PERFORCE change 15123 for review

Robert Watson rwatson at freebsd.org
Mon Jul 29 14:35:49 GMT 2002 

http://people.freebsd.org/~peter/p4db/chv.cgi?CH=15123

Change 15123 by rwatson at rwatson_paprika on 2002/07/29 07:34:53

	Re-sort all entry point declarations to match this in
	mac_policy.h; likewise update the comments.

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/sys/mac.h#134 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/sys/mac.h#134 (text+ko) ====

@@ -227,7 +227,12 @@
 
 #include <sys/acl.h>			/* XXX acl_type_t */
 
-/* Label-based operations. */
+struct vop_refreshlabel_args;
+struct vop_setlabel_args;
+
+/*
+ * Label operations.
+ */
 void	mac_init_bpfdesc(struct bpf_d *);
 void	mac_init_cred(struct ucred *);
 void	mac_init_devfsdirent(struct devfs_dirent *);
@@ -249,12 +254,71 @@
 void	mac_destroy_mount(struct mount *);
 void	mac_destroy_vnode(struct vnode *);
 
-/* Non-authorizational event hooks. */
+/*
+ * Labeling event operations: file system objects, and things that
+ * look a lot like file system objects.
+ */
+void	mac_create_devfs_device(dev_t dev, struct devfs_dirent *de);
+void	mac_create_devfs_directory(char *dirname, int dirnamelen,
+	    struct devfs_dirent *de);
+void	mac_create_devfs_vnode(struct devfs_dirent *de, struct vnode *vp);
+void	mac_create_vnode_from_vnode(struct ucred *cred, struct vnode *parent,
+	    struct vnode *child);
+void	mac_create_mount(struct ucred *cred, struct mount *mp);
+void	mac_create_root_mount(struct ucred *cred, struct mount *mp);
+void	mac_relabel_vnode(struct ucred *cred, struct vnode *vp,
+	    struct label *newlabel);
+void	mac_update_devfsdirent_from_vnode(struct devfs_dirent *de,
+	    struct vnode *vp);
+void	mac_update_procfsvnode_from_cred(struct vnode *vp, struct ucred *cred);
+void	mac_update_vnode_from_mount(struct vnode *vp, struct mount *mp);
+
+
+/*
+ * Labeling event operations: IPC objects.
+ */
+void	mac_create_mbuf_from_socket(struct socket *so, struct mbuf *m);
+void	mac_create_socket(struct ucred *cred, struct socket *socket);
+void	mac_create_socket_from_socket(struct socket *oldsocket,
+	    struct socket *newsocket);
+void	mac_set_socket_peer_from_mbuf(struct mbuf *mbuf,
+	    struct socket *socket);
+void	mac_set_socket_peer_from_socket(struct socket *oldsocket,
+	    struct socket *newsocket);
+void	mac_create_pipe(struct ucred *cred, struct pipe *pipe);
+
+/*
+ * Labeling event operations: network objects.
+ */
+void	mac_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d);
+void	mac_create_ifnet(struct ifnet *ifp);
+void	mac_create_ipq_from_fragment(struct mbuf *fragment, struct ipq *ipq);
+void	mac_create_datagram_from_ipq(struct ipq *ipq, struct mbuf *datagram);
+void	mac_create_fragment_from_datagram(struct mbuf *datagram,
+	    struct mbuf *fragment);
+void	mac_create_mbuf_from_mbuf(struct mbuf *oldmbuf, struct mbuf *newmbuf);
+void	mac_create_mbuf_linklayer_for_ifnet(struct ifnet *ifnet,
+	    struct mbuf *m);
+void	mac_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct mbuf *m);
+void	mac_create_mbuf_from_ifnet(struct ifnet *ifnet, struct mbuf *m);
+void	mac_create_mbuf_multicast_encap_from_mbuf(struct mbuf *oldmbuf,
+	    struct ifnet *ifnet, struct mbuf *newmbuf);
+void	mac_create_mbuf_netlayer_from_mbuf(struct mbuf *oldmbuf,
+	    struct mbuf *newmbuf);
+int	mac_fragment_matches_ipq(struct mbuf *fragment, struct ipq *ipq);
+void	mac_update_ipq_from_fragment(struct mbuf *fragment, struct ipq *ipq);
+
+/*
+ * Labeling event operations: processes.
+ */
+void	mac_create_cred(struct ucred *cred_parent, struct ucred *cred_child);
 void	mac_execve_transition(struct ucred *old, struct ucred *new,
 	    struct vnode *vp);
 int	mac_execve_will_transition(struct ucred *old, struct vnode *vp);
+void	mac_create_proc0(struct ucred *cred);
+void	mac_create_proc1(struct ucred *cred);
 
