PERFORCE change 104088 for review
Todd Miller
millert at FreeBSD.org
Tue Aug 15 18:28:37 UTC 2006
http://perforce.freebsd.org/chv.cgi?CH=104088
Change 104088 by millert at millert_macbook on 2006/08/15 18:25:27
Update to libselinux 1.30.22 from sourceforge
Affected files ...
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/ChangeLog#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/Makefile#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/VERSION#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/include/selinux/av_permissions.h#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/include/selinux/avc.h#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/include/selinux/context.h#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/include/selinux/flask.h#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/include/selinux/get_context_list.h#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/include/selinux/get_default_type.h#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/include/selinux/selinux.h#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/getfscreatecon.3#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/matchpathcon.3#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man8/booleans.8#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man8/matchpathcon.8#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/Makefile#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/av_inherit.h#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/av_perm_to_string.h#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/avc.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/avc_internal.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/avc_internal.h#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/avc_sidtab.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/avc_sidtab.h#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/booleans.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/canonicalize_context.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/checkAccess.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/check_context.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/class_to_string.h#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/common_perm_to_string.h#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/compat_file_path.h#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/compute_av.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/compute_create.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/compute_member.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/compute_relabel.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/compute_user.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/context.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/context_internal.h#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/disable.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/enabled.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/fgetfilecon.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/file_path_suffixes.h#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/freecon.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/freeconary.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/fsetfilecon.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/get_context_list.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/get_context_list_internal.h#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/get_default_type.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/get_file_contexts.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/getcon.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/getenforce.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/getexeccon.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/getfilecon.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/getfscreatecon.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/getkeycreatecon.c#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/getpeercon.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/getpidcon.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/getprevcon.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/getprocattrcon.c#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/init.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/is_customizable_type.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/lgetfilecon.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/load_migscs.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/load_policy.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/lsetfilecon.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/matchmediacon.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/matchpathcon.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/policy.h#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/policyvers.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/query_user_context.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/rpm.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/sedarwin_config.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/selinux.py#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/selinux_config.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/selinux_internal.h#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/selinux_netlink.h#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/selinuxswig.i#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/selinuxswig_wrap.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/setcon.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/setenforce.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/setexeccon.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/setfilecon.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/setfscreatecon.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/setkeycreatecon.c#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/setprocattrcon.c#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/setrans_client.c#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/setrans_internal.h#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/seusers.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/trans.c#2 delete
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/utils/Makefile#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/utils/avcstat.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/utils/compute_av.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/utils/compute_create.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/utils/compute_member.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/utils/compute_relabel.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/utils/compute_user.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/utils/getcon.c#2 delete
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/utils/getconlist.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/utils/getenforce.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/utils/getfilecon.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/utils/getpidcon.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/utils/getsebool.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/utils/getseuser.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/utils/matchpathcon.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/utils/policyvers.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/utils/selinuxenabled.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/utils/setenforce.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/utils/setfilecon.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/utils/setsebool.c#2 delete
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/utils/togglesebool.c#2 edit
Differences ...
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/ChangeLog#2 (text+ko) ====
@@ -1,3 +1,90 @@
+1.30.22 2006-08-03
+ * Merged no-tls-direct-seg-refs patch from Jeremy Katz.
+
+1.30.21 2006-08-03
+ * Merged netfilter_contexts support patch from Chris PeBenito.
+
+1.30.20 2006-08-01
+ * Merged context_*_set errno patch from Jim Meyering.
+
+1.30.19 2006-06-29
+ * Lindent.
+
+1.30.18 2006-06-27
+ * Merged {get,set}procattrcon patch set from Eric Paris.
+ * Merged re-base of keycreate patch originally by Michael LeMay from Eric Paris.
+
+1.30.17 2006-06-27
+ * Regenerated Flask headers from refpolicy.
+
+1.30.16 2006-06-26
+ * Merged patch from Dan Walsh with:
+ - Added selinux_file_context_{cmp,verify}.
+ - Added selinux_lsetfilecon_default.
+ - Delay translation of contexts in matchpathcon.
+
+1.30.15 2006-06-16
+ * Merged patch from Dan Walsh with:
+ * Added selinux_getpolicytype() function.
+ * Modified setrans code to skip processing if !mls_enabled.
+
+1.30.14 2006-06-16
+ * Set errno in the !selinux_mnt case.
