From owner-p4-projects  Mon Jan 13 20:34: 6 2003
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 4D92E37B406; Mon, 13 Jan 2003 20:33:53 -0800 (PST)
Delivered-To: perforce@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id D468637B407
	for <perforce@freebsd.org>; Mon, 13 Jan 2003 20:33:52 -0800 (PST)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 31BE043F13
	for <perforce@freebsd.org>; Mon, 13 Jan 2003 20:33:52 -0800 (PST)
	(envelope-from chris@freebsd.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.12.6/8.12.6) with ESMTP id h0E4Xqfh001112
	for <perforce@freebsd.org>; Mon, 13 Jan 2003 20:33:52 -0800 (PST)
	(envelope-from chris@freebsd.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.12.6/8.12.6/Submit) id h0E4XpEU001109
	for perforce@freebsd.org; Mon, 13 Jan 2003 20:33:51 -0800 (PST)
Date: Mon, 13 Jan 2003 20:33:51 -0800 (PST)
Message-Id: <200301140433.h0E4XpEU001109@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to chris@freebsd.org using -f
From: Chris Costello <chris@FreeBSD.org>
Subject: PERFORCE change 23716 for review
To: Perforce Change Reviews <perforce@freebsd.org>
Sender: owner-p4-projects@FreeBSD.ORG
Precedence: bulk
List-ID: <p4-projects.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20p4-projects>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20p4-projects>
X-Loop: FreeBSD.ORG

http://perforce.freebsd.org/chv.cgi?CH=23716

Change 23716 by chris@chris_holly on 2003/01/13 20:33:12

	Document the remaining new vnode access checks.

Affected files ...

.. //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/mac/chapter.sgml#23 edit

Differences ...

==== //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/mac/chapter.sgml#23 (text+ko) ====

@@ -595,7 +595,7 @@
           </informaltable>
 
           <para>Fill in the label (<parameter>delabel</parameter>) for
-            a newly created &man.devfs.9; symbolic link entry.</para>
+            a newly created &man.devfs.5; symbolic link entry.</para>
         </sect4>
         
         <sect4 id="mac-mpo-create-devfs-directory">
@@ -3530,7 +3530,8 @@
         <para>Determine whether the subject credential can relabel
           itself to the passed label update.</para>
       </sect3>
-      
+
+
       <sect3 id="mac-mpo-cred-check-vnode-relabel">
         <title><function>&mac.mpo;_check_vnode_relabel</function></title>
         
@@ -3793,6 +3794,52 @@
           or <errorcode>EPERM</errorcode> for lack of
           privilege.</para>
       </sect3>
+
+      <sect3 id="mac-mpo-check-vnode-chroot">
+        <title><function>&mac.mpo;_check_vnode_chroot</function></title>
+
+        <funcsynopsis>
+          <funcprototype>
+            <funcdef>int
+              <function>&mac.mpo;_check_vnode_chroot</function></funcdef>
+
+            <paramdef>struct ucred
+              *<parameter>cred</parameter></paramdef>
+            <paramdef>struct vnode
+              *<parameter>dvp</parameter></paramdef>
+            <paramdef>struct label
+              *<parameter>dlabel</parameter></paramdef>
+          </funcprototype>
+        </funcsynopsis>
+
+        <informaltable>
+          <tgroup cols="3">
+            &mac.thead;
+
+            <tbody>
+              <row>
+                <entry><parameter>cred</parameter></entry>
+                <entry>Subject credential</entry>
+              </row>
+
+              <row>
+                <entry><parameter>dvp</parameter></entry>
+                <entry>Directory vnode</entry>
+              </row>
+
+              <row>
+                <entry><parameter>dlabel</parameter></entry>
+                <entry>Policy label associated with
+                  <parameter>dvp</parameter></entry>
+              </row>
+            </tbody>
+          </tgroup>
+        </informaltable>
+
+        <para>Determine whether the subject should be allowed to
+            &man.chroot.2; into the specified directory
+          (<parameter>dvp</parameter>).</para>
+      </sect3>
       
