PERFORCE change 90905 for review
Todd Miller
millert at FreeBSD.org
Wed Feb 1 23:09:28 GMT 2006
http://perforce.freebsd.org/chv.cgi?CH=90905
Change 90905 by millert at millert_g4tower on 2006/02/01 23:09:27
We only want/need a single copy of the flask dir in the
source tree. When installing the policy dir, just copy the
flask bits from the sedarwin sources. Also sync the generated
headers with the flask access_vectors file.
Affected files ...
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/policy/Makefile#6 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/policy/excludes#2 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/policy/flask/Makefile#4 delete
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/policy/flask/access_vectors#6 delete
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/policy/flask/initial_sids#4 delete
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/policy/flask/mkaccess_vector.sh#4 delete
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/policy/flask/mkflask.sh#4 delete
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/policy/flask/security_classes#5 delete
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/av_perm_to_string.h#5 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/av_permissions.h#5 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/class_to_string.h#4 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/flask.h#5 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/flask/access_vectors#5 edit
Differences ...
==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/policy/Makefile#6 (text+ko) ====
@@ -2,14 +2,15 @@
include $(DARWIN_ROOT)/build/Mig.mk
POLICY= policy.16
+FLASK= ../sedarwin/flask
SCRIPTS= create-extattr.sh sebsd-relabel.sh
INSTALL?= install
all: $(POLICY) sebsd_migscs
-INPUTS = flask/security_classes mig_classes initial_sids \
- flask/access_vectors mig_access_vectors rules.m4 users initial_sid_contexts fs_use \
- devfs
+INPUTS = $(FLASK)/security_classes mig_classes initial_sids \
+ $(FLASK)/access_vectors mig_access_vectors rules.m4 users \
+ initial_sid_contexts fs_use devfs
policy.conf: $(INPUTS)
cat $(INPUTS) > policy.conf
@@ -38,12 +39,13 @@
$(INSTALL) -o ${BINOWN} -g ${BINGRP} -m 644 sebsd_migscs ${DESTDIR}
$(INSTALL) -o ${BINOWN} -g ${BINGRP} -m 644 failsafe_context ${DESTDIR}/private/etc/sedarwin
$(INSTALL) -o ${BINOWN} -g ${BINGRP} -m 700 ${SCRIPTS} ${DESTDIR}/private/etc/sedarwin
- (cd $(CURDIR)/..; tar -X policy/excludes -cf - policy) | (cd $(DESTDIR)/private/etc/sedarwin/; tar -xf -)
+ (cd $(CURDIR)/.. && tar -X policy/excludes -cf - policy) | (cd $(DESTDIR)/private/etc/sedarwin/ && tar -xf -)
+ (cd $(FLASK)/.. && tar -cf - flask) | (cd $(DESTDIR)/private/etc/sedarwin/policy && tar -xf -)
cp -f Makefile.install $(DESTDIR)/private/etc/sedarwin/policy/Makefile
# Mig security classes and access vectors
-DEFS = $(DARWIN_ROOT)/system_cmds/mach_init.tproj/bootstrap.defs
+DEFS = $(DARWIN_ROOT)/system_cmds/mach_init.tproj/bootstrap.defs $(DARWIN_ROOT)/netinfo/servers/notifyd/notify_ipc.defs $(DARWIN_ROOT)/../../examples/mig/mtest.defs
mig_msgids: $(DEFS)
echo > $@
@@ -56,5 +58,5 @@
mig_classes: mig_access_vectors
grep '^class' $< > $@
