PERFORCE change 108487 for review

Todd Miller millert at FreeBSD.org
Thu Oct 26 14:51:48 UTC 2006 

http://perforce.freebsd.org/chv.cgi?CH=108487

Change 108487 by millert at millert_macbook on 2006/10/26 14:50:47

	Update to refpolicy-20061018 from the Tresys web site.
	More darwin-specific additions.

Affected files ...

.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/Changelog#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/Makefile#5 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/Rules.modular#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/Rules.monolithic#6 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/VERSION#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/build.conf#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/config/appconfig-strict-mcs/seusers#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/config/appconfig-strict-mls/initrc_context#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/config/appconfig-strict-mls/seusers#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/config/appconfig-targeted-mcs/seusers#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/config/appconfig-targeted-mls/initrc_context#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/config/appconfig-targeted-mls/seusers#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/doc/policy.dtd#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/migscs.pl#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/flask/mkaccess_vector.sh#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/global_tunables#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/mcs#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/mls#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/amanda.fc#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/amanda.if#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/amanda.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/anaconda.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/apt.if#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/apt.te#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/backup.if#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/backup.te#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/bootloader.fc#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/bootloader.if#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/bootloader.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/certwatch.if#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/consoletype.if#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/consoletype.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/ddcprobe.if#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/dmesg.if#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/dmidecode.if#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/dmidecode.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/dpkg.if#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/dpkg.te#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/firstboot.if#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/firstboot.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/kudzu.if#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/kudzu.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/logrotate.fc#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/logrotate.if#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/logrotate.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/logwatch.fc#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/logwatch.if#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/logwatch.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/mrtg.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/netutils.if#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/netutils.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/portage.if#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/portage.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/prelink.if#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/prelink.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/quota.if#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/readahead.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/rpm.fc#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/rpm.if#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/rpm.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/su.if#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/su.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/sudo.if#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/sxid.if#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/sxid.te#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/tripwire.if#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/updfstab.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/usbmodules.if#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/usbmodules.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/usermanage.if#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/usermanage.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/vbetool.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/vpn.if#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/admin/vpn.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/calamaris.te#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/cdrecord.if#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/cdrecord.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/ethereal.if#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/ethereal.te#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/evolution.if#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/evolution.te#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/games.if#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/games.te#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/gift.if#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/gnome.fc#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/gnome.if#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/gnome.te#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/gpg.if#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/gpg.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/irc.if#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/irc.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/java.if#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/java.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/loadkeys.if#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/lockdev.if#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/lockdev.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/mono.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/mozilla.if#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/mozilla.te#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/mplayer.fc#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/mplayer.if#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/mplayer.te#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/rssh.if#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/screen.if#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/screen.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/slocate.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/thunderbird.if#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/thunderbird.te#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/tvtime.if#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/tvtime.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/uml.if#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/uml.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/userhelper.if#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/userhelper.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/usernetctl.if#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/vmware.if#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/webalizer.if#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/webalizer.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/wine.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/apps/yam.if#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/DirectoryService.if#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/DirectoryService.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/KernelEventAgent.te#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/WindowServer.if#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/WindowServer.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/configd.if#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/configd.te#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/coreaudiod.te#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/diskarbitrationd.if#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/diskarbitrationd.te#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/dynamic_pager.if#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/dynamic_pager.te#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/kextd.if#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/kextd.te#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/loginwindow.if#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/loginwindow.te#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/lookupd.te#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/mDNSResponder.te#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/memberd.te#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/notifyd.if#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/notifyd.te#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/securityd.te#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/update.if#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/update.te#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/kernel/corecommands.if#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/kernel/corecommands.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/kernel/corenetwork.if.in#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/kernel/corenetwork.if.m4#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/kernel/corenetwork.te.in#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/kernel/corenetwork.te.m4#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/kernel/devices.fc#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/kernel/devices.if#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/kernel/devices.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/kernel/domain.if#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/kernel/domain.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/kernel/files.fc#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/kernel/files.if#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/kernel/files.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/kernel/filesystem.if#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/kernel/filesystem.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/kernel/kernel.if#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/kernel/kernel.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/kernel/mcs.if#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/kernel/mcs.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/kernel/mls.if#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/kernel/mls.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/kernel/selinux.if#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/kernel/selinux.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/kernel/storage.fc#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/kernel/storage.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/kernel/terminal.if#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/kernel/terminal.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/afs.te#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/amavis.te#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/apache.if#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/apache.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/apm.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/arpwatch.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/asterisk.te#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/automount.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/avahi.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/bind.if#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/bind.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/bluetooth.fc#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/bluetooth.if#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/bluetooth.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/canna.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/cipe.te#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/clamav.te#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/clockspeed.if#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/clockspeed.te#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/comsat.