PERFORCE change 138114 for review
Chris Vance
cvance at FreeBSD.org
Wed Mar 19 17:30:22 UTC 2008
http://perforce.freebsd.org/chv.cgi?CH=138114
Change 138114 by cvance at cvance_sony on 2008/03/19 17:29:32
Re-sync the externally visable sedarwin8 branch with the true
development repo.
This is a large number of changes including:
- fixing licenses in xnu/security/...
- fixing licenses for audit code developed under this project
- updating to 10.4.9
- updating mig to generate permission checks
- updating the sedarwin policy module
- updating launchd
Note that it's still PPC-only and not 100% current. We have
confirmed that it builds and runs.
Affected files ...
.. //depot/projects/trustedbsd/sedarwin8/Makefile#5 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/Makefile#7 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/bootstrap_cmds/Makefile#2 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/bootstrap_cmds/migcom.tproj/global.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/bootstrap_cmds/migcom.tproj/global.h#2 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/bootstrap_cmds/migcom.tproj/mig.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/bootstrap_cmds/migcom.tproj/mig.sh#2 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/build/bsd.mig.mk#2 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/Makefile#1 add
.. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/bin/Makefile#1 add
.. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/bin/Makefile.inc#1 add
.. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/bin/launchctl/Makefile#1 add
.. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/bin/wait4path/Makefile#1 add
.. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/etc/Makefile#1 add
.. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/libexec/ConsoleMessage/Makefile#1 add
.. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/libexec/Makefile#1 add
.. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/libexec/Makefile.inc#1 add
.. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/libexec/StartupItemContext/Makefile#1 add
.. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/libexec/launchproxy/Makefile#1 add
.. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/libexec/register_mach_bootstrap_servers/Makefile#1 add
.. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/sbin/Makefile#1 add
.. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/sbin/Makefile.inc#1 add
.. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/sbin/SystemStarter/Makefile#1 add
.. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/sbin/launchd/DAServer.defs#1 add
.. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/sbin/launchd/DNSServiceDiscoveryRequest.defs#1 add
.. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/sbin/launchd/DirectoryServiceMIG.defs#1 add
.. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/sbin/launchd/DirectoryServiceMIG_types.h#1 add
.. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/sbin/launchd/Makefile#1 add
.. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/sbin/launchd/README-defs#1 add
.. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/sbin/launchd/config.defs#1 add
.. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/sbin/launchd/eapolcontroller.defs#1 add
.. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/sbin/launchd/kextmanager_mig.defs#1 add
.. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/sbin/launchd/lookup.defs#1 add
.. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/sbin/launchd/memberd.defs#1 add
.. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/sbin/launchd/mkkmethods.pl#1 add
.. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/sbin/launchd/notify_ipc.defs#1 add
.. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/sbin/launchd/ocspd.defs#1 add
.. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/sbin/launchd/powermanagement.defs#1 add
.. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/sbin/launchd/pppcontroller.defs#1 add
.. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/sbin/launchd/self.defs#1 add
.. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/sbin/launchd/service.map#1 add
.. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/sbin/launchd/shared_dns_info.defs#1 add
.. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/sbin/launchd/ss_types.defs#1 add
.. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/sbin/launchd/ucsp.defs#1 add
.. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/sbin/launchd_debugd/Makefile#1 add
.. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/sbin/service/Makefile#1 add
.. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/src/bootstrap.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/src/rpc_services.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/network_cmds/ifconfig.tproj/Makefile.preamble#2 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/pam_modules/pam_afpmount/Makefile#3 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/bsm/Makefile#2 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/bsm/audit_kernel.h#6 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/conf/files#3 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_audit.c#9 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_audit_mac.c#1 add
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_descrip.c#11 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_proc.c#7 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/subr_log.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet/ip_icmp.c#9 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet/ip_output.c#7 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet/tcp_subr.c#9 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet6/ip6_output.c#6 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/sys/msgbuf.h#3 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/sys/proc.h#3 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/uxkern/ux_exception.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/vfs/vfs_attrlist.c#7 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/vfs/vfs_cache.c#6 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/vfs/vfs_syscalls.c#23 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/config/MACFramework.exports#10 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/makedefs/MakeInc.cmd#2 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/conf/Makefile#2 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/conf/Makefile.template#2 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/conf/files#2 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/ipc/ipc_kmsg.c#8 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/ipc/ipc_labelh.c#14 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/ipc/ipc_object.c#5 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/ipc/ipc_port.h#3 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/ipc/mach_port.c#6 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/kern/Makefile#2 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/kern/ipc_kobject.c#5 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/kern/mkkmethods.pl#1 add
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/kern/security.c#7 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/mach/port.h#3 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/mach/security.defs#4 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/ppc/model_dep.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_alloc.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_alloc.h#2 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_audit.c#6 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_base.c#34 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_file.c#11 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_framework.h#40 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_inet.c#5 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_mach_internal.h#10 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_net.c#14 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_policy.h#48 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_port.c#9 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_sysv_msg.c#7 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_vfs_subr.c#10 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/Makefile#6 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/filewatch/mac_filewatch.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/mls/mac_mls.c#28 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/include/selinux/av_permissions.h#6 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/include/selinux/flask.h#5 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/av_perm_to_string.h#5 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/class_to_string.h#5 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/include/sepol/policydb/flask.h#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/src/av_permissions.h#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/programs/relabel_gui/LabelDialog.m#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/programs/relabel_gui/Makefile#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/programs/relabel_gui/relabel_gui.pbproj/project.pbxproj#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/Makefile#9 