From owner-p4-projects  Mon Jan 13 22:59:14 2003
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 94DBE37B405; Mon, 13 Jan 2003 22:58:57 -0800 (PST)
Delivered-To: perforce@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 29A7237B401
	for <perforce@freebsd.org>; Mon, 13 Jan 2003 22:58:57 -0800 (PST)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4461D43ED8
	for <perforce@freebsd.org>; Mon, 13 Jan 2003 22:58:56 -0800 (PST)
	(envelope-from chris@freebsd.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.12.6/8.12.6) with ESMTP id h0E6wufh051673
	for <perforce@freebsd.org>; Mon, 13 Jan 2003 22:58:56 -0800 (PST)
	(envelope-from chris@freebsd.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.12.6/8.12.6/Submit) id h0E6wt0l051670
	for perforce@freebsd.org; Mon, 13 Jan 2003 22:58:55 -0800 (PST)
Date: Mon, 13 Jan 2003 22:58:55 -0800 (PST)
Message-Id: <200301140658.h0E6wt0l051670@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to chris@freebsd.org using -f
From: Chris Costello <chris@FreeBSD.org>
Subject: PERFORCE change 23723 for review
To: Perforce Change Reviews <perforce@freebsd.org>
Sender: owner-p4-projects@FreeBSD.ORG
Precedence: bulk
List-ID: <p4-projects.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20p4-projects>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20p4-projects>
X-Loop: FreeBSD.ORG

http://perforce.freebsd.org/chv.cgi?CH=23723

Change 23723 by chris@chris_holly on 2003/01/13 22:58:55

	Remove entry points which no longer exist.

Affected files ...

.. //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/mac/chapter.sgml#27 edit

Differences ...

==== //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/mac/chapter.sgml#27 (text+ko) ====

@@ -760,127 +760,6 @@
             available.</para>
         </sect4>
         
-        <sect4 id="mac-mpo-create-devfs-vnode">
-          <title><function>&mac.mpo;_create_devfs_vnode</function></title>
-          
-          <funcsynopsis>
-            <funcprototype>
-              <funcdef>void
-                <function>&mac.mpo;_create_devfs_vnode</function></funcdef>
-              
-              <paramdef>struct devfs_dirent
-                *<parameter>devfs_dirent</parameter></paramdef>
-              <paramdef>struct label
-                *<parameter>direntlabel</parameter></paramdef>
-              <paramdef>struct vnode
-                *<parameter>vp</parameter></paramdef>
-              <paramdef>struct label
-                *<parameter>vnodelabel</parameter></paramdef>
-            </funcprototype>
-          </funcsynopsis>
-          
-          <informaltable>
-            <tgroup cols="3">
-              &mac.thead;
-              
-              <tbody>
-                <row>
-                  <entry><parameter>devfs_dirent</parameter></entry>
-                  <entry>Object; devfs directory entry</entry>
-                </row>
-                
-                <row>
-                  <entry><parameter>direntlabel</parameter></entry>
-                  <entry>Policy label for
-                    <parameter>devfs_dirent</parameter></entry>
-                </row>
-                
-                <row>
-                  <entry><parameter>vp</parameter></entry>
-                  <entry>Object; file system object being labeled</entry>
-                </row>
-                
-                <row>
-                  <entry><parameter>vnodelabel</parameter></entry>
-                  <entry>Policy label to be filled in for
-                    <parameter>vp</parameter></entry>
-                </row>
-              </tbody>
-            </tgroup>
-          </informaltable>
-          
-          <para>Fill out the label on the vnode being created for the
-            passed devfs_dirent. This call will be made when a vnode is
-            required to represent the specified devfs_dirent in a
-            mounted devfs instance.</para>
-        </sect4>
-        
-        <sect4 id="mac-mpo-vnode-create-from-vnode">
-          <title><function>&mac.mpo;_vnode_create_from_vnode</function></title>
-          
-          <funcsynopsis>
-            <funcprototype>
-              <funcdef>void
-                <function>&mac.mpo;_vnode_create_from_vnode</function></funcdef>
-              
-              <paramdef>struct ucred
-                *<parameter>cred</parameter></paramdef>
-              <paramdef>struct vnode
-                *<parameter>parent</parameter></paramdef>
-              <paramdef>struct label
-                *<parameter>parentlabel</parameter></paramdef>
-              <paramdef>struct vnode
-                *<parameter>child</parameter></paramdef>
-              <paramdef>struct label
-                *<parameter>childlabel</parameter></paramdef>
-            </funcprototype>
-          </funcsynopsis>
-          
-          <informaltable>
-            <tgroup cols="3">
-              &mac.thead;
-              
-              <tbody>
-                <row>
-                  <entry><parameter>cred</parameter></entry>
-                  <entry>Subject credential</entry>
-                </row>
-                
-                <row>
-                  <entry><parameter>parent</parameter></entry>
-                  <entry>Parent vnode; the directory in which
-                    <parameter>child</parameter> is being
-                    created</entry>
-                </row>
-                
-                <row>
-                  <entry><parameter>parentlabel</parameter></entry>
-                  <entry>Policy label for
-                    <parameter>parent</parameter></entry>
-                </row>
-                
-                <row>
-                  <entry><parameter>child</parameter></entry>
-                  <entry>New vnode</entry>
-                </row>
-                
-                <row>
-                  <entry><parameter>childlabel</parameter></entry>
-                  <entry>Label to be filled in for
-                    <parameter>child</parameter></entry>
-                </row>
-              </tbody>
-            </tgroup>
-          </informaltable>
-          
-          <para>Fill out the label on the vnode being created in the
-            passed vnode parent by the passed subject credential.  This
-            call will be made when a vnode is allocated during a vnode
-            creation operation.  For example, this call is made by
-            multi-label file systems during the creation of a new file
-            or directory.</para>
-        </sect4>
-        
         <sect4 id="mac-mpo-create-mount">
           <title><function>&mac.mpo;_create_mount</function></title>
           
