PERFORCE change 107183 for review

Todd Miller millert at FreeBSD.org
Tue Oct 3 08:04:05 PDT 2006 

http://perforce.freebsd.org/chv.cgi?CH=107183

Change 107183 by millert at millert_macbook on 2006/10/03 15:03:26

	#ifdef out entrypoints for now where we are missing bits
	in refpolicy.

Affected files ...

.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#19 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#19 (text+ko) ====

@@ -1527,6 +1527,7 @@
 	return (mount_has_perm(cred, mp, FILESYSTEM__GETATTR, NULL));
 }
 
+#ifdef FILESYSTEM__SETATTR
 static int
 sebsd_mount_check_setattr(struct ucred *cred, struct mount *mp,
     struct label *mntlabel, struct vfs_attr *vfa)
@@ -1534,6 +1535,7 @@
 
 	return (mount_has_perm(cred, mp, FILESYSTEM__SETATTR, NULL));
 }
+#endif
 
 static int
 sebsd_mount_check_remount(struct ucred *cred, struct mount *mp,
@@ -1559,6 +1561,7 @@
 	return (pipe_has_perm(cred, pipe, FIFO_FILE__IOCTL));
 }
 
+#ifdef FIFO_FILE__POLL
 static int
 sebsd_pipe_check_kqfilter(struct ucred *cred, struct knote *kn,
     struct pipe *pipe, struct label *pipelabel)
@@ -1566,6 +1569,7 @@
 
 	return (pipe_has_perm(cred, pipe, FIFO_FILE__POLL));
 }
+#endif
 
 static int
 sebsd_pipe_check_read(struct ucred *cred, struct pipe *pipe,
@@ -1607,6 +1611,7 @@
 	return (rc);
 }
 
+#ifdef FIFO_FILE__POLL
 static int
 sebsd_pipe_check_select(struct ucred *cred, struct pipe *pipe,
     struct label *pipelabel, int which)
@@ -1614,6 +1619,7 @@
 
 	return (pipe_has_perm(cred, pipe, FIFO_FILE__POLL));
 }
+#endif
 
 static int
 sebsd_pipe_check_stat(struct ucred *cred, struct pipe *pipe,
@@ -2179,6 +2185,7 @@
 	return (vnode_has_perm(cred, vp, FILE__GETATTR));
 }
 
+#if defined(FILE__POLL) && defined(FILE__GETATTR)
 static int
 sebsd_vnode_check_kqfilter(struct ucred *cred, struct ucred *file_cred,
     struct knote *kn, struct vnode *vp, struct label *label)
@@ -2194,6 +2201,7 @@
 		return (0);
 	}
 }
+#endif
 
 static int
 sebsd_vnode_check_link(struct ucred *cred, struct vnode *dvp,
@@ -2439,6 +2447,7 @@
 	return (0);
 }
 
+#ifdef FILE__POLL
 static int
 sebsd_vnode_check_select(struct ucred *cred, struct vnode *vp,
     struct label *label, int which)
@@ -2446,6 +2455,7 @@
 
 	return (vnode_has_perm(cred, vp, FILE__POLL));
 }
+#endif
 
 #ifdef HAS_ACLS
 static int
@@ -2457,6 +2467,7 @@
 }
 #endif
 
+#ifdef FILE__SETATTR
 static int
 sebsd_vnode_check_setattrlist(struct ucred *cred, struct vnode *vp,
     struct label *vlabel, struct attrlist *alist)
@@ -2464,6 +2475,7 @@
 
 	return (vnode_has_perm(cred, vp, FILE__SETATTR));
 }
+#endif
 
 static int
 sebsd_vnode_check_setextattr(struct ucred *cred, struct vnode *vp,
@@ -2710,6 +2722,7 @@
 }
 #endif
 
+#ifdef SOCKET__POLL
 static int
 sebsd_socket_check_kqfilter(struct ucred *cred, struct knote *kn,
     struct xsocket *xso, struct label *socklabel)
@@ -2717,6 +2730,7 @@
 
 	return (socket_has_perm(cred, socklabel, SOCKET__POLL));
 }
+#endif
 
 static int
 sebsd_socket_check_listen(struct ucred *cred, struct xsocket *xso,
@@ -2760,6 +2774,7 @@
 	return (0);
 }
 
+#ifdef SOCKET__POLL
 static int
 sebsd_socket_check_select(struct ucred *cred, struct xsocket *xso,
     struct label *socklabel, int which)
@@ -2767,6 +2782,7 @@
 
 	return (socket_has_perm(cred, socklabel, SOCKET__POLL));
 }
+#endif
 
 static int
 sebsd_socket_check_send(struct ucred *cred, struct xsocket *xso,
@@ -3136,6 +3152,7 @@
 	return (ipc_has_perm(cred, msglabel, MSG__RECEIVE));
 }
 