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/courier.te#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/cpucontrol.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/cron.fc#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/cron.if#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/cron.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/cups.if#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/cups.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/cvs.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/cyrus.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/dante.te#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/dbskk.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/dbus.if#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/dbus.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/dcc.if#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/dcc.te#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/ddclient.te#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/dhcp.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/dictd.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/distcc.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/djbdns.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/dnsmasq.te#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/dovecot.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/fetchmail.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/finger.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/ftp.if#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/ftp.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/gatekeeper.te#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/gpm.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/hal.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/howl.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/i18n_input.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/imaze.te#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/inetd.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/inn.if#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/inn.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/ircd.te#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/jabber.te#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/kerberos.if#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/kerberos.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/ktalk.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/ldap.if#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/ldap.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/lpd.fc#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/lpd.if#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/lpd.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/mailman.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/monop.te#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/mta.if#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/mta.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/munin.if#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/munin.te#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/mysql.if#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/mysql.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/nagios.if#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/nagios.te#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/nessus.te#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/networkmanager.fc#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/networkmanager.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/nis.if#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/nis.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/nscd.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/nsd.te#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/ntop.te#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/ntp.if#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/ntp.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/nx.te#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/oav.if#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/oav.te#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/oddjob.fc#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/oddjob.if#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/oddjob.te#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/openvpn.if#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/openvpn.te#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/pegasus.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/perdition.te#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/portmap.if#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/portmap.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/portslave.te#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/postfix.fc#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/postfix.if#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/postfix.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/postgresql.if#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/postgresql.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/postgrey.te#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/ppp.fc#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/ppp.if#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/ppp.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/privoxy.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/procmail.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/pyzor.if#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/pyzor.te#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/qmail.if#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/qmail.te#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/radius.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/radvd.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/razor.if#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/razor.te#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/rdisc.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/remotelogin.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/rhgb.te#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/rlogin.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/roundup.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/rpc.if#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/rpc.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/rshd.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/rsync.if#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/rsync.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/samba.if#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/samba.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/sasl.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/sendmail.if#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/sendmail.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/setroubleshoot.te#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/smartmon.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/snmp.if#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/snmp.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/snort.te#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/soundserver.te#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/spamassassin.if#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/spamassassin.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/squid.if#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/squid.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/ssh.if#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/ssh.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/stunnel.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/sysstat.if#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/sysstat.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/tcpd.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/telnet.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/tftp.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/timidity.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/tor.te#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/transproxy.te#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/ucspitcp.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/uucp.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/uwimap.te#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/watchdog.te#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/xfs.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/xprint.te#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/xserver.if#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/xserver.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/zebra.if#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/zebra.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/authlogin.if#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/authlogin.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/clock.if#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/clock.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/daemontools.if#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/daemontools.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/fstools.if#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/fstools.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/getty.if#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/getty.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/hostname.if#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/hostname.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/hotplug.if#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/hotplug.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/init.if#5 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/init.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/ipsec.if#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/ipsec.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/iptables.if#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/libraries.if#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/libraries.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/locallogin.if#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/locallogin.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/logging.fc#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/logging.if#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/logging.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/lvm.if#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/lvm.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/miscfiles.if#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/miscfiles.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/modutils.if#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/modutils.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/mount.if#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/mount.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/netlabel.fc#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/netlabel.if#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/netlabel.te#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/pcmcia.if#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/pcmcia.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/raid.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/selinuxutil.fc#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/selinuxutil.if#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/selinuxutil.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/setrans.fc#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/setrans.te#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/sysnetwork.if#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/sysnetwork.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/udev.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/unconfined.if#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/unconfined.te#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/userdomain.fc#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/userdomain.if#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/userdomain.te#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/xen.fc#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/xen.te#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/support/loadable_module.spt#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/support/misc_macros.spt#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/support/mls_mcs_macros.spt#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/users#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/support/Makefile.devel#3 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/Changelog#3 (text+ko) ====

