Date: Mon, 13 Jan 2003 22:58:55 -0800 (PST) From: Chris Costello <chris@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 23723 for review Message-ID: <200301140658.h0E6wt0l051670@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=23723 Change 23723 by chris@chris_holly on 2003/01/13 22:58:55 Remove entry points which no longer exist. Affected files ... .. //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/mac/chapter.sgml#27 edit Differences ... ==== //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/mac/chapter.sgml#27 (text+ko) ==== @@ -760,127 +760,6 @@ available.</para> </sect4> - <sect4 id="mac-mpo-create-devfs-vnode"> - <title><function>&mac.mpo;_create_devfs_vnode</function></title> - - <funcsynopsis> - <funcprototype> - <funcdef>void - <function>&mac.mpo;_create_devfs_vnode</function></funcdef> - - <paramdef>struct devfs_dirent - *<parameter>devfs_dirent</parameter></paramdef> - <paramdef>struct label - *<parameter>direntlabel</parameter></paramdef> - <paramdef>struct vnode - *<parameter>vp</parameter></paramdef> - <paramdef>struct label - *<parameter>vnodelabel</parameter></paramdef> - </funcprototype> - </funcsynopsis> - - <informaltable> - <tgroup cols="3"> - &mac.thead; - - <tbody> - <row> - <entry><parameter>devfs_dirent</parameter></entry> - <entry>Object; devfs directory entry</entry> - </row> - - <row> - <entry><parameter>direntlabel</parameter></entry> - <entry>Policy label for - <parameter>devfs_dirent</parameter></entry> - </row> - - <row> - <entry><parameter>vp</parameter></entry> - <entry>Object; file system object being labeled</entry> - </row> - - <row> - <entry><parameter>vnodelabel</parameter></entry> - <entry>Policy label to be filled in for - <parameter>vp</parameter></entry> - </row> - </tbody> - </tgroup> - </informaltable> - - <para>Fill out the label on the vnode being created for the - passed devfs_dirent. This call will be made when a vnode is - required to represent the specified devfs_dirent in a - mounted devfs instance.</para> - </sect4> - - <sect4 id="mac-mpo-vnode-create-from-vnode"> - <title><function>&mac.mpo;_vnode_create_from_vnode</function></title> - - <funcsynopsis> - <funcprototype> - <funcdef>void - <function>&mac.mpo;_vnode_create_from_vnode</function></funcdef> - - <paramdef>struct ucred - *<parameter>cred</parameter></paramdef> - <paramdef>struct vnode - *<parameter>parent</parameter></paramdef> - <paramdef>struct label - *<parameter>parentlabel</parameter></paramdef> - <paramdef>struct vnode - *<parameter>child</parameter></paramdef> - <paramdef>struct label - *<parameter>childlabel</parameter></paramdef> - </funcprototype> - </funcsynopsis> - - <informaltable> - <tgroup cols="3"> - &mac.thead; - - <tbody> - <row> - <entry><parameter>cred</parameter></entry> - <entry>Subject credential</entry> - </row> - - <row> - <entry><parameter>parent</parameter></entry> - <entry>Parent vnode; the directory in which - <parameter>child</parameter> is being - created</entry> - </row> - - <row> - <entry><parameter>parentlabel</parameter></entry> - <entry>Policy label for - <parameter>parent</parameter></entry> - </row> - - <row> - <entry><parameter>child</parameter></entry> - <entry>New vnode</entry> - </row> - - <row> - <entry><parameter>childlabel</parameter></entry> - <entry>Label to be filled in for - <parameter>child</parameter></entry> - </row> - </tbody> - </tgroup> - </informaltable> - - <para>Fill out the label on the vnode being created in the - passed vnode parent by the passed subject credential. This - call will be made when a vnode is allocated during a vnode - creation operation. For example, this call is made by - multi-label file systems during the creation of a new file - or directory.</para> - </sect4> - <sect4 id="mac-mpo-create-mount"> <title><function>&mac.mpo;_create_mount</function></title> @@ -1218,227 +1097,6 @@ <function>mac_vnode_create_from_vnode</function> to initialize the vnode label.