+
+1.30.13 2006-06-02
+ * Allocate large buffers from the heap, not on stack.
+ Affects is_context_customizable, selinux_init_load_policy,
+ and selinux_getenforcemode.
+
+1.30.12 2006-06-02
+ * Merged !selinux_mnt checks from Ian Kent.
+
+1.30.11 2006-05-24
+ * Merged matchmediacon and trans_to_raw_context fixes from
+ Serge Hallyn.
+
+1.30.10 2006-05-22
+ * Merged simple setrans client cache from Dan Walsh.
+ Merged avcstat patch from Russell Coker.
+
+1.30.9 2006-05-22
+ * Modified selinux_mkload_policy() to also set /selinux/compat_net
+ appropriately for the loaded policy.
+
+1.30.8 2006-05-17
+ * Added matchpathcon_fini() function to free memory allocated by
+ matchpathcon_init().
+
+1.30.7 2006-05-16
+ * Merged setrans client cleanup patch from Steve Grubb.
+
+1.30.6 2006-05-08
+ * Merged getfscreatecon man page fix from Dan Walsh.
+ * Updated booleans(8) man page to drop references to the old
+ booleans file and to note that setsebool can be used to set
+ the boot-time defaults via -P.
+
+1.30.5 2006-05-05
+ * Merged fix warnings patch from Karl MacMillan.
+
+1.30.4 2006-05-05
+ * Merged setrans client support from Dan Walsh.
+ This removes use of libsetrans.
+ * Merged patch to eliminate use of PAGE_SIZE constant from Dan Walsh.
+ * Merged swig typemap fixes from Glauber de Oliveira Costa.
+
+1.30.3 2006-04-12
+ * Added distclean target to Makefile.
+ * Regenerated swig files.
+
+1.30.2 2006-04-11
+ * Changed matchpathcon_init to verify that the spec file is
+ a regular file.
+ * Merged python binding t_output_helper removal patch from Dan Walsh.
+
+1.30.1 2006-03-20
+ * Merged Makefile PYLIBVER definition patch from Dan Walsh.
+
1.30 2006-03-14
* Updated version for release.
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/Makefile#2 (text+ko) ====
@@ -17,7 +17,8 @@
relabel:
$(MAKE) -C src relabel
-clean:
- $(MAKE) -C src clean
+clean distclean:
+ $(MAKE) -C src $@
$(MAKE) -C utils clean
+test:
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/VERSION#2 (text+ko) ====
@@ -1,1 +1,1 @@
-1.30
+1.30.22
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/include/selinux/av_permissions.h#2 (text+ko) ====
@@ -253,6 +253,7 @@
#define TCP_SOCKET__NEWCONN 0x00800000UL
#define TCP_SOCKET__ACCEPTFROM 0x01000000UL
#define TCP_SOCKET__NODE_BIND 0x02000000UL
+#define TCP_SOCKET__NAME_CONNECT 0x04000000UL
#define UDP_SOCKET__IOCTL 0x00000001UL
#define UDP_SOCKET__READ 0x00000002UL
@@ -464,6 +465,9 @@
#define PROCESS__DYNTRANSITION 0x00800000UL
#define PROCESS__SETCURRENT 0x01000000UL
#define PROCESS__EXECMEM 0x02000000UL
+#define PROCESS__EXECSTACK 0x04000000UL
+#define PROCESS__EXECHEAP 0x08000000UL
+#define PROCESS__SETKEYCREATE 0x10000000UL
#define IPC__CREATE 0x00000001UL
#define IPC__DESTROY 0x00000002UL
@@ -522,6 +526,7 @@
#define SECURITY__SETENFORCE 0x00000080UL
#define SECURITY__SETBOOL 0x00000100UL
#define SECURITY__SETSECPARAM 0x00000200UL
+#define SECURITY__SETCHECKREQPROT 0x00000400UL
#define SYSTEM__IPC_INFO 0x00000001UL
#define SYSTEM__SYSLOG_READ 0x00000002UL
@@ -838,6 +843,8 @@
#define NETLINK_AUDIT_SOCKET__NLMSG_READ 0x00400000UL
#define NETLINK_AUDIT_SOCKET__NLMSG_WRITE 0x00800000UL
+#define NETLINK_AUDIT_SOCKET__NLMSG_RELAY 0x01000000UL
+#define NETLINK_AUDIT_SOCKET__NLMSG_READPRIV 0x02000000UL
#define NETLINK_IP6FW_SOCKET__IOCTL 0x00000001UL
#define NETLINK_IP6FW_SOCKET__READ 0x00000002UL
@@ -902,4 +909,62 @@
#define ASSOCIATION__SENDTO 0x00000001UL
#define ASSOCIATION__RECVFROM 0x00000002UL
