PERFORCE change 97281 for review
Todd Miller
millert at FreeBSD.org
Tue May 16 19:09:29 UTC 2006
http://perforce.freebsd.org/chv.cgi?CH=97281
Change 97281 by millert at millert_p4 on 2006/05/16 19:07:51
A port of libselinux 1.30 from sourceforge.
Affected files ...
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/ChangeLog#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/LICENSE#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/Makefile#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/VERSION#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/include/Makefile#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/include/selinux/av_inherit.h#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/include/selinux/av_perm_to_string.h#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/include/selinux/av_permissions.h#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/include/selinux/avc.h#3 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/include/selinux/class_to_string.h#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/include/selinux/common_perm_to_string.h#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/include/selinux/context.h#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/include/selinux/flask.h#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/include/selinux/get_context_list.h#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/include/selinux/get_default_type.h#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/include/selinux/selinux.h#4 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/libselinux.spec#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/Makefile#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/avc_add_callback.3#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/avc_audit.3#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/avc_av_stats.3#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/avc_cache_stats.3#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/avc_cleanup.3#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/avc_context_to_sid.3#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/avc_destroy.3#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/avc_entry_ref_init.3#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/avc_has_perm.3#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/avc_has_perm_noaudit.3#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/avc_init.3#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/avc_reset.3#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/avc_sid_stats.3#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/avc_sid_to_context.3#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/checkPasswdAccess.3#1 add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/context_free.3#1 add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/context_new.3#1 add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/context_range_get.3#1 add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/context_range_set.3#1 add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/context_role_get.3#1 add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/context_role_set.3#1 add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/context_type_get.3#1 add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/context_type_set.3#1 add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/context_user_get.3#1 add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/context_user_set.3#1 add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/freecon.3#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/freeconary.3#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/fsetfilecon.3#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/get_default_context.3#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/get_default_context_with_level.3#1 add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/get_default_context_with_role.3#1 add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/get_default_context_with_rolelevel.3#1 add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/get_ordered_context_list.3#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/get_ordered_context_list_with_level.3#1 add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/getcon.3#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/getexeccon.3#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/getfilecon.3#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/getfscreatecon.3#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/getpeercon.3#1 add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/getpidcon.3#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/getprevcon.3#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/getseuserbyname.3#1 add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/is_context_customizable.3#1 add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/is_selinux_enabled.3#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/lsetfilecon.3#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/manual_user_enter_context.3#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/matchmediacon.3#1 add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/matchpathcon.3#1 add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/query_user_context.3#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/rpm_execcon.3#1 add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/security_check_context.3#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/security_commit_booleans.3#1 add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/security_compute_av.3#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/security_compute_create.3#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/security_compute_relabel.3#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/security_compute_user.3#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/security_get_boolean_active.3#1 add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/security_get_boolean_names.3#1 add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/security_get_boolean_pending.3#1 add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/security_getenforce.3#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/security_load_booleans.3#1 add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/security_load_policy.3#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/security_policyvers.3#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/security_set_boolean.3#1 add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/security_setenforce.3#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/selinux_binary_policy_path.3#1 add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/selinux_booleans_path.3#1 add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/selinux_contexts_path.3#1 add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/selinux_default_context_path.3#1 add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/selinux_failsafe_context_path.3#1 add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/selinux_file_context_path.3#1 add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/selinux_getenforcemode.3#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/selinux_media_context_path.3#1 add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/selinux_policy_root.3#1 add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/selinux_policyroot.3#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/selinux_removable_context_path.3#1 add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/selinux_user_contexts_path.3#1 add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/set_matchpathcon_printf.3#1 add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/setcon.3#1 add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/setexeccon.3#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/setfilecon.3#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/setfscreatecon.3#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/sidget.3#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man3/sidput.3#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man8/avcstat.8#1 add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man8/booleans.8#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man8/getenforce.8#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man8/getsebool.8#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man8/matchpathcon.8#1 add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man8/selinux.8#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man8/selinuxenabled.8#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man8/setenforce.8#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man8/setsebool.8#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/man/man8/togglesebool.8#1 