PERFORCE change 56908 for review

Robert Watson rwatson at FreeBSD.org
Fri Jul 9 17:38:55 GMT 2004 

http://perforce.freebsd.org/chv.cgi?CH=56908

Change 56908 by rwatson at rwatson_tislabs on 2004/07/09 17:38:28

	Extend comment on label management interfaces.
	
	Move cleanup operations up to near init/destroy since they serve
	a similar function.

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#213 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#213 (text+ko) ====

@@ -90,7 +90,10 @@
 	int	(*mpo_syscall)(struct thread *td, int call, void *arg);
 
 	/*
-	 * Label operations.
+	 * Label operations.  Initialize label storage, destroy label
+	 * storage, recycle for re-use without init/destroy, copy a label
+	 * to initialized storage, and externalize/internalize from/to
+	 * initialized storage.
 	 */
 	void	(*mpo_init_bpfdesc_label)(struct label *label);
 	void	(*mpo_init_cred_label)(struct label *label);
@@ -130,6 +133,10 @@
 	void    (*mpo_destroy_posix_ksem_label)(struct label *label);
 	void	(*mpo_destroy_proc_label)(struct label *label);
 	void	(*mpo_destroy_vnode_label)(struct label *label);
+	void	(*mpo_cleanup_ipc_msgmsg)(struct label *msglabel);
+	void	(*mpo_cleanup_ipc_msgqueue)(struct label *msqlabel);
+	void	(*mpo_cleanup_ipc_sema)(struct label *semalabel);
+	void	(*mpo_cleanup_ipc_shm)(struct label *shmlabel);
 	void	(*mpo_copy_cred_label)(struct label *src,
 		    struct label *dest);
 	void	(*mpo_copy_mbuf_label)(struct label *src,
@@ -327,20 +334,6 @@
 		    struct label *newlabel);
 	void	(*mpo_thread_userret)(struct thread *thread);
 
-	/* 
-	 * Label cleanup operation: This is the inverse complement for the 
-	 * mac_create and associate type of hooks. This hook lets the policy 
-	 * module(s) perform a cleanup/flushing operation on the label 
-	 * associated with the objects, without freeing up the space allocated. 
-	 * This hook is useful in cases where it is desirable to remove any 
-	 * labeling reference when recycling any object to a pool. 
-	 * This hook does not replace the mac_destroy hooks.
-	 */
-	void	(*mpo_cleanup_ipc_msgmsg)(struct label *msglabel);
-	void	(*mpo_cleanup_ipc_msgqueue)(struct label *msqlabel);
-	void	(*mpo_cleanup_ipc_sema)(struct label *semalabel);
-	void	(*mpo_cleanup_ipc_shm)(struct label *shmlabel);
-
 	/*
 	 * Access control checks.
 	 */
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

More information about the trustedbsd-cvs mailing list