From owner-p4-projects Thu Nov 21 11:29:22 2002 Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 3402437B406; Thu, 21 Nov 2002 11:29:08 -0800 (PST) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CF5F037B401 for ; Thu, 21 Nov 2002 11:29:07 -0800 (PST) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 41EC043E3B for ; Thu, 21 Nov 2002 11:29:07 -0800 (PST) (envelope-from green@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.12.6/8.12.6) with ESMTP id gALJPwmV088476 for ; Thu, 21 Nov 2002 11:25:58 -0800 (PST) (envelope-from green@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.12.6/8.12.6/Submit) id gALJPvnV088473 for perforce@freebsd.org; Thu, 21 Nov 2002 11:25:57 -0800 (PST) Date: Thu, 21 Nov 2002 11:25:57 -0800 (PST) Message-Id: <200211211925.gALJPvnV088473@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to green@freebsd.org using -f From: Brian Feldman Subject: PERFORCE change 21347 for review To: Perforce Change Reviews Sender: owner-p4-projects@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG http://perforce.freebsd.org/chv.cgi?CH=21347 Change 21347 by green@green_laptop_2 on 2002/11/21 11:25:40 * Update devfs MAC entry points to include mount point info, except for init/destroy. * Fix the kld_unload implementation in mac_biba. Affected files ... .. //depot/projects/trustedbsd/mac/sys/fs/devfs/devfs.h#9 edit .. //depot/projects/trustedbsd/mac/sys/fs/devfs/devfs_devs.c#9 edit .. //depot/projects/trustedbsd/mac/sys/fs/devfs/devfs_vfsops.c#13 edit .. //depot/projects/trustedbsd/mac/sys/fs/devfs/devfs_vnops.c#35 edit .. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#366 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#188 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#43 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#149 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#111 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#87 edit .. //depot/projects/trustedbsd/mac/sys/sys/mac.h#220 edit .. //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#174 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/fs/devfs/devfs.h#9 (text+ko) ==== @@ -168,7 +168,7 @@ }; struct devfs_mount { - struct vnode *dm_root; /* Root node */ + struct mount *dm_mountp; /* filesystem vfs structure */ struct devfs_dirent *dm_rootdir; struct devfs_dirent *dm_basedir; unsigned dm_generation; ==== //depot/projects/trustedbsd/mac/sys/fs/devfs/devfs_devs.c#9 (text+ko) ==== @@ -334,8 +334,8 @@ if (de == NULL) { de = devfs_vmkdir(s, q - s, dd); #ifdef MAC - mac_create_devfs_directory(s, q - s, - de); + mac_create_devfs_directory( + dm->dm_mountp, s, q - s, de); #endif de->de_inode = dm->dm_inode++; TAILQ_INSERT_TAIL(&dd->de_dlist, de, de_list); @@ -363,7 +363,7 @@ de->de_dirent->d_type = DT_CHR; } #ifdef MAC - mac_create_devfs_device(dev, de); + mac_create_devfs_device(dm->dm_mountp, dev, de); #endif *dep = de; de->de_dir = dd; ==== //depot/projects/trustedbsd/mac/sys/fs/devfs/devfs_vfsops.c#13 (text+ko) ==== @@ -88,6 +88,7 @@ #ifdef MAC mp->mnt_flag |= MNT_MULTILABEL; #endif + fmp->dm_mountp = mp; mp->mnt_data = (qaddr_t) fmp; vfs_getnewfsid(mp); @@ -96,7 +97,7 @@ fmp->dm_rootdir = devfs_vmkdir("(root)", 6, NULL); fmp->dm_rootdir->de_inode = 2; #ifdef MAC - mac_create_devfs_directory("", 0, fmp->dm_rootdir); + mac_create_devfs_directory(mp, "", 0, fmp->dm_rootdir); #endif fmp->dm_basedir = fmp->dm_rootdir; devfs_rules_newmount(fmp, td); ==== //depot/projects/trustedbsd/mac/sys/fs/devfs/devfs_vnops.c#35 (text+ko) ==== @@ -832,7 +832,7 @@ de = vp->v_data; mac_relabel_vnode(ap->a_cred, vp, ap->a_label); - mac_update_devfsdirent(de, vp); + mac_update_devfsdirent(vp->v_mount, de, vp); return (0); } @@ -869,7 +869,7 @@ bcopy(ap->a_target, de->de_symlink, i); lockmgr(&dmp->dm_lock, LK_EXCLUSIVE, 0, curthread); #ifdef MAC - mac_create_devfs_symlink(ap->a_cnp->cn_cred, dd, de); + mac_create_devfs_symlink(dmp->dm_mountp, ap->a_cnp->cn_cred, dd, de); #endif TAILQ_INSERT_TAIL(&dd->de_dlist, de, de_list); devfs_allocv(de, ap->a_dvp->v_mount, ap->a_vpp, 0); ==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#366 (text+ko) ==== @@ -1196,10 +1196,12 @@ } void -mac_update_devfsdirent(struct devfs_dirent *de, struct vnode *vp) +mac_update_devfsdirent(struct mount *mp, struct devfs_dirent *de, + struct vnode *vp) { - MAC_PERFORM(update_devfsdirent, de, &de->de_label, vp, &vp->v_label); + MAC_PERFORM(update_devfsdirent, mp, de, &de->de_label, vp, + &vp->v_label); } void @@ -2801,27 +2803,27 @@ } void -mac_create_devfs_device(dev_t dev, struct devfs_dirent *de) +mac_create_devfs_device(struct mount *mp, dev_t dev, struct devfs_dirent *de) { - MAC_PERFORM(create_devfs_device, dev, de, &de->de_label); + MAC_PERFORM(create_devfs_device, mp, dev, de, &de->de_label); } void -mac_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd, - struct devfs_dirent *de) +mac_create_devfs_symlink(struct mount *mp, struct ucred *cred, + struct devfs_dirent *dd, struct devfs_dirent *de) { - MAC_PERFORM(create_devfs_symlink, cred, dd, &dd->de_label, de, + MAC_PERFORM(create_devfs_symlink, mp, cred, dd, &dd->de_label, de, &de->de_label); } void -mac_create_devfs_directory(char *dirname, int dirnamelen, +mac_create_devfs_directory(struct mount *mp, char *dirname, int dirnamelen, struct devfs_dirent *de) { - MAC_PERFORM(create_devfs_directory, dirname, dirnamelen, de, + MAC_PERFORM(create_devfs_directory, mp, dirname, dirnamelen, de, &de->de_label); } ==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#188 (text+ko) ==== @@ -800,8 +800,8 @@ * a lot like file system objects. */ static void -mac_biba_create_devfs_device(dev_t dev, struct devfs_dirent *devfs_dirent, - struct label *label) +mac_biba_create_devfs_device(struct mount *mp, dev_t dev, + struct devfs_dirent *devfs_dirent, struct label *label) { struct mac_biba *mac_biba; int biba_type; @@ -822,8 +822,8 @@ } static void -mac_biba_create_devfs_directory(char *dirname, int dirnamelen, - struct devfs_dirent *devfs_dirent, struct label *label) +mac_biba_create_devfs_directory(struct mount *mp, char *dirname, + int dirnamelen, struct devfs_dirent *devfs_dirent, struct label *label) { struct mac_biba *mac_biba; @@ -832,8 +832,9 @@ } static void -mac_biba_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd, - struct label *ddlabel, struct devfs_dirent *de, struct label *delabel) +mac_biba_create_devfs_symlink(struct mount *mp, struct ucred *cred, + struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de, + struct label *delabel) { struct mac_biba *source, *dest; @@ -882,8 +883,9 @@ } static void -mac_biba_update_devfsdirent(struct devfs_dirent *devfs_dirent, - struct label *direntlabel, struct vnode *vp, struct label *vnodelabel) +mac_biba_update_devfsdirent(struct mount *mp, + struct devfs_dirent *devfs_dirent, struct label *direntlabel, + struct vnode *vp, struct label *vnodelabel) { struct mac_biba *source, *dest; @@ -1561,8 +1563,7 @@ static int -mac_biba_check_kld_unload(struct ucred *cred, struct vnode *vp, - struct label *label) +mac_biba_check_kld_unload(struct ucred *cred) { struct mac_biba *subj; ==== //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#43 (text+ko) ==== @@ -956,8 +956,8 @@ * a lot like file system objects. */ static void -mac_lomac_create_devfs_device(dev_t dev, struct devfs_dirent *devfs_dirent, - struct label *label) +mac_lomac_create_devfs_device(struct mount *mp, dev_t dev, + struct devfs_dirent *devfs_dirent, struct label *label) { struct mac_lomac *mac_lomac; int lomac_type; @@ -979,8 +979,8 @@ } static void -mac_lomac_create_devfs_directory(char *dirname, int dirnamelen, - struct devfs_dirent *devfs_dirent, struct