PERFORCE change 107183 for review
Todd Miller
millert at FreeBSD.org
Tue Oct 3 08:04:05 PDT 2006
http://perforce.freebsd.org/chv.cgi?CH=107183
Change 107183 by millert at millert_macbook on 2006/10/03 15:03:26
#ifdef out entrypoints for now where we are missing bits
in refpolicy.
Affected files ...
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#19 edit
Differences ...
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#19 (text+ko) ====
@@ -1527,6 +1527,7 @@
return (mount_has_perm(cred, mp, FILESYSTEM__GETATTR, NULL));
}
+#ifdef FILESYSTEM__SETATTR
static int
sebsd_mount_check_setattr(struct ucred *cred, struct mount *mp,
struct label *mntlabel, struct vfs_attr *vfa)
@@ -1534,6 +1535,7 @@
return (mount_has_perm(cred, mp, FILESYSTEM__SETATTR, NULL));
}
+#endif
static int
sebsd_mount_check_remount(struct ucred *cred, struct mount *mp,
@@ -1559,6 +1561,7 @@
return (pipe_has_perm(cred, pipe, FIFO_FILE__IOCTL));
}
+#ifdef FIFO_FILE__POLL
static int
sebsd_pipe_check_kqfilter(struct ucred *cred, struct knote *kn,
struct pipe *pipe, struct label *pipelabel)
@@ -1566,6 +1569,7 @@
return (pipe_has_perm(cred, pipe, FIFO_FILE__POLL));
}
+#endif
static int
sebsd_pipe_check_read(struct ucred *cred, struct pipe *pipe,
@@ -1607,6 +1611,7 @@
return (rc);
}
+#ifdef FIFO_FILE__POLL
static int
sebsd_pipe_check_select(struct ucred *cred, struct pipe *pipe,
struct label *pipelabel, int which)
@@ -1614,6 +1619,7 @@
return (pipe_has_perm(cred, pipe, FIFO_FILE__POLL));
}
+#endif
static int
sebsd_pipe_check_stat(struct ucred *cred, struct pipe *pipe,
@@ -2179,6 +2185,7 @@
return (vnode_has_perm(cred, vp, FILE__GETATTR));
}
+#if defined(FILE__POLL) && defined(FILE__GETATTR)
static int
sebsd_vnode_check_kqfilter(struct ucred *cred, struct ucred *file_cred,
struct knote *kn, struct vnode *vp, struct label *label)
@@ -2194,6 +2201,7 @@
return (0);
}
}
+#endif
static int
sebsd_vnode_check_link(struct ucred *cred, struct vnode *dvp,
@@ -2439,6 +2447,7 @@
return (0);
}
+#ifdef FILE__POLL
static int
sebsd_vnode_check_select(struct ucred *cred, struct vnode *vp,
struct label *label, int which)
@@ -2446,6 +2455,7 @@
return (vnode_has_perm(cred, vp, FILE__POLL));
}
+#endif
#ifdef HAS_ACLS
static int
@@ -2457,6 +2467,7 @@
}
#endif
+#ifdef FILE__SETATTR
static int
sebsd_vnode_check_setattrlist(struct ucred *cred, struct vnode *vp,
struct label *vlabel, struct attrlist *alist)
@@ -2464,6 +2475,7 @@
return (vnode_has_perm(cred, vp, FILE__SETATTR));
}
+#endif
static int
sebsd_vnode_check_setextattr(struct ucred *cred, struct vnode *vp,
@@ -2710,6 +2722,7 @@
}
#endif
+#ifdef SOCKET__POLL
static int
sebsd_socket_check_kqfilter(struct ucred *cred, struct knote *kn,
struct xsocket *xso, struct label *socklabel)
@@ -2717,6 +2730,7 @@
return (socket_has_perm(cred, socklabel, SOCKET__POLL));
}
+#endif
static int
sebsd_socket_check_listen(struct ucred *cred, struct xsocket *xso,
@@ -2760,6 +2774,7 @@
return (0);
}
+#ifdef SOCKET__POLL
static int
sebsd_socket_check_select(struct ucred *cred, struct xsocket *xso,
struct label *socklabel, int which)
@@ -2767,6 +2782,7 @@
return (socket_has_perm(cred, socklabel, SOCKET__POLL));
}
+#endif
static int
sebsd_socket_check_send(struct ucred *cred, struct xsocket *xso,
@@ -3136,6 +3152,7 @@
return (ipc_has_perm(cred, msglabel, MSG__RECEIVE));
}
+#ifdef MSG__DESTROY
static int
sebsd_sysvmsq_check_msgrmid(struct ucred *cred, struct msg *msgptr,