add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/Makefile#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/av_inherit.h#1 add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/av_perm_to_string.h#1 add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/avc.c#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/avc_internal.c#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/avc_internal.h#3 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/avc_sidtab.c#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/avc_sidtab.h#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/booleans.c#3 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/canonicalize_context.c#1 add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/checkAccess.c#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/check_context.c#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/class_to_string.h#1 add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/common_perm_to_string.h#1 add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/compat_file_path.h#1 add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/compute_av.c#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/compute_create.c#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/compute_member.c#1 add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/compute_relabel.c#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/compute_user.c#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/context.c#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/context_internal.h#1 add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/disable.c#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/dso.h#1 add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/enabled.c#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/fgetfilecon.c#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/file_path_suffixes.h#1 add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/freecon.c#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/freeconary.c#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/fsetfilecon.c#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/get_context_list.c#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/get_context_list_internal.h#1 add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/get_default_type.c#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/get_default_type_internal.h#1 add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/getcon.c#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/getenforce.c#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/getexeccon.c#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/getfilecon.c#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/getfscreatecon.c#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/getpeercon.c#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/getpidcon.c#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/getprevcon.c#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/helpers.c#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/init.c#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/is_customizable_type.c#1 add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/lgetfilecon.c#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/load_policy.c#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/lsetfilecon.c#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/matchmediacon.c#1 add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/matchpathcon.c#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/policy.h#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/policyvers.c#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/query_user_context.c#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/rpm.c#1 add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/sebsd_config.c#1 add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/sebsd_config.c.NEW#1 add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/selinux.py#1 add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/selinux_config.c#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/selinux_internal.h#1 add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/selinux_netlink.h#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/selinuxswig.i#1 add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/selinuxswig_wrap.c#1 add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/setcon.c#1 add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/setenforce.c#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/setexeccon.c#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/setfilecon.c#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/setfscreatecon.c#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/seusers.c#1 add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/src/trans.c#1 add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/utils/Makefile#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/utils/avcstat.c#1 add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/utils/compute_av.c#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/utils/compute_create.c#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/utils/compute_member.c#1 add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/utils/compute_relabel.c#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/utils/compute_user.c#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/utils/deftype.c#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/utils/execcon.c#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/utils/getcon.c#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/utils/getconlist.c#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/utils/getenforce.c#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/utils/getenforcemode.c#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/utils/getfilecon.c#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/utils/getpidcon.c#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/utils/getsebool.c#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/utils/getseuser.c#1 add
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/utils/matchpathcon.c#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/utils/mkdircon.c#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/utils/policyvers.c#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/utils/selinuxconfig.c#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/utils/selinuxdisable.c#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/utils/selinuxenabled.c#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/utils/setenforce.c#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/utils/setfilecon.c#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/utils/setsebool.c#2 edit
.. //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/utils/togglesebool.c#2 edit
Differences ...
==== //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/ChangeLog#2 (text+ko) ====
@@ -1,3 +1,359 @@
+1.30 2006-03-14
+ * Updated version for release.
+
+1.29.8 2006-02-27
+ * Altered rpm_execcon fallback logic for permissive mode to also
+ handle case where /selinux/enforce is not available.
+
+1.29.7 2006-01-20
+ * Merged install-pywrap Makefile patch from Joshua Brindle.
+
+1.29.6 2006-01-18
+ * Merged pywrap Makefile patch from Dan Walsh.
+
+1.29.5 2006-01-11
+ * Added getseuser test program.
+
+1.29.4 2006-01-06
+ * Added format attribute to myprintf in matchpathcon.c and
+ removed obsoleted rootlen variable in init_selinux_config().
+
+1.29.3 2006-01-04
+ * Merged several fixes and improvements from Ulrich Drepper
+ (Red Hat), including:
+ - corrected use of getline
+ - further calls to __fsetlocking for local files
+ - use of strdupa and asprintf
+ - proper handling of dirent in booleans code
+ - use of -z relro
+ - several other optimizations
+ * Merged getpidcon python wrapper from Dan Walsh (Red Hat).
+
+1.29.2 2005-12-14
+ * Merged call to finish_context_translations from Dan Walsh.
+ This eliminates a memory leak from failing to release memory
+ allocated by libsetrans.
+
+1.29.1 2005-12-08
+ * Merged patch for swig interfaces from Dan Walsh.
+
+1.28 2005-12-07
+ * Updated version for release.
+
+1.27.28 2005-12-01
+ * Added MATCHPATHCON_VALIDATE flag for set_matchpathcon_flags() and
+ modified matchpathcon implementation to make context validation/
+ canonicalization optional at matchpathcon_init time, deferring it
+ to a successful matchpathcon by default unless the new flag is set
+ by the caller.
