PERFORCE change 18824 for review

[Robert Watson]

http://people.freebsd.org/~peter/p4db/chv.cgi?CH=18824

Change 18824 by rwatson at rwatson_paprika on 2002/10/06 19:11:42

	Integ TrustedBSD base tree--bring back in socket MAC stuff, etc.

Affected files ...

.. //depot/projects/trustedbsd/base/bin/rcp/rcp.c#8 integrate
.. //depot/projects/trustedbsd/base/etc/periodic/daily/110.clean-tmps#2 integrate
.. //depot/projects/trustedbsd/base/include/signal.h#6 integrate
.. //depot/projects/trustedbsd/base/include/stdio.h#8 integrate
.. //depot/projects/trustedbsd/base/sbin/reboot/reboot.c#4 integrate
.. //depot/projects/trustedbsd/base/sys/alpha/include/stdarg.h#5 integrate
.. //depot/projects/trustedbsd/base/sys/alpha/include/varargs.h#4 integrate
.. //depot/projects/trustedbsd/base/sys/compat/svr4/svr4_stream.c#9 integrate
.. //depot/projects/trustedbsd/base/sys/i386/include/stdarg.h#6 integrate
.. //depot/projects/trustedbsd/base/sys/i386/include/varargs.h#4 integrate
.. //depot/projects/trustedbsd/base/sys/ia64/include/stdarg.h#6 integrate
.. //depot/projects/trustedbsd/base/sys/ia64/include/varargs.h#4 integrate
.. //depot/projects/trustedbsd/base/sys/kern/kern_mac.c#17 integrate
.. //depot/projects/trustedbsd/base/sys/kern/sys_socket.c#11 integrate
.. //depot/projects/trustedbsd/base/sys/kern/uipc_syscalls.c#21 integrate
.. //depot/projects/trustedbsd/base/sys/net/bridge.c#10 integrate
.. //depot/projects/trustedbsd/base/sys/powerpc/include/stdarg.h#5 integrate
.. //depot/projects/trustedbsd/base/sys/powerpc/include/varargs.h#4 integrate
.. //depot/projects/trustedbsd/base/sys/security/mac_biba/mac_biba.c#9 integrate
.. //depot/projects/trustedbsd/base/sys/sparc64/include/stdarg.h#5 integrate
.. //depot/projects/trustedbsd/base/sys/sparc64/include/varargs.h#4 integrate
.. //depot/projects/trustedbsd/base/sys/sys/mac.h#9 integrate
.. //depot/projects/trustedbsd/base/sys/sys/mac_policy.h#11 integrate
.. //depot/projects/trustedbsd/base/sys/x86_64/include/stdarg.h#4 integrate
.. //depot/projects/trustedbsd/base/usr.bin/ktrdump/ktrdump.c#3 integrate
.. //depot/projects/trustedbsd/base/usr.bin/truss/main.c#7 integrate
.. //depot/projects/trustedbsd/base/usr.bin/truss/syscalls.c#8 integrate
.. //depot/projects/trustedbsd/base/usr.sbin/rpcbind/rpcbind.c#4 integrate
.. //depot/projects/trustedbsd/base/usr.sbin/rpcbind/security.c#2 integrate
.. //depot/projects/trustedbsd/base/usr.sbin/rpcbind/warmstart.c#2 integrate
.. //depot/projects/trustedbsd/base/usr.sbin/syslogd/syslogd.c#11 integrate

Differences ...

==== //depot/projects/trustedbsd/base/bin/rcp/rcp.c#8 (text+ko) ====

@@ -51,7 +51,7 @@
 #endif
 
 #include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/bin/rcp/rcp.c,v 1.37 2002/10/06 09:09:27 charnier Exp $");
+__FBSDID("$FreeBSD: src/bin/rcp/rcp.c,v 1.38 2002/10/06 11:14:21 tjr Exp $");
 
 #include <sys/param.h>
 #include <sys/stat.h>
@@ -926,19 +926,23 @@
 {
 	static FILE *fp;
 	va_list ap;
-	va_start(ap, fmt);
 
 	++errs;
 	if (fp == NULL && !(fp = fdopen(rem, "w")))
 		return;
 	(void)fprintf(fp, "%c", 0x01);
 	(void)fprintf(fp, "rcp: ");
+	va_start(ap, fmt);
 	(void)vfprintf(fp, fmt, ap);
+	va_end(ap);
 	(void)fprintf(fp, "\n");
 	(void)fflush(fp);
 
-	if (!iamremote)
+	if (!iamremote) {
+		va_start(ap, fmt);
 		vwarnx(fmt, ap);
+		va_end(ap);
+	}
 
 	va_end(ap);
 }

==== //depot/projects/trustedbsd/base/etc/periodic/daily/110.clean-tmps#2 (text+ko) ====

