From owner-trustedbsd-cvs@FreeBSD.ORG Thu Jul 6 09:00:38 2006 Return-Path: X-Original-To: trustedbsd-cvs@freebsd.org Delivered-To: trustedbsd-cvs@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6F3FB16A554 for ; Thu, 6 Jul 2006 09:00:38 +0000 (UTC) (envelope-from owner-perforce@freebsd.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id E786E43D66 for ; Thu, 6 Jul 2006 09:00:08 +0000 (GMT) (envelope-from owner-perforce@freebsd.org) Received: from mx2.freebsd.org (mx2.freebsd.org [216.136.204.119]) by cyrus.watson.org (Postfix) with ESMTP id D82DE46D16 for ; Thu, 6 Jul 2006 05:00:07 -0400 (EDT) Received: from hub.freebsd.org (hub.freebsd.org [216.136.204.18]) by mx2.freebsd.org (Postfix) with ESMTP id 4891B63159; Thu, 6 Jul 2006 09:00:07 +0000 (GMT) (envelope-from owner-perforce@freebsd.org) Received: by hub.freebsd.org (Postfix, from userid 32767) id 3BA6E16A4E5; Thu, 6 Jul 2006 09:00:07 +0000 (UTC) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1556C16A4DE for ; Thu, 6 Jul 2006 09:00:06 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 570DC43D5C for ; Thu, 6 Jul 2006 09:00:06 +0000 (GMT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id k66906fB053566 for ; Thu, 6 Jul 2006 09:00:06 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.6/8.13.4/Submit) id k66905IX053563 for perforce@freebsd.org; Thu, 6 Jul 2006 09:00:05 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Thu, 6 Jul 2006 09:00:05 GMT Message-Id: <200607060900.k66905IX053563@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson To: Perforce Change Reviews Cc: Subject: PERFORCE change 100703 for review X-BeenThere: trustedbsd-cvs@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD CVS and Perforce commit message list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Jul 2006 09:00:38 -0000 http://perforce.freebsd.org/chv.cgi?CH=100703 Change 100703 by rwatson@rwatson_zoo on 2006/07/06 08:59:25 Finish re-populating mac_policy_ops, a few more renames and comments. Affected files ... .. //depot/projects/trustedbsd/mac2/sys/sys/mac_policy.h#9 edit Differences ... ==== //depot/projects/trustedbsd/mac2/sys/sys/mac_policy.h#9 (text+ko) ==== @@ -535,30 +535,31 @@ * Object: struct vnode (VFS node) */ typedef void (*mpo_vnode_init_label_t)(struct label *label); -typedef void (*mpo_vnode_destroy_vnode_label_t)(struct label *label); -typedef int (*mpo_vnode_associate_vnode_extattr_t)(struct mount *mp, +typedef void (*mpo_vnode_destroy_label_t)(struct label *label); +typedef int (*mpo_vnode_associate_extattr_t)(struct mount *mp, struct label *fslabel, struct vnode *vp, struct label *vlabel); -typedef void (*mpo_vnode_associate_vnode_singlelabel_t)(struct mount *mp, +typedef void (*mpo_vnode_associate_singlelabel_t)(struct mount *mp, struct label *fslabel, struct vnode *vp, struct label *vlabel); -typedef int (*mpo_vnode_create_vnode_extattr_t)(struct ucred *cred, +typedef int (*mpo_vnode_create_extattr_t)(struct ucred *cred, struct mount *mp, struct label *fslabel, struct vnode *dvp, struct label *dlabel, struct vnode *vp, struct label *vlabel, struct componentname *cnp); -typedef void (*mpo_vnode_create_mount_t)(struct ucred *cred, struct mount *mp, - struct label *mntlabel, struct label *fslabel); -typedef void (*mpo_vnode_relabel_vnode_t)(struct ucred *cred, struct vnode *vp, +typedef void (*mpo_vnode_create_mount_t)(struct ucred *cred, + struct mount *mp, struct label *mntlabel, + struct label *fslabel); +typedef void (*mpo_vnode_relabel_t)(struct ucred *cred, struct vnode *vp, struct label *vnodelabel, struct label *label); -typedef int (*mpo_vnode_setlabel_vnode_extattr_t)(struct ucred *cred, +typedef int (*mpo_vnode_setlabel_extattr_t)(struct ucred *cred, struct vnode *vp, struct label *vlabel, struct label *intlabel); -typedef void (*mpo_vnode_copy_vnode_label_t)(struct label *src, +typedef void (*mpo_vnode_copy_label_t)(struct label *src, struct label *dest); -typedef int (*mpo_vnode_externalize_vnode_label_t)(struct label *label, +typedef int (*mpo_vnode_externalize_label_t)(struct label *label, char *element_name, struct sbuf *sb, int *claimed); -typedef int (*mpo_vnode_internalize_vnode_label_t)(struct label *label, +typedef int (*mpo_vnode_internalize_label_t)(struct label *label, char *element_name, char *element_data, int *claimed); typedef void (*mpo_vnode_execve_transition_t)(struct ucred *old, struct ucred *new, struct vnode *vp, @@ -840,6 +841,106 @@ mpo_sysv_sem_check_semctl_t mpo_sysv_sem_check_semctl; mpo_sysv_sem_check_semget_t mpo_sysv_sem_check_semget; mpo_sysv_sem_check_semop_t mpo_sysv_sem_check_semop; + + mpo_sysv_shm_init_label_t mpo_sysv_shm_init_label; + mpo_sysv_shm_destroy_label_t mpo_sysv_shm_destroy_label; + mpo_sysv_shm_cleanup_t mpo_sysv_shm_cleanup; + mpo_sysv_shm_create_t mpo_sysv_shm_create; + mpo_sysv_shm_check_shmat_t mpo_sysv_shm_check_shmat; + mpo_sysv_shm_check_shmctl_t mpo_sysv_shm_check_shmctl; + mpo_sysv_shm_check_shmdt_t mpo_sysv_shm_check_shmdt; + mpo_sysv_shm_check_shmget_t mpo_sysv_shm_check_shmget; + + /* + * XXXRW: Further naming consistency work is desirable here. Might + * be best if the "peer" label were at the protocol layer. + */ + mpo_socket_init_label_t mpo_socket_init_label; + mpo_socket_init_peer_label_t mpo_socket_init_peer_label; + mpo_socket_destroy_label_t mpo_socket_destroy_label; + mpo_socket_destroy_peer_label_t mpo_socket_destroy_peer_label; + mpo_socket_copy_label_t mpo_socket_copy_label; + mpo_socket_externalize_label_t mpo_socket_externalize_label; + mpo_socket_externalize_peer_label_t mpo_socket_externalize_peer_label; + mpo_socket_internalize_label_t mpo_socket_internalize_label; + mpo_socket_create_t mpo_socket_create; + mpo_socket_create_from_socket_t mpo_socket_create_from_socket; + mpo_socket_relabel_t mpo_socket_relabel; + mpo_socket_set_peer_from_socket_t mpo_socket_set_peer_from_socket; + mpo_socket_create_mbuf_t mpo_socket_create_mbuf; + mpo_socket_set_peer_from_mbuf_t mpo_socket_set_peer_from_mbuf; + mpo_socket_check_accept_t mpo_socket_check_accept; + mpo_socket_check_bind_t mpo_socket_check_bind; + mpo_socket_check_connect_t mpo_socket_check_connect; + mpo_socket_check_create_t mpo_socket_check_create; + mpo_socket_check_deliver_t mpo_socket_check_deliver; + mpo_socket_check_listen_t mpo_socket_check_listen; + mpo_socket_check_poll_t mpo_socket_check_poll; + mpo_socket_check_receive_t mpo_socket_check_receive; + mpo_socket_check_relabel_t