-sebsd_migscs: flask/security_classes mig_msgids
- cat flask/security_classes mig_msgids | perl migscs.pl
+sebsd_migscs: $(FLASK)/security_classes mig_msgids
+ cat $(FLASK)/security_classes mig_msgids | perl migscs.pl
==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/policy/excludes#2 (text+ko) ====
@@ -3,3 +3,4 @@
policy/create-extattr.sh
policy/sebsd-relabel.sh
policy/failsafe_context
+policy/flask
==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/av_perm_to_string.h#5 (text+ko) ====
@@ -124,7 +124,6 @@
{ SECCLASS_CAPABILITY, CAPABILITY__SYS_TIME, "sys_time" },
{ SECCLASS_CAPABILITY, CAPABILITY__SYS_TTY_CONFIG, "sys_tty_config" },
{ SECCLASS_CAPABILITY, CAPABILITY__MKNOD, "mknod" },
- { SECCLASS_CAPABILITY, CAPABILITY__LEASE, "lease" },
{ SECCLASS_MACH_PORT, MACH_PORT__RELABELFROM, "relabelfrom" },
{ SECCLASS_MACH_PORT, MACH_PORT__RELABELTO, "relabelto" },
{ SECCLASS_MACH_PORT, MACH_PORT__SEND, "send" },
@@ -136,11 +135,6 @@
{ SECCLASS_MACH_PORT, MACH_PORT__HOLD_RECV, "hold_recv" },
{ SECCLASS_MACH_TASK, MACH_TASK__TERMINATE, "terminate" },
{ SECCLASS_MACH_TASK, MACH_TASK__SET_SPECIAL_PORT, "set_special_port" },
- { SECCLASS_MACH_NAMES, MACH_NAMES__REGISTER, "register" },
- { SECCLASS_MACH_NAMES, MACH_NAMES__LOOK_UP, "look_up" },
- { SECCLASS_MACH_NAMES, MACH_NAMES__GETPARENT, "getparent" },
- { SECCLASS_MACH_NAMES, MACH_NAMES__MAKESUBSET, "makesubset" },
- { SECCLASS_MACH_NAMES, MACH_NAMES__CREATE_SERVER, "create_server" },
};
#define AV_PERM_TO_STRING_SIZE (sizeof(av_perm_to_string)/sizeof(av_perm_to_string_t))
==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/av_permissions.h#5 (text+ko) ====
@@ -600,7 +600,6 @@
#define CAPABILITY__SYS_TIME 0x0000000010000000UL
#define CAPABILITY__SYS_TTY_CONFIG 0x0000000020000000UL
#define CAPABILITY__MKNOD 0x0000000040000000UL
-#define CAPABILITY__LEASE 0x000000007fffffffUL
#define MACH_PORT__RELABELFROM 0x0000000000000001UL
#define MACH_PORT__RELABELTO 0x0000000000000002UL
@@ -615,11 +614,5 @@
#define MACH_TASK__TERMINATE 0x0000000000000001UL
#define MACH_TASK__SET_SPECIAL_PORT 0x0000000000000002UL
-#define MACH_NAMES__REGISTER 0x0000000000000001UL
-#define MACH_NAMES__LOOK_UP 0x0000000000000002UL
-#define MACH_NAMES__GETPARENT 0x0000000000000004UL
-#define MACH_NAMES__MAKESUBSET 0x0000000000000008UL
-#define MACH_NAMES__CREATE_SERVER 0x0000000000000010UL
-
/* FLASK */
==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/avc/class_to_string.h#4 (text+ko) ====
@@ -35,10 +35,6 @@
"shm",
"ipc",
"mach_port",
- "port_methods1",
- "port_methods2",
- "port_methods3",
- "port_methods4",
"mach_task",
};
==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/flask.h#5 (text+ko) ====
@@ -37,11 +37,7 @@
#define SECCLASS_SHM 28
#define SECCLASS_IPC 29
#define SECCLASS_MACH_PORT 30
-#define SECCLASS_PORT_METHODS1 31
-#define SECCLASS_PORT_METHODS2 32
-#define SECCLASS_PORT_METHODS3 33
-#define SECCLASS_PORT_METHODS4 34
-#define SECCLASS_MACH_TASK 35
+#define SECCLASS_MACH_TASK 31
/*
* Security identifier indices for initial entities
==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/flask/access_vectors#5 (text+ko) ====
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list