label *label) +mac_lomac_create_devfs_directory(struct mount *mp, char *dirname, + int dirnamelen, struct devfs_dirent *devfs_dirent, struct label *label) { struct mac_lomac *mac_lomac; @@ -989,8 +989,9 @@ } static void -mac_lomac_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd, - struct label *ddlabel, struct devfs_dirent *de, struct label *delabel) +mac_lomac_create_devfs_symlink(struct mount *mp, struct ucred *cred, + struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de, + struct label *delabel) { struct mac_lomac *source, *dest; @@ -1039,8 +1040,9 @@ } static void -mac_lomac_update_devfsdirent(struct devfs_dirent *devfs_dirent, - struct label *direntlabel, struct vnode *vp, struct label *vnodelabel) +mac_lomac_update_devfsdirent(struct mount *mp, + struct devfs_dirent *devfs_dirent, struct label *direntlabel, + struct vnode *vp, struct label *vnodelabel) { struct mac_lomac *source, *dest; ==== //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#149 (text+ko) ==== @@ -766,8 +766,8 @@ * a lot like file system objects. */ static void -mac_mls_create_devfs_device(dev_t dev, struct devfs_dirent *devfs_dirent, - struct label *label) +mac_mls_create_devfs_device(struct mount *mp, dev_t dev, + struct devfs_dirent *devfs_dirent, struct label *label) { struct mac_mls *mac_mls; int mls_type; @@ -791,7 +791,7 @@ } static void -mac_mls_create_devfs_directory(char *dirname, int dirnamelen, +mac_mls_create_devfs_directory(struct mount *mp, char *dirname, int dirnamelen, struct devfs_dirent *devfs_dirent, struct label *label) { struct mac_mls *mac_mls; @@ -801,8 +801,9 @@ } static void -mac_mls_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd, - struct label *ddlabel, struct devfs_dirent *de, struct label *delabel) +mac_mls_create_devfs_symlink(struct mount *mp, struct ucred *cred, + struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de, + struct label *delabel) { struct mac_mls *source, *dest; @@ -851,7 +852,7 @@ } static void -mac_mls_update_devfsdirent(struct devfs_dirent *devfs_dirent, +mac_mls_update_devfsdirent(struct mount *mp, struct devfs_dirent *devfs_dirent, struct label *direntlabel, struct vnode *vp, struct label *vnodelabel) { struct mac_mls *source, *dest; ==== //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#111 (text+ko) ==== @@ -169,22 +169,23 @@ } static void -mac_none_create_devfs_device(dev_t dev, struct devfs_dirent *devfs_dirent, - struct label *label) +mac_none_create_devfs_device(struct mount *mp, dev_t dev, + struct devfs_dirent *devfs_dirent, struct label *label) { } static void -mac_none_create_devfs_directory(char *dirname, int dirnamelen, - struct devfs_dirent *devfs_dirent, struct label *label) +mac_none_create_devfs_directory(struct mount *mp, char *dirname, + int dirnamelen, struct devfs_dirent *devfs_dirent, struct label *label) { } static void -mac_none_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd, - struct label *ddlabel, struct devfs_dirent *de, struct label *delabel) +mac_none_create_devfs_symlink(struct mount *mp, struct ucred *cred, + struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de, + struct label *delabel) { } @@ -228,8 +229,9 @@ } static void -mac_none_update_devfsdirent(struct devfs_dirent *devfs_dirent, - struct label *direntlabel, struct vnode *vp, struct label *vnodelabel) +mac_none_update_devfsdirent(struct mount *mp, + struct devfs_dirent *devfs_dirent, struct label *direntlabel, + struct vnode *vp, struct label *vnodelabel) { } ==== //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#87 (text+ko) ==== @@ -547,22 +547,23 @@ } static void -mac_test_create_devfs_device(dev_t dev, struct devfs_dirent *devfs_dirent, - struct label *label) +mac_test_create_devfs_device(struct mount *mp, dev_t dev, + struct devfs_dirent *devfs_dirent, struct label *label) { } static