From owner-trustedbsd-cvs@FreeBSD.ORG Tue Oct 3 15:04:05 2006 Return-Path: X-Original-To: trustedbsd-cvs@freebsd.org Delivered-To: trustedbsd-cvs@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4A79716A523 for ; Tue, 3 Oct 2006 15:04:05 +0000 (UTC) (envelope-from owner-perforce@freebsd.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0245543D49 for ; Tue, 3 Oct 2006 15:04:03 +0000 (GMT) (envelope-from owner-perforce@freebsd.org) Received: from mx2.freebsd.org (mx2.freebsd.org [216.136.204.119]) by cyrus.watson.org (Postfix) with ESMTP id 3EEED46C3D for ; Tue, 3 Oct 2006 11:04:02 -0400 (EDT) Received: from hub.freebsd.org (hub.freebsd.org [216.136.204.18]) by mx2.freebsd.org (Postfix) with ESMTP id 464EE64A26; Tue, 3 Oct 2006 15:03:58 +0000 (GMT) (envelope-from owner-perforce@freebsd.org) Received: by hub.freebsd.org (Postfix, from userid 32767) id 3D8F616A40F; Tue, 3 Oct 2006 15:03:58 +0000 (UTC) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 00AA216A403 for ; Tue, 3 Oct 2006 15:03:58 +0000 (UTC) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id AB07F43D45 for ; Tue, 3 Oct 2006 15:03:57 +0000 (GMT) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id k93F3vrR025394 for ; Tue, 3 Oct 2006 15:03:57 GMT (envelope-from millert@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.6/8.13.4/Submit) id k93F3v7c025390 for perforce@freebsd.org; Tue, 3 Oct 2006 15:03:57 GMT (envelope-from millert@freebsd.org) Date: Tue, 3 Oct 2006 15:03:57 GMT Message-Id: <200610031503.k93F3v7c025390@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to millert@freebsd.org using -f From: Todd Miller To: Perforce Change Reviews Cc: Subject: PERFORCE change 107183 for review X-BeenThere: trustedbsd-cvs@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD CVS and Perforce commit message list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Oct 2006 15:04:05 -0000 http://perforce.freebsd.org/chv.cgi?CH=107183 Change 107183 by millert@millert_macbook on 2006/10/03 15:03:26 #ifdef out entrypoints for now where we are missing bits in refpolicy. Affected files ... .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#19 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#19 (text+ko) ==== @@ -1527,6 +1527,7 @@ return (mount_has_perm(cred, mp, FILESYSTEM__GETATTR, NULL)); } +#ifdef FILESYSTEM__SETATTR static int sebsd_mount_check_setattr(struct ucred *cred, struct mount *mp, struct label *mntlabel, struct vfs_attr *vfa) @@ -1534,6 +1535,7 @@ return (mount_has_perm(cred, mp, FILESYSTEM__SETATTR, NULL)); } +#endif static int sebsd_mount_check_remount(struct ucred *cred, struct mount *mp, @@ -1559,6 +1561,7 @@ return (pipe_has_perm(cred, pipe, FIFO_FILE__IOCTL)); } +#ifdef FIFO_FILE__POLL static int sebsd_pipe_check_kqfilter(struct ucred *cred, struct knote *kn, struct pipe *pipe, struct label *pipelabel) @@ -1566,6 +1569,7 @@ return (pipe_has_perm(cred, pipe, FIFO_FILE__POLL)); } +#endif static int sebsd_pipe_check_read(struct ucred *cred, struct pipe *pipe, @@ -1607,6 +1611,7 @@ return (rc); } +#ifdef FIFO_FILE__POLL static int sebsd_pipe_check_select(struct ucred *cred, struct pipe *pipe, struct label *pipelabel, int which) @@ -1614,6 +1619,7 @@ return (pipe_has_perm(cred, pipe, FIFO_FILE__POLL)); } +#endif static int sebsd_pipe_check_stat(struct ucred *cred, struct pipe *pipe, @@ -2179,6 +2185,7 @@ return (vnode_has_perm(cred, vp, FILE__GETATTR)); } +#if defined(FILE__POLL) && defined(FILE__GETATTR) static int sebsd_vnode_check_kqfilter(struct ucred *cred, struct ucred *file_cred, struct knote *kn, struct vnode *vp, struct label *label) @@ -2194,6 +2201,7 @@ return (0); } } +#endif static int sebsd_vnode_check_link(struct ucred *cred, struct vnode *dvp, @@ -2439,6 +2447,7 @@ return (0); } +#ifdef FILE__POLL static int sebsd_vnode_check_select(struct ucred *cred, struct vnode *vp, struct label *label, int which) @@ -2446,6 +2455,7 @@ return (vnode_has_perm(cred, vp, FILE__POLL)); } +#endif #ifdef HAS_ACLS static int @@ -2457,6 +2467,7 @@ } #endif +#ifdef FILE__SETATTR static int sebsd_vnode_check_setattrlist(struct ucred *cred, struct vnode *vp, struct label *vlabel, struct attrlist *alist) @@ -2464,6 +2475,7 @@ return (vnode_has_perm(cred, vp, FILE__SETATTR)); } +#endif