PERFORCE change 39485 for review

Hrishikesh Dandekar hdandeka at FreeBSD.org
Sat Oct 11 01:07:49 GMT 2003 

http://perforce.freebsd.org/chv.cgi?CH=39485

Change 39485 by hdandeka at hdandeka_yash on 2003/10/10 18:07:27

	Make System V IPC and Posix.1b sem related changes.

Affected files ...

.. //depot/projects/trustedbsd/sebsd_policy/policy/flask/access_vectors#3 edit
.. //depot/projects/trustedbsd/sebsd_policy/policy/flask/security_classes#2 edit
.. //depot/projects/trustedbsd/sebsd_policy/policy/macros/global_macros.te#7 edit

Differences ...

==== //depot/projects/trustedbsd/sebsd_policy/policy/flask/access_vectors#3 (text+ko) ====

@@ -261,15 +261,21 @@
 {
 	send
 	receive
+	destroy
 }
 
 class shm
 inherits ipc
+
+class posix_sem
 {
-	lock
+	associate
+	disassociate
+	destroy
+	write
+	read
 }
 
-
 #
 # Define the access vector interpretation for the security server. 
 #

==== //depot/projects/trustedbsd/sebsd_policy/policy/flask/security_classes#2 (text+ko) ====

@@ -40,6 +40,9 @@
 class shm
 class ipc
 
+#Posix.1b-related classes
+class posix_sem
+
 #
 # userspace object manager classes
 #

==== //depot/projects/trustedbsd/sebsd_policy/policy/macros/global_macros.te#7 (text+ko) ====

@@ -163,8 +163,11 @@
 define(`rw_msgq_perms', `{ associate getattr read write enqueue unix_read unix_write }')
 define(`create_msgq_perms', `{ associate getattr setattr create destroy read write enqueue unix_read unix_write }')
 define(`r_shm_perms', `{ associate getattr read unix_read }')
-define(`rw_shm_perms', `{ associate getattr read write lock unix_read unix_write }')
-define(`create_shm_perms', `{ associate getattr setattr create destroy read write lock unix_read unix_write }')
+define(`rw_shm_perms', `{ associate getattr read write unix_read unix_write }')
+define(`create_shm_perms', `{ associate getattr setattr create destroy read write unix_read unix_write }')
+define(`r_posix_sem_perms', `{ associate disassociate read }')
+define(`rw_posix_sem_perms', `{ associate disassociate write read }')
+define(`create_posix_sem_perms', `{ associate disassociate destroy write read }')
 
 #################################
 # 
@@ -719,9 +722,10 @@
 
 # Access System V IPC objects created by processes in the same domain.
 allow $1 self:sem  create_sem_perms;
-allow $1 self:msg  { send receive };
+allow $1 self:msg  { send receive destroy };
 allow $1 self:msgq create_msgq_perms;
 allow $1 self:shm  create_shm_perms;
+allow $1 self:posix_sem  create_posix_sem_perms;
 ')
 
 #
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

More information about the trustedbsd-cvs mailing list