Date: Thu, 26 Oct 2006 14:51:27 GMT From: Todd Miller <millert@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 108487 for review Message-ID: <200610261451.k9QEpRfM005030@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=108487 Change 108487 by millert@millert_macbook on 2006/10/26 14:50:47 Update to refpolicy-20061018 from the Tresys web site. More darwin-specific additions. Affected files ... .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/Changelog#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/Makefile#5 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/Rules.modular#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/Rules.monolithic#6 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/VERSION#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/build.conf#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/config/appconfig-strict-mcs/seusers#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/config/appconfig-strict-mls/initrc_context#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/config/appconfig-strict-mls/seusers#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/config/appconfig-targeted-mcs/seusers#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/config/appconfig-targeted-mls/initrc_context#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/config/appconfig-targeted-mls/seusers#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/doc/policy.dtd#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/migscs.pl#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/flask/mkaccess_vector.sh#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/global_tunables#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/mcs#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/mls#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/amanda.fc#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/amanda.if#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/amanda.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/anaconda.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/apt.if#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/apt.te#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/backup.if#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/backup.te#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/bootloader.fc#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/bootloader.if#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/bootloader.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/certwatch.if#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/consoletype.if#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/consoletype.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/ddcprobe.if#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/dmesg.if#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/dmidecode.if#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/dmidecode.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/dpkg.if#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/dpkg.te#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/firstboot.if#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/firstboot.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/kudzu.if#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/kudzu.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/logrotate.fc#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/logrotate.if#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/logrotate.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/logwatch.fc#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/logwatch.if#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/logwatch.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/mrtg.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/netutils.if#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/netutils.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/portage.if#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/portage.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/prelink.if#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/prelink.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/quota.if#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/readahead.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/rpm.fc#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/rpm.if#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/rpm.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/su.if#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/su.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/sudo.if#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/sxid.if#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/sxid.te#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/tripwire.if#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/updfstab.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/usbmodules.if#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/usbmodules.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/usermanage.if#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/usermanage.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/vbetool.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/vpn.if#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/vpn.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/calamaris.te#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/cdrecord.if#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/cdrecord.