Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 14 Nov 2006 19:13:14 GMT
From:      Todd Miller <millert@FreeBSD.org>
To:        Perforce Change Reviews <perforce@freebsd.org>
Subject:   PERFORCE change 109974 for review
Message-ID:  <200611141913.kAEJDEJd018445@repoman.freebsd.org>

next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=109974

Change 109974 by millert@millert_g5tower on 2006/11/14 19:12:13

	Sort mac_policy.h and mac_framework.h.
	Add mac_mount_check_fsctl() and mac_vnode_check_ioctl().

Affected files ...

.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/vfs/vfs_syscalls.c#13 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/vfs/vfs_vnops.c#6 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_framework.h#17 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_policy.h#26 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_vfs.c#19 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/sorted-framework.vim#1 add
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/sorted-policynames.vim#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/mls/mac_mls.c#21 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/vfs/vfs_syscalls.c#13 (text+ko) ====

@@ -5329,6 +5329,15 @@
 	NDINIT(&nd, LOOKUP, nameiflags, UIO_USERSPACE, uap->path, &context);
 	if ((error = namei(&nd))) goto FSCtl_Exit;
 
+#ifdef MAC
+	error = mac_mount_check_fsctl(context.vc_ucred, vnode_mount(nd.ni_vp), cmd, data);
+	if (error) {
+		vnode_put(nd.ni_vp);
+		nameidone(&nd);
+		goto FSCtl_Exit;
+	}
+#endif
+
 	/* Invoke the filesystem-specific code */
 	error = VNOP_IOCTL(nd.ni_vp, IOCBASECMD(cmd), data, uap->options, &context);
 	

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/vfs/vfs_vnops.c#6 (text+ko) ====

@@ -848,6 +848,12 @@
 	context.vc_proc = p;
 	context.vc_ucred = p->p_ucred;	/* XXX kauth_cred_get() ??? */
 
+#ifdef MAC
+	error = mac_vnode_check_ioctl(context.vc_ucred, vp, com, data);
+	if (error)
+		goto out;
+#endif
+
 	switch (vp->v_type) {
 
 	case VREG:

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_framework.h#17 (text+ko) ====

@@ -36,6 +36,7 @@
  * SUCH DAMAGE.
  *
  * $FreeBSD: src/sys/sys/mac.h,v 1.40 2003/04/18 19:57:37 rwatson Exp $
+ *
  */
 /*
  * Kernel interface for Mandatory Access Control -- how kernel services
@@ -81,293 +82,177 @@
 struct pipe;
 struct task;
 
-/*
- * Framework initialization.
- */
-void mac_policy_initbsd(void);
+/*@ macros */
+#define	VNODE_LABEL_CREATE	1
+#define	VNODE_LABEL_NEEDREF	2
+#define mac_task_label_update_cred(cred, task)				\
+        mac_task_label_update_internal(((cred)->cr_label), task)
 
