Date: Thu, 1 Dec 2005 20:49:15 GMT From: Todd Miller <millert@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 87600 for review Message-ID: <200512012049.jB1KnF4f081566@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=87600 Change 87600 by millert@millert_g4tower on 2005/12/01 20:48:47 Remove mpo_create_root_mount, it is no longer needed. From DSEP. Affected files ... .. //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/bsd/sys/mac.h#4 edit .. //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/bsd/sys/mac_policy.h#10 edit .. //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/security/mac_vfs.c#4 edit .. //depot/projects/trustedbsd/sedarwin7/src/mac_count/module/mac_count.c#2 edit .. //depot/projects/trustedbsd/sedarwin7/src/mac_mls/mac_mls.c#4 edit .. //depot/projects/trustedbsd/sedarwin7/src/mac_stub/mac_stub.c#4 edit .. //depot/projects/trustedbsd/sedarwin7/src/mactest/mac_test.c#4 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd.c#21 edit .. //depot/projects/trustedbsd/sedarwin7/src/stacktrace/module/mac_stacktrace.c#3 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/bsd/sys/mac.h#4 (text+ko) ==== @@ -189,7 +189,6 @@ int mac_create_vnode_extattr(struct ucred *cred, struct mount *mp, struct vnode *dvp, struct vnode *vp, struct componentname *cnp); void mac_create_mount(struct ucred *cred, struct mount *mp); -void mac_create_root_mount(struct ucred *cred, struct mount *mp); void mac_relabel_vnode(struct ucred *cred, struct vnode *vp, struct label *newlabel); void mac_update_devfsdirent(struct mount *mp, struct devnode *de, ==== //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/bsd/sys/mac_policy.h#10 (text+ko) ==== @@ -1096,7 +1096,6 @@ @param fslabel Label for the file system default @see mpo_init_mount_label_t @see mpo_init_mount_fs_label_t - @see mpo_create_root_mount_t Fill out the labels on the mount point being created by the supplied user credential. This call is made when file systems are first mounted. @@ -1109,29 +1108,6 @@ ); /** - @brief Create root mount labels - @param cred Subject credential - @param mp Mount point of file system being mounted - @param mntlabel Label to associate with the new mount point - @param fslabel Label for the file system default - @see mpo_init_mount_label_t - @see mpo_init_mount_fs_label_t - @see mpo_create_root_mount_t - - Fill out the labels on the root mount point being created by the - supplied user credential. - - @warning XXX This entry point is no longer necessary and will be - removed in a future version of the framework. -*/ -typedef void mpo_create_root_mount_t( - struct ucred *cred, - struct mount *mp, - struct label *mntlabel, - struct label *fslabel -); - -/** @brief Update a vnode label @param cred Subject credential @param vp The vnode to relabel @@ -3938,7 +3914,6 @@ mpo_create_devfs_symlink_t *mpo_create_devfs_symlink; mpo_create_vnode_extattr_t *mpo_create_vnode_extattr; mpo_create_mount_t *mpo_create_mount; - mpo_create_root_mount_t *mpo_create_root_mount; mpo_relabel_vnode_t *mpo_relabel_vnode; mpo_setlabel_vnode_extattr_t *mpo_setlabel_vnode_extattr; mpo_update_devfsdirent_t *mpo_update_devfsdirent; ==== //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/security/mac_vfs.c#4 (text+ko) ==== @@ -980,14 +980,6 @@ mp->mnt_fslabel); } -void -mac_create_root_mount(struct ucred *cred, struct mount *mp) -{ - - MAC_PERFORM(create_root_mount, cred, mp, mp->mnt_mntlabel, - mp->mnt_fslabel); -} - int mac_check_mount_stat(struct ucred *cred, struct mount *mount) { ==== //depot/projects/trustedbsd/sedarwin7/src/mac_count/module/mac_count.c#2 (text+ko) ==== @@ -947,14 +947,6 @@ } static void -count_create_root_mount(struct ucred *cred, struct mount *mp, - struct label *mountlabel, struct label *fslabel) -{ - - COUNT(__func__); -} - -static void count_create_socket(struct ucred *cred, struct socket *so, struct label *solabel) { @@ -1301,7 +1293,6 @@ .mpo_create_posix_shm = count_create_posix_shm, .mpo_create_proc0 = count_create_proc0, .mpo_create_proc1 = count_create_proc1, - .mpo_create_root_mount = count_create_root_mount, .mpo_create_socket = count_create_socket, .mpo_create_socket_from_socket = count_create_socket_from_socket, .mpo_create_sysv_sem = count_create_sysv_sem, ==== //depot/projects/trustedbsd/sedarwin7/src/mac_mls/mac_mls.c#4 (text+ko) ==== @@ -1141,18 +1141,6 @@ } static void -mac_mls_create_root_mount(struct ucred *cred, struct mount *mp, - struct label *mntlabel, struct label *fslabel) -{ - struct mac_mls *mac_mls; - - mac_mls = SLOT(fslabel); - mac_mls_set_effective(mac_mls, MAC_MLS_TYPE_LOW, 0, NULL); - mac_mls = SLOT(mntlabel); - mac_mls_set_effective(mac_mls, MAC_MLS_TYPE_LOW, 0, NULL); -} - -static