struct label *msglabel)
@@ -3143,6 +3160,7 @@
return (ipc_has_perm(cred, msglabel, MSG__DESTROY));
}
+#endif
static int
sebsd_sysvmsq_check_msqget(struct ucred *cred, struct msqid_kernel *msqkptr,
@@ -3561,11 +3579,11 @@
.mpo_socket_check_connect = sebsd_socket_check_connect,
.mpo_socket_check_create = sebsd_socket_check_create,
// .mpo_socket_check_deliver = sebsd_socket_check_deliver,
- .mpo_socket_check_kqfilter = sebsd_socket_check_kqfilter,
+// .mpo_socket_check_kqfilter = sebsd_socket_check_kqfilter,
.mpo_socket_check_listen = sebsd_socket_check_listen,
.mpo_socket_check_receive = sebsd_socket_check_receive,
.mpo_socket_check_setlabel = sebsd_socket_check_setlabel,
- .mpo_socket_check_select = sebsd_socket_check_select,
+// .mpo_socket_check_select = sebsd_socket_check_select,
.mpo_socket_check_send = sebsd_socket_check_send,
.mpo_socket_check_stat = sebsd_socket_check_stat,
.mpo_system_check_acct = sebsd_system_check_acct,
@@ -3592,7 +3610,7 @@
.mpo_vnode_check_deleteextattr = NOT_IMPLEMENTED,
#endif
.mpo_vnode_check_getattrlist = sebsd_vnode_check_getattrlist,
- .mpo_vnode_check_kqfilter = sebsd_vnode_check_kqfilter,
+// .mpo_vnode_check_kqfilter = sebsd_vnode_check_kqfilter,
.mpo_vnode_check_link = sebsd_vnode_check_link,
.mpo_vnode_check_lookup = sebsd_vnode_check_lookup,
.mpo_vnode_check_mmap = sebsd_vnode_check_mmap,
@@ -3605,8 +3623,8 @@
.mpo_vnode_check_rename_from = sebsd_vnode_check_rename_from,
.mpo_vnode_check_rename_to = sebsd_vnode_check_rename_to,
.mpo_vnode_check_revoke = sebsd_vnode_check_revoke,
- .mpo_vnode_check_select = sebsd_vnode_check_select,
- .mpo_vnode_check_setattrlist = sebsd_vnode_check_setattrlist,
+// .mpo_vnode_check_select = sebsd_vnode_check_select,
+// .mpo_vnode_check_setattrlist = sebsd_vnode_check_setattrlist,
.mpo_vnode_check_getextattr = sebsd_vnode_check_getextattr,
.mpo_vnode_check_setextattr = sebsd_vnode_check_setextattr,
.mpo_vnode_check_setflags = sebsd_vnode_check_setflags,
@@ -3616,10 +3634,10 @@
.mpo_vnode_check_stat = sebsd_vnode_check_stat,
.mpo_vnode_check_write = sebsd_vnode_check_write,
.mpo_pipe_check_ioctl = sebsd_pipe_check_ioctl,
- .mpo_pipe_check_kqfilter = sebsd_pipe_check_kqfilter,
+// .mpo_pipe_check_kqfilter = sebsd_pipe_check_kqfilter,
.mpo_pipe_check_read = sebsd_pipe_check_read,
.mpo_pipe_check_setlabel = sebsd_pipe_check_setlabel,
- .mpo_pipe_check_select = sebsd_pipe_check_select,
+// .mpo_pipe_check_select = sebsd_pipe_check_select,
.mpo_pipe_check_stat = sebsd_pipe_check_stat,
.mpo_pipe_check_write = sebsd_pipe_check_write,
@@ -3635,7 +3653,7 @@
.mpo_mount_check_remount = sebsd_mount_check_remount,
.mpo_mount_check_stat = sebsd_mount_check_stat,
.mpo_mount_check_getattr = sebsd_mount_check_getattr,
- .mpo_mount_check_setattr = sebsd_mount_check_setattr,
+// .mpo_mount_check_setattr = sebsd_mount_check_setattr,
.mpo_vnode_write_extattr = sebsd_vnode_write_extattr,
@@ -3660,7 +3678,7 @@
.mpo_sysvmsq_check_enqueue = sebsd_sysvmsq_check_enqueue,
.mpo_sysvmsq_check_msgrcv = sebsd_sysvmsq_check_msgrcv,
- .mpo_sysvmsq_check_msgrmid = sebsd_sysvmsq_check_msgrmid,
+// .mpo_sysvmsq_check_msgrmid = sebsd_sysvmsq_check_msgrmid,
.mpo_sysvmsq_check_msqget = sebsd_sysvmsq_check_msqget,
.mpo_sysvmsq_check_msqsnd = sebsd_sysvmsq_check_msqsnd,
.mpo_sysvmsq_check_msqrcv = sebsd_sysvmsq_check_msqrcv,
More information about the trustedbsd-cvs
mailing list