PERFORCE change 76784 for review

Andrew Reisse areisse at FreeBSD.org
Tue May 10 06:43:01 PDT 2005 

http://perforce.freebsd.org/chv.cgi?CH=76784

Change 76784 by areisse at areisse_ibook on 2005/05/10 13:42:32

	Post-merge fixes:
	-Include file paths
	-32 vs 64bit access_vector_t
	-Conditional policy support

Affected files ...

.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/Makefile#3 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/avc.c#3 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd_syscall.c#3 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/conditional.c#2 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/conditional.h#2 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/policydb.c#3 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/services.c#3 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/Makefile#3 (text+ko) ====

@@ -5,7 +5,7 @@
 
 OBJS = sebsd.o sebsd_syscall.o sebsd_sysctl.o ss/avtab.o ss/ebitmap.o \
        ss/hashtab.o ss/init.o ss/policydb.o ss/queue.o ss/services.o \
-       ss/sidtab.o ss/symtab.o avc/avc.o ss/mach_av.o
+       ss/sidtab.o ss/symtab.o avc/avc.o ss/mach_av.o ss/conditional.o
 
 sedarwin.kext.tar: sedarwin.o
 

==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/avc.c#3 (text+ko) ====

@@ -96,11 +96,12 @@
 #else
 static inline void avc_cache_stats_incr(int type)
 { }
-	if (rc)
+
 static inline void avc_cache_stats_add(int type, unsigned val)
 { }
 #endif
 
+#if 0
 /**
  * avc_dump_av - Display an access vector in human-readable form.
  * @tclass: target security class
@@ -151,6 +152,7 @@
 
 	printk(" }");
 }
+#endif
 
 /**
  * avc_dump_query - Display a SID pair and a class in human-readable form.

==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd_syscall.c#3 (text+ko) ====

@@ -223,10 +223,11 @@
 }
 
 int
-sebsd_syscall(struct proc *td, int call, void *args)
+sebsd_syscall(struct proc *td, int call, void *args, int *retv)
 {
 	int err = EINVAL;
 	struct lp_args p;
+	struct sebsd_get_bools gb;
 
 	switch(call) {
 	case SEBSDCALL_LOAD_POLICY:
@@ -317,7 +318,7 @@
 		if (err)
 			return (err);
 		security_get_bool(str, &active, &pending);
-		*td->td_retval = active | (pending << 1);
+		*retv = active | (pending << 1);
 		return (0);
 	}
 
@@ -325,7 +326,7 @@
 	{
 		char *str;
 
-		err = thread_has_security(td, SECURITY__SETBOOL);
+		err = cred_has_security(td->p_ucred, SECURITY__SETBOOL);
 		if (err)
 			return (err);
 
@@ -346,7 +347,7 @@
 	}
 
 	case SEBSDCALL_COMMIT_BOOLS:
-		err = thread_has_security(td, SECURITY__SETBOOL);
+		err = cred_has_security(td->p_ucred, SECURITY__SETBOOL);
 		if (err)
 			return (err);
 

==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/conditional.c#2 (text+ko) ====

@@ -14,9 +14,9 @@
 #include <sys/systm.h>
 #endif /* FreeBSD _KERNEL */
 
-#include <security/sebsd/linux-compat.h>
-#include <security/sebsd/ss/security.h>
-#include <security/sebsd/ss/conditional.h>
+#include <sedarwin/linux-compat.h>
+#include <sedarwin/ss/security.h>
+#include <sedarwin/ss/conditional.h>
 
 /*
  * cond_evaluate_expr evaluates a conditional expr

==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/conditional.h#2 (text+ko) ====

@@ -10,10 +10,10 @@
 #ifndef _CONDITIONAL_H_
 #define _CONDITIONAL_H_
 
-#include <security/sebsd/ss/avtab.h>
-#include <security/sebsd/ss/symtab.h>
-#include <security/sebsd/ss/sidtab.h>
-#include <security/sebsd/ss/policydb.h>
+#include <sedarwin/ss/avtab.h>
+#include <sedarwin/ss/symtab.h>
+#include <sedarwin/ss/sidtab.h>
+#include <sedarwin/ss/policydb.h>
 
 #define COND_EXPR_MAXDEPTH 10
 

==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/policydb.c#3 (text+ko) ====

@@ -27,6 +27,7 @@
 #include <sedarwin/ss/services.h>
 #include <sedarwin/ss/security.h>
 #include <sedarwin/ss/mls.h>
+#include <sedarwin/ss/conditional.h>
 
 #define _DEBUG_HASHES
 

==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/services.c#3 (text+ko) ====

@@ -26,6 +26,7 @@
 #include <sedarwin/ss/services.h>
 #include <sedarwin/ss/security.h>
 #include <sedarwin/ss/mls.h>
+#include <sedarwin/ss/conditional.h>
 #include <sedarwin/avc/avc.h>
 #include <sedarwin/avc/avc_ss.h>
 #include <sys/socket.h>
@@ -221,9 +222,9 @@
 	 * Initialize the access vectors to the default values.
 	 */
 	avd->allowed = 0;
-	avd->decided = 0xffffffffffffffffLL;
+	avd->decided = 0xffffffff;
 	avd->auditallow = 0;
-	avd->auditdeny = 0xffffffffffffffffLL;
+	avd->auditdeny = 0xffffffff;
 	avd->seqno = latest_granting;
 
 	/*
@@ -310,7 +311,7 @@
 		avd->allowed = requested;
 		avd->decided = requested;
 		avd->auditallow = 0;
-		avd->auditdeny = 0xffffffffffffffffLL;
+		avd->auditdeny = 0xffffffffLL;
 		avd->seqno = latest_granting;
 		return 0;
 	}

More information about the p4-projects mailing list