PERFORCE change 15213 for review

Robert Watson rwatson at freebsd.org
Tue Jul 30 19:46:49 GMT 2002


http://people.freebsd.org/~peter/p4db/chv.cgi?CH=15213

Change 15213 by rwatson at rwatson_tislabs on 2002/07/30 12:46:17

	Comment and content cleanup for mac.h; also, don't export
	mac_debug_label_fallback outside of kern_mac.c.

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#222 edit
.. //depot/projects/trustedbsd/mac/sys/sys/mac.h#138 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#222 (text+ko) ====

@@ -93,7 +93,7 @@
 SYSCTL_NODE(_security_mac, OID_AUTO, debug, CTLFLAG_RW, 0,
     "TrustedBSD MAC debug info");
 
-int	mac_debug_label_fallback = 0;
+static int	mac_debug_label_fallback = 0;
 SYSCTL_INT(_security_mac_debug, OID_AUTO, label_fallback, CTLFLAG_RW,
     &mac_debug_label_fallback, 0, "Filesystems should fall back to fs label"
     "when label is corrupted.");

==== //depot/projects/trustedbsd/mac/sys/sys/mac.h#138 (text+ko) ====

@@ -49,15 +49,25 @@
 #define	_POSIX_MAC
 #endif
 
+/*
+ * XXXMAC: The single MAC extended attribute will be deprecated once
+ * compound EA writes on a single target file can be performed cleanly
+ * with UFS2.
+ */
 #define	FREEBSD_MAC_EXTATTR_NAME	"freebsd.mac"
 #define	FREEBSD_MAC_EXTATTR_NAMESPACE	EXTATTR_NAMESPACE_SYSTEM
 
 /*
+ * XXXMAC: Per-policy structures will be moved from mac.h to per-policy
+ * include files once the revised user interface is available.
+ */
+
+/*
  * Structures and constants associated with a Biba Integrity policy.
  * mac_biba represents a Biba label, with mb_type determining its properties,
  * and mb_grade represents the hierarchal grade if valid for the current
  * mb_type.  These structures will move to mac_biba.h once we have dymamic
- * labels.
+ * labels exposed to userland.
  */
 struct mac_biba_element {
 	u_short	mbe_type;
@@ -81,7 +91,7 @@
  * mac_mls represents an MLS label, with mm_type determining its properties,
  * and mm_level represents the hierarchal sensitivity level if valid for the
  * current mm_type.  These structures will move to mac_mls.h once we have
- * dynamic labels.
+ * dynamic labels exposed to userland.
  */
 struct mac_mls_element {
 	u_short	mme_type;
@@ -154,6 +164,7 @@
  * Extensions to POSIX.1e visible in the application namespace.
  */
 int	mac_is_present_np(const char *_policyname);
+int	mac_policy(const char *_policyname, int call, void *arg);
 
 /*
  * System calls wrapped by some POSIX.1e functions.
@@ -169,7 +180,7 @@
 #endif /* _KERNEL */
 
 /*
- * XXX: This shouldn't be exported to userland, but is because of ucred.h
+ * XXXMAC: This shouldn't be exported to userland, but is because of ucred.h
  * and various other messes.
  */
 
@@ -186,12 +197,6 @@
 #ifdef _KERNEL
 
 /*
- * Policy flags exported to consumers of MAC APIs.  Probably, this shouldn't
- * be done.
- */
-extern int	mac_debug_label_fallback;
-
-/*
  * MAC entry point operations
  */
 enum mac_ep_ops {
@@ -272,7 +277,6 @@
 void	mac_update_procfsvnode(struct vnode *vp, struct ucred *cred);
 void	mac_update_vnode_from_mount(struct vnode *vp, struct mount *mp);
 
-
 /*
  * Labeling event operations: IPC objects.
  */
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message



More information about the trustedbsd-cvs mailing list