-/*
- * Label operations.
- */
-void	mac_cred_label_init(struct ucred *);
-void	mac_devfs_label_init(struct devnode *);
-void	mac_file_label_init(struct fileglob *fg);
-int	mac_mbuf_label_init(struct mbuf *, int);
-int	mac_mbuf_tag_init(struct m_tag *, int);
-void	mac_mount_label_init(struct mount *);
-void	mac_pipe_label_init(struct pipe *cpipe);
-void	mac_posixsem_label_init(struct pseminfo *);
-void	mac_posixshm_label_init(struct pshminfo *);
-void	mac_proc_label_init(struct proc *);
-int	mac_socket_label_init(struct socket *, int waitok);
-void	mac_sysvmsg_label_init(struct msg *);
-void 	mac_sysvmsq_label_init(struct msqid_kernel *msqptr);
-void	mac_sysvsem_label_init(struct semid_kernel*);
-void	mac_sysvshm_label_init(struct shmid_kernel*);
-void	mac_vnode_label_init(struct vnode *vp);
-void	mac_vnode_label_copy(struct label *, struct label *label);
-void	mac_devfs_label_copy(struct label *, struct label *label);
-void	mac_mbuf_tag_copy(struct m_tag *, struct m_tag *);
-void	mac_mbuf_label_copy(struct mbuf *m_from, struct mbuf *m_to);
-void	mac_socket_label_copy(struct label *from, struct label *to);
-void	mac_file_label_associate(struct ucred *cred, struct fileglob *fg);
-void	mac_cred_label_destroy(struct ucred *);
-void	mac_devfs_label_destroy(struct devnode *);
-void	mac_file_label_destroy(struct fileglob *fg);
-void	mac_mbuf_label_destroy(struct mbuf *);
-void	mac_mbuf_tag_destroy(struct m_tag *);
-void	mac_mount_label_destroy(struct mount *);
-void	mac_pipe_label_destroy(struct pipe *cpipe);
-void	mac_posixsem_label_destroy(struct pseminfo *);
-void	mac_posixshm_label_destroy(struct pshminfo *);
-void	mac_proc_label_destroy(struct proc *);
-void	mac_socket_label_destroy(struct socket *);
-void	mac_sysvsem_label_destroy(struct semid_kernel *);
-void	mac_sysvshm_label_destroy(struct shmid_kernel *);
-void	mac_vnode_label_destroy(struct vnode *);
-int	mac_mount_label_internalize(struct label *, char *string);
-int	mac_mount_label_externalize(struct label *label, char *elements,
-	    char *outbuf, size_t outbuflen);
-int	mac_mount_label_get(struct mount *mp, user_addr_t mac_p);
-
+/*@ === */
+int	mac_audit_check_postselect(struct ucred *cred, unsigned short syscode,
+	    void *args, int error, int retval, int mac_forced);
+int	mac_audit_check_preselect(struct ucred *cred, unsigned short syscode,
+	    void *args);
+int	mac_cred_check_label_update(struct ucred *cred,
+	    struct label *newlabel);
+int	mac_cred_check_label_update_execve(struct ucred *old,
+	    struct vnode *vp, struct label *scriptvnodelabel, 
+	    struct label *execlabel, struct proc *proc);
+int	mac_cred_check_visible(struct ucred *u1, struct ucred *u2);
 struct label	*mac_cred_label_alloc(void);
-void		 mac_cred_label_free(struct label *label);
-int		 mac_cred_label_externalize_audit(struct proc *p, struct mac *mac);
-struct label	*mac_vnode_label_alloc(void);
-void		 mac_vnode_label_free(struct label *label);
-int		 mac_vnode_label_externalize_audit(struct vnode *vp, struct mac *mac);
-struct label	*mac_lctx_label_alloc(void);
-void		 mac_lctx_label_free(struct label *label);
-
-#define mac_task_label_update_cred(cred, task)				\
-	mac_task_label_update_internal(((cred)->cr_label), task)
-
-/*
- * Labeling event operations: file system objects, and things that
- * look a lot like file system objects.
- */
-int	mac_vnode_label_associate(struct mount *mp, struct vnode *vp, vfs_context_t ctx);
-void	mac_vnode_label_associate_devfs(struct mount *mp, struct devnode *de,
-	    struct vnode *vp);
-int	mac_vnode_label_associate_extattr(struct mount *mp, struct vnode *vp);
-void	mac_vnode_label_associate_singlelabel(struct mount *mp, struct vnode *vp);
-int	mac_vnode_label_associate_fdesc(struct mount *mp, struct fdescnode *fnp,
-	    struct vnode *vp, vfs_context_t ctx);
+void	mac_cred_label_associate(struct ucred *cred_parent,
+	    struct ucred *cred_child);
+void	mac_cred_label_associate_kernel(struct ucred *cred);
+void	mac_cred_label_associate_user(struct ucred *cred);
+void	mac_cred_label_destroy(struct ucred *cred);
+int	mac_cred_label_externalize_audit(struct proc *p, struct mac *mac);
+void	mac_cred_label_free(struct label *label);
+void	mac_cred_label_init(struct ucred *cred);
+void	mac_cred_label_update(struct ucred *cred, struct label *newlabel);
+void	mac_cred_label_update_execve(struct ucred *old, struct ucred *newcred,
+	    struct vnode *vp, struct label *scriptvnodelabel,
+	    struct label *execlabel);
 void	mac_devfs_label_associate_device(dev_t dev, struct devnode *de,
 	    const char *fullpath);
 void	mac_devfs_label_associate_directory(char *dirname, int dirnamelen,
 	    struct devnode *de, const char *fullpath);
-int	mac_vnode_notify_create(struct ucred *cred, struct mount *mp,
-	    struct vnode *dvp, struct vnode *vp, struct componentname *cnp);
-void	mac_mount_label_associate(struct ucred *cred, struct mount *mp);
-void	mac_vnode_label_update(struct ucred *cred, struct vnode *vp,
-	    struct label *newlabel);
-void	mac_vnode_label_update_extattr(struct mount *mp, struct vnode *vp,
-	    const char *name);
+void	mac_devfs_label_copy(struct label *, struct label *label);
+void	mac_devfs_label_destroy(struct devnode *de);
+void	mac_devfs_label_init(struct devnode *de);
 void	mac_devfs_label_update(struct mount *mp, struct devnode *de,
 	    struct vnode *vp);
-
-#define	VNODE_LABEL_CREATE	1
-#define	VNODE_LABEL_NEEDREF	2
-int	vnode_label(struct mount *mp, struct vnode *dvp, struct vnode *vp,
-            struct componentname *cnp, int flags, vfs_context_t ctx);
-int	vnode_label1(struct vnode *vp);
-void	vnode_relabel(struct vnode *vp);
-
-/*
- * Labeling event operations: Posix IPC primitives
- */
-void	mac_posixsem_label_associate(struct ucred *cred, struct pseminfo *psem,
-	    const char *name);
-void	mac_posixshm_label_associate(struct ucred *cred, struct pshminfo *pshm,
-	    const char *name);
-
-/*
- * Labeling event operations: sockets and network IPC
- *
- * Note: all functions involving sockets (and other network objects yet to be
- * implemented) hold (and rely on) the NETWORK_FUNNEL as opposed to the
- * KERNEL_FUNNEL.  When reading/writing kernel network objects, be sure to
- * hold the NETWORK_FUNNEL.  When reading/writing other types of kernel
