PERFORCE change 81927 for review

Samy Al Bahra samy at FreeBSD.org
Sat Aug 13 07:55:11 GMT 2005 

http://perforce.freebsd.org/chv.cgi?CH=81927

Change 81927 by samy at mini on 2005/08/13 07:54:27

	Allow policies to define a prerequisite for the MAC
	version. Systems with a MAC version lower than defined
	by the policy will fail to load the policy. The MAC_DEPEND_VERSION
	macro should be changed so we don't require it after
	MAC_POLICY_SET. Policies that don't use MAC_POLICY_SET will
	load on any system as usual (thus, not breaking API).
	rwatson would want cleanly generated code, that's
	what we'll do until I convince him to go another way.
	Approved by:	rwatson

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#449 edit
.. //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#237 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#449 (text+ko) ====

@@ -392,6 +392,14 @@
 			error = EBUSY;
 			break;
 		}
+		if (mac_version < mpc->mpc_depend_version) {
+			printf("mac_policy_modevent: %s policy requires "
+			    "MAC version %d\n", mpc->mpc_name,
+						mpc->mpc_depend_version);
+			error = ENOTSUP;
+			break;
+		}
+
 		error = mac_policy_register(mpc);
 		break;
 	case MOD_UNLOAD:

==== //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#237 (text+ko) ====

@@ -600,6 +600,7 @@
 	int				 mpc_loadtime_flags;	/* flags */
 	int				*mpc_field_off; /* security field */
 	int				 mpc_runtime_flags; /* flags */
+	int				 mpc_depend_version; /* required MAC */
 	LIST_ENTRY(mac_policy_conf)	 mpc_list;	/* global list */
 };
 
@@ -611,6 +612,10 @@
 /* Flags for the mpc_runtime_flags field. */
 #define	MPC_RUNTIME_FLAG_REGISTERED	0x00000001
 
+/* This must be defined after MAC_POLICY_SET. */
+#define MAC_DEPEND_VERSION(mpname, version) \
+	mpname##_mac_policy_conf.mpc_depend_version = version;
+
 #define	MAC_POLICY_SET(mpops, mpname, mpfullname, mpflags, privdata_wanted) \
 	static struct mac_policy_conf mpname##_mac_policy_conf = {	\
 		#mpname,						\
@@ -619,6 +624,7 @@
 		mpflags,						\
 		privdata_wanted,					\
 		0,							\
+		0,							\
 	};								\
 	static moduledata_t mpname##_mod = {				\
 		#mpname,						\

More information about the p4-projects mailing list