static int sebsd_vnode_check_setextattr(struct ucred *cred, struct vnode *vp, @@ -2710,6 +2722,7 @@ } #endif +#ifdef SOCKET__POLL static int sebsd_socket_check_kqfilter(struct ucred *cred, struct knote *kn, struct xsocket *xso, struct label *socklabel) @@ -2717,6 +2730,7 @@ return (socket_has_perm(cred, socklabel, SOCKET__POLL)); } +#endif static int sebsd_socket_check_listen(struct ucred *cred, struct xsocket *xso, @@ -2760,6 +2774,7 @@ return (0); } +#ifdef SOCKET__POLL static int sebsd_socket_check_select(struct ucred *cred, struct xsocket *xso, struct label *socklabel, int which) @@ -2767,6 +2782,7 @@ return (socket_has_perm(cred, socklabel, SOCKET__POLL)); } +#endif static int sebsd_socket_check_send(struct ucred *cred, struct xsocket *xso, @@ -3136,6 +3152,7 @@ return (ipc_has_perm(cred, msglabel, MSG__RECEIVE)); } +#ifdef MSG__DESTROY static int sebsd_sysvmsq_check_msgrmid(struct ucred *cred, struct msg *msgptr, struct label *msglabel) @@ -3143,6 +3160,7 @@ return (ipc_has_perm(cred, msglabel, MSG__DESTROY)); } +#endif static int sebsd_sysvmsq_check_msqget(struct ucred *cred, struct msqid_kernel *msqkptr, @@ -3561,11 +3579,11 @@ .mpo_socket_check_connect = sebsd_socket_check_connect, .mpo_socket_check_create = sebsd_socket_check_create, // .mpo_socket_check_deliver = sebsd_socket_check_deliver, - .mpo_socket_check_kqfilter = sebsd_socket_check_kqfilter, +// .mpo_socket_check_kqfilter = sebsd_socket_check_kqfilter, .mpo_socket_check_listen = sebsd_socket_check_listen, .mpo_socket_check_receive = sebsd_socket_check_receive, .mpo_socket_check_setlabel = sebsd_socket_check_setlabel, - .mpo_socket_check_select = sebsd_socket_check_select, +// .mpo_socket_check_select = sebsd_socket_check_select, .mpo_socket_check_send = sebsd_socket_check_send, .mpo_socket_check_stat = sebsd_socket_check_stat, .mpo_system_check_acct = sebsd_system_check_acct, @@ -3592,7 +3610,7 @@ .mpo_vnode_check_deleteextattr = NOT_IMPLEMENTED, #endif .mpo_vnode_check_getattrlist = sebsd_vnode_check_getattrlist, - .mpo_vnode_check_kqfilter = sebsd_vnode_check_kqfilter, +// .mpo_vnode_check_kqfilter = sebsd_vnode_check_kqfilter, .mpo_vnode_check_link = sebsd_vnode_check_link, .mpo_vnode_check_lookup = sebsd_vnode_check_lookup, .mpo_vnode_check_mmap = sebsd_vnode_check_mmap, @@ -3605,8 +3623,8 @@ .mpo_vnode_check_rename_from = sebsd_vnode_check_rename_from, .mpo_vnode_check_rename_to = sebsd_vnode_check_rename_to, .mpo_vnode_check_revoke = sebsd_vnode_check_revoke, - .mpo_vnode_check_select = sebsd_vnode_check_select, - .mpo_vnode_check_setattrlist = sebsd_vnode_check_setattrlist, +// .mpo_vnode_check_select = sebsd_vnode_check_select, +// .mpo_vnode_check_setattrlist = sebsd_vnode_check_setattrlist, .mpo_vnode_check_getextattr = sebsd_vnode_check_getextattr, .mpo_vnode_check_setextattr = sebsd_vnode_check_setextattr, .mpo_vnode_check_setflags = sebsd_vnode_check_setflags, @@ -3616,10 +3634,10 @@ .mpo_vnode_check_stat = sebsd_vnode_check_stat, .mpo_vnode_check_write = sebsd_vnode_check_write, .mpo_pipe_check_ioctl = sebsd_pipe_check_ioctl, - .mpo_pipe_check_kqfilter = sebsd_pipe_check_kqfilter, +// .mpo_pipe_check_kqfilter = sebsd_pipe_check_kqfilter, .mpo_pipe_check_read = sebsd_pipe_check_read, .mpo_pipe_check_setlabel = sebsd_pipe_check_setlabel, - .mpo_pipe_check_select = sebsd_pipe_check_select, +// .mpo_pipe_check_select = sebsd_pipe_check_select, .mpo_pipe_check_stat = sebsd_pipe_check_stat, .mpo_pipe_check_write = sebsd_pipe_check_write, @@ -3635,7 +3653,7 @@ .mpo_mount_check_remount = sebsd_mount_check_remount, .mpo_mount_check_stat = sebsd_mount_check_stat, .mpo_mount_check_getattr = sebsd_mount_check_getattr, - .mpo_mount_check_setattr = sebsd_mount_check_setattr, +// .mpo_mount_check_setattr = sebsd_mount_check_setattr, .mpo_vnode_write_extattr = sebsd_vnode_write_extattr, @@ -3660,7 +3678,7 @@ .mpo_sysvmsq_check_enqueue = sebsd_sysvmsq_check_enqueue, .mpo_sysvmsq_check_msgrcv = sebsd_sysvmsq_check_msgrcv, - .mpo_sysvmsq_check_msgrmid = sebsd_sysvmsq_check_msgrmid, +// .mpo_sysvmsq_check_msgrmid = sebsd_sysvmsq_check_msgrmid, .mpo_sysvmsq_check_msqget = sebsd_sysvmsq_check_msqget, .mpo_sysvmsq_check_msqsnd = sebsd_sysvmsq_check_msqsnd, .mpo_sysvmsq_check_msqrcv = sebsd_sysvmsq_check_msqrcv,