@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# $FreeBSD: src/etc/periodic/daily/110.clean-tmps,v 1.11 2001/07/19 12:08:24 brian Exp $
+# $FreeBSD: src/etc/periodic/daily/110.clean-tmps,v 1.12 2002/10/06 18:48:20 joerg Exp $
 #
 # Perform temporary directory cleaning so that long-lived systems
 # don't end up with excessively old files there.
@@ -27,6 +27,7 @@
 
 	    set -f noglob
 	    args="-atime +$daily_clean_tmps_days -mtime +$daily_clean_tmps_days"
+	    args="${args} -ctime +$daily_clean_tmps_days"
 	    [ -n "$daily_clean_tmps_ignore" ] &&
 		args="$args "`echo " ${daily_clean_tmps_ignore% }" |
 		    sed 's/[ 	][ 	]*/ ! -name /g'`

==== //depot/projects/trustedbsd/base/include/signal.h#6 (text+ko) ====

@@ -32,27 +32,35 @@
  *
  *	@(#)signal.h	8.3 (Berkeley) 3/30/94
  *
- * $FreeBSD: src/include/signal.h,v 1.18 2002/10/02 10:53:44 robert Exp $
+ * $FreeBSD: src/include/signal.h,v 1.19 2002/10/06 21:54:08 mike Exp $
  */
 
 #ifndef _SIGNAL_H_
 #define	_SIGNAL_H_
 
 #include <sys/cdefs.h>
-#include <sys/_posix.h>
 #include <sys/_types.h>
 #include <sys/signal.h>
-#include <sys/time.h>
 
-#if !defined(_ANSI_SOURCE) && !defined(_POSIX_SOURCE)
+#if __BSD_VISIBLE
 extern __const char *__const sys_signame[NSIG];
 extern __const char *__const sys_siglist[NSIG];
 extern __const int sys_nsig;
 #endif
 
+#if __BSD_VISIBLE || __POSIX_VISIBLE >= 200112 || __XSI_VISIBLE
+#ifndef _PID_T_DECLARED
+typedef	__pid_t		pid_t;
+#define	_PID_T_DECLARED
+#endif
+#endif
+
 __BEGIN_DECLS
+struct timespec;
+
 int	raise(int);
-#ifndef	_ANSI_SOURCE
+
+#if __BSD_VISIBLE || __POSIX_VISIBLE || __XSI_VISIBLE
 int	kill(__pid_t, int);
 int	sigaction(int, const struct sigaction * __restrict,
 	    struct sigaction * __restrict);
@@ -64,31 +72,32 @@
 int	sigpending(sigset_t *);
 int	sigprocmask(int, const sigset_t * __restrict, sigset_t * __restrict);
 int	sigsuspend(const sigset_t *);
+/* XXX missing restrict qualifier. */
 int	sigwait(const sigset_t *, int *);
+#endif
 
-#ifdef _P1003_1B_VISIBLE
-
-__BEGIN_DECLS
-int sigqueue(__pid_t, int, const union sigval);
-int sigtimedwait(const sigset_t * __restrict, siginfo_t * __restrict,
+#if __BSD_VISIBLE || __POSIX_VISIBLE >= 199506 || __XSI_VISIBLE >= 600
+int	sigqueue(__pid_t, int, const union sigval);
+int	sigtimedwait(const sigset_t * __restrict, siginfo_t * __restrict,
 	    const struct timespec * __restrict);
-int sigwaitinfo(const sigset_t * __restrict, siginfo_t * __restrict);
-__END_DECLS
+int	sigwaitinfo(const sigset_t * __restrict, siginfo_t * __restrict);
+#endif
 
-#endif
-#ifndef _POSIX_SOURCE
+#if __BSD_VISIBLE || __POSIX_VISIBLE >= 200112 || __XSI_VISIBLE
 int	killpg(__pid_t, int);
 int	sigaltstack(const stack_t * __restrict, stack_t * __restrict); 
-int	sigblock(int);
 int	siginterrupt(int, int);
 int	sigpause(int);
+#endif
+
+#if __BSD_VISIBLE
+int	sigblock(int);
 int	sigreturn(const struct __ucontext *);
 int	sigsetmask(int);
 int	sigstack(const struct sigstack *, struct sigstack *);
 int	sigvec(int, struct sigvec *, struct sigvec *);
 void	psignal(unsigned int, const char *);
-#endif /* !_POSIX_SOURCE */
-#endif /* !_ANSI_SOURCE */
+#endif
 __END_DECLS
 
 #endif /* !_SIGNAL_H_ */

==== //depot/projects/trustedbsd/base/include/stdio.h#8 (text+ko) ====

@@ -34,7 +34,7 @@
  * SUCH DAMAGE.
  *
  *	@(#)stdio.h	8.5 (Berkeley) 4/29/95
- * $FreeBSD: src/include/stdio.h,v 1.46 2002/09/06 11:23:32 tjr Exp $
+ * $FreeBSD: src/include/stdio.h,v 1.47 2002/10/06 22:16:12 mike Exp $
  */
 
 #ifndef	_STDIO_H_
@@ -43,17 +43,24 @@
 #include <sys/cdefs.h>
 #include <sys/_types.h>
 
+typedef	__off_t		fpos_t;
+
 #ifndef _SIZE_T_DECLARED
 typedef	__size_t	size_t;
 #define	_SIZE_T_DECLARED
 #endif
 