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/ethereal.if#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/ethereal.te#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/evolution.if#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/evolution.te#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/games.if#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/games.te#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/gift.if#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/gnome.fc#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/gnome.if#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/gnome.te#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/gpg.if#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/gpg.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/irc.if#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/irc.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/java.if#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/java.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/loadkeys.if#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/lockdev.if#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/lockdev.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/mono.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/mozilla.if#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/mozilla.te#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/mplayer.fc#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/mplayer.if#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/mplayer.te#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/rssh.if#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/screen.if#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/screen.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/slocate.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/thunderbird.if#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/thunderbird.te#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/tvtime.if#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/tvtime.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/uml.if#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/uml.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/userhelper.if#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/userhelper.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/usernetctl.if#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/vmware.if#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/webalizer.if#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/webalizer.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/wine.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/yam.if#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/DirectoryService.if#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/DirectoryService.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/KernelEventAgent.te#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/WindowServer.if#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/WindowServer.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/configd.if#4 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/configd.te#4 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/coreaudiod.te#4 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/diskarbitrationd.if#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/diskarbitrationd.te#4 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/dynamic_pager.if#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/dynamic_pager.te#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/kextd.if#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/kextd.te#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/loginwindow.if#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/loginwindow.te#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/lookupd.te#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/mDNSResponder.te#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/memberd.te#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/notifyd.if#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/notifyd.te#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/securityd.te#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/update.if#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/update.te#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/kernel/corecommands.if#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/kernel/corecommands.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/kernel/corenetwork.if.in#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/kernel/corenetwork.if.m4#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/kernel/corenetwork.te.in#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/kernel/corenetwork.te.m4#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/kernel/devices.fc#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/kernel/devices.if#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/kernel/devices.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/kernel/domain.if#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/kernel/domain.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/kernel/files.fc#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/kernel/files.if#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/kernel/files.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/kernel/filesystem.if#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/kernel/filesystem.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/kernel/kernel.if#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/kernel/kernel.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/kernel/mcs.if#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/kernel/mcs.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/kernel/mls.if#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/kernel/mls.