Date: Wed, 19 Mar 2008 17:30:21 GMT From: Chris Vance <cvance@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 138114 for review Message-ID: <200803191730.m2JHULSn070662@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=138114 Change 138114 by cvance@cvance_sony on 2008/03/19 17:29:32 Re-sync the externally visable sedarwin8 branch with the true development repo. This is a large number of changes including: - fixing licenses in xnu/security/... - fixing licenses for audit code developed under this project - updating to 10.4.9 - updating mig to generate permission checks - updating the sedarwin policy module - updating launchd Note that it's still PPC-only and not 100% current. We have confirmed that it builds and runs. Affected files ... .. //depot/projects/trustedbsd/sedarwin8/Makefile#5 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/Makefile#7 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/bootstrap_cmds/Makefile#2 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/bootstrap_cmds/migcom.tproj/global.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/bootstrap_cmds/migcom.tproj/global.h#2 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/bootstrap_cmds/migcom.tproj/mig.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/bootstrap_cmds/migcom.tproj/mig.sh#2 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/build/bsd.mig.mk#2 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/Makefile#1 add .. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/bin/Makefile#1 add .. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/bin/Makefile.inc#1 add .. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/bin/launchctl/Makefile#1 add .. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/bin/wait4path/Makefile#1 add .. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/etc/Makefile#1 add .. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/libexec/ConsoleMessage/Makefile#1 add .. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/libexec/Makefile#1 add .. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/libexec/Makefile.inc#1 add .. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/libexec/StartupItemContext/Makefile#1 add .. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/libexec/launchproxy/Makefile#1 add .. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/libexec/register_mach_bootstrap_servers/Makefile#1 add .. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/sbin/Makefile#1 add .. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/sbin/Makefile.inc#1 add .. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/sbin/SystemStarter/Makefile#1 add .. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/sbin/launchd/DAServer.defs#1 add .. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/sbin/launchd/DNSServiceDiscoveryRequest.defs#1 add .. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/sbin/launchd/DirectoryServiceMIG.defs#1 add .. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/sbin/launchd/DirectoryServiceMIG_types.h#1 add .. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/sbin/launchd/Makefile#1 add .. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/sbin/launchd/README-defs#1 add .. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/sbin/launchd/config.defs#1 add .. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/sbin/launchd/eapolcontroller.defs#1 add .. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/sbin/launchd/kextmanager_mig.defs#1 add .. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/sbin/launchd/lookup.defs#1 add .. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/sbin/launchd/memberd.defs#1 add .. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/sbin/launchd/mkkmethods.pl#1 add .. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/sbin/launchd/notify_ipc.defs#1 add .. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/sbin/launchd/ocspd.defs#1 add .. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/sbin/launchd/powermanagement.defs#1 add .. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/sbin/launchd/pppcontroller.defs#1 add .. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/sbin/launchd/self.defs#1 add .. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/sbin/launchd/service.map#1 add .. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/sbin/launchd/shared_dns_info.defs#1 add .. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/sbin/launchd/ss_types.defs#1 add .. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/sbin/launchd/ucsp.defs#1 add .. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/sbin/launchd_debugd/Makefile#1 add .. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/build/sbin/service/Makefile#1 add .. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/src/bootstrap.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/launchd/src/rpc_services.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/network_cmds/ifconfig.tproj/Makefile.preamble#2 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/pam_modules/pam_afpmount/Makefile#3 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/bsm/Makefile#2 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/bsm/audit_kernel.h#6 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/conf/files#3 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_audit.c#9 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_audit_mac.c#1 add .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_descrip.c#11 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_proc.c#7 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/subr_log.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet/ip_icmp.c#9 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet/ip_output.c#7 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet/tcp_subr.c#9 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet6/ip6_output.c#6 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/sys/msgbuf.h#3 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/sys/proc.h#3 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/uxkern/ux_exception.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/vfs/vfs_attrlist.c#7 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/vfs/vfs_cache.c#6 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/vfs/vfs_syscalls.c#23 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/config/MACFramework.exports#10 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/makedefs/MakeInc.cmd#2 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/conf/Makefile#2 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/conf/Makefile.template#2 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/conf/files#2 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/ipc/ipc_kmsg.c#8 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/ipc/ipc_labelh.c#14 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/ipc/ipc_object.c#5 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/ipc/ipc_port.h#3 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/ipc/mach_port.c#6 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/kern/Makefile#2 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/kern/ipc_kobject.c#5 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/kern/mkkmethods.pl#1 add .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/kern/security.c#7 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/mach/port.h#3 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/mach/security.defs#4 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/ppc/model_dep.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_alloc.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_alloc.h#2 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_audit.c#6 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_base.c#34 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_file.c#11 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_framework.h#40 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_inet.c#5 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_mach_internal.h#10 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_net.c#14 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_policy.h#48 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_port.c#9 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_sysv_msg.c#7 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_vfs_subr.c#10 edit .. //depot/projects/trustedbsd/sedarwin8/policies/Makefile#6 edit .. //depot/projects/trustedbsd/sedarwin8/policies/filewatch/mac_filewatch.