+#if __BSD_VISIBLE || __POSIX_VISIBLE >= 200112 || __XSI_VISIBLE
+#ifndef _VA_LIST_DECLARED
+typedef	__va_list	va_list;
+#define	_VA_LIST_DECLARED
+#endif
+#endif
+
 #ifndef NULL
 #define	NULL	0
 #endif
 
-typedef	__off_t		fpos_t;
-
 #define	_FSTDIO			/* Define for new stdio with functions. */
 
 /*
@@ -211,6 +218,10 @@
 __BEGIN_DECLS
 /*
  * Functions defined in ANSI C standard.
+ *
+ * XXX fgetpos(), fgets(), fopen(), fputs(), fread(), freopen(), fscanf(),
+ * fwrite(), scanf(), sscanf(), vscanf(), and vsscanf() are missing the
+ * restrict type-qualifier.
  */
 void	 clearerr(FILE *);
 int	 fclose(FILE *);
@@ -259,17 +270,31 @@
 #if __ISO_C_VISIBLE >= 1999
 int	 snprintf(char * __restrict, size_t, const char * __restrict,
 	    ...) __printflike(3, 4);
+int	 vscanf(const char *, __va_list) __scanflike(1, 0);
 int	 vsnprintf(char * __restrict, size_t, const char * __restrict,
 	    __va_list) __printflike(3, 0);
+int	 vsscanf(const char *, const char *, __va_list)
+	    __scanflike(2, 0);
+
+/*
+ * This is a #define because the function is used internally and
+ * (unlike vfscanf) the name __vfscanf is guaranteed not to collide
+ * with a user function when _ANSI_SOURCE or _POSIX_SOURCE is defined.
+ *
+ * XXX missing a backing function (weak alias?) for this.
+ */
+#define	 vfscanf	__vfscanf
 #endif
 
 /*
  * Functions defined in all versions of POSIX 1003.1.
  */
-#if __POSIX_VISIBLE
+#if __BSD_VISIBLE || __POSIX_VISIBLE <= 199506
 /* size for cuserid(3); UT_NAMESIZE + 1, see <utmp.h> */
-#define	L_cuserid	17
+#define	L_cuserid	17	/* legacy */
+#endif
 
+#if __POSIX_VISIBLE
 #define	L_ctermid	1024	/* size for ctermid(3); PATH_MAX */
 
 char	*ctermid(char *);
@@ -329,9 +354,6 @@
 int	 setlinebuf(FILE *);
 int	 vasprintf(char **, const char *, __va_list)
 	    __printflike(2, 0);
-int	 vscanf(const char *, __va_list) __scanflike(1, 0);
-int	 vsscanf(const char *, const char *, __va_list)
-	    __scanflike(2, 0);
 
 /*
  * The system error table contains messages for the first sys_nerr
@@ -342,13 +364,6 @@
 extern __const char *__const sys_errlist[];
 
 /*
- * This is a #define because the function is used internally and
- * (unlike vfscanf) the name __vfscanf is guaranteed not to collide
- * with a user function when _ANSI_SOURCE or _POSIX_SOURCE is defined.
- */
-#define	 vfscanf	__vfscanf
-
-/*
  * Stdio function-access interface.
  */
 FILE	*funopen(const void *,
@@ -419,6 +434,7 @@
 #define	__sclearerr(p)	((void)((p)->_flags &= ~(__SERR|__SEOF)))
 #define	__sfileno(p)	((p)->_file)
 
+#if __BSD_VISIBLE
 /*
  * See ISO/IEC 9945-1 ANSI/IEEE Std 1003.1 Second Edition 1996-07-12
  * B.8.2.7 for the rationale behind the *_unlocked() macros.
@@ -427,11 +443,14 @@
 #define	ferror_unlocked(p)	__sferror(p)
 #define	clearerr_unlocked(p)	__sclearerr(p)
 #define	fileno_unlocked(p)	__sfileno(p)
+#endif
+#if __POSIX_VISIBLE >= 199506
 #define	getc_unlocked(fp)	__sgetc(fp)
 #define	putc_unlocked(x, fp)	__sputc(x, fp)
 
 #define	getchar_unlocked()	getc_unlocked(stdin)
 #define	putchar_unlocked(x)	putc_unlocked(x, stdout)
+#endif
 
 __END_DECLS
 #endif /* !_STDIO_H_ */

==== //depot/projects/trustedbsd/base/sbin/reboot/reboot.c#4 (text+ko) ====

@@ -42,7 +42,7 @@
 static char sccsid[] = "@(#)reboot.c	8.1 (Berkeley) 6/5/93";
 #endif
 static const char rcsid[] =
-  "$FreeBSD: src/sbin/reboot/reboot.c,v 1.16 2002/05/28 21:15:49 gordon Exp $";
+  "$FreeBSD: src/sbin/reboot/reboot.c,v 1.17 2002/10/06 16:24:36 thomas Exp $";
 #endif /* not lint */
 
 #include <sys/reboot.h>
@@ -98,7 +98,7 @@
 			break;
 		case 'p':
 			pflag = 1;
-			howto |= (RB_POWEROFF | RB_HALT);
+			howto |= RB_POWEROFF;
 			break;
 		case 'q':
 			qflag = 1;

==== //depot/projects/trustedbsd/base/sys/alpha/include/stdarg.h#5 (text+ko) ====

