From nobody Fri Jan 17 12:27:06 2025
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YZJrq4q8Jz5kvfy;
	Fri, 17 Jan 2025 12:27:07 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4YZJrq0J9Dz3TZS;
	Fri, 17 Jan 2025 12:27:07 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1737116827;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=sXWXSfcC3V0cz/OcS7ly9uvPAed5b+Fwr2es812CQG8=;
	b=cSlXJ2J9nPkAyxMU8ngr7xwKIashqzFhvve2GEb7sN0gGb9gF7uAz8hXLmKhrF8LrkuDAw
	QOU9jVx41jXmiCTCStLwh84TuEqBYc/yU2ZMbdHuc+MNZUDMwVLbDAHR48K6tjY+WTZj/S
	2cLA6sXRZfB4DoFkxT8An54WsrNXR56haWzXKf0s6ekgKbw94MpyGU1OWjbcT9lYT1Ct8F
	3+NvdsF5e1tKF7uz3JVLnV2ST9RHgLrMYx28ob2ToYB/OrsH1xX94UTh1jm+GwJH0VRO3J
	qGk+MDwNUKVBV/O89auPYT780Dr3/gTYcDGMuikX1CmPWoFlDrKvgS8sicKQXQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1737116827;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=sXWXSfcC3V0cz/OcS7ly9uvPAed5b+Fwr2es812CQG8=;
	b=FSVJephGa8bYYqwjz8Tji4mfZo5URCUkznnF66iygBSiKBkmLxdobPUDmEFReMZGNEGx7N
	TnmDRVY9GsVv021T2sQcddGJID2M5HnLFkp5V0tsRdk8mk2mQq3Pf2GSS3rhboOTv/gesq
	fyh119XTdHAOVm7TnHfylOjzvOS0an4bKF2InzYPsr8A+tIAnjNF8lcKFCzvAauwolf+zq
	cs7iNAfqoOODw1bw+rv6CXmaP67j9juTBdqR0i7IkykIvxwyCCmy82U+xLldRk5ot3P6hY
	THVxvoei6HNHyJ3HwcYAdGvnk7rxAP0NXl2HIx+vMuPXl4lHodrXBoWlk32VnQ==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1737116827; a=rsa-sha256; cv=none;
	b=VBCkObtF+kFetUtmbZ1d1hXqg08ORiAAMf7qIqf+DgBlSEi6m69WJJiaWykHQq3c132fgG
	YuZbp16OJIzOGUmUwlrBiId1syr+VTNPHOI4Tni1UmP7wPfdyspyBlg6HLBHe0pJMDfJQL
	K0/ffWCfv6ooi51Guo+4BJ4TpSDP0JFYP8H/ac+XEfosryPfTEb0ZJgweZ+Tc0bgv6gYeg
	EJWoxGAj2Xl1bycmReRvWe6PKkAvSXf3xRwQ9Qvhab5IpsQdPVd6nz1js80rFD4hB6dvHC
	tCkPgWVOCauFeF18j4x+RFKEjodMVKy8Xe8RZrvSocsCnguaZQvg0z/bzluXrQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YZJrp6yvrz2rY;
	Fri, 17 Jan 2025 12:27:06 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 50HCR6RZ052189;
	Fri, 17 Jan 2025 12:27:06 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 50HCR6a1052186;
	Fri, 17 Jan 2025 12:27:06 GMT
	(envelope-from git)
Date: Fri, 17 Jan 2025 12:27:06 GMT
Message-Id: <202501171227.50HCR6a1052186@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Olivier Certner <olce@FreeBSD.org>
Subject: git: fbac48f4b460 - stable/13 - MAC: mac_policy.h: Declare
  common MAC sysctl and jail parameters' nodes
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-all@freebsd.org
Sender: owner-dev-commits-src-all@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: olce
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/13
X-Git-Reftype: branch
X-Git-Commit: fbac48f4b460f03def43165c80c6082b6c3c4d2c
Auto-Submitted: auto-generated

The branch stable/13 has been updated by olce:

URL: https://cgit.FreeBSD.org/src/commit/?id=fbac48f4b460f03def43165c80c6082b6c3c4d2c

commit fbac48f4b460f03def43165c80c6082b6c3c4d2c
Author:     Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2024-07-04 14:08:20 +0000
Commit:     Olivier Certner <olce@FreeBSD.org>
CommitDate: 2025-01-17 12:24:50 +0000

    MAC: mac_policy.h: Declare common MAC sysctl and jail parameters' nodes
    
    Do this only when the headers for these functionalities were included
    prior to this one.  Indeed, if they need to be included, style(9)
    mandates they should have been so before this one.
    
