From owner-trustedbsd-cvs@FreeBSD.ORG  Wed Aug 30 20:38:37 2006
Return-Path: <owner-trustedbsd-cvs@FreeBSD.ORG>
X-Original-To: trustedbsd-cvs@freebsd.org
Delivered-To: trustedbsd-cvs@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 5DD7B16A4E0
	for <trustedbsd-cvs@freebsd.org>; Wed, 30 Aug 2006 20:38:37 +0000 (UTC)
	(envelope-from owner-perforce@freebsd.org)
Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E473443D70
	for <trustedbsd-cvs@freebsd.org>; Wed, 30 Aug 2006 20:38:34 +0000 (GMT)
	(envelope-from owner-perforce@freebsd.org)
Received: from mx2.freebsd.org (mx2.freebsd.org [216.136.204.119])
	by cyrus.watson.org (Postfix) with ESMTP id BAA2B46CC9
	for <trustedbsd-cvs@trustedbsd.org>;
	Wed, 30 Aug 2006 16:38:33 -0400 (EDT)
Received: from hub.freebsd.org (hub.freebsd.org [216.136.204.18])
	by mx2.freebsd.org (Postfix) with ESMTP id F243A57334;
	Wed, 30 Aug 2006 20:33:50 +0000 (GMT)
	(envelope-from owner-perforce@freebsd.org)
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id EA49816A4E1; Wed, 30 Aug 2006 20:33:50 +0000 (UTC)
X-Original-To: perforce@freebsd.org
Delivered-To: perforce@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B0E6A16A4DA
	for <perforce@freebsd.org>; Wed, 30 Aug 2006 20:33:50 +0000 (UTC)
	(envelope-from millert@freebsd.org)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 60B3443D45
	for <perforce@freebsd.org>; Wed, 30 Aug 2006 20:33:50 +0000 (GMT)
	(envelope-from millert@freebsd.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id k7UKXoNj023184
	for <perforce@freebsd.org>; Wed, 30 Aug 2006 20:33:50 GMT
	(envelope-from millert@freebsd.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.13.6/8.13.4/Submit) id k7UKXoQH023181
	for perforce@freebsd.org; Wed, 30 Aug 2006 20:33:50 GMT
	(envelope-from millert@freebsd.org)
Date: Wed, 30 Aug 2006 20:33:50 GMT
Message-Id: <200608302033.k7UKXoQH023181@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	millert@freebsd.org using -f
From: Todd Miller <millert@FreeBSD.org>
To: Perforce Change Reviews <perforce@freebsd.org>
Cc: 
Subject: PERFORCE change 105353 for review
X-BeenThere: trustedbsd-cvs@FreeBSD.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: TrustedBSD CVS and Perforce commit message list
	<trustedbsd-cvs.FreeBSD.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/trustedbsd-cvs>, 
	<mailto:trustedbsd-cvs-request@FreeBSD.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/trustedbsd-cvs>
List-Post: <mailto:trustedbsd-cvs@FreeBSD.org>
List-Help: <mailto:trustedbsd-cvs-request@FreeBSD.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/trustedbsd-cvs>,
	<mailto:trustedbsd-cvs-request@FreeBSD.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Aug 2006 20:38:37 -0000

http://perforce.freebsd.org/chv.cgi?CH=105353

Change 105353 by millert@millert_g4tower on 2006/08/30 20:33:21

	Use proc_ucred() instead of peeking inside struct proc directly.

Affected files ...

.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#8 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd_syscall.c#3 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#8 (text+ko) ====

@@ -270,7 +270,7 @@
 	struct task_security_struct *task, *target;
 
 	task = SLOT(cred->cr_label);
-	target = SLOT(proc->p_ucred->cr_label);
+	target = SLOT(proc_ucred(proc)->cr_label);
 
 	return (avc_has_perm(task->sid, target->sid,
 	    SECCLASS_PROCESS, perm, NULL));
@@ -1658,7 +1658,7 @@
 	case LCID_REMOVE:	/* Orphan */
 
 		/* loginwindow.app/MAC.loginPlugin orphaned process. */
-		dst = SLOT(p->p_ucred->cr_label);
+		dst = SLOT(proc_ucred(p)->cr_label);
 		if (dst->sid != dst->osid) {
 			/*
 			 * TBD: Need to flush any open files that are now
@@ -1676,8 +1676,8 @@
 	default:		/* Adopt */
 
 		/* loginwindow.app/MAC.loginPlugin adopted process. */
-		src = SLOT(p0->p_ucred->cr_label);
-		dst = SLOT(p->p_ucred->cr_label);
+		src = SLOT(proc_ucred(p0)->cr_label);
+		dst = SLOT(proc_ucred(p)->cr_label);
 
 		if (src->sid != dst->sid) {
 			/*

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd_syscall.c#3 (text+ko) ====

@@ -60,7 +60,7 @@
 	void *kdata;
 	int rc;
 	
-	rc = cred_has_security(p->p_ucred, SECURITY__LOAD_POLICY);
+	rc = cred_has_security(proc_ucred(p), SECURITY__LOAD_POLICY);
 	if (rc)
 		return (rc);
 
@@ -81,7 +81,7 @@
 	void *kdata;
 	int rc;
 	
-	rc = cred_has_security(p->p_ucred, SECURITY__LOAD_POLICY);
+	rc = cred_has_security(proc_ucred(p), SECURITY__LOAD_POLICY);
 	if (rc)
 		return (rc);
 
@@ -165,7 +165,7 @@
 	{
 		char *str;
 
-		error = cred_has_security(p->p_ucred, SECURITY__SETBOOL);
+		error = cred_has_security(proc_ucred(p), SECURITY__SETBOOL);
 		if (error)
 			return (error);
 
@@ -186,7 +186,7 @@
 	}
 
 	case SEBSDCALL_COMMIT_BOOLS:
-		error = cred_has_security(p->p_ucred, SECURITY__SETBOOL);
+		error = cred_has_security(proc_ucred(p), SECURITY__SETBOOL);
 		if (error)
 			return (error);
 		return (security_commit_pending_bools());