PERFORCE change 38573 for review

Andrew Reisse areisse at FreeBSD.org
Thu Sep 25 13:37:56 GMT 2003


http://perforce.freebsd.org/chv.cgi?CH=38573

Change 38573 by areisse at areisse_tislabs on 2003/09/25 06:37:02

	fix auditing of capabilities

Affected files ...

.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/avc.c#5 edit
.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/avc.h#5 edit

Differences ...

==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/avc.c#5 (text+ko) ====

@@ -97,8 +97,8 @@
 void avc_dump_av(security_class_t tclass, access_vector_t av)
 {
 	char **common_pts = 0;
-	access_vector_t common_base = 0;
-	int i, i2, perm;
+	access_vector_t common_base = 0, perm;
+	int i, i2;
 
 	if (av == 0) {
 		printk(" null");
@@ -561,7 +561,13 @@
 			printk(" key=%d", a->u.ipc_id);
 			break;
 		case AVC_AUDIT_DATA_CAP:
-			printk(" capability=%s", capv_to_text (a->u.cap));
+		{
+			const char *capt = capv_to_text (a->u.cap);
+			if (capt[7] == '!')
+				printk (" capability=<%lld>", a->u.cap);
+			else
+				printk(" capability=%s", capv_to_text (a->u.cap));
+		}
 			break;
 		case AVC_AUDIT_DATA_FS:
 			if (a->u.fs.vp) {

==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/avc.h#5 (text+ko) ====

@@ -14,6 +14,8 @@
 #include <unistd.h>
 #endif /* _KERNEL */
 
+#include <sys/capability.h>
+
 #include <security/sebsd/flask.h>
 #include <security/sebsd/sebsd.h>
 #include <security/sebsd/avc/av_permissions.h>
@@ -63,7 +65,7 @@
 			u16 port;
 			u32 daddr;
 		} net;
-		int cap;
+		cap_value_t cap;
 		int ipc_id;
 	} u;
 };
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message



More information about the trustedbsd-cvs mailing list