@@ -1218,227 +1097,6 @@
             <function>mac_vnode_create_from_vnode</function> to
             initialize the vnode label.</para>
         </sect4>
-        
-        <sect4 id="mac-mpo-update-procfsvnode">
-          <title><function>&mac.mpo;_update_procfsvnode</function></title>
-          
-          <funcsynopsis>
-            <funcprototype>
-              <funcdef>void
-                <function>&mac.mpo;_update_procfsvnode</function></funcdef>
-              
-              <paramdef>struct vnode
-                *<parameter>vp</parameter></paramdef>
-              <paramdef>struct label
-                *<parameter>vnodelabel</parameter></paramdef>
-              <paramdef>struct ucred
-                *<parameter>cred</parameter></paramdef>
-            </funcprototype>
-          </funcsynopsis>
-          
-          <informaltable>
-            <tgroup cols="3">
-              &mac.thead;
-              
-              <tbody>
-                <row>
-                  <entry><parameter>vp</parameter></entry>
-                  <entry>Object; procfs vnode</entry>
-                  <entry>Locked</entry>
-                </row>
-                
-                <row>
-                  <entry><parameter>vnodelabel</parameter></entry>
-                  <entry>Policy label to be filled in for
-                    <parameter>vp</parameter></entry>
-                </row>
-                
-                <row>
-                  <entry><parameter>cred</parameter></entry>
-                  <entry>Subject; credential for the process
-                    entry</entry>
-                  <entry>Immutable</entry>
-                </row>
-              </tbody>
-            </tgroup>
-          </informaltable>
-          
-          <para>Update the procfs vnode label from the passed subject
-            credential.  This call will be made when an operation on a
-            procfs vnode requires a fresh label on a process-derived
-            vnode.</para>
-        </sect4>
-        
-        <sect4 id="mac-mpo-update-vnode-from-extattr">
-          <title><function>&mac.mpo;_update_vnode_from_extattr</function></title>
-          
-          <funcsynopsis>
-            <funcprototype>
-              <funcdef>int
-                <function>&mac.mpo;_update_vnode_from_extattr</function></funcdef>
-              
-              <paramdef>struct vnode
-                *<parameter>vp</parameter></paramdef>
-              <paramdef>struct label
-                *<parameter>vnodelabel</parameter></paramdef>
-              <paramdef>struct mount
-                *<parameter>mp</parameter></paramdef>
-              <paramdef>struct label
-                *<parameter>fslabel</parameter></paramdef>
-            </funcprototype>
-          </funcsynopsis>
-          
-          <informaltable>
-            <tgroup cols="3">
-              &mac.thead;
-              
-              <tbody>
-                <row>
-                  <entry><parameter>vp</parameter></entry>
-                  <entry>Object; vnode whose label is being updated</entry>
-                  <entry>Locked</entry>
-                </row>
-                
-                <row>
-                  <entry><parameter>vnodelabel</parameter></entry>
-                  <entry>Policy label to refresh</entry>
-                </row>
-                
-                <row>
-                  <entry><parameter>mp</parameter></entry>
-                  <entry>Mount point for
-                    <parameter>vp</parameter></entry>
-                </row>
-                
-                <row>
-                  <entry><parameter>fslabel</parameter></entry>
-                  <entry>Policy label for <parameter>vp</parameter>'s
-                    file system.</entry>
-                </row>
-              </tbody>
-            </tgroup>
-          </informaltable>
-          
-          <para>Update the vnode label by refreshing the label data from
-            the extended attribute service for the vnode.  The mount
-            point <parameter>fslabel</parameter> is also made available
-            so that the <parameter>fslabel</parameter> may be used as a
-            labeling source if fallback is appropriate for the policy.
-            This call is permitted to fail; if the call fails, the
-            associated label refresh will also fail, causing the failure
-            of the operation requiring the MAC check and vnode label
