From owner-p4-projects@FreeBSD.ORG Tue May 16 19:08:30 2006 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 50EC216A86E; Tue, 16 May 2006 19:08:30 +0000 (UTC) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9A6B916A7FD for ; Tue, 16 May 2006 19:08:29 +0000 (UTC) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id A364A43D69 for ; Tue, 16 May 2006 19:08:19 +0000 (GMT) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id k4GJ824L075640 for ; Tue, 16 May 2006 19:08:02 GMT (envelope-from millert@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.6/8.13.4/Submit) id k4GJ80gx075629 for perforce@freebsd.org; Tue, 16 May 2006 19:08:00 GMT (envelope-from millert@freebsd.org) Date: Tue, 16 May 2006 19:08:00 GMT Message-Id: <200605161908.k4GJ80gx075629@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to millert@freebsd.org using -f From: Todd Miller To: Perforce Change Reviews Cc: Subject: PERFORCE change 97281 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 May 2006 19:08:34 -0000 http://perforce.freebsd.org/chv.cgi?CH=97281 Change 97281 by millert@millert_p4 on 2006/05/16 19:07:51 A port of libselinux 1.30 from sourceforge. Affected files ... .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/ChangeLog#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/LICENSE#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/Makefile#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/VERSION#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/include/Makefile#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/include/selinux/av_inherit.h#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/include/selinux/av_perm_to_string.h#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/include/selinux/av_permissions.h#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/include/selinux/avc.h#3 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/include/selinux/class_to_string.h#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/include/selinux/common_perm_to_string.h#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/include/selinux/context.h#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/include/selinux/flask.h#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/include/selinux/get_context_list.h#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/include/selinux/get_default_type.h#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/include/selinux/selinux.h#4 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/libselinux.spec#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/Makefile#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/avc_add_callback.3#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/avc_audit.3#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/avc_av_stats.3#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/avc_cache_stats.3#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/avc_cleanup.3#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/avc_context_to_sid.3#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/avc_destroy.3#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/avc_entry_ref_init.3#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/avc_has_perm.3#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/avc_has_perm_noaudit.3#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/avc_init.3#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/avc_reset.3#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/avc_sid_stats.3#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/avc_sid_to_context.3#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/checkPasswdAccess.3#1 add .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/context_free.3#1 add .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/context_new.3#1 add .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/context_range_get.3#1 add .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/context_range_set.3#1 add .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/context_role_get.3#1 add .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/context_role_set.3#1 add .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/context_type_get.3#1 add .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/context_type_set.3#1 add .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/context_user_get.3#1 add .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/context_user_set.3#1 add .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/freecon.3#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/freeconary.3#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/fsetfilecon.3#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/get_default_context.3#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/get_default_context_with_level.3#1 add .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/get_default_context_with_role.3#1 add .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/get_default_context_with_rolelevel.3#1 add .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/get_ordered_context_list.3#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/get_ordered_context_list_with_level.3#1 add .