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/Rules.modular#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/Rules.monolithic#9 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/flask/Makefile#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/flask/mkmig_av.pl#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/flask/mkmig_sc.pl#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules.conf#8 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/DirectoryService.te#10 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/KernelEventAgent.te#7 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/WindowServer.fc#6 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/WindowServer.te#15 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/configd.te#22 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/coreaudiod.te#11 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/coreservicesd.te#13 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/crashreporterd.te#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/diskarbitrationd.te#13 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/distnoted.te#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/dynamic_pager.te#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/kextd.te#11 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/loginwindow.te#19 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/lookupd.te#9 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/mDNSResponder.te#10 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/mds.fc#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/mds.te#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/memberd.te#9 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/netinfod.fc#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/netinfod.te#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/notifyd.te#10 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/securityd.te#17 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/update.te#7 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/kernel/kernel.te#6 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/automount.te#5 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/ntp.te#7 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/darwin.te#11 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/getty.te#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/init.te#17 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/logging.te#8 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/MISSING_ENTRIES.txt#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/avc/av_perm_to_string.h#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/avc/av_permissions.h#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/avc/avc.c#23 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/avc/class_to_string.h#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/flask.h#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#79 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd_sysctl.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/ss/mach_av.c#8 edit
Differences ...
==== //depot/projects/trustedbsd/sedarwin8/Makefile#5 (text+ko) ====
@@ -2,7 +2,7 @@
ifneq "$(word 6, $(shell gcc_select))" "3.3"
$(error Build requires GCC version 3.3. Use 'gcc_select 3.3' to change.)
endif
-ifneq "$(shell uname -r)" "8.8.0"
+ifneq "$(shell uname -r)" "8.9.0"
$(error Build requires Mac OS X 10.4.8/Darwin 8.8)
endif
==== //depot/projects/trustedbsd/sedarwin8/darwin/Makefile#7 (text+ko) ====
@@ -4,11 +4,10 @@
all:
$(MAKE) -C Libstreams
- $(MAKE) -C bootstrap_cmds tools
+ $(MAKE) -C bootstrap_cmds
$(MAKE) -C cctools
$(MAKE) -C kext_tools
$(MAKE) -C $(XNU)
- $(MAKE) -C bootstrap_cmds
bsdmake -C libmac
$(MAKE) -C mac_cmds
$(MAKE) -C adv_cmds/ps.tproj all
@@ -18,7 +17,7 @@
$(MAKE) -C pam_modules/pam_lctx
$(MAKE) -C pam_modules/pam_mac_console
$(MAKE) -C etc
- $(MAKE) -C launchd/src
+ bsdmake -C launchd/build/sbin/launchd
$(MAKE) -C netinfo/servers/notifyd
$(MAKE) -C network_cmds/ifconfig.tproj
@@ -39,7 +38,8 @@
$(MAKE) -C pam_modules/pam_lctx DSTROOT=$(DESTDIR) install
$(MAKE) -C pam_modules/pam_mac_console DSTROOT=$(DESTDIR) install
$(MAKE) -C etc install
- $(MAKE) -C launchd/src install
+ bsdmake -C launchd/build/sbin/launchd install
+ bsdmake -C launchd/build/etc install
$(MAKE) -C netinfo/servers/notifyd install
$(MAKE) -C network_cmds/ifconfig.tproj install
@@ -59,6 +59,6 @@
$(MAKE) -C pam_modules/pam_lctx clean
$(MAKE) -C pam_modules/pam_mac_console clean
$(MAKE) -C etc clean
- $(MAKE) -C launchd/src clean
+ bsdmake -C launchd/build/sbin/launchd clean
