 #include <sys/mac_policy.h>
 
+#include <security/sebsd/linux-compat.h>
 #include <security/sebsd/avc/avc.h>
 #include <security/sebsd/avc/avc_ss.h>
 #include <security/sebsd/avc/class_to_string.h>
@@ -76,8 +72,10 @@
 	struct avc_callback_node *next;
 };
 
+#ifndef __APPLE__
 static struct mtx avc_lock;
 static struct mtx avc_log_lock;
+#endif
 static struct avc_node *avc_node_freelist = NULL;
 static struct avc_cache avc_cache;
 static char *avc_audit_buffer = NULL;
@@ -196,7 +194,7 @@
 			       "%d entries\n", i);
 			break;
 		}
-		memset(new, 0, sizeof(*new));
+		bzero(new, sizeof(*new));
 		new->next = avc_node_freelist;
 		avc_node_freelist = new;
 	}
@@ -209,8 +207,7 @@
 	mtx_init(&avc_log_lock, "SEBSD message lock", NULL, MTX_DEF);
 
 	/* The fetch may or may not occur; if not, it doesn't change int *. */
-	TUNABLE_INT_FETCH("security.mac.sebsd.enforcing",
-	    &selinux_enforcing);
+	TUNABLE_INT_FETCH("security.mac.sebsd.enforcing", &selinux_enforcing);
 }
 
 #if 0
@@ -525,6 +522,9 @@
                security_class_t tclass, access_vector_t requested,
                struct av_decision *avd, int result, struct avc_audit_data *a)
 {
+#ifdef __APPLE__
+	struct proc *curproc = current_proc();
+#endif
 	struct proc *tsk = curproc;
 	access_vector_t denied, audited;
 
@@ -560,6 +560,7 @@
 		case AVC_AUDIT_DATA_IPC:
 			printk(" key=%d", a->u.ipc_id);
 			break;
+#ifdef CAPABILITIES
 		case AVC_AUDIT_DATA_CAP:
 		{
 			const char *capt = capv_to_text (a->u.cap);
@@ -569,14 +570,23 @@
 				printk(" capability=%s", capv_to_text (a->u.cap));
 		}
 			break;
+#endif
 		case AVC_AUDIT_DATA_FS:
 			if (a->u.fs.vp) {
 				struct vnode *vp = a->u.fs.vp;
 				struct vattr va;
+#ifdef __APPLE__
+				struct proc *curproc = current_proc();
+				if (VOP_ISLOCKED(vp) &&
+				    !VOP_GETATTR(vp, &va,
+						 curproc->p_ucred,
+						 curproc)) {
+#else
 				if (VOP_ISLOCKED(vp, curthread) &&
 				    !VOP_GETATTR(vp, &va,
 						 curthread->td_ucred,
 						 curthread)) {
+#endif
 					printf(" inode=%ld, mountpoint=%s, ",
 					    va.va_fileid, 
 					    vp->v_mount->mnt_stat.f_mntonname);

==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/avc/avc.h#3 (text+ko) ====

@@ -6,15 +6,19 @@
 #ifndef _SELINUX_AVC_H_
 #define _SELINUX_AVC_H_
 
-#ifdef _KERNEL
+#if defined(_KERNEL) || defined(KERNEL)
 #include <sys/malloc.h>
 #include <sys/lock.h>
+#ifndef __APPLE__
 #include <sys/mutex.h>
+#endif
 #else /* _KERNEL */
 #include <unistd.h>
 #endif /* _KERNEL */
 
+#ifdef CAPABILITIES
 #include <sys/capability.h>
+#endif
 
 #include <security/sebsd/flask.h>
 #include <security/sebsd/sebsd.h>
@@ -65,15 +69,21 @@
 			u16 port;
 			u32 daddr;
 		} net;
+#ifdef CAPABILITIES
 		cap_value_t cap;
+#endif
 		int ipc_id;
 	} u;
 };
 
 /* Initialize an AVC audit data structure. */
+#ifdef __APPLE__
 #define AVC_AUDIT_DATA_INIT(_d,_t) \
+        { bzero((_d), sizeof(struct avc_audit_data)); (_d)->type = AVC_AUDIT_DATA_##_t; }
+#else
+#define AVC_AUDIT_DATA_INIT(_d,_t) \
         { memset((_d), 0, sizeof(struct avc_audit_data)); (_d)->type = AVC_AUDIT_DATA_##_t; }
-
+#endif
 /*
  * AVC statistics
  */

