PERFORCE change 111494 for review

Todd Miller millert at FreeBSD.org
Mon Dec 11 14:17:35 PST 2006 

http://perforce.freebsd.org/chv.cgi?CH=111494

Change 111494 by millert at millert_g5tower on 2006/12/11 21:46:49

	Add code and error fields to mac_thread_userret() and move
	it to mac_process.c where it belongs.

Affected files ...

.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/dev/ppc/systemcalls.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_base.c#32 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_framework.h#27 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_policy.h#35 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_process.c#13 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/dev/ppc/systemcalls.c#4 (text+ko) ====

@@ -221,7 +221,7 @@
 	error = (*(callp->sy_call))(proc, (void *)uthread->uu_arg, &(uthread->uu_rval[0]));
 #ifdef MAC
 	AUDIT_SYSCALL_EXIT(code, error, proc, uthread);
-	mac_thread_userret(thread_act);
+	mac_thread_userret(code, error, thread_act);
 #else
 	AUDIT_SYSCALL_EXIT(error, proc, uthread);
 #endif

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_base.c#32 (text+ko) ====

@@ -1162,14 +1162,6 @@
 	return (error);
 }
 
-void
-mac_thread_userret(struct thread *thread)
-{
-
-	if (mac_late)
-		MAC_PERFORM(thread_userret, thread);
-}
-
 /* system calls */
 
 int

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_framework.h#27 (text+ko) ====

@@ -328,7 +328,7 @@
 void	mac_sysvshm_label_init(struct shmid_kernel* shmsegptr);
 void	mac_sysvshm_label_recycle(struct shmid_kernel *shmsegptr);
 int	mac_task_check_get_port(struct ucred *cred, struct task *task);
-void	mac_thread_userret(struct thread *thread);
+void	mac_thread_userret(int code, int error, struct thread *thread);
 int	mac_vnode_check_access(struct ucred *cred, struct vnode *vp,
 	    int acc_mode);
 int	mac_vnode_check_chdir(struct ucred *cred, struct vnode *dvp);

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_policy.h#35 (text+ko) ====

@@ -3844,13 +3844,17 @@
 );
 /**
   @brief Perform MAC-related events when a thread returns to user space
-  @param thread Mach thread that is returning
+  @param code The number of the syscall/trap that has finished
+  @param error The error code that will be returned to user space
+  @param thread Mach (not BSD) thread that is returning
 
   This entry point permits policy modules to perform MAC-related
   events when a thread returns to user space, via a system call
   return, trap return, or otherwise.
 */
 typedef void mpo_thread_userret_t(
+	int code,
+	int error,
 	struct thread *thread
 );
 /**

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_process.c#13 (text+ko) ====

@@ -398,3 +398,10 @@
 	return (error);
 }
 
+void
+mac_thread_userret(int code, int error, struct thread *thread)
+{
+
+	if (mac_late)
+		MAC_PERFORM(thread_userret, code, error, thread);
+}

More information about the trustedbsd-cvs mailing list