PERFORCE change 113393 for review

Todd Miller millert at FreeBSD.org
Mon Jan 22 20:09:54 UTC 2007 

http://perforce.freebsd.org/chv.cgi?CH=113393

Change 113393 by millert at millert_macbook on 2007/01/22 19:56:50

	Interact with coreservicesd.

Affected files ...

.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/WindowServer.te#10 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/configd.te#12 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/loginwindow.te#10 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/lookupd.te#6 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/notifyd.te#5 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/securityd.te#9 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/WindowServer.te#10 (text+ko) ====

@@ -112,6 +112,7 @@
 
 # Talk to CoreServices
 darwin_allow_CoreServices_read(WindowServer_t)
+allow WindowServer_t coreservicesd_t:shm { read write };
 
 # Read /private
 darwin_allow_private_read(WindowServer_t)

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/configd.te#12 (text+ko) ====

@@ -155,6 +155,7 @@
 
 # Read CoreServices libs, etc
 darwin_allow_CoreServices_read(configd_t)
+allow configd_t coreservicesd_t:shm { read write };
 
 # Read/write /private/var
 files_rw_var_files(configd_t)

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/loginwindow.te#10 (text+ko) ====

@@ -79,6 +79,7 @@
 # Use CoreServices
 darwin_allow_CoreServices_read(loginwindow_t)
 darwin_allow_CoreServices_execute(loginwindow_t)
+allow loginwindow_t coreservicesd_t:shm { read write };
 
 # Read prefs
 darwin_allow_global_pref_rw(loginwindow_t)

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/lookupd.te#6 (text+ko) ====

@@ -89,6 +89,7 @@
 
 # Use CoreServices
 darwin_allow_CoreServices_read(lookupd_t)
+allow lookupd_t coreservicesd_t:mach_port { hold_send_once send move_send_once };
 
 # Read /private
 darwin_allow_private_read(lookupd_t)

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/notifyd.te#5 (text+ko) ====

@@ -38,6 +38,9 @@
 # Talk to launchd
 init_allow_ipc(notifyd_t)
 
+# Talk to CoreServices
+allow notifyd_t coreservicesd_t:mach_port { hold_send_once send move_send_once };
+
 # Allow signalling of other processes
 allow notifyd_t init_t:process signal;
 allow notifyd_t lookupd_t:process signal;

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/securityd.te#9 (text+ko) ====

@@ -72,6 +72,7 @@
 # Use CoreServices
 darwin_allow_CoreServices_read(securityd_t)
 darwin_allow_CoreServices_execute(securityd_t)
+allow securityd_t coreservicesd_t:shm { read write };
 
 # Read prefs
 darwin_allow_global_pref_read(securityd_t)

More information about the trustedbsd-cvs mailing list