From owner-p4-projects Sun Oct 6 19:12:55 2002 Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 80D3537B406; Sun, 6 Oct 2002 19:12:17 -0700 (PDT) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6724E37B404 for ; Sun, 6 Oct 2002 19:12:16 -0700 (PDT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 02CB743E86 for ; Sun, 6 Oct 2002 19:12:15 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from freefall.freebsd.org (perforce@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.6/8.12.6) with ESMTP id g972CECo072265 for ; Sun, 6 Oct 2002 19:12:14 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by freefall.freebsd.org (8.12.6/8.12.6/Submit) id g972CCDD072261 for perforce@freebsd.org; Sun, 6 Oct 2002 19:12:12 -0700 (PDT) Date: Sun, 6 Oct 2002 19:12:12 -0700 (PDT) Message-Id: <200210070212.g972CCDD072261@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson Subject: PERFORCE change 18824 for review To: Perforce Change Reviews Sender: owner-p4-projects@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG http://people.freebsd.org/~peter/p4db/chv.cgi?CH=18824 Change 18824 by rwatson@rwatson_paprika on 2002/10/06 19:11:42 Integ TrustedBSD base tree--bring back in socket MAC stuff, etc. Affected files ... .. //depot/projects/trustedbsd/base/bin/rcp/rcp.c#8 integrate .. //depot/projects/trustedbsd/base/etc/periodic/daily/110.clean-tmps#2 integrate .. //depot/projects/trustedbsd/base/include/signal.h#6 integrate .. //depot/projects/trustedbsd/base/include/stdio.h#8 integrate .. //depot/projects/trustedbsd/base/sbin/reboot/reboot.c#4 integrate .. //depot/projects/trustedbsd/base/sys/alpha/include/stdarg.h#5 integrate .. //depot/projects/trustedbsd/base/sys/alpha/include/varargs.h#4 integrate .. //depot/projects/trustedbsd/base/sys/compat/svr4/svr4_stream.c#9 integrate .. //depot/projects/trustedbsd/base/sys/i386/include/stdarg.h#6 integrate .. //depot/projects/trustedbsd/base/sys/i386/include/varargs.h#4 integrate .. //depot/projects/trustedbsd/base/sys/ia64/include/stdarg.h#6 integrate .. //depot/projects/trustedbsd/base/sys/ia64/include/varargs.h#4 integrate .. //depot/projects/trustedbsd/base/sys/kern/kern_mac.c#17 integrate .. //depot/projects/trustedbsd/base/sys/kern/sys_socket.c#11 integrate .. //depot/projects/trustedbsd/base/sys/kern/uipc_syscalls.c#21 integrate .. //depot/projects/trustedbsd/base/sys/net/bridge.c#10 integrate .. //depot/projects/trustedbsd/base/sys/powerpc/include/stdarg.h#5 integrate .. //depot/projects/trustedbsd/base/sys/powerpc/include/varargs.h#4 integrate .. //depot/projects/trustedbsd/base/sys/security/mac_biba/mac_biba.c#9 integrate .. //depot/projects/trustedbsd/base/sys/sparc64/include/stdarg.h#5 integrate .. //depot/projects/trustedbsd/base/sys/sparc64/include/varargs.h#4 integrate .. //depot/projects/trustedbsd/base/sys/sys/mac.h#9 integrate .. //depot/projects/trustedbsd/base/sys/sys/mac_policy.h#11 integrate .. //depot/projects/trustedbsd/base/sys/x86_64/include/stdarg.h#4 integrate .. //depot/projects/trustedbsd/base/usr.bin/ktrdump/ktrdump.c#3 integrate .. //depot/projects/trustedbsd/base/usr.bin/truss/main.c#7 integrate .. //depot/projects/trustedbsd/base/usr.bin/truss/syscalls.c#8 integrate .. //depot/projects/trustedbsd/base/usr.sbin/rpcbind/rpcbind.c#4 integrate .. //depot/projects/trustedbsd/base/usr.sbin/rpcbind/security.c#2 integrate .. //depot/projects/trustedbsd/base/usr.sbin/rpcbind/warmstart.c#2 integrate .. //depot/projects/trustedbsd/base/usr.sbin/syslogd/syslogd.c#11 integrate Differences ... ==== //depot/projects/trustedbsd/base/bin/rcp/rcp.c#8 (text+ko) ==== @@ -51,7 +51,7 @@ #endif #include -__FBSDID("$FreeBSD: src/bin/rcp/rcp.c,v 1.37 2002/10/06 09:09:27 charnier Exp $"); +__FBSDID("$FreeBSD: src/bin/rcp/rcp.c,v 1.38 2002/10/06 11:14:21 tjr Exp $"); #include #include @@ -926,19 +926,23 @@ { static FILE *fp; va_list ap; - va_start(ap, fmt); ++errs; if (fp == NULL && !(fp = fdopen(rem, "w"))) return; (void)fprintf(fp, "%c", 0x01); (void)fprintf(fp, "rcp: "); + va_start(ap, fmt); (void)vfprintf(fp, fmt, ap); + va_end(ap); (void)fprintf(fp, "\n"); (void)fflush(fp); - if (!iamremote) + if (!iamremote) { + va_start(ap, fmt); vwarnx(fmt, ap); + va_end(ap); + } va_end(ap); } ==== //depot/projects/trustedbsd/base/etc/periodic/daily/110.clean-tmps#2 (text+ko) ==== @@ -1,6 +1,6 @@ #!/bin/sh # -# $FreeBSD: src/etc/periodic/daily/110.clean-tmps,v 1.11 2001/07/19 12:08:24 brian Exp $ +# $FreeBSD: src/etc/periodic/daily/110.clean-tmps,v 1.12 2002/10/06 18:48:20 joerg Exp $ # # Perform temporary directory cleaning so that long-lived systems # don't end up with excessively old files there. @@ -27,6 +27,7 @@ set -f noglob args="-atime +$daily_clean_tmps_days -mtime +$daily_clean_tmps_days" + args="${args} -ctime +$daily_clean_tmps_days" [ -n "$daily_clean_tmps_ignore" ] && args="$args "`echo " ${daily_clean_tmps_ignore% }" | sed 's/[ ][ ]*/ ! -name /g'` ==== //depot/projects/trustedbsd/base/include/signal.h#6 (text+ko) ==== @@ -32,27 +32,35 @@ * * @(#)signal.h 8.3 (Berkeley) 3/30/94 * - * $FreeBSD: src/include/signal.h,v 1.18 2002/10/02 10:53:44 robert Exp $ + * $FreeBSD: src/include/signal.h,v 1.19 2002/10/06 21:54:08 mike Exp $ */ #ifndef _SIGNAL_H_ #define _SIGNAL_H_ #include -#include #include #include -#include -#if !defined(_ANSI_SOURCE) && !defined(_POSIX_SOURCE) +#if __BSD_VISIBLE extern __const char *__const sys_signame[NSIG]; extern __const char *__const sys_siglist[NSIG]; extern __const int sys_nsig; #endif +#if __BSD_VISIBLE || __POSIX_VISIBLE >= 200112 || __XSI_VISIBLE +#ifndef _PID_T_DECLARED +typedef __pid_t pid_t; +#define _PID_T_DECLARED +#endif +#endif + __BEGIN_DECLS +struct timespec; + int raise(int); -#ifndef _ANSI_SOURCE + +#if __BSD_VISIBLE || __POSIX_VISIBLE || __XSI_VISIBLE int kill(__pid_t, int); int sigaction(int, const struct sigaction * __restrict, struct sigaction * __restrict); @@ -64,31 +72,32 @@ int sigpending(sigset_t *); int sigprocmask(int, const sigset_t * __restrict, sigset_t * __restrict); int sigsuspend(const sigset_t *); +/* XXX missing restrict qualifier. */ int sigwait(const sigset_t *, int *); +#endif -#ifdef _P1003_1B_VISIBLE - -__BEGIN_DECLS -int sigqueue(__pid_t, int, const union sigval); -int sigtimedwait(const sigset_t * __restrict, siginfo_t * __restrict, +#if __BSD_VISIBLE || __POSIX_VISIBLE >= 199506 || __XSI_VISIBLE >= 600 +int sigqueue(__pid_t, int, const union sigval); +int sigtimedwait(const sigset_t * __restrict, siginfo_t * __restrict, const struct timespec * __restrict); -int sigwaitinfo(const sigset_t * __restrict, siginfo_t * __restrict); -__END_DECLS +int sigwaitinfo(const sigset_t * __restrict, siginfo_t * __restrict); +#endif -#endif -#ifndef _POSIX_SOURCE +#if __BSD_VISIBLE || __POSIX_VISIBLE >= 200112 || __XSI_VISIBLE int killpg(__pid_t, int); int sigaltstack(const stack_t * __restrict, stack_t * __restrict); -int sigblock(int); int siginterrupt(int, int); int sigpause(int); +#endif + +#if __BSD_VISIBLE +int sigblock(int); int sigreturn(const struct __ucontext *); int sigsetmask(int); int sigstack(const struct sigstack *, struct sigstack *); int sigvec(int, struct sigvec *, struct sigvec *); void psignal(unsigned int, const char *); -#endif /* !