PERFORCE change 104220 for review

Wed Aug 16 13:34:25 UTC 2006

http://perforce.freebsd.org/chv.cgi?CH=104220

Change 104220 by millert at millert_macbook on 2006/08/16 13:33:44

	Include userspace avc in libselinux

Affected files ...

.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/Makefile#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/avc.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/avc_internal.c#3 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/Makefile#3 (text+ko) ====

@@ -4,21 +4,20 @@
 	  -I../include -I../../libsepol/include -I../../libsecompat -Wall
 
 LIB =	selinux
-OBJS =	booleans.o canonicalize_context.o checkAccess.o check_context.o \
-	compute_av.o compute_create.o compute_member.o compute_relabel.o \
-	compute_user.o context.o disable.o enabled.o fgetfilecon.o freecon.o \
-	freeconary.o fsetfilecon.o get_context_list.o get_default_type.o \
-	get_file_contexts.o getcon.o getenforce.o getexeccon.o getfilecon.o \
-	getpeercon.o getpidcon.o getprevcon.o init.o is_customizable_type.o \
-	lgetfilecon.o load_migscs.o load_policy.o lsetfilecon.o \
-	matchmediacon.o matchpathcon.o policyvers.o query_user_context.o \
-	sedarwin_config.o setcon.o setenforce.o setfilecon.o \
-	setrans_client.o seusers.o
+OBJS =
+	avc.o avc_internal.o avc_sidtab.o booleans.o canonicalize_context.o \
+	checkAccess.o check_context.o compute_av.o compute_create.o \
+	compute_member.o compute_relabel.o compute_user.o context.o \
+	disable.o enabled.o fgetfilecon.o freecon.o freeconary.o \
+	fsetfilecon.o get_context_list.o get_default_type.o \
+	get_file_contexts.o getcon.o getenforce.o getexeccon.o \
+	getfilecon.o getpeercon.o getpidcon.o getprevcon.o init.o \
+	is_customizable_type.o lgetfilecon.o load_migscs.o load_policy.o \
+	lsetfilecon.o matchmediacon.o matchpathcon.o policyvers.o \
+	query_user_context.o sedarwin_config.o setcon.o setenforce.o \
+	setfilecon.o setrans_client.o seusers.o
 
-# The user-space AVC is not currently built
-#OBJS += avc.o avc_internal.o avc_sidtab.o
-
-# The following require support for fs and exec contexts
+# The following require kernel support for fs and exec contexts
 #OBJS += getfscreatecon.o setfscreatecon.o setexeccon.o
 
 # The following are Linux-specific

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/avc.c#3 (text+ko) ====

@@ -186,7 +186,9 @@
 	struct avc_callback_node *next;
 };
 
+#ifdef __linux__
 static void *avc_netlink_thread = NULL;
+#endif
 static void *avc_lock = NULL;
 static void *avc_log_lock = NULL;
 static struct avc_node *avc_node_freelist = NULL;
@@ -306,6 +308,7 @@
 	}
 	avc_enforcing = rc;
 
+#ifdef __linux__
 	rc = avc_netlink_open(avc_using_threads);
 	if (rc < 0) {
 		avc_log("%s:  can't open netlink socket: %d (%s)\n", avc_prefix,
@@ -316,6 +319,7 @@
 		avc_netlink_thread = avc_create_thread(&avc_netlink_loop);
 		avc_netlink_trouble = 0;
 	}
+#endif
       out:
 	return rc;
 }
@@ -672,9 +676,11 @@
 
 	avc_get_lock(avc_lock);
 
+#ifdef __linux__
 	if (avc_using_threads)
 		avc_stop_thread(avc_netlink_thread);
 	avc_netlink_close();
+#endif
 
 	for (i = 0; i < AVC_CACHE_SLOTS; i++) {
 		node = avc_cache.slots[i];
@@ -901,9 +907,11 @@
 	access_vector_t denied;
 	struct avc_entry_ref ref;
 
+#ifdef __linux__
 	if (!avc_using_threads) {
 		(void)avc_netlink_check_nb();
 	}
+#endif
 
 	if (!aeref) {
 		avc_entry_ref_init(&ref);

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/avc_internal.c#3 (text+ko) ====

@@ -16,9 +16,11 @@
 #include <string.h>
 #include <sys/types.h>
 #include <sys/socket.h>
-//#include <asm/types.h>
+#ifdef __linux__
+#include <asm/types.h>
 #include <linux/netlink.h>
 #include "selinux_netlink.h"
+#endif
 #include "avc_internal.h"
 
 #ifndef NETLINK_SELINUX
@@ -44,6 +46,8 @@
 /* message prefix string and avc enforcing mode */
 char avc_prefix[AVC_PREFIX_SIZE] = "uavc";
 int avc_enforcing = 1;
+
+#ifdef __linux__
 int avc_netlink_trouble = 0;
 
 /* netlink socket code */
@@ -294,3 +298,4 @@
 	avc_log("%s:  netlink thread: errors encountered, terminating\n",
 		avc_prefix);
 }
+#endif /* __linux__ */
