From owner-p4-projects@FreeBSD.ORG Sat Jul 26 12:09:24 2003 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 1BD3C37B404; Sat, 26 Jul 2003 12:09:24 -0700 (PDT) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DCC1D37B401 for ; Sat, 26 Jul 2003 12:09:23 -0700 (PDT) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2706243FB1 for ; Sat, 26 Jul 2003 12:09:23 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.12.6/8.12.6) with ESMTP id h6QJ9M0U069117 for ; Sat, 26 Jul 2003 12:09:23 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.12.6/8.12.6/Submit) id h6QJ9MdA069114 for perforce@freebsd.org; Sat, 26 Jul 2003 12:09:22 -0700 (PDT) Date: Sat, 26 Jul 2003 12:09:22 -0700 (PDT) Message-Id: <200307261909.h6QJ9MdA069114@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson To: Perforce Change Reviews Subject: PERFORCE change 35049 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 26 Jul 2003 19:09:25 -0000 http://perforce.freebsd.org/chv.cgi?CH=35049 Change 35049 by rwatson@rwatson_tislabs on 2003/07/26 12:09:20 Since we're in the throes of moving towards explicit system calls and VOP's for each of the EA operations, and avoiding API overloading, introduce new MAC Framework and MAC Policy APIs to check for delete and list operations. Affected files ... .. //depot/projects/trustedbsd/mac/sys/sys/mac.h#239 edit .. //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#192 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/sys/mac.h#239 (text+ko) ==== @@ -285,6 +285,8 @@ struct vnode *vp, struct componentname *cnp); int mac_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, acl_type_t type); +int mac_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp, + int attrnamespace, const char *name); int mac_check_vnode_exec(struct ucred *cred, struct vnode *vp, struct image_params *imgp); int mac_check_vnode_getacl(struct ucred *cred, struct vnode *vp, @@ -293,6 +295,8 @@ int attrnamespace, const char *name, struct uio *uio); int mac_check_vnode_link(struct ucred *cred, struct vnode *dvp, struct vnode *vp, struct componentname *cnp); +int mac_check_vnode_listextattr(struct ucred *cred, struct vnode *vp, + int attrnamespace); int mac_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, struct componentname *cnp); int mac_check_vnode_mmap(struct ucred *cred, struct vnode *vp, ==== //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#192 (text+ko) ==== @@ -368,6 +368,9 @@ struct componentname *cnp); int (*mpo_check_vnode_deleteacl)(struct ucred *cred, struct vnode *vp, struct label *label, acl_type_t type); + int (*mpo_check_vnode_deleteextattr)(struct ucred *cred, + struct vnode *vp, struct label *label, int attrnamespace, + const char *name); int (*mpo_check_vnode_exec)(struct ucred *cred, struct vnode *vp, struct label *label, struct image_params *imgp, struct label *execlabel); @@ -379,6 +382,8 @@ int (*mpo_check_vnode_link)(struct ucred *cred, struct vnode *dvp, struct label *dlabel, struct vnode *vp, struct label *label, struct componentname *cnp); + int (*mpo_check_vnode_listextattr)(struct ucred *cred, + struct vnode *vp, struct label *label, int attrnamespace); int (*mpo_check_vnode_lookup)(struct ucred *cred, struct vnode *dvp, struct label *dlabel, struct componentname *cnp);