@@ -33,15 +33,19 @@
  *
  *	@(#)stdarg.h	8.1 (Berkeley) 6/10/93
  *	$NetBSD: stdarg.h,v 1.7 1997/04/06 08:47:44 cgd Exp $
- * $FreeBSD: src/sys/alpha/include/stdarg.h,v 1.5 2002/09/18 07:33:15 mike Exp $
+ * $FreeBSD: src/sys/alpha/include/stdarg.h,v 1.6 2002/10/06 22:01:06 mike Exp $
  */
 
-#ifndef _ALPHA_STDARG_H_
-#define	_ALPHA_STDARG_H_
+#ifndef _MACHINE_STDARG_H_
+#define	_MACHINE_STDARG_H_
 
+#include <sys/cdefs.h>
 #include <sys/_types.h>
 
-typedef __va_list	va_list;
+#ifndef _VA_LIST_DECLARED
+#define	_VA_LIST_DECLARED
+typedef	__va_list	va_list;
+#endif
 
 #if defined(__GNUC__) && (__GNUC__ == 2 && __GNUC_MINOR__ > 95 || __GNUC__ >= 3)
 
@@ -51,8 +55,10 @@
 #define	va_arg(ap, type) \
 	__builtin_va_arg((ap), type)
 
+#if __ISO_C_VISIBLE >= 1999
 #define	va_copy(dest, src) \
 	__builtin_va_copy((dest), (src))
+#endif
 
 #define	va_end(ap) \
 	__builtin_va_end(ap)
@@ -83,4 +89,4 @@
 
 #endif /* __GNUC__ post GCC 2.95 */
 
-#endif /* !_ALPHA_STDARG_H_ */
+#endif /* !_MACHINE_STDARG_H_ */

==== //depot/projects/trustedbsd/base/sys/alpha/include/varargs.h#4 (text+ko) ====

@@ -38,7 +38,7 @@
  *
  *	@(#)varargs.h	8.2 (Berkeley) 3/22/94
  *	$NetBSD: varargs.h,v 1.7 1997/04/06 08:47:46 cgd Exp $
- * $FreeBSD: src/sys/alpha/include/varargs.h,v 1.4 2002/08/21 16:19:58 mike Exp $
+ * $FreeBSD: src/sys/alpha/include/varargs.h,v 1.5 2002/10/06 22:02:06 mike Exp $
  */
 
 #ifndef _ALPHA_VARARGS_H_
@@ -48,7 +48,11 @@
 
 #include <sys/_types.h>
 
+#ifndef _VA_LIST_DECLARED
+#define	_VA_LIST_DECLARED
 typedef	__va_list	va_list;
+#endif
+
 typedef int __builtin_va_alist_t __attribute__((__mode__(__word__)));
 
 #define	va_alist		__builtin_va_alist

==== //depot/projects/trustedbsd/base/sys/compat/svr4/svr4_stream.c#9 (text+ko) ====

@@ -27,7 +27,7 @@
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  * 
- * $FreeBSD: src/sys/compat/svr4/svr4_stream.c,v 1.35 2002/09/24 07:02:57 mini Exp $
+ * $FreeBSD: src/sys/compat/svr4/svr4_stream.c,v 1.36 2002/10/06 14:39:14 rwatson Exp $
  */
 
 /*
@@ -39,6 +39,8 @@
 
 #define COMPAT_43 1
 
+#include "opt_mac.h"
+
 #include <sys/param.h>
 #include <sys/systm.h>
 #include <sys/fcntl.h>
@@ -47,6 +49,7 @@
 #include <sys/lock.h>
 #include <sys/malloc.h>
 #include <sys/file.h> 		/* Must come after sys/malloc.h */
+#include <sys/mac.h>
 #include <sys/mbuf.h>
 #include <sys/mutex.h>
 #include <sys/proc.h>
@@ -165,6 +168,13 @@
 
 	if ((error = fgetsock(td, s, &so, NULL)) != 0)
 		return (error);
+
+#ifdef MAC
+	error = mac_check_socket_send(td->td_ucred, so);
+	if (error)
+		goto done1;
+#endif
+
 	auio.uio_iov = mp->msg_iov;
 	auio.uio_iovcnt = mp->msg_iovlen;
 	auio.uio_segflg = UIO_USERSPACE;
@@ -262,6 +272,13 @@
 
 	if ((error = fgetsock(td, s, &so, NULL)) != 0)
 		return (error);
+
+#ifdef MAC
+	error = mac_check_socket_receive(td->td_ucred, so);
+	if (error)
+		goto done1;
+#endif
+
 	auio.uio_iov = mp->msg_iov;
 	auio.uio_iovcnt = mp->msg_iovlen;
 	auio.uio_segflg = UIO_USERSPACE;

==== //depot/projects/trustedbsd/base/sys/i386/include/stdarg.h#6 (text+ko) ====

@@ -32,15 +32,19 @@
  * SUCH DAMAGE.
  *
  *	@(#)stdarg.h	8.1 (Berkeley) 6/10/93
- * $FreeBSD: src/sys/i386/include/stdarg.h,v 1.16 2002/09/18 07:33:15 mike Exp $
+ * $FreeBSD: src/sys/i386/include/stdarg.h,v 1.17 2002/10/06 22:01:06 mike Exp $
  */
 
