From owner-p4-projects@FreeBSD.ORG Tue Oct 3 14:06:29 2006 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 65B2416A415; Tue, 3 Oct 2006 14:06:29 +0000 (UTC) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3EA2916A403 for ; Tue, 3 Oct 2006 14:06:29 +0000 (UTC) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 01B9D43D46 for ; Tue, 3 Oct 2006 14:06:29 +0000 (GMT) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id k93E6SpU011219 for ; Tue, 3 Oct 2006 14:06:28 GMT (envelope-from millert@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.6/8.13.4/Submit) id k93E6Sow011216 for perforce@freebsd.org; Tue, 3 Oct 2006 14:06:28 GMT (envelope-from millert@freebsd.org) Date: Tue, 3 Oct 2006 14:06:28 GMT Message-Id: <200610031406.k93E6Sow011216@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to millert@freebsd.org using -f From: Todd Miller To: Perforce Change Reviews Cc: Subject: PERFORCE change 107169 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Oct 2006 14:06:29 -0000 http://perforce.freebsd.org/chv.cgi?CH=107169 Change 107169 by millert@millert_macbook on 2006/10/03 14:06:01 Add separate typedefs for mpo_port_check_make_send_once, mpo_port_check_move_send_once, and mpo_port_check_hold_send_once. Policies that auto-generate methods by munging mac_policy.h require this for full coverage. Affected files ... .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_policy.h#9 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_policy.h#9 (text+ko) ==== @@ -2509,6 +2509,28 @@ ); /** + @brief Access control check for producing a send once right from a receive right + @param task Label of the sender task + @param port Label of the affected port + + Access control check for obtaining send once rights from receive rights. + The new send once right may be destined for the calling task, or a different + task. In either case the mpo_port_check_hold_send_once entry point handles + the receiving task. port_check_make_send_once may be called as part of a + group of policy invocations when messages with port rights are sent. + All access control checks made for a particular message must be successful + for the message to be sent. + + The task label and the port are locked. Sleeping is permitted. + + @return Return 0 if access is granted, non-zero otherwise. +*/ +typedef int mpo_port_check_make_send_once_t( + struct label *task, + struct label *port +); + +/** @brief Access control check for copying a send right to another task @param task Label of the sender task @param port Label of the affected port @@ -2551,6 +2573,27 @@ ); /** + @brief Access control check for transferring a send once right + @param task Label of the sender task + @param port Label of the affected port + + Access control check for transferring a send once right from one task to + the task listening to the specified port. A complementary entry point, + mpo_port_check_hold_send_once, handles the receiving task. + port_check_move_send_once is called as part of a group of policy invocations + when messages with port rights are sent. All access control checks made + for a particular message must be successful for the message to be sent. + + The task label and the port are locked. Sleeping is permitted. + + @return Return 0 if access is granted, non-zero otherwise. +*/ +typedef int mpo_port_check_move_send_once_t( + struct label *task, + struct label *port +); + +/** @brief Access control check for obtaining a send right @param task Label of the receiving task @param port Label of the affected port @@ -2571,6 +2614,26 @@ ); /** + @brief Access control check for obtaining a send once right + @param task Label of the receiving task + @param port Label of the affected port + + Access control check for a task obtaining send once rights to a port. Usually, + these are port rights that were part of a message sent by another userspace + task. port_check_hold_send_once is called as part of a group of policy + invocations when messages with port rights are received. All of these access + control checks must succeed in order to receive the message. + + The task label and the port are locked. Sleeping is permitted. + + @return Return 0 if access is granted, non-zero otherwise. +*/ +typedef int mpo_port_check_hold_send_once_t( + struct label *task, + struct label *port +); + +/** @brief Access control check for receiving Mach messsages @param task Label of the receiving task @param sender Label of the sending task @@ -5050,13 +5113,13 @@ mpo_port_check_send_t *mpo_port_check_send; mpo_port_check_receive_t *mpo_port_check_receive; mpo_port_check_make_send_t *mpo_port_check_make_send; - mpo_port_check_make_send_t *mpo_port_check_make_send_once; + mpo_port_check_make_send_once_t *mpo_port_check_make_send_once; mpo_port_check_copy_send_t *mpo_port_check_copy_send; mpo_port_check_move_send_t *mpo_port_check_move_send; - mpo_port_check_move_send_t *mpo_port_check_move_send_once; + mpo_port_check_move_send_once_t *mpo_port_check_move_send_once; mpo_port_check_move_receive_t *mpo_port_check_move_receive; mpo_port_check_hold_send_t *mpo_port_check_hold_send; - mpo_port_check_hold_send_t *mpo_port_check_hold_send_once; + mpo_port_check_hold_send_once_t *mpo_port_check_hold_send_once; mpo_port_check_hold_receive_t *mpo_port_check_hold_receive; mpo_cred_check_visible_t *mpo_cred_check_visible; mpo_file_check_fcntl_t *mpo_file_check_fcntl;