PERFORCE change 36682 for review

Andrew Reisse areisse at FreeBSD.org
Fri Aug 22 10:25:27 PDT 2003


http://perforce.freebsd.org/chv.cgi?CH=36682

Change 36682 by areisse at areisse_tislabs on 2003/08/22 10:24:30

	Fixed wrong common permission numbering in 36674.
	Added generated files whose source changed in 36674.

Affected files ...

.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/av_inherit.h#3 edit
.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/av_perm_to_string.h#3 edit
.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/av_permissions.h#4 edit
.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/class_to_string.h#3 edit
.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/common_perm_to_string.h#3 edit
.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/initial_sid_to_string.h#3 edit
.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/flask/mkaccess_vector.sh#4 edit

Differences ...

==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/av_inherit.h#3 (text+ko) ====

@@ -9,26 +9,26 @@
 } av_inherit_t;
 
 static av_inherit_t av_inherit[] = {
-   { SECCLASS_DIR, common_file_perm_to_string, 0x00100000UL },
-   { SECCLASS_FILE, common_file_perm_to_string, 0x00100000UL },
-   { SECCLASS_LNK_FILE, common_file_perm_to_string, 0x00100000UL },
-   { SECCLASS_CHR_FILE, common_file_perm_to_string, 0x00100000UL },
-   { SECCLASS_BLK_FILE, common_file_perm_to_string, 0x00100000UL },
-   { SECCLASS_SOCK_FILE, common_file_perm_to_string, 0x00100000UL },
-   { SECCLASS_FIFO_FILE, common_file_perm_to_string, 0x00100000UL },
-   { SECCLASS_SOCKET, common_socket_perm_to_string, 0x01000000UL },
-   { SECCLASS_TCP_SOCKET, common_socket_perm_to_string, 0x01000000UL },
-   { SECCLASS_UDP_SOCKET, common_socket_perm_to_string, 0x01000000UL },
-   { SECCLASS_RAWIP_SOCKET, common_socket_perm_to_string, 0x01000000UL },
-   { SECCLASS_NETLINK_SOCKET, common_socket_perm_to_string, 0x01000000UL },
-   { SECCLASS_PACKET_SOCKET, common_socket_perm_to_string, 0x01000000UL },
-   { SECCLASS_KEY_SOCKET, common_socket_perm_to_string, 0x01000000UL },
-   { SECCLASS_UNIX_STREAM_SOCKET, common_socket_perm_to_string, 0x01000000UL },
-   { SECCLASS_UNIX_DGRAM_SOCKET, common_socket_perm_to_string, 0x01000000UL },
-   { SECCLASS_IPC, common_ipc_perm_to_string, 0x00000200UL },
-   { SECCLASS_SEM, common_ipc_perm_to_string, 0x00000200UL },
-   { SECCLASS_MSGQ, common_ipc_perm_to_string, 0x00000200UL },
-   { SECCLASS_SHM, common_ipc_perm_to_string, 0x00000200UL },
+   { SECCLASS_DIR, common_file_perm_to_string, 0x0000000000100000UL },
+   { SECCLASS_FILE, common_file_perm_to_string, 0x0000000000100000UL },
+   { SECCLASS_LNK_FILE, common_file_perm_to_string, 0x0000000000100000UL },
+   { SECCLASS_CHR_FILE, common_file_perm_to_string, 0x0000000000100000UL },
+   { SECCLASS_BLK_FILE, common_file_perm_to_string, 0x0000000000100000UL },
+   { SECCLASS_SOCK_FILE, common_file_perm_to_string, 0x0000000000100000UL },
+   { SECCLASS_FIFO_FILE, common_file_perm_to_string, 0x0000000000100000UL },
+   { SECCLASS_SOCKET, common_socket_perm_to_string, 0x0000000001000000UL },
+   { SECCLASS_TCP_SOCKET, common_socket_perm_to_string, 0x0000000001000000UL },
+   { SECCLASS_UDP_SOCKET, common_socket_perm_to_string, 0x0000000001000000UL },
+   { SECCLASS_RAWIP_SOCKET, common_socket_perm_to_string, 0x0000000001000000UL },
+   { SECCLASS_NETLINK_SOCKET, common_socket_perm_to_string, 0x0000000001000000UL },
+   { SECCLASS_PACKET_SOCKET, common_socket_perm_to_string, 0x0000000001000000UL },
+   { SECCLASS_KEY_SOCKET, common_socket_perm_to_string, 0x0000000001000000UL },
+   { SECCLASS_UNIX_STREAM_SOCKET, common_socket_perm_to_string, 0x0000000001000000UL },
+   { SECCLASS_UNIX_DGRAM_SOCKET, common_socket_perm_to_string, 0x0000000001000000UL },
+   { SECCLASS_IPC, common_ipc_perm_to_string, 0x0000000000000200UL },
+   { SECCLASS_SEM, common_ipc_perm_to_string, 0x0000000000000200UL },
+   { SECCLASS_MSGQ, common_ipc_perm_to_string, 0x0000000000000200UL },
+   { SECCLASS_SHM, common_ipc_perm_to_string, 0x0000000000000200UL },
 };
 