+
+1.27.27 2005-12-01
+ * Added matchpathcon_init_prefix() interface, and
+ reworked matchpathcon implementation to support selective
+ loading of file contexts entries based on prefix matching
+ between the pathname regex stems and the specified path
+ prefix (stem must be a prefix of the specified path prefix).
+
+1.27.26 2005-11-29
+ * Merged getsebool patch from Dan Walsh.
+
+1.27.25 2005-11-29
+ * Added -f file_contexts option to matchpathcon util.
+ Fixed warning message in matchpathcon_init().
+
+1.27.24 2005-11-29
+ * Merged Makefile python definitions patch from Dan Walsh.
+
+1.27.23 2005-11-28
+ * Merged swigify patch from Dan Walsh.
+
+1.27.22 2005-11-15
+ * Merged make failure in rpm_execcon non-fatal in permissive mode
+ patch from Ivan Gyurdiev.
+
+1.27.21 2005-11-08
+ * Added MATCHPATHCON_NOTRANS flag for set_matchpathcon_flags()
+ and modified matchpathcon_init() to skip context translation
+ if it is set by the caller.
+
+1.27.20 2005-11-07
+ * Added security_canonicalize_context() interface and
+ set_matchpathcon_canoncon() interface for obtaining
+ canonical contexts. Changed matchpathcon internals
+ to obtain canonical contexts by default. Provided
+ fallback for kernels that lack extended selinuxfs context
+ interface.
+
+1.27.19 2005-11-04
+ * Merged seusers parser changes from Ivan Gyurdiev.
+ * Merged setsebool to libsemanage patch from Ivan Gyurdiev.
+ * Changed seusers parser to reject empty fields.
+
+1.27.18 2005-11-03
+ * Merged seusers empty level handling patch from Jonathan Kim (TCS).
+
+1.27.17 2005-10-27
+ * Changed default entry for seusers to use __default__ to avoid
+ ambiguity with users named "default".
+
+1.27.16 2005-10-27
+ * Fixed init_selinux_config() handling of missing /etc/selinux/config
+ or missing SELINUXTYPE= definition.
+ * Merged selinux_translations_path() patch from Dan Walsh.
+
+1.27.15 2005-10-25
+ * Added hidden_proto/def for get_default_context_with_role.
+
+1.27.14 2005-10-25
+ * Merged selinux_path() and selinux_homedir_context_path()
+ functions from Joshua Brindle.
+
+1.27.13 2005-10-19
+ * Merged fixes for make DESTDIR= builds from Joshua Brindle.
+
+1.27.12 2005-10-18
+ * Merged get_default_context_with_rolelevel and man pages from
+ Dan Walsh (Red Hat).
+
+1.27.11 2005-10-18
+ * Updated call to sepol_policydb_to_image for sepol changes.
+
+1.27.10 2005-10-17
+ * Changed getseuserbyname to ignore empty lines and to handle
+ no matching entry in the same manner as no seusers file.
+
+1.27.9 2005-10-13
+ * Changed selinux_mkload_policy to try downgrading the
+ latest policy version available to the kernel-supported version.
+
+1.27.8 2005-10-11
+ * Changed selinux_mkload_policy to fall back to the maximum
+ policy version supported by libsepol if the kernel policy version
+ falls outside of the supported range.
+
+1.27.7 2005-10-06
+ * Changed getseuserbyname to fall back to the Linux username and
+ NULL level if seusers config file doesn't exist unless
+ REQUIRESEUSERS=1 is set in /etc/selinux/config.
+ * Moved seusers.conf under $SELINUXTYPE and renamed to seusers.
+
+1.27.6 2005-10-06
+ * Added selinux_init_load_policy() function as an even higher level
+ interface for the initial policy load by /sbin/init. This obsoletes
+ the load_policy() function in the sysvinit-selinux.patch.
+
+1.27.5 2005-10-06
+ * Added selinux_mkload_policy() function as a higher level interface
+ for loading policy than the security_load_policy() interface.
+
+1.27.4 2005-10-05
+ * Merged fix for matchpathcon (regcomp error checking) from Johan
+ Fischer. Also added use of regerror to obtain the error string
+ for inclusion in the error message.
+
+1.27.3 2005-10-03
+ * Changed getseuserbyname to not require (and ignore if present)
+ the MLS level in seusers.conf if MLS is disabled, setting *level
+ to NULL in this case.
+
+1.27.2 2005-09-30
+ * Merged getseuserbyname patch from Dan Walsh.
+
+1.27.1 2005-09-19
+ * Merged STRIP_LEVEL patch for matchpathcon from Dan Walsh.