-#ifndef _STDARG_H_
-#define	_STDARG_H_
+#ifndef _MACHINE_STDARG_H_
+#define	_MACHINE_STDARG_H_
 
+#include <sys/cdefs.h>
 #include <sys/_types.h>
 
-typedef __va_list	va_list;
+#ifndef _VA_LIST_DECLARED
+#define	_VA_LIST_DECLARED
+typedef	__va_list	va_list;
+#endif
 
 #if defined(__GNUC__) && (__GNUC__ == 2 && __GNUC_MINOR__ > 95 || __GNUC__ >= 3)
 
@@ -50,8 +54,10 @@
 #define	va_arg(ap, type) \
 	__builtin_va_arg((ap), type)
 
+#if __ISO_C_VISIBLE >= 1999
 #define	va_copy(dest, src) \
 	__builtin_va_copy((dest), (src))
+#endif
 
 #define	va_end(ap) \
 	__builtin_va_end(ap)
@@ -77,4 +83,4 @@
 
 #endif /* __GNUC__ post GCC 2.95 */
 
-#endif /* !_STDARG_H_ */
+#endif /* !_MACHINE_STDARG_H_ */

==== //depot/projects/trustedbsd/base/sys/i386/include/varargs.h#4 (text+ko) ====

@@ -37,7 +37,7 @@
  * SUCH DAMAGE.
  *
  *	@(#)varargs.h	8.2 (Berkeley) 3/22/94
- * $FreeBSD: src/sys/i386/include/varargs.h,v 1.10 2002/08/21 16:19:58 mike Exp $
+ * $FreeBSD: src/sys/i386/include/varargs.h,v 1.11 2002/10/06 22:02:06 mike Exp $
  */
 
 #ifndef _VARARGS_H_
@@ -47,7 +47,11 @@
 
 #include <sys/_types.h>
 
+#ifndef _VA_LIST_DECLARED
+#define	_VA_LIST_DECLARED
 typedef	__va_list	va_list;
+#endif
+
 typedef int __builtin_va_alist_t __attribute__((__mode__(__word__)));
 
 #define	va_alist		__builtin_va_alist

==== //depot/projects/trustedbsd/base/sys/ia64/include/stdarg.h#6 (text+ko) ====

@@ -32,15 +32,19 @@
  * SUCH DAMAGE.
  *
  *	@(#)stdarg.h	8.1 (Berkeley) 6/10/93
- * $FreeBSD: src/sys/ia64/include/stdarg.h,v 1.6 2002/09/18 07:33:15 mike Exp $
+ * $FreeBSD: src/sys/ia64/include/stdarg.h,v 1.7 2002/10/06 22:01:06 mike Exp $
  */
 
 #ifndef _MACHINE_STDARG_H_
 #define	_MACHINE_STDARG_H_
 
+#include <sys/cdefs.h>
 #include <sys/_types.h>
 
+#ifndef _VA_LIST_DECLARED
+#define	_VA_LIST_DECLARED
 typedef	__va_list	va_list;
+#endif
 
 #if defined(__GNUC__) && (__GNUC__ == 2 && __GNUC_MINOR__ > 95 || __GNUC__ >= 3)
 
@@ -50,8 +54,10 @@
 #define	va_arg(ap, type) \
 	__builtin_va_arg((ap), type)
 
+#if __ISO_C_VISIBLE >= 1999
 #define	va_copy(dest, src) \
 	__builtin_va_copy((dest), (src))
+#endif
 
 #define	va_end(ap) \
 	__builtin_va_end(ap)

==== //depot/projects/trustedbsd/base/sys/ia64/include/varargs.h#4 (text+ko) ====

@@ -37,7 +37,7 @@
  * SUCH DAMAGE.
  *
  *	@(#)varargs.h	8.2 (Berkeley) 3/22/94
- * $FreeBSD: src/sys/ia64/include/varargs.h,v 1.3 2002/08/21 16:19:59 mike Exp $
+ * $FreeBSD: src/sys/ia64/include/varargs.h,v 1.4 2002/10/06 22:02:06 mike Exp $
  */
 
 #ifndef _MACHINE_VARARGS_H_
@@ -45,7 +45,11 @@
 
 #include <sys/_types.h>
 
+#ifndef _VA_LIST_DECLARED
+#define	_VA_LIST_DECLARED
 typedef	__va_list	va_list;
+#endif
+
 typedef int __builtin_va_alist_t __attribute__((__mode__(__word__)));
 