$(MAKE) -C netinfo/servers/notifyd clean
$(MAKE) -C network_cmds/ifconfig.tproj clean
==== //depot/projects/trustedbsd/sedarwin8/darwin/bootstrap_cmds/Makefile#2 (text+ko) ====
@@ -6,6 +6,8 @@
all:
cd migcom.tproj && make
+ cd decomment.tproj && make
+ cd relpath.tproj && make
clean:
cd decomment.tproj && make clean
@@ -14,7 +16,3 @@
install:
cd migcom.tproj && make install
-
-tools:
- cd decomment.tproj && make
- cd relpath.tproj && make
==== //depot/projects/trustedbsd/sedarwin8/darwin/bootstrap_cmds/migcom.tproj/global.c#2 (text+ko) ====
@@ -70,6 +70,7 @@
boolean_t ShortCircuit = FALSE;
boolean_t UseRPCTrap = FALSE;
boolean_t TestRPCTrap= FALSE;
+boolean_t MethodDump = FALSE;
boolean_t IsKernelUser = FALSE;
boolean_t IsKernelServer = FALSE;
==== //depot/projects/trustedbsd/sedarwin8/darwin/bootstrap_cmds/migcom.tproj/global.h#2 (text+ko) ====
@@ -71,6 +71,7 @@
extern boolean_t ShortCircuit;
extern boolean_t UseRPCTrap;
extern boolean_t TestRPCTrap;
+extern boolean_t MethodDump;
extern boolean_t IsKernelUser;
extern boolean_t IsKernelServer;
==== //depot/projects/trustedbsd/sedarwin8/darwin/bootstrap_cmds/migcom.tproj/mig.c#2 (text+ko) ====
@@ -55,6 +55,7 @@
/*
* Switches are;
+ * -M Dump methods.
* -[v,Q] verbose or not quiet: prints out type
* and routine information as mig runs.
* -[V,q] not verbose or quiet : don't print
@@ -117,6 +118,7 @@
extern int yyparse();
static FILE *myfopen();
+static void DumpMethods(void);
static void
parseArgs(argc, argv)
@@ -258,6 +260,9 @@
else
fatal("unknown flag: '%s'", argv[0]);
break;
+ case 'M':
+ MethodDump = TRUE;
+ break;
case 'X':
ShortCircuit = FALSE;
break;
@@ -303,6 +308,11 @@
more_global();
+ if (MethodDump) {
+ DumpMethods();
+ exit(0);
+ }
+
uheader = myfopen(UserHeaderFileName, "w");
if (!UserFilePrefix)
user = myfopen(UserFileName, "w");
@@ -410,3 +420,24 @@
return file;
}
+
+static void
+DumpMethods(void)
+{
+ register statement_t *stat;
+ int fnum;
+ char *fname;
+ int first = TRUE;
+
+ printf("%s@%d:", SubsystemName, SubsystemBase);
+ for (stat = stats; stat != stNULL; stat = stat->stNext) {
+ if (stat->stKind != skRoutine)
+ continue;
+ fnum = SubsystemBase + stat->stRoutine->rtNumber;
+ fname = stat->stRoutine->rtName;
+ printf("%s%s@%d", first ? " " : ", ", fname, fnum);
+ if (first)
+ first = FALSE;
+ }
+ printf("\n");
+}
==== //depot/projects/trustedbsd/sedarwin8/darwin/bootstrap_cmds/migcom.tproj/mig.sh#2 (text+ko) ====
@@ -66,7 +66,7 @@
until [ $# -eq 0 ]
do
case "$1" in
- -[dtqkKQvVtTrRsSlLxX] ) migflags="$migflags $1"; shift;;
+ -[dtqkKQvVtTrRsSlLxXM] ) migflags="$migflags $1"; shift;;
-i ) sawI=1; migflags="$migflags $1 $2"; shift; shift;;
-user ) user="$2"; if [ ! "${sawI-}" ]; then migflags="$migflags $1 $2"; fi; shift; shift;;
-server ) server="$2"; migflags="$migflags $1 $2"; shift; shift;;
==== //depot/projects/trustedbsd/sedarwin8/darwin/build/bsd.mig.mk#2 (text+ko) ====
@@ -13,24 +13,24 @@
CLEANFILES+= ${_MH}
.if !empty(MIG_USER:M${_MH:R})
-${_MH:R:U}_USER= ${_MH:R}User.c
+${_MH:R:U}_USER=-user ${_MH:R}User.c
SRCS+= ${_MH:R}User.c
CLEANFILES+= ${_MH:R}User.c
${_MH:R}User.c: ${_MH}
.else
-${_MH:R:U}_USER= /dev/null
+${_MH:R:U}_USER=-user /dev/null
.endif
.if !empty(MIG_SERVER:M${_MH:R})
-${_MH:R:U}_SERVER= ${_MH:R}Server.c
+${_MH:R:U}_SERVER=-server ${_MH:R}Server.c -sheader ${_MH:R}Server.h
SRCS+= ${_MH:R}Server.c
-CLEANFILES+= ${_MH:R}Server.c
+CLEANFILES+= ${_MH:R}Server.c ${_MH:R}Server.h
${_MH:R}Server.c: ${_MH}
.else
-${_MH:R:U}_SERVER= /dev/null
+${_MH:R:U}_SERVER=-server /dev/null
.endif
${_MH}: ${_MSRC}
- ${MIG} -server ${${_MH:R:U}_SERVER} -user ${${_MH:R:U}_USER} ${.ALLSRC}
+ ${MIG} ${${_MH:R:U}_SERVER} ${${_MH:R:U}_USER} ${.ALLSRC}
.endfor
.endfor
==== //depot/projects/trustedbsd/sedarwin8/darwin/launchd/src/bootstrap.c#3 (text+ko) ====
@@ -69,6 +69,9 @@
#include "lists.h"
#include "launchd.h"
+extern void register_subsystems (void);
+extern kern_return_t service_register (task_t, mach_port_t, const char *);
+
/* Mig should produce a declaration for this, but doesn't */
extern boolean_t bootstrap_server(mach_msg_header_t *InHeadP, mach_msg_header_t *OutHeadP);
@@ -77,7 +80,7 @@
bool forward_ok = false;
bool debugging = false;
bool register_self = false;
-const char *register_name = NULL;
+const char *register_name = "com.apple.bootstrap";
task_t bootstrap_self = MACH_PORT_NULL;
static uid_t inherited_uid = 0;
@@ -169,6 +172,7 @@
inherited_uid = getuid();
getaudit(&inherited_audit);
init_lists();
+ register_subsystems();
init_ports();
result = task_get_bootstrap_port(bootstrap_self, &inherited_bootstrap_port);
@@ -233,6 +237,13 @@
if (result != KERN_SUCCESS)