-            refresh, permitting a <quote>fail closed</quote> policy if
-            labeling data is not available.</para>
-        </sect4>
-        
-        <sect4 id="mac-mpo-update-from-externalized">
-          <title><function>&mac.mpo;_update_from_externalized</function></title>
-          
-          <funcsynopsis>
-            <funcprototype>
-              <funcdef>int
-                <function>&mac.mpo;_update_from_externalized</function></funcdef>
-              
-              <paramdef>struct vnode
-                *<parameter>vp</parameter></paramdef>
-              <paramdef>struct label
-                *<parameter>vnodelabel</parameter></paramdef>
-              <paramdef>struct mac
-                *<parameter>extmac</parameter></paramdef>
-            </funcprototype>
-          </funcsynopsis>
-          
-          <informaltable>
-            <tgroup cols="3">
-              &mac.thead;
-              
-              <tbody>
-                <row>
-                  <entry><parameter>vp</parameter></entry>
-                  <entry>Object; vnode</entry>
-                  <entry>Locked</entry>
-                </row>
-                
-                <row>
-                  <entry><parameter>vnodelabel</parameter></entry>
-                  <entry>Policy label for
-                    <parameter>vp</parameter></entry>
-                </row>
-                
-                <row>
-                  <entry><parameter>extmac</parameter></entry>
-                  <entry>Externalized MAC policy label</entry>
-                </row>
-              </tbody>
-            </tgroup>
-          </informaltable>
-          
-          <para>Update the vnode label from the passed externalized
-            label loaded from disk by the MAC framework.  This call is
-            permitted to fail; if the call fails, the associated label
-            refresh will also fail, causing the failure of the operation
-            requiring the MAC check and vnode label refresh, permitting
-            a <quote>fail closed</quote> policy if labeling data is not
-            available. This call will be obsoleted by the new extended
-            attribute labeling interface.</para>
-        </sect4>
-        
-        <sect4 id="mac-mpo-update-vnode-from-mount">
-          <title><function>&mac.mpo;_update_vnode_from_mount</function></title>
-          
-          <funcsynopsis>
-            <funcprototype>
-              <funcdef>void
-                <function>&mac.mpo;_update_vnode_from_mount</function></funcdef>
-              
-              <paramdef>struct vnode
-                *<parameter>vp</parameter></paramdef>
-              <paramdef>struct label
-                *<parameter>vnodelabel</parameter></paramdef>
-              <paramdef>struct mount
-                *<parameter>mp</parameter></paramdef>
-              <paramdef>struct label
-                *<parameter>mountlabel</parameter></paramdef>
-            </funcprototype>
-          </funcsynopsis>
-          
-          <informaltable>
-            <tgroup cols="3">
-              &mac.thead;
-              
-              <tbody>
-                <row>
-                  <entry><parameter>vp</parameter></entry>
-                  <entry>Object; vnode</entry>
-                  <entry>Locked</entry>
-                </row>
-                
-                <row>
-                  <entry><parameter>vnodelabel</parameter></entry>
-                  <entry>Policy label for
-                    <parameter>vp</parameter></entry>
-                </row>
-                
-                <row>
-                  <entry><parameter>mp</parameter></entry>
-                  <entry>Mount point where <parameter>vp</parameter>
-                    resides</entry>
-                </row>
-                
-                <row>
-                  <entry><parameter>fslabel</parameter></entry>
-                  <entry>Policy label for the file system where
-                    <parameter>vp</parameter> resides.</entry>
-                </row>
-              </tbody>
-            </tgroup>
-          </informaltable>
-          
-          <para>Update the vnode label from the passed mount point
-            label.  This call is made when a single label file system
-            vnode requires a label, or if the obsoleted MAC framework
-            externalized extended attribute read fails.</para>
-        </sect4>
       </sect3>
       
