Date: Mon, 20 Oct 2003 15:05:07 -0700 (PDT) From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 40026 for review Message-ID: <200310202205.h9KM57jK093450@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=40026 Change 40026 by rwatson@rwatson_tislabs on 2003/10/20 15:04:35 Declare mac_policy_list_head as a type so that it can be used with extern'd globals. Declare mac_policy_list and mac_static_policy_list as extern so that they can be used by the composition macros outside of kern_mac.c. Fix declaration of M_MACTEMP malloc type. Declare various pipe functions as global so they can be invoked from the system call code in kern_mac.c. Not sure what the long-term answer is here. Move to mac_error_select() in macros in mac_internal.h to clean up namespacing. Affected files ... .. //depot/projects/trustedbsd/mac/sys/security/mac/mac_internal.h#3 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/security/mac/mac_internal.h#3 (text+ko) ==== @@ -45,9 +45,20 @@ #endif /* + * MAC Framework global types and typedefs. + */ +LIST_HEAD(mac_policy_list_head, mac_policy_conf); + +/* + * MAC Framework global variables. + */ +extern struct mac_policy_list_head mac_policy_list; +extern struct mac_policy_list_head mac_static_policy_list; +extern int mac_late; +/* * MAC Framework global types and constants. */ -MALLOC_DECL(M_MACTEMP); +MALLOC_DECLARE(M_MACTEMP); /* * MAC Framework object/access counter primitives, conditionally @@ -78,6 +89,18 @@ int mac_check_structmac_consistent(struct mac *mac); int mac_allocate_slot(void); +/* + * MAC Framework per-object type functions. It's not yet clear how + * the namespaces, etc, should work for these, so for now, sort by + * object type. + */ +void mac_copy_pipe_label(struct label *src, struct label *dest); +void mac_destroy_pipe_label(struct label *label); +int mac_externalize_pipe_label(struct label *label, char *elements, + char *outbuf, size_t outbuflen, int flags); +void mac_init_pipe_label(struct label *label); +int mac_internalize_pipe_label(struct label *label, char *string); + /* * MAC_CHECK performs the designated check by walking the policy module * list and checking with each as to how it feels about the request. @@ -90,14 +113,14 @@ error = 0; \ LIST_FOREACH(mpc, &mac_static_policy_list, mpc_list) { \ if (mpc->mpc_ops->mpo_ ## check != NULL) \ - error = error_select( \ + error = mac_error_select( \ mpc->mpc_ops->mpo_ ## check (args), \ error); \ } \ if ((entrycount = mac_policy_list_conditional_busy()) != 0) { \ LIST_FOREACH(mpc, &mac_policy_list, mpc_list) { \ if (mpc->mpc_ops->mpo_ ## check != NULL) \ - error = error_select( \ + error = mac_error_select( \ mpc->mpc_ops->mpo_ ## check (args), \ error); \ } \
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200310202205.h9KM57jK093450>