       <sect3 id="mac-mpo-cred-check-vnode-create">
         <title><function>&mac.mpo;_check_vnode_create</function></title>
@@ -4177,6 +4224,421 @@
           or <errorcode>EPERM</errorcode> for lack of
           privilege.</para>
       </sect3>
+
+      <sect3 id="mac-mpo-check-vnode-link">
+        <title><function>&mac.mpo;_check_vnode_link</function></title>
+
+        <funcsynopsis>
+          <funcprototype>
+            <funcdef>int
+              <function>&mac.mpo;_check_vnode_link</function></funcdef>
+
+            <paramdef>struct ucred
+              *<parameter>cred</parameter></paramdef>
+            <paramdef>struct vnode
+              *<parameter>dvp</parameter></paramdef>
+            <paramdef>struct label
+              *<parameter>dlabel</parameter></paramdef>
+            <paramdef>struct vnode
+              *<parameter>vp</parameter></paramdef>
+            <paramdef>struct label
+              *<parameter>label</parameter></paramdef>
+            <paramdef>struct componentname
+              *<parameter>cnp</parameter></paramdef>
+          </funcprototype>
+        </funcsynopsis>
+
+        <informaltable>
+          <tgroup cols="3">
+            &mac.thead;
+
+            <tbody>
+              <row>
+                <entry><parameter>cred</parameter></entry>
+                <entry>Subject credential</entry>
+              </row>
+
+              <row>
+                <entry><parameter>dvp</parameter></entry>
+                <entry>Directory vnode</entry>
+              </row>
+
+              <row>
+                <entry><parameter>dlabel</parameter></entry>
+                <entry>Policy label associated with
+                  <parameter>dvp</parameter></entry>
+              </row>
+
+              <row>
+                <entry><parameter>vp</parameter></entry>
+                <entry>Link destination vnode</entry>
+              </row>
+
+              <row>
+                <entry><parameter>label</parameter></entry>
+                <entry>Policy label associated with
+                  <parameter>vp</parameter></entry>
+              </row>
+
+              <row>
+                <entry><parameter>cnp</parameter></entry>
+                <entry>Component name for the link being created</entry>
+              </row>
+            </tbody>
+          </tgroup>
+        </informaltable>
+
+        <para>Determine whether the subject should be allowed to
+          create a link to the vnode <parameter>vp</parameter> with
+          the name specified by <parameter>cnp</parameter>.</para>
+      </sect3>
+
+      <sect3 id="mac-mpo-check-vnode-mmap">
+        <title><function>&mac.mpo;_check_vnode_mmap</function></title>
+
+        <funcsynopsis>
+          <funcprototype>
+            <funcdef>int
+              <function>&mac.mpo;_check_vnode_mmap</function></funcdef>
+
+            <paramdef>struct ucred
+              *<parameter>cred</parameter></paramdef>
+            <paramdef>struct vnode
+              *<parameter>vp</parameter></paramdef>
+            <paramdef>struct label
+              *<parameter>label</parameter></paramdef>
+            <paramdef>int <parameter>prot</parameter></paramdef>
+          </funcprototype>
+        </funcsynopsis>
+
+        <informaltable>
+          <tgroup cols="3">
+            &mac.thead;
+
+            <tbody>
+              <row>
+                <entry><parameter>cred</parameter></entry>
+                <entry>Subject credential</entry>
+              </row>
+
+              <row>
+                <entry><parameter>vp</parameter></entry>
+                <entry>Vnode to map</entry>
+              </row>
+
+              <row>
+                <entry><parameter>label</parameter></entry>
+                <entry>Policy label associated with
+                  <parameter>vp</parameter></entry>
+              </row>
+
+              <row>
+                <entry><parameter>prot</parameter></entry>
+                <entry>Mmap protections (see &man.mmap.2;)</entry>
+              </row>
+            </tbody>
+          </tgroup>
+        </informaltable>
+
+        <para>Determine whether the subject should be allowed to map
+          the vnode <parameter>vp</parameter> with the protections
+          specified in <parameter>prot</parameter>.</para>
+      </sect3>
+
+      <sect3 id="mac-mpo-check-vnode-mmap-downgrade">
+        <title><function>&mac.mpo;_check_mmap_downgrade</function></title>
+
+        <funcsynopsis>
+          <funcprototype>
+            <funcdef>void
+              <function>&mac.mpo;_check_mmap_downgrade</function></funcdef>
+
+            <paramdef>struct ucred
+              *<parameter>cred</parameter></paramdef>
+            <paramdef>struct vnode
+              *<parameter>vp</parameter></paramdef>
+            <paramdef>struct label