-/* Authorizational event hooks. */
+/* Access control checks. */
 int	mac_check_bpfdesc_receive(struct bpf_d *bpf_d, struct ifnet *ifnet);
 int	mac_check_cred_visible(struct ucred *u1, struct ucred *u2);
 int	mac_check_ifnet_transmit(struct ifnet *ifnet, struct mbuf *m);
@@ -329,56 +393,10 @@
 int	mac_pipe_label_set(struct ucred *cred, struct pipe *pipe,
 	    struct label *label);
 
-/* Label creation events. */
-void	mac_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d);
-void	mac_create_cred(struct ucred *cred_parent, struct ucred *cred_child);
-void	mac_create_datagram_from_ipq(struct ipq *ipq, struct mbuf *datagram);
-void	mac_create_devfs_device(dev_t dev, struct devfs_dirent *de);
-void	mac_create_devfs_directory(char *dirname, int dirnamelen,
-	    struct devfs_dirent *de);
-void	mac_create_devfs_vnode(struct devfs_dirent *de, struct vnode *vp);
-void	mac_create_fragment_from_datagram(struct mbuf *datagram,
-	    struct mbuf *fragment);
-void	mac_create_ifnet(struct ifnet *ifp);
-void	mac_create_ipq_from_fragment(struct mbuf *fragment, struct ipq *ipq);
-void	mac_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct mbuf *m);
-void	mac_create_mbuf_from_ifnet(struct ifnet *ifnet, struct mbuf *m);
-void	mac_create_mbuf_from_mbuf(struct mbuf *oldmbuf, struct mbuf *newmbuf);
-void	mac_create_mbuf_from_socket(struct socket *so, struct mbuf *m);
-void	mac_create_mbuf_linklayer_for_ifnet(struct ifnet *ifnet,
-	    struct mbuf *m);
-void	mac_create_mbuf_multicast_encap_from_mbuf(struct mbuf *oldmbuf,
-	    struct ifnet *ifnet, struct mbuf *newmbuf);
-void	mac_create_mbuf_netlayer_from_mbuf(struct mbuf *oldmbuf,
-	    struct mbuf *newmbuf);
-void	mac_create_mount(struct ucred *cred, struct mount *mp);
-void	mac_create_proc0(struct ucred *cred);
-void	mac_create_proc1(struct ucred *cred);
-void	mac_create_root_mount(struct ucred *cred, struct mount *mp);
-void	mac_create_socket(struct ucred *cred, struct socket *socket);
-void	mac_create_socket_from_socket(struct socket *oldsocket,
-	    struct socket *newsocket);
-void	mac_create_pipe(struct ucred *cred, struct pipe *pipe);
-void	mac_create_vnode_from_vnode(struct ucred *cred, struct vnode *parent,
-	    struct vnode *child);
-void	mac_set_socket_peer_from_mbuf(struct mbuf *mbuf,
-	    struct socket *socket);
-void	mac_set_socket_peer_from_socket(struct socket *oldsocket,
-	    struct socket *newsocket);
-void	mac_update_devfsdirent_from_vnode(struct devfs_dirent *de,
-	    struct vnode *vp);
-void	mac_update_procfsvnode_from_cred(struct vnode *vp, struct ucred *cred);
-void	mac_update_vnode_from_mount(struct vnode *vp, struct mount *mp);
-
-/* Network event miscellany. */
-int	mac_fragment_matches_ipq(struct mbuf *fragment, struct ipq *ipq);
-void	mac_update_ipq_from_fragment(struct mbuf *fragment, struct ipq *ipq);
-
-/* Calls to help various file systems implement labeling using EAs. */
-struct vop_refreshlabel_args;
-struct vop_setlabel_args;
-void	mac_relabel_vnode(struct ucred *cred, struct vnode *vp,
-	    struct label *newlabel);
+/*
+ * Calls to help various file systems implement labeling functionality
+ * using their existing EA implementation.
+ */
 int	vop_stdcreatevnode_ea(struct vnode *dvp, struct vnode *tvp,
 	    struct ucred *cred);
 int	vop_stdrefreshlabel_ea(struct vop_refreshlabel_args *ap);
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

More information about the trustedbsd-cvs mailing list