+ This allows file_contexts with MLS fields to be processed on
+ non-MLS-enabled systems with policies that are otherwise
+ identical (e.g. same type definitions).
+ * Merged get_ordered_context_list_with_level() function from
+ Dan Walsh, and added get_default_context_with_level().
+ This allows MLS level selection for users other than the
+ default level.
+
+1.26 2005-09-06
+ * Updated version for release.
+
+1.25.7 2005-09-01
+ * Merged modified form of patch to avoid dlopen/dlclose by
+ the static libselinux from Dan Walsh. Users of the static libselinux
+ will not have any context translation by default.
+
+1.25.6 2005-08-31
+ * Added public functions to export context translation to
+ users of libselinux (selinux_trans_to_raw_context,
+ selinux_raw_to_trans_context).
+
+1.25.5 2005-08-26
+ * Remove special definition for context_range_set; use
+ common code.
+
+1.25.4 2005-08-25
+ * Hid translation-related symbols entirely and ensured that
+ raw functions have hidden definitions for internal use.
+ * Allowed setting NULL via context_set* functions.
+ * Allowed whitespace in MLS component of context.
+ * Changed rpm_execcon to use translated functions to workaround
+ lack of MLS level on upgraded systems.
+
+1.25.3 2005-08-23
+ * Merged context translation patch, originally by TCS,
+ with modifications by Dan Walsh (Red Hat).
+
+1.25.2 2005-08-11
+ * Merged several fixes for error handling paths in the
+ AVC sidtab, matchpathcon, booleans, context, and get_context_list
+ code from Serge Hallyn (IBM). Bugs found by Coverity.
+
+1.25.1 2005-08-10
+ * Removed setupns; migrated to pam.
+ * Merged patches to rename checkPasswdAccess() from Joshua Brindle.
+ Original symbol is temporarily retained for compatibility until
+ all callers are updated.
+
+1.24 2005-06-20
+ * Updated version for release.
+
+1.23.12 2005-06-13
+ * Merged security_setupns() from Chad Sellers.
+
+1.23.11 2005-05-19
+ * Merged avcstat and selinux man page from Dan Walsh.
+ * Changed security_load_booleans to process booleans.local
+ even if booleans file doesn't exist.
+
+1.23.10 2005-04-29
+ * Merged set_selinuxmnt patch from Bill Nottingham (Red Hat).
+
+1.23.9 2005-04-26
+ * Rewrote get_ordered_context_list and helpers, including
+ changing logic to allow variable MLS fields.
+
+1.23.8 2005-04-25
+ * Merged matchpathcon and man page patch from Dan Walsh.
+
+1.23.7 2005-04-12
+ * Changed boolean functions to return -1 with errno ENOENT
+ rather than assert on a NULL selinux_mnt (i.e. selinuxfs not
+ mounted).
+
+1.23.6 2005-04-08
+ * Fixed bug in matchpathcon_filespec_destroy.
+
+1.23.5 2005-04-05
+ * Fixed bug in rpm_execcon error handling path.
+
+1.23.4 2005-04-04
+ * Merged fix for set_matchpathcon* functions from Andreas Steinmetz.
+ * Merged fix for getconlist utility from Andreas Steinmetz.
+
+1.23.3 2005-03-29
+ * Merged security_set_boolean_list patch from Dan Walsh.
+ This introduces booleans.local support for setsebool.
+
+1.23.2 2005-03-17
+ * Merged destructors patch from Tomas Mraz.
+
+1.23.1 2005-03-16
+ * Added set_matchpathcon_flags() function for setting flags
+ controlling operation of matchpathcon. MATCHPATHCON_BASEONLY
+ means only process the base file_contexts file, not
+ file_contexts.homedirs or file_contexts.local, and is for use by
+ setfiles -c.
+ * Updated matchpathcon.3 man page.
+
+1.22 2005-03-09
+ * Updated version for release.
+
+1.21.13 2005-03-08
+ * Fixed bug in matchpathcon_filespec_add() - failure to clear fl_head.
+
+1.21.12 2005-03-01
+ * Changed matchpathcon_common to ignore any non-format bits in the mode.
+
+1.21.11 2005-02-22
+ * Merged several fixes from Ulrich Drepper.
+
+1.21.10 2005-02-17
+ * Merged matchpathcon patch for file_contexts.homedir from Dan Walsh.
+ * Added selinux_users_path() for path to directory containing
+ system.users and local.users.
+
+1.21.9 2005-02-09
+ * Changed relabel Makefile target to use restorecon.