panic("mach_port_allocate(): %s", mach_error_string(result));
+ result = service_register(
+ bootstrap_self,
+ notify_port,
+ "com.apple.bootstrap.notify");
+ if (result != KERN_SUCCESS)
+ panic("service_register(): %s", mach_error_string(result));
+
result = mach_port_move_member(
bootstrap_self,
notify_port,
@@ -262,6 +273,14 @@
&bootstraps.bootstrap_port);
if (result != KERN_SUCCESS)
panic("mach_port_allocate(): %s", mach_error_string(result));
+
+ result = service_register(
+ bootstrap_self,
+ bootstraps.bootstrap_port,
+ register_name);
+ if (result != KERN_SUCCESS)
+ panic("service_register(): %s", mach_error_string(result));
+
result = mach_port_insert_right(
bootstrap_self,
bootstraps.bootstrap_port,
==== //depot/projects/trustedbsd/sedarwin8/darwin/launchd/src/rpc_services.c#2 (text+ko) ====
@@ -48,6 +48,8 @@
#ifndef NULL
#define NULL ((void *)0)
#endif NULL
+
+extern kern_return_t service_register (task_t, mach_port_t, const char *);
#define bsstatus(servicep) \
(((servicep)->isActive) ? BOOTSTRAP_STATUS_ACTIVE : \
@@ -731,6 +733,13 @@
if (result != KERN_SUCCESS)
panic("mach_port_allocate(): %s", mach_error_string(result));
+ result = service_register(
+ mach_task_self(),
+ new_bootstrapport,
+ "com.apple.bootstrap");
+ if (result != KERN_SUCCESS)
+ panic("service_register(): %s", mach_error_string(result));
+
result = mach_port_insert_right(
mach_task_self(),
new_bootstrapport,
@@ -822,6 +831,14 @@
serviceportp);
if (result != KERN_SUCCESS)
panic("port_allocate(): %s", mach_error_string(result));
+
+ result = service_register(
+ mach_task_self(),
+ *serviceportp,
+ servicename);
+ if (result != KERN_SUCCESS)
+ panic("service_register(): %s", mach_error_string(result));
+
result = mach_port_insert_right(mach_task_self(),
*serviceportp,
*serviceportp,
==== //depot/projects/trustedbsd/sedarwin8/darwin/network_cmds/ifconfig.tproj/Makefile.preamble#2 (text+ko) ====
@@ -1,4 +1,4 @@
OTHER_GENERATED_OFILES = $(VERS_OFILE)
-include ../Makefile.include
-OTHER_CFLAGS += -I../../xnu -I../../xnu/bsd -DUSE_IF_MEDIA -DINET6 -DNO_IPX -DUSE_VLANS -DUSE_BONDS -DUSE_MAC
+OTHER_CFLAGS += -I$(DARWIN) -I$(DARWIN)/bsd -DUSE_IF_MEDIA -DINET6 -DNO_IPX -DUSE_VLANS -DUSE_BONDS -DUSE_MAC
LIBS += $(LIBMAC)
==== //depot/projects/trustedbsd/sedarwin8/darwin/pam_modules/pam_afpmount/Makefile#3 (text+ko) ====
@@ -30,4 +30,4 @@
DPADD= ${LIBKRB} ${LIBCRYPTO} ${LIBCOM_ERR}
LDADD= -lkrb -lcrypto -lcom_err
-.include <bsd.lib.mk>+.include <bsd.lib.mk>
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/bsm/Makefile#2 (text+ko) ====
@@ -22,7 +22,7 @@
DATAFILES = \
audit.h audit_record.h audit_kevents.h
KERNFILES = \
- audit.h
+ audit.h audit_kernel.h
INSTALL_MI_LIST = ${DATAFILES}
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/bsm/audit_kernel.h#6 (text+ko) ====
@@ -289,6 +289,7 @@
int retval);
void audit_init(void);
void audit_shutdown(void);
+int audit_have_record(void);
struct kaudit_record *audit_new(int event, struct proc *p,
struct uthread *uthread);
@@ -386,16 +387,6 @@
struct proc *child);
void audit_proc_free(struct proc *p);
-#ifdef MAC
-/*
- * audit_mac_data() is the MAC Framework's entry point to the audit subsystem.
- * It currently creates only text and data audit tokens.
- */
-int audit_mac_data(int type, int len, u_char *data);
-void audit_arg_mac_string(const char *string);
-
-#endif
-
/*
* Define a macro to wrap the audit_arg_* calls by checking the global
* audit_enabled flag before performing the actual call.
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/conf/files#3 (text+ko) ====
@@ -475,6 +475,7 @@
bsd/kern/kern_acct.c standard
bsd/kern/kern_aio.c standard
bsd/kern/kern_audit.c standard
+bsd/kern/kern_audit_mac.c standard
bsd/kern/kern_authorization.c standard
bsd/kern/kern_bsm_token.c standard
bsd/kern/kern_bsm_audit.c standard
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_audit.c#9 (text+ko) ====
@@ -79,8 +79,6 @@
#include <security/mac.h>
#include <security/mac_framework.h>
#include <security/mac_policy.h>
-#define MAC_ARG_PREFIX "arg: "
-#define MAC_ARG_PREFIX_LEN 5
#endif
#include <net/route.h>
@@ -815,6 +813,18 @@
return (curuthread()->uu_ar);
}
+/*
+ * audit_have_record can be used by a security policy to determine
+ * if an audit record will be stored, reducing wasted memory allocation
+ * and string handling.
+ */
+int
+audit_have_record(void)
+{
+
+ return (audit_enabled && currecord() != NULL);
+}
+
/**********************************
* Begin system calls. *
**********************************/
@@ -2593,86 +2603,6 @@
file_drop(fd);
}
-#ifdef MAC
-/*
- * This function is called by the MAC Framework to add audit data
- * from a policy to the current audit record.
