PERFORCE change 90905 for review

Todd Miller millert at FreeBSD.org
Wed Feb 1 15:09:53 PST 2006 

http://perforce.freebsd.org/chv.cgi?CH=90905

Change 90905 by millert at millert_g4tower on 2006/02/01 23:09:27

	We only want/need a single copy of the flask dir in the
	source tree.  When installing the policy dir, just copy the
	flask bits from the sedarwin sources.  Also sync the generated
	headers with the flask access_vectors file.

Affected files ...

.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/policy/Makefile#6 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/policy/excludes#2 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/policy/flask/Makefile#4 delete
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/policy/flask/access_vectors#6 delete
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/policy/flask/initial_sids#4 delete
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/policy/flask/mkaccess_vector.sh#4 delete
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/policy/flask/mkflask.sh#4 delete
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/policy/flask/security_classes#5 delete
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/av_perm_to_string.h#5 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/av_permissions.h#5 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/class_to_string.h#4 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/flask.h#5 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/flask/access_vectors#5 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/policy/Makefile#6 (text+ko) ====

@@ -2,14 +2,15 @@
 include $(DARWIN_ROOT)/build/Mig.mk
 
 POLICY= policy.16
+FLASK= ../sedarwin/flask
 SCRIPTS= create-extattr.sh sebsd-relabel.sh
 INSTALL?= install
 
 all: $(POLICY) sebsd_migscs
 
-INPUTS = flask/security_classes mig_classes initial_sids \
-	flask/access_vectors mig_access_vectors rules.m4 users initial_sid_contexts fs_use \
-	devfs
+INPUTS = $(FLASK)/security_classes mig_classes initial_sids \
+	$(FLASK)/access_vectors mig_access_vectors rules.m4 users \
+	initial_sid_contexts fs_use devfs
 
 policy.conf: $(INPUTS)
 	cat $(INPUTS) > policy.conf
@@ -38,12 +39,13 @@
 	$(INSTALL) -o ${BINOWN} -g ${BINGRP} -m 644 sebsd_migscs ${DESTDIR}
 	$(INSTALL) -o ${BINOWN} -g ${BINGRP} -m 644 failsafe_context ${DESTDIR}/private/etc/sedarwin
 	$(INSTALL) -o ${BINOWN} -g ${BINGRP} -m 700 ${SCRIPTS} ${DESTDIR}/private/etc/sedarwin
-	(cd $(CURDIR)/..; tar -X policy/excludes -cf - policy) | (cd $(DESTDIR)/private/etc/sedarwin/; tar -xf -)
+	(cd $(CURDIR)/.. && tar -X policy/excludes -cf - policy) | (cd $(DESTDIR)/private/etc/sedarwin/ && tar -xf -)
+	(cd $(FLASK)/.. && tar -cf - flask) | (cd $(DESTDIR)/private/etc/sedarwin/policy && tar -xf -)
 	cp -f Makefile.install $(DESTDIR)/private/etc/sedarwin/policy/Makefile
 
 # Mig security classes and access vectors
 
-DEFS = $(DARWIN_ROOT)/system_cmds/mach_init.tproj/bootstrap.defs
+DEFS = $(DARWIN_ROOT)/system_cmds/mach_init.tproj/bootstrap.defs $(DARWIN_ROOT)/netinfo/servers/notifyd/notify_ipc.defs $(DARWIN_ROOT)/../../examples/mig/mtest.defs
 
 mig_msgids: $(DEFS)
 	echo > $@
@@ -56,5 +58,5 @@
 mig_classes: mig_access_vectors
 	grep '^class' $< > $@
 
-sebsd_migscs: flask/security_classes mig_msgids
-	cat flask/security_classes mig_msgids | perl migscs.pl
+sebsd_migscs: $(FLASK)/security_classes mig_msgids
+	cat $(FLASK)/security_classes mig_msgids | perl migscs.pl

==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/policy/excludes#2 (text+ko) ====

@@ -3,3 +3,4 @@
 policy/create-extattr.sh
 policy/sebsd-relabel.sh
 policy/failsafe_context
+policy/flask