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/kernel/selinux.if#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/kernel/selinux.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/kernel/storage.fc#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/kernel/storage.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/kernel/terminal.if#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/kernel/terminal.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/afs.te#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/amavis.te#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/apache.if#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/apache.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/apm.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/arpwatch.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/asterisk.te#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/automount.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/avahi.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/bind.if#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/bind.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/bluetooth.fc#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/bluetooth.if#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/bluetooth.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/canna.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/cipe.te#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/clamav.te#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/clockspeed.if#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/clockspeed.te#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/comsat.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/courier.te#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/cpucontrol.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/cron.fc#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/cron.if#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/cron.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/cups.if#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/cups.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/cvs.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/cyrus.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/dante.te#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/dbskk.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/dbus.if#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/dbus.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/dcc.if#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/dcc.te#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/ddclient.te#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/dhcp.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/dictd.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/distcc.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/djbdns.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/dnsmasq.te#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/dovecot.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/fetchmail.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/finger.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/ftp.if#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/ftp.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/gatekeeper.te#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/gpm.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/hal.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/howl.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/i18n_input.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/imaze.te#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/inetd.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/inn.if#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/inn.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/ircd.te#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/jabber.te#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/kerberos.if#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/kerberos.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/ktalk.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/ldap.if#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/ldap.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/lpd.fc#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/lpd.if#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/lpd.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/mailman.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/monop.te#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/mta.if#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/mta.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/munin.if#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/munin.te#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/mysql.if#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/mysql.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/nagios.if#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/nagios.te#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/nessus.te#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/networkmanager.fc#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/networkmanager.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/nis.if#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/nis.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/nscd.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/nsd.te#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/ntop.te#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/ntp.if#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/ntp.