- */
-int
-audit_mac_data(int type, int len, u_char *data) {
- struct kaudit_record *cur;
- struct mac_audit_record *record;
- int ret;
-
- if (audit_enabled == 0) {
- ret = ENOTSUP;
- goto out_fail;
- }
-
- cur = currecord();
- if (cur == NULL) {
- ret = ENOTSUP;
- goto out_fail;
- }
-
- /*
- * kalloc() uses the Mach zone allocator. For the small size
- * we are allocating here, the zone allocator will never return
- * NULL.
- */
- record = (struct mac_audit_record *)kalloc(sizeof(*record));
-
- record->type = type;
- record->length = len;
- record->data = data;
- LIST_INSERT_HEAD(cur->k_ar.ar_mac_records, record, records);
-
- return (0);
-
-out_fail:
- kfree(data, len);
- return (ret);
-}
-
-void
-audit_arg_mac_string(const char *string)
-{
- struct kaudit_record *ar;
-
- ar = currecord();
- if (ar == NULL)
- return;
-
- if (ar->k_ar.ar_arg_mac_string == NULL) {
- ar->k_ar.ar_arg_mac_string =
- (char *)kalloc(MAC_MAX_LABEL_BUF_LEN + MAC_ARG_PREFIX_LEN);
- /* This should be rare event. If kalloc() returns NULL, the
- * system is low on memory. To meet the requirement that no
- * auditable events be incompletely audited, we panic here.
- */
- if (ar->k_ar.ar_arg_mac_string == NULL)
- panic("Memory allocation failure when auditing MAC system call.");
- }
- strncpy(ar->k_ar.ar_arg_mac_string, MAC_ARG_PREFIX, MAC_ARG_PREFIX_LEN);
- strcpy(ar->k_ar.ar_arg_mac_string + MAC_ARG_PREFIX_LEN, string);
- ar->k_ar.ar_valid_arg |= ARG_MAC_STRING;
-
-}
-#endif /* MAC */
-
-/*
- * kau_will_audit can be used by a security policy to determine
- * if an audit record will be stored, reducing wasted memory allocation
- * and string handling.
- */
-
-int
-kau_will_audit(void)
-{
-
- return (audit_enabled && currecord() != NULL);
-}
-
#else /* !AUDIT */
void
@@ -2741,17 +2671,10 @@
return (ENOSYS);
}
-#ifdef MAC
-void
-audit_mac_data(int type, int len, u_char *data)
-{
-}
-
int
-kau_will_audit()
+audit_have_record(void)
{
return (0);
}
-#endif
#endif /* AUDIT */
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_descrip.c#11 (text+ko) ====
@@ -704,7 +704,6 @@
error = vnode_setsize(vp, offset, IO_NOZEROFILL,
&context);
}
-
(void)vnode_put(vp);
goto outdrop;
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_proc.c#7 (text+ko) ====
@@ -363,6 +363,16 @@
return(0);
}
+char *
+proc_procname(proc_t p, char * buf, int size)
+{
+
+ strncpy(buf, &p->p_comm[0], size);
+ buf[size-1] = 0;
+
+ return (buf);
+}
+
void
proc_name(int pid, char * buf, int size)
{
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/subr_log.c#3 (text+ko) ====
@@ -167,7 +167,9 @@
register long l;
register int s;
int error = 0;
+#if 0
char localbuff[MSG_BSIZE];
+#endif
int copybytes;
LOG_LOCK();
@@ -205,11 +207,16 @@
l = min(l, uio_resid(uio));
if (l == 0)
break;
+#if 0
bcopy(&msgbufp->msg_bufc[msgbufp->msg_bufr], &localbuff[0], l);
LOG_UNLOCK();
error = uiomove((caddr_t)&localbuff[0],
(int)l, uio);
LOG_LOCK();
+#else
+ error = uiomove((caddr_t)&msgbufp->msg_bufc[msgbufp->msg_bufr],
+ (int)l, uio);
+#endif
if (error)
break;
msgbufp->msg_bufr += l;
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet/ip_icmp.c#9 (text+ko) ====
@@ -62,7 +62,7 @@
* @(#)ip_icmp.c 8.2 (Berkeley) 1/4/94
*/
/*
- * NOTICE: This file was modified by SPARTA, Inc. in 2005 to introduce
+ * NOTICE: This file was modified by SPARTA, Inc. in 2007 to introduce
* support for mandatory and extensible security protections. This notice
* is included in support of clause 2.2 (b) of the Apple Public License,
* Version 2.0.
