From owner-p4-projects@FreeBSD.ORG Thu Oct 26 21:16:06 2006 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id C6F8816A492; Thu, 26 Oct 2006 21:16:06 +0000 (UTC) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7E5A016A47C for ; Thu, 26 Oct 2006 21:16:06 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2277643D46 for ; Thu, 26 Oct 2006 21:16:06 +0000 (GMT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id k9QLG5Gf024606 for ; Thu, 26 Oct 2006 21:16:06 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.6/8.13.4/Submit) id k9QLG5dR024603 for perforce@freebsd.org; Thu, 26 Oct 2006 21:16:05 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Thu, 26 Oct 2006 21:16:05 GMT Message-Id: <200610262116.k9QLG5dR024603@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson To: Perforce Change Reviews Cc: Subject: PERFORCE change 108526 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Oct 2006 21:16:07 -0000 http://perforce.freebsd.org/chv.cgi?CH=108526 Change 108526 by rwatson@rwatson_zoo on 2006/10/26 21:15:59 Merge mac.h changes in the TrustedBSD MAC branch to mac_framework.h, their new home. Affected files ... .. //depot/projects/trustedbsd/mac/sys/security/mac/mac_framework.h#2 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/security/mac/mac_framework.h#2 (text+ko) ==== @@ -87,9 +87,20 @@ #include /* XXX acl_type_t */ /* + * __MAC_version must be incremented with every API or ABI change to the MAC + * framework. Once in a branch, changes may not break existing ABI in a + * forward compatible way. + * + * The scheme is: XXXX + * + * The major of 99 is reserved as a linear counter for MAC changes in -HEAD. + */ +#undef __MAC_version +#define __MAC_version 990000 + +/* * Kernel functions to manage and evaluate labels. */ - void mac_init_bpfdesc(struct bpf_d *); void mac_init_cred(struct ucred *); void mac_init_devfsdirent(struct devfs_dirent *); @@ -143,11 +154,12 @@ int mac_associate_vnode_extattr(struct mount *mp, struct vnode *vp); void mac_associate_vnode_singlelabel(struct mount *mp, struct vnode *vp); void mac_create_devfs_device(struct ucred *cred, struct mount *mp, - struct cdev *dev, struct devfs_dirent *de); + struct cdev *dev, struct devfs_dirent *de, const char *fullpath); void mac_create_devfs_directory(struct mount *mp, char *dirname, - int dirnamelen, struct devfs_dirent *de); + int dirnamelen, struct devfs_dirent *de, const char *fullpath); void mac_create_devfs_symlink(struct ucred *cred, struct mount *mp, - struct devfs_dirent *dd, struct devfs_dirent *de); + struct devfs_dirent *dd, struct devfs_dirent *de, + const char *fullpath); int mac_create_vnode_extattr(struct ucred *cred, struct mount *mp, struct vnode *dvp, struct vnode *vp, struct componentname *cnp); void mac_create_mount(struct ucred *cred, struct mount *mp); @@ -207,9 +219,10 @@ void mac_reflect_mbuf_icmp(struct mbuf *m); void mac_reflect_mbuf_tcp(struct mbuf *m); void mac_update_ipq(struct mbuf *fragment, struct ipq *ipq); +int mac_update_mbuf_from_cipso(struct mbuf *m, char *cp, int *code); void mac_inpcb_sosetlabel(struct socket *so, struct inpcb *inp); +void mac_create_mbuf_from_firewall(struct mbuf *m); -void mac_create_mbuf_from_firewall(struct mbuf *m); /* * Labeling event operations: processes. */ @@ -336,6 +349,9 @@ int mac_check_system_swapoff(struct ucred *cred, struct vnode *vp); int mac_check_system_sysctl(struct ucred *cred, struct sysctl_oid *oidp, void *arg1, int arg2, struct sysctl_req *req); +int mac_thread_syscall_enter(struct thread *td, int *args, int code); +void mac_thread_syscall_exit(struct thread *td, int *args, int code, + int errcode); int mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int acc_mode); int mac_check_vnode_chdir(struct ucred *cred, struct vnode *dvp);