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/nx.te#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/oav.if#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/oav.te#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/oddjob.fc#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/oddjob.if#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/oddjob.te#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/openvpn.if#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/openvpn.te#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/pegasus.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/perdition.te#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/portmap.if#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/portmap.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/portslave.te#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/postfix.fc#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/postfix.if#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/postfix.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/postgresql.if#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/postgresql.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/postgrey.te#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/ppp.fc#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/ppp.if#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/ppp.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/privoxy.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/procmail.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/pyzor.if#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/pyzor.te#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/qmail.if#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/qmail.te#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/radius.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/radvd.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/razor.if#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/razor.te#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/rdisc.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/remotelogin.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/rhgb.te#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/rlogin.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/roundup.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/rpc.if#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/rpc.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/rshd.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/rsync.if#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/rsync.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/samba.if#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/samba.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/sasl.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/sendmail.if#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/sendmail.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/setroubleshoot.te#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/smartmon.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/snmp.if#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/snmp.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/snort.te#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/soundserver.te#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/spamassassin.if#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/spamassassin.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/squid.if#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/squid.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/ssh.if#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/ssh.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/stunnel.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/sysstat.if#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/sysstat.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/tcpd.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/telnet.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/tftp.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/timidity.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/tor.te#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/transproxy.te#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/ucspitcp.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/uucp.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/uwimap.te#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/watchdog.te#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/xfs.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/xprint.te#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/xserver.if#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/xserver.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/zebra.if#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/zebra.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/authlogin.if#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/authlogin.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/clock.if#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/clock.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/daemontools.if#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/daemontools.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/fstools.if#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/fstools.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/getty.if#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/getty.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/hostname.if#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/hostname.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/hotplug.if#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/hotplug.