PERFORCE change 39745 for review

Wed Oct 15 14:10:05 GMT 2003

http://perforce.freebsd.org/chv.cgi?CH=39745

Change 39745 by cvance at cvance_osx_laptop on 2003/10/15 07:09:54

	Register two sebsd sysctls, so we can at least tell that the module has
	loaded correctly

Affected files ...

.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/sebsd.c#5 edit
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/sebsd.h#2 edit
.. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/sebsd_sysctl.c#3 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/sebsd.c#5 (text+ko) ====

@@ -92,6 +92,7 @@
 sebsd_init(struct mac_policy_conf *mpc)
 {
 	printf("sebsd:: init\n");
+	sebsd_register_sysctls();
 #if 0
 	avc_init();
 	if (security_init()) {

==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/sebsd.h#2 (text+ko) ====

@@ -45,19 +45,22 @@
 
 extern int avc_debug_always_allow;
 
-#ifdef _KERNEL
+#if defined(_KERNEL) || defined (KERNEL)
 
-#ifndef _M_SEBSD_DEF
+#if !defined(_M_SEBSD_DEF) && !defined(APPLE)
 MALLOC_DECLARE(M_SEBSD);
 #define _M_SEBSD_DEF
 #endif
 
 extern int sebsd_verbose;
 
+extern void sebsd_register_sysctls(void);
 extern int security_init(void);
+#if 0
 extern int sebsd_syscall(struct thread *td, int call, void *args);
 extern int thread_has_system(struct thread *td, access_vector_t perm);
 extern int thread_has_security(struct thread *td, access_vector_t perm);
+#endif
 #endif /* _KERNEL */
 
 #endif /* _SYS_SECURITY_SEBSD_H */

==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/sebsd_sysctl.c#3 (text+ko) ====

@@ -34,7 +34,6 @@
  * $FreeBSD$
  */
 
-#if 0
 #include <sys/types.h>
 #include <sys/param.h>
 #include <sys/kernel.h>
@@ -51,6 +50,11 @@
 #include <security/sebsd/sebsd_syscalls.h>
 #include <security/sebsd/avc/avc.h>
 
+#ifdef APPLE
+#define	TUNABLE_INT(x, y)
+#endif
+
+#if 0
 /*
  * Sysctl handler for security.mac.sebsd.sids
  * Lists the SIDs currently active in the security server
@@ -96,13 +100,18 @@
 	FREE(buffer, M_TEMP);
 	return (error);
 }
+#endif
 
 /*
  * Sysctl handler for security.mac.sebsd.enforcing
  * Get and/or set whether the avc is in enforcement mode.
  */
 static int
+#ifdef APPLE
+sysctl_sebsd_enforcing SYSCTL_HANDLER_ARGS
+#else
 sysctl_sebsd_enforcing(SYSCTL_HANDLER_ARGS)
+#endif
 {
 	int error, enforcing;
 
@@ -112,6 +121,7 @@
 	if (error)
 		return (error);
 
+#if 0
 	if (req->newptr != NULL) {
 		error = SYSCTL_IN(req, &enforcing, sizeof(enforcing));
 		if (error)
@@ -123,10 +133,12 @@
 
 		selinux_enforcing = enforcing;
 	}
+#endif
 
 	return (0);
 }
 
+#if 0
 /*
  * Sysctl handler for security.mac.sebsd.user_sids
  * Lists the SIDs currently available for transition to by a given
@@ -299,6 +311,7 @@
 	sebsd_free(scontext, M_SEBSD);
 	return (error);
 }
+#endif
 
 SYSCTL_DECL(_security_mac);
 SYSCTL_NODE(_security_mac, OID_AUTO, sebsd, CTLFLAG_RW, 0,
@@ -307,7 +320,7 @@
 SYSCTL_INT(_security_mac_sebsd, OID_AUTO, verbose, CTLFLAG_RW,
 	   &sebsd_verbose, 0, " SEBSD Verbose Debug Stuff");
 TUNABLE_INT("security.mac.sebsd.verbose", &sebsd_verbose);
-
+#if 0
 SYSCTL_PROC(_security_mac_sebsd, OID_AUTO, sids, CTLTYPE_STRING|CTLFLAG_RD,
 	   NULL, 0, sysctl_list_sids, "A", "SEBSD SIDs");
 SYSCTL_PROC(_security_mac_sebsd, OID_AUTO, user_sids, CTLTYPE_STRING |
@@ -319,6 +332,15 @@
 SYSCTL_PROC(_security_mac_sebsd, OID_AUTO, compute_av, CTLTYPE_STRING |
  	   CTLFLAG_RW | CTLFLAG_ANYBODY, NULL, 0, sysctl_compute_av, "A",
 	   "SEBSD access vector decision query");
+#endif
 SYSCTL_PROC(_security_mac_sebsd, OID_AUTO, enforcing, CTLTYPE_INT | CTLFLAG_RW,
 	   NULL, 0, sysctl_sebsd_enforcing, "I", "SEBSD avc enforcement");
-#endif /* 0 */
+
+void
+sebsd_register_sysctls()
+{
+	sysctl_register_oid(&sysctl__security_mac_sebsd);
+	sysctl_register_oid(&sysctl__security_mac_sebsd_verbose);
+	sysctl_register_oid(&sysctl__security_mac_sebsd_enforcing);
+}
+
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