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/getcon.3#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/getexeccon.3#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/getfilecon.3#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/getfscreatecon.3#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/getpeercon.3#1 add .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/getpidcon.3#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/getprevcon.3#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/getseuserbyname.3#1 add .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/is_context_customizable.3#1 add .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/is_selinux_enabled.3#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/lsetfilecon.3#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/manual_user_enter_context.3#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/matchmediacon.3#1 add .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/matchpathcon.3#1 add .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/query_user_context.3#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/rpm_execcon.3#1 add .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/security_check_context.3#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/security_commit_booleans.3#1 add .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/security_compute_av.3#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/security_compute_create.3#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/security_compute_relabel.3#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/security_compute_user.3#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/security_get_boolean_active.3#1 add .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/security_get_boolean_names.3#1 add .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/security_get_boolean_pending.3#1 add .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/security_getenforce.3#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/security_load_booleans.3#1 add .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/security_load_policy.3#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/security_policyvers.3#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/security_set_boolean.3#1 add .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/security_setenforce.3#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/selinux_binary_policy_path.3#1 add .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/selinux_booleans_path.3#1 add .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/selinux_contexts_path.3#1 add .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/selinux_default_context_path.3#1 add .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/selinux_failsafe_context_path.3#1 add .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/selinux_file_context_path.3#1 add .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/selinux_getenforcemode.3#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/selinux_media_context_path.3#1 add .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/selinux_policy_root.3#1 add .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/selinux_policyroot.3#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/selinux_removable_context_path.3#1 add .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/selinux_user_contexts_path.3#1 add .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/set_matchpathcon_printf.3#1 add .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/setcon.3#1 add .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/setexeccon.3#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/setfilecon.3#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/setfscreatecon.3#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/sidget.3#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/sidput.3#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man8/avcstat.8#1 add .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man8/booleans.8#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man8/getenforce.8#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man8/getsebool.8#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man8/matchpathcon.8#1 add .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man8/selinux.8#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man8/selinuxenabled.8#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man8/setenforce.8#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man8/setsebool.8#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man8/togglesebool.8#1 add .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/Makefile#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/av_inherit.h#1 add .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/av_perm_to_string.h#1 add .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/avc.c#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/avc_internal.c#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/avc_internal.h#3 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/avc_sidtab.c#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/avc_sidtab.h#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/booleans.c#3 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/canonicalize_context.c#1 add .