+
+1.21.8 2005-02-07
+ * Regenerated av_permissions.h.
+
+1.21.7 2005-02-01
+ * Modified avc_dump_av to explicitly check for any permissions that
+ cannot be mapped to string names and display them as a hex value.
+
+1.21.6 2005-01-31
+ * Regenerated av_permissions.h.
+
+1.21.5 2005-01-28
+ * Generalized matchpathcon internals, exported more interfaces,
+ and moved additional code from setfiles into libselinux so that
+ setfiles can directly use matchpathcon.
+
+1.21.4 2005-01-27
+ * Prevent overflow of spec array in matchpathcon.
+
+1.21.3 2005-01-26
+ * Fixed several uses of internal functions to avoid relocations.
+ * Changed rpm_execcon to check is_selinux_enabled() and fallback to
+ a regular execve if not enabled (or unable to determine due to a lack
+ of /proc, e.g. chroot'd environment).
+
+
+1.21.2 2005-01-24
+ * Merged minor fix for avcstat from Dan Walsh.
+
+1.21.1 2005-01-19
+ * Merged patch from Dan Walsh, including:
+ - new is_context_customizable function
+ - changed matchpathcon to also use file_contexts.local if present
+ - man page cleanups
+
+1.20 2005-01-04
+ * Changed matchpathcon to return -1 with errno ENOENT for
+ <<none>> entries, and also for an empty file_contexts configuration.
+ * Removed some trivial utils that were not useful or redundant.
+ * Changed BINDIR default to /usr/sbin to match change in Fedora.
+ * Added security_compute_member.
+ * Added man page for setcon.
+ * Merged more man pages from Dan Walsh.
+ * Merged avcstat from James Morris.
+ * Merged build fix for mips from Manoj Srivastava.
+ * Merged C++ support from John Ramsdell of MITRE.
+ * Merged setcon() function from Darrel Goeddel of TCS.
+ * Merged setsebool/togglesebool enhancement from Steve Grubb.
+ * Merged cleanup patches from Steve Grubb.
+
+1.18 2004-11-01
+ * Merged cleanup patches from Steve Grubb.
+ * Added rpm_execcon.
+ * Merged setenforce and removable context patch from Dan Walsh.
+ * Merged build fix for alpha from Ulrich Drepper.
+ * Removed copyright/license from selinux_netlink.h - definitions only.
+ * Merged matchmediacon from Dan Walsh.
+ * Regenerated headers for new nscd permissions.
+ * Added get_default_context_with_role.
+ * Added set_matchpathcon_printf.
+ * Reworked av_inherit.h to allow easier re-use by kernel.
+ * Changed avc_has_perm_noaudit to not fail on netlink errors.
+ * Changed avc netlink code to check pid based on patch by Steve Grubb.
+ * Merged second optimization patch from Ulrich Drepper.
+ * Changed matchpathcon to skip invalid file_contexts entries.
+ * Made string tables private to libselinux.
+ * Merged strcat->stpcpy patch from Ulrich Drepper.
+ * Merged matchpathcon man page from Dan Walsh.
+ * Merged patch to eliminate PLTs for local syms from Ulrich Drepper.
+ * Autobind netlink socket.
+ * Dropped compatibility code from security_compute_user.
+ * Merged fix for context_range_set from Chad Hanson.
+ * Merged allocation failure checking patch from Chad Hanson.
+ * Merged avc netlink error message patch from Colin Walters.
+
1.16 2004-08-19
* Regenerated headers for nscd class.
* Merged man pages from Dan Walsh.
