PERFORCE change 21347 for review

Brian Feldman green at freebsd.org
Thu Nov 21 19:25:57 GMT 2002 

http://perforce.freebsd.org/chv.cgi?CH=21347

Change 21347 by green at green_laptop_2 on 2002/11/21 11:25:40

	* Update devfs MAC entry points to include mount point info,
	  except for init/destroy.
	* Fix the kld_unload implementation in mac_biba.

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/fs/devfs/devfs.h#9 edit
.. //depot/projects/trustedbsd/mac/sys/fs/devfs/devfs_devs.c#9 edit
.. //depot/projects/trustedbsd/mac/sys/fs/devfs/devfs_vfsops.c#13 edit
.. //depot/projects/trustedbsd/mac/sys/fs/devfs/devfs_vnops.c#35 edit
.. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#366 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#188 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#43 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#149 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#111 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#87 edit
.. //depot/projects/trustedbsd/mac/sys/sys/mac.h#220 edit
.. //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#174 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/fs/devfs/devfs.h#9 (text+ko) ====

@@ -168,7 +168,7 @@
 };
 
 struct devfs_mount {
-	struct vnode	*dm_root;	/* Root node */
+	struct mount	*dm_mountp;		/* filesystem vfs structure */
 	struct devfs_dirent *dm_rootdir;
 	struct devfs_dirent *dm_basedir;
 	unsigned	dm_generation;

==== //depot/projects/trustedbsd/mac/sys/fs/devfs/devfs_devs.c#9 (text+ko) ====

@@ -334,8 +334,8 @@
 				if (de == NULL) {
 					de = devfs_vmkdir(s, q - s, dd);
 #ifdef MAC
-					mac_create_devfs_directory(s, q - s,
-					    de);
+					mac_create_devfs_directory(
+					    dm->dm_mountp, s, q - s, de);
 #endif
 					de->de_inode = dm->dm_inode++;
 					TAILQ_INSERT_TAIL(&dd->de_dlist, de, de_list);
@@ -363,7 +363,7 @@
 				de->de_dirent->d_type = DT_CHR;
 			}
 #ifdef MAC
-			mac_create_devfs_device(dev, de);
+			mac_create_devfs_device(dm->dm_mountp, dev, de);
 #endif
 			*dep = de;
 			de->de_dir = dd;

==== //depot/projects/trustedbsd/mac/sys/fs/devfs/devfs_vfsops.c#13 (text+ko) ====

@@ -88,6 +88,7 @@
 #ifdef MAC
 	mp->mnt_flag |= MNT_MULTILABEL;
 #endif
+	fmp->dm_mountp = mp;
 	mp->mnt_data = (qaddr_t) fmp;
 	vfs_getnewfsid(mp);
 
@@ -96,7 +97,7 @@
 	fmp->dm_rootdir = devfs_vmkdir("(root)", 6, NULL);
 	fmp->dm_rootdir->de_inode = 2;
 #ifdef MAC
-	mac_create_devfs_directory("", 0, fmp->dm_rootdir);
+	mac_create_devfs_directory(mp, "", 0, fmp->dm_rootdir);
 #endif
 	fmp->dm_basedir = fmp->dm_rootdir;
 	devfs_rules_newmount(fmp, td);

==== //depot/projects/trustedbsd/mac/sys/fs/devfs/devfs_vnops.c#35 (text+ko) ====

@@ -832,7 +832,7 @@
 	de = vp->v_data;
 
 	mac_relabel_vnode(ap->a_cred, vp, ap->a_label);
-	mac_update_devfsdirent(de, vp);
+	mac_update_devfsdirent(vp->v_mount, de, vp);
 
 	return (0);
 }
@@ -869,7 +869,7 @@
 	bcopy(ap->a_target, de->de_symlink, i);
 	lockmgr(&dmp->dm_lock, LK_EXCLUSIVE, 0, curthread);
 #ifdef MAC
-	mac_create_devfs_symlink(ap->a_cnp->cn_cred, dd, de);
+	mac_create_devfs_symlink(dmp->dm_mountp, ap->a_cnp->cn_cred, dd, de);
 #endif
 	TAILQ_INSERT_TAIL(&dd->de_dlist, de, de_list);
 	devfs_allocv(de, ap->a_dvp->v_mount, ap->a_vpp, 0);

==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#366 (text+ko) ====

@@ -1196,10 +1196,12 @@
 }
 
 void
-mac_update_devfsdirent(struct devfs_dirent *de, struct vnode *vp)
+mac_update_devfsdirent(struct mount *mp, struct devfs_dirent *de,
+    struct vnode *vp)
 {
 
