From owner-p4-projects@FreeBSD.ORG  Mon Dec  4 18:32:19 2006
Return-Path: <owner-p4-projects@FreeBSD.ORG>
X-Original-To: p4-projects@freebsd.org
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 6CF6016A416; Mon,  4 Dec 2006 18:32:19 +0000 (UTC)
X-Original-To: perforce@freebsd.org
Delivered-To: perforce@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 2E9BB16A415
	for <perforce@freebsd.org>; Mon,  4 Dec 2006 18:32:19 +0000 (UTC)
	(envelope-from millert@freebsd.org)
Received: from repoman.freebsd.org (repoman.freebsd.org [69.147.83.41])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 8102E43CBB
	for <perforce@freebsd.org>; Mon,  4 Dec 2006 18:31:44 +0000 (GMT)
	(envelope-from millert@freebsd.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id kB4IWINJ088855
	for <perforce@freebsd.org>; Mon, 4 Dec 2006 18:32:18 GMT
	(envelope-from millert@freebsd.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.13.6/8.13.4/Submit) id kB4IWIkn088852
	for perforce@freebsd.org; Mon, 4 Dec 2006 18:32:18 GMT
	(envelope-from millert@freebsd.org)
Date: Mon, 4 Dec 2006 18:32:18 GMT
Message-Id: <200612041832.kB4IWIkn088852@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	millert@freebsd.org using -f
From: Todd Miller <millert@FreeBSD.org>
To: Perforce Change Reviews <perforce@freebsd.org>
Cc: 
Subject: PERFORCE change 111042 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Dec 2006 18:32:19 -0000

http://perforce.freebsd.org/chv.cgi?CH=111042

Change 111042 by millert@millert_g5tower on 2006/12/04 18:31:19

	Implement vnode_label_associate_* entry points.

Affected files ...

.. //depot/projects/trustedbsd/sedarwin8/policies/device_access/mac_device_access.c#6 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/mls/mac_mls.c#24 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/readonly/mac_readonly.c#8 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/test/mac_test.c#18 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin8/policies/device_access/mac_device_access.c#6 (text+ko) ====


==== //depot/projects/trustedbsd/sedarwin8/policies/mls/mac_mls.c#24 (text+ko) ====

@@ -1190,6 +1190,27 @@
 	mac_mls_copy_effective(source, dest);
 }
 
+static void
+mac_mls_vnode_label_associate_file(struct ucred *cred,
+    struct mount *mp, struct label *mntlabel,
+    struct fileglob *fg, struct label *fglabel,
+    struct vnode *vp, struct label *vlabel)
+{
+	struct mac_mls *source, *dest;
+
+	if (fglabel != NULL)
+		source = SLOT(fglabel);
+	else
+	if (mntlabel != NULL)
+		source = SLOT(mntlabel);
+	else
+		source = SLOT(cred->cr_label);
+
+	dest = SLOT(vlabel);
+
+	mac_mls_copy_effective(source, dest);
+}
+
 static int
 mac_mls_vnode_label_associate_extattr(struct mount *mp, struct label *mntlabel,
     struct vnode *vp, struct label *vlabel)
@@ -1250,6 +1271,44 @@
 }
 
 static void
+mac_mls_vnode_label_associate_pipe(struct ucred *cred, struct pipe *cpipe,
+    struct label *pipelabel, struct vnode *vp, struct label *vlabel)
+{
+	struct mac_mls *source, *dest;
+
+	source = SLOT(pipelabel);
+	dest = SLOT(vlabel);
+
+	mac_mls_copy_effective(source, dest);
+}
+
+static void
+mac_mls_vnode_label_associate_posixsem(struct ucred *cred,
+    struct pseminfo *psem, struct label *psemlabel, struct vnode *vp,
+    struct label *vlabel)
+{
+	struct mac_mls *source, *dest;
+
+	source = SLOT(psemlabel);
+	dest = SLOT(vlabel);
+
+	mac_mls_copy_effective(source, dest);
+}
+
+static void
+mac_mls_vnode_label_associate_posixshm(struct ucred *cred,
+    struct pshminfo *pshm, struct label *pshmlabel, struct vnode *vp,
+    struct label *vlabel)
+{
+	struct mac_mls *source, *dest;
+
+	source = SLOT(pshmlabel);
+	dest = SLOT(vlabel);
+
+	mac_mls_copy_effective(source, dest);
+}
+
+static void
 mac_mls_vnode_label_associate_singlelabel(struct mount *mp,
     struct label *mntlabel, struct vnode *vp, struct label *vlabel)
 {
@@ -1261,6 +1320,18 @@
 	mac_mls_copy_effective(source, dest);
 }
 