 #define	va_alist		__builtin_va_alist

==== //depot/projects/trustedbsd/base/sys/kern/kern_mac.c#17 (text+ko) ====

@@ -36,7 +36,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $FreeBSD: src/sys/kern/kern_mac.c,v 1.40 2002/10/06 02:46:25 rwatson Exp $
+ * $FreeBSD: src/sys/kern/kern_mac.c,v 1.41 2002/10/06 14:39:14 rwatson Exp $
  */
 /*
  * Developed by the TrustedBSD Project.
@@ -761,10 +761,18 @@
 			mpc->mpc_ops->mpo_check_socket_listen =
 			    mpe->mpe_function;
 			break;
+		case MAC_CHECK_SOCKET_RECEIVE:
+			mpc->mpc_ops->mpo_check_socket_receive =
+			    mpe->mpe_function;
+			break;
 		case MAC_CHECK_SOCKET_RELABEL:
 			mpc->mpc_ops->mpo_check_socket_relabel =
 			    mpe->mpe_function;
 			break;
+		case MAC_CHECK_SOCKET_SEND:
+			mpc->mpc_ops->mpo_check_socket_send =
+			    mpe->mpe_function;
+			break;
 		case MAC_CHECK_SOCKET_VISIBLE:
 			mpc->mpc_ops->mpo_check_socket_visible =
 			    mpe->mpe_function;
@@ -2961,6 +2969,19 @@
 	return (error);
 }
 
+int
+mac_check_socket_receive(struct ucred *cred, struct socket *so)
+{
+	int error;
+
+	if (!mac_enforce_socket)
+		return (0);
+
+	MAC_CHECK(check_socket_receive, cred, so, &so->so_label);
+
+	return (error);
+}
+
 static int
 mac_check_socket_relabel(struct ucred *cred, struct socket *socket,
     struct label *newlabel)
@@ -2974,6 +2995,19 @@
 }
 
 int
+mac_check_socket_send(struct ucred *cred, struct socket *so)
+{
+	int error;
+
+	if (!mac_enforce_socket)
+		return (0);
+
+	MAC_CHECK(check_socket_send, cred, so, &so->so_label);
+
+	return (error);
+}
+
+int
 mac_check_socket_visible(struct ucred *cred, struct socket *socket)
 {
 	int error;

==== //depot/projects/trustedbsd/base/sys/kern/sys_socket.c#11 (text+ko) ====

@@ -31,12 +31,15 @@
  * SUCH DAMAGE.
  *
  *	@(#)sys_socket.c	8.1 (Berkeley) 6/10/93
- * $FreeBSD: src/sys/kern/sys_socket.c,v 1.45 2002/10/03 02:12:58 truckman Exp $
+ * $FreeBSD: src/sys/kern/sys_socket.c,v 1.46 2002/10/06 14:39:14 rwatson Exp $
  */
 
+#include "opt_mac.h"
+
 #include <sys/param.h>
 #include <sys/systm.h>
 #include <sys/file.h>
+#include <sys/mac.h>
 #include <sys/protosw.h>
 #include <sys/socket.h>
 #include <sys/socketvar.h>
@@ -68,6 +71,13 @@
 	int error;
 
 	mtx_lock(&Giant);
+#ifdef MAC
+	error = mac_check_socket_receive(active_cred, so);
+	if (error) {
+		mtx_unlock(&Giant);
+		return (error);
+	}
+#endif
 	error = so->so_proto->pr_usrreqs->pru_soreceive(so, 0, uio, 0, 0, 0);
 	mtx_unlock(&Giant);
 	return (error);
@@ -86,6 +96,13 @@
 	int error;
 
 	mtx_lock(&Giant);
+#ifdef MAC
+	error = mac_check_socket_send(active_cred, so);
+	if (error) {
+		mtx_unlock(&Giant);
+		return (error);
+	}
+#endif
 	error = so->so_proto->pr_usrreqs->pru_sosend(so, 0, uio, 0, 0, 0,
 						    uio->uio_td);
 	mtx_unlock(&Giant);

==== //depot/projects/trustedbsd/base/sys/kern/uipc_syscalls.c#21 (text+ko) ====

@@ -34,7 +34,7 @@
  * SUCH DAMAGE.
  *
  *	@(#)uipc_syscalls.c	8.4 (Berkeley) 2/21/94
- * $FreeBSD: src/sys/kern/uipc_syscalls.c,v 1.131 2002/10/03 02:12:58 truckman Exp $
+ * $FreeBSD: src/sys/kern/uipc_syscalls.c,v 1.132 2002/10/06 14:39:14 rwatson Exp $
  */
 
 #include "opt_compat.h"
@@ -607,6 +607,13 @@
 
 	if ((error = fgetsock(td, s, &so, NULL)) != 0)
 		return (error);
+
+#ifdef MAC
+	error = mac_check_socket_send(td->td_ucred, so);
+	if (error)
+		goto bad;
+#endif
+
 	auio.uio_iov = mp->msg_iov;
 	auio.uio_iovcnt = mp->msg_iovlen;
 	auio.uio_segflg = UIO_USERSPACE;
@@ -884,6 +891,15 @@
 
 	if ((error = fgetsock(td, s, &so, NULL)) != 0)
 		return (error);
+
+#ifdef MAC
+	error = mac_check_socket_receive(td->td_ucred, so);
+	if (error) {
+		fputsock(so);
+		return (error);
+	}
+#endif
+
 	auio.uio_iov = mp->msg_iov;
 	auio.uio_iovcnt = mp->msg_iovlen;
 	auio.uio_segflg = UIO_USERSPACE;
@@ -1734,6 +1750,12 @@
 		goto done;
 	}
 
+#ifdef MAC
+	error = mac_check_socket_send(td->td_ucred, so);
+	if (error)
+		goto done;
+#endif
+
 	/*
 	 * If specified, get the pointer to the sf_hdtr struct for
 	 * any headers/trailers.