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/init.if#5 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/init.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/ipsec.if#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/ipsec.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/iptables.if#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/libraries.if#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/libraries.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/locallogin.if#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/locallogin.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/logging.fc#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/logging.if#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/logging.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/lvm.if#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/lvm.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/miscfiles.if#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/miscfiles.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/modutils.if#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/modutils.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/mount.if#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/mount.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/netlabel.fc#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/netlabel.if#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/netlabel.te#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/pcmcia.if#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/pcmcia.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/raid.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/selinuxutil.fc#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/selinuxutil.if#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/selinuxutil.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/setrans.fc#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/setrans.te#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/sysnetwork.if#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/sysnetwork.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/udev.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/unconfined.if#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/unconfined.te#4 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/userdomain.fc#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/userdomain.if#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/userdomain.te#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/xen.fc#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/xen.te#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/support/loadable_module.spt#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/support/misc_macros.spt#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/support/mls_mcs_macros.spt#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/users#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/support/Makefile.devel#3 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/Changelog#3 (text+ko) ==== @@ -1,3 +1,9 @@ +* Wed Oct 18 2006 Chris PeBenito <selinux@tresys.com> - 20061018 +- Patch from Russell Coker Thu, 5 Oct 2006 +- Move range transitions to modules. +- Make number of MLS sensitivities, and number of MLS and MCS + categories configurable as build options. +- Add role infrastructure. - Debian updates from Erich Schubert. - Add nscd_socket_use() to auth_use_nsswitch(). - Remove old selopt rules. @@ -67,6 +73,10 @@ Wed, 23 Aug 2006 Thu, 31 Aug 2006 Fri, 01 Sep 2006 + Tue, 05 Sep 2006 + Wed, 20 Sep 2006 + Fri, 22 Sep 2006 + Mon, 25 Sep 2006 - Added modules: afs amavis (Erich Schubert) @@ -90,6 +100,7 @@ games gatekeeper gift + gnome (James Carter) imaze ircd jabber @@ -99,10 +110,12 @@ munin nagios nessus + netlabel (Paul Moore) nsd ntop nx oav + oddjob (Dan Walsh) openca openvpn (Petre Rodan) perdition ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/Makefile#5 (text+ko) ==== @@ -77,7 +77,7 @@ SEMOD_LNK ?= $(BINDIR)/semodule_link SEMOD_EXP ?= $(BINDIR)/semodule_expand LOADPOLICY ?= $(SBINDIR)/load_policy -SETFILES ?= $(BINDIR)/setfiles +SETFILES ?= /sbin/setfiles MIG_DEFS ?= bootstrap.flask notify_ipc.flask mtest.flask endif @@ -114,17 +114,17 @@ # policy building support tools support := support -genxml := $(PYTHON) $(support)/segenxml.py -gendoc := $(PYTHON) $(support)/sedoctool.py -genperm := $(PYTHON) $(support)/genclassperms.py +genxml := $(PYTHON) -E $(support)/segenxml.py +gendoc := $(PYTHON) -E $(support)/sedoctool.py +genperm := $(PYTHON) -E $(support)/genclassperms.py fcsort := $(tmpdir)/fc_sort setbools := $(AWK) -f $(support)/set_bools_tuns.awk get_type_attr_decl := $(SED) -E -f $(support)/get_type_attr_decl.sed comment_move_decl := $(SED) -E -f $(support)/comment_move_decl.sed -gennetfilter := $(PYTHON) $(support)/gennetfilter.py +gennetfilter := $(PYTHON) -E $(support)/gennetfilter.py # use our own genhomedircon to make sure we have a known usable one, # so policycoreutils updates are not required (RHEL4) -genhomedircon := $(PYTHON) $(support)/genhomedircon +genhomedircon := $(PYTHON) -E $(support)/genhomedircon # documentation paths docs := doc @@ -169,7 +169,9 @@ installdir = $(topdir)/$(strip $(NAME)) srcpath = $(installdir)/src userpath = $(installdir)/users +policypath = $(installdir)/policy contextpath = $(installdir)/contexts +homedirpath = $(contextpath)/files/homedir_template fcpath = $(contextpath)/files/file_contexts ncpath = $(contextpath)/netfilter_contexts sharedir = $(prefix)/share/sedarwin @@ -229,11 +231,16 @@ M4PARAM += -D direct_sysadm_daemon endif +# default MLS/MCS sensitivity and category settings. +MLS_SENS ?