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/checkAccess.c#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/check_context.c#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/class_to_string.h#1 add .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/common_perm_to_string.h#1 add .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/compat_file_path.h#1 add .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/compute_av.c#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/compute_create.c#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/compute_member.c#1 add .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/compute_relabel.c#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/compute_user.c#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/context.c#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/context_internal.h#1 add .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/disable.c#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/dso.h#1 add .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/enabled.c#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/fgetfilecon.c#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/file_path_suffixes.h#1 add .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/freecon.c#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/freeconary.c#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/fsetfilecon.c#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/get_context_list.c#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/get_context_list_internal.h#1 add .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/get_default_type.c#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/get_default_type_internal.h#1 add .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/getcon.c#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/getenforce.c#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/getexeccon.c#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/getfilecon.c#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/getfscreatecon.c#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/getpeercon.c#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/getpidcon.c#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/getprevcon.c#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/helpers.c#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/init.c#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/is_customizable_type.c#1 add .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/lgetfilecon.c#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/load_policy.c#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/lsetfilecon.c#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/matchmediacon.c#1 add .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/matchpathcon.c#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/policy.h#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/policyvers.c#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/query_user_context.c#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/rpm.c#1 add .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/sebsd_config.c#1 add .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/sebsd_config.c.NEW#1 add .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/selinux.py#1 add .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/selinux_config.c#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/selinux_internal.h#1 add .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/selinux_netlink.h#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/selinuxswig.i#1 add .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/selinuxswig_wrap.c#1 add .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/setcon.c#1 add .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/setenforce.c#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/setexeccon.c#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/setfilecon.c#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/setfscreatecon.c#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/seusers.c#1 add .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/trans.c#1 add .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/utils/Makefile#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/utils/avcstat.c#1 add .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/utils/compute_av.c#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/utils/compute_create.c#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/utils/compute_member.c#1 add .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/utils/compute_relabel.c#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/utils/compute_user.c#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/utils/deftype.c#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/utils/execcon.c#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/utils/getcon.c#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/utils/getconlist.c#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/utils/getenforce.c#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/utils/getenforcemode.c#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/utils/getfilecon.c#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/utils/getpidcon.c#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/utils/getsebool.c#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/utils/getseuser.c#1 add .