From owner-p4-projects Tue Jan 14 0:48:24 2003 Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 590BD37B405; Tue, 14 Jan 2003 00:48:13 -0800 (PST) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E425837B401 for ; Tue, 14 Jan 2003 00:48:12 -0800 (PST) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 44A1543EB2 for ; Tue, 14 Jan 2003 00:48:12 -0800 (PST) (envelope-from chris@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.12.6/8.12.6) with ESMTP id h0E8mCfh091185 for ; Tue, 14 Jan 2003 00:48:12 -0800 (PST) (envelope-from chris@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.12.6/8.12.6/Submit) id h0E8mB6C091182 for perforce@freebsd.org; Tue, 14 Jan 2003 00:48:11 -0800 (PST) Date: Tue, 14 Jan 2003 00:48:11 -0800 (PST) Message-Id: <200301140848.h0E8mB6C091182@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to chris@freebsd.org using -f From: Chris Costello Subject: PERFORCE change 23728 for review To: Perforce Change Reviews Sender: owner-p4-projects@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG http://perforce.freebsd.org/chv.cgi?CH=23728 Change 23728 by chris@chris_holly on 2003/01/14 00:47:34 Complete the file system objects and IPC objects' labeling event operations sections. Affected files ... .. //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/mac/chapter.sgml#29 edit Differences ... ==== //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/mac/chapter.sgml#29 (text+ko) ==== @@ -1918,6 +1918,55 @@ file system is mounted, regenerated, or a new device is made available. + + + <function>&mac.mpo;_create_devfs_directory</function> + + + + void + &mac.mpo;_create_devfs_directory + + char *dirname + int dirnamelen + struct devfs_dirent + *devfs_dirent + struct label + *label + + + + + + &mac.thead; + + + + dirname + Name of directory being created + + + + namelen + Length of string + dirname + + + + devfs_dirent + Devfs directory entry for directory being + created. + + + + + + Fill out the label on a devfs_dirent being created for + the passed directory. This call will be made when the device + file system is mounted, regenerated, or a new device + requiring a specific directory hierarchy is made + available. + <function>&mac.mpo;_create_devfs_symlink</function> @@ -1986,55 +2035,91 @@ a newly created &man.devfs.5; symbolic link entry. - - <function>&mac.mpo;_create_devfs_directory</function> - + + <function>&mac.mpo;_create_vnode_extattr</function> + - void - &mac.mpo;_create_devfs_directory - - char *dirname - int dirnamelen - struct devfs_dirent - *devfs_dirent + int + &mac.mpo;_create_vnode_extattr + + struct ucred + *cred + struct mount + *mp + struct label + *fslabel + struct vnode + *dvp + struct label + *dlabel + struct vnode + *vp struct label - *label + *vlabel + struct componentname + *cnp - + &mac.thead; - + - dirname - Name of directory being created + cred + Subject credential + + + + mount + File system mount point + + + + label + File system label + + + + dvp + Parent directory vnode + + + + dlabel + Label associated with + dvp + + + + vp + Newly created vnode - + - namelen - Length of string - dirname + vlabel + Policy label associated with + vp - + - devfs_dirent - Devfs directory entry for directory being - created. + cnp + Component name for + vp - - Fill out the label on a devfs_dirent being created for - the passed directory. This call will be made when the device - file system is mounted, regenerated, or a new device - requiring a specific directory hierarchy is made - available. + + Write out the label for vp to + the appropriate extended attribute. If the write + succeeds, fill in vlabel with the + label, and return 0. Otherwise, + return an appropriate error. - + <function>&mac.mpo;_create_mount</function> @@ -2127,92 +2212,59 @@ &mac.mpo;_create_mount;. - - <function>&mac.mpo;_create_vnode_extattr</function> - + + <function>&mac.mpo;_relabel_vnode</function> + - int - &mac.mpo;_create_vnode_extattr - + void + &mac.mpo;_relabel_vnode + struct ucred *cred - struct mount - *mp - struct label - *fslabel struct vnode - *dvp + *vp struct label - *dlabel - struct vnode - *vp + *vnodelabel struct label - *vlabel - struct componentname - *cnp + *newlabel - + &mac.thead; - + cred Subject credential - - - mount - File system mount point - - + - label - File system label - - - - dvp - Parent directory vnode - - - - dlabel - Label associated with - dvp - - - vp - Newly created vnode + vnode to relabel - + - vlabel - Policy label associated with + vnodelabel + Existing policy label for vp - + - cnp - Component name for - vp + newlabel + New, possibly partial label to replace + vnodelabel - - Write out the label for vp to - the appropriate extended attribute. If the write - succeeds, fill in vlabel with the - label, and return 0. Otherwise, - return an appropriate error. + + Update the label on the passed vnode given the passed + update vnode label and the passed subject credential. - <function>&mac.mpo;_setlabel_vnode_extattr</function> @@ -2481,8 +2533,60 @@ created. + + <function>&mac.mpo;_create_socket_from_socket</function> + + + + void + &mac.mpo;_create_socket_from_socket + + struct socket + *oldsocket + struct label + *oldsocketlabel + struct socket + *newsocket + struct label + *newsocketlabel + + + + + + &mac.thead; + + + + oldsocket + Listening socket + + + oldsocketlabel + Policy label associated with + oldsocket + + + newsocket + New socket + + + + newsocketlabel + Policy label associated with + newsocketlabel + + + + + + Label a socket, newsocket, + newly &man.accept.2;ed, based on the &man.listen.2; + socket, oldsocket. + + <function>&mac.mpo;_relabel_pipe</function> @@ -7234,59 +7338,6 @@ calls are not permitted to fail (failure should be reported earlier in the relabel check). - - <function>&mac.mpo;_relabel_vnode</function> - - - - void - &mac.mpo;_relabel_vnode - - struct ucred - *cred - struct vnode - *vp - struct label - *vnodelabel - struct label - *newlabel - - - - - - &mac.thead; - - - - cred - Subject credential - - - - vp - vnode to relabel - - - - vnodelabel - Existing policy label for - vp - - - - newlabel - New, possibly partial label to replace - vnodelabel - - - - - - Update the label on the passed vnode given the passed - update vnode label and the passed subject credential. - - To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message