= 16 +MLS_CATS ?= 256 +MCS_CATS ?= 256 + ifeq ($(QUIET),y) verbose = @ endif -M4PARAM += -D hide_broken_symptoms +M4PARAM += -D mls_num_sens=$(MLS_SENS) -D mls_num_cats=$(MLS_CATS) -D mcs_num_cats=$(MCS_CATS) -D hide_broken_symptoms # we need exuberant ctags; unfortunately it is named # differently on different distros @@ -255,7 +262,9 @@ appconf := config/appconfig-$(TYPE) seusers := $(appconf)/seusers appdir := $(contextpath) -appfiles := $(addprefix $(appdir)/,default_contexts default_type initrc_context failsafe_context userhelper_context removable_context dbus_contexts customizable_types) $(contextpath)/files/media +user_default_contexts := $(wildcard config/appconfig-$(TYPE)/*_default_contexts) +user_default_contexts_names := $(addprefix $(contextpath)/users/,$(subst _default_contexts,,$(notdir $(user_default_contexts)))) +appfiles := $(addprefix $(appdir)/,default_contexts default_type initrc_context failsafe_context userhelper_context removable_context dbus_contexts customizable_types) $(contextpath)/files/media $(user_default_contexts_names) net_contexts := $(builddir)net_contexts all_layers := $(filter-out $(moddir)/CVS,$(shell find $(wildcard $(moddir)/*) -maxdepth 0 -type d)) @@ -316,17 +325,46 @@ # Functions # +# parse-rolemap-compat modulename,outputfile +define parse-rolemap-compat + $(verbose) $(M4) $(M4PARAM) $(rolemap) | \ + $(AWK) '/^[[:blank:]]*[A-Za-z]/{ print "gen_require(type " $$3 "; role " $$1 ";)\n$1_per_userdomain_template(" $$2 "," $$3 "," $$1 ")" }' >> $2 +endef + # parse-rolemap modulename,outputfile define parse-rolemap $(verbose) $(M4) $(M4PARAM) $(rolemap) | \ - $(AWK) '/^[[:blank:]]*[A-Za-z]/{ print "gen_require(type " $$3 "; role " $$1 ";)\n$1_per_userdomain_template(" $$2 "," $$3 "," $$1 ")" }' >> $2 + $(AWK) '/^[[:blank:]]*[A-Za-z]/{ print "gen_require(type " $$3 "; role " $$1 ";)\n$1_per_role_template(" $$2 "," $$3 "," $$1 ")" }' >> $2 endef -# peruser-expansion modulename,outputfile -define peruser-expansion - $(verbose) echo "ifdef(\`""$1""_per_userdomain_template',\`" > $2 +# perrole-expansion modulename,outputfile +define perrole-expansion + $(verbose) echo "ifdef(\`""$1""_per_role_template',\`" > $2 $(call parse-rolemap,$1,$2) $(verbose) echo "')" >> $2 + + $(verbose) echo "ifdef(\`""$1""_per_userdomain_template',\`" >> $2 + $(verbose) echo "errprint(\`Warning: per_userdomain_templates have been renamed to per_role_templates (""$1""_per_userdomain_template)'__endline__)" >> $2 + $(call parse-rolemap-compat,$1,$2) + $(verbose) echo "')" >> $2 +endef + +# create-base-per-role-tmpl modulenames,outputfile +define create-base-per-role-tmpl + $(verbose) echo "define(\`base_per_role_template',\`" >> $2 + + $(verbose) for i in $1; do \ + echo "ifdef(\`""$$i""_per_role_template',\`""$$i""_per_role_template("'$$*'")')" \ + >> $2 ;\ + done + + $(verbose) for i in $1; do \ + echo "ifdef(\`""$$i""_per_userdomain_template',\`" >> $2 ;\ + echo "errprint(\`Warning: per_userdomain_templates have been renamed to per_role_templates (""$$i""_per_userdomain_template)'__endline__)" >> $2 ;\ + echo """$$i""_per_userdomain_template("'$$*'")')" >> $2 ;\ + done + $(verbose) echo "')" >> $@ + endef ######################################## @@ -446,7 +484,15 @@ ######################################## # -# Appconfig files +# Build Appconfig files +# +$(tmpdir)/initrc_context: $(appconf)/initrc_context + @mkdir -p $(tmpdir) + $(verbose) $(M4) $(M4PARAM) $(m4support) $^ | $(GREP) '^[a-z]' > $@ + +######################################## +# +# Install Appconfig files # install-appconfig: $(appfiles) @@ -477,7 +523,7 @@ @mkdir -p $(appdir) $(verbose) $(INSTALL) -m 644 $< $@ -$(appdir)/initrc_context: $(appconf)/initrc_context +$(appdir)/initrc_context: $(tmpdir)/initrc_context @mkdir -p $(appdir) $(verbose) $(INSTALL) -m 644 $< $@ @@ -489,9 +535,9 @@ @mkdir -p $(appdir) $(verbose) $(INSTALL) -m 644 $< $@ -$(appdir)/users/root: $(appconf)/root_default_contexts +$(contextpath)/users/%: $(appconf)/%_default_contexts @mkdir -p $(appdir)/users - $(verbose) $(INSTALL) -m 644 $< $@ + $(verbose) $(INSTALL) -m 644 $^ $@ ######################################## # @@ -523,6 +569,9 @@ $(verbose) echo "MONOLITHIC ?= n" >> $(headerdir)/build.conf $(verbose) echo "DIRECT_INITRC ?= $(DIRECT_INITRC)" >> $(headerdir)/build.conf $(verbose) echo "POLY ?= $(POLY)" >> $(headerdir)/build.conf + $(verbose) echo "override MLS_SENS := $(MLS_SENS)" >> $(headerdir)/build.conf + $(verbose) echo "override MLS_CATS := $(MLS_CATS)" >> $(headerdir)/build.conf + $(verbose) echo "override MCS_CATS := $(MCS_CATS)" >> $(headerdir)/build.conf $(verbose) $(INSTALL) -m 644 $(support)/Makefile.devel $(headerdir)/Makefile ######################################## ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/Rules.modular#3 (text+ko) ==== @@ -52,6 +52,9 @@ # Load all configured modules # load: $(instpkg) $(appfiles) +# make sure two directories exist since they are not +# created by semanage + @mkdir -p $(policypath) $(dir $(fcpath)) @echo "Loading configured modules." $(verbose) $(SEMODULE) -s $(NAME) -b $(modpkgdir)/$(notdir $(base_pkg)) $(foreach mod,$(mod_pkgs),-i $(modpkgdir)/$(mod)) @@ -71,7 +74,7 @@ $(tmpdir)/%.mod: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf %.te @echo "Compliling $(NAME) $(@F) module" @test -d $(tmpdir) || mkdir -p $(tmpdir) - $(call peruser-expansion,$(basename $(@F)),$@.role) + $(call perrole-expansion,$(basename $(@F)),$@.role) $(verbose) $(M4) $(M4PARAM) -s $^ $@.role > $(@:.mod=.tmp) $(verbose) $(CHECKMODULE) -m $(@:.mod=.tmp) -o $@ @@ -88,15 +91,19 @@ # # Create a base module package # -$(base_pkg): $(base_mod) $(base_fc) $(users_extra) $(seusers) $(net_contexts) +$(base_pkg): $(base_mod) $(base_fc) $(users_extra) $(tmpdir)/seusers $(net_contexts) @echo "Creating $(NAME) base module package" @test -d $(builddir) || mkdir -p $(builddir) - $(verbose) $(SEMOD_PKG) -o $@ -m $(base_mod) -f $(base_fc) -u $(users_extra) -s $(seusers) -n $(net_contexts) + $(verbose) $(SEMOD_PKG) -o $@ -m $(base_mod) -f $(base_fc) -u $(users_extra) -s $(tmpdir)/seusers -n $(net_contexts) $(base_mod): $(base_conf) @echo "Compiling $(NAME) base module" $(verbose) $(CHECKMODULE) -o $@ $^ +$(tmpdir)/seusers: $(seusers) + @mkdir -p $(tmpdir) + $(verbose) $(M4) $(M4PARAM) $(m4support) $^ | $(GREP) '^[a-z_]' > $@ + $(users_extra): $(m4support) $(user_files) @test -d $(tmpdir) || mkdir -p $(tmpdir) $(verbose) $(M4) $(M4PARAM) -D users_extra $^ | \ @@ -120,13 +127,7 @@ @test -d $(tmpdir) || mkdir -p $(tmpdir) # define all available object classes $(verbose) $(genperm) $(avs) $(secclass) > $@ -# per-userdomain templates - $(verbose) echo "define(\`base_per_userdomain_template',\`" >> $@ - $(verbose) for i in $(patsubst %.te,%,$(base_mods)); do \ - echo "ifdef(\`""$$i""_per_userdomain_template',\`""$$i""_per_userdomain_template("'$$*'")')" \ - >> $@ ;\ - done - $(verbose) echo "')" >> $@ + $(verbose) $(call create-base-per-role-tmpl,$(patsubst %.te,%,$(base_mods)),$@) $(verbose) test -f $(booleans) && $(setbools) $(booleans) >> $@ || true $(tmpdir)/global_bools.conf: M4PARAM += -D self_contained_policy ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/Rules.monolithic#6 (text+ko) ==== @@ -23,10 +23,8 @@ M4PARAM += -D self_contained_policy # install paths -policypath = $(installdir)/policy loadpath = $(policypath)/$(notdir $(polver)) migscs_loadpath = $(policypath)/sebsd_migscs -homedirpath = $(contextpath)/files/homedir_template appfiles += $(installdir)/booleans $(userpath)/local.users @@ -129,18 +127,11 @@ $(tmpdir)/generated_definitions.conf: $(all_te_files) @test -d $(tmpdir) || mkdir -p $(tmpdir) # define all available object classes - # Generate temporary securtity class and access vector files that - # include SEDarwin specific bits +# this includes MiG-based classes for SEDarwin $(verbose) cat $(avs) $(mig_avs) > tmp/all_avs $(verbose) cat $(secclass) $(mig_secclass) > tmp/all_secclasses $(verbose) $(genperm) tmp/all_avs tmp/all_secclasses > $@ - - #$(verbose) $(genperm) $(avs) $(secclass) > $@ -# per-userdomain templates: - $(verbose) echo "define(\`base_per_userdomain_template',\`" >> $@ - $(verbose) $(foreach mod,$(basename $(notdir $(all_modules))), \ - echo "ifdef(\`""$(mod)""_per_userdomain_template',\`""$(mod)""_per_userdomain_template("'$$*'")')" >> $@ ;) - $(verbose) echo "')" >> $@ + $(verbose) $(call create-base-per-role-tmpl,$(basename $(notdir $(all_modules))),$@) $(verbose) test -f $(booleans) && $(setbools) $(booleans) >> $@ || true $(tmpdir)/global_bools.conf: $(m4support) $(tmpdir)/generated_definitions.conf $(globalbool) $(globaltun) ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/VERSION#2 (text+ko) ==== @@ -1,1 +1,1 @@ -20060307 +20061018 ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/build.conf#3 (text+ko) ==== @@ -48,6 +48,20 @@ # Enable polyinstantiated directory support. POLY=n +# Number of MLS Sensitivities +# The sensitivities will be s0 to s(MLS_SENS-1). +# Dominance will be in increasing numerical order +# with s0 being lowest. +MLS_SENS=16 + +# Number of MLS Categories +# The categories will be c0 to c(MLS_CATS-1). +MLS_CATS=256 + +# Number of MCS Categories +# The categories will be c0 to c(MLS_CATS-1). +MCS_CATS=256 + # Set this to y to only display status messages # during build. QUIET=n ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/config/appconfig-strict-mcs/seusers#2 (text+ko) ==== @@ -1,2 +1,2 @@ -root:root:s0-s0:c0.c255 +root:root:s0-mcs_systemhigh __default__:user_u:s0 ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/config/appconfig-strict-mls/initrc_context#2 (text+ko) ==== @@ -1,1 +1,1 @@ -system_u:system_r:initrc_t:s0-s15:c0.c255 +system_u:system_r:initrc_t:s0-mls_systemhigh ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/config/appconfig-strict-mls/seusers#2 (text+ko) ==== @@ -1,2 +1,2 @@ -root:root:s0-s15:c0.c255 +root:root:s0-mls_systemhigh __default__:user_u:s0 ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/config/appconfig-targeted-mcs/seusers#2 (text+ko) ==== @@ -1,2 +1,2 @@ -root:root:s0-s0:c0.c255 +root:root:s0-mcs_systemhigh __default__:user_u:s0 ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/config/appconfig-targeted-mls/initrc_context#3 (text+ko) ==== @@ -1,1 +1,1 @@ -user_u:system_r:initrc_t:s0-s15:c0.c255 +user_u:system_r:initrc_t:s0-mls_systemhigh ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/config/appconfig-targeted-mls/seusers#2 (text+ko) ==== @@ -1,2 +1,2 @@ -root:root:s0-s15:c0.c255 +root:root:s0-mls_systemhigh __default__:user_u:s0 ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/doc/policy.dtd#2 (text+ko) ==== @@ -20,9 +20,9 @@ name CDATA #REQUIRED dftval CDATA #REQUIRED> <!ELEMENT summary (#PCDATA)> -<!ELEMENT interface (summary,desc?,param+,infoflow?)> +<!ELEMENT interface (summary,desc?,param+,infoflow?,(rolebase|rolecap)?)> <!ATTLIST interface name CDATA #REQUIRED lineno CDATA #REQUIRED> -<!ELEMENT template (summary,desc?,param+)> +<!ELEMENT template (summary,desc?,param+,(rolebase|rolecap)?)> <!ATTLIST template name CDATA #REQUIRED lineno CDATA #REQUIRED> <!ELEMENT desc (#PCDATA|%inline.class;)*> <!ELEMENT param (summary)> @@ -33,6 +33,8 @@ <!ATTLIST infoflow type CDATA #REQUIRED weight CDATA #IMPLIED> +<!ELEMENT rolebase EMPTY> +<!ELEMENT rolecap EMPTY> <!ATTLIST pre caption CDATA #IMPLIED> <!ELEMENT p (#PCDATA|%inline.class;)*> ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/migscs.pl#3 (text+ko) ==== @@ -2,26 +2,47 @@ my %scs; my $curclass = 0; +my $nsub = 0; +# Go through the combined security classes and store info +# for any Mach subsystems. while (<>) { - if (/^class .