_POSIX_SOURCE */ -#endif /* !_ANSI_SOURCE */ +#endif __END_DECLS #endif /* !_SIGNAL_H_ */ ==== //depot/projects/trustedbsd/base/include/stdio.h#8 (text+ko) ==== @@ -34,7 +34,7 @@ * SUCH DAMAGE. * * @(#)stdio.h 8.5 (Berkeley) 4/29/95 - * $FreeBSD: src/include/stdio.h,v 1.46 2002/09/06 11:23:32 tjr Exp $ + * $FreeBSD: src/include/stdio.h,v 1.47 2002/10/06 22:16:12 mike Exp $ */ #ifndef _STDIO_H_ @@ -43,17 +43,24 @@ #include #include +typedef __off_t fpos_t; + #ifndef _SIZE_T_DECLARED typedef __size_t size_t; #define _SIZE_T_DECLARED #endif +#if __BSD_VISIBLE || __POSIX_VISIBLE >= 200112 || __XSI_VISIBLE +#ifndef _VA_LIST_DECLARED +typedef __va_list va_list; +#define _VA_LIST_DECLARED +#endif +#endif + #ifndef NULL #define NULL 0 #endif -typedef __off_t fpos_t; - #define _FSTDIO /* Define for new stdio with functions. */ /* @@ -211,6 +218,10 @@ __BEGIN_DECLS /* * Functions defined in ANSI C standard. + * + * XXX fgetpos(), fgets(), fopen(), fputs(), fread(), freopen(), fscanf(), + * fwrite(), scanf(), sscanf(), vscanf(), and vsscanf() are missing the + * restrict type-qualifier. */ void clearerr(FILE *); int fclose(FILE *); @@ -259,17 +270,31 @@ #if __ISO_C_VISIBLE >= 1999 int snprintf(char * __restrict, size_t, const char * __restrict, ...) __printflike(3, 4); +int vscanf(const char *, __va_list) __scanflike(1, 0); int vsnprintf(char * __restrict, size_t, const char * __restrict, __va_list) __printflike(3, 0); +int vsscanf(const char *, const char *, __va_list) + __scanflike(2, 0); + +/* + * This is a #define because the function is used internally and + * (unlike vfscanf) the name __vfscanf is guaranteed not to collide + * with a user function when _ANSI_SOURCE or _POSIX_SOURCE is defined. + * + * XXX missing a backing function (weak alias?) for this. + */ +#define vfscanf __vfscanf #endif /* * Functions defined in all versions of POSIX 1003.1. */ -#if __POSIX_VISIBLE +#if __BSD_VISIBLE || __POSIX_VISIBLE <= 199506 /* size for cuserid(3); UT_NAMESIZE + 1, see */ -#define L_cuserid 17 +#define L_cuserid 17 /* legacy */ +#endif +#if __POSIX_VISIBLE #define L_ctermid 1024 /* size for ctermid(3); PATH_MAX */ char *ctermid(char *); @@ -329,9 +354,6 @@ int setlinebuf(FILE *); int vasprintf(char **, const char *, __va_list) __printflike(2, 0); -int vscanf(const char *, __va_list) __scanflike(1, 0); -int vsscanf(const char *, const char *, __va_list) - __scanflike(2, 0); /* * The system error table contains messages for the first sys_nerr @@ -342,13 +364,6 @@ extern __const char *__const sys_errlist[]; /* - * This is a #define because the function is used internally and - * (unlike vfscanf) the name __vfscanf is guaranteed not to collide - * with a user function when _ANSI_SOURCE or _POSIX_SOURCE is defined. - */ -#define vfscanf __vfscanf - -/* * Stdio function-access interface. */ FILE *funopen(const void *, @@ -419,6 +434,7 @@ #define __sclearerr(p) ((void)((p)->_flags &= ~(__SERR|__SEOF))) #define __sfileno(p) ((p)->_file) +#if __BSD_VISIBLE /* * See ISO/IEC 9945-1 ANSI/IEEE Std 1003.1 Second Edition 1996-07-12 * B.8.2.7 for the rationale behind the *_unlocked() macros. @@ -427,11 +443,14 @@ #define ferror_unlocked(p) __sferror(p) #define clearerr_unlocked(p) __sclearerr(p) #define fileno_unlocked(p) __sfileno(p) +#endif +#if __POSIX_VISIBLE >= 199506 #define getc_unlocked(fp) __sgetc(fp) #define putc_unlocked(x, fp) __sputc(x, fp) #define getchar_unlocked() getc_unlocked(stdin) #define putchar_unlocked(x) putc_unlocked(x, stdout) +#endif __END_DECLS #endif /* !_STDIO_H_ */ ==== //depot/projects/trustedbsd/base/sbin/reboot/reboot.c#4 (text+ko) ==== @@ -42,7 +42,7 @@ static char sccsid[] = "@(#)reboot.c 8.1 (Berkeley) 6/5/93"; #endif static const char rcsid[] = - "$FreeBSD: src/sbin/reboot/reboot.c,v 1.16 2002/05/28 21:15:49 gordon Exp $"; + "$FreeBSD: src/sbin/reboot/reboot.c,v 1.17 2002/10/06 16:24:36 thomas Exp $"; #endif /* not lint */ #include @@ -98,7 +98,7 @@ break; case 'p': pflag = 1; - howto |= (RB_POWEROFF | RB_HALT); + howto |= RB_POWEROFF; break; case 'q': qflag = 1; ==== //depot/projects/trustedbsd/base/sys/alpha/include/stdarg.h#5 (text+ko) ==== @@ -33,15 +33,19 @@ * * @(#)stdarg.h 8.1 (Berkeley) 6/10/93 * $NetBSD: stdarg.h,v 1.7 1997/04/06 08:47:44 cgd Exp $ - * $FreeBSD: src/sys/alpha/include/stdarg.h,v 1.5 2002/09/18 07:33:15 mike Exp $ + * $FreeBSD: src/sys/alpha/include/stdarg.h,v 1.6 2002/10/06 22:01:06 mike Exp $ */ -#ifndef _ALPHA_STDARG_H_ -#define _ALPHA_STDARG_H_ +#ifndef _MACHINE_STDARG_H_ +#define _MACHINE_STDARG_H_ +#include #include -typedef __va_list va_list; +#ifndef _VA_LIST_DECLARED +#define _VA_LIST_DECLARED +typedef __va_list va_list; +#endif #if defined(__GNUC__) && (__GNUC__ == 2 && __GNUC_MINOR__ > 95 || __GNUC__ >= 3) @@ -51,8 +55,10 @@ #define va_arg(ap, type) \ __builtin_va_arg((ap), type) +#if __ISO_C_VISIBLE >= 1999 #define va_copy(dest, src) \ __builtin_va_copy((dest), (src)) +#endif #define va_end(ap) \ __builtin_va_end(ap) @@ -83,4 +89,4 @@ #endif /* __GNUC__ post GCC 2.95 */ -#endif /* !_ALPHA_STDARG_H_ */ +#endif /* !_MACHINE_STDARG_H_ */ ==== //depot/projects/trustedbsd/base/sys/alpha/include/varargs.h#4 (text+ko) ==== @@ -38,7 +38,7 @@ * * @(#)varargs.h 8.2 (Berkeley) 3/22/94 * $NetBSD: varargs.h,v 1.7 1997/04/06 08:47:46 cgd Exp $ - * $FreeBSD: src/sys/alpha/include/varargs.h,v 1.4 2002/08/21 16:19:58 mike Exp $ + * $FreeBSD: src/sys/alpha/include/varargs.h,v 1.5 2002/10/06 22:02:06 mike Exp $ */ #ifndef _ALPHA_VARARGS_H_ @@ -48,7 +48,11 @@ #include +#ifndef _VA_LIST_DECLARED +#define _VA_LIST_DECLARED typedef __va_list va_list; +#endif + typedef int __builtin_va_alist_t __attribute__((__mode__(__word__))); #define va_alist __builtin_va_alist ==== //depot/projects/trustedbsd/base/sys/compat/svr4/svr4_stream.c#9 (text+ko) ==== @@ -27,7 +27,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $FreeBSD: src/sys/compat/svr4/svr4_stream.c,v 1.35 2002/09/24 07:02:57 mini Exp $ + * $FreeBSD: src/sys/compat/svr4/svr4_stream.c,v 1.36 2002/10/06 14:39:14 rwatson Exp $ */ /* @@ -39,6 +39,8 @@ #define COMPAT_43 1 +#include "opt_mac.h" + #include #include #include @@ -47,6 +49,7 @@ #include #include #include /* Must come after sys/malloc.h */ +#include #include #include #include @@ -165,6 +168,13 @@ if ((error = fgetsock(td, s, &so, NULL)) != 0) return (error); + +#ifdef MAC + error = mac_check_socket_send(td->td_ucred, so); + if (error) + goto done1; +#endif + auio.uio_iov = mp->msg_iov; auio.uio_iovcnt = mp->msg_iovlen; auio.uio_segflg = UIO_USERSPACE; @@ -262,6 +272,13 @@ if ((error = fgetsock(td, s, &so, NULL)) != 0) return (error); + +#ifdef MAC + error = mac_check_socket_receive(td->td_ucred, so); + if (error) + goto done1; +#endif + auio.uio_iov = mp->msg_iov; auio.uio_iovcnt = mp->msg_iovlen; auio.uio_segflg = UIO_USERSPACE; ==== //depot/projects/trustedbsd/base/sys/i386/include/stdarg.h#6 (text+ko) ==== @@ -32,15 +32,19 @@ * SUCH DAMAGE. * * @(#)stdarg.h 8.1 (Berkeley) 6/10/93 - * $FreeBSD: src/sys/i386/include/stdarg.h,v 1.16 2002/09/18 07:33:15 mike Exp $ + * $FreeBSD: src/sys/i386/include/stdarg.h,v 1.17 2002/10/06 22:01:06 mike Exp $ */ -#ifndef _STDARG_H_ -#define _STDARG_H_ +#ifndef _MACHINE_STDARG_H_ +#define _MACHINE_STDARG_H_ +#include #include -typedef __va_list va_list; +#ifndef _VA_LIST_DECLARED +#define _VA_LIST_DECLARED +typedef __va_list va_list; +#endif #if defined(__GNUC__) && (__GNUC__ == 2 && __GNUC_MINOR__ > 95 || __GNUC__ >= 3) @@ -50,8 +54,10 @@ #define va_arg(ap, type) \ __builtin_va_arg((ap), type) +#if __ISO_C_VISIBLE >= 1999 #define va_copy(dest, src) \ __builtin_va_copy((dest), (src)) +#endif #define va_end(ap) \ __builtin_va_end(ap) @@ -77,4 +83,4 @@ #endif /* __GNUC__ post GCC 2.95 */ -#endif /* !_STDARG_H_ */ +#endif /* !_MACHINE_STDARG_H_ */ ==== //depot/projects/trustedbsd/base/sys/i386/include/varargs.h#4 (text+ko) ==== @@ -37,7 +37,7 @@ * SUCH DAMAGE. * * @(#)varargs.h 8.2 (Berkeley) 3/22/94 - * $FreeBSD: src/sys/i386/include/varargs.h,v 1.10 2002/08/21 16:19:58 mike Exp $ + * $FreeBSD: src/sys/i386/include/varargs.h,v 1.11 2002/10/06 22:02:06 mike Exp $ */ #ifndef _VARARGS_H_ @@ -47,7 +47,11 @@ #include +#ifndef _VA_LIST_DECLARED +#define _VA_LIST_DECLARED typedef __va_list va_list; +#endif + typedef int __builtin_va_alist_t __attribute__((__mode__(__word__))); #define va_alist __builtin_va_alist ==== //depot/projects/trustedbsd/base/sys/ia64/include/stdarg.h#6 (text+ko) ==== @@ -32,15 +32,19 @@ * SUCH DAMAGE. * * @(#)stdarg.h 8.1 (Berkeley) 6/10/93 - * $FreeBSD: src/sys/ia64/include/stdarg.h,v 1.6 2002/09/18 07:33:15 mike Exp $ + * $FreeBSD: src/sys/ia64/include/stdarg.h,v 1.7 2002/10/06 22:01:06 mike Exp $ */ #ifndef _MACHINE_STDARG_H_ #define _MACHINE_STDARG_H_ +#include #include +#ifndef _VA_LIST_DECLARED +#define _VA_LIST_DECLARED typedef __va_list va_list; +#endif #if defined(__GNUC__) && (__GNUC__ == 2 && __GNUC_MINOR__ > 95 || __GNUC__ >= 3) @@ -50,8 +54,10 @@ #define va_arg(ap, type) \ __builtin_va_arg((ap), type) +#if __ISO_C_VISIBLE >= 1999 #define va_copy(dest, src) \ __builtin_va_copy((dest), (src)) +#endif #define va_end(ap) \ __builtin_va_end(ap) ==== //depot/projects/trustedbsd/base/sys/ia64/include/varargs.h#4 (text+ko) ==== @@ -37,7 +37,7 @@ * SUCH DAMAGE. * * @(#)varargs.h 8.2 (Berkeley) 3/22/94 - * $FreeBSD: src/sys/ia64/include/varargs.h,v 1.3 2002/08/21 16:19:59 mike Exp $ + * $FreeBSD: src/sys/ia64/include/varargs.h,v 1.4 2002/10/06 22:02:06 mike Exp $ */ #ifndef _MACHINE_VARARGS_H_ @@ -45,7 +45,11 @@ #include +#ifndef _VA_LIST_DECLARED +#define _VA_LIST_DECLARED typedef __va_list va_list; +#endif + typedef int __builtin_va_alist_t __attribute__((__mode__(__word__))); #define va_alist __builtin_va_alist ==== //depot/projects/trustedbsd/base/sys/kern/kern_mac.c#17 (text+ko) ==== @@ -36,7 +36,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/sys/kern/kern_mac.c,v 1.40 2002/10/06 02:46:25 rwatson Exp $ + * $FreeBSD: src/sys/kern/kern_mac.c,v 1.41 2002/10/06 14:39:14 rwatson Exp $ */ /* * Developed by the TrustedBSD Project. @@ -761,10 +761,18 @@ mpc->mpc_ops->mpo_check_socket_listen = mpe->mpe_function; break; + case MAC_CHECK_SOCKET_RECEIVE: + mpc->mpc_ops->mpo_check_socket_receive = + mpe->mpe_function; + break; case MAC_CHECK_SOCKET_RELABEL: mpc->mpc_ops->mpo_check_socket_relabel = mpe->mpe_function; break; + case MAC_CHECK_SOCKET_SEND: + mpc->mpc_ops->mpo_check_socket_send = + mpe->mpe_function; + break; case MAC_CHECK_SOCKET_VISIBLE: mpc->mpc_ops->mpo_check_socket_visible = mpe->mpe_function; @@ -2961,6 +2969,19 @@ return (error); } +int +mac_check_socket_receive(struct ucred *cred, struct socket *so) +{ + int error; + + if (!mac_enforce_socket) + return (0); + + MAC_CHECK(check_socket_receive, cred, so, &so->so_label); + + return (error); +} + static int mac_check_socket_relabel(struct ucred *cred, struct socket *socket, struct label *newlabel) @@ -2974,6 +2995,19 @@ } int +mac_check_socket_send(struct ucred *cred, struct socket *so) +{ + int error; + + if (!mac_enforce_socket) + return (0); + + MAC_CHECK(check_socket_send, cred, so, &so->so_label); + + return (error); +} + +int mac_check_socket_visible(struct ucred *cred, struct socket *socket) { int error; ==== //depot/projects/trustedbsd/base/sys/kern/sys_socket.c#11 (text+ko) ==== @@ -31,12 +31,15 @@ * SUCH DAMAGE. * * @(#)sys_socket.c 8.1 (Berkeley) 6/10/93 - * $FreeBSD: src/sys/kern/sys_socket.c,v 1.45 2002/10/03 02:12:58 truckman Exp $ + * $FreeBSD: src/sys/kern/sys_socket.c,v 1.46 2002/10/06 14:39:14 rwatson Exp $ */ +#include "opt_mac.h" + #include #include #include +#include #include #include #include @@ -68,6 +71,13 @@ int error; mtx_lock(&Giant); +#ifdef MAC + error = mac_check_socket_receive(active_cred, so); + if (error) { + mtx_unlock(&Giant); + return (error); + } +#endif error = so->so_proto->pr_usrreqs->pru_soreceive(so, 0, uio, 0, 0, 0); mtx_unlock(&Giant); return (error); @@ -86,6 +96,13 @@ int error; mtx_lock(&Giant); +#ifdef MAC + error = mac_check_socket_send(active_cred, so); + if (error) { + mtx_unlock(&Giant); + return (error); + } +#endif error = so->so_proto->pr_usrreqs->pru_sosend(so, 0, uio, 0, 0, 0, uio->uio_td); mtx_unlock(&Giant); ==== //depot/projects/trustedbsd/base/sys/kern/uipc_syscalls.c#21 (text+ko) ==== @@ -34,7 +34,7 @@ * SUCH DAMAGE. * * @(#)uipc_syscalls.c 8.4 (Berkeley) 2/21/94 - * $FreeBSD: src/sys/kern/uipc_syscalls.c,v 1.131 2002/10/03 02:12:58 truckman Exp $ + * $FreeBSD: src/sys/kern/uipc_syscalls.c,v 1.132 2002/10/06 14:39:14 rwatson Exp $ */ #include "opt_compat.h" @@ -607,6 +607,13 @@ if ((error = fgetsock(td, s, &so, NULL)) != 0) return (error); + +#ifdef MAC + error = mac_check_socket_send(td->td_ucred, so); + if (error) + goto bad; +#endif + auio.uio_iov = mp->msg_iov; auio.uio_iovcnt = mp->msg_iovlen; auio.uio_segflg = UIO_USERSPACE; @@ -884,6 +891,15 @@ if ((error = fgetsock(td, s, &so, NULL)) != 0) return (error); + +#ifdef MAC + error = mac_check_socket_receive(td->td_ucred, so); + if (error) { + fputsock(so); + return (error); + } +#endif + auio.uio_iov = mp->msg_iov; auio.uio_iovcnt = mp->msg_iovlen; auio.uio_segflg = UIO_USERSPACE; @@ -1734,6 +1750,12 @@ goto done; } +#ifdef MAC + error = mac_check_socket_send(td->td_ucred, so); + if (error) + goto done; +#endif + /* * If specified, get the pointer to the sf_hdtr struct for * any headers/trailers. ==== //depot/projects/trustedbsd/base/sys/net/bridge.c#10 (text+ko) ==== @@ -24,7 +24,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/sys/net/bridge.c,v 1.55 2002/09/12 01:05:46 luigi Exp $ + * $FreeBSD: src/sys/net/bridge.c,v 1.56 2002/10/06 14:02:35 mux Exp $ */ /* @@ -845,7 +845,7 @@ ifp = dst ; once = 1 ; } - if ( (u_int)(ifp) <= (u_int)BDG_FORWARD ) + if ((uintptr_t)(ifp) <= (u_int)BDG_FORWARD) panic("bdg_forward: bad dst"); /* ==== //depot/projects/trustedbsd/base/sys/powerpc/include/stdarg.h#5 (text+ko) ==== @@ -25,15 +25,19 @@ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * * $NetBSD: stdarg.h,v 1.5 2000/02/27 17:50:21 tsubai Exp $ - * $FreeBSD: src/sys/powerpc/include/stdarg.h,v 1.6 2002/09/18 07:33:16 mike Exp $ + * $FreeBSD: src/sys/powerpc/include/stdarg.h,v 1.7 2002/10/06 22:01:07 mike Exp $ */ -#ifndef _POWERPC_STDARG_H_ -#define _POWERPC_STDARG_H_ +#ifndef _MACHINE_STDARG_H_ +#define _MACHINE_STDARG_H_ +#include #include +#ifndef _VA_LIST_DECLARED +#define _VA_LIST_DECLARED typedef __va_list va_list; +#endif #if defined(__GNUC__) && (__GNUC__ == 2 && __GNUC_MINOR__ > 95 || __GNUC__ >= 3) @@ -43,8 +47,10 @@ #define va_arg(ap, type) \ __builtin_va_arg((ap), type) +#if __ISO_C_VISIBLE >= 1999 #define va_copy(dest, src) \ __builtin_va_copy((dest), (src)) +#endif #define va_end(ap) \ __builtin_va_end(ap) @@ -127,13 +133,15 @@ #define va_end(ap) +#if __ISO_C_VISIBLE >= 1999 #if !defined(_ANSI_SOURCE) && \ (!defined(_POSIX_C_SOURCE) && !defined(_XOPEN_SOURCE) || \ defined(_ISOC99_SOURCE) || (__STDC_VERSION__ - 0) >= 199901L) #define va_copy(dest, src) \ ((dest) = (src)) #endif +#endif #endif /* __GNUC__ post GCC 2.95 */ -#endif /* _POWERPC_STDARG_H_ */ +#endif /* _MACHINE_STDARG_H_ */ ==== //depot/projects/trustedbsd/base/sys/powerpc/include/varargs.h#4 (text+ko) ==== @@ -25,7 +25,7 @@ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * $NetBSD: varargs.h,v 1.5 2000/02/27 17:50:22 tsubai Exp $ - * $FreeBSD: src/sys/powerpc/include/varargs.h,v 1.3 2002/08/21 16:19:59 mike Exp $ + * $FreeBSD: src/sys/powerpc/include/varargs.h,v 1.4 2002/10/06 22:02:06 mike Exp $ */ #ifndef _POWERPC_VARARGS_H_ @@ -35,7 +35,11 @@ #include +#ifndef _VA_LIST_DECLARED +#define _VA_LIST_DECLARED typedef __va_list va_list; +#endif + typedef int __builtin_va_alist_t __attribute__((__mode__(__word__))); #define va_alist __builtin_va_alist ==== //depot/projects/trustedbsd/base/sys/security/mac_biba/mac_biba.c#9 (text+ko) ==== @@ -34,7 +34,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/sys/security/mac_biba/mac_biba.c,v 1.17 2002/10/06 02:46:25 rwatson Exp $ + * $FreeBSD: src/sys/security/mac_biba/mac_biba.c,v 1.18 2002/10/06 13:11:01 rwatson Exp $ */ /* @@ -1588,7 +1588,7 @@ return (EACCES); } - return (0); + return (0); } static int ==== //depot/projects/trustedbsd/base/sys/sparc64/include/stdarg.h#5 (text+ko) ==== @@ -35,15 +35,19 @@ * * @(#)stdarg.h 8.2 (Berkeley) 9/27/93 * $NetBSD: stdarg.h,v 1.11 2000/07/23 21:36:56 mycroft Exp $ - * $FreeBSD: src/sys/sparc64/include/stdarg.h,v 1.5 