- * objects (vnode for example), be sure to hold the KERNEL_FUNNEL. 
- *
- * XXX: Note that cred can be NULL in mac_socket_label_associate() in Darwin.
- */
-void	mac_socket_label_associate(struct ucred *cred, struct socket *so);
-void	mac_socket_label_associate_accept(struct socket *oldsocket,
-	    struct socket *newsocket);
-void	mac_mbuf_label_associate_bpfdesc(struct bpf_d *bpf_d, struct mbuf *m);
-void	mac_mbuf_label_associate_ifnet(struct ifnet *ifp, struct mbuf *m);
-void	mac_mbuf_label_associate_socket(struct socket *so, struct mbuf *m);
-void	mac_socketpeer_label_associate_socket(struct socket *peersocket,
-	    struct socket *socket_to_modify);
-
-/*
- * Labeling event operations: System V IPC primitives
- */
-void	mac_sysvmsg_label_associate(struct ucred *cred, 
-	    struct msqid_kernel *msqptr, struct msg *msgptr);
-void	mac_sysvmsq_label_associate(struct ucred *cred,
-	    struct msqid_kernel *msqptr);
-void	mac_sysvsem_label_associate(struct ucred *cred,
-	    struct semid_kernel *semakptr);
-void	mac_sysvshm_label_associate(struct ucred *cred,
-	    struct shmid_kernel *shmsegptr);
-
-/*
- * Labeling event operations: processes.
- */
-void	mac_cred_label_update(struct ucred *cred, struct label *newlabel);
-void	mac_cred_label_associate(struct ucred *cred_parent, struct ucred *cred_child);
 int	mac_execve_enter(user_addr_t mac_p, struct label *execlabel);
-#if 0
-void	mac_execve_exit(struct image_params *imgp);
-#endif
-void	mac_cred_label_update_execve(struct ucred *old, struct ucred *newcred,
-	    struct vnode *vp, struct label *scriptvnodelabel,
-	    struct label *execlabel);
-int	mac_cred_check_label_update_execve(struct ucred *old, struct vnode *vp,
-	    struct label *scriptvnodelabel, struct label *execlabel,
-	    struct proc *p);
-void	mac_cred_label_associate_kernel(struct ucred *cred);
-void	mac_cred_label_associate_user(struct ucred *cred);
-#if 0
-void	mac_thread_userret(struct uthread *td);
-#endif
-
-void	mac_lctx_label_update(struct lctx *l, struct label *newlabel);
-
-/*
- * Labeling operations for pipes.
- */
-struct label	*mac_pipe_label_alloc(void);
-void	mac_pipe_label_free(struct label *label);
-void	mac_pipe_label_copy(struct label *src, struct label *dest);
-void	mac_pipe_label_associate(struct ucred *cred, struct pipe *cpipe);
-int	mac_pipe_label_update(struct ucred *cred, struct pipe *cpipe,
-	    struct label *label);
-
-/*
- * Label cleanup operation: This is the inverse complement for the mac_create
- * and associate type of hooks.  This hook lets the policy module(s) perform
- * a cleanup/flushing operation on the label associated with the objects,
- * without freeing up the space allocated.  This hook is useful in cases
- * where it is desirable to remove any labeling reference when recycling any
- * object to a pool.  This hook does not replace the mac_destroy hooks.
- */
-void	mac_sysvmsg_label_recycle(struct msg *msgptr);
-void 	mac_sysvmsq_label_recycle(struct msqid_kernel *msqptr);
-void	mac_sysvsem_label_recycle(struct semid_kernel *semakptr);
-void	mac_sysvshm_label_recycle(struct shmid_kernel *shmsegptr);
-void	mac_vnode_label_recycle(struct vnode *vp);
-
-/*
- * Access control checks.
- */
-int	mac_cred_check_label_update(struct ucred *cred, struct label *newlabel);
-int	mac_cred_check_visible(struct ucred *u1, struct ucred *u2);
-int	mac_lctx_check_label_update(struct lctx *l, struct label *newlabel);
-int	mac_posixsem_check_create(struct ucred *cred, const char *name);
-int	mac_posixsem_check_open(struct ucred *cred, struct pseminfo *ps);
-int	mac_posixsem_check_post(struct ucred *cred, struct pseminfo *ps);
-int	mac_posixsem_check_unlink(struct ucred *cred, struct pseminfo *ps,
-	    const char *name);
-int	mac_posixsem_check_wait(struct ucred *cred, struct pseminfo *ps);
-int	mac_posixshm_check_create(struct ucred *cred, const char *name);
-int	mac_posixshm_check_open(struct ucred *cred, struct pshminfo *ps);
-int	mac_posixshm_check_mmap(struct ucred *cred, struct pshminfo *ps,
-	    int prot, int flags);
-int	mac_posixshm_check_stat(struct ucred *cred, struct pshminfo *ps);
-int	mac_posixshm_check_truncate(struct ucred *cred, struct pshminfo *ps,
-	    size_t s);
-int	mac_posixshm_check_unlink(struct ucred *cred, struct pshminfo *ps,
-	    const char *name);
-int	mac_sysvmsq_check_enqueue(struct ucred *cred, struct msg *msgptr,
-	    struct msqid_kernel *msqptr);
-int	mac_sysvmsq_check_msgrcv(struct ucred *cred, struct msg *msgptr);
-int	mac_sysvmsq_check_msgrmid(struct ucred *cred, struct msg *msgptr);
-int	mac_sysvmsq_check_msqctl(struct ucred *cred, struct msqid_kernel *msqptr,
-	    int cmd);
-int	mac_sysvmsq_check_msqget(struct ucred *cred, struct msqid_kernel *msqptr);
-int	mac_sysvmsq_check_msqsnd(struct ucred *cred, struct msqid_kernel *msqptr);
-int	mac_sysvmsq_check_msqrcv(struct ucred *cred, struct msqid_kernel *msqptr);
-int	mac_sysvsem_check_semctl(struct ucred *cred,
-	    struct semid_kernel *semakptr, int cmd);
+int	mac_file_check_change_flags(struct ucred *cred, struct fileglob *fg,
+	    u_int oldflags, u_int newflags);
+int	mac_file_check_change_offset(struct ucred *cred, struct fileglob *fg);
+int	mac_file_check_change_ofileflags(struct ucred *cred,
+	    struct fileglob *fg, char oldflags, char newflags);
+int	mac_file_check_create(struct ucred *cred);
+int	mac_file_check_dup(struct ucred *cred, struct fileglob *fg, int newfd);
 int	mac_file_check_fcntl(struct ucred *cred, struct fileglob *fg, int cmd,
 	    long arg);
 int	mac_file_check_get(struct ucred *cred, struct fileglob *fg,
 	    char *elements, int len);
-int	mac_file_check_create(struct ucred *cred);
-int	mac_file_check_dup(struct ucred *cred, struct fileglob *fg, int newfd);
-int	mac_file_check_ioctl(struct ucred *cred, struct fileglob *fg,
-	    u_long com, void *data);
-int	mac_file_check_inherit(struct ucred *cred, struct fileglob *fg);
-int	mac_file_check_receive(struct ucred *cred, struct fileglob *fg);
 int	mac_file_check_get_flags(struct ucred *cred, struct fileglob *fg,
 	    u_int flags);
+int	mac_file_check_get_offset(struct ucred *cred, struct fileglob *fg);
 int	mac_file_check_get_ofileflags(struct ucred *cred, struct fileglob *fg,