==== //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/LICENSE#2 (text+ko) ====
==== //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/Makefile#2 (text+ko) ====
@@ -2,13 +2,20 @@
$(MAKE) -C src
$(MAKE) -C utils
+pywrap:
+ $(MAKE) -C src pywrap
+
install:
$(MAKE) -C include install
$(MAKE) -C src install
$(MAKE) -C utils install
$(MAKE) -C man install
-relabel:
+install-pywrap:
+ $(MAKE) -C src install-pywrap
+
+relabel:
+ $(MAKE) -C src relabel
clean:
$(MAKE) -C src clean
==== //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/VERSION#2 (text+ko) ====
@@ -1,1 +1,1 @@
-1.16
+1.30
==== //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/include/Makefile#2 (text+ko) ====
==== //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/include/selinux/av_inherit.h#2 (text+ko) ====
==== //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/include/selinux/av_perm_to_string.h#2 (text+ko) ====
==== //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/include/selinux/av_permissions.h#2 (text+ko) ====
@@ -1,6 +1,4 @@
/* This file is automatically generated. Do not edit. */
-/* FLASK */
-
#define COMMON_FILE__IOCTL 0x00000001UL
#define COMMON_FILE__READ 0x00000002UL
#define COMMON_FILE__WRITE 0x00000004UL
@@ -107,6 +105,7 @@
#define FILE__EXECUTE_NO_TRANS 0x00020000UL
#define FILE__ENTRYPOINT 0x00040000UL
+#define FILE__EXECMOD 0x00080000UL
#define LNK_FILE__IOCTL 0x00000001UL
#define LNK_FILE__READ 0x00000002UL
@@ -144,6 +143,10 @@
#define CHR_FILE__QUOTAON 0x00008000UL
#define CHR_FILE__MOUNTON 0x00010000UL
+#define CHR_FILE__EXECUTE_NO_TRANS 0x00020000UL
+#define CHR_FILE__ENTRYPOINT 0x00040000UL
+#define CHR_FILE__EXECMOD 0x00080000UL
+
#define BLK_FILE__IOCTL 0x00000001UL
#define BLK_FILE__READ 0x00000002UL
#define BLK_FILE__WRITE 0x00000004UL
@@ -458,6 +461,9 @@
#define PROCESS__SIGINH 0x00100000UL
#define PROCESS__SETRLIMIT 0x00200000UL
#define PROCESS__RLIMITINH 0x00400000UL
+#define PROCESS__DYNTRANSITION 0x00800000UL
+#define PROCESS__SETCURRENT 0x01000000UL
+#define PROCESS__EXECMEM 0x02000000UL
#define IPC__CREATE 0x00000001UL
#define IPC__DESTROY 0x00000002UL
@@ -515,6 +521,7 @@
#define SECURITY__COMPUTE_USER 0x00000040UL
#define SECURITY__SETENFORCE 0x00000080UL
#define SECURITY__SETBOOL 0x00000100UL
+#define SECURITY__SETSECPARAM 0x00000200UL
#define SYSTEM__IPC_INFO 0x00000001UL
#define SYSTEM__SYSLOG_READ 0x00000002UL
@@ -550,6 +557,8 @@
#define CAPABILITY__SYS_TTY_CONFIG 0x04000000UL
#define CAPABILITY__MKNOD 0x08000000UL
#define CAPABILITY__LEASE 0x10000000UL
+#define CAPABILITY__AUDIT_WRITE 0x20000000UL
+#define CAPABILITY__AUDIT_CONTROL 0x40000000UL
#define PASSWD__PASSWD 0x00000001UL
#define PASSWD__CHFN 0x00000002UL
@@ -887,6 +896,10 @@
#define NSCD__GETHOST 0x00000004UL
#define NSCD__GETSTAT 0x00000008UL
#define NSCD__ADMIN 0x00000010UL
+#define NSCD__SHMEMPWD 0x00000020UL
+#define NSCD__SHMEMGRP 0x00000040UL
+#define NSCD__SHMEMHOST 0x00000080UL
+#define ASSOCIATION__SENDTO 0x00000001UL
+#define ASSOCIATION__RECVFROM 0x00000002UL
-/* FLASK */
==== //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/include/selinux/avc.h#3 (text+ko) ====
@@ -11,6 +11,10 @@
#include <stdlib.h>
#include <selinux/selinux.h>
+#ifdef __cplusplus
+extern "C"
+{
+#endif
/*
* SID format and operations
@@ -362,4 +366,8 @@
*/
void avc_sid_stats(void);
+#ifdef __cplusplus
+}
+#endif
+
#endif /* _SELINUX_AVC_H_ */
==== //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/include/selinux/class_to_string.h#2 (text+ko) ====
==== //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/include/selinux/common_perm_to_string.h#2 (text+ko) ====
==== //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/include/selinux/context.h#2 (text+ko) ====
@@ -1,6 +1,11 @@
#ifndef _SELINUX_CONTEXT_H_
#define _SELINUX_CONTEXT_H_
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
/*
* Functions to deal with security contexts in user space.
