Date: Fri, 27 Jan 2006 15:30:08 GMT From: Todd Miller <millert@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 90489 for review Message-ID: <200601271530.k0RFU87N026181@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=90489 Change 90489 by millert@millert_g4tower on 2006/01/27 15:30:02 Implement hold_send and hold_recv policy bits to match the check_port_hold_send and check_port_hold_recv framework entry points. Also implement those entry points in sebsd.c. Affected files ... .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/av_perm_to_string.h#4 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/av_permissions.h#4 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/flask/access_vectors#4 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd.c#26 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/av_perm_to_string.h#4 (text+ko) ==== @@ -132,6 +132,8 @@ { SECCLASS_MACH_PORT, MACH_PORT__MAKE_SEND, "make_send" }, { SECCLASS_MACH_PORT, MACH_PORT__COPY_SEND, "copy_send" }, { SECCLASS_MACH_PORT, MACH_PORT__MOVE_RECV, "move_recv" }, + { SECCLASS_MACH_PORT, MACH_PORT__HOLD_SEND, "hold_send" }, + { SECCLASS_MACH_PORT, MACH_PORT__HOLD_RECV, "hold_recv" }, { SECCLASS_MACH_TASK, MACH_TASK__TERMINATE, "terminate" }, { SECCLASS_MACH_TASK, MACH_TASK__SET_SPECIAL_PORT, "set_special_port" }, { SECCLASS_MACH_NAMES, MACH_NAMES__REGISTER, "register" }, ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/av_permissions.h#4 (text+ko) ==== @@ -609,6 +609,8 @@ #define MACH_PORT__MAKE_SEND 0x0000000000000010UL #define MACH_PORT__COPY_SEND 0x0000000000000020UL #define MACH_PORT__MOVE_RECV 0x0000000000000040UL +#define MACH_PORT__HOLD_SEND 0x0000000000000080UL +#define MACH_PORT__HOLD_RECV 0x0000000000000100UL #define MACH_TASK__TERMINATE 0x0000000000000001UL #define MACH_TASK__SET_SPECIAL_PORT 0x0000000000000002UL ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/flask/access_vectors#4 (text+ko) ==== @@ -363,6 +363,8 @@ make_send copy_send move_recv + hold_send + hold_recv } class mach_task ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd.c#26 (text+ko) ==== @@ -1170,6 +1170,8 @@ CHECK_SIMPLE_PERM(port_make_send,SECCLASS_MACH_PORT,MACH_PORT__MAKE_SEND); CHECK_SIMPLE_PERM(port_copy_send,SECCLASS_MACH_PORT,MACH_PORT__COPY_SEND); CHECK_SIMPLE_PERM(port_move_recv,SECCLASS_MACH_PORT,MACH_PORT__MOVE_RECV); +CHECK_SIMPLE_PERM(port_hold_send,SECCLASS_MACH_PORT,MACH_PORT__HOLD_SEND); +CHECK_SIMPLE_PERM(port_hold_recv,SECCLASS_MACH_PORT,MACH_PORT__HOLD_RECV); extern struct policydb policydb; @@ -2663,6 +2665,8 @@ .mpo_check_port_make_send = sebsd_check_port_make_send, .mpo_check_port_copy_send = sebsd_check_port_copy_send, .mpo_check_port_move_receive = sebsd_check_port_move_recv, + .mpo_check_port_hold_send = sebsd_check_port_copy_send, + .mpo_check_port_hold_receive = sebsd_check_port_move_recv, .mpo_check_proc_setlcid = sebsd_check_proc_setlcid, .mpo_check_proc_signal = sebsd_check_proc_signal, .mpo_check_vnode_access = sebsd_check_vnode_access,
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200601271530.k0RFU87N026181>