    Remove the common MAC sysctl declaration from
    <security/mac/mac_internal.h>, as it is now redundant (all its includers
    also include <security/mac/mac_policy.h>).
    
    Remove local such declarations from all policies' files.
    
    Reviewed by:    jamie
    Approved by:    markj (mentor)
    MFC after:      5 days
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D46903
    
    (cherry picked from commit db33c6f3ae9d1231087710068ee4ea5398aacca7)
    
    The original changes in 'sys/security/mac_grantbylabel/mac_grantbylabel.c' were
    removed as MAC/grantbylabel has not been MFCed.
---
 sys/security/mac/mac_internal.h                  |  7 -------
 sys/security/mac/mac_policy.h                    | 15 +++++++++++++++
 sys/security/mac_biba/mac_biba.c                 |  2 --
 sys/security/mac_bsdextended/mac_bsdextended.c   |  2 --
 sys/security/mac_ifoff/mac_ifoff.c               |  2 --
 sys/security/mac_lomac/mac_lomac.c               |  2 --
 sys/security/mac_mls/mac_mls.c                   |  2 --
 sys/security/mac_ntpd/mac_ntpd.c                 |  2 --
 sys/security/mac_partition/mac_partition.c       |  2 --
 sys/security/mac_portacl/mac_portacl.c           |  2 --
 sys/security/mac_priority/mac_priority.c         |  2 --
 sys/security/mac_seeotheruids/mac_seeotheruids.c |  2 --
 sys/security/mac_stub/mac_stub.c                 |  2 --
 sys/security/mac_test/mac_test.c                 |  2 --
 sys/security/mac_veriexec/mac_veriexec.c         |  2 --
 15 files changed, 15 insertions(+), 33 deletions(-)

diff --git a/sys/security/mac/mac_internal.h b/sys/security/mac/mac_internal.h
index 4b2be98b4e03..c35504e04ea9 100644
--- a/sys/security/mac/mac_internal.h
+++ b/sys/security/mac/mac_internal.h
@@ -56,13 +56,6 @@
 #include <sys/lock.h>
 #include <sys/rmlock.h>
 
-/*
- * MAC Framework sysctl namespace.
- */
-#ifdef SYSCTL_DECL
-SYSCTL_DECL(_security_mac);
-#endif /* SYSCTL_DECL */
-
 /*
  * MAC Framework SDT DTrace probe namespace, macros for declaring entry
  * point probes, macros for invoking them.
diff --git a/sys/security/mac/mac_policy.h b/sys/security/mac/mac_policy.h
index 3c8eec69f17e..89239c0869c3 100644
--- a/sys/security/mac/mac_policy.h
+++ b/sys/security/mac/mac_policy.h
@@ -1034,4 +1034,19 @@ int	mac_policy_modevent(module_t mod, int type, void *data);
 intptr_t	mac_label_get(struct label *l, int slot);
 void		mac_label_set(struct label *l, int slot, intptr_t v);
 
+/*
+ * Common MAC Framework's sysctl and jail parameters' sysctl nodes' declarations.
+ *
+ * Headers <sys/jail.h> and <sys/sysctl.h> normally have to be included before
+ * this header as style(9) hints to.  If they weren't, just forego the
+ * corresponding declarations, assuming they are not needed.
+ */
+#ifdef SYSCTL_DECL
+SYSCTL_DECL(_security_mac);
+#endif
+
+#ifdef SYSCTL_JAIL_PARAM_DECL
+SYSCTL_JAIL_PARAM_DECL(mac);
+#endif
+
 #endif /* !_SECURITY_MAC_MAC_POLICY_H_ */
diff --git a/sys/security/mac_biba/mac_biba.c b/sys/security/mac_biba/mac_biba.c
index 2d0df254f94c..8b683dc380eb 100644
--- a/sys/security/mac_biba/mac_biba.c
+++ b/sys/security/mac_biba/mac_biba.c
@@ -88,8 +88,6 @@
 #include <security/mac/mac_policy.h>
 #include <security/mac_biba/mac_biba.h>
 
