PERFORCE change 39641 for review
Chris Vance
cvance at FreeBSD.org
Mon Oct 13 15:10:51 GMT 2003
http://perforce.freebsd.org/chv.cgi?CH=39641
Change 39641 by cvance at cvance_osx_laptop on 2003/10/13 08:10:02
Another batch of changes to get the sebsd "module" to compile on
Darwin. Somehow managed to miss these on the last mass-commit.
Affected files ...
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/avc/avc.c#3 edit
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/avc/avc.h#3 edit
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/ss/context.h#3 edit
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/ss/ebitmap.h#3 edit
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/ss/global.h#3 edit
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/ss/init.c#3 edit
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/ss/queue.c#3 edit
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/ss/sidtab.c#3 edit
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/ss/sidtab.h#3 edit
Differences ...
==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/avc/avc.c#3 (text+ko) ====
@@ -11,8 +11,6 @@
* as published by the Free Software Foundation.
*/
-#include "opt_mac.h"
-
#include <sys/types.h>
#include <sys/param.h>
#include <sys/conf.h>
@@ -20,18 +18,16 @@
#include <sys/mac.h>
#include <sys/malloc.h>
#include <sys/mount.h>
-#include <sys/mutex.h>
#include <sys/proc.h>
#include <sys/systm.h>
-#include <sys/sysproto.h>
-#include <sys/sysent.h>
#include <sys/vnode.h>
+#ifdef CAPABILITIES
#include <sys/capability.h>
+#endif
-#include <vm/vm.h>
-
#include <sys/mac_policy.h>
+#include <security/sebsd/linux-compat.h>
#include <security/sebsd/avc/avc.h>
#include <security/sebsd/avc/avc_ss.h>
#include <security/sebsd/avc/class_to_string.h>
@@ -76,8 +72,10 @@
struct avc_callback_node *next;
};
+#ifndef __APPLE__
static struct mtx avc_lock;
static struct mtx avc_log_lock;
+#endif
static struct avc_node *avc_node_freelist = NULL;
static struct avc_cache avc_cache;
static char *avc_audit_buffer = NULL;
@@ -196,7 +194,7 @@
"%d entries\n", i);
break;
}
- memset(new, 0, sizeof(*new));
+ bzero(new, sizeof(*new));
new->next = avc_node_freelist;
avc_node_freelist = new;
}
@@ -209,8 +207,7 @@
mtx_init(&avc_log_lock, "SEBSD message lock", NULL, MTX_DEF);
/* The fetch may or may not occur; if not, it doesn't change int *. */
- TUNABLE_INT_FETCH("security.mac.sebsd.enforcing",
- &selinux_enforcing);
+ TUNABLE_INT_FETCH("security.mac.sebsd.enforcing", &selinux_enforcing);
}
#if 0
@@ -525,6 +522,9 @@
security_class_t tclass, access_vector_t requested,
struct av_decision *avd, int result, struct avc_audit_data *a)
{
+#ifdef __APPLE__
+ struct proc *curproc = current_proc();
+#endif
struct proc *tsk = curproc;
access_vector_t denied, audited;
@@ -560,6 +560,7 @@
case AVC_AUDIT_DATA_IPC:
printk(" key=%d", a->u.ipc_id);
break;
+#ifdef CAPABILITIES
case AVC_AUDIT_DATA_CAP:
{
const char *capt = capv_to_text (a->u.cap);
@@ -569,14 +570,23 @@
printk(" capability=%s", capv_to_text (a->u.cap));
}
break;
+#endif
case AVC_AUDIT_DATA_FS:
if (a->u.fs.vp) {
struct vnode *vp = a->u.fs.vp;
struct vattr va;
+#ifdef __APPLE__
+ struct proc *curproc = current_proc();
+ if (VOP_ISLOCKED(vp) &&
+ !VOP_GETATTR(vp, &va,
+ curproc->p_ucred,
+ curproc)) {
+#else
if (VOP_ISLOCKED(vp, curthread) &&
!VOP_GETATTR(vp, &va,
curthread->td_ucred,
curthread)) {
+#endif
printf(" inode=%ld, mountpoint=%s, ",
va.va_fileid,
vp->v_mount->mnt_stat.f_mntonname);
==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/avc/avc.h#3 (text+ko) ====
@@ -6,15 +6,19 @@
#ifndef _SELINUX_AVC_H_
#define _SELINUX_AVC_H_
-#ifdef _KERNEL
+#if defined(_KERNEL) || defined(KERNEL)
#include <sys/malloc.h>
#include <sys/lock.h>