+              *<parameter>label</parameter></paramdef>
+            <paramdef>int *<parameter>prot</parameter></paramdef>
+          </funcprototype>
+        </funcsynopsis>
+
+        <informaltable>
+          <tgroup cols="3">
+            &mac.thead;
+
+            <tbody>
+              <row>
+                <entry><parameter>cred</parameter></entry>
+                <entry morerows="2">See
+                  <xref linkend="mac-mpo-check-vnode-mmap">.</entry>
+              </row>
+
+              <row>
+                <entry><parameter>vp</parameter></entry>
+              </row>
+
+              <row>
+                <entry><parameter>label</parameter></entry>
+              </row>
+
+              <row>
+                <entry><parameter>prot</parameter></entry>
+                <entry>Mmap protections to be downgraded</entry>
+              </row>
+            </tbody>
+          </tgroup>
+        </informaltable>
+
+        <para>Downgrade the mmap protections based on the subject and
+          object labels.</para>
+      </sect3>
+
+      <sect3 id="mac-mpo-check-vnode-mprotect">
+        <title><function>&mac.mpo;_check_vnode_mprotect</function></title>
+
+        <funcsynopsis>
+          <funcprototype>
+            <funcdef>int
+              <function>&mac.mpo;_check_vnode_mprotect</function></funcdef>
+
+            <paramdef>struct ucred
+              *<parameter>cred</parameter></paramdef>
+            <paramdef>struct vnode
+              *<parameter>vp</parameter></paramdef>
+            <paramdef>struct label
+              *<parameter>label</parameter></paramdef>
+            <paramdef>int <parameter>prot</parameter></paramdef>
+          </funcprototype>
+        </funcsynopsis>
+
+        <informaltable>
+          <tgroup cols="3">
+            &mac.thead;
+
+            <tbody>
+              <row>
+                <entry><parameter>cred</parameter></entry>
+                <entry>Subject credential</entry>
+              </row>
+
+              <row>
+                <entry><parameter>vp</parameter></entry>
+                <entry>Mapped vnode</entry>
+              </row>
+
+              <row>
+                <entry><parameter>prot</parameter></entry>
+                <entry>Memory protections</entry>
+              </row>
+            </tbody>
+          </tgroup>
+        </informaltable>
+
+        <para>Determine whether the subject should be allowed to
+          set the specified memory protections on memory mapped from
+          the vnode <parameter>vp</parameter>.</para>
+      </sect3>
+
+      <sect3 id="mac-mpo-check-vnode-poll">
+        <title><function>&mac.mpo;_check_vnode_poll</function></title>
+
+        <funcsynopsis>
+          <funcprototype>
+            <funcdef>int
+              <function>&mac.mpo;_check_vnode_poll</function></funcdef>
+
+            <paramdef>struct ucred
+              *<parameter>active_cred</parameter></paramdef>
+            <paramdef>struct ucred
+              *<parameter>file_cred</parameter></paramdef>
+            <paramdef>struct vnode
+              *<parameter>vp</parameter></paramdef>
+            <paramdef>struct label
+              *<parameter>label</parameter></paramdef>
+          </funcprototype>
+        </funcsynopsis>
+
+        <informaltable>
+          <tgroup cols="3">
+            &mac.thead;
+
+            <tbody>
+              <row>
+                <entry><parameter>active_cred</parameter></entry>
+                <entry>Subject credential</entry>
+              </row>
+
+              <row>
+                <entry><parameter>file_cred</parameter></entry>
+                <entry>Credential associated with the <type>struct
+                    file</type></entry>
+              </row>
+
+              <row>
+                <entry><parameter>vp</parameter></entry>
+                <entry>Polled vnode</entry>
+              </row>
+
+              <row>
+                <entry><parameter>label</parameter></entry>
+                <entry>Policy label associated with
+                  <parameter>vp</parameter></entry>
+              </row>
+            </tbody>
+          </tgroup>
+        </informaltable>
+
+        <para>Determine whether the subject should be allowed to poll
+          the vnode <parameter>vp</parameter>.</para>
+      </sect3>
+
+      <sect3 id="mac-mpo-check-vnode-rename-from">
+        <title><function>&mac.mpo;_check_vnode_rename_from</function></title>
+
+        <funcsynopsis>
+          <funcprototype>
+            <funcdef>int
+              <function>&mac.mpo;_vnode_rename_from</function></funcdef>
+
+            <paramdef>struct ucred
+              *<parameter>cred</parameter></paramdef>
+            <paramdef>struct vnode
+              *<parameter>dvp</parameter></paramdef>
+            <paramdef>struct label
+              *<parameter>dlabel</parameter></paramdef>