+#define ASSOCIATION__SETCONTEXT 0x00000004UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__IOCTL 0x00000001UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__READ 0x00000002UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__WRITE 0x00000004UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__CREATE 0x00000008UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__GETATTR 0x00000010UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__SETATTR 0x00000020UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__LOCK 0x00000040UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__RELABELFROM 0x00000080UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__RELABELTO 0x00000100UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__APPEND 0x00000200UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__BIND 0x00000400UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__CONNECT 0x00000800UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__LISTEN 0x00001000UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__ACCEPT 0x00002000UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__GETOPT 0x00004000UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__SETOPT 0x00008000UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__SHUTDOWN 0x00010000UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__RECVFROM 0x00020000UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__SENDTO 0x00040000UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__RECV_MSG 0x00080000UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__SEND_MSG 0x00100000UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__NAME_BIND 0x00200000UL
+
+#define APPLETALK_SOCKET__IOCTL 0x00000001UL
+#define APPLETALK_SOCKET__READ 0x00000002UL
+#define APPLETALK_SOCKET__WRITE 0x00000004UL
+#define APPLETALK_SOCKET__CREATE 0x00000008UL
+#define APPLETALK_SOCKET__GETATTR 0x00000010UL
+#define APPLETALK_SOCKET__SETATTR 0x00000020UL
+#define APPLETALK_SOCKET__LOCK 0x00000040UL
+#define APPLETALK_SOCKET__RELABELFROM 0x00000080UL
+#define APPLETALK_SOCKET__RELABELTO 0x00000100UL
+#define APPLETALK_SOCKET__APPEND 0x00000200UL
+#define APPLETALK_SOCKET__BIND 0x00000400UL
+#define APPLETALK_SOCKET__CONNECT 0x00000800UL
+#define APPLETALK_SOCKET__LISTEN 0x00001000UL
+#define APPLETALK_SOCKET__ACCEPT 0x00002000UL
+#define APPLETALK_SOCKET__GETOPT 0x00004000UL
+#define APPLETALK_SOCKET__SETOPT 0x00008000UL
+#define APPLETALK_SOCKET__SHUTDOWN 0x00010000UL
+#define APPLETALK_SOCKET__RECVFROM 0x00020000UL
+#define APPLETALK_SOCKET__SENDTO 0x00040000UL
+#define APPLETALK_SOCKET__RECV_MSG 0x00080000UL
+#define APPLETALK_SOCKET__SEND_MSG 0x00100000UL
+#define APPLETALK_SOCKET__NAME_BIND 0x00200000UL
+
+#define PACKET__SEND 0x00000001UL
+#define PACKET__RECV 0x00000002UL
+#define PACKET__RELABELTO 0x00000004UL
+
+#define KEY__VIEW 0x00000001UL
+#define KEY__READ 0x00000002UL
+#define KEY__WRITE 0x00000004UL
+#define KEY__SEARCH 0x00000008UL
+#define KEY__LINK 0x00000010UL
+#define KEY__SETATTR 0x00000020UL
+#define KEY__CREATE 0x00000040UL
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/include/selinux/avc.h#2 (text+ko) ====
@@ -12,20 +12,19 @@
#include <selinux/selinux.h>
#ifdef __cplusplus
-extern "C"
-{
+extern "C" {
#endif
/*
* SID format and operations
*/
-struct security_id {
- security_context_t ctx;
- unsigned int refcnt;
-};
-typedef struct security_id *security_id_t;
+ struct security_id {
+ security_context_t ctx;
+ unsigned int refcnt;
+ };
+ typedef struct security_id *security_id_t;
-#define SECSID_WILD (security_id_t)NULL /* unspecified SID */
+#define SECSID_WILD (security_id_t)NULL /* unspecified SID */
/**
* avc_sid_to_context - get copy of context corresponding to SID.