==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/av_perm_to_string.h#5 (text+ko) ====

@@ -124,7 +124,6 @@
    { SECCLASS_CAPABILITY, CAPABILITY__SYS_TIME, "sys_time" },
    { SECCLASS_CAPABILITY, CAPABILITY__SYS_TTY_CONFIG, "sys_tty_config" },
    { SECCLASS_CAPABILITY, CAPABILITY__MKNOD, "mknod" },
-   { SECCLASS_CAPABILITY, CAPABILITY__LEASE, "lease" },
    { SECCLASS_MACH_PORT, MACH_PORT__RELABELFROM, "relabelfrom" },
    { SECCLASS_MACH_PORT, MACH_PORT__RELABELTO, "relabelto" },
    { SECCLASS_MACH_PORT, MACH_PORT__SEND, "send" },
@@ -136,11 +135,6 @@
    { SECCLASS_MACH_PORT, MACH_PORT__HOLD_RECV, "hold_recv" },
    { SECCLASS_MACH_TASK, MACH_TASK__TERMINATE, "terminate" },
    { SECCLASS_MACH_TASK, MACH_TASK__SET_SPECIAL_PORT, "set_special_port" },
-   { SECCLASS_MACH_NAMES, MACH_NAMES__REGISTER, "register" },
-   { SECCLASS_MACH_NAMES, MACH_NAMES__LOOK_UP, "look_up" },
-   { SECCLASS_MACH_NAMES, MACH_NAMES__GETPARENT, "getparent" },
-   { SECCLASS_MACH_NAMES, MACH_NAMES__MAKESUBSET, "makesubset" },
-   { SECCLASS_MACH_NAMES, MACH_NAMES__CREATE_SERVER, "create_server" },
 };
 
 #define AV_PERM_TO_STRING_SIZE (sizeof(av_perm_to_string)/sizeof(av_perm_to_string_t))

==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/av_permissions.h#5 (text+ko) ====

@@ -600,7 +600,6 @@
 #define CAPABILITY__SYS_TIME                      0x0000000010000000UL
 #define CAPABILITY__SYS_TTY_CONFIG                0x0000000020000000UL
 #define CAPABILITY__MKNOD                         0x0000000040000000UL
-#define CAPABILITY__LEASE                         0x000000007fffffffUL
 
 #define MACH_PORT__RELABELFROM                    0x0000000000000001UL
 #define MACH_PORT__RELABELTO                      0x0000000000000002UL
@@ -615,11 +614,5 @@
 #define MACH_TASK__TERMINATE                      0x0000000000000001UL
 #define MACH_TASK__SET_SPECIAL_PORT               0x0000000000000002UL
 
-#define MACH_NAMES__REGISTER                      0x0000000000000001UL
-#define MACH_NAMES__LOOK_UP                       0x0000000000000002UL
-#define MACH_NAMES__GETPARENT                     0x0000000000000004UL
-#define MACH_NAMES__MAKESUBSET                    0x0000000000000008UL
-#define MACH_NAMES__CREATE_SERVER                 0x0000000000000010UL
-
 
 /* FLASK */

==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/class_to_string.h#4 (text+ko) ====

@@ -35,10 +35,6 @@
     "shm",
     "ipc",
     "mach_port",
-    "port_methods1",
-    "port_methods2",
-    "port_methods3",
-    "port_methods4",
     "mach_task",
 };
 

==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/flask.h#5 (text+ko) ====

@@ -37,11 +37,7 @@
 #define SECCLASS_SHM                                     28
 #define SECCLASS_IPC                                     29
 #define SECCLASS_MACH_PORT                               30
-#define SECCLASS_PORT_METHODS1                           31
-#define SECCLASS_PORT_METHODS2                           32
-#define SECCLASS_PORT_METHODS3                           33
-#define SECCLASS_PORT_METHODS4                           34
-#define SECCLASS_MACH_TASK                               35
+#define SECCLASS_MACH_TASK                               31
 
 /*
  * Security identifier indices for initial entities

==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/flask/access_vectors#5 (text+ko) ====

More information about the p4-projects mailing list