 #define AV_INHERIT_SIZE (sizeof(av_inherit)/sizeof(av_inherit_t))

==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/av_perm_to_string.h#3 (text+ko) ====

@@ -91,14 +91,29 @@
    { SECCLASS_SYSTEM, SYSTEM__SYSLOG_MOD, "syslog_mod" },
    { SECCLASS_SYSTEM, SYSTEM__SYSLOG_CONSOLE, "syslog_console" },
    { SECCLASS_CAPABILITY, CAPABILITY__CHOWN, "chown" },
-   { SECCLASS_CAPABILITY, CAPABILITY__DAC_OVERRIDE, "dac_override" },
+   { SECCLASS_CAPABILITY, CAPABILITY__DAC_EXECUTE, "dac_execute" },
+   { SECCLASS_CAPABILITY, CAPABILITY__DAC_WRITE, "dac_write" },
    { SECCLASS_CAPABILITY, CAPABILITY__DAC_READ_SEARCH, "dac_read_search" },
    { SECCLASS_CAPABILITY, CAPABILITY__FOWNER, "fowner" },
    { SECCLASS_CAPABILITY, CAPABILITY__FSETID, "fsetid" },
    { SECCLASS_CAPABILITY, CAPABILITY__KILL, "kill" },
+   { SECCLASS_CAPABILITY, CAPABILITY__LINK_DIR, "link_dir" },
+   { SECCLASS_CAPABILITY, CAPABILITY__SETFCAP, "setfcap" },
    { SECCLASS_CAPABILITY, CAPABILITY__SETGID, "setgid" },
    { SECCLASS_CAPABILITY, CAPABILITY__SETUID, "setuid" },
+   { SECCLASS_CAPABILITY, CAPABILITY__MAC_DOWNGRADE, "mac_downgrade" },
+   { SECCLASS_CAPABILITY, CAPABILITY__MAC_READ, "mac_read" },
+   { SECCLASS_CAPABILITY, CAPABILITY__MAC_RELABEL_SUBJ, "mac_relabel_subj" },
+   { SECCLASS_CAPABILITY, CAPABILITY__MAC_UPGRADE, "mac_upgrade" },
+   { SECCLASS_CAPABILITY, CAPABILITY__MAC_WRITE, "mac_write" },
+   { SECCLASS_CAPABILITY, CAPABILITY__INF_NOFLOAT_OBJ, "inf_nofloat_obj" },
+   { SECCLASS_CAPABILITY, CAPABILITY__INF_NOFLOAT_SUBJ, "inf_nofloat_subj" },
+   { SECCLASS_CAPABILITY, CAPABILITY__INF_RELABEL_OBJ, "inf_relabel_obj" },
+   { SECCLASS_CAPABILITY, CAPABILITY__INF_RELABEL_SUBJ, "inf_relabel_subj" },
+   { SECCLASS_CAPABILITY, CAPABILITY__AUDIT_CONTROL, "audit_control" },
+   { SECCLASS_CAPABILITY, CAPABILITY__AUDIT_WRITE, "audit_write" },
    { SECCLASS_CAPABILITY, CAPABILITY__SETPCAP, "setpcap" },
+   { SECCLASS_CAPABILITY, CAPABILITY__XXX_INVALID1, "xxx_invalid1" },
    { SECCLASS_CAPABILITY, CAPABILITY__LINUX_IMMUTABLE, "linux_immutable" },
    { SECCLASS_CAPABILITY, CAPABILITY__NET_BIND_SERVICE, "net_bind_service" },
    { SECCLASS_CAPABILITY, CAPABILITY__NET_BROADCAST, "net_broadcast" },

==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/av_permissions.h#4 (text+ko) ====


==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/class_to_string.h#3 (text+ko) ====


==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/common_perm_to_string.h#3 (text+ko) ====


==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/initial_sid_to_string.h#3 (text+ko) ====


==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/flask/mkaccess_vector.sh#4 (text+ko) ====

@@ -136,7 +136,8 @@
 			}
 			printf("\n") > outfile;
 	
-			printf("   { SECCLASS_%s, common_%s_perm_to_string, 0x%08xUL },\n", toupper(tclass), inherits, permission) > inheritfile; 
+			printf("   { SECCLASS_%s, common_%s_perm_to_string, 0x%08x%08xUL },\n", toupper(tclass), inherits,
+				permission>32 ? 2^(permission-33) : 0, permission<33 ? 2^(permission-1) : 0) > inheritfile; 
 
 			nextstate = "CLASS_OR_CLASS-OPENBRACKET";
 			next;


More information about the p4-projects mailing list