+#ifndef __APPLE__
#include <sys/mutex.h>
+#endif
#else /* _KERNEL */
#include <unistd.h>
#endif /* _KERNEL */
+#ifdef CAPABILITIES
#include <sys/capability.h>
+#endif
#include <security/sebsd/flask.h>
#include <security/sebsd/sebsd.h>
@@ -65,15 +69,21 @@
u16 port;
u32 daddr;
} net;
+#ifdef CAPABILITIES
cap_value_t cap;
+#endif
int ipc_id;
} u;
};
/* Initialize an AVC audit data structure. */
+#ifdef __APPLE__
#define AVC_AUDIT_DATA_INIT(_d,_t) \
+ { bzero((_d), sizeof(struct avc_audit_data)); (_d)->type = AVC_AUDIT_DATA_##_t; }
+#else
+#define AVC_AUDIT_DATA_INIT(_d,_t) \
{ memset((_d), 0, sizeof(struct avc_audit_data)); (_d)->type = AVC_AUDIT_DATA_##_t; }
-
+#endif
/*
* AVC statistics
*/
==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/ss/context.h#3 (text+ko) ====
@@ -88,7 +88,7 @@
static inline void context_init(struct context *c)
{
- memset(c, 0, sizeof(*c));
+ bzero(c, sizeof(*c));
}
static inline int context_cpy(struct context *dst, struct context *src)
==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/ss/ebitmap.h#3 (text+ko) ====
@@ -14,12 +14,16 @@
#ifndef _SS_EBITMAP_H_
#define _SS_EBITMAP_H_
+#ifdef __APPLE__
+#include <sys/systm.h>
+#else
#ifdef _KERNEL
#include <sys/libkern.h>
#else
#include <stdlib.h>
#include <stdio.h>
#endif
+#endif
#include <security/sebsd/linux-compat.h>
@@ -43,7 +47,7 @@
static inline void ebitmap_init(struct ebitmap *e)
{
- memset(e, 0, sizeof(*e));
+ bzero(e, sizeof(*e));
}
int ebitmap_cmp(struct ebitmap *e1, struct ebitmap *e2);
@@ -55,7 +59,7 @@
void ebitmap_destroy(struct ebitmap *e);
int ebitmap_read(struct ebitmap *e, void *fp);
-#if !defined(__KERNEL__) && !defined(_KERNEL)
+#if !defined(__KERNEL__) && !defined(_KERNEL) && !defined(KERNEL)
int ebitmap_write(struct ebitmap * e, FILE * fp);
#endif
==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/ss/global.h#3 (text+ko) ====
@@ -23,7 +23,7 @@
*/
#include <sys/malloc.h>
-#ifdef _KERNEL
+#if defined(_KERNEL) || defined(KERNEL)
#define sebsd_malloc(a,b,c) malloc(a,b,c)
#define sebsd_free(a,b) free(a,b)
#else /* _KERNEL */
==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/ss/init.c#3 (text+ko) ====
@@ -14,7 +14,9 @@
#include <sys/kernel.h>
#include <sys/malloc.h>
#include <sys/systm.h>
+#ifndef __APPLE__
#include <sys/linker.h>
+#endif
#include <security/sebsd/linux-compat.h>
#include <security/sebsd/sebsd.h>
@@ -36,6 +38,10 @@
printf("security: starting up (compiled " __DATE__ ")\n");
+#ifndef __APPLE__
+/*
+ * TBD: No way to load policy on Darwin (yet)
+ */
lh = preload_search_by_type ("sebsd_policy");
if (lh == NULL)
goto loaderr;
@@ -56,6 +62,7 @@
printf("security: error while reading policy, cannot initialize.\n");
return EINVAL;
}
+#endif
return 0;
==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/ss/queue.c#3 (text+ko) ====
@@ -7,7 +7,7 @@
* Implementation of the double-ended queue type.
*/
-#if defined(__FreeBSD__) && defined(_KERNEL)
+#if (defined(__FreeBSD__) && defined(_KERNEL)) || defined(__APPLE__) && defined(KERNEL)
#include <sys/param.h>
#include <sys/conf.h>
#include <sys/kernel.h>
==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/ss/sidtab.c#3 (text+ko) ====
@@ -7,7 +7,9 @@
#include <sys/param.h>
#include <sys/types.h>
#include <sys/errno.h>
+#ifndef __APPLE__
#include <sys/limits.h>
+#endif
#include <sys/time.h>
#include <security/sebsd/ss/sidtab.h>
#include <security/sebsd/linux-compat.h>
==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/ss/sidtab.h#3 (text+ko) ====
@@ -12,7 +12,10 @@
#include <security/sebsd/flask_types.h>
#include <sys/lock.h>
+
+#ifndef __APPLE__
#include <sys/mutex.h>
+#endif
struct sidtab_node {
security_id_t sid; /* security identifier */
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list