@@ -38,7 +37,7 @@
* failure, with @errno set to %ENOMEM if insufficient memory was
* available to make the copy, or %EINVAL if the input SID is invalid.
*/
-int avc_sid_to_context(security_id_t sid, security_context_t *ctx);
+ int avc_sid_to_context(security_id_t sid, security_context_t * ctx);
/**
* avc_context_to_sid - get SID for context.
@@ -51,7 +50,7 @@
* to the SID structure into the memory referenced by @sid,
* returning %0 on success or -%1 on error with @errno set.
*/
-int avc_context_to_sid(security_context_t ctx, security_id_t *sid);
+ int avc_context_to_sid(security_context_t ctx, security_id_t * sid);
/**
* sidget - increment SID reference counter.
@@ -63,7 +62,7 @@
* reference count). Note that avc_context_to_sid() also
* increments reference counts.
*/
-int sidget(security_id_t sid);
+ int sidget(security_id_t sid);
/**
* sidput - decrement SID reference counter.
@@ -75,16 +74,15 @@
* zero, the SID is invalid, and avc_context_to_sid() must
* be called to obtain a new SID for the security context.
*/
-int sidput(security_id_t sid);
-
+ int sidput(security_id_t sid);
/*
* AVC entry
*/
-struct avc_entry;
-struct avc_entry_ref {
- struct avc_entry *ae;
-};
+ struct avc_entry;
+ struct avc_entry_ref {
+ struct avc_entry *ae;
+ };
/**
* avc_entry_ref_init - initialize an AVC entry reference.
@@ -108,43 +106,42 @@
* listening thread won't be started for kernel policy change messages.
* If no locking callbacks are passed, no locking will take place.
*/
-struct avc_memory_callback {
- /* malloc() equivalent. */
- void *(*func_malloc)(size_t size);
- /* free() equivalent. */
- void (*func_free) (void *ptr);
- /* Note that these functions should set errno on failure.
- If not, some avc routines may return -1 without errno set. */
-};
+ struct avc_memory_callback {
+ /* malloc() equivalent. */
+ void *(*func_malloc) (size_t size);
+ /* free() equivalent. */
+ void (*func_free) (void *ptr);
+ /* Note that these functions should set errno on failure.
+ If not, some avc routines may return -1 without errno set. */
+ };
-struct avc_log_callback {
- /* log the printf-style format and arguments. */
- void (*func_log)(const char *fmt, ...);
- /* store a string representation of auditdata (corresponding
- to the given security class) into msgbuf. */
- void (*func_audit)(void *auditdata, security_class_t class,
- char *msgbuf, size_t msgbufsize);
-};
+ struct avc_log_callback {
+ /* log the printf-style format and arguments. */
+ void (*func_log) (const char *fmt, ...);
+ /* store a string representation of auditdata (corresponding
+ to the given security class) into msgbuf. */
+ void (*func_audit) (void *auditdata, security_class_t class,
+ char *msgbuf, size_t msgbufsize);
+ };
-struct avc_thread_callback {
- /* create and start a thread, returning an opaque pointer to it;
- the thread should run the given function. */
- void *(*func_create_thread)(void (*run)(void));
- /* cancel a given thread and free its resources. */
- void (*func_stop_thread)(void *thread);
-};
+ struct avc_thread_callback {
+ /* create and start a thread, returning an opaque pointer to it;
+ the thread should run the given function. */
+ void *(*func_create_thread) (void (*run) (void));
+ /* cancel a given thread and free its resources. */
+ void (*func_stop_thread) (void *thread);
+ };
-struct avc_lock_callback {
- /* create a lock and return an opaque pointer to it. */
- void *(*func_alloc_lock)(void);
- /* obtain a given lock, blocking if necessary. */
- void (*func_get_lock)(void *lock);
- /* release a given lock. */
- void (*func_release_lock)(void *lock);
- /* destroy a given lock (free memory, etc.) */
- void (*func_free_lock)(void *lock);
-};
-
+ struct avc_lock_callback {
+ /* create a lock and return an opaque pointer to it. */
+ void *(*func_alloc_lock) (void);
+ /* obtain a given lock, blocking if necessary. */
+ void (*func_get_lock) (void *lock);
+ /* release a given lock. */
+ void (*func_release_lock) (void *lock);
+ /* destroy a given lock (free memory, etc.) */
+ void (*func_free_lock) (void *lock);
+ };
/*
* AVC operations
@@ -165,11 +162,11 @@
* for those callbacks (see the definition of the callback
* structures above).