@@ -731,7 +731,7 @@
}
lck_mtx_unlock(rt_mtx);
#ifdef MAC
- mac_netinet_icmp_reply(m);
+ mac_mbuf_label_associate_icmp_reply(m);
#endif
t = IA_SIN(ia)->sin_addr;
ip->ip_src = t;
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet/ip_output.c#7 (text+ko) ====
@@ -63,7 +63,7 @@
* $FreeBSD: src/sys/netinet/ip_output.c,v 1.99.2.16 2001/07/19 06:37:26 kris Exp $
*/
/*
- * NOTICE: This file was modified by SPARTA, Inc. in 2005 to introduce
+ * NOTICE: This file was modified by SPARTA, Inc. in 2007 to introduce
* support for mandatory and extensible security protections. This notice
* is included in support of clause 2.2 (b) of the Apple Public License,
* Version 2.0.
@@ -1294,7 +1294,7 @@
m->m_pkthdr.csum_flags = m0->m_pkthdr.csum_flags;
m->m_pkthdr.socket_id = m0->m_pkthdr.socket_id;
#ifdef MAC
- mac_netinet_fragment(m0, m);
+ mac_mbuf_label_copy_fragment(m0, m);
#endif
HTONS(mhip->ip_off);
mhip->ip_sum = 0;
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet/tcp_subr.c#9 (text+ko) ====
@@ -63,7 +63,7 @@
* $FreeBSD: src/sys/netinet/tcp_subr.c,v 1.73.2.22 2001/08/22 00:59:12 silby Exp $
*/
/*
- * NOTICE: This file was modified by SPARTA, Inc. in 2005 to introduce
+ * NOTICE: This file was modified by SPARTA, Inc. in 2007 to introduce
* support for mandatory and extensible security protections. This notice
* is included in support of clause 2.2 (b) of the Apple Public License,
* Version 2.0.
@@ -587,7 +587,7 @@
* Packet is not associated with a socket, so possibly
* update the label in place.
*/
- mac_netinet_tcp_reply(m);
+ mac_mbuf_label_associate_tcp_reply(m);
}
#endif
nth->th_seq = htonl(seq);
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet6/ip6_output.c#6 (text+ko) ====
@@ -65,7 +65,7 @@
* @(#)ip_output.c 8.3 (Berkeley) 1/21/94
*/
/*
- * NOTICE: This file was modified by SPARTA, Inc. in 2005 to introduce
+ * NOTICE: This file was modified by SPARTA, Inc. in 2007 to introduce
* support for mandatory and extensible security protections. This notice
* is included in support of clause 2.2 (b) of the Apple Public License,
* Version 2.0.
@@ -1109,7 +1109,7 @@
m->m_pkthdr.rcvif = 0;
m->m_pkthdr.socket_id = m0->m_pkthdr.socket_id;
#ifdef MAC
- mac_netinet_fragment(m0, m);
+ mac_mbuf_label_copy_fragment(m0, m);
#endif
ip6f->ip6f_reserved = 0;
ip6f->ip6f_ident = id;
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/sys/msgbuf.h#3 (text+ko) ====
@@ -65,7 +65,7 @@
#ifndef _SYS_MSGBUF_H_
#define _SYS_MSGBUF_H_
-#define MSG_BSIZE (4096 - 3 * sizeof(long))
+#define MSG_BSIZE ((64 * 1024) - 3 * sizeof(long))
struct msgbuf {
#define MSG_MAGIC 0x063061
long msg_magic;
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/sys/proc.h#3 (text+ko) ====
@@ -247,6 +247,7 @@
* routine is to be used typically for debugging
*/
void proc_name(int pid, char * buf, int size);
+char *proc_procname(proc_t p, char *buf, int size);
/* This routine is simillar to proc_name except it returns for current process */
void proc_selfname(char * buf, int size);
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/uxkern/ux_exception.c#3 (text+ko) ====
@@ -177,7 +177,11 @@
else if (result == MACH_RCV_TOO_LARGE)
/* ignore oversized messages */;
else
+#if 0
panic("exception_handler");
+#else
+ printf("exception_handler, result %d", result);