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/utils/matchpathcon.c#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/utils/mkdircon.c#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/utils/policyvers.c#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/utils/selinuxconfig.c#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/utils/selinuxdisable.c#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/utils/selinuxenabled.c#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/utils/setenforce.c#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/utils/setfilecon.c#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/utils/setsebool.c#2 edit .. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/utils/togglesebool.c#2 edit Differences ... ==== //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/ChangeLog#2 (text+ko) ==== @@ -1,3 +1,359 @@ +1.30 2006-03-14 + * Updated version for release. + +1.29.8 2006-02-27 + * Altered rpm_execcon fallback logic for permissive mode to also + handle case where /selinux/enforce is not available. + +1.29.7 2006-01-20 + * Merged install-pywrap Makefile patch from Joshua Brindle. + +1.29.6 2006-01-18 + * Merged pywrap Makefile patch from Dan Walsh. + +1.29.5 2006-01-11 + * Added getseuser test program. + +1.29.4 2006-01-06 + * Added format attribute to myprintf in matchpathcon.c and + removed obsoleted rootlen variable in init_selinux_config(). + +1.29.3 2006-01-04 + * Merged several fixes and improvements from Ulrich Drepper + (Red Hat), including: + - corrected use of getline + - further calls to __fsetlocking for local files + - use of strdupa and asprintf + - proper handling of dirent in booleans code + - use of -z relro + - several other optimizations + * Merged getpidcon python wrapper from Dan Walsh (Red Hat). + +1.29.2 2005-12-14 + * Merged call to finish_context_translations from Dan Walsh. + This eliminates a memory leak from failing to release memory + allocated by libsetrans. + +1.29.1 2005-12-08 + * Merged patch for swig interfaces from Dan Walsh. + +1.28 2005-12-07 + * Updated version for release. + +1.27.28 2005-12-01 + * Added MATCHPATHCON_VALIDATE flag for set_matchpathcon_flags() and + modified matchpathcon implementation to make context validation/ + canonicalization optional at matchpathcon_init time, deferring it + to a successful matchpathcon by default unless the new flag is set + by the caller. + +1.27.27 2005-12-01 + * Added matchpathcon_init_prefix() interface, and + reworked matchpathcon implementation to support selective + loading of file contexts entries based on prefix matching + between the pathname regex stems and the specified path + prefix (stem must be a prefix of the specified path prefix). + +1.27.26 2005-11-29 + * Merged getsebool patch from Dan Walsh. + +1.27.25 2005-11-29 + * Added -f file_contexts option to matchpathcon util. + Fixed warning message in matchpathcon_init(). + +1.27.24 2005-11-29 + * Merged Makefile python definitions patch from Dan Walsh. + +1.27.23 2005-11-28 + * Merged swigify patch from Dan Walsh. + +1.27.22 2005-11-15 + * Merged make failure in rpm_execcon non-fatal in permissive mode + patch from Ivan Gyurdiev. + +1.27.21 2005-11-08 + * Added MATCHPATHCON_NOTRANS flag for set_matchpathcon_flags() + and modified matchpathcon_init() to skip context translation + if it is set by the caller. + +1.27.20 2005-11-07 + * Added security_canonicalize_context() interface and + set_matchpathcon_canoncon() interface for obtaining + canonical contexts. Changed matchpathcon internals + to obtain canonical contexts by default. Provided + fallback for kernels that lack extended selinuxfs context + interface. + +1.27.19 2005-11-04 + * Merged seusers parser changes from Ivan Gyurdiev. + * Merged setsebool to libsemanage patch from Ivan Gyurdiev. + * Changed seusers parser to reject empty fields. + +1.27.18 2005-11-03 + * Merged seusers empty level handling patch from Jonathan Kim (TCS). + +1.27.17 2005-10-27 + * Changed default entry for seusers to use __default__ to avoid + ambiguity with users named "default". + +1.27.16 2005-10-27 + * Fixed init_selinux_config() handling of missing /etc/selinux/config + or missing SELINUXTYPE= definition. + * Merged selinux_translations_path() patch from Dan Walsh. + +1.27.15 2005-10-25 + * Added hidden_proto/def for get_default_context_with_role. + +1.27.14 2005-10-25 + * Merged selinux_path() and selinux_homedir_context_path() + functions from Joshua Brindle. + +1.27.13 2005-10-19 + * Merged fixes for make DESTDIR= builds from Joshua Brindle. + +1.27.12 2005-10-18 + * Merged get_default_context_with_rolelevel and man pages from + Dan Walsh (Red Hat). + +1.27.11 2005-10-18 + * Updated call to sepol_policydb_to_image for sepol changes. + +1.27.10 2005-10-17 + * Changed getseuserbyname to ignore empty lines and to handle + no matching entry in the same manner as no seusers file. + +1.27.9 2005-10-13 + * Changed selinux_mkload_policy to try downgrading the + latest policy version available to the kernel-supported version. + +1.27.8 2005-10-11 + * Changed selinux_mkload_policy to fall back to the maximum + policy version supported by libsepol if the kernel policy version + falls outside