-	MAC_PERFORM(update_devfsdirent, de, &de->de_label, vp, &vp->v_label);
+	MAC_PERFORM(update_devfsdirent, mp, de, &de->de_label, vp,
+	    &vp->v_label);
 }
 
 void
@@ -2801,27 +2803,27 @@
 }
 
 void
-mac_create_devfs_device(dev_t dev, struct devfs_dirent *de)
+mac_create_devfs_device(struct mount *mp, dev_t dev, struct devfs_dirent *de)
 {
 
-	MAC_PERFORM(create_devfs_device, dev, de, &de->de_label);
+	MAC_PERFORM(create_devfs_device, mp, dev, de, &de->de_label);
 }
 
 void
-mac_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd,
-    struct devfs_dirent *de)
+mac_create_devfs_symlink(struct mount *mp, struct ucred *cred,
+    struct devfs_dirent *dd, struct devfs_dirent *de)
 {
 
-	MAC_PERFORM(create_devfs_symlink, cred, dd, &dd->de_label, de,
+	MAC_PERFORM(create_devfs_symlink, mp, cred, dd, &dd->de_label, de,
 	    &de->de_label);
 }
 
 void
-mac_create_devfs_directory(char *dirname, int dirnamelen,
+mac_create_devfs_directory(struct mount *mp, char *dirname, int dirnamelen,
     struct devfs_dirent *de)
 {
 
-	MAC_PERFORM(create_devfs_directory, dirname, dirnamelen, de,
+	MAC_PERFORM(create_devfs_directory, mp, dirname, dirnamelen, de,
 	    &de->de_label);
 }
 

==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#188 (text+ko) ====

@@ -800,8 +800,8 @@
  * a lot like file system objects.
  */
 static void
-mac_biba_create_devfs_device(dev_t dev, struct devfs_dirent *devfs_dirent,
-    struct label *label)
+mac_biba_create_devfs_device(struct mount *mp, dev_t dev,
+    struct devfs_dirent *devfs_dirent, struct label *label)
 {
 	struct mac_biba *mac_biba;
 	int biba_type;
@@ -822,8 +822,8 @@
 }
 
 static void
-mac_biba_create_devfs_directory(char *dirname, int dirnamelen,
-    struct devfs_dirent *devfs_dirent, struct label *label)
+mac_biba_create_devfs_directory(struct mount *mp, char *dirname,
+    int dirnamelen, struct devfs_dirent *devfs_dirent, struct label *label)
 {
 	struct mac_biba *mac_biba;
 
@@ -832,8 +832,9 @@
 }
 
 static void
-mac_biba_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd,
-    struct label *ddlabel, struct devfs_dirent *de, struct label *delabel)
+mac_biba_create_devfs_symlink(struct mount *mp, struct ucred *cred,
+    struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de,
+    struct label *delabel)
 {
 	struct mac_biba *source, *dest;
 
@@ -882,8 +883,9 @@
 }
 
 static void
-mac_biba_update_devfsdirent(struct devfs_dirent *devfs_dirent,
-    struct label *direntlabel, struct vnode *vp, struct label *vnodelabel)
+mac_biba_update_devfsdirent(struct mount *mp,
+    struct devfs_dirent *devfs_dirent, struct label *direntlabel,
+    struct vnode *vp, struct label *vnodelabel)
 {
 	struct mac_biba *source, *dest;
 
@@ -1561,8 +1563,7 @@
 
 
 static int
-mac_biba_check_kld_unload(struct ucred *cred, struct vnode *vp,
-    struct label *label)
+mac_biba_check_kld_unload(struct ucred *cred)
 {
 	struct mac_biba *subj;
 

==== //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#43 (text+ko) ====

@@ -956,8 +956,8 @@
  * a lot like file system objects.
  */
 static void
-mac_lomac_create_devfs_device(dev_t dev, struct devfs_dirent *devfs_dirent,
-    struct label *label)
+mac_lomac_create_devfs_device(struct mount *mp, dev_t dev,
+    struct devfs_dirent *devfs_dirent, struct label *label)
 {
 	struct mac_lomac *mac_lomac;
 	int lomac_type;
@@ -979,8 +979,8 @@
 }
 
 static void
-mac_lomac_create_devfs_directory(char *dirname, int dirnamelen,
-    struct devfs_dirent *devfs_dirent, struct label *label)
+mac_lomac_create_devfs_directory(struct mount *mp, char *dirname,
+    int dirnamelen, struct devfs_dirent *devfs_dirent, struct label *label)
 {
 	struct mac_lomac *mac_lomac;
 