+#endif
}
thread_funnel_set(kernel_flock, FALSE);
}
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/vfs/vfs_attrlist.c#7 (text+ko) ====
@@ -441,7 +441,9 @@
static int
-getvolattrlist(vnode_t vp, struct getattrlist_args *uap, struct attrlist *alp, vfs_context_t ctx, int is_64bit)
+getvolattrlist(vnode_t vp, struct componentname *vcnp,
+ struct getattrlist_args *uap, struct attrlist *alp,
+ vfs_context_t ctx, int is_64bit)
{
struct vfs_attr vs;
struct vnode_attr va;
@@ -697,15 +699,15 @@
*/
if (perms & W_OK)
if (mac_vnode_check_access(vfs_context_ucred(ctx),
- vp, cnp, W_OK) != 0)
+ vp, vcnp, W_OK) != 0)
perms &= ~W_OK;
if (perms & R_OK)
if (mac_vnode_check_access(vfs_context_ucred(ctx),
- vp, cnp, R_OK) != 0)
+ vp, vcnp, R_OK) != 0)
perms &= ~R_OK;
if (perms & X_OK)
if (mac_vnode_check_access(vfs_context_ucred(ctx),
- vp, cnp, X_OK) != 0)
+ vp, vcnp, X_OK) != 0)
perms &= ~X_OK;
#endif /* MAC */
KAUTH_DEBUG("ATTRLIST - returning user access %x", perms);
@@ -837,7 +839,6 @@
if ((error = namei(&nd)) != 0)
goto out;
vp = nd.ni_vp;
- nameidone(&nd);
/*
* Fetch the attribute request.
@@ -870,7 +871,7 @@
goto out;
}
/* handle volume attribute request */
- error = getvolattrlist(vp, uap, &al, &context, proc_is64bit(p));
+ error = getvolattrlist(vp, &nd.ni_cnd, uap, &al, &context, proc_is64bit(p));
goto out;
}
@@ -1195,15 +1196,15 @@
*/
if (perms & W_OK)
if (mac_vnode_check_access(vfs_context_ucred(&context),
- vp, cnp, W_OK) != 0)
+ vp, &nd.ni_cnd, W_OK) != 0)
perms &= ~W_OK;
if (perms & R_OK)
if (mac_vnode_check_access(vfs_context_ucred(&context),
- vp, cnp, R_OK) != 0)
+ vp, &nd.ni_cnd, R_OK) != 0)
perms &= ~R_OK;
if (perms & X_OK)
if (mac_vnode_check_access(vfs_context_ucred(&context),
- vp, cnp, X_OK) != 0)
+ vp, &nd.ni_cnd, X_OK) != 0)
perms &= ~X_OK;
#endif /* MAC */
VFS_DEBUG(ctx, vp, "ATTRLIST - granting perms %d", perms);
@@ -1322,6 +1323,7 @@
error = copyout(ab.base, uap->attributeBuffer, imin(uap->bufferSize, ab.allocated));
out:
+ nameidone(&nd);
if (va.va_name)
kfree(va.va_name, MAXPATHLEN);
if (vname)
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/vfs/vfs_cache.c#6 (text+ko) ====
@@ -1167,12 +1167,14 @@
void
name_cache_lock(void)
{
+ lck_mtx_assert(namecache_mtx_lock, LCK_MTX_ASSERT_NOTOWNED);
lck_mtx_lock(namecache_mtx_lock);
}
void
name_cache_unlock(void)
{
+ lck_mtx_assert(namecache_mtx_lock, LCK_MTX_ASSERT_OWNED);
lck_mtx_unlock(namecache_mtx_lock);
}
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/vfs/vfs_syscalls.c#23 (text+ko) ====
@@ -2541,7 +2541,7 @@
* Check access permissions.
*/
static int
-access1(vnode_t vp, vnode_t dvp, struct component *cnp, int uflags,
+access1(vnode_t vp, vnode_t dvp, struct componentname *cnp, int uflags,
vfs_context_t ctx)
{
kauth_action_t action;
@@ -2713,6 +2713,9 @@
vp = nd.ni_vp;
if (wantdelete)
dvp = nd.ni_dvp;
+ /* run this access check */
+ result[i] = access1(vp, dvp, &nd.ni_cnd, input[i].ad_flags,
+ &context);
}
nameidone(&nd);
}
@@ -2728,9 +2731,7 @@
result[i] = error;
break;
case 0:
- /* run this access check */
- result[i] = access1(vp, dvp, NULL, input[i].ad_flags,
- &context);
+ /* Handled above */
break;
default:
>>> TRUNCATED FOR MAIL (1000 lines) <<<
More information about the p4-projects
mailing list