@@ -1,3 +1,9 @@
+* Wed Oct 18 2006 Chris PeBenito <selinux at tresys.com> - 20061018
+- Patch from Russell Coker Thu, 5 Oct 2006
+- Move range transitions to modules.
+- Make number of MLS sensitivities, and number of MLS and MCS
+  categories configurable as build options.
+- Add role infrastructure.
 - Debian updates from Erich Schubert.
 - Add nscd_socket_use() to auth_use_nsswitch().
 - Remove old selopt rules.
@@ -67,6 +73,10 @@
 	Wed, 23 Aug 2006
 	Thu, 31 Aug 2006
 	Fri, 01 Sep 2006
+	Tue, 05 Sep 2006
+	Wed, 20 Sep 2006
+	Fri, 22 Sep 2006
+	Mon, 25 Sep 2006
 - Added modules:
 	afs
 	amavis (Erich Schubert)
@@ -90,6 +100,7 @@
 	games
 	gatekeeper
 	gift
+	gnome (James Carter)
 	imaze
 	ircd
 	jabber
@@ -99,10 +110,12 @@
 	munin
 	nagios
 	nessus
+	netlabel (Paul Moore)
 	nsd
 	ntop
 	nx
 	oav
+	oddjob (Dan Walsh)
 	openca
 	openvpn (Petre Rodan)
 	perdition

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/Makefile#5 (text+ko) ====

@@ -77,7 +77,7 @@
 SEMOD_LNK ?= $(BINDIR)/semodule_link
 SEMOD_EXP ?= $(BINDIR)/semodule_expand
 LOADPOLICY ?= $(SBINDIR)/load_policy
-SETFILES ?= $(BINDIR)/setfiles
+SETFILES ?= /sbin/setfiles
 MIG_DEFS ?= bootstrap.flask notify_ipc.flask mtest.flask
 endif
 
@@ -114,17 +114,17 @@
 
 # policy building support tools
 support := support
-genxml := $(PYTHON) $(support)/segenxml.py
-gendoc := $(PYTHON) $(support)/sedoctool.py
-genperm := $(PYTHON) $(support)/genclassperms.py
+genxml := $(PYTHON) -E $(support)/segenxml.py
+gendoc := $(PYTHON) -E $(support)/sedoctool.py
+genperm := $(PYTHON) -E $(support)/genclassperms.py
 fcsort := $(tmpdir)/fc_sort
 setbools := $(AWK) -f $(support)/set_bools_tuns.awk
 get_type_attr_decl := $(SED) -E -f $(support)/get_type_attr_decl.sed
 comment_move_decl := $(SED) -E -f $(support)/comment_move_decl.sed
-gennetfilter := $(PYTHON) $(support)/gennetfilter.py
+gennetfilter := $(PYTHON) -E $(support)/gennetfilter.py
 # use our own genhomedircon to make sure we have a known usable one,
 # so policycoreutils updates are not required (RHEL4)
-genhomedircon := $(PYTHON) $(support)/genhomedircon
+genhomedircon := $(PYTHON) -E $(support)/genhomedircon
 
 # documentation paths
 docs := doc
@@ -169,7 +169,9 @@
 installdir = $(topdir)/$(strip $(NAME))
 srcpath = $(installdir)/src
 userpath = $(installdir)/users
+policypath = $(installdir)/policy
 contextpath = $(installdir)/contexts
+homedirpath = $(contextpath)/files/homedir_template
 fcpath = $(contextpath)/files/file_contexts
 ncpath = $(contextpath)/netfilter_contexts
 sharedir = $(prefix)/share/sedarwin
@@ -229,11 +231,16 @@
 	M4PARAM += -D direct_sysadm_daemon
 endif
 
+# default MLS/MCS sensitivity and category settings.
+MLS_SENS ?= 16
+MLS_CATS ?= 256
+MCS_CATS ?= 256
+
 ifeq ($(QUIET),y)
 	verbose = @
 endif
 
-M4PARAM += -D hide_broken_symptoms
+M4PARAM += -D mls_num_sens=$(MLS_SENS) -D mls_num_cats=$(MLS_CATS) -D mcs_num_cats=$(MCS_CATS) -D hide_broken_symptoms
 
