Date: Wed, 15 Feb 2006 18:15:21 GMT From: Todd Miller <millert@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 91815 for review Message-ID: <200602151815.k1FIFLoI033193@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=91815 Change 91815 by millert@millert_g4tower on 2006/02/15 18:14:27 Update for new Mach message entry points. Affected files ... .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/policy/macros/global_macros.te#5 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/policy/rules#7 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/policy/macros/global_macros.te#5 (text+ko) ==== @@ -1219,28 +1219,28 @@ ##### define(`allow_mach_ipc', ` -allow $1 $2:mach_port { send copy_send make_send hold_send hold_recv }; -allow $2 $1:mach_port { send copy_send make_send hold_send hold_recv }; +allow $1 $2:mach_port { send copy_send move_send move_send_once make_send make_send_once hold_send hold_send_once recv hold_recv }; +allow $2 $1:mach_port { send copy_send move_send move_send_once make_send make_send_once hold_send hold_send_once recv hold_recv }; ') define(`mach_bootstrap', ` -allow $1 $2:mach_port { send copy_send make_send hold_send hold_recv }; +allow $1 $2:mach_port { send copy_send move_send move_send_once make_send make_send_once hold_send hold_send_once recv hold_recv }; allow $1 $2:mi_bootstrap { bootstrap_look_up bootstrap_look_up_array }; -allow mach_init_d $1:mach_port { send copy_send hold_send hold_recv }; +allow mach_init_d $1:mach_port { send copy_send move_send move_send_once hold_send hold_send_once recv hold_recv }; ') define(`mach_bootstrap_register', ` allow $1 $2:mi_bootstrap *; -allow $1 $2:mach_port { send copy_send hold_send hold_recv }; -allow mach_init_d $1:mach_port { send copy_send hold_send hold_recv }; +allow $1 $2:mach_port { send copy_send move_send move_send_once hold_send hold_send_once recv hold_recv }; +allow mach_init_d $1:mach_port { send copy_send move_send move_send_once hold_send hold_send_once recv hold_recv }; ') define(`allow_notify_ipc', ` allow $1 mach_init_d:mi_notify_ipc *; allow $1 notifyd_d:mi_notify_ipc *; allow notifyd_d $1:mi_notify_ipc *; -allow $1 notifyd_d:mach_port { send copy_send hold_send hold_recv }; -allow notifyd_d $1:mach_port { send copy_send hold_send hold_recv }; +allow $1 notifyd_d:mach_port { send copy_send move_send move_send_once hold_send hold_send_once recv hold_recv }; +allow notifyd_d $1:mach_port { send copy_send move_send move_send_once hold_send hold_send_once recv hold_recv }; ') ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/policy/rules#7 (text+ko) ==== @@ -167,13 +167,13 @@ type_change user_d devpts_t:chr_file user_devpts_t; -allow domain2 self:mach_port { send make_send copy_send hold_send move_recv hold_recv }; -allow domain2 kernel_d:mach_port { send make_send copy_send hold_send }; +allow domain2 self:mach_port { send make_send make_send_once copy_send move_send move_send_once hold_send hold_send_once recv move_recv hold_recv }; +allow domain2 kernel_d:mach_port { send make_send make_send_once copy_send move_send move_send_once hold_send hold_send_once }; allow domain2 self:mach_task set_special_port; allow domain2 self:mi_bootstrap { bootstrap_look_up }; allow domain2 root_t:dir { search getattr read }; allow domain2 self:process getsched; -allow kernel_d domain2:mach_port { send make_send copy_send hold_send }; +allow kernel_d domain2:mach_port { send make_send make_send_once copy_send move_send move_send_once hold_send hold_send_once }; allow domain2 file:{file lnk_file sock_file fifo_file} {create_file_perms execute }; allow domain2 file:file execute_no_trans; @@ -246,7 +246,7 @@ allow mach_init_d mach_init_d:mach_port relabelfrom; allow mach_init_d boot_names_t:mach_port relabelto; allow mach_init_d {loginwindow_d windowserver_d}:mach_port relabelto; -allow mach_init_d user_names_t:mach_port { copy_send hold_send relabelto }; +allow mach_init_d user_names_t:mach_port { copy_send move_send move_send_once hold_send hold_send_once relabelto }; allow_mach_ipc(systemstarter_d,unlabeled_t); allow_mach_ipc(systemstarter_d,boot_names_t); @@ -311,8 +311,8 @@ #diskarbitrationd rules mach_bootstrap(diskarbitrationd_d,mach_init_d); #allow diskarbitrationd_d notifyd_d:mi_notify_ipc { _notify_server_register_check _notify_server_register_mach_port }; -#allow notifyd_d diskarbitrationd_d:mach_port { copy_send hold_send }; -#allow diskarbitrationd_d notifyd_d:mach_port { copy_send hold_send }; +#allow notifyd_d diskarbitrationd_d:mach_port { copy_send move_send move_send_once hold_send hold_send_once }; +#allow diskarbitrationd_d notifyd_d:mach_port { copy_send move_send move_send_once hold_send hold_send_once }; allow_notify_ipc(diskarbitrationd_d); allow_mach_ipc(diskarbitrationd_d,unlabeled_t); allow_mach_ipc(diskarbitrationd_d,mach_servers_d); @@ -425,7 +425,7 @@ allow_mach_ipc($1,lookupd_d); allow_mach_ipc(pbs_d,$1); -allow pbs_d $1:mach_port { send copy_send hold_send }; +allow pbs_d $1:mach_port { send copy_send move_send move_send_once hold_send hold_send_once }; mach_bootstrap_register(pbs_d,$2); mach_bootstrap(pbs_d,$2); @@ -439,4 +439,4 @@ bool lookups false; if (lookups) { allow user_d {mach_init_d init_d systemstarter_d loginwindow_d user_d}:mi_bootstrap bootstrap_info; -}+}
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200602151815.k1FIFLoI033193>