==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/ss/context.h#3 (text+ko) ====

@@ -88,7 +88,7 @@
 
 static inline void context_init(struct context *c)
 {
-	memset(c, 0, sizeof(*c));
+	bzero(c, sizeof(*c));
 }
 
 static inline int context_cpy(struct context *dst, struct context *src)

==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/ss/ebitmap.h#3 (text+ko) ====

@@ -14,12 +14,16 @@
 #ifndef _SS_EBITMAP_H_
 #define _SS_EBITMAP_H_
 
+#ifdef __APPLE__
+#include <sys/systm.h>
+#else
 #ifdef _KERNEL
 #include <sys/libkern.h>
 #else
 #include <stdlib.h>
 #include <stdio.h>
 #endif
+#endif
 
 #include <security/sebsd/linux-compat.h>
 
@@ -43,7 +47,7 @@
 
 static inline void ebitmap_init(struct ebitmap *e)
 {
-	memset(e, 0, sizeof(*e));
+	bzero(e, sizeof(*e));
 }
 
 int ebitmap_cmp(struct ebitmap *e1, struct ebitmap *e2);
@@ -55,7 +59,7 @@
 void ebitmap_destroy(struct ebitmap *e);
 int ebitmap_read(struct ebitmap *e, void *fp);
 
-#if !defined(__KERNEL__) && !defined(_KERNEL)
+#if !defined(__KERNEL__) && !defined(_KERNEL) && !defined(KERNEL)
 int ebitmap_write(struct ebitmap * e, FILE * fp);
 #endif
 

==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/ss/global.h#3 (text+ko) ====

@@ -23,7 +23,7 @@
  */
 #include <sys/malloc.h>
 
-#ifdef _KERNEL
+#if defined(_KERNEL) || defined(KERNEL)
 #define sebsd_malloc(a,b,c) malloc(a,b,c)
 #define sebsd_free(a,b) free(a,b)
 #else /* _KERNEL */

==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/ss/init.c#3 (text+ko) ====

@@ -14,7 +14,9 @@
 #include <sys/kernel.h>
 #include <sys/malloc.h>
 #include <sys/systm.h>
+#ifndef __APPLE__
 #include <sys/linker.h>
+#endif
 
 #include <security/sebsd/linux-compat.h>
 #include <security/sebsd/sebsd.h>
@@ -36,6 +38,10 @@
 
 	printf("security:  starting up (compiled " __DATE__ ")\n");
 
+#ifndef __APPLE__
+/* 
+ * TBD: No way to load policy on Darwin (yet)
+ */
 	lh = preload_search_by_type ("sebsd_policy");
 	if (lh == NULL)
 		goto loaderr;
@@ -56,6 +62,7 @@
 		printf("security:  error while reading policy, cannot initialize.\n");
 		return EINVAL;
 	}
+#endif
 
 	return 0;
 

==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/ss/queue.c#3 (text+ko) ====

@@ -7,7 +7,7 @@
  * Implementation of the double-ended queue type.
  */
 
-#if defined(__FreeBSD__) && defined(_KERNEL)
+#if (defined(__FreeBSD__) && defined(_KERNEL)) || defined(__APPLE__) && defined(KERNEL)
 #include <sys/param.h>
 #include <sys/conf.h>
 #include <sys/kernel.h>

==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/ss/sidtab.c#3 (text+ko) ====

@@ -7,7 +7,9 @@
 #include <sys/param.h>
 #include <sys/types.h>
 #include <sys/errno.h>
+#ifndef __APPLE__
 #include <sys/limits.h>
+#endif
 #include <sys/time.h>
 #include <security/sebsd/ss/sidtab.h>
 #include <security/sebsd/linux-compat.h>

==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/ss/sidtab.h#3 (text+ko) ====

@@ -12,7 +12,10 @@
 #include <security/sebsd/flask_types.h>
 
 #include <sys/lock.h>
+
+#ifndef __APPLE__
 #include <sys/mutex.h>
+#endif
 
 struct sidtab_node {
 	security_id_t sid;		/* security identifier */