 # we need exuberant ctags; unfortunately it is named
 # differently on different distros
@@ -255,7 +262,9 @@
 appconf := config/appconfig-$(TYPE)
 seusers := $(appconf)/seusers
 appdir := $(contextpath)
-appfiles := $(addprefix $(appdir)/,default_contexts default_type initrc_context failsafe_context userhelper_context removable_context dbus_contexts customizable_types) $(contextpath)/files/media
+user_default_contexts := $(wildcard config/appconfig-$(TYPE)/*_default_contexts)
+user_default_contexts_names := $(addprefix $(contextpath)/users/,$(subst _default_contexts,,$(notdir $(user_default_contexts))))
+appfiles := $(addprefix $(appdir)/,default_contexts default_type initrc_context failsafe_context userhelper_context removable_context dbus_contexts customizable_types) $(contextpath)/files/media $(user_default_contexts_names)
 net_contexts := $(builddir)net_contexts
 
 all_layers := $(filter-out $(moddir)/CVS,$(shell find $(wildcard $(moddir)/*) -maxdepth 0 -type d))
@@ -316,17 +325,46 @@
 # Functions
 #
 
+# parse-rolemap-compat modulename,outputfile
+define parse-rolemap-compat
+	$(verbose) $(M4) $(M4PARAM) $(rolemap) | \
+		$(AWK) '/^[[:blank:]]*[A-Za-z]/{ print "gen_require(type " $$3 "; role " $$1 ";)\n$1_per_userdomain_template(" $$2 "," $$3 "," $$1 ")" }' >> $2
+endef
+
 # parse-rolemap modulename,outputfile
 define parse-rolemap
 	$(verbose) $(M4) $(M4PARAM) $(rolemap) | \
-		$(AWK) '/^[[:blank:]]*[A-Za-z]/{ print "gen_require(type " $$3 "; role " $$1 ";)\n$1_per_userdomain_template(" $$2 "," $$3 "," $$1 ")" }' >> $2
+		$(AWK) '/^[[:blank:]]*[A-Za-z]/{ print "gen_require(type " $$3 "; role " $$1 ";)\n$1_per_role_template(" $$2 "," $$3 "," $$1 ")" }' >> $2
 endef
 
-# peruser-expansion modulename,outputfile
-define peruser-expansion
-	$(verbose) echo "ifdef(\`""$1""_per_userdomain_template',\`" > $2
+# perrole-expansion modulename,outputfile
+define perrole-expansion
+	$(verbose) echo "ifdef(\`""$1""_per_role_template',\`" > $2
 	$(call parse-rolemap,$1,$2)
 	$(verbose) echo "')" >> $2
+
+	$(verbose) echo "ifdef(\`""$1""_per_userdomain_template',\`" >> $2
+	$(verbose) echo "errprint(\`Warning: per_userdomain_templates have been renamed to per_role_templates (""$1""_per_userdomain_template)'__endline__)" >> $2
+	$(call parse-rolemap-compat,$1,$2)
+	$(verbose) echo "')" >> $2
+endef
+
+# create-base-per-role-tmpl modulenames,outputfile
+define create-base-per-role-tmpl
+	$(verbose) echo "define(\`base_per_role_template',\`" >> $2
+
+	$(verbose) for i in $1; do \
+		echo "ifdef(\`""$$i""_per_role_template',\`""$$i""_per_role_template("'$$*'")')" \
+			>> $2 ;\
+	done
+
+	$(verbose) for i in $1; do \
+		echo "ifdef(\`""$$i""_per_userdomain_template',\`" >> $2 ;\
+		echo "errprint(\`Warning: per_userdomain_templates have been renamed to per_role_templates (""$$i""_per_userdomain_template)'__endline__)" >> $2 ;\
+		echo """$$i""_per_userdomain_template("'$$*'")')"  >> $2 ;\
+	done
+	$(verbose) echo "')" >> $@
+
 endef
 
 ########################################
@@ -446,7 +484,15 @@
 
 ########################################
 #
-# Appconfig files
+# Build Appconfig files
+#
+$(tmpdir)/initrc_context: $(appconf)/initrc_context
+	@mkdir -p $(tmpdir)
+	$(verbose) $(M4) $(M4PARAM) $(m4support) $^ | $(GREP) '^[a-z]' > $@
+
+########################################
+#
+# Install Appconfig files
 #
 install-appconfig: $(appfiles)
 
