PERFORCE change 78862 for review

Andrew Reisse areisse at FreeBSD.org
Thu Jun 23 15:49:30 GMT 2005


http://perforce.freebsd.org/chv.cgi?CH=78862

Change 78862 by areisse at areisse_tislabs on 2005/06/23 15:48:39

	Install new flask autogenerated files in the kernel source, so that
	avc messages use the correct names.

Affected files ...

.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/av_perm_to_string.h#7 edit
.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/av_permissions.h#8 edit

Differences ...

==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/av_perm_to_string.h#7 (text+ko) ====

@@ -105,23 +105,11 @@
    { SECCLASS_CAPABILITY, CAPABILITY__FOWNER, "fowner" },
    { SECCLASS_CAPABILITY, CAPABILITY__FSETID, "fsetid" },
    { SECCLASS_CAPABILITY, CAPABILITY__KILL, "kill" },
-   { SECCLASS_CAPABILITY, CAPABILITY__LINK_DIR, "link_dir" },
    { SECCLASS_CAPABILITY, CAPABILITY__SETFCAP, "setfcap" },
    { SECCLASS_CAPABILITY, CAPABILITY__SETGID, "setgid" },
    { SECCLASS_CAPABILITY, CAPABILITY__SETUID, "setuid" },
-   { SECCLASS_CAPABILITY, CAPABILITY__MAC_DOWNGRADE, "mac_downgrade" },
-   { SECCLASS_CAPABILITY, CAPABILITY__MAC_READ, "mac_read" },
-   { SECCLASS_CAPABILITY, CAPABILITY__MAC_RELABEL_SUBJ, "mac_relabel_subj" },
-   { SECCLASS_CAPABILITY, CAPABILITY__MAC_UPGRADE, "mac_upgrade" },
-   { SECCLASS_CAPABILITY, CAPABILITY__MAC_WRITE, "mac_write" },
-   { SECCLASS_CAPABILITY, CAPABILITY__INF_NOFLOAT_OBJ, "inf_nofloat_obj" },
-   { SECCLASS_CAPABILITY, CAPABILITY__INF_NOFLOAT_SUBJ, "inf_nofloat_subj" },
-   { SECCLASS_CAPABILITY, CAPABILITY__INF_RELABEL_OBJ, "inf_relabel_obj" },
-   { SECCLASS_CAPABILITY, CAPABILITY__INF_RELABEL_SUBJ, "inf_relabel_subj" },
    { SECCLASS_CAPABILITY, CAPABILITY__AUDIT_CONTROL, "audit_control" },
    { SECCLASS_CAPABILITY, CAPABILITY__AUDIT_WRITE, "audit_write" },
-   { SECCLASS_CAPABILITY, CAPABILITY__SETPCAP, "setpcap" },
-   { SECCLASS_CAPABILITY, CAPABILITY__XXX_INVALID1, "xxx_invalid1" },
    { SECCLASS_CAPABILITY, CAPABILITY__LINUX_IMMUTABLE, "linux_immutable" },
    { SECCLASS_CAPABILITY, CAPABILITY__NET_BIND_SERVICE, "net_bind_service" },
    { SECCLASS_CAPABILITY, CAPABILITY__NET_BROADCAST, "net_broadcast" },
@@ -141,7 +129,6 @@
    { SECCLASS_CAPABILITY, CAPABILITY__SYS_TIME, "sys_time" },
    { SECCLASS_CAPABILITY, CAPABILITY__SYS_TTY_CONFIG, "sys_tty_config" },
    { SECCLASS_CAPABILITY, CAPABILITY__MKNOD, "mknod" },
-   { SECCLASS_CAPABILITY, CAPABILITY__LEASE, "lease" },
    { SECCLASS_PASSWD, PASSWD__PASSWD, "passwd" },
    { SECCLASS_PASSWD, PASSWD__CHFN, "chfn" },
    { SECCLASS_PASSWD, PASSWD__CHSH, "chsh" },

==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/av_permissions.h#8 (text+ko) ====

