From owner-p4-projects@FreeBSD.ORG  Fri Aug 22 10:25:26 2003
Return-Path: <owner-p4-projects@FreeBSD.ORG>
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 7F1B316A4C1; Fri, 22 Aug 2003 10:25:26 -0700 (PDT)
Delivered-To: perforce@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3404316A4C0
	for <perforce@freebsd.org>; Fri, 22 Aug 2003 10:25:26 -0700 (PDT)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2370443FE0
	for <perforce@freebsd.org>; Fri, 22 Aug 2003 10:25:25 -0700 (PDT)
	(envelope-from areisse@nailabs.com)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.12.6/8.12.6) with ESMTP id h7MHPO0U027033
	for <perforce@freebsd.org>; Fri, 22 Aug 2003 10:25:24 -0700 (PDT)
	(envelope-from areisse@nailabs.com)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.12.6/8.12.6/Submit) id h7MHPOhb027030
	for perforce@freebsd.org; Fri, 22 Aug 2003 10:25:24 -0700 (PDT)
Date: Fri, 22 Aug 2003 10:25:24 -0700 (PDT)
Message-Id: <200308221725.h7MHPOhb027030@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	areisse@nailabs.com using -f
From: Andrew Reisse <areisse@FreeBSD.org>
To: Perforce Change Reviews <perforce@freebsd.org>
Subject: PERFORCE change 36682 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Aug 2003 17:25:27 -0000

http://perforce.freebsd.org/chv.cgi?CH=36682

Change 36682 by areisse@areisse_tislabs on 2003/08/22 10:24:30

	Fixed wrong common permission numbering in 36674.
	Added generated files whose source changed in 36674.

Affected files ...

.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/av_inherit.h#3 edit
.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/av_perm_to_string.h#3 edit
.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/av_permissions.h#4 edit
.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/class_to_string.h#3 edit
.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/common_perm_to_string.h#3 edit
.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/initial_sid_to_string.h#3 edit
.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/flask/mkaccess_vector.sh#4 edit

Differences ...

==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/av_inherit.h#3 (text+ko) ====

@@ -9,26 +9,26 @@
 } av_inherit_t;
 
 static av_inherit_t av_inherit[] = {
-   { SECCLASS_DIR, common_file_perm_to_string, 0x00100000UL },
-   { SECCLASS_FILE, common_file_perm_to_string, 0x00100000UL },
-   { SECCLASS_LNK_FILE, common_file_perm_to_string, 0x00100000UL },
-   { SECCLASS_CHR_FILE, common_file_perm_to_string, 0x00100000UL },
-   { SECCLASS_BLK_FILE, common_file_perm_to_string, 0x00100000UL },
-   { SECCLASS_SOCK_FILE, common_file_perm_to_string, 0x00100000UL },
-   { SECCLASS_FIFO_FILE, common_file_perm_to_string, 0x00100000UL },
-   { SECCLASS_SOCKET, common_socket_perm_to_string, 0x01000000UL },
-   { SECCLASS_TCP_SOCKET, common_socket_perm_to_string, 0x01000000UL },
-   { SECCLASS_UDP_SOCKET, common_socket_perm_to_string, 0x01000000UL },
-   { SECCLASS_RAWIP_SOCKET, common_socket_perm_to_string, 0x01000000UL },
-   { SECCLASS_NETLINK_SOCKET, common_socket_perm_to_string, 0x01000000UL },
-   { SECCLASS_PACKET_SOCKET, common_socket_perm_to_string, 0x01000000UL },
-   { SECCLASS_KEY_SOCKET, common_socket_perm_to_string, 0x01000000UL },
-   { SECCLASS_UNIX_STREAM_SOCKET, common_socket_perm_to_string, 0x01000000UL },
-   { SECCLASS_UNIX_DGRAM_SOCKET, common_socket_perm_to_string, 0x01000000UL },
-   { SECCLASS_IPC, common_ipc_perm_to_string, 0x00000200UL },
-   { SECCLASS_SEM, common_ipc_perm_to_string, 0x00000200UL },
-   { SECCLASS_MSGQ, common_ipc_perm_to_string, 0x00000200UL },
-   { SECCLASS_SHM, common_ipc_perm_to_string, 0x00000200UL },
+   { SECCLASS_DIR, common_file_perm_to_string, 0x0000000000100000UL },
+   { SECCLASS_FILE, common_file_perm_to_string, 0x0000000000100000UL },
+   { SECCLASS_LNK_FILE, common_file_perm_to_string, 0x0000000000100000UL },
+   { SECCLASS_CHR_FILE, common_file_perm_to_string, 0x0000000000100000UL },
+   { SECCLASS_BLK_FILE, common_file_perm_to_string, 0x0000000000100000UL },
+   { SECCLASS_SOCK_FILE, common_file_perm_to_string, 0x0000000000100000UL },
+   { SECCLASS_FIFO_FILE, common_file_perm_to_string, 0x0000000000100000UL },
+   { SECCLASS_SOCKET, common_socket_perm_to_string, 0x0000000001000000UL },
+   { SECCLASS_TCP_SOCKET, common_socket_perm_to_string, 0x0000000001000000UL },
+   { SECCLASS_UDP_SOCKET, common_socket_perm_to_string, 0x0000000001000000UL },
+   { SECCLASS_RAWIP_SOCKET, common_socket_perm_to_string, 0x0000000001000000UL },
+   { SECCLASS_NETLINK_SOCKET, common_socket_perm_to_string, 0x0000000001000000UL },
+   { SECCLASS_PACKET_SOCKET, common_socket_perm_to_string, 0x0000000001000000UL },
+   { SECCLASS_KEY_SOCKET, common_socket_perm_to_string, 0x0000000001000000UL },
+   { SECCLASS_UNIX_STREAM_SOCKET, common_socket_perm_to_string, 0x0000000001000000UL },
+   { SECCLASS_UNIX_DGRAM_SOCKET, common_socket_perm_to_string, 0x0000000001000000UL },
+   { SECCLASS_IPC, common_ipc_perm_to_string, 0x0000000000000200UL },
+   { SECCLASS_SEM, common_ipc_perm_to_string, 0x0000000000000200UL },
+   { SECCLASS_MSGQ, common_ipc_perm_to_string, 0x0000000000000200UL },
+   { SECCLASS_SHM, common_ipc_perm_to_string, 0x0000000000000200UL },
 };
 