2002/09/18 07:33:16 mike Exp $ + * $FreeBSD: src/sys/sparc64/include/stdarg.h,v 1.6 2002/10/06 22:01:07 mike Exp $ */ #ifndef _MACHINE_STDARG_H_ #define _MACHINE_STDARG_H_ +#include #include +#ifndef _VA_LIST_DECLARED +#define _VA_LIST_DECLARED typedef __va_list va_list; +#endif #if defined(__GNUC__) && (__GNUC__ == 2 && __GNUC_MINOR__ > 95 || __GNUC__ >= 3) @@ -53,8 +57,10 @@ #define va_arg(ap, type) \ __builtin_va_arg((ap), type) +#if __ISO_C_VISIBLE >= 1999 #define va_copy(dest, src) \ __builtin_va_copy((dest), (src)) +#endif #define va_end(ap) \ __builtin_va_end(ap) ==== //depot/projects/trustedbsd/base/sys/sparc64/include/varargs.h#4 (text+ko) ==== @@ -46,14 +46,18 @@ * SUCH DAMAGE. * * @(#)varargs.h 8.3 (Berkeley) 3/22/94 - * $FreeBSD: src/sys/sparc64/include/varargs.h,v 1.4 2002/08/21 16:20:00 mike Exp $ + * $FreeBSD: src/sys/sparc64/include/varargs.h,v 1.5 2002/10/06 22:02:06 mike Exp $ */ #if defined(__GNUC__) && (__GNUC__ == 2 && __GNUC_MINOR__ > 95 || __GNUC__ >= 3) #include +#ifndef _VA_LIST_DECLARED +#define _VA_LIST_DECLARED typedef __va_list va_list; +#endif + typedef int __builtin_va_alist_t __attribute__((__mode__(__word__))); #define va_alist __builtin_va_alist ==== //depot/projects/trustedbsd/base/sys/sys/mac.h#9 (text+ko) ==== @@ -34,7 +34,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/sys/sys/mac.h,v 1.13 2002/10/06 02:46:26 rwatson Exp $ + * $FreeBSD: src/sys/sys/mac.h,v 1.14 2002/10/06 14:39:15 rwatson Exp $ */ /* * Userland/kernel interface for Mandatory Access Control. @@ -319,6 +319,8 @@ struct sockaddr *sockaddr); int mac_check_socket_deliver(struct socket *so, struct mbuf *m); int mac_check_socket_listen(struct ucred *cred, struct socket *so); +int mac_check_socket_receive(struct ucred *cred, struct socket *so); +int mac_check_socket_send(struct ucred *cred, struct socket *so); int mac_check_socket_visible(struct ucred *cred, struct socket *so); int mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int flags); ==== //depot/projects/trustedbsd/base/sys/sys/mac_policy.h#11 (text+ko) ==== @@ -34,7 +34,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/sys/sys/mac_policy.h,v 1.15 2002/10/06 02:46:26 rwatson Exp $ + * $FreeBSD: src/sys/sys/mac_policy.h,v 1.16 2002/10/06 14:39:15 rwatson Exp $ */ /* * Kernel interface for MAC policy modules. @@ -271,9 +271,13 @@ struct label *mbuflabel); int (*mpo_check_socket_listen)(struct ucred *cred, struct socket *so, struct label *socketlabel); + int (*mpo_check_socket_receive)(struct ucred *cred, + struct socket *so, struct label *socketlabel); int (*mpo_check_socket_relabel)(struct ucred *cred, struct socket *so, struct label *socketlabel, struct label *newlabel); + int (*mpo_check_socket_send)(struct ucred *cred, + struct socket *so, struct label *socketlabel); int (*mpo_check_socket_visible)(struct ucred *cred, struct socket *so, struct label *socketlabel); int (*mpo_check_vnode_access)(struct ucred *cred, @@ -454,7 +458,9 @@ MAC_CHECK_SOCKET_CONNECT, MAC_CHECK_SOCKET_DELIVER, MAC_CHECK_SOCKET_LISTEN, + MAC_CHECK_SOCKET_RECEIVE, MAC_CHECK_SOCKET_RELABEL, + MAC_CHECK_SOCKET_SEND, MAC_CHECK_SOCKET_VISIBLE, MAC_CHECK_VNODE_ACCESS, MAC_CHECK_VNODE_CHDIR, ==== //depot/projects/trustedbsd/base/sys/x86_64/include/stdarg.h#4 (text+ko) ==== >>> TRUNCATED FOR MAIL (1000 lines) <<< To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message