-SYSCTL_DECL(_security_mac);
-
 static SYSCTL_NODE(_security_mac, OID_AUTO, biba,
     CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
     "TrustedBSD mac_biba policy controls");
diff --git a/sys/security/mac_bsdextended/mac_bsdextended.c b/sys/security/mac_bsdextended/mac_bsdextended.c
index 95efc537735a..8a6549214380 100644
--- a/sys/security/mac_bsdextended/mac_bsdextended.c
+++ b/sys/security/mac_bsdextended/mac_bsdextended.c
@@ -68,8 +68,6 @@
 
 static struct mtx ugidfw_mtx;
 
-SYSCTL_DECL(_security_mac);
-
 static SYSCTL_NODE(_security_mac, OID_AUTO, bsdextended,
     CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
     "TrustedBSD extended BSD MAC policy controls");
diff --git a/sys/security/mac_ifoff/mac_ifoff.c b/sys/security/mac_ifoff/mac_ifoff.c
index b5a65f4765b2..97fc306990ee 100644
--- a/sys/security/mac_ifoff/mac_ifoff.c
+++ b/sys/security/mac_ifoff/mac_ifoff.c
@@ -58,8 +58,6 @@
 
 #include <security/mac/mac_policy.h>
 
-SYSCTL_DECL(_security_mac);
-
 static SYSCTL_NODE(_security_mac, OID_AUTO, ifoff,
     CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
     "TrustedBSD mac_ifoff policy controls");
diff --git a/sys/security/mac_lomac/mac_lomac.c b/sys/security/mac_lomac/mac_lomac.c
index 761214db07e4..d878f9a7b965 100644
--- a/sys/security/mac_lomac/mac_lomac.c
+++ b/sys/security/mac_lomac/mac_lomac.c
@@ -89,8 +89,6 @@ struct mac_lomac_proc {
 	struct mtx mtx;
 };
 
-SYSCTL_DECL(_security_mac);
-
 static SYSCTL_NODE(_security_mac, OID_AUTO, lomac,
     CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
     "TrustedBSD mac_lomac policy controls");
diff --git a/sys/security/mac_mls/mac_mls.c b/sys/security/mac_mls/mac_mls.c
index 4c87b4c7f5ce..3cdf438ea6b9 100644
--- a/sys/security/mac_mls/mac_mls.c
+++ b/sys/security/mac_mls/mac_mls.c
@@ -89,8 +89,6 @@
 #include <security/mac/mac_policy.h>
 #include <security/mac_mls/mac_mls.h>
 
-SYSCTL_DECL(_security_mac);
-
 static SYSCTL_NODE(_security_mac, OID_AUTO, mls,
     CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
     "TrustedBSD mac_mls policy controls");
diff --git a/sys/security/mac_ntpd/mac_ntpd.c b/sys/security/mac_ntpd/mac_ntpd.c
index 3125bc057be8..1aeaeb032bb8 100644
--- a/sys/security/mac_ntpd/mac_ntpd.c
+++ b/sys/security/mac_ntpd/mac_ntpd.c
@@ -34,8 +34,6 @@
 
 #include <security/mac/mac_policy.h>
 
-SYSCTL_DECL(_security_mac);
-
 static SYSCTL_NODE(_security_mac, OID_AUTO, ntpd,
     CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
     "mac_ntpd policy controls");
diff --git a/sys/security/mac_partition/mac_partition.c b/sys/security/mac_partition/mac_partition.c
index 2cff042cb33a..2f0189b79ace 100644
--- a/sys/security/mac_partition/mac_partition.c
+++ b/sys/security/mac_partition/mac_partition.c
@@ -61,8 +61,6 @@
 #include <security/mac/mac_policy.h>
 #include <security/mac_partition/mac_partition.h>
 