*/
-int avc_init(const char *msgprefix,
- const struct avc_memory_callback *mem_callbacks,
- const struct avc_log_callback *log_callbacks,
- const struct avc_thread_callback *thread_callbacks,
- const struct avc_lock_callback *lock_callbacks);
+ int avc_init(const char *msgprefix,
+ const struct avc_memory_callback *mem_callbacks,
+ const struct avc_log_callback *log_callbacks,
+ const struct avc_thread_callback *thread_callbacks,
+ const struct avc_lock_callback *lock_callbacks);
/**
* avc_cleanup - Remove unused SIDs and AVC entries.
@@ -179,7 +176,7 @@
* AVC entries that reference them. This can be used
* to return memory to the system.
*/
-void avc_cleanup(void);
+ void avc_cleanup(void);
/**
* avc_reset - Flush the cache and reset statistics.
@@ -189,7 +186,7 @@
* The SID mapping is not affected. Return %0 on success,
* -%1 with @errno set on error.
*/
-int avc_reset(void);
+ int avc_reset(void);
/**
* avc_destroy - Free all AVC structures.
@@ -200,7 +197,7 @@
* callbacks will not. All SID's will be invalidated.
* User must call avc_init() if further use of AVC is desired.
*/
-void avc_destroy(void);
+ void avc_destroy(void);
/**
* avc_has_perm_noaudit - Check permissions but perform no auditing.
@@ -223,12 +220,12 @@
* auditing, e.g. in cases where a lock must be held for the check but
* should be released for the auditing.
*/
-int avc_has_perm_noaudit(security_id_t ssid,
- security_id_t tsid,
- security_class_t tclass,
- access_vector_t requested,
- struct avc_entry_ref *aeref,
- struct av_decision *avd);
+ int avc_has_perm_noaudit(security_id_t ssid,
+ security_id_t tsid,
+ security_class_t tclass,
+ access_vector_t requested,
+ struct avc_entry_ref *aeref,
+ struct av_decision *avd);
/**
* avc_has_perm - Check permissions and perform any appropriate auditing.
@@ -248,9 +245,9 @@
* permissions are granted, -%1 with @errno set to %EACCES if any permissions
* are denied or to another value upon other errors.
*/
-int avc_has_perm(security_id_t ssid, security_id_t tsid,
- security_class_t tclass, access_vector_t requested,
- struct avc_entry_ref *aeref, void *auditdata);
+ int avc_has_perm(security_id_t ssid, security_id_t tsid,
+ security_class_t tclass, access_vector_t requested,
+ struct avc_entry_ref *aeref, void *auditdata);
/**
* avc_audit - Audit the granting or denial of permissions.
@@ -271,11 +268,9 @@
* be performed under a lock, to allow the lock to be released
* before calling the auditing code.
*/
-void avc_audit(security_id_t ssid, security_id_t tsid,
- security_class_t tclass, access_vector_t requested,
- struct av_decision *avd, int result, void *auditdata);
-
-
+ void avc_audit(security_id_t ssid, security_id_t tsid,
+ security_class_t tclass, access_vector_t requested,
+ struct av_decision *avd, int result, void *auditdata);
/*
* security event callback facility
@@ -306,16 +301,14 @@
* @perms based on @tclass. Returns %0 on success or
* -%1 if insufficient memory exists to add the callback.
*/
-int avc_add_callback(int (*callback)(u_int32_t event, security_id_t ssid,
- security_id_t tsid,
- security_class_t tclass,
- access_vector_t perms,
- access_vector_t *out_retained),
- u_int32_t events, security_id_t ssid,
- security_id_t tsid,
- security_class_t tclass, access_vector_t perms);
-
-
+ int avc_add_callback(int (*callback)
+ (u_int32_t event, security_id_t ssid,
+ security_id_t tsid, security_class_t tclass,
+ access_vector_t perms,
+ access_vector_t * out_retained),
+ u_int32_t events, security_id_t ssid,
+ security_id_t tsid, security_class_t tclass,
+ access_vector_t perms);
/*
* AVC statistics
@@ -326,16 +319,16 @@
*/
#define AVC_CACHE_STATS 1
-struct avc_cache_stats {
- unsigned entry_lookups;
- unsigned entry_hits;
- unsigned entry_misses;
- unsigned entry_discards;
- unsigned cav_lookups;
- unsigned cav_hits;
- unsigned cav_probes;
- unsigned cav_misses;
-};
+ struct avc_cache_stats {
+ unsigned entry_lookups;
+ unsigned entry_hits;
+ unsigned entry_misses;
+ unsigned entry_discards;
+ unsigned cav_lookups;
+ unsigned cav_hits;
+ unsigned cav_probes;
+ unsigned cav_misses;
+ };
/**
* avc_cache_stats - get cache access statistics.