+static void
+mac_mls_vnode_label_associate_socket(struct ucred *cred, struct xsocket *xso,
+    struct label *solabel, struct vnode *vp, struct label *vlabel)
+{
+	struct mac_mls *source, *dest;
+
+	source = SLOT(solabel);
+	dest = SLOT(vlabel);
+
+	mac_mls_copy_effective(source, dest);
+}
+
 static int
 mac_mls_vnode_notify_create(struct ucred *cred, struct mount *mp,
     struct label *mntlabel, struct vnode *dvp, struct label *dlabel,
@@ -2696,12 +2767,12 @@
 
 static int
 mac_mls_mount_check_fsctl(struct ucred *cred, struct mount *mp,
-    struct label *mntlabel, int com, caddr_t data)
+    struct label *mntlabel, int com)
 {
 
 	if (!mac_mls_enabled)
 		return (0);
-	MLS_MESSAGE("file_check_fsctl:  mp %p com %d(%x) data %d(%p)\n", mp, com, data);
+	MLS_MESSAGE("file_check_fsctl:  mp %p com %d(%x)\n", mp, com, data);
 #warning Implement mac_mls_file_check_fsctl()
 	return (0);
 }
@@ -2784,7 +2855,7 @@
 
 static int
 mac_mls_pipe_check_ioctl(struct ucred *cred, struct pipe *cpipe,
-    struct label *pipelabel, unsigned long cmd, void *data)
+    struct label *pipelabel, unsigned long cmd)
 {
 	struct mac_mls *subj, *obj;
 
@@ -3375,12 +3446,12 @@
 
 static int
 mac_mls_vnode_check_ioctl(struct ucred *cred, struct vnode *vp,
-    struct label *label, int com, caddr_t data)
+    struct label *label, int com)
 {
 
 	if (!mac_mls_enabled)
 		return (0);
-	MLS_MESSAGE("vnode_check_ioctl:  fp %p com %d(%x) data %d(%p)\n", fp, com, com, data, data);
+	MLS_MESSAGE("vnode_check_ioctl:  vp %p com %d(%x)\n", vp, com, com);
 #warning Implement mac_mls_vnode_check_ioctl()
 	return (0);
 }
@@ -4079,8 +4150,13 @@
     .mpo_cred_label_associate_user	= mac_mls_cred_label_associate_user,
 
     .mpo_vnode_label_associate_devfs	= mac_mls_vnode_label_associate_devfs,
+    .mpo_vnode_label_associate_file	= mac_mls_vnode_label_associate_file,
     .mpo_vnode_label_associate_extattr	= mac_mls_vnode_label_associate_extattr,
+    .mpo_vnode_label_associate_pipe	= mac_mls_vnode_label_associate_pipe,
+    .mpo_vnode_label_associate_posixsem	= mac_mls_vnode_label_associate_posixsem,
+    .mpo_vnode_label_associate_posixshm	= mac_mls_vnode_label_associate_posixshm,
     .mpo_vnode_label_associate_singlelabel= mac_mls_vnode_label_associate_singlelabel,
+    .mpo_vnode_label_associate_socket= mac_mls_vnode_label_associate_socket,
     .mpo_vnode_label_recycle		= mac_mls_recycle_label,
     .mpo_vnode_label_copy		= mac_mls_label_copy, 
     .mpo_vnode_notify_create		= mac_mls_vnode_notify_create,

==== //depot/projects/trustedbsd/sedarwin8/policies/readonly/mac_readonly.c#8 (text+ko) ====

@@ -295,7 +295,7 @@
 
 	if (error == ENOATTR)
 		return (0);
-	if (error == EOPNOTSUPP) {
+	if (error == ENOTSUP) {
 		ro_setflags(vlabel, RO_FLAG_READONLY | RO_FLAG_NOTSUPP);
 		return (0);
 	}

==== //depot/projects/trustedbsd/sedarwin8/policies/test/mac_test.c#18 (text+ko) ====

@@ -1081,7 +1081,7 @@
  * Labeling event operations: file system objects, and things that look
  * a lot like file system objects.
  */
- 
+
 /* mp can be NULL in this fcn */ 
 static void
 mac_test_vnode_label_associate_devfs(struct mount *mp, struct label *mntlabel,
@@ -1110,26 +1110,35 @@
 }
 
 static void
-mac_test_vnode_label_associate_singlelabel(struct mount *mp,
-    struct label *mntlabel, struct vnode *vp, struct label *vlabel)
+mac_test_vnode_label_associate_file(struct ucred *cred,
+    struct mount *mp, struct label *mntlabel,
+    struct fileglob *fg, struct label *fglabel,
+    struct vnode *vp, struct label *vlabel)
 {
+	CHECKNULL(cred);
 	CHECKNULL(mp);
 	CHECKNULL(vp);
 