 	    char flags);
-int	mac_file_check_change_flags(struct ucred *cred, struct fileglob *fg,
-	    u_int oldflags, u_int newflags);
-int	mac_file_check_change_ofileflags(struct ucred *cred,
-	    struct fileglob *fg, char oldflags, char newflags);
-int	mac_file_check_get_offset(struct ucred *cred, struct fileglob *fg);
-int	mac_file_check_change_offset(struct ucred *cred, struct fileglob *fg);
+int	mac_file_check_inherit(struct ucred *cred, struct fileglob *fg);
+int	mac_file_check_ioctl(struct ucred *cred, struct fileglob *fg,
+	    u_long com, void *data);
 int	mac_file_check_mmap(struct ucred *cred, struct fileglob *fg,
 	    int prot, int flags, int *maxprot);
 void	mac_file_check_mmap_downgrade(struct ucred *cred, struct fileglob *fg,
 	    int *prot);
+int	mac_file_check_receive(struct ucred *cred, struct fileglob *fg);
 int	mac_file_check_set(struct ucred *cred, struct fileglob *fg,
 	    char *buf, int buflen);
-int	mac_sysvsem_check_semget(struct ucred *cred,
-	   struct semid_kernel *semakptr);
-int	mac_sysvsem_check_semop(struct ucred *cred,struct semid_kernel *semakptr,
-	    size_t accesstype);
-int	mac_sysvshm_check_shmat(struct ucred *cred,
-	    struct shmid_kernel *shmsegptr, int shmflg);
-int	mac_sysvshm_check_shmctl(struct ucred *cred,
-	    struct shmid_kernel *shmsegptr, int cmd);
-int	mac_sysvshm_check_shmdt(struct ucred *cred,
-	    struct shmid_kernel *shmsegptr);
-int	mac_sysvshm_check_shmget(struct ucred *cred,
-	    struct shmid_kernel *shmsegptr, int shmflg);
+void	mac_file_label_associate(struct ucred *cred, struct fileglob *fg);
+void	mac_file_label_destroy(struct fileglob *fg);
+void	mac_file_label_init(struct fileglob *fg);
+int	mac_lctx_check_label_update(struct lctx *l, struct label *newlabel);
+struct label	*mac_lctx_label_alloc(void);
+void    mac_lctx_label_free(struct label *label);
+void	mac_lctx_label_update(struct lctx *l, struct label *newlabel);
+void	mac_lctx_notify_create(struct proc *proc, struct lctx *l);
+void	mac_lctx_notify_join(struct proc *proc, struct lctx *l);
+void	mac_lctx_notify_leave(struct proc *proc, struct lctx *l);
+void	mac_mbuf_label_associate_bpfdesc(struct bpf_d *bpf_d, struct mbuf *m);
+void	mac_mbuf_label_associate_ifnet(struct ifnet *ifp, struct mbuf *m);
+void	mac_mbuf_label_associate_socket(struct socket *so, struct mbuf *m);
+void	mac_mbuf_label_copy(struct mbuf *m_from, struct mbuf *m_to);
+void	mac_mbuf_label_destroy(struct mbuf *m);
+int	mac_mbuf_label_init(struct mbuf *m, int flag);
+void	mac_mbuf_tag_copy(struct m_tag *m, struct m_tag *mtag);
+void	mac_mbuf_tag_destroy(struct m_tag *mtag);
+int	mac_mbuf_tag_init(struct m_tag *, int how);
+int	mac_mount_check_fsctl(struct ucred *cred, struct mount *mp,
+	    int com, caddr_t data);
+int	mac_mount_check_getattr(struct ucred *cred, struct mount *mp,
+	    struct vfs_attr *vfa);
+int	mac_mount_check_label_update(struct ucred *cred, struct mount *mp);
 int	mac_mount_check_mount(struct ucred *cred, struct vnode *vp,
 	    const char *vfc_name);
 int	mac_mount_check_remount(struct ucred *cred, struct mount *mp);
-int	mac_mount_check_umount(struct ucred *cred, struct mount *mp);
-int	mac_mount_check_getattr(struct ucred *cred, struct mount *mp,
-	    struct vfs_attr *vfa);
 int	mac_mount_check_setattr(struct ucred *cred, struct mount *mp,
 	    struct vfs_attr *vfa);
 int	mac_mount_check_stat(struct ucred *cred, struct mount *mp);
-int	mac_mount_check_label_update(struct ucred *cred, struct mount *mp);
+int	mac_mount_check_umount(struct ucred *cred, struct mount *mp);
+void	mac_mount_label_associate(struct ucred *cred, struct mount *mp);
+void	mac_mount_label_destroy(struct mount *mp);
+int	mac_mount_label_externalize(struct label *label, char *elements,
+	    char *outbuf, size_t outbuflen);
+int	mac_mount_label_get(struct mount *mp, user_addr_t mac_p);
+void	mac_mount_label_init(struct mount *);
+int	mac_mount_label_internalize(struct label *, char *string);
+int	mac_pipe_check_ioctl(struct ucred *cred, struct pipe *cpipe,
+	    unsigned long cmd, void *data);
 int	mac_pipe_check_kqfilter(struct ucred *cred, struct knote *kn,
 	    struct pipe *cpipe);
-int	mac_pipe_check_ioctl(struct ucred *cred, struct pipe *cpipe,
-	    unsigned long cmd, void *data);
 int	mac_pipe_check_read(struct ucred *cred, struct pipe *cpipe);
 int	mac_pipe_check_select(struct ucred *cred, struct pipe *cpipe,
 	    int which);
 int	mac_pipe_check_stat(struct ucred *cred, struct pipe *cpipe);
 int	mac_pipe_check_write(struct ucred *cred, struct pipe *cpipe);
+struct label	*mac_pipe_label_alloc(void);
+void	mac_pipe_label_associate(struct ucred *cred, struct pipe *cpipe);
+void	mac_pipe_label_copy(struct label *src, struct label *dest);
+void	mac_pipe_label_destroy(struct pipe *cpipe);
+void	mac_pipe_label_free(struct label *label);
+void	mac_pipe_label_init(struct pipe *cpipe);
+int	mac_pipe_label_update(struct ucred *cred, struct pipe *cpipe,
+	    struct label *label);
+void    mac_policy_initbsd(void);
+int	mac_posixsem_check_create(struct ucred *cred, const char *name);
+int	mac_posixsem_check_open(struct ucred *cred, struct pseminfo *psem);
+int	mac_posixsem_check_post(struct ucred *cred, struct pseminfo *psem);
+int	mac_posixsem_check_unlink(struct ucred *cred, struct pseminfo *psem,
+	    const char *name);
+int	mac_posixsem_check_wait(struct ucred *cred, struct pseminfo *psem);
+void	mac_posixsem_label_associate(struct ucred *cred,
+	    struct pseminfo *psem, const char *name);
+void	mac_posixsem_label_destroy(struct pseminfo *psem);
+void	mac_posixsem_label_init(struct pseminfo *psem);
+int	mac_posixshm_check_create(struct ucred *cred, const char *name);
+int	mac_posixshm_check_mmap(struct ucred *cred, struct pshminfo *pshm,
+	    int prot, int flags);
+int	mac_posixshm_check_open(struct ucred *cred, struct pshminfo *pshm);
+int	mac_posixshm_check_stat(struct ucred *cred, struct pshminfo *pshm);
+int	mac_posixshm_check_truncate(struct ucred *cred, struct pshminfo *pshm,
+	    size_t s);
+int	mac_posixshm_check_unlink(struct ucred *cred, struct pshminfo *pshm,
+	    const char *name);
+void	mac_posixshm_label_associate(struct ucred *cred,
+	    struct pshminfo *pshm, const char *name);
+void	mac_posixshm_label_destroy(struct pshminfo *pshm);