@@ -346,7 +339,7 @@
* avc_reset(). See the structure definition for
* details.
*/
-void avc_cache_stats(struct avc_cache_stats *stats);
+ void avc_cache_stats(struct avc_cache_stats *stats);
/**
* avc_av_stats - log av table statistics.
@@ -355,7 +348,7 @@
* distribution of the access vector table. The audit
* callback is used to print the message.
*/
-void avc_av_stats(void);
+ void avc_av_stats(void);
/**
* avc_sid_stats - log SID table statistics.
@@ -364,10 +357,9 @@
* distribution of the SID table. The audit callback
* is used to print the message.
*/
-void avc_sid_stats(void);
+ void avc_sid_stats(void);
#ifdef __cplusplus
}
#endif
-
-#endif /* _SELINUX_AVC_H_ */
+#endif /* _SELINUX_AVC_H_ */
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/include/selinux/context.h#2 (text+ko) ====
@@ -2,23 +2,22 @@
#define _SELINUX_CONTEXT_H_
#ifdef __cplusplus
-extern "C"
-{
+extern "C" {
#endif
/*
* Functions to deal with security contexts in user space.
*/
-typedef struct {
- void * ptr;
-} context_s_t;
+ typedef struct {
+ void *ptr;
+ } context_s_t;
-typedef context_s_t *context_t;
+ typedef context_s_t *context_t;
/* Return a new context initialized to a context string */
-extern context_t context_new(const char *);
+ extern context_t context_new(const char *);
/*
* Return a pointer to the string value of the context_t
@@ -26,27 +25,26 @@
* for the same context_t*
*/
-extern char* context_str(context_t);
+ extern char *context_str(context_t);
/* Free the storage used by a context */
-extern void context_free(context_t);
+ extern void context_free(context_t);
/* Get a pointer to the string value of a context component */
-extern const char* context_type_get(context_t);
-extern const char* context_range_get(context_t);
-extern const char* context_role_get(context_t);
-extern const char* context_user_get(context_t);
+ extern const char *context_type_get(context_t);
+ extern const char *context_range_get(context_t);
+ extern const char *context_role_get(context_t);
+ extern const char *context_user_get(context_t);
/* Set a context component. Returns nonzero if unsuccessful */
-extern int context_type_set(context_t,const char*);
-extern int context_range_set(context_t,const char*);
-extern int context_role_set(context_t,const char*);
-extern int context_user_set(context_t,const char*);
+ extern int context_type_set(context_t, const char *);
+ extern int context_range_set(context_t, const char *);
+ extern int context_role_set(context_t, const char *);
+ extern int context_user_set(context_t, const char *);
#ifdef __cplusplus
}
#endif
-
#endif
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/include/selinux/flask.h#2 (text+ko) ====
@@ -59,6 +59,10 @@
#define SECCLASS_DBUS 52
#define SECCLASS_NSCD 53
#define SECCLASS_ASSOCIATION 54
+#define SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET 55
+#define SECCLASS_APPLETALK_SOCKET 56
+#define SECCLASS_PACKET 57
+#define SECCLASS_KEY 58
/*
* Security identifier indices for initial entities
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/include/selinux/get_context_list.h#2 (text+ko) ====
@@ -4,8 +4,7 @@
#include <selinux/selinux.h>
#ifdef __cplusplus
-extern "C"
-{
+extern "C" {
#endif
#define SELINUX_DEFAULTUSER "user_u"
@@ -17,16 +16,16 @@
customizable preferences. Returns number of entries in *conary.
If 'fromcon' is NULL, defaults to current context.