@@ -477,7 +523,7 @@
 	@mkdir -p $(appdir)
 	$(verbose) $(INSTALL) -m 644 $< $@
 
-$(appdir)/initrc_context: $(appconf)/initrc_context
+$(appdir)/initrc_context: $(tmpdir)/initrc_context
 	@mkdir -p $(appdir)
 	$(verbose) $(INSTALL) -m 644 $< $@
 
@@ -489,9 +535,9 @@
 	@mkdir -p $(appdir)
 	$(verbose) $(INSTALL) -m 644 $< $@
 
-$(appdir)/users/root: $(appconf)/root_default_contexts
+$(contextpath)/users/%: $(appconf)/%_default_contexts
 	@mkdir -p $(appdir)/users
-	$(verbose) $(INSTALL) -m 644 $< $@
+	$(verbose) $(INSTALL) -m 644 $^ $@
 
 ########################################
 #
@@ -523,6 +569,9 @@
 	$(verbose) echo "MONOLITHIC ?= n" >> $(headerdir)/build.conf
 	$(verbose) echo "DIRECT_INITRC ?= $(DIRECT_INITRC)" >> $(headerdir)/build.conf
 	$(verbose) echo "POLY ?= $(POLY)" >> $(headerdir)/build.conf
+	$(verbose) echo "override MLS_SENS := $(MLS_SENS)" >> $(headerdir)/build.conf
+	$(verbose) echo "override MLS_CATS := $(MLS_CATS)" >> $(headerdir)/build.conf
+	$(verbose) echo "override MCS_CATS := $(MCS_CATS)" >> $(headerdir)/build.conf
 	$(verbose) $(INSTALL) -m 644 $(support)/Makefile.devel $(headerdir)/Makefile
 
 ########################################

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/Rules.modular#3 (text+ko) ====

@@ -52,6 +52,9 @@
 # Load all configured modules
 #
 load: $(instpkg) $(appfiles)
+# make sure two directories exist since they are not
+# created by semanage
+	@mkdir -p $(policypath) $(dir $(fcpath))
 	@echo "Loading configured modules."
 	$(verbose) $(SEMODULE) -s $(NAME) -b $(modpkgdir)/$(notdir $(base_pkg)) $(foreach mod,$(mod_pkgs),-i $(modpkgdir)/$(mod))
 
@@ -71,7 +74,7 @@
 $(tmpdir)/%.mod: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf %.te
 	@echo "Compliling $(NAME) $(@F) module"
 	@test -d $(tmpdir) || mkdir -p $(tmpdir)
-	$(call peruser-expansion,$(basename $(@F)),$@.role)
+	$(call perrole-expansion,$(basename $(@F)),$@.role)
 	$(verbose) $(M4) $(M4PARAM) -s $^ $@.role > $(@:.mod=.tmp)
 	$(verbose) $(CHECKMODULE) -m $(@:.mod=.tmp) -o $@
 
@@ -88,15 +91,19 @@
 #
 # Create a base module package
 #
-$(base_pkg): $(base_mod) $(base_fc) $(users_extra) $(seusers) $(net_contexts)
+$(base_pkg): $(base_mod) $(base_fc) $(users_extra) $(tmpdir)/seusers $(net_contexts)
 	@echo "Creating $(NAME) base module package"
 	@test -d $(builddir) || mkdir -p $(builddir)
-	$(verbose) $(SEMOD_PKG) -o $@ -m $(base_mod) -f $(base_fc) -u $(users_extra) -s $(seusers) -n $(net_contexts)
+	$(verbose) $(SEMOD_PKG) -o $@ -m $(base_mod) -f $(base_fc) -u $(users_extra) -s $(tmpdir)/seusers -n $(net_contexts)
 
 $(base_mod): $(base_conf)
 	@echo "Compiling $(NAME) base module"
 	$(verbose) $(CHECKMODULE) -o $@ $^
 