+void	mac_posixshm_label_init(struct pshminfo *pshm);
 int	mac_proc_check_debug(struct ucred *cred, struct proc *proc);
 int	mac_proc_check_getaudit(struct ucred *cred);
 int	mac_proc_check_getauid(struct ucred *cred);
+int     mac_proc_check_getlcid(struct proc *proc1, struct proc *proc2,
+	    pid_t pid);
+int	mac_proc_check_mprotect(struct ucred *cred, struct proc *proc,
+	    void *addr, size_t size, int prot);
 int	mac_proc_check_sched(struct ucred *cred, struct proc *proc);
 int	mac_proc_check_setaudit(struct ucred *cred, struct auditinfo *ai);
 int	mac_proc_check_setauid(struct ucred *cred, uid_t auid);
+int     mac_proc_check_setlcid(struct proc *proc1, struct proc *proc2,
+	    pid_t pid1, pid_t pid2);
 int	mac_proc_check_signal(struct ucred *cred, struct proc *proc,
 	    int signum);
 int	mac_proc_check_wait(struct ucred *cred, struct proc *proc);
-int     mac_proc_check_setlcid(struct proc *, struct proc *, pid_t, pid_t);
-int     mac_proc_check_getlcid(struct proc *, struct proc *, pid_t);
+void	mac_proc_label_destroy(struct proc *proc);
+void	mac_proc_label_init(struct proc *proc);
+int	mac_setsockopt_label(struct ucred *cred, struct socket *so,
+	    struct mac *extmac);
 int     mac_socket_check_accept(struct ucred *cred, struct socket *so);
 int	mac_socket_check_bind(struct ucred *cred, struct socket *so,
 	    struct sockaddr *addr);
 int	mac_socket_check_connect(struct ucred *cred, struct socket *so,
 	    struct sockaddr *addr);
-int	mac_socket_check_create(struct ucred *cred, int domain, int type,
-	    int protocol);
+int	mac_socket_check_create(struct ucred *cred, int domain,
+	    int type, int protocol);
 int	mac_socket_check_deliver(struct socket *so, struct mbuf *m);
 int	mac_socket_check_kqfilter(struct ucred *cred, struct knote *kn,
 	    struct socket *so);
@@ -377,6 +262,19 @@
 	    int which);
 int	mac_socket_check_send(struct ucred *cred, struct socket *so);
 int	mac_socket_check_stat(struct ucred *cred, struct socket *so);
+void	mac_socket_label_associate(struct ucred *cred, struct socket *so);
+void	mac_socket_label_associate_accept(struct socket *oldsocket,
+	    struct socket *newsocket);
+void	mac_socket_label_copy(struct label *from, struct label *to);
+void	mac_socket_label_destroy(struct socket *);
+int	mac_socket_label_get(struct ucred *cred, struct socket *so,
+	    struct mac *extmac);
+int	mac_socket_label_init(struct socket *, int waitok);
+void	mac_socketpeer_label_associate_mbuf(struct mbuf *m, struct socket *so);
+void	mac_socketpeer_label_associate_socket(struct socket *peersocket,
+	    struct socket *socket_to_modify);
+int	mac_socketpeer_label_get(struct ucred *cred, struct socket *so,
+	    struct mac *extmac);
 int	mac_system_check_acct(struct ucred *cred, struct vnode *vp);
 int	mac_system_check_audit(struct ucred *cred, void *record, int length);
 int	mac_system_check_auditctl(struct ucred *cred, struct vnode *vp);
@@ -384,11 +282,55 @@
 int	mac_system_check_nfsd(struct ucred *cred);
 int	mac_system_check_reboot(struct ucred *cred, int howto);
 int	mac_system_check_settime(struct ucred *cred);
+int	mac_system_check_swapoff(struct ucred *cred, struct vnode *vp);
 int	mac_system_check_swapon(struct ucred *cred, struct vnode *vp);
-int	mac_system_check_swapoff(struct ucred *cred, struct vnode *vp);
 int	mac_system_check_sysctl(struct ucred *cred, int *name,
 	    u_int namelen, void *oldctl, size_t *oldlenp, int inkernel,
 	    void *newctl, size_t newlen);
+void	mac_sysvmsg_label_associate(struct ucred *cred,
+	    struct msqid_kernel *msqptr, struct msg *msgptr);
+void	mac_sysvmsg_label_init(struct msg *msgptr);
+void	mac_sysvmsg_label_recycle(struct msg *msgptr);
+int	mac_sysvmsq_check_enqueue(struct ucred *cred, struct msg *msgptr,
+	    struct msqid_kernel *msqptr);
+int	mac_sysvmsq_check_msgrcv(struct ucred *cred, struct msg *msgptr);
+int	mac_sysvmsq_check_msgrmid(struct ucred *cred, struct msg *msgptr);
+int	mac_sysvmsq_check_msqctl(struct ucred *cred,
+	    struct msqid_kernel *msqptr, int cmd);
+int	mac_sysvmsq_check_msqget(struct ucred *cred,
+	    struct msqid_kernel *msqptr);
+int	mac_sysvmsq_check_msqrcv(struct ucred *cred,
+	    struct msqid_kernel *msqptr);
+int	mac_sysvmsq_check_msqsnd(struct ucred *cred,
+	    struct msqid_kernel *msqptr);
+void	mac_sysvmsq_label_associate(struct ucred *cred,
+	    struct msqid_kernel *msqptr);
+void 	mac_sysvmsq_label_init(struct msqid_kernel *msqptr);
+void 	mac_sysvmsq_label_recycle(struct msqid_kernel *msqptr);
+int	mac_sysvsem_check_semctl(struct ucred *cred,
+	    struct semid_kernel *semakptr, int cmd);
+int	mac_sysvsem_check_semget(struct ucred *cred,
+	    struct semid_kernel *semakptr);
+int	mac_sysvsem_check_semop(struct ucred *cred,
+	    struct semid_kernel *semakptr, size_t accesstype);
+void	mac_sysvsem_label_associate(struct ucred *cred,
+	    struct semid_kernel *semakptr);
+void	mac_sysvsem_label_destroy(struct semid_kernel *semakptr);
+void	mac_sysvsem_label_init(struct semid_kernel *semakptr);
+void	mac_sysvsem_label_recycle(struct semid_kernel *semakptr);
+int	mac_sysvshm_check_shmat(struct ucred *cred,
+	    struct shmid_kernel *shmsegptr, int shmflg);
+int	mac_sysvshm_check_shmctl(struct ucred *cred,
+	    struct shmid_kernel *shmsegptr, int cmd);
+int	mac_sysvshm_check_shmdt(struct ucred *cred,
+	    struct shmid_kernel *shmsegptr);
+int	mac_sysvshm_check_shmget(struct ucred *cred,
+	    struct shmid_kernel *shmsegptr, int shmflg);
+void	mac_sysvshm_label_associate(struct ucred *cred,
+	    struct shmid_kernel *shmsegptr);
+void	mac_sysvshm_label_destroy(struct shmid_kernel *shmsegptr);
+void	mac_sysvshm_label_init(struct shmid_kernel* shmsegptr);
+void	mac_sysvshm_label_recycle(struct shmid_kernel *shmsegptr);
 int	mac_task_check_get_port(struct ucred *cred, struct task *task);
 int	mac_vnode_check_access(struct ucred *cred, struct vnode *vp,
 	    int acc_mode);
@@ -396,43 +338,42 @@
 int	mac_vnode_check_chroot(struct ucred *cred, struct vnode *dvp);
 int	mac_vnode_check_create(struct ucred *cred, struct vnode *dvp,
 	    struct componentname *cnp, struct vnode_attr *vap);
-int	mac_vnode_check_unlink(struct ucred *cred, struct vnode *dvp,
-	    struct vnode *vp, struct componentname *cnp);