Caller must free via freeconary. */
-extern int get_ordered_context_list(const char *user,
- security_context_t fromcon,
- security_context_t **list);
+ extern int get_ordered_context_list(const char *user,
+ security_context_t fromcon,
+ security_context_t ** list);
/* As above, but use the provided MLS level rather than the
default level for the user. */
-int get_ordered_context_list_with_level (const char *user,
- const char *level,
- security_context_t fromcon,
- security_context_t **list);
+ int get_ordered_context_list_with_level(const char *user,
+ const char *level,
+ security_context_t fromcon,
+ security_context_t ** list);
/* Get the default security context for a user session for 'user'
spawned by 'fromcon' and set *newcon to refer to it. The context
@@ -35,50 +34,49 @@
If 'fromcon' is NULL, defaults to current context.
Returns 0 on success or -1 otherwise.
Caller must free via freecon. */
-extern int get_default_context(const char* user,
- security_context_t fromcon,
- security_context_t *newcon);
+ extern int get_default_context(const char *user,
+ security_context_t fromcon,
+ security_context_t * newcon);
/* As above, but use the provided MLS level rather than the
default level for the user. */
-int get_default_context_with_level(const char *user,
- const char *level,
- security_context_t fromcon,
- security_context_t *newcon);
+ int get_default_context_with_level(const char *user,
+ const char *level,
+ security_context_t fromcon,
+ security_context_t * newcon);
/* Same as get_default_context, but only return a context
that has the specified role. If no reachable context exists
for the user with that role, then return -1. */
-int get_default_context_with_role(const char* user,
- const char *role,
- security_context_t fromcon,
- security_context_t *newcon);
+ int get_default_context_with_role(const char *user,
+ const char *role,
+ security_context_t fromcon,
+ security_context_t * newcon);
/* Same as get_default_context, but only return a context
that has the specified role and level. If no reachable context exists
for the user with that role, then return -1. */
-int get_default_context_with_rolelevel(const char* user,
- const char *level,
- const char *role,
- security_context_t fromcon,
- security_context_t *newcon);
+ int get_default_context_with_rolelevel(const char *user,
+ const char *level,
+ const char *role,
+ security_context_t fromcon,
+ security_context_t * newcon);
/* Given a list of authorized security contexts for the user,
query the user to select one and set *newcon to refer to it.
Caller must free via freecon.
Returns 0 on sucess or -1 otherwise. */
-extern int query_user_context(security_context_t *list,
- security_context_t *newcon);
+ extern int query_user_context(security_context_t * list,
+ security_context_t * newcon);
/* Allow the user to manually enter a context as a fallback
if a list of authorized contexts could not be obtained.
Caller must free via freecon.
Returns 0 on success or -1 otherwise. */
-extern int manual_user_enter_context(const char *user,
- security_context_t *newcon);
+ extern int manual_user_enter_context(const char *user,
+ security_context_t * newcon);
#ifdef __cplusplus
}
#endif
-
#endif
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/include/selinux/get_default_type.h#2 (text+ko) ====
@@ -6,20 +6,18 @@
#define _SELINUX_GET_DEFAULT_TYPE_H_
#ifdef __cplusplus
-extern "C"
-{
+extern "C" {
#endif
/* Return path to default type file. */
-const char *selinux_default_type_path(void);
+ const char *selinux_default_type_path(void);
/* Get the default type (domain) for 'role' and set 'type' to refer to it.
Caller must free via free().
Return 0 on success or -1 otherwise. */
-int get_default_type (const char* role, char** type);
+ int get_default_type(const char *role, char **type);
#ifdef __cplusplus
}
#endif
-
-#endif /* ifndef _GET_DEFAULT_TYPE_H_ */
+#endif /* ifndef _GET_DEFAULT_TYPE_H_ */
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/include/selinux/selinux.h#2 (text+ko) ====
@@ -5,29 +5,28 @@
#include <stdarg.h>
#ifdef __cplusplus
-extern "C"
-{
+extern "C" {
#endif
/* Return 1 if we are running on a SELinux kernel, or 0 if not or -1 if we get an error. */
-extern int is_selinux_enabled(void);
+ extern int is_selinux_enabled(void);
/* Return 1 if we are running on a SELinux MLS kernel, or 0 otherwise. */
-extern int is_selinux_mls_enabled(void);
+ extern int is_selinux_mls_enabled(void);
-typedef char* security_context_t;
+ typedef char *security_context_t;
/* Free the memory allocated for a context by any of the below get* calls. */
-extern void freecon(security_context_t con);
+ extern void freecon(security_context_t con);
/* Free the memory allocated for a context array by security_compute_user. */
-extern void freeconary(security_context_t *con);
+ extern void freeconary(security_context_t * con);
/* Wrappers for the /proc/pid/attr API. */
/* Get current context, and set *con to refer to it.
