PERFORCE change 56905 for review
Robert Watson
rwatson at FreeBSD.org
Fri Jul 9 10:31:49 PDT 2004
http://perforce.freebsd.org/chv.cgi?CH=56905
Change 56905 by rwatson at rwatson_tislabs on 2004/07/09 17:31:05
Comment consistency and fleshing out.
Affected files ...
.. //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#211 edit
Differences ...
==== //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#211 (text+ko) ====
@@ -83,9 +83,9 @@
void (*mpo_init)(struct mac_policy_conf *mpc);
/*
- * General policy-directed security system call so that policies
- * may implement new services without reserving explicit
- * system call numbers.
+ * General policy-directed security system call so that policies may
+ * implement new services without reserving explicit system call
+ * numbers.
*/
int (*mpo_syscall)(struct thread *td, int call, void *arg);
@@ -231,7 +231,7 @@
struct label *pipelabel);
/*
- * Labeling event operations: System V IPC primitives
+ * Labeling event operations: System V IPC primitives.
*/
void (*mpo_create_ipc_msgmsg)(struct ucred *cred,
struct msqid_kernel *msqkptr,
@@ -563,6 +563,14 @@
struct label *label);
};
+/*
+ * struct mac_policy_conf is the registration structure for policies, and is
+ * provided to the MAC Framework using MAC_POLICY_SET() to invoke a SYSINIT
+ * to register the policy. In general, the fields are immutable, with the
+ * exception of the "security field", run-time flags, and policy list entry,
+ * which are managed by the MAC Framework. Be careful when modifying this
+ * structure, as its layout is statically compiled into all policies.
+ */
struct mac_policy_conf {
char *mpc_name; /* policy name */
char *mpc_fullname; /* policy full name */
More information about the p4-projects
mailing list