 int	mac_vnode_check_deleteextattr(struct ucred *cred, struct vnode *vp,
 	    const char *name);
 int	mac_vnode_check_exchangedata(struct ucred *cred, struct vnode *v1,
-            struct vnode *v2);
+	    struct vnode *v2);
 int	mac_vnode_check_exec(struct ucred *cred, struct vnode *vp,
 	    struct label *execlabel);
 int     mac_vnode_check_getattrlist(struct ucred *cred, struct vnode *vp,
-            struct attrlist *alist);
+	    struct attrlist *alist);
 int	mac_vnode_check_getextattr(struct ucred *cred, struct vnode *vp,
 	    const char *name, struct uio *uio);
+int	mac_vnode_check_ioctl(struct ucred *cred, struct vnode *vp, int com,
+	    caddr_t data);
 int	mac_vnode_check_kqfilter(struct ucred *active_cred,
 	    struct ucred *file_cred, struct knote *kn, struct vnode *vp);
+int	mac_vnode_check_label_update(struct ucred *cred, struct vnode *vp,
+	    struct label *newlabel);
 int	mac_vnode_check_link(struct ucred *cred, struct vnode *dvp,
 	    struct vnode *vp, struct componentname *cnp);
 int	mac_vnode_check_listextattr(struct ucred *cred, struct vnode *vp);
 int	mac_vnode_check_lookup(struct ucred *cred, struct vnode *dvp,
 	    struct componentname *cnp);
-int	mac_proc_check_mprotect(struct ucred *cred, struct proc *proc,
-	    void *addr, size_t size, int prot);
 int	mac_vnode_check_open(struct ucred *cred, struct vnode *vp,
 	    int acc_mode);
 int	mac_vnode_check_read(struct ucred *active_cred,
 	    struct ucred *file_cred, struct vnode *vp);
 int	mac_vnode_check_readdir(struct ucred *cred, struct vnode *vp);
 int	mac_vnode_check_readlink(struct ucred *cred, struct vnode *vp);
-int	mac_vnode_check_label_update(struct ucred *cred, struct vnode *vp,
-	    struct label *newlabel);
 int	mac_vnode_check_rename_from(struct ucred *cred, struct vnode *dvp,
 	    struct vnode *vp, struct componentname *cnp);
 int	mac_vnode_check_rename_to(struct ucred *cred, struct vnode *dvp,
 	    struct vnode *vp, int samedir, struct componentname *cnp);
 int	mac_vnode_check_revoke(struct ucred *cred, struct vnode *vp);
-int     mac_vnode_check_select(struct ucred *cred, struct vnode *vp, int which);
+int     mac_vnode_check_select(struct ucred *cred, struct vnode *vp,
+	    int which);
 int     mac_vnode_check_setattrlist(struct ucred *cred, struct vnode *vp,
-            struct attrlist *alist);
+	    struct attrlist *alist);
 int	mac_vnode_check_setextattr(struct ucred *cred, struct vnode *vp,
 	    const char *name, struct uio *uio);
 int	mac_vnode_check_setflags(struct ucred *cred, struct vnode *vp,
@@ -447,46 +388,36 @@
 	    struct ucred *file_cred, struct vnode *vp);
 int	mac_vnode_check_truncate(struct ucred *active_cred,
 	    struct ucred *file_cred, struct vnode *vp);
+int	mac_vnode_check_unlink(struct ucred *cred, struct vnode *dvp,
+	    struct vnode *vp, struct componentname *cnp);
 int	mac_vnode_check_write(struct ucred *active_cred,
 	    struct ucred *file_cred, struct vnode *vp);
-	
-int	mac_socket_label_get(struct ucred *cred, struct socket *so,
-	    struct mac *extmac);
-int	mac_setsockopt_label(struct ucred *cred, struct socket *so,
-	    struct mac *extmac);
-int	mac_socketpeer_label_get(struct ucred *cred, struct socket *so,
-	    struct mac *extmac);
-#if 0
-void	mac_cred_mmapped_drop_perms(struct thread *td, struct ucred *cred);
-#endif
-
-/*  
- * mac_audit_{pre,post}select() allow MAC policies to control whether a given
- * event will be audited.  For 10.3.3, these functions take precedence over
- * the existing pre/post-selection selection in Darwin.  That aspect of the
- * sematics of these functions will probably change for version 10.3.4 as
- * that version has a more complete implementation of the audit subsystem.
- */
-int	mac_audit_check_preselect(struct ucred *cred, unsigned short syscode,
-	    void *args);
-int	mac_audit_check_postselect(struct ucred *cred, unsigned short syscode,
-	    void *args, int error, int retval, int mac_forced);
-
-void	mac_lctx_notify_create(struct proc *, struct lctx *);
-void	mac_lctx_notify_join(struct proc *, struct lctx *);
-void	mac_lctx_notify_leave(struct proc *, struct lctx *);
-
-/* 
- * The semantics of this function are slightly different than the standard
- * copy operation.  On the first call for a given socket, the peer label has 
- * been newly allocated.  On successive calls, the peer label is in use and
- * would be clobbered by a normal copy operation.  It was decided to implement
- * it this way because its performance has a significant impact on network
- * performance.  A destroy-init-copy sequence is too inefficient here. 
- * Some policies may be able to replace data inline, which is more efficient.
- * It is up to the policies to determine the most efficient action to take.
- */
-void	mac_socketpeer_label_associate_mbuf(struct mbuf *m, struct socket *so);
+struct label	*mac_vnode_label_alloc(void);
+int	mac_vnode_label_associate(struct mount *mp, struct vnode *vp,
+	    vfs_context_t ctx);
+void	mac_vnode_label_associate_devfs(struct mount *mp, struct devnode *de,
+	    struct vnode *vp);
+int	mac_vnode_label_associate_fdesc(struct mount *mp, struct fdescnode *fnp,
+	    struct vnode *vp, vfs_context_t ctx);
+int	mac_vnode_label_associate_extattr(struct mount *mp, struct vnode *vp);
+void	mac_vnode_label_associate_singlelabel(struct mount *mp,
+	    struct vnode *vp);
+void	mac_vnode_label_copy(struct label *l1, struct label *l2);
+void	mac_vnode_label_destroy(struct vnode *vp);
+int	mac_vnode_label_externalize_audit(struct vnode *vp, struct mac *mac);
+void	mac_vnode_label_free(struct label *label);
+void	mac_vnode_label_init(struct vnode *vp);
+void	mac_vnode_label_recycle(struct vnode *vp);
+void	mac_vnode_label_update(struct ucred *cred, struct vnode *vp,
+	    struct label *newlabel);
+void	mac_vnode_label_update_extattr(struct mount *mp, struct vnode *vp,
+	    const char *name);
+int	mac_vnode_notify_create(struct ucred *cred, struct mount *mp,
+	    struct vnode *dvp, struct vnode *vp, struct componentname *cnp);
+int	vnode_label(struct mount *mp, struct vnode *dvp, struct vnode *vp,
+	    struct componentname *cnp, int flags, vfs_context_t ctx);
+int	vnode_label1(struct vnode *vp);
+void	vnode_relabel(struct vnode *vp);
 