-SYSCTL_DECL(_security_mac);
-
 static SYSCTL_NODE(_security_mac, OID_AUTO, partition,
     CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
     "TrustedBSD mac_partition policy controls");
diff --git a/sys/security/mac_portacl/mac_portacl.c b/sys/security/mac_portacl/mac_portacl.c
index 184ec4b4738c..b3a5e06c0e2a 100644
--- a/sys/security/mac_portacl/mac_portacl.c
+++ b/sys/security/mac_portacl/mac_portacl.c
@@ -79,8 +79,6 @@
 
 #include <security/mac/mac_policy.h>
 
-SYSCTL_DECL(_security_mac);
-
 static SYSCTL_NODE(_security_mac, OID_AUTO, portacl,
     CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
     "TrustedBSD mac_portacl policy controls");
diff --git a/sys/security/mac_priority/mac_priority.c b/sys/security/mac_priority/mac_priority.c
index f460e5195cb9..1e5bfb5386cb 100644
--- a/sys/security/mac_priority/mac_priority.c
+++ b/sys/security/mac_priority/mac_priority.c
@@ -35,8 +35,6 @@
 
 #include <security/mac/mac_policy.h>
 
-SYSCTL_DECL(_security_mac);
-
 static SYSCTL_NODE(_security_mac, OID_AUTO, priority,
     CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
     "mac_priority policy controls");
diff --git a/sys/security/mac_seeotheruids/mac_seeotheruids.c b/sys/security/mac_seeotheruids/mac_seeotheruids.c
index 1677b092daad..9cd2e0f3c0fc 100644
--- a/sys/security/mac_seeotheruids/mac_seeotheruids.c
+++ b/sys/security/mac_seeotheruids/mac_seeotheruids.c
@@ -59,8 +59,6 @@
 
 #include <security/mac/mac_policy.h>
 
-SYSCTL_DECL(_security_mac);
-
 static SYSCTL_NODE(_security_mac, OID_AUTO, seeotheruids,
     CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
     "TrustedBSD mac_seeotheruids policy controls");
diff --git a/sys/security/mac_stub/mac_stub.c b/sys/security/mac_stub/mac_stub.c
index 1014aff07980..8406392443bf 100644
--- a/sys/security/mac_stub/mac_stub.c
+++ b/sys/security/mac_stub/mac_stub.c
@@ -85,8 +85,6 @@
 
 #include <security/mac/mac_policy.h>
 
-SYSCTL_DECL(_security_mac);
-
 static SYSCTL_NODE(_security_mac, OID_AUTO, stub,
     CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
     "TrustedBSD mac_stub policy controls");
diff --git a/sys/security/mac_test/mac_test.c b/sys/security/mac_test/mac_test.c
index ff7990162e56..dca14d033b66 100644
--- a/sys/security/mac_test/mac_test.c
+++ b/sys/security/mac_test/mac_test.c
@@ -76,8 +76,6 @@
 
 #include <security/mac/mac_policy.h>
 
-SYSCTL_DECL(_security_mac);
-
 static SYSCTL_NODE(_security_mac, OID_AUTO, test,
     CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
     "TrustedBSD mac_test policy controls");
diff --git a/sys/security/mac_veriexec/mac_veriexec.c b/sys/security/mac_veriexec/mac_veriexec.c
index caba5dfe9d51..11046b160ad4 100644
--- a/sys/security/mac_veriexec/mac_veriexec.c
+++ b/sys/security/mac_veriexec/mac_veriexec.c
@@ -73,8 +73,6 @@
 static int sysctl_mac_veriexec_state(SYSCTL_HANDLER_ARGS);
 static int sysctl_mac_veriexec_db(SYSCTL_HANDLER_ARGS);
 
-SYSCTL_DECL(_security_mac);
-
 SYSCTL_NODE(_security_mac, OID_AUTO, veriexec, CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
     "MAC/veriexec policy controls");