of the supported range. + +1.27.7 2005-10-06 + * Changed getseuserbyname to fall back to the Linux username and + NULL level if seusers config file doesn't exist unless + REQUIRESEUSERS=1 is set in /etc/selinux/config. + * Moved seusers.conf under $SELINUXTYPE and renamed to seusers. + +1.27.6 2005-10-06 + * Added selinux_init_load_policy() function as an even higher level + interface for the initial policy load by /sbin/init. This obsoletes + the load_policy() function in the sysvinit-selinux.patch. + +1.27.5 2005-10-06 + * Added selinux_mkload_policy() function as a higher level interface + for loading policy than the security_load_policy() interface. + +1.27.4 2005-10-05 + * Merged fix for matchpathcon (regcomp error checking) from Johan + Fischer. Also added use of regerror to obtain the error string + for inclusion in the error message. + +1.27.3 2005-10-03 + * Changed getseuserbyname to not require (and ignore if present) + the MLS level in seusers.conf if MLS is disabled, setting *level + to NULL in this case. + +1.27.2 2005-09-30 + * Merged getseuserbyname patch from Dan Walsh. + +1.27.1 2005-09-19 + * Merged STRIP_LEVEL patch for matchpathcon from Dan Walsh. + This allows file_contexts with MLS fields to be processed on + non-MLS-enabled systems with policies that are otherwise + identical (e.g. same type definitions). + * Merged get_ordered_context_list_with_level() function from + Dan Walsh, and added get_default_context_with_level(). + This allows MLS level selection for users other than the + default level. + +1.26 2005-09-06 + * Updated version for release. + +1.25.7 2005-09-01 + * Merged modified form of patch to avoid dlopen/dlclose by + the static libselinux from Dan Walsh. Users of the static libselinux + will not have any context translation by default. + +1.25.6 2005-08-31 + * Added public functions to export context translation to + users of libselinux (selinux_trans_to_raw_context, + selinux_raw_to_trans_context). + +1.25.5 2005-08-26 + * Remove special definition for context_range_set; use + common code. + +1.25.4 2005-08-25 + * Hid translation-related symbols entirely and ensured that + raw functions have hidden definitions for internal use. + * Allowed setting NULL via context_set* functions. + * Allowed whitespace in MLS component of context. + * Changed rpm_execcon to use translated functions to workaround + lack of MLS level on upgraded systems. + +1.25.3 2005-08-23 + * Merged context translation patch, originally by TCS, + with modifications by Dan Walsh (Red Hat). + +1.25.2 2005-08-11 + * Merged several fixes for error handling paths in the + AVC sidtab, matchpathcon, booleans, context, and get_context_list + code from Serge Hallyn (IBM). Bugs found by Coverity. + +1.25.1 2005-08-10 + * Removed setupns; migrated to pam. + * Merged patches to rename checkPasswdAccess() from Joshua Brindle. + Original symbol is temporarily retained for compatibility until + all callers are updated. + +1.24 2005-06-20 + * Updated version for release. + +1.23.12 2005-06-13 + * Merged security_setupns() from Chad Sellers. + +1.23.11 2005-05-19 + * Merged avcstat and selinux man page from Dan Walsh. + * Changed security_load_booleans to process booleans.local + even if booleans file doesn't exist. + +1.23.10 2005-04-29 + * Merged set_selinuxmnt patch from Bill Nottingham (Red Hat). + +1.23.9 2005-04-26 + * Rewrote get_ordered_context_list and helpers, including + changing logic to allow variable MLS fields. + +1.23.8 2005-04-25 + * Merged matchpathcon and man page patch from Dan Walsh. + +1.23.7 2005-04-12 + * Changed boolean functions to return -1 with errno ENOENT + rather than assert on a NULL selinux_mnt (i.e. selinuxfs not + mounted). + +1.23.6 2005-04-08 + * Fixed bug in matchpathcon_filespec_destroy. + +1.23.5 2005-04-05 + * Fixed bug in rpm_execcon error handling path. + +1.23.4 2005-04-04 + * Merged fix for set_matchpathcon* functions from Andreas Steinmetz. + * Merged fix for getconlist utility from Andreas Steinmetz. + +1.23.3 2005-03-29 + * Merged security_set_boolean_list patch from Dan Walsh. + This introduces booleans.local support for setsebool. + +1.23.2 2005-03-17 + * Merged destructors patch from Tomas Mraz. + +1.23.1 2005-03-16 + * Added set_matchpathcon_flags() function for setting flags + controlling operation of matchpathcon. MATCHPATHCON_BASEONLY + means only process the base file_contexts file, not + file_contexts.homedirs or file_contexts.local, and is for use by + setfiles -c. + * Updated matchpathcon.3 man page. + +1.22 2005-03-09 + * Updated version for release. + +1.21.13 2005-03-08 + * Fixed bug in matchpathcon_filespec_add() - failure to clear fl_head. + +1.21.12 2005-03-01 + * Changed matchpathcon_common to ignore any non-format bits in the mode. + +1.21.11 2005-02-22 + * Merged several fixes from Ulrich Drepper. + +1.21.10 2005-02-17 + * Merged matchpathcon patch for file_contexts.homedir from Dan Walsh. + * Added selinux_users_path() for path to directory containing + system.users and local.users. + +1.21.9 2005-02-09 + * Changed relabel Makefile target to use restorecon. + +1.21.8 2005-02-07 + * Regenerated av_permissions.h. + +1.21.7 2005-02-01 + * Modified avc_dump_av to explicitly check for any permissions that + cannot be mapped to string names and display them