 #endif	/* MAC */
 

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_policy.h#26 (text+ko) ====

@@ -55,8 +55,8 @@
 
 #include <security/_label.h>
 
+struct attrlist;
 struct auditinfo;
-struct attrlist;
 struct bpf_d;
 struct devnode;
 struct fileglob;
@@ -96,11 +96,93 @@
  */
 
 /**
-  @name Entry Points for the Base Policy Module Only
+  @name Entry Points for Label Management
+
+  These are the entry points corresponding to the life cycle events for
+  kernel objects, such as initialization, creation, and destruction.
+
+  Most policies (that use labels) will initialize labels by allocating
+  space for policy-specific data.  In most cases, it is permitted to
+  sleep during label initialization operations; it will be noted when
+  it is not permitted.
+
+  Initialization usually will not require doing more than allocating a
+  generic label for the given object.  What follows initialization is
+  creation, where a label is made specific to the object it is associated
+  with.  Destruction occurs when the label is no longer needed, such as
+  when the corresponding object is destroyed.  All necessary cleanup should
+  be performed in label destroy operations.
+
+  Where possible, the label entry points have identical parameters.  If
+  the policy module does not require structure-specific label
+  information, the same function may be registered in the policy
+  operation vector.  Many policies will implement two such generic
+  allocation calls: one to handle sleepable requests, and one to handle
+  potentially non-sleepable requests.
+*/
+
+
+/**
+  @brief Audit event postselection
+  @param cred Subject credential
+  @param syscode Syscall number
+  @param args Syscall arguments
+  @param error Syscall errno
+  @param retval Syscall return value
+
+  This is the MAC Framework audit postselect, which is called before
+  exiting a syscall to determine if an audit event should be committed.
+  A return value of MAC_AUDIT_NO forces the audit record to be suppressed.
+  Any other return value results in the audit record being committed.
+
+  @warning The suppression behavior will probably go away in Apple's
+  future version of the audit implementation.
+
+  @return Return MAC_AUDIT_NO to force suppression of the audit record.
+  Any other value results in the audit record being committed.
+
 */
+typedef int mpo_audit_check_postselect_t(
+	struct ucred *cred,
+	unsigned short syscode,
+	void *args,
+	int error,
+	int retval
+);
+/**
+  @brief Audit event preselection
+  @param cred Subject credential
+  @param syscode Syscall number
+  @param args Syscall arguments
+
+  This is the MAC Framework audit preselect, which is called before a
+  syscall is entered to determine if an audit event should be created.
+  If the MAC policy forces the syscall to be audited, MAC_AUDIT_YES should be
+  returned. A return value of MAC_AUDIT_NO causes the audit record to
+  be suppressed. Returning MAC_POLICY_DEFAULT indicates that the policy wants
+  to defer to the system's existing preselection mechanism.
+
+  When policies return different preferences, the Framework decides what action
+  to take based on the following policy.  If any policy returns MAC_AUDIT_YES,
+  then create an audit record, else if any policy returns MAC_AUDIT_NO, then
+  suppress the creations of an audit record, else defer to the system's
+  existing preselection mechanism.
+
+  @warning The audit implementation in Apple's current version is
+  incomplete, so the MAC policies have priority over the system's existing
+  mechanisms. This will probably change in the future version where
+  the audit implementation is more complete.
 
-/*@{*/
+  @return Return MAC_AUDIT_YES to force auditing of the syscall,
+  MAC_AUDIT_NO to force no auditing of the syscall, MAC_AUDIT_DEFAULT
+  to allow auditing mechanisms to determine if the syscall is audited.
 
+*/
+typedef int mpo_audit_check_preselect_t(
+	struct ucred *cred,
+	unsigned short syscode,
+	void *args
+);
 /**
   @brief Base Policy approve MAC module load event
   @param mpc MAC policy configuration
@@ -116,7 +198,6 @@
 typedef int mpo_base_check_module_load_t(
 	struct mac_policy_conf *mpc
 );
-
 /**
   @brief Base Policy approve MAC module unload event
   @param mpc MAC policy configuration
@@ -132,7 +213,6 @@
 typedef int mpo_base_check_module_unload_t(
 	struct mac_policy_conf *mpc
 );
-
 /**
   @brief Base Policy finalize event
 
@@ -145,896 +225,746 @@
 
 */
 typedef void mpo_base_notify_finalize_t(void);
+/**
+  @brief Indicate desire to change the process label at exec time
+  @param old Existing subject credential
+  @param vp File being executed
+  @param vnodelabel Label corresponding to vp
+  @param scriptvnodelabel Script vnode label
+  @param execlabel Userspace provided execution label
+  @param proc Object process
+  @see mac_execve
+  @see mpo_cred_label_update_execve_t
+  @see mpo_vnode_check_exec_t
 
-/*@}*/
+  Indicate whether this policy intends to update the label of a newly
+  created credential from the existing subject credential (old).  This
+  call occurs when a process executes the passed vnode.  If a policy
+  returns success from this entry point, the mpo_cred_label_update_execve
+  entry point will later be called with the same parameters.  Access
+  has already been checked via the mpo_vnode_check_exec entry point,
+  this entry point is necessary to preserve kernel locking constraints
+  during program execution.
 
