PERFORCE change 104075 for review
Todd Miller
millert at FreeBSD.org
Tue Aug 15 17:54:55 UTC 2006
http://perforce.freebsd.org/chv.cgi?CH=104075
Change 104075 by millert at millert_macbook on 2006/08/15 17:53:18
Add sebsd_prev label namespace for getting at the previous sid.
Will be used by getprevcon() in libselinux.
Affected files ...
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#5 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.h#2 edit
Differences ...
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#5 (text+ko) ====
@@ -2936,9 +2936,6 @@
u_int32_t context_len;
int error;
- if (strcmp("sebsd", element_name) != 0)
- return (0);
-
error = security_sid_to_context(sid, &context, &context_len);
if (error)
return (error);
@@ -2949,16 +2946,35 @@
return (error);
}
-#define SEBSD_EXTERNALIZE_LABEL(n1,n2) \
+#define SEBSD_EXTERNALIZE_LABEL(n1,n2) \
static int sebsd_externalize_##n1##_label(struct label *label, \
char *element_name, struct sbuf *sb) \
{ \
struct n2##_security_struct *lsec; \
+ \
+ if (strcmp("sebsd", element_name) != 0) \
+ return (0); \
+ \
lsec = SLOT(label); \
return (sebsd_externalize_sid(lsec->sid, element_name, sb)); \
}
-SEBSD_EXTERNALIZE_LABEL(cred,task)
+static int sebsd_externalize_cred_label(struct label *label,
+ char *element_name, struct sbuf *sb)
+{
+ struct task_security_struct *tsec;
+ u_int32_t sid;
+
+ tsec = SLOT(label);
+ if (strcmp("sebsd_prev", element_name) == 0)
+ sid = tsec->osid;
+ else if (strcmp("sebsd", element_name) == 0)
+ sid = tsec->sid;
+ else
+ return (0);
+ return (sebsd_externalize_sid(sid, element_name, sb));
+}
+
SEBSD_EXTERNALIZE_LABEL(network,network)
SEBSD_EXTERNALIZE_LABEL(vnode,vnode)
SEBSD_EXTERNALIZE_LABEL(mount_fs,mount_fs)
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.h#2 (text+ko) ====
@@ -41,8 +41,8 @@
#define SEBSD_ID_STRING "sebsd"
#define SEBSD_MAC_EXTATTR_NAME "sebsd"
#define SEBSD_MAC_EXTATTR_NAMESPACE EXTATTR_NAMESPACE_SYSTEM
-#define SEBSD_MAC_LABEL_NAMESPACES "sebsd"
-#define SEBSD_MAC_LABEL_NAME_COUNT 1
+#define SEBSD_MAC_LABEL_NAMESPACES "sebsd","sebsd_prev"
+#define SEBSD_MAC_LABEL_NAME_COUNT 2
extern int sebsd_find_data(const char *key, void **valp, size_t *sizep);
#define sebsd_find_data(k, v, s) mac_find_module_data("sebsd", k, v, s)
More information about the trustedbsd-cvs
mailing list