+$(tmpdir)/seusers: $(seusers)
+	@mkdir -p $(tmpdir)
+	$(verbose) $(M4) $(M4PARAM) $(m4support) $^ | $(GREP) '^[a-z_]' > $@
+
 $(users_extra): $(m4support) $(user_files)
 	@test -d $(tmpdir) || mkdir -p $(tmpdir)
 	$(verbose) $(M4) $(M4PARAM) -D users_extra $^ | \
@@ -120,13 +127,7 @@
 	@test -d $(tmpdir) || mkdir -p $(tmpdir)
 # define all available object classes
 	$(verbose) $(genperm) $(avs) $(secclass) > $@
-# per-userdomain templates
-	$(verbose) echo "define(\`base_per_userdomain_template',\`" >> $@
-	$(verbose) for i in $(patsubst %.te,%,$(base_mods)); do \
-		echo "ifdef(\`""$$i""_per_userdomain_template',\`""$$i""_per_userdomain_template("'$$*'")')" \
-			>> $@ ;\
-	done
-	$(verbose) echo "')" >> $@
+	$(verbose) $(call create-base-per-role-tmpl,$(patsubst %.te,%,$(base_mods)),$@)
 	$(verbose) test -f $(booleans) && $(setbools) $(booleans) >> $@ || true
 
 $(tmpdir)/global_bools.conf: M4PARAM += -D self_contained_policy

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/Rules.monolithic#6 (text+ko) ====

@@ -23,10 +23,8 @@
 M4PARAM += -D self_contained_policy
 
 # install paths
-policypath = $(installdir)/policy
 loadpath = $(policypath)/$(notdir $(polver))
 migscs_loadpath = $(policypath)/sebsd_migscs
-homedirpath = $(contextpath)/files/homedir_template
 
 appfiles += $(installdir)/booleans $(userpath)/local.users
 
@@ -129,18 +127,11 @@
 $(tmpdir)/generated_definitions.conf: $(all_te_files)
 	@test -d $(tmpdir) || mkdir -p $(tmpdir)
 # define all available object classes
-	# Generate temporary securtity class and access vector files that
-	# include SEDarwin specific bits
+# this includes MiG-based classes for SEDarwin
 	$(verbose) cat $(avs) $(mig_avs) > tmp/all_avs
 	$(verbose) cat $(secclass) $(mig_secclass) > tmp/all_secclasses
 	$(verbose) $(genperm) tmp/all_avs tmp/all_secclasses  > $@
-
-	#$(verbose) $(genperm) $(avs) $(secclass)  > $@
-# per-userdomain templates:
-	$(verbose) echo "define(\`base_per_userdomain_template',\`" >> $@
-	$(verbose) $(foreach mod,$(basename $(notdir $(all_modules))), \
-		echo "ifdef(\`""$(mod)""_per_userdomain_template',\`""$(mod)""_per_userdomain_template("'$$*'")')" >> $@ ;)
-	$(verbose) echo "')" >> $@
+	$(verbose) $(call create-base-per-role-tmpl,$(basename $(notdir $(all_modules))),$@)
 	$(verbose) test -f $(booleans) && $(setbools) $(booleans) >> $@ || true
 
 $(tmpdir)/global_bools.conf: $(m4support) $(tmpdir)/generated_definitions.conf $(globalbool) $(globaltun)

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/VERSION#2 (text+ko) ====

@@ -1,1 +1,1 @@
-20060307
+20061018

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/build.conf#3 (text+ko) ====

@@ -48,6 +48,20 @@
 # Enable polyinstantiated directory support.
 POLY=n
 
+# Number of MLS Sensitivities
+# The sensitivities will be s0 to s(MLS_SENS-1).
+# Dominance will be in increasing numerical order
+# with s0 being lowest.
+MLS_SENS=16
+
+# Number of MLS Categories
+# The categories will be c0 to c(MLS_CATS-1).
+MLS_CATS=256
+
+# Number of MCS Categories
+# The categories will be c0 to c(MLS_CATS-1).
+MCS_CATS=256
+
 # Set this to y to only display status messages
 # during build.
 QUIET=n

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/config/appconfig-strict-mcs/seusers#2 (text+ko) ====

@@ -1,2 +1,2 @@
-root:root:s0-s0:c0.c255
+root:root:s0-mcs_systemhigh
 __default__:user_u:s0

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/config/appconfig-strict-mls/initrc_context#2 (text+ko) ====