mpo_socket_check_relabel; + mpo_socket_check_send_t mpo_socket_check_send; + mpo_socket_check_stat_t mpo_socket_check_stat; + mpo_socket_check_visible_t mpo_socket_check_visible; + + mpo_system_check_ioperm_t mpo_system_check_ioperm; + mpo_system_check_acct_t mpo_system_check_acct; + mpo_system_check_nfsd_t mpo_system_check_nfsd; + mpo_system_check_reboot_t mpo_system_check_reboot; + mpo_system_check_settime_t mpo_system_check_settime; + mpo_system_check_swapon_t mpo_system_check_swapon; + mpo_system_check_swapoff_t mpo_system_check_swapoff; + mpo_system_check_sysctl_t mpo_system_check_sysctl; + + /* + * XXXRW: Some further name-munging desirable here. Perhaps delete + * should be unlink? Resort. + */ + mpo_vnode_init_label_t mpo_vnode_init_label; + mpo_vnode_destroy_label_t mpo_vnode_destroy_label; + mpo_vnode_associate_extattr_t mpo_vnode_associate_extattr; + mpo_vnode_associate_singlelabel_t mpo_vnode_associate_singlelabel; + mpo_vnode_create_extattr_t mpo_vnode_create_extattr; + mpo_vnode_create_mount_t mpo_vnode_create_mount; + mpo_vnode_relabel_t mpo_vnode_relabel; + mpo_vnode_setlabel_extattr_t mpo_vnode_setlabel_extattr; + mpo_vnode_copy_label_t mpo_vnode_copy_label; + mpo_vnode_externalize_label_t mpo_vnode_externalize_label; + mpo_vnode_internalize_label_t mpo_vnode_internalize_label; + mpo_vnode_execve_transition_t mpo_vnode_execve_transition; + mpo_vnode_execve_will_transition_t mpo_vnode_execve_will_transition; + mpo_vnode_check_access_t mpo_vnode_check_access; + mpo_check_vnode_chdir_t mpo_check_vnode_chdir; + mpo_check_vnode_chroot_t mpo_check_vnode_chroot; + mpo_vnode_check_create_t mpo_vnode_check_create; + mpo_vnode_check_delete_t mpo_vnode_check_delete; + mpo_vnode_check_deleteacl_t mpo_vnode_check_deleteacl; + mpo_vnode_check_deleteextattr_t mpo_vnode_check_deleteextattr; + mpo_vnode_check_exec_t mpo_vnode_check_exec; + mpo_vnode_check_getacl_t mpo_vnode_check_getacl; + mpo_vnode_check_getextattr_t mpo_vnode_check_getextattr; + mpo_vnode_check_link_t mpo_vnode_check_link; + mpo_vnode_check_listextattr_t mpo_vnode_check_listextattr; + mpo_vnode_check_lookup_t mpo_vnode_check_lookup; + mpo_vnode_check_mmap_t mpo_vnode_check_mmap; + mpo_vnode_check_mmap_downgrade_t mpo_vnode_check_mmap_downgrade; + mpo_vnode_check_mprotect_t mpo_vnode_check_mprotect; + mpo_vnode_check_open_t mpo_vnode_check_open; + mpo_vnode_check_poll_t mpo_vnode_check_poll; + mpo_vnode_check_read_t mpo_vnode_check_read; + mpo_vnode_check_readdir_t mpo_vnode_check_readdir; + mpo_vnode_check_readlink_t mpo_vnode_check_readlink; + mpo_vnode_check_relabel_t mpo_vnode_check_relabel; + mpo_vnode_check_rename_from_t mpo_vnode_check_rename_from; + mpo_vnode_check_rename_to_t mpo_vnode_check_rename_to; + mpo_vnode_check_revoke_t mpo_vnode_check_revoke; + mpo_vnode_check_setacl_t mpo_vnode_check_setacl; + mpo_vnode_check_setextattr_t mpo_vnode_check_setextattr; + mpo_vnode_check_setflags_t mpo_vnode_check_setflags; + mpo_vnode_check_setmode_t mpo_vnode_check_setmode; + mpo_vnode_check_setowner_t mpo_vnode_check_setowner; + mpo_vnode_check_setutimes_t mpo_vnode_check_setutimes; + mpo_vnode_check_stat_t mpo_vnode_check_stat; + mpo_vnode_check_write_t mpo_vnode_check_write; }; /*