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/mls/mac_mls.c#28 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/include/selinux/av_permissions.h#6 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/include/selinux/flask.h#5 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/av_perm_to_string.h#5 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/class_to_string.h#5 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/include/sepol/policydb/flask.h#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libsepol/src/av_permissions.h#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/programs/relabel_gui/LabelDialog.m#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/programs/relabel_gui/Makefile#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/programs/relabel_gui/relabel_gui.pbproj/project.pbxproj#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/Makefile#9 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/Rules.modular#4 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/Rules.monolithic#9 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/flask/Makefile#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/flask/mkmig_av.pl#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/flask/mkmig_sc.pl#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules.conf#8 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/DirectoryService.te#10 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/KernelEventAgent.te#7 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/WindowServer.fc#6 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/WindowServer.te#15 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/configd.te#22 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/coreaudiod.te#11 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/coreservicesd.te#13 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/crashreporterd.te#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/diskarbitrationd.te#13 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/distnoted.te#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/dynamic_pager.te#4 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/kextd.te#11 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/loginwindow.te#19 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/lookupd.te#9 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/mDNSResponder.te#10 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/mds.fc#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/mds.te#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/memberd.te#9 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/netinfod.fc#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/netinfod.te#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/notifyd.te#10 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/securityd.te#17 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/update.te#7 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/kernel/kernel.te#6 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/automount.te#5 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/services/ntp.te#7 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/darwin.te#11 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/getty.te#4 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/init.te#17 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/system/logging.te#8 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/MISSING_ENTRIES.txt#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/avc/av_perm_to_string.h#4 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/avc/av_permissions.h#4 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/avc/avc.c#23 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/avc/class_to_string.h#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/flask.h#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#79 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd_sysctl.c#4 