PERFORCE change 111058 for review
Todd Miller
millert at FreeBSD.org
Mon Dec 4 10:45:51 PST 2006
http://perforce.freebsd.org/chv.cgi?CH=111058
Change 111058 by millert at millert_g5tower on 2006/12/04 18:44:35
Use sebsd_log() instead of printf() so we don't block.
Affected files ...
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#50 edit
Differences ...
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#50 (text+ko) ====
@@ -243,9 +243,8 @@
printf("sebsd: init\n");
sebsd_zone_init();
avc_init();
- if (security_init()) {
+ if (security_init())
panic("SEBSD: couldn't read policy file");
- }
sebsd_mach_av_init();
}
@@ -837,7 +836,7 @@
if (error) {
if (error == ENOATTR || error == ENOTSUP || error == EPERM)
goto dosclass;
- printf("%s: ERROR %d returned by mac_vnop_getxattr()\n",
+ sebsd_log("%s: ERROR %d returned by mac_vnop_getxattr()",
__func__, error);
return (error); /* Fail closed */
}
@@ -850,7 +849,7 @@
error = security_context_to_sid(context, context_len, &vsec->sid);
if (error)
- printf("%s: ERROR mapping context to sid: %.*s\n",
+ sebsd_log("%s: ERROR mapping context to sid: %.*s",
__func__, context_len, context);
dosclass:
@@ -894,7 +893,7 @@
vsec->sclass = vnode_type_to_security_class(vp->v_type);
if (sbsec == NULL) {
if (vp->v_mount != NULL)
- printf ("vnode_create: no mount label for mnt=%s\n",
+ sebsd_log("vnode_create: no mount label for mnt=%s",
vp->v_mount->mnt_vfsstat.f_mntonname);
} else
vsec->sid = sbsec->sid;
@@ -1080,9 +1079,7 @@
*/
if (security_transition_sid(tsec->sid, msqsec->sid,
SECCLASS_MSG, &msgsec->sid) < 0) {
- printf("Warning: security_transition_sid failed on"
- "sysvmsg_label_associate\n");
- printf("Assigning the requesting thread's sid to the msg\n");
+ sebsd_log("%s: security_transition_sid failed, using task sid");
msgsec->sid = tsec->sid;
}
}
@@ -1155,7 +1152,7 @@
/* TBD: debugging */
if (sebsd_verbose > 1) {
- printf("%s(%s): rc=%d, sclass=%d, computedsid=%d, dirent=%d\n",
+ sebsd_log("%s(%s): rc=%d, sclass=%d, computedsid=%d, dirent=%d",
__func__, path, rc, dirent->sclass, newsid, dirent->sid);
}
sebsd_free(path, M_SEBSD);
@@ -1187,8 +1184,8 @@
/* TBD: debugging */
if (sebsd_verbose > 1) {
- printf("%s(%s): mountpoint=devfs, rc=%d, sclass=%d, "
- "computedsid=%d, dirent=%d\n",
+ sebsd_log("%s(%s): mountpoint=devfs, rc=%d, sclass=%d, "
+ "computedsid=%d, dirent=%d",
__func__, path, rc, dirent->sclass, newsid, dirent->sid);
}
sebsd_free(path, M_SEBSD);
@@ -1219,8 +1216,6 @@
task = SLOT(cred->cr_label);
task->osid = task->sid = SECINITSID_KERNEL;
- printf("%s: using SECINITSID_KERNEL = %d\n", __func__,
- SECINITSID_KERNEL);
}
static void
@@ -1244,11 +1239,11 @@
sbsec = SLOT(mntlabel);
rc = security_fs_use(mp->mnt_vfsstat.f_fstypename, &behavior, &sbsec->sid);
if (rc) {
- printf("%s: security_fs_use(%s) returned %d\n", __func__,
- mp->mnt_vfsstat.f_fstypename, rc);
+ sebsd_log("%s: security_fs_use(%s) returned %d",
+ __func__, mp->mnt_vfsstat.f_fstypename, rc);
behavior = SECURITY_FS_USE_NONE;
} else if (sebsd_verbose > 1) {
- printf("%s: security_fs_use(%s) behavior %d, sid %d\n",
+ sebsd_log("%s: security_fs_use(%s) behavior %d, sid %d",
__func__, mp->mnt_vfsstat.f_fstypename, behavior,
sbsec->sid);
}
@@ -1299,8 +1294,8 @@
*/
break;
default:
- printf("%s: security_fs_use(%s) returned unrecognized "
- "behavior %d\n", __func__, mp->mnt_vfsstat.f_fstypename,
+ sebsd_log("%s: security_fs_use(%s) returned unrecognized "
+ "behavior %d", __func__, mp->mnt_vfsstat.f_fstypename,
behavior);
behavior = SECURITY_FS_USE_NONE;
break;
@@ -1941,16 +1936,6 @@
source = SLOT(newlabel);
dest = SLOT(pipelabel);
- /* XXXRW: Should be KASSERT's? */
- if (!source) {
- printf("%s: source is NULL!\n", __func__);
- return;
- }
- if (!dest) {
- printf("%s: dest is NULL!\n", __func__);
- return;
- }
-
dest->sid = source->sid;
}
@@ -1971,16 +1956,6 @@
source = SLOT(label);
dest = SLOT(vnodelabel);
- /* XXXRW: Should be KASSERT's? */
- if (!source) {
- printf("%s: source is NULL!\n", __func__);
- return;
- }
- if (!dest) {
- printf("%s: dest is NULL!\n", __func__);
- return;
- }
-
dest->sid = source->sid;
}
@@ -2100,7 +2075,7 @@
sbsec = SLOT(dvp->v_mount->mnt_mntlabel);
#ifdef SEFOS_DEBUG
if (sbsec == NULL) {
- printf ("vnode_create: no mount label for mnt=%s\n",
+ sebsd_log("vnode_create: no mount label for mnt=%s",
dvp->v_mount->mnt_vfsstat.f_mntonname);
return (0);
}
@@ -2383,8 +2358,8 @@
ad.u.fs.vp = vp;
if (old->sclass == 0) {
- printf("%s: ERROR, sid=%d, sclass=0, v_type=%d\n", __func__,
- old->sid, vp->v_type);
+ sebsd_log("%s: ERROR, sid=%d, sclass=0, v_type=%d",
+ __func__, old->sid, vp->v_type);
return (0); /* TBD: debugging */
}
rc = avc_has_perm(task->sid, old->sid, old->sclass,
@@ -2438,8 +2413,8 @@
if (rc)
return (rc);
if (old_file->sclass == 0) {
- printf("%s: ERROR, sid=%d, sclass=0, v_type=%d\n", __func__,
- old_file->sid, vp->v_type);
+ sebsd_log("%s: ERROR, sid=%d, sclass=0, v_type=%d",
+ __func__, old_file->sid, vp->v_type);
return (0); /* TBD: debugging */
}
@@ -2497,7 +2472,7 @@
rc = avc_has_perm(task->sid, new_dir->sid, SECCLASS_DIR, av, &ad);
if (rc == 0 && vp != NULL) {
if (new_file->sclass == 0) {
- printf("%s: ERROR, sid=%d, sclass=0, v_type=%d\n",
+ sebsd_log("%s: ERROR, sid=%d, sclass=0, v_type=%d",
__func__, new_file->sid, vp->v_type);
return (0); /* TBD: debugging */
}
More information about the trustedbsd-cvs
mailing list