@@ -1,1 +1,1 @@
-system_u:system_r:initrc_t:s0-s15:c0.c255
+system_u:system_r:initrc_t:s0-mls_systemhigh

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/config/appconfig-strict-mls/seusers#2 (text+ko) ====

@@ -1,2 +1,2 @@
-root:root:s0-s15:c0.c255
+root:root:s0-mls_systemhigh
 __default__:user_u:s0

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/config/appconfig-targeted-mcs/seusers#2 (text+ko) ====

@@ -1,2 +1,2 @@
-root:root:s0-s0:c0.c255
+root:root:s0-mcs_systemhigh
 __default__:user_u:s0

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/config/appconfig-targeted-mls/initrc_context#3 (text+ko) ====

@@ -1,1 +1,1 @@
-user_u:system_r:initrc_t:s0-s15:c0.c255
+user_u:system_r:initrc_t:s0-mls_systemhigh

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/config/appconfig-targeted-mls/seusers#2 (text+ko) ====

@@ -1,2 +1,2 @@
-root:root:s0-s15:c0.c255
+root:root:s0-mls_systemhigh
 __default__:user_u:s0

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/doc/policy.dtd#2 (text+ko) ====

@@ -20,9 +20,9 @@
       name CDATA #REQUIRED
       dftval CDATA #REQUIRED>
 <!ELEMENT summary (#PCDATA)>
-<!ELEMENT interface (summary,desc?,param+,infoflow?)>
+<!ELEMENT interface (summary,desc?,param+,infoflow?,(rolebase|rolecap)?)>
 <!ATTLIST interface name CDATA #REQUIRED lineno CDATA #REQUIRED>
-<!ELEMENT template (summary,desc?,param+)>
+<!ELEMENT template (summary,desc?,param+,(rolebase|rolecap)?)>
 <!ATTLIST template name CDATA #REQUIRED lineno CDATA #REQUIRED>
 <!ELEMENT desc (#PCDATA|%inline.class;)*>
 <!ELEMENT param (summary)>
@@ -33,6 +33,8 @@
 <!ATTLIST infoflow 
       type CDATA #REQUIRED
       weight CDATA #IMPLIED>
+<!ELEMENT rolebase EMPTY>
+<!ELEMENT rolecap EMPTY>
 
 <!ATTLIST pre caption CDATA #IMPLIED>
 <!ELEMENT p (#PCDATA|%inline.class;)*>

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/migscs.pl#3 (text+ko) ====

@@ -2,26 +2,47 @@
 
 my %scs;
 my $curclass = 0;
+my $nsub = 0;
 
+# Go through the combined security classes and store info
+# for any Mach subsystems.
 while (<>) {
-  if (/^class .*subsystem +([0-9]+)/) {
-    $curclass++;
-    if (@$scs{$1}) {
-      push @{$scs{$1}}, $curclass;
-    } else {
-      $scs{$1} = [$curclass];
-    }
-  }
-  elsif (/^class/) { $curclass++; }
+	if (/^class .*subsystem +([0-9]+)/) {
+		# Mach subsystem security class
+		$curclass++;
+		$nsub++;
+		if (defined($scs{$1})) {
+			push @{$scs{$1}}, $curclass;
+		} else {
+			$scs{$1} = [$curclass];
+		}
+	} elsif (/^class/) {
+		# Regular FLASK security class
+		$curclass++;
+	}
 }
 
-warn "$curclass classes\n";
-my $out;
+warn "$curclass classes ($nsub Mach subsystems)\n";
 
+#
+# Output matches the following structure definition:
+#
+#	struct {
+#		u_int msgid;
+#		u_int nclasses;
+#		u_int size;
+#		u_int classes[nclasses];
+#	};
+#
+my $out = '';
 foreach my $c (keys %scs) {
-  my @ca = @{$scs{$c}};
-  $out .= pack ('III', $c, 1+$#ca, 100);
-  foreach my $c (@ca) { $out .= pack ('I', $c); }
+	my @ca = @{$scs{$c}};
+	# Format is msgid, nclasses, size
+	$out .= pack('III', $c, scalar(@ca), 100);
+	foreach my $c (@ca) {
+		$out .= pack ('I', $c);
+	}
 }
+print $out;
 
-print $out;
+exit 0;