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/ss/mach_av.c#8 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin8/Makefile#5 (text+ko) ==== @@ -2,7 +2,7 @@ ifneq "$(word 6, $(shell gcc_select))" "3.3" $(error Build requires GCC version 3.3. Use 'gcc_select 3.3' to change.) endif -ifneq "$(shell uname -r)" "8.8.0" +ifneq "$(shell uname -r)" "8.9.0" $(error Build requires Mac OS X 10.4.8/Darwin 8.8) endif ==== //depot/projects/trustedbsd/sedarwin8/darwin/Makefile#7 (text+ko) ==== @@ -4,11 +4,10 @@ all: $(MAKE) -C Libstreams - $(MAKE) -C bootstrap_cmds tools + $(MAKE) -C bootstrap_cmds $(MAKE) -C cctools $(MAKE) -C kext_tools $(MAKE) -C $(XNU) - $(MAKE) -C bootstrap_cmds bsdmake -C libmac $(MAKE) -C mac_cmds $(MAKE) -C adv_cmds/ps.tproj all @@ -18,7 +17,7 @@ $(MAKE) -C pam_modules/pam_lctx $(MAKE) -C pam_modules/pam_mac_console $(MAKE) -C etc - $(MAKE) -C launchd/src + bsdmake -C launchd/build/sbin/launchd $(MAKE) -C netinfo/servers/notifyd $(MAKE) -C network_cmds/ifconfig.tproj @@ -39,7 +38,8 @@ $(MAKE) -C pam_modules/pam_lctx DSTROOT=$(DESTDIR) install $(MAKE) -C pam_modules/pam_mac_console DSTROOT=$(DESTDIR) install $(MAKE) -C etc install - $(MAKE) -C launchd/src install + bsdmake -C launchd/build/sbin/launchd install + bsdmake -C launchd/build/etc install $(MAKE) -C netinfo/servers/notifyd install $(MAKE) -C network_cmds/ifconfig.tproj install @@ -59,6 +59,6 @@ $(MAKE) -C pam_modules/pam_lctx clean $(MAKE) -C pam_modules/pam_mac_console clean $(MAKE) -C etc clean - $(MAKE) -C launchd/src clean + bsdmake -C launchd/build/sbin/launchd clean $(MAKE) -C netinfo/servers/notifyd clean $(MAKE) -C network_cmds/ifconfig.tproj clean ==== //depot/projects/trustedbsd/sedarwin8/darwin/bootstrap_cmds/Makefile#2 (text+ko) ==== @@ -6,6 +6,8 @@ all: cd migcom.tproj && make + cd decomment.tproj && make + cd relpath.tproj && make clean: cd decomment.tproj && make clean @@ -14,7 +16,3 @@ install: cd migcom.tproj && make install - -tools: - cd decomment.tproj && make - cd relpath.tproj && make ==== //depot/projects/trustedbsd/sedarwin8/darwin/bootstrap_cmds/migcom.tproj/global.c#2 (text+ko) ==== @@ -70,6 +70,7 @@ boolean_t ShortCircuit = FALSE; boolean_t UseRPCTrap = FALSE; boolean_t TestRPCTrap= FALSE; +boolean_t MethodDump = FALSE; boolean_t IsKernelUser = FALSE; boolean_t IsKernelServer = FALSE; ==== //depot/projects/trustedbsd/sedarwin8/darwin/bootstrap_cmds/migcom.tproj/global.h#2 (text+ko) ==== @@ -71,6 +71,7 @@ extern boolean_t ShortCircuit; extern boolean_t UseRPCTrap; extern boolean_t TestRPCTrap; +extern boolean_t MethodDump; extern boolean_t IsKernelUser; extern boolean_t IsKernelServer; ==== //depot/projects/trustedbsd/sedarwin8/darwin/bootstrap_cmds/migcom.tproj/mig.c#2 (text+ko) ==== @@ -55,6 +55,7 @@ /* * Switches are; + * -M Dump methods. * -[v,Q] verbose or not quiet: prints out type * and routine information as mig runs. * -[V,q] not verbose or quiet : don't print @@ -117,6 +118,7 @@ extern int yyparse(); static FILE *myfopen(); +static void DumpMethods(void); static void parseArgs(argc, argv) @@ -258,6 +260,9 @@ else fatal("unknown flag: '%s'", argv[0]); break; + case 'M': + MethodDump = TRUE; + break; case 'X': ShortCircuit = FALSE; break; @@ -303,6 +308,11 @@ more_global(); + if (MethodDump) { + DumpMethods(); + exit(0); + } + uheader = myfopen(UserHeaderFileName, "w"); if (!UserFilePrefix) user = myfopen(UserFileName, "w"); @@ -410,3 +420,24 @@ return file; } + +static void +DumpMethods(void) +{ + register statement_t *stat; + int fnum; + char *fname; + int first = TRUE; + + printf("%s@%d:", SubsystemName, SubsystemBase); + for (stat = stats; stat != stNULL; stat = stat->stNext) { + if (stat->stKind != skRoutine) + continue; + fnum = SubsystemBase + stat->stRoutine->rtNumber; + fname = stat->stRoutine->rtName; + printf("%s%s@%d", first ? " " : ", ", fname, fnum); + if (first) + first = FALSE; + } + printf("\n"); +} ==== //depot/projects/trustedbsd/sedarwin8/darwin/bootstrap_cmds/migcom.tproj/mig.sh#2 (text+ko) ==== @@ -66,7 +66,7 @@ until [ $# -eq 0 ] do case "$1" in - -[dtqkKQvVtTrRsSlLxX] ) migflags="$migflags $1"; shift;; + -[dtqkKQvVtTrRsSlLxXM] ) migflags="$migflags $1"; shift;; -i ) sawI=1; migflags="$migflags $1 $2"; shift; shift;; -user ) user="$2"; if [ ! "${sawI-}" ]; then migflags="$migflags $1 $2"; fi; shift; shift;; -server ) server="$2"; migflags="$migflags $1 $2"; shift; shift;; ==== //depot/projects/trustedbsd/sedarwin8/darwin/build/bsd.mig.mk#2 (text+ko) ==== @@ -13,24 +13,24 @@ CLEANFILES+= ${_MH} .if !empty(MIG_USER:M${_MH:R}) -${_MH:R:U}_USER= ${_MH:R}User.c +${_MH:R:U}_USER=-user ${_MH:R}User.c SRCS+= ${_MH:R}User.c CLEANFILES+= ${_MH:R}User.c ${_MH:R}User.c: ${_MH} .else -${_MH:R:U}_USER= /dev/null +${_MH:R:U}_USER=-user /dev/null .endif .if !empty(MIG_SERVER:M${_MH:R}) -${_MH:R:U}_SERVER= ${_MH:R}Server.c +${_MH:R:U}_SERVER=-server ${_MH:R}Server.c -sheader ${_MH:R}Server.h SRCS+= ${_MH:R}Server.c -CLEANFILES+= ${_MH:R}Server.c +CLEANFILES+= ${_MH:R}Server.c ${_MH:R}Server.h ${_MH:R}Server.c: ${_MH} .else -${_MH:R:U}_SERVER= /dev/null +${_MH:R:U}_SERVER=-server /dev/null .endif ${_MH}: ${_MSRC} - ${MIG} -server ${${_MH:R:U}_SERVER} -user ${${_MH:R:U}_USER} ${.ALLSRC} + ${MIG} ${${_MH:R:U}_SERVER} ${${_MH:R:U}_USER} ${.ALLSRC} .endfor .endfor ==== //depot/projects/trustedbsd/sedarwin8/darwin/launchd/src/bootstrap.c#3 (text+ko) ==== @@ -69,6 +69,9 @@ #include "lists.h" #include "launchd.h" +extern void register_subsystems (void); +extern kern_return_t service_register (task_t, mach_port_t, const char *); + /* Mig should produce a declaration for this, but doesn't */ extern boolean_t bootstrap_server(mach_msg_header_t *InHeadP, mach_msg_header_t *OutHeadP); @@ -77,7 +80,7 @@ bool forward_ok = false; bool debugging = false; bool register_self = false; -const char *register_name = NULL; +const char *register_name = "com.apple.bootstrap"; task_t bootstrap_self = MACH_PORT_NULL; static uid_t inherited_uid = 0; @@ -169,6 +172,7 @@ inherited_uid = getuid(); getaudit(&inherited_audit); init_lists(); + register_subsystems(); init_ports(); result = task_get_bootstrap_port(bootstrap_self, &inherited_bootstrap_port); @@ -233,6 +237,13 @@ if (result != KERN_SUCCESS) panic("mach_port_allocate(): %s", mach_error_string(result)); + result = service_register( + bootstrap_self, + notify_port, + "com.apple.bootstrap.notify"); + if (result != KERN_SUCCESS) + panic("service_register(): %s", mach_error_string(result)); + result = mach_port_move_member( bootstrap_self, notify_port, @@ -262,6 +273,14 @@ &bootstraps.bootstrap_port); if (result != KERN_SUCCESS) panic("mach_port_allocate(): %s", mach_error_string(result)); + + result = service_register( + bootstrap_self, + bootstraps.bootstrap_port, + register_name); + if (result != KERN_SUCCESS) + panic("service_register(): %s", mach_error_string(result)); + result = mach_port_insert_right( bootstrap_self, bootstraps.bootstrap_port, ==== //depot/projects/trustedbsd/sedarwin8/darwin/launchd/src/rpc_services.c#2 (text+ko) ==== @@ -48,6 +48,8 @@ #ifndef NULL #define NULL ((void *)0) #endif NULL + +extern kern_return_t service_register (task_t, mach_port_t, const char *); #define bsstatus(servicep) \ (((servicep)->isActive) ? BOOTSTRAP_STATUS_ACTIVE : \ @@ -731,6 +733,13 @@ if (result != KERN_SUCCESS) panic("mach_port_allocate(): %s", mach_error_string(result)); + result = service_register( + mach_task_self(), + new_bootstrapport, + "com.apple.bootstrap"); + if (result != KERN_SUCCESS) + panic("service_register(): %s", mach_error_string(result)); + result = mach_port_insert_right( mach_task_self(), new_bootstrapport, @@ -822,6 +831,14 @@ serviceportp); if (result != KERN_SUCCESS) panic("port_allocate(): %s", mach_error_string(result)); + + result = service_register( + mach_task_self(), + *serviceportp, + servicename); + if (result != KERN_SUCCESS) + panic("service_register(): %s", mach_error_string(result)); + result = mach_port_insert_right(mach_task_self(), *serviceportp, *serviceportp, ==== //depot/projects/trustedbsd/sedarwin8/darwin/network_cmds/ifconfig.tproj/Makefile.preamble#2 (text+ko) ==== @@ -1,4 +1,4 @@ OTHER_GENERATED_OFILES = $(VERS_OFILE) -include ../Makefile.include -OTHER_CFLAGS += -I../../xnu -I../../xnu/bsd -DUSE_IF_MEDIA -DINET6 -DNO_IPX -DUSE_VLANS -DUSE_BONDS -DUSE_MAC +OTHER_CFLAGS += -I$(DARWIN) -I$(DARWIN)/bsd -DUSE_IF_MEDIA -DINET6 -DNO_IPX -DUSE_VLANS -DUSE_BONDS -DUSE_MAC LIBS += $(LIBMAC) ==== //depot/projects/trustedbsd/sedarwin8/darwin/pam_modules/pam_afpmount/Makefile#3 (text+ko) ==== @@ -30,4 +30,4 @@ DPADD= ${LIBKRB} ${LIBCRYPTO} ${LIBCOM_ERR} LDADD= -lkrb -lcrypto -lcom_err -.include <bsd.lib.mk>+.include <bsd.lib.mk> ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/bsm/Makefile#2 (text+ko) ==== @@ -22,7 +22,7 @@ DATAFILES = \ audit.h audit_record.h audit_kevents.h KERNFILES = \ - audit.h + audit.h audit_kernel.h INSTALL_MI_LIST = ${DATAFILES} ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/bsm/audit_kernel.h#6 (text+ko) ==== @@ -289,6 +289,7 @@ int retval); void audit_init(void); void audit_shutdown(void); +int audit_have_record(void); struct kaudit_record *audit_new(int event, struct proc *p, struct uthread *uthread); @@ -386,16 +387,6 @@ struct proc *child); void audit_proc_free(struct proc *p); -#ifdef MAC -/* - * audit_mac_data() is the MAC Framework's entry point to the audit subsystem. - * It currently creates only text and data audit tokens. - */ -int audit_mac_data(int type, int len, u_char *data); -void audit_arg_mac_string(const char *string); - -#endif - /* * Define a macro to wrap the audit_arg_* calls by checking the global * audit_enabled flag before performing the actual call. ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/conf/files#3 (text+ko) ==== @@ -475,6 +475,7 @@ bsd/kern/kern_acct.c standard bsd/kern/kern_aio.c standard bsd/kern/kern_audit.c standard +bsd/kern/kern_audit_mac.c standard bsd/kern/kern_authorization.c standard bsd/kern/kern_bsm_token.c standard bsd/kern/kern_bsm_audit.c standard ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_audit.c#9 (text+ko) ==== @@ -79,8 +79,6 @@ #include <security/mac.h> #include <security/mac_framework.h> #include <security/mac_policy.h> -#define MAC_ARG_PREFIX "arg: " -#define MAC_ARG_PREFIX_LEN 5 #endif #include <net/route.h> @@ -815,6 +813,18 @@ return (curuthread()->uu_ar); } +/* + * audit_have_record can be used by a security policy to determine + * if an audit record will be stored, reducing wasted memory allocation + * and string handling. + */ +int +audit_have_record(void) +{ + + return (audit_enabled && currecord() != NULL); +} + /********************************** * Begin system calls. * **********************************/ @@ -2593,86 +2603,6 @@ file_drop(fd); } -#ifdef MAC -/* - * This function is called by the MAC Framework to add audit data - * from a policy to the current audit record. - */ -int -audit_mac_data(int type, int len, u_char *data) { - struct kaudit_record *cur; - struct mac_audit_record *record; - int ret; - - if (audit_enabled == 0) { - ret = ENOTSUP; - goto out_fail; - } - - cur = currecord(); - if (cur == NULL) { - ret = ENOTSUP; - goto out_fail; - } - - /* - * kalloc() uses the Mach zone allocator. For the small size - * we are allocating here, the zone allocator will never return - * NULL. - */ - record = (struct mac_audit_record *)kalloc(sizeof(*record)); - - record->type = type; - record->length = len; - record->data = data; - LIST_INSERT_HEAD(cur->k_ar.ar_mac_records, record, records); - - return (0); - -out_fail: - kfree(data, len); - return (ret); -} - -void -audit_arg_mac_string(const char *string) -{ - struct kaudit_record *ar; - - ar = currecord(); - if (ar == NULL) - return; - - if (ar->k_ar.ar_arg_mac_string == NULL) { - ar->k_ar.ar_arg_mac_string = - (char *)kalloc(MAC_MAX_LABEL_BUF_LEN + MAC_ARG_PREFIX_LEN); - /* This should be rare event. If kalloc() returns NULL, the - * system is low on memory. To meet the requirement that no - * auditable events be incompletely audited, we panic here. - */ - if (ar->k_ar.ar_arg_mac_string == NULL) - panic("Memory allocation failure when auditing MAC system call."); - } - strncpy(ar->k_ar.ar_arg_mac_string, MAC_ARG_PREFIX, MAC_ARG_PREFIX_LEN); - strcpy(ar->k_ar.ar_arg_mac_string + MAC_ARG_PREFIX_LEN, string); - ar->k_ar.ar_valid_arg |= ARG_MAC_STRING; - -} -#endif /* MAC */ - -/* - * kau_will_audit can be used by a security policy to determine - * if an audit record will be stored, reducing wasted memory allocation - * and string handling. - */ - -int -kau_will_audit(void) -{ - - return (audit_enabled && currecord() != NULL); -} - #else /* !AUDIT */ void @@ -2741,17 +2671,10 @@ return (ENOSYS); } -#ifdef MAC -void -audit_mac_data(int type, int len, u_char *data) -{ -} - int -kau_will_audit() +audit_have_record(void) { return (0); } -#endif #endif /* AUDIT */ ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_descrip.c#11 (text+ko) ==== @@ -704,7 +704,6 @@ error = vnode_setsize(vp, offset, IO_NOZEROFILL, &context); } - (void)vnode_put(vp); goto outdrop; ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_proc.c#7 (text+ko) ==== @@ -363,6 +363,16 @@ return(0); } +char * +proc_procname(proc_t p, char * buf, int size) +{ + + strncpy(buf, &p->p_comm[0], size); + buf[size-1] = 0; + + return (buf); +} + void proc_name(int pid, char * buf, int size) { ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/subr_log.c#3 (text+ko) ==== @@ -167,7 +167,9 @@ register long l; register int s; int error = 0; +#if 0 char localbuff[MSG_BSIZE]; +#endif int copybytes; LOG_LOCK(); @@ -205,11 +207,16 @@ l = min(l, uio_resid(uio)); if (l == 0) break; +#if 0 bcopy(&msgbufp->msg_bufc[msgbufp->msg_bufr], &localbuff[0], l); LOG_UNLOCK(); error = uiomove((caddr_t)&localbuff[0], (int)l, uio); LOG_LOCK(); +#else + error = uiomove((caddr_t)&msgbufp->msg_bufc[msgbufp->msg_bufr], + (int)l, uio); +#endif if (error) break; msgbufp->msg_bufr += l; ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet/ip_icmp.c#9 (text+ko) ==== @@ -62,7 +62,7 @@ * @(#)ip_icmp.c 8.2 (Berkeley) 1/4/94 */ /* - * NOTICE: This file was modified by SPARTA, Inc. in 2005 to introduce + * NOTICE: This file was modified by SPARTA, Inc. in 2007 to introduce * support for mandatory and extensible security protections. This notice * is included in support of clause 2.2 (b) of the Apple Public License, * Version 2.0. @@ -731,7 +731,7 @@ } lck_mtx_unlock(rt_mtx); #ifdef MAC - mac_netinet_icmp_reply(m); + mac_mbuf_label_associate_icmp_reply(m); #endif t = IA_SIN(ia)->sin_addr; ip->ip_src = t; ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet/ip_output.c#7 (text+ko) ==== @@ -63,7 +63,7 @@ * $FreeBSD: src/sys/netinet/ip_output.c,v 1.99.2.16 2001/07/19 06:37:26 kris Exp $ */ /* - * NOTICE: This file was modified by SPARTA, Inc. in 2005 to introduce + * NOTICE: This file was modified by SPARTA, Inc. in 2007 to introduce * support for mandatory and extensible security protections. This notice * is included in support of clause 2.2 (b) of the Apple Public License, * Version 2.0. @@ -1294,7 +1294,7 @@ m->m_pkthdr.csum_flags = m0->m_pkthdr.csum_flags; m->m_pkthdr.socket_id = m0->m_pkthdr.socket_id; #ifdef MAC - mac_netinet_fragment(m0, m); + mac_mbuf_label_copy_fragment(m0, m); #endif HTONS(mhip->ip_off); mhip->ip_sum = 0; ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet/tcp_subr.c#9 (text+ko) ==== @@ -63,7 +63,7 @@ * $FreeBSD: src/sys/netinet/tcp_subr.c,v 1.73.2.22 2001/08/22 00:59:12 silby Exp $ */ /* - * NOTICE: This file was modified by SPARTA, Inc. in 2005 to introduce + * NOTICE: This file was modified by SPARTA, Inc. in 2007 to introduce * support for mandatory and extensible security protections. This notice * is included in support of clause 2.2 (b) of the Apple Public License, * Version 2.0. @@ -587,7 +587,7 @@ * Packet is not associated with a socket, so possibly * update the label in place. */ - mac_netinet_tcp_reply(m); + mac_mbuf_label_associate_tcp_reply(m); } #endif nth->th_seq = htonl(seq); ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet6/ip6_output.c#6 (text+ko) ==== @@ -65,7 +65,7 @@ * @(#)ip_output.c 8.3 (Berkeley) 1/21/94 */ /* - * NOTICE: This file was modified by SPARTA, Inc. in 2005 to introduce + * NOTICE: This file was modified by SPARTA, Inc. in 2007 to introduce * support for mandatory and extensible security protections. This notice * is included in support of clause 2.2 (b) of the Apple Public License, * Version 2.0. @@ -1109,7 +1109,7 @@ m->m_pkthdr.rcvif = 0; m->m_pkthdr.socket_id = m0->m_pkthdr.socket_id; #ifdef MAC - mac_netinet_fragment(m0, m); + mac_mbuf_label_copy_fragment(m0, m); #endif ip6f->ip6f_reserved = 0; ip6f->ip6f_ident = id; ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/sys/msgbuf.h#3 (text+ko) ==== @@ -65,7 +65,7 @@ #ifndef _SYS_MSGBUF_H_ #define _SYS_MSGBUF_H_ -#define MSG_BSIZE (4096 - 3 * sizeof(long)) +#define MSG_BSIZE ((64 * 1024) - 3 * sizeof(long)) struct msgbuf { #define MSG_MAGIC 0x063061 long msg_magic; ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/sys/proc.h#3 (text+ko) ==== @@ -247,6 +247,7 @@ * routine is to be used typically for debugging */ void proc_name(int pid, char * buf, int size); +char *proc_procname(proc_t p, char *buf, int size); /* This routine is simillar to proc_name except it returns for current process */ void proc_selfname(char * buf, int size); ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/uxkern/ux_exception.c#3 (text+ko) ==== @@ -177,7 +177,11 @@ else if (result == MACH_RCV_TOO_LARGE) /* ignore oversized messages */; else +#if 0 panic("exception_handler"); +#else + printf("exception_handler, result %d", result); +#endif } thread_funnel_set(kernel_flock, FALSE); } ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/vfs/vfs_attrlist.c#7 (text+ko) ==== @@ -441,7 +441,9 @@ static int -getvolattrlist(vnode_t vp, struct getattrlist_args *uap, struct attrlist *alp, vfs_context_t ctx, int is_64bit) +getvolattrlist(vnode_t vp, struct componentname *vcnp, + struct getattrlist_args *uap, struct attrlist *alp, + vfs_context_t ctx, int is_64bit) { struct vfs_attr vs; struct vnode_attr va; @@ -697,15 +699,15 @@ */ if (perms & W_OK) if (mac_vnode_check_access(vfs_context_ucred(ctx), - vp, cnp, W_OK) != 0) + vp, vcnp, W_OK) != 0) perms &= ~W_OK; if (perms & R_OK) if (mac_vnode_check_access(vfs_context_ucred(ctx), - vp, cnp, R_OK) != 0) + vp, vcnp, R_OK) != 0) perms &= ~R_OK; if (perms & X_OK) if (mac_vnode_check_access(vfs_context_ucred(ctx), - vp, cnp, X_OK) != 0) + vp, vcnp, X_OK) != 0) perms &= ~X_OK; #endif /* MAC */ KAUTH_DEBUG("ATTRLIST - returning user access %x", perms); @@ -837,7 +839,6 @@ if ((error = namei(&nd)) != 0) goto out; vp = nd.ni_vp; - nameidone(&nd); /* * Fetch the attribute request. @@ -870,7 +871,7 @@ goto out; } /* handle volume attribute request */ - error = getvolattrlist(vp, uap, &al, &context, proc_is64bit(p)); + error = getvolattrlist(vp, &nd.ni_cnd, uap, &al, &context, proc_is64bit(p)); goto out; } @@ -1195,15 +1196,15 @@ */ if (perms & W_OK) if (mac_vnode_check_access(vfs_context_ucred(&context), - vp, cnp, W_OK) != 0) + vp, &nd.ni_cnd, W_OK) != 0) perms &= ~W_OK; if (perms & R_OK) if (mac_vnode_check_access(vfs_context_ucred(&context), - vp, cnp, R_OK) != 0) + vp, &nd.ni_cnd, R_OK) != 0) perms &= ~R_OK; if (perms & X_OK) if (mac_vnode_check_access(vfs_context_ucred(&context), - vp, cnp, X_OK) != 0) + vp, &nd.ni_cnd, X_OK) != 0) perms &= ~X_OK; #endif /* MAC */ VFS_DEBUG(ctx, vp, "ATTRLIST - granting perms %d", perms); @@ -1322,6 +1323,7 @@ error = copyout(ab.base, uap->attributeBuffer, imin(uap->bufferSize, ab.allocated)); out: + nameidone(&nd); if (va.va_name) kfree(va.va_name, MAXPATHLEN); if (vname) ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/vfs/vfs_cache.c#6 (text+ko) ==== @@ -1167,12 +1167,14 @@ void name_cache_lock(void) { + lck_mtx_assert(namecache_mtx_lock, LCK_MTX_ASSERT_NOTOWNED); lck_mtx_lock(namecache_mtx_lock); } void name_cache_unlock(void) { + lck_mtx_assert(namecache_mtx_lock, LCK_MTX_ASSERT_OWNED); lck_mtx_unlock(namecache_mtx_lock); } ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/vfs/vfs_syscalls.c#23 (text+ko) ==== @@ -2541,7 +2541,7 @@ * Check access permissions. */ static int -access1(vnode_t vp, vnode_t dvp, struct component *cnp, int uflags, +access1(vnode_t vp, vnode_t dvp, struct componentname *cnp, int uflags, vfs_context_t ctx) { kauth_action_t action; @@ -2713,6 +2713,9 @@ vp = nd.ni_vp; if (wantdelete) dvp = nd.ni_dvp; + /* run this access check */ + result[i] = access1(vp, dvp, &nd.ni_cnd, input[i].ad_flags, + &context); } nameidone(&nd); } @@ -2728,9 +2731,7 @@ result[i] = error; break; case 0: - /* run this access check */ - result[i] = access1(vp, dvp, NULL, input[i].ad_flags, - &context); + /* Handled above */ break; default: >>> TRUNCATED FOR MAIL (1000 lines) <<<
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200803191730.m2JHULSn070662>