Date: Tue, 3 Oct 2006 14:06:28 GMT From: Todd Miller <millert@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 107169 for review Message-ID: <200610031406.k93E6Sow011216@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=107169 Change 107169 by millert@millert_macbook on 2006/10/03 14:06:01 Add separate typedefs for mpo_port_check_make_send_once, mpo_port_check_move_send_once, and mpo_port_check_hold_send_once. Policies that auto-generate methods by munging mac_policy.h require this for full coverage. Affected files ... .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_policy.h#9 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_policy.h#9 (text+ko) ==== @@ -2509,6 +2509,28 @@ ); /** + @brief Access control check for producing a send once right from a receive right + @param task Label of the sender task + @param port Label of the affected port + + Access control check for obtaining send once rights from receive rights. + The new send once right may be destined for the calling task, or a different + task. In either case the mpo_port_check_hold_send_once entry point handles + the receiving task. port_check_make_send_once may be called as part of a + group of policy invocations when messages with port rights are sent. + All access control checks made for a particular message must be successful + for the message to be sent. + + The task label and the port are locked. Sleeping is permitted. + + @return Return 0 if access is granted, non-zero otherwise. +*/ +typedef int mpo_port_check_make_send_once_t( + struct label *task, + struct label *port +); + +/** @brief Access control check for copying a send right to another task @param task Label of the sender task @param port Label of the affected port @@ -2551,6 +2573,27 @@ ); /** + @brief Access control check for transferring a send once right + @param task Label of the sender task + @param port Label of the affected port + + Access control check for transferring a send once right from one task to + the task listening to the specified port. A complementary entry point, + mpo_port_check_hold_send_once, handles the receiving task. + port_check_move_send_once is called as part of a group of policy invocations + when messages with port rights are sent. All access control checks made + for a particular message must be successful for the message to be sent. + + The task label and the port are locked. Sleeping is permitted. + + @return Return 0 if access is granted, non-zero otherwise. +*/ +typedef int mpo_port_check_move_send_once_t( + struct label *task, + struct label *port +); + +/** @brief Access control check for obtaining a send right @param task Label of the receiving task @param port Label of the affected port @@ -2571,6 +2614,26 @@ ); /** + @brief Access control check for obtaining a send once right + @param task Label of the receiving task + @param port Label of the affected port + + Access control check for a task obtaining send once rights to a port. Usually, + these are port rights that were part of a message sent by another userspace + task. port_check_hold_send_once is called as part of a group of policy + invocations when messages with port rights are received. All of these access + control checks must succeed in order to receive the message. + + The task label and the port are locked. Sleeping is permitted. + + @return Return 0 if access is granted, non-zero otherwise. +*/ +typedef int mpo_port_check_hold_send_once_t( + struct label *task, + struct label *port +); + +/** @brief Access control check for receiving Mach messsages @param task Label of the receiving task @param sender Label of the sending task @@ -5050,13 +5113,13 @@ mpo_port_check_send_t *mpo_port_check_send; mpo_port_check_receive_t *mpo_port_check_receive; mpo_port_check_make_send_t *mpo_port_check_make_send; - mpo_port_check_make_send_t *mpo_port_check_make_send_once; + mpo_port_check_make_send_once_t *mpo_port_check_make_send_once; mpo_port_check_copy_send_t *mpo_port_check_copy_send; mpo_port_check_move_send_t *mpo_port_check_move_send; - mpo_port_check_move_send_t *mpo_port_check_move_send_once; + mpo_port_check_move_send_once_t *mpo_port_check_move_send_once; mpo_port_check_move_receive_t *mpo_port_check_move_receive; mpo_port_check_hold_send_t *mpo_port_check_hold_send; - mpo_port_check_hold_send_t *mpo_port_check_hold_send_once; + mpo_port_check_hold_send_once_t *mpo_port_check_hold_send_once; mpo_port_check_hold_receive_t *mpo_port_check_hold_receive; mpo_cred_check_visible_t *mpo_cred_check_visible; mpo_file_check_fcntl_t *mpo_file_check_fcntl;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200610031406.k93E6Sow011216>