void -mac_test_create_devfs_directory(char *dirname, int dirnamelen, - struct devfs_dirent *devfs_dirent, struct label *label) +mac_test_create_devfs_directory(struct mount *mp, char *dirname, + int dirnamelen, struct devfs_dirent *devfs_dirent, struct label *label) { } static void -mac_test_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd, - struct label *ddlabel, struct devfs_dirent *de, struct label *delabel) +mac_test_create_devfs_symlink(struct mount *mp, struct ucred *cred, + struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de, + struct label *delabel) { } @@ -606,8 +607,9 @@ } static void -mac_test_update_devfsdirent(struct devfs_dirent *devfs_dirent, - struct label *direntlabel, struct vnode *vp, struct label *vnodelabel) +mac_test_update_devfsdirent(struct mount *mp, + struct devfs_dirent *devfs_dirent, struct label *direntlabel, + struct vnode *vp, struct label *vnodelabel) { } ==== //depot/projects/trustedbsd/mac/sys/sys/mac.h#220 (text+ko) ==== @@ -171,18 +171,20 @@ struct vnode *vp); int mac_associate_vnode_extattr(struct mount *mp, struct vnode *vp); void mac_associate_vnode_singlelabel(struct mount *mp, struct vnode *vp); -void mac_create_devfs_device(dev_t dev, struct devfs_dirent *de); -void mac_create_devfs_directory(char *dirname, int dirnamelen, +void mac_create_devfs_device(struct mount *mp, dev_t dev, struct devfs_dirent *de); -void mac_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd, - struct devfs_dirent *de); +void mac_create_devfs_directory(struct mount *mp, char *dirname, + int dirnamelen, struct devfs_dirent *de); +void mac_create_devfs_symlink(struct mount *mp, struct ucred *cred, + struct devfs_dirent *dd, struct devfs_dirent *de); int mac_create_vnode_extattr(struct ucred *cred, struct mount *mp, struct vnode *dvp, struct vnode *vp, struct componentname *cnp); void mac_create_mount(struct ucred *cred, struct mount *mp); void mac_create_root_mount(struct ucred *cred, struct mount *mp); void mac_relabel_vnode(struct ucred *cred, struct vnode *vp, struct label *newlabel); -void mac_update_devfsdirent(struct devfs_dirent *de, struct vnode *vp); +void mac_update_devfsdirent(struct mount *mp, struct devfs_dirent *de, + struct vnode *vp); /* * Labeling event operations: IPC objects. ==== //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#174 (text+ko) ==== @@ -142,13 +142,15 @@ void (*mpo_associate_vnode_singlelabel)(struct mount *mp, struct label *fslabel, struct vnode *vp, struct label *vlabel); - void (*mpo_create_devfs_device)(dev_t dev, struct devfs_dirent *de, + void (*mpo_create_devfs_device)(struct mount *mp, dev_t dev, + struct devfs_dirent *de, struct label *label); + void (*mpo_create_devfs_directory)(struct mount *mp, char *dirname, + int dirnamelen, struct devfs_dirent *de, struct label *label); - void (*mpo_create_devfs_directory)(char *dirname, int dirnamelen, - struct devfs_dirent *de, struct label *label); - void (*mpo_create_devfs_symlink)(struct ucred *cred, - struct devfs_dirent *dd, struct label *ddlabel, - struct devfs_dirent *de, struct label *delabel); + void (*mpo_create_devfs_symlink)(struct mount *mp, + struct ucred *cred, struct devfs_dirent *dd, + struct label *ddlabel, struct devfs_dirent *de, + struct label *delabel); int (*mpo_create_vnode_extattr)(struct ucred *cred, struct mount *mp, struct label *fslabel, struct vnode *dvp, struct label *dlabel, @@ -163,7 +165,8 @@ int (*mpo_setlabel_vnode_extattr)(struct ucred *cred, struct vnode *vp, struct label *vlabel, struct label *intlabel); - void (*mpo_update_devfsdirent)(struct devfs_dirent *devfs_dirent, + void (*mpo_update_devfsdirent)(struct mount *mp, + struct devfs_dirent *devfs_dirent, struct label *direntlabel, struct vnode *vp, struct label *vnodelabel); To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message