PERFORCE change 91815 for review

Todd Miller millert at FreeBSD.org
Wed Feb 15 10:15:27 PST 2006 

http://perforce.freebsd.org/chv.cgi?CH=91815

Change 91815 by millert at millert_g4tower on 2006/02/15 18:14:27

	Update for new Mach message entry points.

Affected files ...

.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/policy/macros/global_macros.te#5 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/policy/rules#7 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/policy/macros/global_macros.te#5 (text+ko) ====

@@ -1219,28 +1219,28 @@
 #####
 
 define(`allow_mach_ipc', `
-allow $1 $2:mach_port { send copy_send make_send hold_send hold_recv };
-allow $2 $1:mach_port { send copy_send make_send hold_send hold_recv };
+allow $1 $2:mach_port { send copy_send move_send move_send_once make_send make_send_once hold_send hold_send_once recv hold_recv };
+allow $2 $1:mach_port { send copy_send move_send move_send_once make_send make_send_once hold_send hold_send_once recv hold_recv };
 ')
 
 define(`mach_bootstrap', `
-allow $1 $2:mach_port { send copy_send make_send hold_send hold_recv };
+allow $1 $2:mach_port { send copy_send move_send move_send_once make_send make_send_once hold_send hold_send_once recv hold_recv };
 allow $1 $2:mi_bootstrap { bootstrap_look_up bootstrap_look_up_array };
-allow mach_init_d $1:mach_port { send copy_send hold_send hold_recv };
+allow mach_init_d $1:mach_port { send copy_send move_send move_send_once hold_send hold_send_once recv hold_recv };
 ')
 
 define(`mach_bootstrap_register', `
 allow $1 $2:mi_bootstrap *;
-allow $1 $2:mach_port { send copy_send hold_send hold_recv };
-allow mach_init_d $1:mach_port { send copy_send hold_send hold_recv };
+allow $1 $2:mach_port { send copy_send move_send move_send_once hold_send hold_send_once recv hold_recv };
+allow mach_init_d $1:mach_port { send copy_send move_send move_send_once hold_send hold_send_once recv hold_recv };
 ')
 
 define(`allow_notify_ipc', `
 allow $1 mach_init_d:mi_notify_ipc *;
 allow $1 notifyd_d:mi_notify_ipc *;
 allow notifyd_d $1:mi_notify_ipc *;
-allow $1 notifyd_d:mach_port { send copy_send hold_send hold_recv };
-allow notifyd_d $1:mach_port { send copy_send hold_send hold_recv };
+allow $1 notifyd_d:mach_port { send copy_send move_send move_send_once hold_send hold_send_once recv hold_recv };
+allow notifyd_d $1:mach_port { send copy_send move_send move_send_once hold_send hold_send_once recv hold_recv };
 ')
 
 

==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/policy/rules#7 (text+ko) ====

@@ -167,13 +167,13 @@
 
 type_change user_d devpts_t:chr_file user_devpts_t;
 
-allow domain2 self:mach_port { send make_send copy_send hold_send move_recv hold_recv };
-allow domain2 kernel_d:mach_port { send make_send copy_send hold_send };
+allow domain2 self:mach_port { send make_send make_send_once copy_send move_send move_send_once hold_send hold_send_once recv move_recv hold_recv };
+allow domain2 kernel_d:mach_port { send make_send make_send_once copy_send move_send move_send_once hold_send hold_send_once };
 allow domain2 self:mach_task set_special_port;
 allow domain2 self:mi_bootstrap { bootstrap_look_up };
 allow domain2 root_t:dir { search getattr read };
 allow domain2 self:process getsched;
-allow kernel_d domain2:mach_port { send make_send copy_send hold_send };
+allow kernel_d domain2:mach_port { send make_send make_send_once copy_send move_send move_send_once hold_send hold_send_once };
 
 allow domain2 file:{file lnk_file sock_file fifo_file} {create_file_perms execute };
 allow domain2 file:file execute_no_trans;
@@ -246,7 +246,7 @@
 allow mach_init_d mach_init_d:mach_port relabelfrom;
 allow mach_init_d boot_names_t:mach_port relabelto;
 allow mach_init_d {loginwindow_d windowserver_d}:mach_port relabelto;
-allow mach_init_d user_names_t:mach_port { copy_send hold_send relabelto };
+allow mach_init_d user_names_t:mach_port { copy_send move_send move_send_once hold_send hold_send_once relabelto };
 
 allow_mach_ipc(systemstarter_d,unlabeled_t);
 allow_mach_ipc(systemstarter_d,boot_names_t);
@@ -311,8 +311,8 @@
 #diskarbitrationd rules
 mach_bootstrap(diskarbitrationd_d,mach_init_d);
 #allow diskarbitrationd_d notifyd_d:mi_notify_ipc { _notify_server_register_check _notify_server_register_mach_port };
-#allow notifyd_d diskarbitrationd_d:mach_port { copy_send hold_send };
-#allow diskarbitrationd_d notifyd_d:mach_port { copy_send hold_send };
+#allow notifyd_d diskarbitrationd_d:mach_port { copy_send move_send move_send_once hold_send hold_send_once };
+#allow diskarbitrationd_d notifyd_d:mach_port { copy_send move_send move_send_once hold_send hold_send_once };
 allow_notify_ipc(diskarbitrationd_d);
 allow_mach_ipc(diskarbitrationd_d,unlabeled_t);
 allow_mach_ipc(diskarbitrationd_d,mach_servers_d);
@@ -425,7 +425,7 @@
 allow_mach_ipc($1,lookupd_d);
 allow_mach_ipc(pbs_d,$1);
 
-allow pbs_d $1:mach_port { send copy_send hold_send };
+allow pbs_d $1:mach_port { send copy_send move_send move_send_once hold_send hold_send_once };
 mach_bootstrap_register(pbs_d,$2);
 mach_bootstrap(pbs_d,$2);
 
@@ -439,4 +439,4 @@
 bool lookups false;
 if (lookups) {
 allow user_d {mach_init_d init_d systemstarter_d loginwindow_d user_d}:mi_bootstrap bootstrap_info;
-}+}

More information about the trustedbsd-cvs mailing list