-/**
-  @name Entry Points for Module Operations
-*/
+  The supplied vnode and vnodelabel correspond with the file actually
+  being executed; in the case that the file is interpreted (for
+  example, a script), the label of the original exec-time vnode has
+  been preserved in scriptvnodelabel.
 
-/*@{*/
+  The final label, execlabel, corresponds to a label supplied by a
+  user space application through the use of the mac_execve system call.
 
-/**
-  @brief Policy unload event
-  @param mpc MAC policy configuration
+  The vnode lock is held during this operation.  No changes should be
+  made to the old credential structure.
 
-  This is the MAC Framework policy unload event.  This entry point will
-  only be called if the module's policy configuration allows unload (if
-  the MPC_LOADTIME_FLAG_UNLOADOK is set).  Most security policies won't
-  want to be unloaded; they should set their flags to prevent this
-  entry point from being called.
+  @warning Even if a policy returns 0, it should behave correctly in
+  the presence of an invocation of mpo_cred_label_update_execve, as that
+  call may happen as a result of another policy requesting a transition.
 
-  @warning During this call, the mac policy list mutex is held, so
-  sleep operations cannot be performed, and calls out to other kernel
-  subsystems must be made with caution.
-
-  @see MPC_LOADTIME_FLAG_UNLOADOK
+  @return Non-zero if a transition is required, 0 otherwise.
 */
-typedef void mpo_policy_destroy_t(
-	struct mac_policy_conf *mpc
+typedef int mpo_cred_check_label_update_execve_t(
+	struct ucred *old,
+	struct vnode *vp,
+	struct label *vnodelabel,
+	struct label *scriptvnodelabel,
+	struct label *execlabel,
+	struct proc *proc
 );
-
 /**
-  @brief Policy initialization event
-  @param mpc MAC policy configuration
-  @see mac_policy_register
-  @see mpo_policy_initbsd_t
+  @brief Access control check for relabelling processes
+  @param cred Subject credential
+  @param newlabel New label to apply to the user credential
+  @see mpo_cred_label_update_t
+  @see mac_set_proc
 
-  This is the MAC Framework policy initialization event.  This entry
-  point is called during mac_policy_register, when the policy module
-  is first registered with the MAC Framework.  This is often done very
-  early in the boot process, after the kernel Mach subsystem has been
-  initialized, but prior to the BSD subsystem being initialized.
-  Since the kernel BSD services are not yet available, it is possible
-  that some initialization must occur later, possibly in the
-  mpo_policy_initbsd_t policy entry point, such as registering BSD system
-  controls (sysctls).  Policy modules loaded at boot time will be
-  registered and initialized before labeled Mach objects are created.
+  Determine whether the subject identified by the credential can relabel
+  itself to the supplied new label (newlabel).  This access control check
+  is called when the mac_set_proc system call is invoked.  A user space
+  application will supply a new value, the value will be internalized
+  and provided in newlabel.
 
-  @warning During this call, the mac policy list mutex is held, so
-  sleep operations cannot be performed, and calls out to other kernel
-  subsystems must be made with caution.
+  @return Return 0 if access is granted, otherwise an appropriate value for
+  errno should be returned.
 */
-typedef void mpo_policy_init_t(
-	struct mac_policy_conf *mpc
+typedef int mpo_cred_check_label_update_t(
+	struct ucred *cred,
+	struct label *newlabel
 );
-
 /**
-  @brief Policy BSD initialization event
-  @param mpc MAC policy configuration
-  @see mpo_policy_init_t
+  @brief Access control check for visibility of other subjects
+  @param u1 Subject credential
+  @param u2 Object credential
 
-  This entry point is called after the kernel BSD subsystem has been
-  initialized.  By this point, the module should already be loaded,
-  registered, and initialized.  Since policy modules are initialized
-  before kernel BSD services are available, this second initialization
-  phase is necessary.  At this point, BSD services (memory management,
-  synchronization primitives, vfs, etc.) are available, but the first
-  process has not yet been created.  Mach-related objects and tasks
-  will already be fully initialized and may be in use--policies requiring
-  ubiquitous labeling may also want to implement mpo_policy_init_t.
+  Determine whether the subject identified by the credential u1 can
+  "see" other subjects with the passed subject credential u2. This call
+  may be made in a number of situations, including inter-process status
+  sysctls used by ps, and in procfs lookups.
 
-  @warning During this call, the mac policy list mutex is held, so
-  sleep operations cannot be performed, and calls out to other kernel
-  subsystems must be made with caution.
+  @return Return 0 if access is granted, otherwise an appropriate value for
+  errno should be returned. Suggested failure: EACCES for label mismatch,
+  EPERM for lack of privilege, or ESRCH to hide visibility.
 */
-typedef void mpo_policy_initbsd_t(
-	struct mac_policy_conf *mpc
+typedef int mpo_cred_check_visible_t(
+	struct ucred *u1,
+	struct ucred *u2
 );
-
 /**
-  @brief Policy extension service
-  @param p Calling process
-  @param call Policy-specific syscall number
-  @param arg Pointer to syscall arguments
+  @brief Create the first process
+  @param cred Subject credential to be labeled
 
-  This entry point provides a policy-multiplexed system call so that
-  policies may provide additional services to user processes without
-  registering specific system calls. The policy name provided during
-  registration is used to demux calls from userland, and the arguments
-  will be forwarded to this entry point.  When implementing new
-  services, security modules should be sure to invoke appropriate
-  access control checks from the MAC framework as needed.  For
-  example, if a policy implements an augmented signal functionality,
-  it should call the necessary signal access control checks to invoke
-  the MAC framework and other registered policies.
-
-  @warning Since the format and contents of the policy-specific
-  arguments are unknown to the MAC Framework, modules must perform the
-  required copyin() of the syscall data on their own.  No policy
-  mediation is performed, so policies must perform any necessary
-  access control checks themselves.  If multiple policies are loaded,
-  they will currently be unable to mediate calls to other policies.
-
-  @return In the event of an error, an appropriate value for errno
-  should be returned, otherwise return 0 upon success.
+  Create the subject credential of process 0, the parent of all BSD
+  kernel processes.  Policies should update the label in the
+  previously initialized credential structure.
 */
-typedef int mpo_policy_syscall_t(
-	struct proc *p,
-	int call,
-	user_addr_t arg
+typedef void mpo_cred_label_associate_kernel_t(
+	struct ucred *cred
 );
-
-/*@}*/
-
 /**
-  @name Entry Points for Label Management
+  @brief Create a credential label

>>> TRUNCATED FOR MAIL (1000 lines) <<<



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200611141913.kAEJDEJd018445>