==== //depot/projects/trustedbsd/base/sys/net/bridge.c#10 (text+ko) ====

@@ -24,7 +24,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $FreeBSD: src/sys/net/bridge.c,v 1.55 2002/09/12 01:05:46 luigi Exp $
+ * $FreeBSD: src/sys/net/bridge.c,v 1.56 2002/10/06 14:02:35 mux Exp $
  */
 
 /*
@@ -845,7 +845,7 @@
 	ifp = dst ;
 	once = 1 ;
     }
-    if ( (u_int)(ifp) <= (u_int)BDG_FORWARD )
+    if ((uintptr_t)(ifp) <= (u_int)BDG_FORWARD)
 	panic("bdg_forward: bad dst");
 
     /*

==== //depot/projects/trustedbsd/base/sys/powerpc/include/stdarg.h#5 (text+ko) ====

@@ -25,15 +25,19 @@
  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  *
  *	$NetBSD: stdarg.h,v 1.5 2000/02/27 17:50:21 tsubai Exp $
- * $FreeBSD: src/sys/powerpc/include/stdarg.h,v 1.6 2002/09/18 07:33:16 mike Exp $
+ * $FreeBSD: src/sys/powerpc/include/stdarg.h,v 1.7 2002/10/06 22:01:07 mike Exp $
  */
 
-#ifndef _POWERPC_STDARG_H_
-#define	_POWERPC_STDARG_H_
+#ifndef _MACHINE_STDARG_H_
+#define	_MACHINE_STDARG_H_
 
+#include <sys/cdefs.h>
 #include <sys/_types.h>
 
+#ifndef _VA_LIST_DECLARED
+#define	_VA_LIST_DECLARED
 typedef	__va_list	va_list;
+#endif
 
 #if defined(__GNUC__) && (__GNUC__ == 2 && __GNUC_MINOR__ > 95 || __GNUC__ >= 3)
 
@@ -43,8 +47,10 @@
 #define	va_arg(ap, type) \
 	__builtin_va_arg((ap), type)
 
+#if __ISO_C_VISIBLE >= 1999
 #define	va_copy(dest, src) \
 	__builtin_va_copy((dest), (src))
+#endif
 
 #define	va_end(ap) \
 	__builtin_va_end(ap)
@@ -127,13 +133,15 @@
 
 #define	va_end(ap)	
 
+#if __ISO_C_VISIBLE >= 1999
 #if !defined(_ANSI_SOURCE) &&						\
     (!defined(_POSIX_C_SOURCE) && !defined(_XOPEN_SOURCE) ||		\
      defined(_ISOC99_SOURCE) || (__STDC_VERSION__ - 0) >= 199901L)
 #define	va_copy(dest, src)						\
 	((dest) = (src))
 #endif
+#endif
 
 #endif /* __GNUC__ post GCC 2.95 */
 
-#endif /* _POWERPC_STDARG_H_ */
+#endif /* _MACHINE_STDARG_H_ */

==== //depot/projects/trustedbsd/base/sys/powerpc/include/varargs.h#4 (text+ko) ====

@@ -25,7 +25,7 @@
  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
  *	$NetBSD: varargs.h,v 1.5 2000/02/27 17:50:22 tsubai Exp $
- * $FreeBSD: src/sys/powerpc/include/varargs.h,v 1.3 2002/08/21 16:19:59 mike Exp $
+ * $FreeBSD: src/sys/powerpc/include/varargs.h,v 1.4 2002/10/06 22:02:06 mike Exp $
  */
 
 #ifndef _POWERPC_VARARGS_H_
@@ -35,7 +35,11 @@
 
 #include <sys/_types.h>
 
+#ifndef _VA_LIST_DECLARED
+#define	_VA_LIST_DECLARED
 typedef	__va_list	va_list;
+#endif
+
 typedef int __builtin_va_alist_t __attribute__((__mode__(__word__)));
 
 #define	va_alist		__builtin_va_alist

==== //depot/projects/trustedbsd/base/sys/security/mac_biba/mac_biba.c#9 (text+ko) ====

@@ -34,7 +34,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $FreeBSD: src/sys/security/mac_biba/mac_biba.c,v 1.17 2002/10/06 02:46:25 rwatson Exp $
+ * $FreeBSD: src/sys/security/mac_biba/mac_biba.c,v 1.18 2002/10/06 13:11:01 rwatson Exp $
  */
 
 /*
@@ -1588,7 +1588,7 @@
 			return (EACCES);
 	}
 
-	return (0);   
+	return (0);
 }
 
 static int

==== //depot/projects/trustedbsd/base/sys/sparc64/include/stdarg.h#5 (text+ko) ====

@@ -35,15 +35,19 @@
  *
  *	@(#)stdarg.h	8.2 (Berkeley) 9/27/93
  *	$NetBSD: stdarg.h,v 1.11 2000/07/23 21:36:56 mycroft Exp $
- * $FreeBSD: src/sys/sparc64/include/stdarg.h,v 1.5 2002/09/18 07:33:16 mike Exp $
+ * $FreeBSD: src/sys/sparc64/include/stdarg.h,v 1.6 2002/10/06 22:01:07 mike Exp $
  */
 
