From owner-p4-projects@FreeBSD.ORG  Tue Jul 19 02:16:19 2005
Return-Path: <owner-p4-projects@FreeBSD.ORG>
X-Original-To: p4-projects@freebsd.org
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id D938916A420; Tue, 19 Jul 2005 02:16:18 +0000 (GMT)
X-Original-To: perforce@FreeBSD.org
Delivered-To: perforce@FreeBSD.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 65CFA16A41C
	for <perforce@FreeBSD.org>; Tue, 19 Jul 2005 02:16:18 +0000 (GMT)
	(envelope-from samy@FreeBSD.org)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3795D43D45
	for <perforce@FreeBSD.org>; Tue, 19 Jul 2005 02:16:18 +0000 (GMT)
	(envelope-from samy@FreeBSD.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id j6J2GIIJ007944
	for <perforce@FreeBSD.org>; Tue, 19 Jul 2005 02:16:18 GMT
	(envelope-from samy@FreeBSD.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.13.1/8.13.1/Submit) id j6J2GHED007941
	for perforce@freebsd.org; Tue, 19 Jul 2005 02:16:17 GMT
	(envelope-from samy@FreeBSD.org)
Date: Tue, 19 Jul 2005 02:16:17 GMT
Message-Id: <200507190216.j6J2GHED007941@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	samy@FreeBSD.org using -f
From: Samy Al Bahra <samy@FreeBSD.org>
To: Perforce Change Reviews <perforce@FreeBSD.org>
Cc: 
Subject: PERFORCE change 80496 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Jul 2005 02:16:19 -0000

http://perforce.freebsd.org/chv.cgi?CH=80496

Change 80496 by samy@samy_home on 2005/07/19 02:15:25

	These changes introduce the __MAC_version define that was
	introduced to improve third-party security policy support
	as well as introduce the security.mac.version sysctl that
	will allow the ports system proper integration of our new
	MAC versioning scheme.

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#445 edit
.. //depot/projects/trustedbsd/mac/sys/sys/mac.h#279 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#445 (text+ko) ====

@@ -102,6 +102,13 @@
 SYSCTL_NODE(_security, OID_AUTO, mac, CTLFLAG_RW, 0,
     "TrustedBSD MAC policy controls");
 
+/*
+ * Export the MAC API version counter.
+ */
+static int mac_version = __MAC_version;
+SYSCTL_INT(_security_mac, OID_AUTO, version, CTLFLAG_RD,
+    &mac_version, 0, "MAC version");
+
 #if MAC_MAX_SLOTS > 32
 #error "MAC_MAX_SLOTS too large"
 #endif

==== //depot/projects/trustedbsd/mac/sys/sys/mac.h#279 (text+ko) ====

@@ -54,6 +54,21 @@
 #endif
 
 /*
+ * __MAC_version must be incremented with every API or
+ * ABI change to the MAC framework. Once in a branch,
+ * changes may not break existing ABI in a forward
+ * compatible way.
+ *
+ * The scheme is:
+ *   <major>XXXX
+ *
+ * The major of 99 is reserved as a linear counter for
+ * MAC changes in -HEAD.
+ */
+#undef	__MAC_version
+#define	__MAC_version	990000
+
+/*
  * MAC framework-related constants and limits.
  */
 #define	MAC_MAX_POLICY_NAME		32