void mac_mls_create_task (struct task *parent, struct task *child, struct label *pl, struct label *chl, struct label *chpl) { @@ -3442,7 +3430,6 @@ .mpo_init_proc_label = mac_mls_init_label, .mpo_create_proc0 = mac_mls_create_proc0, .mpo_create_proc1 = mac_mls_create_proc1, - .mpo_create_root_mount = mac_mls_create_root_mount, .mpo_check_system_swapon = mac_mls_check_system_swapon, .mpo_associate_vnode_devfs = mac_mls_associate_vnode_devfs, .mpo_associate_vnode_extattr = mac_mls_associate_vnode_extattr, ==== //depot/projects/trustedbsd/sedarwin7/src/mac_stub/mac_stub.c#4 (text+ko) ==== @@ -965,13 +965,6 @@ } static void -stub_create_root_mount(struct ucred *cred, struct mount *mp, - struct label *mountlabel, struct label *fslabel) -{ - -} - -static void stub_create_socket(struct ucred *cred, struct socket *so, struct label *solabel) { @@ -1300,7 +1293,6 @@ .mpo_create_posix_shm = stub_create_posix_shm, .mpo_create_proc0 = stub_create_proc0, .mpo_create_proc1 = stub_create_proc1, - .mpo_create_root_mount = stub_create_root_mount, .mpo_create_socket = stub_create_socket, .mpo_create_socket_from_socket = stub_create_socket_from_socket, .mpo_create_sysv_sem = stub_create_sysv_sem, ==== //depot/projects/trustedbsd/sedarwin7/src/mactest/mac_test.c#4 (text+ko) ==== @@ -915,18 +915,6 @@ } static void -mac_test_create_root_mount(struct ucred *cred, struct mount *mp, - struct label *mntlabel, struct label *fslabel) -{ - CHECKNULL(cred, "cred", "mac_test_create_root_mount"); - CHECKNULL(mp, "mp", "mac_test_create_root_mount"); - - use_label(fslabel, MOUNTTYPE, "mac_test_create_root_mount (2)"); - use_label(cred->cr_label, CREDTYPE, "mac_test_create_root_mount (1)"); - init_label(mntlabel, MOUNTTYPE, "mac_test_create_root_mount"); -} - -static void mac_test_relabel_vnode(struct ucred *cred, struct vnode *vp, struct label *vnodelabel, struct label *label) { @@ -2626,7 +2614,6 @@ .mpo_create_devfs_symlink = mac_test_create_devfs_symlink, .mpo_create_vnode_extattr = mac_test_create_vnode_extattr, .mpo_create_mount = mac_test_create_mount, - .mpo_create_root_mount = mac_test_create_root_mount, .mpo_relabel_vnode = mac_test_relabel_vnode, .mpo_setlabel_vnode_extattr = mac_test_setlabel_vnode_extattr, .mpo_update_devfsdirent = mac_test_update_devfsdirent, ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd.c#21 (text+ko) ==== @@ -1047,37 +1047,6 @@ #endif } -/* - * Initialize the SEBSD security server after the root partition has - * been mounted; policy is located on root partition. - */ -static void -sebsd_create_root_mount(struct ucred *cred, struct mount *mp, - struct label *mntlabel, struct label *fslabel) -{ -#if 0 - struct vnode *vp, *nvp; - - /* - * Go through all open vnodes and reload their labels. - */ - mtx_lock(&mntvnode_mtx); - vp = TAILQ_FIRST(&mp->mnt_nvnodelist); - do { - nvp = TAILQ_NEXT(vp, v_nmntvnodes); - VI_LOCK(vp); - mtx_unlock(&mntvnode_mtx); - vn_lock(vp, LK_INTERLOCK | LK_EXCLUSIVE | LK_RETRY, curthread); - (void)sebsd_associate_vnode_extattr(mp, fslabel, vp, - vp->v_label); - VOP_UNLOCK(vp, 0, curthread); - mtx_lock(&mntvnode_mtx); - vp = nvp; - } while (vp != NULL); - mtx_unlock(&mntvnode_mtx); -#endif -} - static int sebsd_create_vnode_extattr(struct ucred *cred, struct mount *mp, struct label *fslabel, struct vnode *parent, struct label *parentlabel, ==== //depot/projects/trustedbsd/sedarwin7/src/stacktrace/module/mac_stacktrace.c#3 (text+ko) ==== @@ -147,7 +147,7 @@ TRACE_DATA(create_devfs_symlink, 56, STACKTRACE_ON); TRACE_DATA(create_vnode_extattr, 57, STACKTRACE_ON); TRACE_DATA(create_mount, 58, STACKTRACE_ON); -TRACE_DATA(create_root_mount, 59 , STACKTRACE_ON); +TRACE_DATA(create_root_mount, 59, STACKTRACE_ON); // deprecated & removed TRACE_DATA(relabel_vnode, 60, STACKTRACE_ON); TRACE_DATA(setlabel_vnode_extattr, 61, STACKTRACE_ON); TRACE_DATA(update_devfsdirent, 62, STACKTRACE_ON); @@ -1045,14 +1045,6 @@ } static void -stacktrace_create_root_mount(struct ucred *cred, struct mount *mp, - struct label *mntlabel, struct label *fslabel) -{ - - trace(&create_root_mount_td); -} - -static void stacktrace_relabel_vnode(struct ucred *cred, struct vnode *vp, struct label *vnodelabel, struct label *label) { @@ -2056,7 +2048,6 @@ .mpo_create_devfs_symlink = stacktrace_create_devfs_symlink, .mpo_create_vnode_extattr = stacktrace_create_vnode_extattr, .mpo_create_mount = stacktrace_create_mount, - .mpo_create_root_mount = stacktrace_create_root_mount, .mpo_relabel_vnode = stacktrace_relabel_vnode, .mpo_setlabel_vnode_extattr = stacktrace_setlabel_vnode_extattr, .mpo_update_devfsdirent = stacktrace_update_devfsdirent,
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200512012049.jB1KnF4f081566>