*subsystem +([0-9]+)/) { - $curclass++; - if (@$scs{$1}) { - push @{$scs{$1}}, $curclass; - } else { - $scs{$1} = [$curclass]; - } - } - elsif (/^class/) { $curclass++; } + if (/^class .*subsystem +([0-9]+)/) { + # Mach subsystem security class + $curclass++; + $nsub++; + if (defined($scs{$1})) { + push @{$scs{$1}}, $curclass; + } else { + $scs{$1} = [$curclass]; + } + } elsif (/^class/) { + # Regular FLASK security class + $curclass++; + } } -warn "$curclass classes\n"; -my $out; +warn "$curclass classes ($nsub Mach subsystems)\n"; +# +# Output matches the following structure definition: +# +# struct { +# u_int msgid; +# u_int nclasses; +# u_int size; +# u_int classes[nclasses]; +# }; +# +my $out = ''; foreach my $c (keys %scs) { - my @ca = @{$scs{$c}}; - $out .= pack ('III', $c, 1+$#ca, 100); - foreach my $c (@ca) { $out .= pack ('I', $c); } + my @ca = @{$scs{$c}}; + # Format is msgid, nclasses, size + $out .= pack('III', $c, scalar(@ca), 100); + foreach my $c (@ca) { + $out .= pack ('I', $c); + } } +print $out; -print $out; +exit 0; ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/flask/mkaccess_vector.sh#3 (text+ko) ==== @@ -135,7 +135,6 @@ printf(" ") > outfile; printf("0x%08xUL\n", ind[i]) > outfile; } - printf("\n") > outfile; for (i in ind) delete ind[i]; for (i in inherited_perms) delete inherited_perms[i]; @@ -231,8 +230,6 @@ printf("TE_(common_%s_perm_to_string)\n\n", common_name) > cpermfile; } - printf("\n") > outfile; - nextstate = "COMMON_OR_AV"; } END { ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/global_tunables#3 (text+ko) ==== @@ -536,13 +536,6 @@ ## <desc> ## <p> -## Allow users to rw usb devices -## </p> -## </desc> -gen_tunable(user_rw_usb,false) - -## <desc> -## <p> ## Allow users to run TCP servers (bind to ports and accept connection from ## the same domain and outside users) disabling this forces FTP passive mode ## and may change other protocols. @@ -582,6 +575,13 @@ ifdef(`targeted_policy',` ## <desc> ## <p> +## Allow all daemons the ability to use unallocated ttys +## </p> +## </desc> +gen_tunable(allow_daemons_use_tty,false) + +## <desc> +## <p> ## Allow mount to mount any file ## </p> ## </desc> ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/mcs#3 (text+ko) ==== @@ -2,93 +2,23 @@ # # Define sensitivities # -# Each sensitivity has a name and zero or more aliases. -# # MCS is single-sensitivity. -# -sensitivity s0; -# -# Define the ordering of the sensitivity levels (least to greatest) -# -dominance { s0 } +gen_sens(1) - # # Define the categories # -# Each category has a name and zero or more aliases. -# -category c0; category c1; category c2; category c3; -category c4; category c5; category c6; category c7; -category c8; category c9; category c10; category c11; -category c12; category c13; category c14; category c15; -category c16; category c17; category c18; category c19; -category c20; category c21; category c22; category c23; -category c24; category c25; category c26; category c27; -category c28; category c29; category c30; category c31; -category c32; category c33; category c34; category c35; -category c36; category c37; category c38; category c39; -category c40; category c41; category c42; category c43; -category c44; category c45; category c46; category c47; -category c48; category c49; category c50; category c51; -category c52; category c53; category c54; category c55; -category c56; category c57; category c58; category c59; -category c60; category c61; category c62; category c63; -category c64; category c65; category c66; category c67; -category c68; category c69; category c70; category c71; -category c72; category c73; category c74; category c75; -category c76; category c77; category c78; category c79; -category c80; category c81; category c82; category c83; -category c84; category c85; category c86; category c87; -category c88; category c89; category c90; category c91; -category c92; category c93; category c94; category c95; -category c96; category c97; category c98; category c99; -category c100; category c101; category c102; category c103; -category c104; category c105; category c106; category c107; -category c108; category c109; category c110; category c111; -category c112; category c113; category c114; category c115; -category c116; category c117; category c118; category c119; -category c120; category c121; category c122; category c123; -category c124; category c125; category c126; category c127; -category c128; category c129; category c130; category c131; -category c132; category c133; category c134; category c135; -category c136; category c137; category c138; category c139; -category c140; category c141; category c142; category c143; -category c144; category c145; category c146; category c147; -category c148; category c149; category c150; category c151; -category c152; category c153; category c154; category c155; -category c156; category c157; category c158; category c159; -category c160; category c161; category c162; category c163; -category c164; category c165; category c166; category c167; -category c168; category c169; category c170; category c171; -category c172; category c173; category c174; category c175; -category c176; category c177; category c178; category c179; -category c180; category c181; category c182; category c183; -category c184; category c185; category c186; category c187; -category c188; category c189; category c190; category c191; >>> TRUNCATED FOR MAIL (1000 lines) <<<
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200610261451.k9QEpRfM005030>