as a hex value. + +1.21.6 2005-01-31 + * Regenerated av_permissions.h. + +1.21.5 2005-01-28 + * Generalized matchpathcon internals, exported more interfaces, + and moved additional code from setfiles into libselinux so that + setfiles can directly use matchpathcon. + +1.21.4 2005-01-27 + * Prevent overflow of spec array in matchpathcon. + +1.21.3 2005-01-26 + * Fixed several uses of internal functions to avoid relocations. + * Changed rpm_execcon to check is_selinux_enabled() and fallback to + a regular execve if not enabled (or unable to determine due to a lack + of /proc, e.g. chroot'd environment). + + +1.21.2 2005-01-24 + * Merged minor fix for avcstat from Dan Walsh. + +1.21.1 2005-01-19 + * Merged patch from Dan Walsh, including: + - new is_context_customizable function + - changed matchpathcon to also use file_contexts.local if present + - man page cleanups + +1.20 2005-01-04 + * Changed matchpathcon to return -1 with errno ENOENT for + <> entries, and also for an empty file_contexts configuration. + * Removed some trivial utils that were not useful or redundant. + * Changed BINDIR default to /usr/sbin to match change in Fedora. + * Added security_compute_member. + * Added man page for setcon. + * Merged more man pages from Dan Walsh. + * Merged avcstat from James Morris. + * Merged build fix for mips from Manoj Srivastava. + * Merged C++ support from John Ramsdell of MITRE. + * Merged setcon() function from Darrel Goeddel of TCS. + * Merged setsebool/togglesebool enhancement from Steve Grubb. + * Merged cleanup patches from Steve Grubb. + +1.18 2004-11-01 + * Merged cleanup patches from Steve Grubb. + * Added rpm_execcon. + * Merged setenforce and removable context patch from Dan Walsh. + * Merged build fix for alpha from Ulrich Drepper. + * Removed copyright/license from selinux_netlink.h - definitions only. + * Merged matchmediacon from Dan Walsh. + * Regenerated headers for new nscd permissions. + * Added get_default_context_with_role. + * Added set_matchpathcon_printf. + * Reworked av_inherit.h to allow easier re-use by kernel. + * Changed avc_has_perm_noaudit to not fail on netlink errors. + * Changed avc netlink code to check pid based on patch by Steve Grubb. + * Merged second optimization patch from Ulrich Drepper. + * Changed matchpathcon to skip invalid file_contexts entries. + * Made string tables private to libselinux. + * Merged strcat->stpcpy patch from Ulrich Drepper. + * Merged matchpathcon man page from Dan Walsh. + * Merged patch to eliminate PLTs for local syms from Ulrich Drepper. + * Autobind netlink socket. + * Dropped compatibility code from security_compute_user. + * Merged fix for context_range_set from Chad Hanson. + * Merged allocation failure checking patch from Chad Hanson. + * Merged avc netlink error message patch from Colin Walters. + 1.16 2004-08-19 * Regenerated headers for nscd class. * Merged man pages from Dan Walsh. ==== //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/LICENSE#2 (text+ko) ==== ==== //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/Makefile#2 (text+ko) ==== @@ -2,13 +2,20 @@ $(MAKE) -C src $(MAKE) -C utils +pywrap: + $(MAKE) -C src pywrap + install: $(MAKE) -C include install $(MAKE) -C src install $(MAKE) -C utils install $(MAKE) -C man install -relabel: +install-pywrap: + $(MAKE) -C src install-pywrap + +relabel: + $(MAKE) -C src relabel clean: $(MAKE) -C src clean ==== //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/VERSION#2 (text+ko) ==== @@ -1,1 +1,1 @@ -1.16 +1.30 ==== //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/include/Makefile#2 (text+ko) ==== ==== //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/include/selinux/av_inherit.h#2 (text+ko) ==== ==== //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/include/selinux/av_perm_to_string.h#2 (text+ko) ==== ==== //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/include/selinux/av_permissions.h#2 (text+ko) ==== @@ -1,6 +1,4 @@ /* This file is automatically generated. Do not edit. */ -/* FLASK */ - #define COMMON_FILE__IOCTL 0x00000001UL #define COMMON_FILE__READ 0x00000002UL #define COMMON_FILE__WRITE 0x00000004UL @@ -107,6 +105,7 @@ #define FILE__EXECUTE_NO_TRANS 0x00020000UL #define FILE__ENTRYPOINT 0x00040000UL +#define FILE__EXECMOD 0x00080000UL #define LNK_FILE__IOCTL 0x00000001UL #define LNK_FILE__READ 0x00000002UL @@ -144,6 +143,10 @@ #define CHR_FILE__QUOTAON 0x00008000UL #define CHR_FILE__MOUNTON 0x00010000UL +#define CHR_FILE__EXECUTE_NO_TRANS 0x00020000UL +#define CHR_FILE__ENTRYPOINT 0x00040000UL +#define CHR_FILE__EXECMOD 0x00080000UL + #define BLK_FILE__IOCTL 0x00000001UL #define BLK_FILE__READ 0x00000002UL #define BLK_FILE__WRITE 0x00000004UL @@ -458,6 +461,9 @@ #define PROCESS__SIGINH 0x00100000UL #define PROCESS__SETRLIMIT 0x00200000UL #define PROCESS__RLIMITINH 0x00400000UL +#define PROCESS__DYNTRANSITION 0x00800000UL +#define PROCESS__SETCURRENT 0x01000000UL +#define PROCESS__EXECMEM 0x02000000UL #define IPC__CREATE 0x00000001UL #define IPC__DESTROY 0x00000002UL @@ -515,6 +521,7 @@ #define SECURITY__COMPUTE_USER 0x00000040UL #define SECURITY__SETENFORCE 0x00000080UL #define SECURITY__SETBOOL 0x00000100UL +#define SECURITY__SETSECPARAM 0x00000200UL #define SYSTEM__IPC_INFO 0x00000001UL #define SYSTEM__SYSLOG_READ 0x00000002UL @@ -550,6 +557,8 @@ #define CAPABILITY__SYS_TTY_CONFIG 0x04000000UL #define CAPABILITY__MKNOD 0x08000000UL #define CAPABILITY__LEASE 0x10000000UL +#define CAPABILITY__AUDIT_WRITE 0x20000000UL +#define CAPABILITY__AUDIT_CONTROL 0x40000000UL #define PASSWD__PASSWD 0x00000001UL #define PASSWD__CHFN 0x00000002UL @@ -887,6 +896,10 @@ #define NSCD__GETHOST 0x00000004UL #define NSCD__GETSTAT 0x00000008UL #define NSCD__ADMIN 0x00000010UL +#define NSCD__SHMEMPWD 0x00000020UL +#define NSCD__SHMEMGRP 0x00000040UL +#define NSCD__SHMEMHOST 0x00000080UL +#define ASSOCIATION__SENDTO 0x00000001UL +#define ASSOCIATION__RECVFROM 0x00000002UL -/* FLASK */ ==== //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/include/selinux/avc.h#3 (text+ko) ==== @@ -11,6 +11,10 @@ #include #include +#ifdef __cplusplus +extern "C" +{ +#endif /* * SID format and operations @@ -362,4 +366,8 @@ */ void avc_sid_stats(void); +#ifdef __cplusplus +} +#endif + #endif /* _SELINUX_AVC_H_ */ ==== //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/include/selinux/class_to_string.h#2 (text+ko) ==== ==== //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/include/selinux/common_perm_to_string.h#2 (text+ko) ==== ==== //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/include/selinux/context.h#2 (text+ko) ==== @@ -1,6 +1,11 @@ #ifndef _SELINUX_CONTEXT_H_ #define _SELINUX_CONTEXT_H_ +#ifdef __cplusplus +extern "C" +{ +#endif + /* * Functions to deal with security contexts in user space. */ @@ -40,4 +45,8 @@ extern int context_role_set(context_t,const char*); extern int context_user_set(context_t,const char*); +#ifdef __cplusplus +} +#endif + #endif ==== //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/include/selinux/flask.h#2 (text+ko) ==== @@ -58,6 +58,7 @@ #define SECCLASS_NETLINK_DNRT_SOCKET 51 #define SECCLASS_DBUS 52 #define SECCLASS_NSCD 53 +#define SECCLASS_ASSOCIATION 54 /* * Security identifier indices for initial entities ==== //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/include/selinux/get_context_list.h#2 (text+ko) ==== @@ -3,6 +3,11 @@ #include +#ifdef __cplusplus +extern "C" +{ +#endif + #define SELINUX_DEFAULTUSER "user_u" /* Get an ordered list of authorized security contexts for a user session @@ -16,6 +21,13 @@ security_context_t fromcon, security_context_t **list); +/* As above, but use the provided MLS level rather than the + default level for the user. */ +int get_ordered_context_list_with_level (const char *user, + const char *level, + security_context_t fromcon, + security_context_t **list); + /* Get the default security context for a user session for 'user' spawned by 'fromcon' and set *newcon to refer to it. The context will be one of those authorized by the policy, but the selection @@ -27,6 +39,30 @@ security_context_t fromcon, security_context_t *newcon); +/* As above, but use the provided MLS level rather than the + default level for the user. */ +int get_default_context_with_level(const char *user, + const char *level, + security_context_t fromcon, + security_context_t *newcon); + +/* Same as get_default_context, but only return a context + that has the specified role. If no reachable context exists + for the user with that role, then return -1. */ +int get_default_context_with_role(const char* user, + const char *role, + security_context_t fromcon, + security_context_t *newcon); + +/* Same as get_default_context, but only return a context + that has the specified role and level. If no reachable context exists + for the user with that role, then return -1. */ +int get_default_context_with_rolelevel(const char* user, + const char *level, + const char *role, + security_context_t fromcon, + security_context_t *newcon); + /* Given a list of authorized security contexts for the user, query the user to select one and set *newcon to refer to it. Caller must free via freecon. @@ -41,4 +77,8 @@ extern int manual_user_enter_context(const char *user, security_context_t *newcon); +#ifdef __cplusplus +} +#endif + #endif ==== //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/include/selinux/get_default_type.h#2 (text+ko) ==== @@ -5,12 +5,21 @@ #ifndef _SELINUX_GET_DEFAULT_TYPE_H_ #define _SELINUX_GET_DEFAULT_TYPE_H_ +#ifdef __cplusplus +extern "C" +{ +#endif + /* Return path to default type file. */ -char *selinux_default_type_path(void); +const char *selinux_default_type_path(void); /* Get the default type (domain) for 'role' and set 'type' to refer to it. Caller must free via free(). Return 0 on success or -1 otherwise. */ int get_default_type (const char* role, char** type); +#ifdef __cplusplus +} +#endif + #endif /* ifndef _GET_DEFAULT_TYPE_H_ */ ==== //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/include/selinux/selinux.h#4 (text+ko) ==== @@ -2,17 +2,20 @@ #define _SELINUX_H_ #include +#include -#define _LINUX_FLASK_TYPES_H_ -typedef unsigned short security_class_t; -typedef unsigned int access_vector_t; -typedef char *security_context_t; +#ifdef __cplusplus +extern "C" +{ +#endif /* Return 1 if we are running on a SELinux kernel, or 0 if not or -1 if we get an error. */ extern int is_selinux_enabled(void); /* Return 1 if we are running on a SELinux MLS kernel, or 0 otherwise. */ extern int is_selinux_mls_enabled(void); +typedef char* security_context_t; + /* Free the memory allocated