 #ifndef _MACHINE_STDARG_H_
 #define	_MACHINE_STDARG_H_
 
+#include <sys/cdefs.h>
 #include <sys/_types.h>
 
+#ifndef _VA_LIST_DECLARED
+#define	_VA_LIST_DECLARED
 typedef	__va_list	va_list;
+#endif
 
 #if defined(__GNUC__) && (__GNUC__ == 2 && __GNUC_MINOR__ > 95 || __GNUC__ >= 3)
 
@@ -53,8 +57,10 @@
 #define	va_arg(ap, type) \
 	__builtin_va_arg((ap), type)
 
+#if __ISO_C_VISIBLE >= 1999
 #define	va_copy(dest, src) \
 	__builtin_va_copy((dest), (src))
+#endif
 
 #define	va_end(ap) \
 	__builtin_va_end(ap)

==== //depot/projects/trustedbsd/base/sys/sparc64/include/varargs.h#4 (text+ko) ====

@@ -46,14 +46,18 @@
  * SUCH DAMAGE.
  *
  *	@(#)varargs.h	8.3 (Berkeley) 3/22/94
- * $FreeBSD: src/sys/sparc64/include/varargs.h,v 1.4 2002/08/21 16:20:00 mike Exp $
+ * $FreeBSD: src/sys/sparc64/include/varargs.h,v 1.5 2002/10/06 22:02:06 mike Exp $
  */
 
 #if defined(__GNUC__) && (__GNUC__ == 2 && __GNUC_MINOR__ > 95 || __GNUC__ >= 3)
 
 #include <sys/_types.h>
 
+#ifndef _VA_LIST_DECLARED
+#define	_VA_LIST_DECLARED
 typedef	__va_list	va_list;
+#endif
+
 typedef int __builtin_va_alist_t __attribute__((__mode__(__word__)));
 
 #define	va_alist		__builtin_va_alist

==== //depot/projects/trustedbsd/base/sys/sys/mac.h#9 (text+ko) ====

@@ -34,7 +34,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $FreeBSD: src/sys/sys/mac.h,v 1.13 2002/10/06 02:46:26 rwatson Exp $
+ * $FreeBSD: src/sys/sys/mac.h,v 1.14 2002/10/06 14:39:15 rwatson Exp $
  */
 /*
  * Userland/kernel interface for Mandatory Access Control.
@@ -319,6 +319,8 @@
 	    struct sockaddr *sockaddr);
 int	mac_check_socket_deliver(struct socket *so, struct mbuf *m);
 int	mac_check_socket_listen(struct ucred *cred, struct socket *so);
+int	mac_check_socket_receive(struct ucred *cred, struct socket *so);
+int	mac_check_socket_send(struct ucred *cred, struct socket *so);
 int	mac_check_socket_visible(struct ucred *cred, struct socket *so);
 int	mac_check_vnode_access(struct ucred *cred, struct vnode *vp,
 	    int flags);

==== //depot/projects/trustedbsd/base/sys/sys/mac_policy.h#11 (text+ko) ====

@@ -34,7 +34,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $FreeBSD: src/sys/sys/mac_policy.h,v 1.15 2002/10/06 02:46:26 rwatson Exp $
+ * $FreeBSD: src/sys/sys/mac_policy.h,v 1.16 2002/10/06 14:39:15 rwatson Exp $
  */
 /*
  * Kernel interface for MAC policy modules.
@@ -271,9 +271,13 @@
 		    struct label *mbuflabel);
 	int	(*mpo_check_socket_listen)(struct ucred *cred,
 		    struct socket *so, struct label *socketlabel);
+	int	(*mpo_check_socket_receive)(struct ucred *cred,
+		    struct socket *so, struct label *socketlabel);
 	int	(*mpo_check_socket_relabel)(struct ucred *cred,
 		    struct socket *so, struct label *socketlabel,
 		    struct label *newlabel);
+	int	(*mpo_check_socket_send)(struct ucred *cred,
+		    struct socket *so, struct label *socketlabel);
 	int	(*mpo_check_socket_visible)(struct ucred *cred,
 		    struct socket *so, struct label *socketlabel);
 	int	(*mpo_check_vnode_access)(struct ucred *cred,
@@ -454,7 +458,9 @@
 	MAC_CHECK_SOCKET_CONNECT,
 	MAC_CHECK_SOCKET_DELIVER,
 	MAC_CHECK_SOCKET_LISTEN,
+	MAC_CHECK_SOCKET_RECEIVE,
 	MAC_CHECK_SOCKET_RELABEL,
+	MAC_CHECK_SOCKET_SEND,
 	MAC_CHECK_SOCKET_VISIBLE,
 	MAC_CHECK_VNODE_ACCESS,
 	MAC_CHECK_VNODE_CHDIR,

==== //depot/projects/trustedbsd/base/sys/x86_64/include/stdarg.h#4 (text+ko) ====

>>> TRUNCATED FOR MAIL (1000 lines) <<<
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message