 #define AV_INHERIT_SIZE (sizeof(av_inherit)/sizeof(av_inherit_t))

==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/av_perm_to_string.h#3 (text+ko) ====

@@ -91,14 +91,29 @@
    { SECCLASS_SYSTEM, SYSTEM__SYSLOG_MOD, "syslog_mod" },
    { SECCLASS_SYSTEM, SYSTEM__SYSLOG_CONSOLE, "syslog_console" },
    { SECCLASS_CAPABILITY, CAPABILITY__CHOWN, "chown" },
-   { SECCLASS_CAPABILITY, CAPABILITY__DAC_OVERRIDE, "dac_override" },
+   { SECCLASS_CAPABILITY, CAPABILITY__DAC_EXECUTE, "dac_execute" },
+   { SECCLASS_CAPABILITY, CAPABILITY__DAC_WRITE, "dac_write" },
    { SECCLASS_CAPABILITY, CAPABILITY__DAC_READ_SEARCH, "dac_read_search" },
    { SECCLASS_CAPABILITY, CAPABILITY__FOWNER, "fowner" },
    { SECCLASS_CAPABILITY, CAPABILITY__FSETID, "fsetid" },
    { SECCLASS_CAPABILITY, CAPABILITY__KILL, "kill" },
+   { SECCLASS_CAPABILITY, CAPABILITY__LINK_DIR, "link_dir" },
+   { SECCLASS_CAPABILITY, CAPABILITY__SETFCAP, "setfcap" },
    { SECCLASS_CAPABILITY, CAPABILITY__SETGID, "setgid" },
    { SECCLASS_CAPABILITY, CAPABILITY__SETUID, "setuid" },
+   { SECCLASS_CAPABILITY, CAPABILITY__MAC_DOWNGRADE, "mac_downgrade" },
+   { SECCLASS_CAPABILITY, CAPABILITY__MAC_READ, "mac_read" },
+   { SECCLASS_CAPABILITY, CAPABILITY__MAC_RELABEL_SUBJ, "mac_relabel_subj" },
+   { SECCLASS_CAPABILITY, CAPABILITY__MAC_UPGRADE, "mac_upgrade" },
+   { SECCLASS_CAPABILITY, CAPABILITY__MAC_WRITE, "mac_write" },
+   { SECCLASS_CAPABILITY, CAPABILITY__INF_NOFLOAT_OBJ, "inf_nofloat_obj" },
+   { SECCLASS_CAPABILITY, CAPABILITY__INF_NOFLOAT_SUBJ, "inf_nofloat_subj" },
+   { SECCLASS_CAPABILITY, CAPABILITY__INF_RELABEL_OBJ, "inf_relabel_obj" },
+   { SECCLASS_CAPABILITY, CAPABILITY__INF_RELABEL_SUBJ, "inf_relabel_subj" },
+   { SECCLASS_CAPABILITY, CAPABILITY__AUDIT_CONTROL, "audit_control" },
+   { SECCLASS_CAPABILITY, CAPABILITY__AUDIT_WRITE, "audit_write" },
    { SECCLASS_CAPABILITY, CAPABILITY__SETPCAP, "setpcap" },
+   { SECCLASS_CAPABILITY, CAPABILITY__XXX_INVALID1, "xxx_invalid1" },
    { SECCLASS_CAPABILITY, CAPABILITY__LINUX_IMMUTABLE, "linux_immutable" },
    { SECCLASS_CAPABILITY, CAPABILITY__NET_BIND_SERVICE, "net_bind_service" },
    { SECCLASS_CAPABILITY, CAPABILITY__NET_BROADCAST, "net_broadcast" },

==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/av_permissions.h#4 (text+ko) ====


==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/class_to_string.h#3 (text+ko) ====


==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/common_perm_to_string.h#3 (text+ko) ====


==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/initial_sid_to_string.h#3 (text+ko) ====


==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/flask/mkaccess_vector.sh#4 (text+ko) ====

@@ -136,7 +136,8 @@
 			}
 			printf("\n") > outfile;
 	
-			printf("   { SECCLASS_%s, common_%s_perm_to_string, 0x%08xUL },\n", toupper(tclass), inherits, permission) > inheritfile; 
+			printf("   { SECCLASS_%s, common_%s_perm_to_string, 0x%08x%08xUL },\n", toupper(tclass), inherits,
+				permission>32 ? 2^(permission-33) : 0, permission<33 ? 2^(permission-1) : 0) > inheritfile; 
 
 			nextstate = "CLASS_OR_CLASS-OPENBRACKET";
 			next;