From owner-p4-projects  Mon Jul 29  7:36: 4 2002
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 9B5B037B401; Mon, 29 Jul 2002 07:35:50 -0700 (PDT)
Delivered-To: perforce@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3717937B400
	for <perforce@freebsd.org>; Mon, 29 Jul 2002 07:35:50 -0700 (PDT)
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id D2D0D43E42
	for <perforce@freebsd.org>; Mon, 29 Jul 2002 07:35:49 -0700 (PDT)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: from freefall.freebsd.org (perforce@localhost [127.0.0.1])
	by freefall.freebsd.org (8.12.4/8.12.4) with ESMTP id g6TEZnJU073376
	for <perforce@freebsd.org>; Mon, 29 Jul 2002 07:35:49 -0700 (PDT)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: (from perforce@localhost)
	by freefall.freebsd.org (8.12.4/8.12.4/Submit) id g6TEZn0r073373
	for perforce@freebsd.org; Mon, 29 Jul 2002 07:35:49 -0700 (PDT)
Date: Mon, 29 Jul 2002 07:35:49 -0700 (PDT)
Message-Id: <200207291435.g6TEZn0r073373@freefall.freebsd.org>
X-Authentication-Warning: freefall.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f
From: Robert Watson <rwatson@FreeBSD.org>
Subject: PERFORCE change 15123 for review
To: Perforce Change Reviews <perforce@freebsd.org>
Sender: owner-p4-projects@FreeBSD.ORG
Precedence: bulk
List-ID: <p4-projects.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20p4-projects>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20p4-projects>
X-Loop: FreeBSD.ORG

http://people.freebsd.org/~peter/p4db/chv.cgi?CH=15123

Change 15123 by rwatson@rwatson_paprika on 2002/07/29 07:34:53

	Re-sort all entry point declarations to match this in
	mac_policy.h; likewise update the comments.

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/sys/mac.h#134 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/sys/mac.h#134 (text+ko) ====

@@ -227,7 +227,12 @@
 
 #include <sys/acl.h>			/* XXX acl_type_t */
 
-/* Label-based operations. */
+struct vop_refreshlabel_args;
+struct vop_setlabel_args;
+
+/*
+ * Label operations.
+ */
 void	mac_init_bpfdesc(struct bpf_d *);
 void	mac_init_cred(struct ucred *);
 void	mac_init_devfsdirent(struct devfs_dirent *);
@@ -249,12 +254,71 @@
 void	mac_destroy_mount(struct mount *);
 void	mac_destroy_vnode(struct vnode *);
 
-/* Non-authorizational event hooks. */
+/*
+ * Labeling event operations: file system objects, and things that
+ * look a lot like file system objects.
+ */
+void	mac_create_devfs_device(dev_t dev, struct devfs_dirent *de);
+void	mac_create_devfs_directory(char *dirname, int dirnamelen,
+	    struct devfs_dirent *de);
+void	mac_create_devfs_vnode(struct devfs_dirent *de, struct vnode *vp);
+void	mac_create_vnode_from_vnode(struct ucred *cred, struct vnode *parent,
+	    struct vnode *child);
+void	mac_create_mount(struct ucred *cred, struct mount *mp);
+void	mac_create_root_mount(struct ucred *cred, struct mount *mp);
+void	mac_relabel_vnode(struct ucred *cred, struct vnode *vp,
+	    struct label *newlabel);
+void	mac_update_devfsdirent_from_vnode(struct devfs_dirent *de,
+	    struct vnode *vp);
+void	mac_update_procfsvnode_from_cred(struct vnode *vp, struct ucred *cred);
+void	mac_update_vnode_from_mount(struct vnode *vp, struct mount *mp);
+
+
+/*
+ * Labeling event operations: IPC objects.
+ */
+void	mac_create_mbuf_from_socket(struct socket *so, struct mbuf *m);
+void	mac_create_socket(struct ucred *cred, struct socket *socket);
+void	mac_create_socket_from_socket(struct socket *oldsocket,
+	    struct socket *newsocket);
+void	mac_set_socket_peer_from_mbuf(struct mbuf *mbuf,
+	    struct socket *socket);
+void	mac_set_socket_peer_from_socket(struct socket *oldsocket,
+	    struct socket *newsocket);
+void	mac_create_pipe(struct ucred *cred, struct pipe *pipe);
+
+/*
+ * Labeling event operations: network objects.
+ */
+void	mac_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d);
+void	mac_create_ifnet(struct ifnet *ifp);
+void	mac_create_ipq_from_fragment(struct mbuf *fragment, struct ipq *ipq);
+void	mac_create_datagram_from_ipq(struct ipq *ipq, struct mbuf *datagram);
+void	mac_create_fragment_from_datagram(struct mbuf *datagram,
+	    struct mbuf *fragment);
+void	mac_create_mbuf_from_mbuf(struct mbuf *oldmbuf, struct mbuf *newmbuf);
+void	mac_create_mbuf_linklayer_for_ifnet(struct ifnet *ifnet,
+	    struct mbuf *m);
+void	mac_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct mbuf *m);
+void	mac_create_mbuf_from_ifnet(struct ifnet *ifnet, struct mbuf *m);
+void	mac_create_mbuf_multicast_encap_from_mbuf(struct mbuf *oldmbuf,
+	    struct ifnet *ifnet, struct mbuf *newmbuf);
+void	mac_create_mbuf_netlayer_from_mbuf(struct mbuf *oldmbuf,
+	    struct mbuf *newmbuf);
+int	mac_fragment_matches_ipq(struct mbuf *fragment, struct ipq *ipq);
+void	mac_update_ipq_from_fragment(struct mbuf *fragment, struct ipq *ipq);
+
+/*
+ * Labeling event operations: processes.
+ */
+void	mac_create_cred(struct ucred *cred_parent, struct ucred *cred_child);
 void	mac_execve_transition(struct ucred *old, struct ucred *new,
 	    struct vnode *vp);
 int	mac_execve_will_transition(struct ucred *old, struct vnode *vp);
+void	mac_create_proc0(struct ucred *cred);
+void	mac_create_proc1(struct ucred *cred);
 