for a context by any of the below get* calls. */ extern void freecon(security_context_t con); @@ -24,32 +27,55 @@ /* Get current context, and set *con to refer to it. Caller must free via freecon. */ extern int getcon(security_context_t *con); +extern int getcon_raw(security_context_t *con); + +/* Set the current security context to con. + Note that use of this function requires that the entire application + be trusted to maintain any desired separation between the old and new + security contexts, unlike exec-based transitions performed via setexeccon. + When possible, decompose your application and use setexeccon()+execve() + instead. Note that the application may lose access to its open descriptors + as a result of a setcon() unless policy allows it to use descriptors opened + by the old context. */ +extern int setcon(security_context_t con); +extern int setcon_raw(security_context_t con); /* Get context of process identified by pid, and - set *con to refer to it. Caller must free via freecon. */ -extern int getpidcon(pid_t pid, security_context_t *con); + set *con to refer to it. Caller must free via freecon. + This has not been ported to SEBSD yet. */ +//extern int getpidcon(pid_t pid, security_context_t *con); +//extern int getpidcon_raw(pid_t pid, security_context_t *con); /* Get previous context (prior to last exec), and set *con to refer to it. - Caller must free via freecon. */ -extern int getprevcon(security_context_t *con); + Caller must free via freecon. + This has not been ported to SEBSD yet.*/ +//extern int getprevcon(security_context_t *con); +//extern int getprevcon_raw(security_context_t *con); /* Get exec context, and set *con to refer to it. Sets *con to NULL if no exec context has been set, i.e. using default. If non-NULL, caller must free via freecon. */ extern int getexeccon(security_context_t *con); +extern int getexeccon_raw(security_context_t *con); /* Set exec security context for the next execve. - Call with NULL if you want to reset to the default. */ -extern int setexeccon(security_context_t con); + Call with NULL if you want to reset to the default. + This is not yet supported by SEBSD. */ +//extern int setexeccon(security_context_t con); +//extern int setexeccon_raw(security_context_t con); /* Get fscreate context, and set *con to refer to it. Sets *con to NULL if no fs create context has been set, i.e. using default. - If non-NULL, caller must free via freecon. */ -extern int getfscreatecon(security_context_t *con); + If non-NULL, caller must free via freecon. + This has not been ported to SEBSD yet. */ +//extern int getfscreatecon(security_context_t *con); +//extern int getfscreatecon_raw(security_context_t *con); /* Set the fscreate security context for subsequent file creations. - Call with NULL if you want to reset to the default. */ -extern int setfscreatecon(security_context_t context); + Call with NULL if you want to reset to the default. + This has not been ported to SEBSD yet. */ +//extern int setfscreatecon(security_context_t context); +//extern int setfscreatecon_raw(security_context_t context); /* Wrappers for the xattr API. */ @@ -57,13 +83,19 @@ /* Get file context, and set *con to refer to it. Caller must free via freecon. */ extern int getfilecon(const char *path, security_context_t *con); +extern int getfilecon_raw(const char *path, security_context_t *con); extern int lgetfilecon(const char *path, security_context_t *con); +extern int lgetfilecon_raw(const char *path, security_context_t *con); extern int fgetfilecon(int fd, security_context_t *con); +extern int fgetfilecon_raw(int fd, security_context_t *con); /* Set file context */ extern int setfilecon(const char *path, security_context_t con); +extern int setfilecon_raw(const char *path, security_context_t con); extern int lsetfilecon(const char *path, security_context_t con); +extern int lsetfilecon_raw(const char *path, security_context_t con); extern int fsetfilecon(int fd, security_context_t con); +extern int fsetfilecon_raw(int fd, security_context_t con); /* Wrappers for the socket API */ @@ -71,10 +103,14 @@ /* Get context of peer socket, and set *con to refer to it. Caller must free via freecon. */ extern int getpeercon(int fd, security_context_t *con); +extern int getpeercon_raw(int fd, security_context_t *con); /* Wrappers for the selinuxfs (policy) API. */ +typedef unsigned int access_vector_t; +typedef unsigned short security_class_t; + struct av_decision { access_vector_t allowed; access_vector_t decided; @@ -89,13 +125,22 @@ security_class_t tclass, access_vector_t requested, struct av_decision *avd); +extern int security_compute_av_raw(security_context_t scon, + security_context_t tcon, + security_class_t tclass, + access_vector_t requested, + struct av_decision *avd); /* Compute a labeling decision and set *newcon to refer to it. Caller must free via freecon. */ -extern int security_compute_create(security_context_t scon, - security_context_t tcon, - security_class_t tclass, - security_context_t *newcon); +//extern int security_compute_create(security_context_t scon, +// security_context_t tcon, +// security_class_t tclass, +// security_context_t *newcon); +//extern int security_compute_create_raw(security_context_t scon, +// security_context_t tcon, >>> TRUNCATED FOR MAIL (1000 lines) <<<