From owner-p4-projects@FreeBSD.ORG  Mon Dec  1 11:58:46 2003
Return-Path: <owner-p4-projects@FreeBSD.ORG>
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 0082F16A4D0; Mon,  1 Dec 2003 11:58:45 -0800 (PST)
Delivered-To: perforce@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id D012316A4CE
	for <perforce@freebsd.org>; Mon,  1 Dec 2003 11:58:45 -0800 (PST)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 22AB843F85
	for <perforce@freebsd.org>; Mon,  1 Dec 2003 11:58:45 -0800 (PST)
	(envelope-from areisse@nailabs.com)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.12.9/8.12.9) with ESMTP id hB1JwiXJ057857
	for <perforce@freebsd.org>; Mon, 1 Dec 2003 11:58:44 -0800 (PST)
	(envelope-from areisse@nailabs.com)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.12.9/8.12.9/Submit) id hB1JwiKs057854
	for perforce@freebsd.org; Mon, 1 Dec 2003 11:58:44 -0800 (PST)
	(envelope-from areisse@nailabs.com)
Date: Mon, 1 Dec 2003 11:58:44 -0800 (PST)
Message-Id: <200312011958.hB1JwiKs057854@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	areisse@nailabs.com using -f
From: Andrew Reisse <areisse@FreeBSD.org>
To: Perforce Change Reviews <perforce@freebsd.org>
Subject: PERFORCE change 43239 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Dec 2003 19:58:46 -0000

http://perforce.freebsd.org/chv.cgi?CH=43239

Change 43239 by areisse@areisse_ibook on 2003/12/01 11:58:06

	make sebsd_enabled() library call actually check.

Affected files ...

.. //depot/projects/trustedbsd/sedarwin/libsebsd/system.c#2 edit
.. //depot/projects/trustedbsd/sedarwin/sebsd_system/wslogin/wslogin.c#5 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin/libsebsd/system.c#2 (text+ko) ====

@@ -42,10 +42,19 @@
 
 int sebsd_enabled()
 {
-	int error, i;
-	error = sysctlbyname ("security.mac.sebsd.enforcing", 
-                              &i, sizeof(int), NULL, 0);
-	return (error != ENOENT);
+	int    args[2];
+	int    i;
+	size_t mibn = sizeof(int) * 64;
+	int    mibs[64];
+
+	args[0] = 0;
+	args[1] = 3;
+	
+	const char *name = "security.mac.sebsd.enforcing";
+	i = sysctl (args, 2, mibs, &mibn, name, strlen(name));
+	if (i < 0) 
+		return 0;
+	return 1;
 }
 
 int

==== //depot/projects/trustedbsd/sedarwin/sebsd_system/wslogin/wslogin.c#5 (text+ko) ====

@@ -49,6 +49,9 @@
 */
 int setuid (uid_t uid)
 {
+  if (!sebsd_enabled())
+    return syscall (23, uid);
+
   mac_t execlabel = NULL;	/* label to transition to in exec */
 
   openlog ("wslogin", LOG_ODELAY, LOG_AUTH);
@@ -73,7 +76,6 @@
       return 0;
     }
 
-  if (sebsd_enabled())
     {
       char *labeltext, *queried, **contexts;
       size_t ncontexts;