+#ifdef MSG__DESTROY
 static int
 sebsd_sysvmsq_check_msgrmid(struct ucred *cred, struct msg *msgptr,
     struct label *msglabel)
@@ -3143,6 +3160,7 @@
 
  	return (ipc_has_perm(cred, msglabel, MSG__DESTROY));
 }
+#endif
 
 static int
 sebsd_sysvmsq_check_msqget(struct ucred *cred, struct msqid_kernel *msqkptr,
@@ -3561,11 +3579,11 @@
 	.mpo_socket_check_connect = sebsd_socket_check_connect,
 	.mpo_socket_check_create = sebsd_socket_check_create,
 //	.mpo_socket_check_deliver = sebsd_socket_check_deliver,
-	.mpo_socket_check_kqfilter = sebsd_socket_check_kqfilter,
+//	.mpo_socket_check_kqfilter = sebsd_socket_check_kqfilter,
 	.mpo_socket_check_listen = sebsd_socket_check_listen,
 	.mpo_socket_check_receive = sebsd_socket_check_receive,
 	.mpo_socket_check_setlabel = sebsd_socket_check_setlabel,
-	.mpo_socket_check_select = sebsd_socket_check_select,
+//	.mpo_socket_check_select = sebsd_socket_check_select,
 	.mpo_socket_check_send = sebsd_socket_check_send,
 	.mpo_socket_check_stat = sebsd_socket_check_stat,
 	.mpo_system_check_acct = sebsd_system_check_acct,
@@ -3592,7 +3610,7 @@
 	.mpo_vnode_check_deleteextattr = NOT_IMPLEMENTED,
 #endif
 	.mpo_vnode_check_getattrlist = sebsd_vnode_check_getattrlist,
-	.mpo_vnode_check_kqfilter = sebsd_vnode_check_kqfilter,
+//	.mpo_vnode_check_kqfilter = sebsd_vnode_check_kqfilter,
 	.mpo_vnode_check_link = sebsd_vnode_check_link,
 	.mpo_vnode_check_lookup = sebsd_vnode_check_lookup,
 	.mpo_vnode_check_mmap = sebsd_vnode_check_mmap,
@@ -3605,8 +3623,8 @@
 	.mpo_vnode_check_rename_from = sebsd_vnode_check_rename_from,
 	.mpo_vnode_check_rename_to = sebsd_vnode_check_rename_to,
 	.mpo_vnode_check_revoke = sebsd_vnode_check_revoke,
-	.mpo_vnode_check_select = sebsd_vnode_check_select,
-	.mpo_vnode_check_setattrlist = sebsd_vnode_check_setattrlist,
+//	.mpo_vnode_check_select = sebsd_vnode_check_select,
+//	.mpo_vnode_check_setattrlist = sebsd_vnode_check_setattrlist,
 	.mpo_vnode_check_getextattr = sebsd_vnode_check_getextattr,
 	.mpo_vnode_check_setextattr = sebsd_vnode_check_setextattr,
 	.mpo_vnode_check_setflags = sebsd_vnode_check_setflags,
@@ -3616,10 +3634,10 @@
 	.mpo_vnode_check_stat = sebsd_vnode_check_stat,
 	.mpo_vnode_check_write = sebsd_vnode_check_write,
 	.mpo_pipe_check_ioctl = sebsd_pipe_check_ioctl,
-	.mpo_pipe_check_kqfilter = sebsd_pipe_check_kqfilter,
+//	.mpo_pipe_check_kqfilter = sebsd_pipe_check_kqfilter,
 	.mpo_pipe_check_read = sebsd_pipe_check_read,
 	.mpo_pipe_check_setlabel = sebsd_pipe_check_setlabel,
-	.mpo_pipe_check_select = sebsd_pipe_check_select,
+//	.mpo_pipe_check_select = sebsd_pipe_check_select,
 	.mpo_pipe_check_stat = sebsd_pipe_check_stat,
 	.mpo_pipe_check_write = sebsd_pipe_check_write,
 
@@ -3635,7 +3653,7 @@
 	.mpo_mount_check_remount = sebsd_mount_check_remount,
 	.mpo_mount_check_stat = sebsd_mount_check_stat,
 	.mpo_mount_check_getattr = sebsd_mount_check_getattr,
-	.mpo_mount_check_setattr = sebsd_mount_check_setattr,
+//	.mpo_mount_check_setattr = sebsd_mount_check_setattr,
 
 	.mpo_vnode_write_extattr = sebsd_vnode_write_extattr,
 
@@ -3660,7 +3678,7 @@
 
 	.mpo_sysvmsq_check_enqueue = sebsd_sysvmsq_check_enqueue,
 	.mpo_sysvmsq_check_msgrcv = sebsd_sysvmsq_check_msgrcv,
-	.mpo_sysvmsq_check_msgrmid = sebsd_sysvmsq_check_msgrmid,
+//	.mpo_sysvmsq_check_msgrmid = sebsd_sysvmsq_check_msgrmid,
 	.mpo_sysvmsq_check_msqget = sebsd_sysvmsq_check_msqget,
 	.mpo_sysvmsq_check_msqsnd = sebsd_sysvmsq_check_msqsnd,
 	.mpo_sysvmsq_check_msqrcv = sebsd_sysvmsq_check_msqrcv,

More information about the trustedbsd-cvs mailing list