       <sect3 id="mac-ipc-label-ops">
@@ -4997,12 +4655,12 @@
       </sect3>
 
       <sect3 id="mac-mpo-check-vnode-mmap-downgrade">
-        <title><function>&mac.mpo;_check_mmap_downgrade</function></title>
+        <title><function>&mac.mpo;_check_vnode_mmap_downgrade</function></title>
 
         <funcsynopsis>
           <funcprototype>
             <funcdef>void
-              <function>&mac.mpo;_check_mmap_downgrade</function></funcdef>
+              <function>&mac.mpo;_check_vnode_mmap_downgrade</function></funcdef>
 
             <paramdef>struct ucred
               *<parameter>cred</parameter></paramdef>
@@ -5557,159 +5215,6 @@
           process.</para>
       </sect3>
       
-      <sect3 id="mac-mpo-cred-check-rename-from-vnode">
-        <title><function>&mac.mpo;_check_rename_from_vnode</function></title>
-        
-        <funcsynopsis>
-          <funcprototype>
-            <funcdef>int
-              <function>&mac.mpo;_check_rename_from_vnode</function></funcdef>
-            
-            <paramdef>struct ucred
-              *<parameter>cred</parameter></paramdef>
-            <paramdef>struct vnode
-              *<parameter>dvp</parameter></paramdef>
-            <paramdef>struct label
-              *<parameter>dlabel</parameter></paramdef>
-            <paramdef>struct vnode
-              *<parameter>vp</parameter></paramdef>
-            <paramdef>struct label
-              *<parameter>label</parameter></paramdef>
-            <paramdef>struct componentname
-              *<parameter>cnp</parameter></paramdef>
-          </funcprototype>
-        </funcsynopsis>
-        
-        <informaltable>
-          <tgroup cols="3">
-            &mac.thead;
-            
-            <tbody>
-              <row>
-                <entry><parameter>cred</parameter></entry>
-                <entry>Subject credential</entry>
-              </row>
-              
-              <row>
-                <entry><parameter>dvp</parameter></entry>
-                <entry>Directory vnode</entry>
-              </row>
-              
-              <row>
-                <entry><parameter>dlabel</parameter></entry>
-                <entry>Policy label for
-                  <parameter>dvp</parameter></entry>
-              </row>
-              
-              <row>
-                <entry><parameter>vp</parameter></entry>
-                <entry>Object; vnode</entry>
-              </row>
-              
-              <row>
-                <entry><parameter>label</parameter></entry>
-                <entry>Policy label for
-                  <parameter>vp</parameter></entry>
-              </row>
-              
-              <!-- XXX ??? -->
-              <row>
-                <entry><parameter>cnp</parameter></entry>
-                <entry>Pathname</entry>
-              </row>
-            </tbody>
-          </tgroup>
-        </informaltable>
-        
-        <para>Determine whether the subject credential can rename the
-          passed vnode (<parameter>vp</parameter>) in the passed
-          directory (<parameter>dvp</parameter>) using the passed name
-          (<parameter>cnp</parameter>).  This call will be made in
-          combination with a follow-up call to
-          <function>mpo_check_rename_to_vnode</function>. Return