-/* Authorizational event hooks. */
+/* Access control checks. */
 int	mac_check_bpfdesc_receive(struct bpf_d *bpf_d, struct ifnet *ifnet);
 int	mac_check_cred_visible(struct ucred *u1, struct ucred *u2);
 int	mac_check_ifnet_transmit(struct ifnet *ifnet, struct mbuf *m);
@@ -329,56 +393,10 @@
 int	mac_pipe_label_set(struct ucred *cred, struct pipe *pipe,
 	    struct label *label);
 
-/* Label creation events. */
-void	mac_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d);
-void	mac_create_cred(struct ucred *cred_parent, struct ucred *cred_child);
-void	mac_create_datagram_from_ipq(struct ipq *ipq, struct mbuf *datagram);
-void	mac_create_devfs_device(dev_t dev, struct devfs_dirent *de);
-void	mac_create_devfs_directory(char *dirname, int dirnamelen,
-	    struct devfs_dirent *de);
-void	mac_create_devfs_vnode(struct devfs_dirent *de, struct vnode *vp);
-void	mac_create_fragment_from_datagram(struct mbuf *datagram,
-	    struct mbuf *fragment);
-void	mac_create_ifnet(struct ifnet *ifp);
-void	mac_create_ipq_from_fragment(struct mbuf *fragment, struct ipq *ipq);
-void	mac_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct mbuf *m);
-void	mac_create_mbuf_from_ifnet(struct ifnet *ifnet, struct mbuf *m);
-void	mac_create_mbuf_from_mbuf(struct mbuf *oldmbuf, struct mbuf *newmbuf);
-void	mac_create_mbuf_from_socket(struct socket *so, struct mbuf *m);
-void	mac_create_mbuf_linklayer_for_ifnet(struct ifnet *ifnet,
-	    struct mbuf *m);
-void	mac_create_mbuf_multicast_encap_from_mbuf(struct mbuf *oldmbuf,
-	    struct ifnet *ifnet, struct mbuf *newmbuf);
-void	mac_create_mbuf_netlayer_from_mbuf(struct mbuf *oldmbuf,
-	    struct mbuf *newmbuf);
-void	mac_create_mount(struct ucred *cred, struct mount *mp);
-void	mac_create_proc0(struct ucred *cred);
-void	mac_create_proc1(struct ucred *cred);
-void	mac_create_root_mount(struct ucred *cred, struct mount *mp);
-void	mac_create_socket(struct ucred *cred, struct socket *socket);
-void	mac_create_socket_from_socket(struct socket *oldsocket,
-	    struct socket *newsocket);
-void	mac_create_pipe(struct ucred *cred, struct pipe *pipe);
-void	mac_create_vnode_from_vnode(struct ucred *cred, struct vnode *parent,
-	    struct vnode *child);
-void	mac_set_socket_peer_from_mbuf(struct mbuf *mbuf,
-	    struct socket *socket);
-void	mac_set_socket_peer_from_socket(struct socket *oldsocket,
-	    struct socket *newsocket);
-void	mac_update_devfsdirent_from_vnode(struct devfs_dirent *de,
-	    struct vnode *vp);
-void	mac_update_procfsvnode_from_cred(struct vnode *vp, struct ucred *cred);
-void	mac_update_vnode_from_mount(struct vnode *vp, struct mount *mp);
-
-/* Network event miscellany. */
-int	mac_fragment_matches_ipq(struct mbuf *fragment, struct ipq *ipq);
-void	mac_update_ipq_from_fragment(struct mbuf *fragment, struct ipq *ipq);
-
-/* Calls to help various file systems implement labeling using EAs. */
-struct vop_refreshlabel_args;
-struct vop_setlabel_args;
-void	mac_relabel_vnode(struct ucred *cred, struct vnode *vp,
-	    struct label *newlabel);
+/*
+ * Calls to help various file systems implement labeling functionality
+ * using their existing EA implementation.
+ */
 int	vop_stdcreatevnode_ea(struct vnode *dvp, struct vnode *tvp,
 	    struct ucred *cred);
 int	vop_stdrefreshlabel_ea(struct vop_refreshlabel_args *ap);

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe p4-projects" in the body of the message