PERFORCE change 108526 for review

Thu Oct 26 21:16:11 UTC 2006

http://perforce.freebsd.org/chv.cgi?CH=108526

Change 108526 by rwatson at rwatson_zoo on 2006/10/26 21:15:59

	Merge mac.h changes in the TrustedBSD MAC branch to mac_framework.h,
	their new home.

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/security/mac/mac_framework.h#2 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/security/mac/mac_framework.h#2 (text+ko) ====

@@ -87,9 +87,20 @@
 #include <sys/acl.h>			/* XXX acl_type_t */
 
 /*
+ * __MAC_version must be incremented with every API or ABI change to the MAC
+ * framework. Once in a branch, changes may not break existing ABI in a
+ * forward compatible way.
+ *
+ * The scheme is: <major>XXXX
+ *
+ * The major of 99 is reserved as a linear counter for MAC changes in -HEAD.
+ */
+#undef __MAC_version
+#define	__MAC_version	990000
+
+/*
  * Kernel functions to manage and evaluate labels.
  */
-
 void	mac_init_bpfdesc(struct bpf_d *);
 void	mac_init_cred(struct ucred *);
 void	mac_init_devfsdirent(struct devfs_dirent *);
@@ -143,11 +154,12 @@
 int	mac_associate_vnode_extattr(struct mount *mp, struct vnode *vp);
 void	mac_associate_vnode_singlelabel(struct mount *mp, struct vnode *vp);
 void	mac_create_devfs_device(struct ucred *cred, struct mount *mp,
-	    struct cdev *dev, struct devfs_dirent *de);
+	    struct cdev *dev, struct devfs_dirent *de, const char *fullpath);
 void	mac_create_devfs_directory(struct mount *mp, char *dirname,
-	    int dirnamelen, struct devfs_dirent *de);
+	    int dirnamelen, struct devfs_dirent *de, const char *fullpath);
 void	mac_create_devfs_symlink(struct ucred *cred, struct mount *mp,
-	    struct devfs_dirent *dd, struct devfs_dirent *de);
+	    struct devfs_dirent *dd, struct devfs_dirent *de,
+	    const char *fullpath);
 int	mac_create_vnode_extattr(struct ucred *cred, struct mount *mp,
 	    struct vnode *dvp, struct vnode *vp, struct componentname *cnp);
 void	mac_create_mount(struct ucred *cred, struct mount *mp);
@@ -207,9 +219,10 @@
 void	mac_reflect_mbuf_icmp(struct mbuf *m);
 void	mac_reflect_mbuf_tcp(struct mbuf *m);
 void	mac_update_ipq(struct mbuf *fragment, struct ipq *ipq);
+int	mac_update_mbuf_from_cipso(struct mbuf *m, char *cp, int *code);
 void	mac_inpcb_sosetlabel(struct socket *so, struct inpcb *inp);
+void	mac_create_mbuf_from_firewall(struct mbuf *m);
 
-void	mac_create_mbuf_from_firewall(struct mbuf *m);
 /*
  * Labeling event operations: processes.
  */
@@ -336,6 +349,9 @@
 int	mac_check_system_swapoff(struct ucred *cred, struct vnode *vp);
 int	mac_check_system_sysctl(struct ucred *cred, struct sysctl_oid *oidp,
 	    void *arg1, int arg2, struct sysctl_req *req);
+int	mac_thread_syscall_enter(struct thread *td, int *args, int code);
+void	mac_thread_syscall_exit(struct thread *td, int *args, int code,
+	    int errcode);
 int	mac_check_vnode_access(struct ucred *cred, struct vnode *vp,
 	    int acc_mode);
 int	mac_check_vnode_chdir(struct ucred *cred, struct vnode *dvp);
