PERFORCE change 92922 for review
Todd Miller
millert at FreeBSD.org
Tue Mar 7 08:49:13 PST 2006
http://perforce.freebsd.org/chv.cgi?CH=92922
Change 92922 by millert at millert_ibook on 2006/03/07 16:49:06
Add proc_has_security() and proc_has_system() for systems without
per-thread ucred (like Darwin).
Affected files ...
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd.c#34 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd_sysctl.c#4 edit
Differences ...
==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd.c#34 (text+ko) ====
@@ -238,6 +238,20 @@
return (cred_has_security(td->td_proc->p_ucred, perm));
}
+#else
+int
+proc_has_system(struct proc *p, access_vector_t perm)
+{
+
+ return (cred_has_system(p->p_ucred, perm));
+}
+
+int
+proc_has_security(struct proc *p, access_vector_t perm)
+{
+
+ return (cred_has_security(p->p_ucred, perm));
+}
#endif
static __inline security_class_t
==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd_sysctl.c#4 (text+ko) ====
@@ -121,19 +121,21 @@
if (error)
return (error);
-#if 0
if (req->newptr != NULL) {
error = SYSCTL_IN(req, &enforcing, sizeof(enforcing));
if (error)
return (error);
- error = thread_has_system (curthread, SYSTEM__AVC_TOGGLE);
+#ifdef APPLE
+ error = proc_has_system(current_proc(), SECURITY__SETENFORCE);
+#else
+ error = thread_has_system(curthread, SECURITY__SETENFORCE);
+#endif
if (error)
return error;
selinux_enforcing = enforcing;
}
-#endif
return (0);
}
More information about the trustedbsd-cvs
mailing list