</para> </sect4> - - <sect4 id="mac-mpo-update-procfsvnode"> - <title><function>&mac.mpo;_update_procfsvnode</function></title> - - <funcsynopsis> - <funcprototype> - <funcdef>void - <function>&mac.mpo;_update_procfsvnode</function></funcdef> - - <paramdef>struct vnode - *<parameter>vp</parameter></paramdef> - <paramdef>struct label - *<parameter>vnodelabel</parameter></paramdef> - <paramdef>struct ucred - *<parameter>cred</parameter></paramdef> - </funcprototype> - </funcsynopsis> - - <informaltable> - <tgroup cols="3"> - &mac.thead; - - <tbody> - <row> - <entry><parameter>vp</parameter></entry> - <entry>Object; procfs vnode</entry> - <entry>Locked</entry> - </row> - - <row> - <entry><parameter>vnodelabel</parameter></entry> - <entry>Policy label to be filled in for - <parameter>vp</parameter></entry> - </row> - - <row> - <entry><parameter>cred</parameter></entry> - <entry>Subject; credential for the process - entry</entry> - <entry>Immutable</entry> - </row> - </tbody> - </tgroup> - </informaltable> - - <para>Update the procfs vnode label from the passed subject - credential. This call will be made when an operation on a - procfs vnode requires a fresh label on a process-derived - vnode.</para> - </sect4> - - <sect4 id="mac-mpo-update-vnode-from-extattr"> - <title><function>&mac.mpo;_update_vnode_from_extattr</function></title> - - <funcsynopsis> - <funcprototype> - <funcdef>int - <function>&mac.mpo;_update_vnode_from_extattr</function></funcdef> - - <paramdef>struct vnode - *<parameter>vp</parameter></paramdef> - <paramdef>struct label - *<parameter>vnodelabel</parameter></paramdef> - <paramdef>struct mount - *<parameter>mp</parameter></paramdef> - <paramdef>struct label - *<parameter>fslabel</parameter></paramdef> - </funcprototype> - </funcsynopsis> - - <informaltable> - <tgroup cols="3"> - &mac.thead; - - <tbody> - <row> - <entry><parameter>vp</parameter></entry> - <entry>Object; vnode whose label is being updated</entry> - <entry>Locked</entry> - </row> - - <row> - <entry><parameter>vnodelabel</parameter></entry> - <entry>Policy label to refresh</entry> - </row> - - <row> - <entry><parameter>mp</parameter></entry> - <entry>Mount point for - <parameter>vp</parameter></entry> - </row> - - <row> - <entry><parameter>fslabel</parameter></entry> - <entry>Policy label for <parameter>vp</parameter>'s - file system.</entry> - </row> - </tbody> - </tgroup> - </informaltable> - - <para>Update the vnode label by refreshing the label data from - the extended attribute service for the vnode. The mount - point <parameter>fslabel</parameter> is also made available - so that the <parameter>fslabel</parameter> may be used as a - labeling source if fallback is appropriate for the policy. - This call is permitted to fail; if the call fails, the - associated label refresh will also fail, causing the failure - of the operation requiring the MAC check and vnode label - refresh, permitting a <quote>fail closed</quote> policy if - labeling data is not available.</para> - </sect4> - - <sect4 id="mac-mpo-update-from-externalized"> - <title><function>&mac.mpo;_update_from_externalized</function></title> - - <funcsynopsis> - <funcprototype> - <funcdef>int - <function>&mac.mpo;_update_from_externalized</function></funcdef> - - <paramdef>struct vnode - *<parameter>vp</parameter></paramdef> - <paramdef>struct label - *<parameter>vnodelabel</parameter></paramdef> - <paramdef>struct mac - *<parameter>extmac</parameter></paramdef> - </funcprototype> - </funcsynopsis> - - <informaltable> - <tgroup cols="3"> - &mac.thead; - - <tbody> - <row> - <entry><parameter>vp</parameter></entry> - <entry>Object; vnode</entry> - <entry>Locked</entry> - </row> - - <row> - <entry><parameter>vnodelabel</parameter></entry> - <entry>Policy label for - <parameter>vp</parameter></entry> - </row> - - <row> - <entry><parameter>extmac</parameter></entry> - <entry>Externalized MAC policy label</entry> - </row> - </tbody> - </tgroup> - </informaltable> - - <para>Update the vnode label from the passed externalized - label loaded from disk by the MAC framework. This call is - permitted to fail; if the call fails, the associated label - refresh will also fail, causing the failure of the operation - requiring the MAC check and vnode label refresh, permitting - a <quote>fail closed</quote> policy if labeling data is not - available. This call will be obsoleted by the new extended - attribute labeling interface.