+            <paramdef>struct vnode
+              *<parameter>vp</parameter></paramdef>
+            <paramdef>struct label
+              *<parameter>label</parameter></paramdef>
+            <paramdef>struct componentname
+              *<parameter>cnp</parameter></paramdef>
+          </funcprototype>
+        </funcsynopsis>
+
+        <informaltable>
+          <tgroup cols="3">
+            &mac.thead;
+
+            <tbody>
+              <row>
+                <entry><parameter>cred</parameter></entry>
+                <entry>Subject credential</entry>
+              </row>
+
+              <row>
+                <entry><parameter>dvp</parameter></entry>
+                <entry>Directory vnode</entry>
+              </row>
+
+              <row>
+                <entry><parameter>dlabel</parameter></entry>
+                <entry>Policy label associated with
+                  <parameter>dvp</parameter></entry>
+              </row>
+
+              <row>
+                <entry><parameter>vp</parameter></entry>
+                <entry>Vnode to be renamed</entry>
+              </row>
+
+              <row>
+                <entry><parameter>label</parameter></entry>
+                <entry>Policy label asociated with
+                  <parameter>vp</parameter></entry>
+              </row>
+
+              <row>
+                <entry><parameter>cnp</parameter></entry>
+                <entry>Component name for
+                  <parameter>vp</parameter></entry>
+              </row>
+            </tbody>
+          </tgroup>
+        </informaltable>
+
+        <para>Determine whether the subject should be allowed to
+          rename the vnode <parameter>vp</parameter> to something
+          else.</para>
+      </sect3>
+
+      <sect3 id="mac-mpo-check-vnode-rename-to">
+        <title><function>&mac.mpo;_check_vnode_rename_to</function></title>
+
+        <funcsynopsis>
+          <funcprototype>
+            <funcdef>int
+              <function>&mac.mpo;_check_vnode_rename_to</function></funcdef>
+
+            <paramdef>struct ucred
+              *<parameter>cred</parameter></paramdef>
+            <paramdef>struct vnode
+              *<parameter>dvp</parameter></paramdef>
+            <paramdef>struct label
+              *<parameter>dlabel</parameter></paramdef>
+            <paramdef>struct vnode
+              *<parameter>vp</parameter></paramdef>
+            <paramdef>struct label
+              *<parameter>label</parameter></paramdef>
+            <paramdef>int <parameter>samedir</parameter></paramdef>
+            <paramdef>struct componentname
+              *<parameter>cnp</parameter></paramdef>
+          </funcprototype>
+        </funcsynopsis>
+
+        <informaltable>
+          <tgroup cols="3">
+            &mac.thead;
+
+            <tbody>
+              <row>
+                <entry><parameter>cred</parameter></entry>
+                <entry>Subject credential</entry>
+              </row>
+
+              <row>
+                <entry><parameter>dvp</parameter></entry>
+                <entry>Directory vnode</entry>
+              </row>
+
+              <row>
+                <entry><parameter>dlabel</parameter></entry>
+                <entry>Policy label associated with
+                  <parameter>dvp</parameter></entry>
+              </row>
+
+              <row>
+                <entry><parameter>vp</parameter></entry>
+                <entry>Overwritten vnode</entry>
+              </row>
+
+              <row>
+                <entry><parameter>label</parameter></entry>
+                <entry>Policy label associated with
+                  <parameter>vp</parameter></entry>
+              </row>
+
+              <row>
+                <entry><parameter>samedir</parameter></entry>
+                <entry>Boolean; <literal>1</literal> if the source and
+                  destination directories are the same</entry>
+              </row>
+
+              <row>
+                <entry><parameter>cnp</parameter></entry>
+                <entry>Destination component name</entry>
+              </row>
+            </tbody>
+          </tgroup>
+        </informaltable>
+
+        <para>Determine whether the subject should be allowed to
+          rename to the vnode <parameter>vp</parameter>, into the
+          directory <parameter>dvp</parameter>, or to the name
+          represented by <parameter>cnp</parameter>.  If there is no
+          existing file to overwrite, <parameter>vp</parameter> and
+          <parameter>label</parameter> will be NULL.</para>
+      </sect3>
       
       <sect3 id="mac-mpo-cred-check-socket-listen">
         <title><function>&mac.mpo;_check_socket_listen</function></title>

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe p4-projects" in the body of the message