 	INIT_LABEL(vlabel, VNODETYPE);
-	USE_LABEL(mntlabel, MOUNTTYPE);
+
+	if (fglabel) {
+		CHECKNULL(fg);
+		USE_LABEL(fglabel, FILETYPE);
+	} else {
+		USE_LABEL(mntlabel, MOUNTTYPE);
+	}
 }
 
 static void
-mac_test_vnode_label_associate_socket(struct ucred *cred, struct xsocket *xso,
-    struct label *solabel, struct vnode *vp, struct label *vlabel)
+mac_test_vnode_label_associate_pipe(struct ucred *cred, struct pipe *cpipe,
+    struct label *pipelabel, struct vnode *vp, struct label *vlabel)
 {
 	CHECKNULL(cred);
-	CHECKNULL(xso);
+	CHECKNULL(cpipe);
 	CHECKNULL(vp);
 
 	INIT_LABEL(vlabel, VNODETYPE);
-	USE_LABEL(solabel, SOCKETTYPE);
+	USE_LABEL(pipelabel, PIPETYPE);
 }
 
 static void
@@ -1157,37 +1166,31 @@
 	INIT_LABEL(vlabel, VNODETYPE);
 	USE_LABEL(pshmlabel, POSIXSHMTYPE);
 }
-
+ 
 static void
-mac_test_vnode_label_associate_pipe(struct ucred *cred, struct pipe *cpipe,
-    struct label *pipelabel, struct vnode *vp, struct label *vlabel)
+mac_test_vnode_label_associate_singlelabel(struct mount *mp,
+    struct label *mntlabel, struct vnode *vp, struct label *vlabel)
 {
-	CHECKNULL(cred);
-	CHECKNULL(cpipe);
+	CHECKNULL(mp);
 	CHECKNULL(vp);
 
 	INIT_LABEL(vlabel, VNODETYPE);
-	USE_LABEL(pipelabel, PIPETYPE);
+	USE_LABEL(mntlabel, MOUNTTYPE);
 }
 
 static void
-mac_test_vnode_label_associate_file(struct ucred *cred, struct mount *mp,
-    struct label *mntlabel, struct fileglob *fg, struct label *fglabel,
-    struct vnode *vp, struct label *vlabel)
+mac_test_vnode_label_associate_socket(struct ucred *cred, struct xsocket *xso,
+    struct label *solabel, struct vnode *vp, struct label *vlabel)
 {
 	CHECKNULL(cred);
+	CHECKNULL(xso);
 	CHECKNULL(vp);
 
 	INIT_LABEL(vlabel, VNODETYPE);
-
-	if (fglabel) {
-		CHECKNULL(fg);
-		USE_LABEL(fglabel, FILETYPE);
-	} else {
-		USE_LABEL(cred->cr_label, CREDTYPE);
-	}
+	USE_LABEL(solabel, SOCKETTYPE);
 }
 
+/*  The ucred and mount parameters can be NULL for this fcn */
 static void
 mac_test_devfs_label_associate_device(dev_t dev, struct devnode *de,
     struct label *label, const char *fullpath)
@@ -1231,8 +1234,8 @@
 	CHECKNULL(cred);
 	CHECKNULL(mp);
 
+	USE_LABEL(cred->cr_label, CREDTYPE);
 	INIT_LABEL(mntlabel, MOUNTTYPE);
-	USE_LABEL(cred->cr_label, CREDTYPE);
 }
 
 static void
@@ -1907,16 +1910,16 @@
 	.mpo_vnode_label_associate_devfs= mac_test_vnode_label_associate_devfs,
 	.mpo_vnode_label_associate_extattr=
 					mac_test_vnode_label_associate_extattr,
+	.mpo_vnode_label_associate_file= mac_test_vnode_label_associate_file,
+	.mpo_vnode_label_associate_pipe	= mac_test_vnode_label_associate_pipe,
+	.mpo_vnode_label_associate_posixsem=
+					mac_test_vnode_label_associate_posixsem,
+	.mpo_vnode_label_associate_posixshm=
+					mac_test_vnode_label_associate_posixshm,
 	.mpo_vnode_label_associate_singlelabel=
 					mac_test_vnode_label_associate_singlelabel,
 	.mpo_vnode_label_associate_socket=
 					mac_test_vnode_label_associate_socket,
-	.mpo_vnode_label_associate_posixsem=
-					mac_test_vnode_label_associate_posixsem,
-	.mpo_vnode_label_associate_posixshm=
-					mac_test_vnode_label_associate_posixshm,
-	.mpo_vnode_label_associate_pipe	= mac_test_vnode_label_associate_pipe,
-	.mpo_vnode_label_associate_file	= mac_test_vnode_label_associate_file,
 	.mpo_devfs_label_associate_device=
 					mac_test_devfs_label_associate_device,
 	.mpo_devfs_label_associate_directory=