From owner-p4-projects@FreeBSD.ORG  Fri Jan 27 15:30:10 2006
Return-Path: <owner-p4-projects@FreeBSD.ORG>
X-Original-To: p4-projects@freebsd.org
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 940ED16A423; Fri, 27 Jan 2006 15:30:09 +0000 (GMT)
X-Original-To: perforce@freebsd.org
Delivered-To: perforce@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 2734D16A420
	for <perforce@freebsd.org>; Fri, 27 Jan 2006 15:30:09 +0000 (GMT)
	(envelope-from millert@freebsd.org)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E69244450A
	for <perforce@freebsd.org>; Fri, 27 Jan 2006 15:30:08 +0000 (GMT)
	(envelope-from millert@freebsd.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id k0RFU80R026184
	for <perforce@freebsd.org>; Fri, 27 Jan 2006 15:30:08 GMT
	(envelope-from millert@freebsd.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.13.1/8.13.1/Submit) id k0RFU87N026181
	for perforce@freebsd.org; Fri, 27 Jan 2006 15:30:08 GMT
	(envelope-from millert@freebsd.org)
Date: Fri, 27 Jan 2006 15:30:08 GMT
Message-Id: <200601271530.k0RFU87N026181@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	millert@freebsd.org using -f
From: Todd Miller <millert@FreeBSD.org>
To: Perforce Change Reviews <perforce@freebsd.org>
Cc: 
Subject: PERFORCE change 90489 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Jan 2006 15:30:10 -0000

http://perforce.freebsd.org/chv.cgi?CH=90489

Change 90489 by millert@millert_g4tower on 2006/01/27 15:30:02

	Implement hold_send and hold_recv policy bits to match the
	check_port_hold_send and check_port_hold_recv framework
	entry points.  Also implement those entry points in sebsd.c.

Affected files ...

.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/av_perm_to_string.h#4 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/av_permissions.h#4 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/flask/access_vectors#4 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd.c#26 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/av_perm_to_string.h#4 (text+ko) ====

@@ -132,6 +132,8 @@
    { SECCLASS_MACH_PORT, MACH_PORT__MAKE_SEND, "make_send" },
    { SECCLASS_MACH_PORT, MACH_PORT__COPY_SEND, "copy_send" },
    { SECCLASS_MACH_PORT, MACH_PORT__MOVE_RECV, "move_recv" },
+   { SECCLASS_MACH_PORT, MACH_PORT__HOLD_SEND, "hold_send" },
+   { SECCLASS_MACH_PORT, MACH_PORT__HOLD_RECV, "hold_recv" },
    { SECCLASS_MACH_TASK, MACH_TASK__TERMINATE, "terminate" },
    { SECCLASS_MACH_TASK, MACH_TASK__SET_SPECIAL_PORT, "set_special_port" },
    { SECCLASS_MACH_NAMES, MACH_NAMES__REGISTER, "register" },

==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/av_permissions.h#4 (text+ko) ====

@@ -609,6 +609,8 @@
 #define MACH_PORT__MAKE_SEND                      0x0000000000000010UL
 #define MACH_PORT__COPY_SEND                      0x0000000000000020UL
 #define MACH_PORT__MOVE_RECV                      0x0000000000000040UL
+#define MACH_PORT__HOLD_SEND                      0x0000000000000080UL
+#define MACH_PORT__HOLD_RECV                      0x0000000000000100UL
 
 #define MACH_TASK__TERMINATE                      0x0000000000000001UL
 #define MACH_TASK__SET_SPECIAL_PORT               0x0000000000000002UL

==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/flask/access_vectors#4 (text+ko) ====

@@ -363,6 +363,8 @@
 	make_send
 	copy_send
 	move_recv
+	hold_send
+	hold_recv
 }
 
 class mach_task

==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd.c#26 (text+ko) ====

@@ -1170,6 +1170,8 @@
 CHECK_SIMPLE_PERM(port_make_send,SECCLASS_MACH_PORT,MACH_PORT__MAKE_SEND);
 CHECK_SIMPLE_PERM(port_copy_send,SECCLASS_MACH_PORT,MACH_PORT__COPY_SEND);
 CHECK_SIMPLE_PERM(port_move_recv,SECCLASS_MACH_PORT,MACH_PORT__MOVE_RECV);
+CHECK_SIMPLE_PERM(port_hold_send,SECCLASS_MACH_PORT,MACH_PORT__HOLD_SEND);
+CHECK_SIMPLE_PERM(port_hold_recv,SECCLASS_MACH_PORT,MACH_PORT__HOLD_RECV);
 
 extern struct policydb policydb;
 
@@ -2663,6 +2665,8 @@
 	.mpo_check_port_make_send = sebsd_check_port_make_send,
 	.mpo_check_port_copy_send = sebsd_check_port_copy_send,
 	.mpo_check_port_move_receive = sebsd_check_port_move_recv,
+	.mpo_check_port_hold_send = sebsd_check_port_copy_send,
+	.mpo_check_port_hold_receive = sebsd_check_port_move_recv,
 	.mpo_check_proc_setlcid = sebsd_check_proc_setlcid,
 	.mpo_check_proc_signal = sebsd_check_proc_signal,
 	.mpo_check_vnode_access = sebsd_check_vnode_access,