From owner-trustedbsd-cvs@FreeBSD.ORG  Tue Aug 15 17:54:55 2006
Return-Path: <owner-trustedbsd-cvs@FreeBSD.ORG>
X-Original-To: trustedbsd-cvs@freebsd.org
Delivered-To: trustedbsd-cvs@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B931116A4DE
	for <trustedbsd-cvs@freebsd.org>; Tue, 15 Aug 2006 17:54:55 +0000 (UTC)
	(envelope-from owner-perforce@freebsd.org)
Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 5C5BD43D81
	for <trustedbsd-cvs@freebsd.org>; Tue, 15 Aug 2006 17:54:42 +0000 (GMT)
	(envelope-from owner-perforce@freebsd.org)
Received: from mx2.freebsd.org (mx2.freebsd.org [216.136.204.119])
	by cyrus.watson.org (Postfix) with ESMTP id A8D1B46D37
	for <trustedbsd-cvs@trustedbsd.org>;
	Tue, 15 Aug 2006 13:54:38 -0400 (EDT)
Received: from hub.freebsd.org (hub.freebsd.org [216.136.204.18])
	by mx2.freebsd.org (Postfix) with ESMTP id 27813561A1;
	Tue, 15 Aug 2006 17:54:38 +0000 (GMT)
	(envelope-from owner-perforce@freebsd.org)
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 2091E16A4E6; Tue, 15 Aug 2006 17:54:38 +0000 (UTC)
X-Original-To: perforce@freebsd.org
Delivered-To: perforce@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id D2B1A16A4DF
	for <perforce@freebsd.org>; Tue, 15 Aug 2006 17:54:37 +0000 (UTC)
	(envelope-from millert@freebsd.org)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 605CD43D8D
	for <perforce@freebsd.org>; Tue, 15 Aug 2006 17:53:58 +0000 (GMT)
	(envelope-from millert@freebsd.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id k7FHrYqZ036444
	for <perforce@freebsd.org>; Tue, 15 Aug 2006 17:53:34 GMT
	(envelope-from millert@freebsd.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.13.6/8.13.4/Submit) id k7FHrYEF036441
	for perforce@freebsd.org; Tue, 15 Aug 2006 17:53:34 GMT
	(envelope-from millert@freebsd.org)
Date: Tue, 15 Aug 2006 17:53:34 GMT
Message-Id: <200608151753.k7FHrYEF036441@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	millert@freebsd.org using -f
From: Todd Miller <millert@FreeBSD.org>
To: Perforce Change Reviews <perforce@freebsd.org>
Cc: 
Subject: PERFORCE change 104075 for review
X-BeenThere: trustedbsd-cvs@FreeBSD.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TrustedBSD CVS and Perforce commit message list
	<trustedbsd-cvs.FreeBSD.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/trustedbsd-cvs>, 
	<mailto:trustedbsd-cvs-request@FreeBSD.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/trustedbsd-cvs>
List-Post: <mailto:trustedbsd-cvs@FreeBSD.org>
List-Help: <mailto:trustedbsd-cvs-request@FreeBSD.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/trustedbsd-cvs>,
	<mailto:trustedbsd-cvs-request@FreeBSD.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Aug 2006 17:54:55 -0000

http://perforce.freebsd.org/chv.cgi?CH=104075

Change 104075 by millert@millert_macbook on 2006/08/15 17:53:18

	Add sebsd_prev label namespace for getting at the previous sid.
	Will be used by getprevcon() in libselinux.

Affected files ...

.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#5 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.h#2 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#5 (text+ko) ====

@@ -2936,9 +2936,6 @@
 	u_int32_t context_len;
 	int error;
 
-	if (strcmp("sebsd", element_name) != 0)
-		return (0);
-
 	error = security_sid_to_context(sid, &context, &context_len);
 	if (error)
 		return (error);
@@ -2949,16 +2946,35 @@
 	return (error);
 }
 
-#define SEBSD_EXTERNALIZE_LABEL(n1,n2)					\
+#define	SEBSD_EXTERNALIZE_LABEL(n1,n2)					\
 static int sebsd_externalize_##n1##_label(struct label *label,		\
     char *element_name,	struct sbuf *sb)				\
 {									\
 	struct n2##_security_struct *lsec;				\
+									\
+	if (strcmp("sebsd", element_name) != 0)				\
+		return (0);						\
+									\
 	lsec = SLOT(label);						\
 	return (sebsd_externalize_sid(lsec->sid, element_name, sb));	\
 }
 
-SEBSD_EXTERNALIZE_LABEL(cred,task)
+static int sebsd_externalize_cred_label(struct label *label,
+	char *element_name, struct sbuf *sb)
+{
+	struct task_security_struct *tsec;
+	u_int32_t sid;
+
+	tsec = SLOT(label);
+	if (strcmp("sebsd_prev", element_name) == 0)
+		sid = tsec->osid;
+	else if (strcmp("sebsd", element_name) == 0)
+		sid = tsec->sid;
+	else
+		return (0);
+	return (sebsd_externalize_sid(sid, element_name, sb));
+}
+
 SEBSD_EXTERNALIZE_LABEL(network,network)
 SEBSD_EXTERNALIZE_LABEL(vnode,vnode)
 SEBSD_EXTERNALIZE_LABEL(mount_fs,mount_fs)

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.h#2 (text+ko) ====

@@ -41,8 +41,8 @@
 #define	SEBSD_ID_STRING			"sebsd"
 #define	SEBSD_MAC_EXTATTR_NAME		"sebsd"
 #define	SEBSD_MAC_EXTATTR_NAMESPACE	EXTATTR_NAMESPACE_SYSTEM
-#define	SEBSD_MAC_LABEL_NAMESPACES	"sebsd"
-#define	SEBSD_MAC_LABEL_NAME_COUNT	1
+#define	SEBSD_MAC_LABEL_NAMESPACES	"sebsd","sebsd_prev"
+#define	SEBSD_MAC_LABEL_NAME_COUNT	2
 
 extern int sebsd_find_data(const char *key, void **valp, size_t *sizep);
 #define	sebsd_find_data(k, v, s)	mac_find_module_data("sebsd", k, v, s)