@@ -582,43 +582,30 @@
 #define CAPABILITY__FOWNER                        0x0000000000000010UL
 #define CAPABILITY__FSETID                        0x0000000000000020UL
 #define CAPABILITY__KILL                          0x0000000000000040UL
-#define CAPABILITY__LINK_DIR                      0x0000000000000080UL
-#define CAPABILITY__SETFCAP                       0x0000000000000100UL
-#define CAPABILITY__SETGID                        0x0000000000000200UL
-#define CAPABILITY__SETUID                        0x0000000000000400UL
-#define CAPABILITY__MAC_DOWNGRADE                 0x0000000000000800UL
-#define CAPABILITY__MAC_READ                      0x0000000000001000UL
-#define CAPABILITY__MAC_RELABEL_SUBJ              0x0000000000002000UL
-#define CAPABILITY__MAC_UPGRADE                   0x0000000000004000UL
-#define CAPABILITY__MAC_WRITE                     0x0000000000008000UL
-#define CAPABILITY__INF_NOFLOAT_OBJ               0x0000000000010000UL
-#define CAPABILITY__INF_NOFLOAT_SUBJ              0x0000000000020000UL
-#define CAPABILITY__INF_RELABEL_OBJ               0x0000000000040000UL
-#define CAPABILITY__INF_RELABEL_SUBJ              0x0000000000080000UL
-#define CAPABILITY__AUDIT_CONTROL                 0x0000000000100000UL
-#define CAPABILITY__AUDIT_WRITE                   0x0000000000200000UL
-#define CAPABILITY__SETPCAP                       0x0000000000400000UL
-#define CAPABILITY__XXX_INVALID1                  0x0000000000800000UL
-#define CAPABILITY__LINUX_IMMUTABLE               0x0000000001000000UL
-#define CAPABILITY__NET_BIND_SERVICE              0x0000000002000000UL
-#define CAPABILITY__NET_BROADCAST                 0x0000000004000000UL
-#define CAPABILITY__NET_ADMIN                     0x0000000008000000UL
-#define CAPABILITY__NET_RAW                       0x0000000010000000UL
-#define CAPABILITY__IPC_LOCK                      0x0000000020000000UL
-#define CAPABILITY__IPC_OWNER                     0x0000000040000000UL
-#define CAPABILITY__SYS_MODULE                    0x0000000080000000UL
-#define CAPABILITY__SYS_RAWIO                     0x0000000100000000UL
-#define CAPABILITY__SYS_CHROOT                    0x0000000200000000UL
-#define CAPABILITY__SYS_PTRACE                    0x0000000400000000UL
-#define CAPABILITY__SYS_PACCT                     0x0000000800000000UL
-#define CAPABILITY__SYS_ADMIN                     0x0000001000000000UL
-#define CAPABILITY__SYS_BOOT                      0x0000002000000000UL
-#define CAPABILITY__SYS_NICE                      0x0000004000000000UL
-#define CAPABILITY__SYS_RESOURCE                  0x0000008000000000UL
-#define CAPABILITY__SYS_TIME                      0x0000010000000000UL
-#define CAPABILITY__SYS_TTY_CONFIG                0x0000020000000000UL
-#define CAPABILITY__MKNOD                         0x0000040000000000UL
-#define CAPABILITY__LEASE                         0x0000080000000000UL
+#define CAPABILITY__SETFCAP                       0x0000000000000080UL
+#define CAPABILITY__SETGID                        0x0000000000000100UL
+#define CAPABILITY__SETUID                        0x0000000000000200UL
+#define CAPABILITY__AUDIT_CONTROL                 0x0000000000000400UL
+#define CAPABILITY__AUDIT_WRITE                   0x0000000000000800UL
+#define CAPABILITY__LINUX_IMMUTABLE               0x0000000000001000UL
+#define CAPABILITY__NET_BIND_SERVICE              0x0000000000002000UL
+#define CAPABILITY__NET_BROADCAST                 0x0000000000004000UL
+#define CAPABILITY__NET_ADMIN                     0x0000000000008000UL
+#define CAPABILITY__NET_RAW                       0x0000000000010000UL
+#define CAPABILITY__IPC_LOCK                      0x0000000000020000UL
+#define CAPABILITY__IPC_OWNER                     0x0000000000040000UL
+#define CAPABILITY__SYS_MODULE                    0x0000000000080000UL
+#define CAPABILITY__SYS_RAWIO                     0x0000000000100000UL
+#define CAPABILITY__SYS_CHROOT                    0x0000000000200000UL
+#define CAPABILITY__SYS_PTRACE                    0x0000000000400000UL
+#define CAPABILITY__SYS_PACCT                     0x0000000000800000UL
+#define CAPABILITY__SYS_ADMIN                     0x0000000001000000UL
+#define CAPABILITY__SYS_BOOT                      0x0000000002000000UL
+#define CAPABILITY__SYS_NICE                      0x0000000004000000UL
+#define CAPABILITY__SYS_RESOURCE                  0x0000000008000000UL
+#define CAPABILITY__SYS_TIME                      0x0000000010000000UL
+#define CAPABILITY__SYS_TTY_CONFIG                0x0000000020000000UL
+#define CAPABILITY__MKNOD                         0x0000000040000000UL
 
 #define PASSWD__PASSWD                            0x0000000000000001UL
 #define PASSWD__CHFN                              0x0000000000000002UL
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message



More information about the trustedbsd-cvs mailing list