@@ -989,8 +989,9 @@
 }
 
 static void
-mac_lomac_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd,
-    struct label *ddlabel, struct devfs_dirent *de, struct label *delabel)
+mac_lomac_create_devfs_symlink(struct mount *mp, struct ucred *cred,
+    struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de,
+    struct label *delabel)
 {
 	struct mac_lomac *source, *dest;
 
@@ -1039,8 +1040,9 @@
 }
 
 static void
-mac_lomac_update_devfsdirent(struct devfs_dirent *devfs_dirent,
-    struct label *direntlabel, struct vnode *vp, struct label *vnodelabel)
+mac_lomac_update_devfsdirent(struct mount *mp,
+    struct devfs_dirent *devfs_dirent, struct label *direntlabel,
+    struct vnode *vp, struct label *vnodelabel)
 {
 	struct mac_lomac *source, *dest;
 

==== //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#149 (text+ko) ====

@@ -766,8 +766,8 @@
  * a lot like file system objects.
  */
 static void
-mac_mls_create_devfs_device(dev_t dev, struct devfs_dirent *devfs_dirent,
-    struct label *label)
+mac_mls_create_devfs_device(struct mount *mp, dev_t dev,
+    struct devfs_dirent *devfs_dirent, struct label *label)
 {
 	struct mac_mls *mac_mls;
 	int mls_type;
@@ -791,7 +791,7 @@
 }
 
 static void
-mac_mls_create_devfs_directory(char *dirname, int dirnamelen,
+mac_mls_create_devfs_directory(struct mount *mp, char *dirname, int dirnamelen,
     struct devfs_dirent *devfs_dirent, struct label *label)
 {
 	struct mac_mls *mac_mls;
@@ -801,8 +801,9 @@
 }
 
 static void
-mac_mls_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd,
-    struct label *ddlabel, struct devfs_dirent *de, struct label *delabel)
+mac_mls_create_devfs_symlink(struct mount *mp, struct ucred *cred,
+    struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de,
+    struct label *delabel)
 {
 	struct mac_mls *source, *dest;
 
@@ -851,7 +852,7 @@
 }
 
 static void
-mac_mls_update_devfsdirent(struct devfs_dirent *devfs_dirent,
+mac_mls_update_devfsdirent(struct mount *mp, struct devfs_dirent *devfs_dirent,
     struct label *direntlabel, struct vnode *vp, struct label *vnodelabel)
 {
 	struct mac_mls *source, *dest;

==== //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#111 (text+ko) ====

@@ -169,22 +169,23 @@
 }
 
 static void
-mac_none_create_devfs_device(dev_t dev, struct devfs_dirent *devfs_dirent,
-    struct label *label)
+mac_none_create_devfs_device(struct mount *mp, dev_t dev,
+    struct devfs_dirent *devfs_dirent, struct label *label)
 {
 
 }
 
 static void
-mac_none_create_devfs_directory(char *dirname, int dirnamelen,
-    struct devfs_dirent *devfs_dirent, struct label *label)
+mac_none_create_devfs_directory(struct mount *mp, char *dirname,
+    int dirnamelen, struct devfs_dirent *devfs_dirent, struct label *label)
 {
 
 }
 
 static void
-mac_none_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd,
-    struct label *ddlabel, struct devfs_dirent *de, struct label *delabel)
+mac_none_create_devfs_symlink(struct mount *mp, struct ucred *cred,
+    struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de,
+    struct label *delabel)
 {
 
 }
@@ -228,8 +229,9 @@
 }
 
 static void
-mac_none_update_devfsdirent(struct devfs_dirent *devfs_dirent,
-    struct label *direntlabel, struct vnode *vp, struct label *vnodelabel)
+mac_none_update_devfsdirent(struct mount *mp,
+    struct devfs_dirent *devfs_dirent, struct label *direntlabel,
+    struct vnode *vp, struct label *vnodelabel)
 {
 
 }

==== //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#87 (text+ko) ====

@@ -547,22 +547,23 @@
 }
 
 static void
-mac_test_create_devfs_device(dev_t dev, struct devfs_dirent *devfs_dirent,
-    struct label *label)
+mac_test_create_devfs_device(struct mount *mp, dev_t dev,
+    struct devfs_dirent *devfs_dirent, struct label *label)
 {
 
 }
 
 static void
-mac_test_create_devfs_directory(char *dirname, int dirnamelen,
-    struct devfs_dirent *devfs_dirent, struct label *label)
+mac_test_create_devfs_directory(struct mount *mp, char *dirname,
+    int dirnamelen, struct devfs_dirent *devfs_dirent, struct label *label)
 {
 