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/flask/mkaccess_vector.sh#3 (text+ko) ====

@@ -135,7 +135,6 @@
 					printf(" ") > outfile; 
 				printf("0x%08xUL\n", ind[i]) > outfile; 
 			}
-			printf("\n") > outfile;
                         for (i in ind) delete ind[i];
                         for (i in inherited_perms) delete inherited_perms[i];
 
@@ -231,8 +230,6 @@
 				printf("TE_(common_%s_perm_to_string)\n\n", common_name) > cpermfile; 
 			}
 
-			printf("\n") > outfile;
-
 			nextstate = "COMMON_OR_AV";
 		}
 END	{

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/global_tunables#3 (text+ko) ====

@@ -536,13 +536,6 @@
 
 ## <desc>
 ## <p>
-## Allow users to rw usb devices
-## </p>
-## </desc>
-gen_tunable(user_rw_usb,false)
-
-## <desc>
-## <p>
 ## Allow users to run TCP servers (bind to ports and accept connection from
 ## the same domain and outside users)  disabling this forces FTP passive mode
 ## and may change other protocols.
@@ -582,6 +575,13 @@
 ifdef(`targeted_policy',`
 ## <desc>
 ## <p>
+## Allow all daemons the ability to use unallocated ttys
+## </p>
+## </desc>
+gen_tunable(allow_daemons_use_tty,false)
+
+## <desc>
+## <p>
 ## Allow mount to mount any file
 ## </p>
 ## </desc>

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/mcs#3 (text+ko) ====

@@ -2,93 +2,23 @@
 #
 # Define sensitivities 
 #
-# Each sensitivity has a name and zero or more aliases.
-#
 # MCS is single-sensitivity.
-#
-sensitivity s0;
 
-#
-# Define the ordering of the sensitivity levels (least to greatest)
-#
-dominance { s0 }
+gen_sens(1)
 
-
 #
 # Define the categories
 #
-# Each category has a name and zero or more aliases.
-#
-category c0; category c1; category c2; category c3;
-category c4; category c5; category c6; category c7;
-category c8; category c9; category c10; category c11;
-category c12; category c13; category c14; category c15;
-category c16; category c17; category c18; category c19;
-category c20; category c21; category c22; category c23;
-category c24; category c25; category c26; category c27;
-category c28; category c29; category c30; category c31;
-category c32; category c33; category c34; category c35;
-category c36; category c37; category c38; category c39;
-category c40; category c41; category c42; category c43;
-category c44; category c45; category c46; category c47;
-category c48; category c49; category c50; category c51;
-category c52; category c53; category c54; category c55;
-category c56; category c57; category c58; category c59;
-category c60; category c61; category c62; category c63;
-category c64; category c65; category c66; category c67;
-category c68; category c69; category c70; category c71;
-category c72; category c73; category c74; category c75;
-category c76; category c77; category c78; category c79;
-category c80; category c81; category c82; category c83;
-category c84; category c85; category c86; category c87;
-category c88; category c89; category c90; category c91;
-category c92; category c93; category c94; category c95;
-category c96; category c97; category c98; category c99;
-category c100; category c101; category c102; category c103;
-category c104; category c105; category c106; category c107;
-category c108; category c109; category c110; category c111;
-category c112; category c113; category c114; category c115;
-category c116; category c117; category c118; category c119;
-category c120; category c121; category c122; category c123;
-category c124; category c125; category c126; category c127;
-category c128; category c129; category c130; category c131;
-category c132; category c133; category c134; category c135;
-category c136; category c137; category c138; category c139;
-category c140; category c141; category c142; category c143;
-category c144; category c145; category c146; category c147;
-category c148; category c149; category c150; category c151;
-category c152; category c153; category c154; category c155;
-category c156; category c157; category c158; category c159;
-category c160; category c161; category c162; category c163;
-category c164; category c165; category c166; category c167;
-category c168; category c169; category c170; category c171;
-category c172; category c173; category c174; category c175;
-category c176; category c177; category c178; category c179;
-category c180; category c181; category c182; category c183;
-category c184; category c185; category c186; category c187;
-category c188; category c189; category c190; category c191;

>>> TRUNCATED FOR MAIL (1000 lines) <<<

More information about the trustedbsd-cvs mailing list