*/
@@ -40,4 +45,8 @@
extern int context_role_set(context_t,const char*);
extern int context_user_set(context_t,const char*);
+#ifdef __cplusplus
+}
+#endif
+
#endif
==== //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/include/selinux/flask.h#2 (text+ko) ====
@@ -58,6 +58,7 @@
#define SECCLASS_NETLINK_DNRT_SOCKET 51
#define SECCLASS_DBUS 52
#define SECCLASS_NSCD 53
+#define SECCLASS_ASSOCIATION 54
/*
* Security identifier indices for initial entities
==== //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/include/selinux/get_context_list.h#2 (text+ko) ====
@@ -3,6 +3,11 @@
#include <selinux/selinux.h>
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
#define SELINUX_DEFAULTUSER "user_u"
/* Get an ordered list of authorized security contexts for a user session
@@ -16,6 +21,13 @@
security_context_t fromcon,
security_context_t **list);
+/* As above, but use the provided MLS level rather than the
+ default level for the user. */
+int get_ordered_context_list_with_level (const char *user,
+ const char *level,
+ security_context_t fromcon,
+ security_context_t **list);
+
/* Get the default security context for a user session for 'user'
spawned by 'fromcon' and set *newcon to refer to it. The context
will be one of those authorized by the policy, but the selection
@@ -27,6 +39,30 @@
security_context_t fromcon,
security_context_t *newcon);
+/* As above, but use the provided MLS level rather than the
+ default level for the user. */
+int get_default_context_with_level(const char *user,
+ const char *level,
+ security_context_t fromcon,
+ security_context_t *newcon);
+
+/* Same as get_default_context, but only return a context
+ that has the specified role. If no reachable context exists
+ for the user with that role, then return -1. */
+int get_default_context_with_role(const char* user,
+ const char *role,
+ security_context_t fromcon,
+ security_context_t *newcon);
+
+/* Same as get_default_context, but only return a context
+ that has the specified role and level. If no reachable context exists
+ for the user with that role, then return -1. */
+int get_default_context_with_rolelevel(const char* user,
+ const char *level,
+ const char *role,
+ security_context_t fromcon,
+ security_context_t *newcon);
+
/* Given a list of authorized security contexts for the user,
query the user to select one and set *newcon to refer to it.
Caller must free via freecon.
@@ -41,4 +77,8 @@
extern int manual_user_enter_context(const char *user,
security_context_t *newcon);
+#ifdef __cplusplus
+}
+#endif
+
#endif
==== //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/include/selinux/get_default_type.h#2 (text+ko) ====
@@ -5,12 +5,21 @@
#ifndef _SELINUX_GET_DEFAULT_TYPE_H_
#define _SELINUX_GET_DEFAULT_TYPE_H_
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
/* Return path to default type file. */
-char *selinux_default_type_path(void);
+const char *selinux_default_type_path(void);
/* Get the default type (domain) for 'role' and set 'type' to refer to it.
Caller must free via free().
Return 0 on success or -1 otherwise. */
int get_default_type (const char* role, char** type);
+#ifdef __cplusplus
+}
+#endif
+
#endif /* ifndef _GET_DEFAULT_TYPE_H_ */
==== //depot/projects/trustedbsd/sebsd/contrib/sebsd/libselinux/include/selinux/selinux.h#4 (text+ko) ====
@@ -2,17 +2,20 @@
#define _SELINUX_H_
#include <sys/types.h>
+#include <stdarg.h>
-#define _LINUX_FLASK_TYPES_H_
-typedef unsigned short security_class_t;
-typedef unsigned int access_vector_t;
-typedef char *security_context_t;
+#ifdef __cplusplus
+extern "C"
+{
+#endif
/* Return 1 if we are running on a SELinux kernel, or 0 if not or -1 if we get an error. */
extern int is_selinux_enabled(void);
/* Return 1 if we are running on a SELinux MLS kernel, or 0 otherwise. */
extern int is_selinux_mls_enabled(void);
+typedef char* security_context_t;
+
/* Free the memory allocated for a context by any of the below get* calls. */
extern void freecon(security_context_t con);
@@ -24,32 +27,55 @@
/* Get current context, and set *con to refer to it.
Caller must free via freecon. */
extern int getcon(security_context_t *con);
+extern int getcon_raw(security_context_t *con);
+
+/* Set the current security context to con.
+ Note that use of this function requires that the entire application
+ be trusted to maintain any desired separation between the old and new
+ security contexts, unlike exec-based transitions performed via setexeccon.
+ When possible, decompose your application and use setexeccon()+execve()
+ instead. Note that the application may lose access to its open descriptors
+ as a result of a setcon() unless policy allows it to use descriptors opened
+ by the old context. */
+extern int setcon(security_context_t con);
+extern int setcon_raw(security_context_t con);
/* Get context of process identified by pid, and
- set *con to refer to it. Caller must free via freecon. */
-extern int getpidcon(pid_t pid, security_context_t *con);
+ set *con to refer to it. Caller must free via freecon.