-          <returnvalue>0</returnvalue> for success, or an
-          <varname>errno</varname> value for failure. Suggested
-          failure: <errorcode>EACCES</errorcode> for label mismatch,
-          or <errorcode>EPERM</errorcode> for lack of
-          privilege.</para>
-      </sect3>
-      
-      <sect3 id="mac-mpo-cred-check-rename-to-vnode">
-        <title><function>&mac.mpo;_check_rename_to_vnode</function></title>
-        
-        <funcsynopsis>
-          <funcprototype>
-            <funcdef>int
-              <function>&mac.mpo;_check_rename_to_vnode</function></funcdef>
-            
-            <paramdef>struct ucred
-              *<parameter></parameter>cred</paramdef>
-            <paramdef>struct vnode
-              *<parameter></parameter>dvp</paramdef>
-            <paramdef>struct label
-              *<parameter></parameter>dlabel</paramdef>
-            <paramdef>struct vnode
-              *<parameter></parameter>vp</paramdef>
-            <paramdef>struct label
-              *<parameter></parameter>label</paramdef>
-            <paramdef>int <parameter></parameter>samedir</paramdef>
-            <paramdef>struct componentname
-              *<parameter>cnp</parameter></paramdef>
-          </funcprototype>
-        </funcsynopsis>
-        
-        <informaltable>
-          <tgroup cols="3">
-            &mac.thead;
-            
-            <tbody>
-              <row>
-                <entry><parameter>cred</parameter></entry>
-                <entry>Subject credential</entry>
-              </row>
-              
-              <row>
-                <entry><parameter>dvp</parameter></entry>
-                <entry>Directory vnode</entry>
-              </row>
-              
-              <row>
-                <entry><parameter>dlabel</parameter></entry>
-                <entry>Policy label for <parameter>dvp</parameter></entry>
-              </row>
-              
-              <row>
-                <entry><parameter>vp</parameter></entry>
-                <entry>Object; vnode</entry>
-              </row>
-              
-              <row>
-                <entry><parameter>label</parameter></entry>
-                <entry>Policy label for
-                  <parameter>vp</parameter></entry>
-              </row>
-              
-              <row>
-                <entry><parameter>cnp</parameter></entry>
-                <entry>Pathname</entry>
-              </row>
-            </tbody>
-          </tgroup>
-        </informaltable>
-        
-        <para>Determine whether the subject credential can rename to
-          the passed vnode (<parameter>vp</parameter>) and the passed
-          directory (<parameter>dvp</parameter>) with the passed name
-          (<parameter>cnp</parameter>).  This call will be made in
-          combination with an earlier call to
-          <function>mpo_check_rename_from_vnode</function>.
-          Return <returnvalue>0</returnvalue> for success, or an
-          <varname>errno</varname> value for failure.  Suggested
-          failure: <errorcode>EACCES</errorcode> for label mismatch,
-          or <errorcode>EPERM</errorcode> for lack of
-          privilege.</para>
-      </sect3>
-      
       <sect3 id="mac-mpo-cred-check-vnode-revoke">
         <title><function>&mac.mpo;_check_vnode_revoke</function></title>
         