</para> - </sect4> - - <sect4 id="mac-mpo-update-vnode-from-mount"> - <title><function>&mac.mpo;_update_vnode_from_mount</function></title> - - <funcsynopsis> - <funcprototype> - <funcdef>void - <function>&mac.mpo;_update_vnode_from_mount</function></funcdef> - - <paramdef>struct vnode - *<parameter>vp</parameter></paramdef> - <paramdef>struct label - *<parameter>vnodelabel</parameter></paramdef> - <paramdef>struct mount - *<parameter>mp</parameter></paramdef> - <paramdef>struct label - *<parameter>mountlabel</parameter></paramdef> - </funcprototype> - </funcsynopsis> - - <informaltable> - <tgroup cols="3"> - &mac.thead; - - <tbody> - <row> - <entry><parameter>vp</parameter></entry> - <entry>Object; vnode</entry> - <entry>Locked</entry> - </row> - - <row> - <entry><parameter>vnodelabel</parameter></entry> - <entry>Policy label for - <parameter>vp</parameter></entry> - </row> - - <row> - <entry><parameter>mp</parameter></entry> - <entry>Mount point where <parameter>vp</parameter> - resides</entry> - </row> - - <row> - <entry><parameter>fslabel</parameter></entry> - <entry>Policy label for the file system where - <parameter>vp</parameter> resides.</entry> - </row> - </tbody> - </tgroup> - </informaltable> - - <para>Update the vnode label from the passed mount point - label. This call is made when a single label file system - vnode requires a label, or if the obsoleted MAC framework - externalized extended attribute read fails.</para> - </sect4> </sect3> <sect3 id="mac-ipc-label-ops"> @@ -4997,12 +4655,12 @@ </sect3> <sect3 id="mac-mpo-check-vnode-mmap-downgrade"> - <title><function>&mac.mpo;_check_mmap_downgrade</function></title> + <title><function>&mac.mpo;_check_vnode_mmap_downgrade</function></title> <funcsynopsis> <funcprototype> <funcdef>void - <function>&mac.mpo;_check_mmap_downgrade</function></funcdef> + <function>&mac.mpo;_check_vnode_mmap_downgrade</function></funcdef> <paramdef>struct ucred *<parameter>cred</parameter></paramdef> @@ -5557,159 +5215,6 @@ process.</para> </sect3> - <sect3 id="mac-mpo-cred-check-rename-from-vnode"> - <title><function>&mac.mpo;_check_rename_from_vnode</function></title> - - <funcsynopsis> - <funcprototype> - <funcdef>int - <function>&mac.mpo;_check_rename_from_vnode</function></funcdef> - - <paramdef>struct ucred - *<parameter>cred</parameter></paramdef> - <paramdef>struct vnode - *<parameter>dvp</parameter></paramdef> - <paramdef>struct label - *<parameter>dlabel</parameter></paramdef> - <paramdef>struct vnode - *<parameter>vp</parameter></paramdef> - <paramdef>struct label - *<parameter>label</parameter></paramdef> - <paramdef>struct componentname - *<parameter>cnp</parameter></paramdef> - </funcprototype> - </funcsynopsis> - - <informaltable> - <tgroup cols="3"> - &mac.thead; - - <tbody> - <row> - <entry><parameter>cred</parameter></entry> - <entry>Subject credential</entry> - </row> - - <row> - <entry><parameter>dvp</parameter></entry> - <entry>Directory vnode</entry> - </row> - - <row> - <entry><parameter>dlabel</parameter></entry> - <entry>Policy label for - <parameter>dvp</parameter></entry> - </row> - - <row> - <entry><parameter>vp</parameter></entry> - <entry>Object; vnode</entry> - </row> - - <row> - <entry><parameter>label</parameter></entry> - <entry>Policy label for - <parameter>vp</parameter></entry> - </row> - - <!-- XXX ??? --> - <row> - <entry><parameter>cnp</parameter></entry> - <entry>Pathname</entry> - </row> - </tbody> - </tgroup> - </informaltable> - - <para>Determine whether the subject credential can rename the - passed vnode (<parameter>vp</parameter>) in the passed - directory (<parameter>dvp</parameter>) using the passed name - (<parameter>cnp</parameter>). This call will be made in - combination with a follow-up call to - <function>mpo_check_rename_to_vnode</function>. Return - <returnvalue>0</returnvalue> for success, or an - <varname>errno</varname> value for failure. Suggested - failure: <errorcode>EACCES</errorcode> for label mismatch, - or <errorcode>EPERM</errorcode> for lack of - privilege.</para> - </sect3> - - <sect3 id="mac-mpo-cred-check-rename-to-vnode"> - <title><function>&mac.mpo;_check_rename_to_vnode</function></title> - - <funcsynopsis> - <funcprototype> - <funcdef>int - <function>&mac.mpo;_check_rename_to_vnode</function></funcdef> - - <paramdef>struct ucred - *<parameter></parameter>cred</paramdef> - <paramdef>struct vnode - *<parameter></parameter>dvp</paramdef> - <paramdef>struct label - *<parameter></parameter>dlabel</paramdef> - <paramdef>struct vnode - *<parameter></parameter>vp</paramdef> - <paramdef>struct label - *<parameter></parameter>label</paramdef> - <paramdef>int <parameter></parameter>samedir</paramdef> - <paramdef>struct componentname - *<parameter>cnp</parameter></paramdef> - </funcprototype> - </funcsynopsis> - - <informaltable> - <tgroup cols="3"> - &mac.thead; - - <tbody> - <row> - <entry><parameter>cred</parameter></entry> - <entry>Subject credential</entry> - </row> - - <row> - <entry><parameter>dvp</parameter></entry> - <entry>Directory vnode</entry> - </row> - - <row> - <entry><parameter>dlabel</parameter></entry> - <entry>Policy label for <parameter>dvp</parameter></entry> - </row> - - <row> - <entry><parameter>vp</parameter></entry> - <entry>Object; vnode</entry> - </row> - - <row> - <entry><parameter>label</parameter></entry> - <entry>Policy label for - <parameter>vp</parameter></entry> - </row> - - <row> - <entry><parameter>cnp</parameter></entry> - <entry>Pathname</entry> - </row> - </tbody> - </tgroup> - </informaltable> - - <para>Determine whether the subject credential can rename to - the passed vnode (<parameter>vp</parameter>) and the passed - directory (<parameter>dvp</parameter>) with the passed name - (<parameter>cnp</parameter>). This call will be made in - combination with an earlier call to - <function>mpo_check_rename_from_vnode</function>. - Return <returnvalue>0</returnvalue> for success, or an - <varname>errno</varname> value for failure. Suggested - failure: <errorcode>EACCES</errorcode> for label mismatch, - or <errorcode>EPERM</errorcode> for lack of - privilege.</para> - </sect3> - <sect3 id="mac-mpo-cred-check-vnode-revoke"> <title><function>&mac.mpo;_check_vnode_revoke</function></title> @@ -7228,37 +6733,6 @@ user credential.</para> </sect3> - <sect3 id="mac-mpo-init-temp"> - <title><function>&mac.mpo;_init_temp_label</function></title> - - <funcsynopsis> - <funcprototype> - <funcdef>void - <function>&mac.mpo;_init_temp_label</function></funcdef> - - <paramdef>struct label - *<parameter>label</parameter></paramdef> - </funcprototype> - </funcsynopsis> - - <informaltable> - <tgroup cols="3"> - &mac.thead; - - <tbody> - <row> - <entry><parameter>label</parameter></entry> - <entry>Temporary label</entry> - </row> - </tbody> - </tgroup> - </informaltable> - - <para>Initialize a newly instantiated temporary label; - temporary labels are frequently used to hold label update - requests.</para> - </sect3> - <sect3 id="mac-mpo-init-vnode"> <title><function>&mac.mpo;_init_vnode_label</function></title> @@ -7294,41 +6768,7 @@ <para>Initialize the label on a newly instantiated vnode.</para> </sect3> - - <sect3 id="mac-mpo-destroy-bpfdesc"> - <title><function>&mac.mpo;_destroy_bpfdesc</function></title> - - <funcsynopsis> - <funcprototype> - <funcdef>void - <function>&mac.mpo;_destroy_bpfdesc_label</function></funcdef> - - <paramdef>struct bpf_d - *<parameter>bpf_d</parameter></paramdef> - <paramdef>struct label - *<parameter>label</parameter></paramdef> - </funcprototype> - </funcsynopsis> - - <informaltable> - <tgroup cols="3"> - &mac.thead; - <tbody> - <row> - <entry><parameter>label</parameter></entry> - <entry>Label being destroyed</entry> - </row> - </tbody> - </tgroup> - </informaltable> - - <para>Destroy the label on a BPF descriptor. In this entry - point, a policy module should free any internal storage - associated with <parameter>label</parameter> so that it may - be destroyed.</para> - </sect3> - <sect3 id="mac-mpo-destroy-devfsdirent"> <title><function>&mac.mpo;_destroy_devfsdirent_label</function></title> @@ -7630,38 +7070,6 @@ destroyed.</para> </sect3> - <sect3 id="mac-mpo-destroy-temp"> - <title><function>&mac.mpo;_destroy_temp_label</function></title> - - <funcsynopsis> - <funcprototype> - <funcdef>void - <function>&mac.mpo;_destroy_temp_label</function></funcdef> - - <paramdef>struct label - *<parameter>label</parameter></paramdef> - </funcprototype> - </funcsynopsis> - - <informaltable> - <tgroup cols="3"> - &mac.thead; - - <tbody> - <row> - <entry><parameter>label</parameter></entry> - <entry>Temporary label being destroyed</entry> - </row> - </tbody> - </tgroup> - </informaltable> - - <para>Destroy a temporary label. In this entry point, a - policy module should free any internal storage associated - with the temporary label <parameter>label</parameter> so - that it may be destroyed.</para> - </sect3> - <sect3 id="mac-mpo-destroy-vnode"> <title><function>&mac.mpo;_destroy_vnode_label</function></title> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200301140658.h0E6wt0l051670>