Caller must free via freecon. */
-extern int getcon(security_context_t *con);
-extern int getcon_raw(security_context_t *con);
+ extern int getcon(security_context_t * con);
+ extern int getcon_raw(security_context_t * con);
/* Set the current security context to con.
Note that use of this function requires that the entire application
@@ -37,142 +36,151 @@
instead. Note that the application may lose access to its open descriptors
as a result of a setcon() unless policy allows it to use descriptors opened
by the old context. */
-extern int setcon(security_context_t con);
-extern int setcon_raw(security_context_t con);
+ extern int setcon(security_context_t con);
+ extern int setcon_raw(security_context_t con);
/* Get context of process identified by pid, and
set *con to refer to it. Caller must free via freecon.
This has not been ported to SEBSD yet. */
-//extern int getpidcon(pid_t pid, security_context_t *con);
-//extern int getpidcon_raw(pid_t pid, security_context_t *con);
+// extern int getpidcon(pid_t pid, security_context_t * con);
+// extern int getpidcon_raw(pid_t pid, security_context_t * con);
/* Get previous context (prior to last exec), and set *con to refer to it.
- Caller must free via freecon.
+ Caller must free via freecon.
This has not been ported to SEBSD yet.*/
-//extern int getprevcon(security_context_t *con);
-//extern int getprevcon_raw(security_context_t *con);
+// extern int getprevcon(security_context_t * con);
+// extern int getprevcon_raw(security_context_t * con);
/* Get exec context, and set *con to refer to it.
Sets *con to NULL if no exec context has been set, i.e. using default.
If non-NULL, caller must free via freecon. */
-extern int getexeccon(security_context_t *con);
-extern int getexeccon_raw(security_context_t *con);
+ extern int getexeccon(security_context_t * con);
+ extern int getexeccon_raw(security_context_t * con);
/* Set exec security context for the next execve.
- Call with NULL if you want to reset to the default.
+ Call with NULL if you want to reset to the default.
This is not yet supported by SEBSD. */
-//extern int setexeccon(security_context_t con);
-//extern int setexeccon_raw(security_context_t con);
+// extern int setexeccon(security_context_t con);
+// extern int setexeccon_raw(security_context_t con);
/* Get fscreate context, and set *con to refer to it.
Sets *con to NULL if no fs create context has been set, i.e. using default.
- If non-NULL, caller must free via freecon.
+ If non-NULL, caller must free via freecon.
This has not been ported to SEBSD yet. */
-//extern int getfscreatecon(security_context_t *con);
-//extern int getfscreatecon_raw(security_context_t *con);
+// extern int getfscreatecon(security_context_t * con);
+// extern int getfscreatecon_raw(security_context_t * con);
/* Set the fscreate security context for subsequent file creations.
- Call with NULL if you want to reset to the default.
+ Call with NULL if you want to reset to the default.
This has not been ported to SEBSD yet. */
-//extern int setfscreatecon(security_context_t context);
-//extern int setfscreatecon_raw(security_context_t context);
+// extern int setfscreatecon(security_context_t context);
+// extern int setfscreatecon_raw(security_context_t context);
+
+/* Get keycreate context, and set *con to refer to it.
+ Sets *con to NULL if no key create context has been set, i.e. using default.
+ If non-NULL, caller must free via freecon. */
+ extern int getkeycreatecon(security_context_t * con);
+ extern int getkeycreatecon_raw(security_context_t * con);
+/* Set the keycreate security context for subsequent key creations.
+ Call with NULL if you want to reset to the default. */
+ extern int setkeycreatecon(security_context_t context);
+ extern int setkeycreatecon_raw(security_context_t context);
/* Wrappers for the xattr API. */
/* Get file context, and set *con to refer to it.
Caller must free via freecon. */
>>> TRUNCATED FOR MAIL (1000 lines) <<<
More information about the trustedbsd-cvs
mailing list