 }
 
 static void
-mac_test_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd,
-    struct label *ddlabel, struct devfs_dirent *de, struct label *delabel)
+mac_test_create_devfs_symlink(struct mount *mp, struct ucred *cred,
+    struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de,
+    struct label *delabel)
 {
 
 }
@@ -606,8 +607,9 @@
 }
 
 static void
-mac_test_update_devfsdirent(struct devfs_dirent *devfs_dirent,
-    struct label *direntlabel, struct vnode *vp, struct label *vnodelabel)
+mac_test_update_devfsdirent(struct mount *mp,
+    struct devfs_dirent *devfs_dirent, struct label *direntlabel,
+    struct vnode *vp, struct label *vnodelabel)
 {
 
 }

==== //depot/projects/trustedbsd/mac/sys/sys/mac.h#220 (text+ko) ====

@@ -171,18 +171,20 @@
 	    struct vnode *vp);
 int	mac_associate_vnode_extattr(struct mount *mp, struct vnode *vp);
 void	mac_associate_vnode_singlelabel(struct mount *mp, struct vnode *vp);
-void	mac_create_devfs_device(dev_t dev, struct devfs_dirent *de);
-void	mac_create_devfs_directory(char *dirname, int dirnamelen,
+void	mac_create_devfs_device(struct mount *mp, dev_t dev,
 	    struct devfs_dirent *de);
-void	mac_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd,
-	    struct devfs_dirent *de);
+void	mac_create_devfs_directory(struct mount *mp, char *dirname,
+	    int dirnamelen, struct devfs_dirent *de);
+void	mac_create_devfs_symlink(struct mount *mp, struct ucred *cred,
+	    struct devfs_dirent *dd, struct devfs_dirent *de);
 int	mac_create_vnode_extattr(struct ucred *cred, struct mount *mp,
 	    struct vnode *dvp, struct vnode *vp, struct componentname *cnp);
 void	mac_create_mount(struct ucred *cred, struct mount *mp);
 void	mac_create_root_mount(struct ucred *cred, struct mount *mp);
 void	mac_relabel_vnode(struct ucred *cred, struct vnode *vp,
 	    struct label *newlabel);
-void	mac_update_devfsdirent(struct devfs_dirent *de, struct vnode *vp);
+void	mac_update_devfsdirent(struct mount *mp, struct devfs_dirent *de,
+	    struct vnode *vp);
 
 /*
  * Labeling event operations: IPC objects.

==== //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#174 (text+ko) ====

@@ -142,13 +142,15 @@
 	void	(*mpo_associate_vnode_singlelabel)(struct mount *mp,
 		    struct label *fslabel, struct vnode *vp,
 		    struct label *vlabel);
-	void	(*mpo_create_devfs_device)(dev_t dev, struct devfs_dirent *de,
+	void	(*mpo_create_devfs_device)(struct mount *mp, dev_t dev,
+		    struct devfs_dirent *de, struct label *label);
+	void	(*mpo_create_devfs_directory)(struct mount *mp, char *dirname,
+		    int dirnamelen, struct devfs_dirent *de,
 		    struct label *label);
-	void	(*mpo_create_devfs_directory)(char *dirname, int dirnamelen,
-		    struct devfs_dirent *de, struct label *label);
-	void	(*mpo_create_devfs_symlink)(struct ucred *cred,
-		    struct devfs_dirent *dd, struct label *ddlabel,
-		    struct devfs_dirent *de, struct label *delabel);
+	void	(*mpo_create_devfs_symlink)(struct mount *mp,
+		    struct ucred *cred, struct devfs_dirent *dd,
+		    struct label *ddlabel, struct devfs_dirent *de,
+		    struct label *delabel);
 	int	(*mpo_create_vnode_extattr)(struct ucred *cred,
 		    struct mount *mp, struct label *fslabel,
 		    struct vnode *dvp, struct label *dlabel,
@@ -163,7 +165,8 @@
 	int	(*mpo_setlabel_vnode_extattr)(struct ucred *cred,
 		    struct vnode *vp, struct label *vlabel,
 		    struct label *intlabel);
-	void	(*mpo_update_devfsdirent)(struct devfs_dirent *devfs_dirent,
+	void	(*mpo_update_devfsdirent)(struct mount *mp,
+		    struct devfs_dirent *devfs_dirent,
 		    struct label *direntlabel, struct vnode *vp,
 		    struct label *vnodelabel);
 
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

More information about the trustedbsd-cvs mailing list