@@ -7228,37 +6733,6 @@
           user credential.</para>
       </sect3>
       
-      <sect3 id="mac-mpo-init-temp">
-        <title><function>&mac.mpo;_init_temp_label</function></title>
-        
-        <funcsynopsis>
-          <funcprototype>
-            <funcdef>void
-              <function>&mac.mpo;_init_temp_label</function></funcdef>
-            
-            <paramdef>struct label
-              *<parameter>label</parameter></paramdef>
-          </funcprototype>
-        </funcsynopsis>
-        
-        <informaltable>
-          <tgroup cols="3">
-            &mac.thead;
-            
-            <tbody>
-              <row>
-                <entry><parameter>label</parameter></entry>
-                <entry>Temporary label</entry>
-              </row>
-            </tbody>
-          </tgroup>
-        </informaltable>
-        
-        <para>Initialize a newly instantiated temporary label;
-          temporary labels are frequently used to hold label update
-          requests.</para>
-      </sect3>
-      
       <sect3 id="mac-mpo-init-vnode">
         <title><function>&mac.mpo;_init_vnode_label</function></title>
         
@@ -7294,41 +6768,7 @@
         
         <para>Initialize the label on a newly instantiated vnode.</para>
       </sect3>
-      
-      <sect3 id="mac-mpo-destroy-bpfdesc">
-        <title><function>&mac.mpo;_destroy_bpfdesc</function></title>
-        
-        <funcsynopsis>
-          <funcprototype>
-            <funcdef>void
-              <function>&mac.mpo;_destroy_bpfdesc_label</function></funcdef>
-            
-            <paramdef>struct bpf_d
-              *<parameter>bpf_d</parameter></paramdef>
-            <paramdef>struct label
-              *<parameter>label</parameter></paramdef>
-          </funcprototype>
-        </funcsynopsis>
-        
-        <informaltable>
-          <tgroup cols="3">
-            &mac.thead;
 
-            <tbody>
-              <row>
-                <entry><parameter>label</parameter></entry>
-                <entry>Label being destroyed</entry>
-              </row>
-            </tbody>
-          </tgroup>
-        </informaltable>
-        
-        <para>Destroy the label on a BPF descriptor.  In this entry
-          point, a policy module should free any internal storage
-          associated with <parameter>label</parameter> so that it may
-          be destroyed.</para>
-      </sect3>
-      
       <sect3 id="mac-mpo-destroy-devfsdirent">
         <title><function>&mac.mpo;_destroy_devfsdirent_label</function></title>
         
@@ -7630,38 +7070,6 @@
           destroyed.</para>
       </sect3>
       
-      <sect3 id="mac-mpo-destroy-temp">
-        <title><function>&mac.mpo;_destroy_temp_label</function></title>
-        
-        <funcsynopsis>
-          <funcprototype>
-            <funcdef>void
-              <function>&mac.mpo;_destroy_temp_label</function></funcdef>
-            
-            <paramdef>struct label
-              *<parameter>label</parameter></paramdef>
-          </funcprototype>
-        </funcsynopsis>
-        
-        <informaltable>
-          <tgroup cols="3">
-            &mac.thead;
-            
-            <tbody>
-              <row>
-                <entry><parameter>label</parameter></entry>
-                <entry>Temporary label being destroyed</entry>
-              </row>
-            </tbody>
-          </tgroup>
-        </informaltable>
-        
-        <para>Destroy a temporary label.  In this entry point, a
-          policy module should free any internal storage associated
-          with the temporary label <parameter>label</parameter> so
-          that it may be destroyed.</para>
-      </sect3>
-      
       <sect3 id="mac-mpo-destroy-vnode">
         <title><function>&mac.mpo;_destroy_vnode_label</function></title>
         

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe p4-projects" in the body of the message