PERFORCE change 67592 for review

Andrew Reisse areisse at FreeBSD.org
Thu Dec 23 18:24:47 GMT 2004 

http://perforce.freebsd.org/chv.cgi?CH=67592

Change 67592 by areisse at areisse_tislabs on 2004/12/23 18:23:47

	Install flask generated files from the new policy to the kernel.

Affected files ...

.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/av_perm_to_string.h#6 edit
.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/av_permissions.h#7 edit
.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/initial_sid_to_string.h#5 edit
.. //depot/projects/trustedbsd/sebsd/sys/security/sebsd/flask.h#6 edit

Differences ...

==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/av_perm_to_string.h#6 (text+ko) ====

@@ -31,6 +31,9 @@
    { SECCLASS_TCP_SOCKET, TCP_SOCKET__CONNECTTO, "connectto" },
    { SECCLASS_TCP_SOCKET, TCP_SOCKET__NEWCONN, "newconn" },
    { SECCLASS_TCP_SOCKET, TCP_SOCKET__ACCEPTFROM, "acceptfrom" },
+   { SECCLASS_TCP_SOCKET, TCP_SOCKET__NODE_BIND, "node_bind" },
+   { SECCLASS_UDP_SOCKET, UDP_SOCKET__NODE_BIND, "node_bind" },
+   { SECCLASS_RAWIP_SOCKET, RAWIP_SOCKET__NODE_BIND, "node_bind" },
    { SECCLASS_NODE, NODE__TCP_RECV, "tcp_recv" },
    { SECCLASS_NODE, NODE__TCP_SEND, "tcp_send" },
    { SECCLASS_NODE, NODE__UDP_RECV, "udp_recv" },
@@ -76,6 +79,7 @@
    { SECCLASS_MSG, MSG__SEND, "send" },
    { SECCLASS_MSG, MSG__RECEIVE, "receive" },
    { SECCLASS_MSG, MSG__DESTROY, "destroy" },
+   { SECCLASS_SHM, SHM__LOCK, "lock" },
    { SECCLASS_POSIX_SEM, POSIX_SEM__ASSOCIATE, "associate" },
    { SECCLASS_POSIX_SEM, POSIX_SEM__DISASSOCIATE, "disassociate" },
    { SECCLASS_POSIX_SEM, POSIX_SEM__DESTROY, "destroy" },
@@ -141,6 +145,8 @@
    { SECCLASS_PASSWD, PASSWD__PASSWD, "passwd" },
    { SECCLASS_PASSWD, PASSWD__CHFN, "chfn" },
    { SECCLASS_PASSWD, PASSWD__CHSH, "chsh" },
+   { SECCLASS_PASSWD, PASSWD__ROOTOK, "rootok" },
+   { SECCLASS_PASSWD, PASSWD__CRONTAB, "crontab" },
 };
 
 #define AV_PERM_TO_STRING_SIZE (sizeof(av_perm_to_string)/sizeof(av_perm_to_string_t))

==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/av_permissions.h#7 (text+ko) ====

@@ -280,6 +280,7 @@
 #define TCP_SOCKET__CONNECTTO                     0x0000000001000000UL
 #define TCP_SOCKET__NEWCONN                       0x0000000002000000UL
 #define TCP_SOCKET__ACCEPTFROM                    0x0000000004000000UL
+#define TCP_SOCKET__NODE_BIND                     0x0000000008000000UL
 
 #define UDP_SOCKET__TRANSITION                    0x0000000000000400UL
 #define UDP_SOCKET__SHUTDOWN                      0x0000000000040000UL
@@ -306,6 +307,8 @@
 #define UDP_SOCKET__IOCTL                         0x0000000000000002UL
 #define UDP_SOCKET__RELABELTO                     0x0000000000000200UL
 
+#define UDP_SOCKET__NODE_BIND                     0x0000000001000000UL
+
 #define RAWIP_SOCKET__TRANSITION                  0x0000000000000400UL
 #define RAWIP_SOCKET__SHUTDOWN                    0x0000000000040000UL
 #define RAWIP_SOCKET__POLL                        0x0000000000000001UL
@@ -331,6 +334,8 @@
 #define RAWIP_SOCKET__IOCTL                       0x0000000000000002UL
 #define RAWIP_SOCKET__RELABELTO                   0x0000000000000200UL
 
+#define RAWIP_SOCKET__NODE_BIND                   0x0000000001000000UL
+
 #define NODE__TCP_RECV                            0x0000000000000001UL
 #define NODE__TCP_SEND                            0x0000000000000002UL
 #define NODE__UDP_RECV                            0x0000000000000004UL
@@ -547,6 +552,8 @@
 #define SHM__DESTROY                              0x0000000000000002UL
 #define SHM__GETATTR                              0x0000000000000004UL
 
+#define SHM__LOCK                                 0x0000000000000200UL
+
 #define POSIX_SEM__ASSOCIATE                      0x0000000000000001UL
 #define POSIX_SEM__DISASSOCIATE                   0x0000000000000002UL
 #define POSIX_SEM__DESTROY                        0x0000000000000004UL
@@ -616,6 +623,8 @@
 #define PASSWD__PASSWD                            0x0000000000000001UL
 #define PASSWD__CHFN                              0x0000000000000002UL
 #define PASSWD__CHSH                              0x0000000000000004UL
+#define PASSWD__ROOTOK                            0x0000000000000008UL
+#define PASSWD__CRONTAB                           0x0000000000000010UL
 
 
 /* FLASK */

==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/avc/initial_sid_to_string.h#5 (text+ko) ====

@@ -26,10 +26,8 @@
     "sysctl_vm",
     "sysctl_dev",
     "kmod",
-    "devfs",
-    "devpts",
-    "nfs",
     "policy",
-    "tmpfs",
+    "scmp_packet",
+    "devnull",
 };
 

==== //depot/projects/trustedbsd/sebsd/sys/security/sebsd/flask.h#6 (text+ko) ====

@@ -66,12 +66,10 @@
 #define SECINITSID_SYSCTL_VM                            22
 #define SECINITSID_SYSCTL_DEV                           23
 #define SECINITSID_KMOD                                 24
-#define SECINITSID_DEVFS                                25
-#define SECINITSID_DEVPTS                               26
-#define SECINITSID_NFS                                  27
-#define SECINITSID_POLICY                               28
-#define SECINITSID_TMPFS                                29
+#define SECINITSID_POLICY                               25
+#define SECINITSID_SCMP_PACKET                          26
+#define SECINITSID_DEVNULL                              27
 
-#define SECINITSID_NUM                                  29
+#define SECINITSID_NUM                                  27
 
 #endif
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

More information about the trustedbsd-cvs mailing list