From owner-p4-projects@FreeBSD.ORG Wed Oct 15 07:10:07 2003 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 51E9116A4C0; Wed, 15 Oct 2003 07:10:07 -0700 (PDT) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1135D16A4B3 for ; Wed, 15 Oct 2003 07:10:07 -0700 (PDT) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7D7D143FB1 for ; Wed, 15 Oct 2003 07:10:06 -0700 (PDT) (envelope-from cvance@nailabs.com) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.12.9/8.12.9) with ESMTP id h9FEA6XJ072840 for ; Wed, 15 Oct 2003 07:10:06 -0700 (PDT) (envelope-from cvance@nailabs.com) Received: (from perforce@localhost) by repoman.freebsd.org (8.12.9/8.12.9/Submit) id h9FEA5E5072837 for perforce@freebsd.org; Wed, 15 Oct 2003 07:10:05 -0700 (PDT) (envelope-from cvance@nailabs.com) Date: Wed, 15 Oct 2003 07:10:05 -0700 (PDT) Message-Id: <200310151410.h9FEA5E5072837@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to cvance@nailabs.com using -f From: Chris Vance To: Perforce Change Reviews Subject: PERFORCE change 39745 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Oct 2003 14:10:07 -0000 http://perforce.freebsd.org/chv.cgi?CH=39745 Change 39745 by cvance@cvance_osx_laptop on 2003/10/15 07:09:54 Register two sebsd sysctls, so we can at least tell that the module has loaded correctly Affected files ... .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/sebsd.c#5 edit .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/sebsd.h#2 edit .. //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/sebsd_sysctl.c#3 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/sebsd.c#5 (text+ko) ==== @@ -92,6 +92,7 @@ sebsd_init(struct mac_policy_conf *mpc) { printf("sebsd:: init\n"); + sebsd_register_sysctls(); #if 0 avc_init(); if (security_init()) { ==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/sebsd.h#2 (text+ko) ==== @@ -45,19 +45,22 @@ extern int avc_debug_always_allow; -#ifdef _KERNEL +#if defined(_KERNEL) || defined (KERNEL) -#ifndef _M_SEBSD_DEF +#if !defined(_M_SEBSD_DEF) && !defined(APPLE) MALLOC_DECLARE(M_SEBSD); #define _M_SEBSD_DEF #endif extern int sebsd_verbose; +extern void sebsd_register_sysctls(void); extern int security_init(void); +#if 0 extern int sebsd_syscall(struct thread *td, int call, void *args); extern int thread_has_system(struct thread *td, access_vector_t perm); extern int thread_has_security(struct thread *td, access_vector_t perm); +#endif #endif /* _KERNEL */ #endif /* _SYS_SECURITY_SEBSD_H */ ==== //depot/projects/trustedbsd/sedarwin/apsl/xnu/security/sebsd/sebsd_sysctl.c#3 (text+ko) ==== @@ -34,7 +34,6 @@ * $FreeBSD$ */ -#if 0 #include #include #include @@ -51,6 +50,11 @@ #include #include +#ifdef APPLE +#define TUNABLE_INT(x, y) +#endif + +#if 0 /* * Sysctl handler for security.mac.sebsd.sids * Lists the SIDs currently active in the security server @@ -96,13 +100,18 @@ FREE(buffer, M_TEMP); return (error); } +#endif /* * Sysctl handler for security.mac.sebsd.enforcing * Get and/or set whether the avc is in enforcement mode. */ static int +#ifdef APPLE +sysctl_sebsd_enforcing SYSCTL_HANDLER_ARGS +#else sysctl_sebsd_enforcing(SYSCTL_HANDLER_ARGS) +#endif { int error, enforcing; @@ -112,6 +121,7 @@ if (error) return (error); +#if 0 if (req->newptr != NULL) { error = SYSCTL_IN(req, &enforcing, sizeof(enforcing)); if (error) @@ -123,10 +133,12 @@ selinux_enforcing = enforcing; } +#endif return (0); } +#if 0 /* * Sysctl handler for security.mac.sebsd.user_sids * Lists the SIDs currently available for transition to by a given @@ -299,6 +311,7 @@ sebsd_free(scontext, M_SEBSD); return (error); } +#endif SYSCTL_DECL(_security_mac); SYSCTL_NODE(_security_mac, OID_AUTO, sebsd, CTLFLAG_RW, 0, @@ -307,7 +320,7 @@ SYSCTL_INT(_security_mac_sebsd, OID_AUTO, verbose, CTLFLAG_RW, &sebsd_verbose, 0, " SEBSD Verbose Debug Stuff"); TUNABLE_INT("security.mac.sebsd.verbose", &sebsd_verbose); - +#if 0 SYSCTL_PROC(_security_mac_sebsd, OID_AUTO, sids, CTLTYPE_STRING|CTLFLAG_RD, NULL, 0, sysctl_list_sids, "A", "SEBSD SIDs"); SYSCTL_PROC(_security_mac_sebsd, OID_AUTO, user_sids, CTLTYPE_STRING | @@ -319,6 +332,15 @@ SYSCTL_PROC(_security_mac_sebsd, OID_AUTO, compute_av, CTLTYPE_STRING | CTLFLAG_RW | CTLFLAG_ANYBODY, NULL, 0, sysctl_compute_av, "A", "SEBSD access vector decision query"); +#endif SYSCTL_PROC(_security_mac_sebsd, OID_AUTO, enforcing, CTLTYPE_INT | CTLFLAG_RW, NULL, 0, sysctl_sebsd_enforcing, "I", "SEBSD avc enforcement"); -#endif /* 0 */ + +void +sebsd_register_sysctls() +{ + sysctl_register_oid(&sysctl__security_mac_sebsd); + sysctl_register_oid(&sysctl__security_mac_sebsd_verbose); + sysctl_register_oid(&sysctl__security_mac_sebsd_enforcing); +} +