Date: Thu, 26 Oct 2006 21:16:05 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 108526 for review Message-ID: <200610262116.k9QLG5dR024603@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=108526 Change 108526 by rwatson@rwatson_zoo on 2006/10/26 21:15:59 Merge mac.h changes in the TrustedBSD MAC branch to mac_framework.h, their new home. Affected files ... .. //depot/projects/trustedbsd/mac/sys/security/mac/mac_framework.h#2 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/security/mac/mac_framework.h#2 (text+ko) ==== @@ -87,9 +87,20 @@ #include <sys/acl.h> /* XXX acl_type_t */ /* + * __MAC_version must be incremented with every API or ABI change to the MAC + * framework. Once in a branch, changes may not break existing ABI in a + * forward compatible way. + * + * The scheme is: <major>XXXX + * + * The major of 99 is reserved as a linear counter for MAC changes in -HEAD. + */ +#undef __MAC_version +#define __MAC_version 990000 + +/* * Kernel functions to manage and evaluate labels. */ - void mac_init_bpfdesc(struct bpf_d *); void mac_init_cred(struct ucred *); void mac_init_devfsdirent(struct devfs_dirent *); @@ -143,11 +154,12 @@ int mac_associate_vnode_extattr(struct mount *mp, struct vnode *vp); void mac_associate_vnode_singlelabel(struct mount *mp, struct vnode *vp); void mac_create_devfs_device(struct ucred *cred, struct mount *mp, - struct cdev *dev, struct devfs_dirent *de); + struct cdev *dev, struct devfs_dirent *de, const char *fullpath); void mac_create_devfs_directory(struct mount *mp, char *dirname, - int dirnamelen, struct devfs_dirent *de); + int dirnamelen, struct devfs_dirent *de, const char *fullpath); void mac_create_devfs_symlink(struct ucred *cred, struct mount *mp, - struct devfs_dirent *dd, struct devfs_dirent *de); + struct devfs_dirent *dd, struct devfs_dirent *de, + const char *fullpath); int mac_create_vnode_extattr(struct ucred *cred, struct mount *mp, struct vnode *dvp, struct vnode *vp, struct componentname *cnp); void mac_create_mount(struct ucred *cred, struct mount *mp); @@ -207,9 +219,10 @@ void mac_reflect_mbuf_icmp(struct mbuf *m); void mac_reflect_mbuf_tcp(struct mbuf *m); void mac_update_ipq(struct mbuf *fragment, struct ipq *ipq); +int mac_update_mbuf_from_cipso(struct mbuf *m, char *cp, int *code); void mac_inpcb_sosetlabel(struct socket *so, struct inpcb *inp); +void mac_create_mbuf_from_firewall(struct mbuf *m); -void mac_create_mbuf_from_firewall(struct mbuf *m); /* * Labeling event operations: processes. */ @@ -336,6 +349,9 @@ int mac_check_system_swapoff(struct ucred *cred, struct vnode *vp); int mac_check_system_sysctl(struct ucred *cred, struct sysctl_oid *oidp, void *arg1, int arg2, struct sysctl_req *req); +int mac_thread_syscall_enter(struct thread *td, int *args, int code); +void mac_thread_syscall_exit(struct thread *td, int *args, int code, + int errcode); int mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int acc_mode); int mac_check_vnode_chdir(struct ucred *cred, struct vnode *dvp);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200610262116.k9QLG5dR024603>