PERFORCE change 118464 for review

[Robert Watson]

http://perforce.freebsd.org/chv.cgi?CH=118464

Change 118464 by rwatson at rwatson_zoo on 2007/04/20 11:38:00

	Move audit-related MAC check definitions from old mac_policy (now
	removed) to new mac_policy.h.

Affected files ...

.. //depot/projects/trustedbsd/audit3/sys/security/mac/mac_policy.h#3 edit

Differences ...

==== //depot/projects/trustedbsd/audit3/sys/security/mac/mac_policy.h#3 (text+ko) ====

@@ -607,6 +607,21 @@
 typedef int	(*mpo_priv_check_t)(struct ucred *cred, int priv);
 typedef int	(*mpo_priv_grant_t)(struct ucred *cred, int priv);
 
+/*
+ * XXXRW: Audit checks should be above, but list them here to make a more
+ * sensible diff for now.
+ */
+typedef int	(*mpo_check_system_audit_t)(struct ucred *cred, void *record,
+		    int length);
+typedef int	(*mpo_check_system_auditon_t)(struct ucred *cred, int cmd);
+typedef int	(*mpo_check_system_auditctl_t)(struct ucred *cred,
+		    struct vnode *vp, struct label *vplabel);
+typedef int	(*mpo_check_proc_getauid_t)(struct ucred *cred);
+typedef int	(*mpo_check_proc_setauid_t)(struct ucred *cred, uid_t auid);
+typedef int	(*mpo_check_proc_getaudit_t)(struct ucred *cred);
+typedef int	(*mpo_check_proc_setaudit_t)(struct ucred *cred,
+		    struct auditinfo *ai);
+
 struct mac_policy_ops {
 	/*
 	 * Policy module operations.
@@ -902,6 +917,18 @@
 	mpo_create_mbuf_from_syncache_t		mpo_create_mbuf_from_syncache;
 	mpo_priv_check_t			mpo_priv_check;
 	mpo_priv_grant_t			mpo_priv_grant;
+
+	/*
+	 * XXXRW: Audit checks should be above, but list them here to make a
+	 * more sensible diff for now.
+	 */
+	mpo_check_system_audit_t		mpo_check_system_audit;
+	mpo_check_system_auditon_t		mpo_check_system_auditon;
+	mpo_check_system_auditctl_t		mpo_check_system_auditctl;
+	mpo_check_proc_getauid_t		mpo_check_proc_getauid;
+	mpo_check_proc_setauid_t		mpo_check_proc_setauid;
+	mpo_check_proc_getaudit_t		mpo_check_proc_getaudit;
+	mpo_check_proc_setaudit_t		mpo_check_proc_setaudit;
 };
 
 /*