PERFORCE change 20300 for review

Mon Oct 28 19:38:36 GMT 2002

http://perforce.freebsd.org/chv.cgi?CH=20300

Change 20300 by rwatson at rwatson_tislabs on 2002/10/28 11:38:32

	struct oldmac is no longer required, so eliminate it.  Enable
	the definitions of relevant structures in mac_biba and mac_mls.
	This eliminates policy-specific structures in the central MAC
	include files and implementation.

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.h#11 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.h#12 edit
.. //depot/projects/trustedbsd/mac/sys/sys/mac.h#200 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.h#11 (text+ko) ====

@@ -60,8 +60,6 @@
 #define	MAC_BIBA_TYPE_EQUAL	4	/* Equivilent to any
 					 * MAC_BIBA_TYPE_LABEL. */
 
-#if 0
-/* XXXMAC: temporarily disabled because we still need struct oldmac. */
 /*
  * Structures and constants associated with a Biba Integrity policy.
  * mac_biba represents a Biba label, with mb_type determining its properties,
@@ -88,7 +86,6 @@
 	struct mac_biba_element	mb_single;
 	struct mac_biba_element	mb_rangelow, mb_rangehigh;
 };
-#endif
 
 /*
  * Biba compartments bit test/set macros.

==== //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.h#12 (text+ko) ====

@@ -60,8 +60,6 @@
 #define	MAC_MLS_TYPE_EQUAL	4	/* Equivilent to any
 					 * MAC_MLS_TYPE_LABEL. */
 
-#if 0
-/* XXXMAC: temporarily disabled because we still need struct oldmac */
 /*
  * Structures and constants associated with a Multi-Level Security policy.
  * mac_mls represents an MLS label, with mm_type determining its properties,
@@ -93,7 +91,6 @@
 	struct mac_mls_element	mm_single;
 	struct mac_mls_element	mm_rangelow, mm_rangehigh;
 };
-#endif
 
 /*
  * MLS compartments bit test/set macros.

==== //depot/projects/trustedbsd/mac/sys/sys/mac.h#200 (text+ko) ====

@@ -108,54 +108,7 @@
 int		 mac_syscall(const char *_policyname, int _call, void *_arg);
 int		 mac_to_text(mac_t mac, char **_text);
 
-#endif /* !_KERNEL */
-
-/*
- * XXXMAC: For compatibility until the labels on disk are changed.  We
- * will enable the definitions in various policy include files once
- * these can be disabled.
- */
-
-#define	MAC_BIBA_MAX_COMPARTMENTS	256
-
-struct mac_biba_element {
-	u_short	mbe_type;
-	u_short	mbe_grade;
-	u_char	mbe_compartments[MAC_BIBA_MAX_COMPARTMENTS >> 3];
-};
-
-struct mac_biba {
-	int			mb_flags;
-	struct mac_biba_element	mb_single;
-	struct mac_biba_element	mb_rangelow, mb_rangehigh;
-};
-
-#define	MAC_MLS_MAX_COMPARTMENTS	256
-
-struct mac_mls_element {
-	u_short	mme_type;
-	u_short	mme_level;
-	u_char	mme_compartments[MAC_MLS_MAX_COMPARTMENTS >> 3];
-};
-
-struct mac_mls {
-	int			mm_flags;
-	struct mac_mls_element	mm_single;
-	struct mac_mls_element	mm_rangelow, mm_rangehigh;
-};
-
-struct mac_sebsd {
-	uint32_t	ms_psid;
-};
-
-struct oldmac {
-	int			m_macflags;
-	struct mac_biba		m_biba;
-	struct mac_mls		m_mls;
-	struct mac_sebsd	m_sebsd;
-};
-
-#ifdef _KERNEL
+#else /* !_KERNEL */
 
 /*
  * Kernel functions to manage and evaluate labels.
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