+ This has not been ported to SEBSD yet. */
+//extern int getpidcon(pid_t pid, security_context_t *con);
+//extern int getpidcon_raw(pid_t pid, security_context_t *con);
/* Get previous context (prior to last exec), and set *con to refer to it.
- Caller must free via freecon. */
-extern int getprevcon(security_context_t *con);
+ Caller must free via freecon.
+ This has not been ported to SEBSD yet.*/
+//extern int getprevcon(security_context_t *con);
+//extern int getprevcon_raw(security_context_t *con);
/* Get exec context, and set *con to refer to it.
Sets *con to NULL if no exec context has been set, i.e. using default.
If non-NULL, caller must free via freecon. */
extern int getexeccon(security_context_t *con);
+extern int getexeccon_raw(security_context_t *con);
/* Set exec security context for the next execve.
- Call with NULL if you want to reset to the default. */
-extern int setexeccon(security_context_t con);
+ Call with NULL if you want to reset to the default.
+ This is not yet supported by SEBSD. */
+//extern int setexeccon(security_context_t con);
+//extern int setexeccon_raw(security_context_t con);
/* Get fscreate context, and set *con to refer to it.
Sets *con to NULL if no fs create context has been set, i.e. using default.
- If non-NULL, caller must free via freecon. */
-extern int getfscreatecon(security_context_t *con);
+ If non-NULL, caller must free via freecon.
+ This has not been ported to SEBSD yet. */
+//extern int getfscreatecon(security_context_t *con);
+//extern int getfscreatecon_raw(security_context_t *con);
/* Set the fscreate security context for subsequent file creations.
- Call with NULL if you want to reset to the default. */
-extern int setfscreatecon(security_context_t context);
+ Call with NULL if you want to reset to the default.
+ This has not been ported to SEBSD yet. */
+//extern int setfscreatecon(security_context_t context);
+//extern int setfscreatecon_raw(security_context_t context);
/* Wrappers for the xattr API. */
@@ -57,13 +83,19 @@
/* Get file context, and set *con to refer to it.
Caller must free via freecon. */
extern int getfilecon(const char *path, security_context_t *con);
+extern int getfilecon_raw(const char *path, security_context_t *con);
extern int lgetfilecon(const char *path, security_context_t *con);
+extern int lgetfilecon_raw(const char *path, security_context_t *con);
extern int fgetfilecon(int fd, security_context_t *con);
+extern int fgetfilecon_raw(int fd, security_context_t *con);
/* Set file context */
extern int setfilecon(const char *path, security_context_t con);
+extern int setfilecon_raw(const char *path, security_context_t con);
extern int lsetfilecon(const char *path, security_context_t con);
+extern int lsetfilecon_raw(const char *path, security_context_t con);
extern int fsetfilecon(int fd, security_context_t con);
+extern int fsetfilecon_raw(int fd, security_context_t con);
/* Wrappers for the socket API */
@@ -71,10 +103,14 @@
/* Get context of peer socket, and set *con to refer to it.
Caller must free via freecon. */
extern int getpeercon(int fd, security_context_t *con);
+extern int getpeercon_raw(int fd, security_context_t *con);
/* Wrappers for the selinuxfs (policy) API. */
+typedef unsigned int access_vector_t;
+typedef unsigned short security_class_t;
+
struct av_decision {
access_vector_t allowed;
access_vector_t decided;
@@ -89,13 +125,22 @@
security_class_t tclass,
access_vector_t requested,
struct av_decision *avd);
+extern int security_compute_av_raw(security_context_t scon,
+ security_context_t tcon,
+ security_class_t tclass,
+ access_vector_t requested,
+ struct av_decision *avd);
/* Compute a labeling decision and set *newcon to refer to it.
Caller must free via freecon. */
-extern int security_compute_create(security_context_t scon,
- security_context_t tcon,
- security_class_t tclass,
- security_context_t *newcon);
+//extern int security_compute_create(security_context_t scon,
+// security_context_t tcon,
+// security_class_t tclass,
+// security_context_t *newcon);
+//extern int security_compute_create_raw(security_context_t scon,
+// security_context_t tcon,
>>> TRUNCATED FOR MAIL (1000 lines) <<<
More information about the trustedbsd-cvs
mailing list