PERFORCE change 107169 for review

Todd Miller millert at FreeBSD.org
Tue Oct 3 07:06:32 PDT 2006 

http://perforce.freebsd.org/chv.cgi?CH=107169

Change 107169 by millert at millert_macbook on 2006/10/03 14:06:01

	Add separate typedefs for mpo_port_check_make_send_once,
	mpo_port_check_move_send_once, and mpo_port_check_hold_send_once.
	Policies that auto-generate methods by munging mac_policy.h
	require this for full coverage.

Affected files ...

.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_policy.h#9 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_policy.h#9 (text+ko) ====

@@ -2509,6 +2509,28 @@
 );
 
 /**
+  @brief Access control check for producing a send once right from a receive right
+  @param task Label of the sender task
+  @param port Label of the affected port
+
+  Access control check for obtaining send once rights from receive rights.
+  The new send once right may be destined for the calling task, or a different
+  task.  In either case the mpo_port_check_hold_send_once entry point handles
+  the receiving task. port_check_make_send_once may be called as part of a
+  group of policy invocations when messages with port rights are sent.
+  All access control checks made for a particular message must be successful
+  for the message to be sent.
+
+  The task label and the port are locked. Sleeping is permitted.
+
+  @return Return 0 if access is granted, non-zero otherwise.
+*/
+typedef int mpo_port_check_make_send_once_t(
+	struct label *task,
+	struct label *port
+);
+
+/**
   @brief Access control check for copying a send right to another task
   @param task Label of the sender task
   @param port Label of the affected port
@@ -2551,6 +2573,27 @@
 );
 
 /**
+  @brief Access control check for transferring a send once right
+  @param task Label of the sender task
+  @param port Label of the affected port
+
+  Access control check for transferring a send once right from one task to
+  the task listening to the specified port. A complementary entry point,
+  mpo_port_check_hold_send_once, handles the receiving task.
+  port_check_move_send_once is called as part of a group of policy invocations
+  when messages with port rights are sent.  All access control checks made
+  for a particular message must be successful for the message to be sent.
+
+  The task label and the port are locked. Sleeping is permitted.
+
+  @return Return 0 if access is granted, non-zero otherwise.
+*/
+typedef int mpo_port_check_move_send_once_t(
+	struct label *task,
+	struct label *port
+);
+
+/**
   @brief Access control check for obtaining a send right
   @param task Label of the receiving task
   @param port Label of the affected port
@@ -2571,6 +2614,26 @@
 );
 
 /**
+  @brief Access control check for obtaining a send once right
+  @param task Label of the receiving task
+  @param port Label of the affected port
+
+  Access control check for a task obtaining send once rights to a port. Usually,
+  these are port rights that were part of a message sent by another userspace
+  task. port_check_hold_send_once is called as part of a group of policy
+  invocations when messages with port rights are received. All of these access
+  control checks must succeed in order to receive the message.
+
+  The task label and the port are locked. Sleeping is permitted.
+
+  @return Return 0 if access is granted, non-zero otherwise.
+*/
+typedef int mpo_port_check_hold_send_once_t(
+	struct label *task,
+	struct label *port
+);
+
+/**
   @brief Access control check for receiving Mach messsages
   @param task Label of the receiving task
   @param sender Label of the sending task
@@ -5050,13 +5113,13 @@
 	mpo_port_check_send_t			*mpo_port_check_send;
 	mpo_port_check_receive_t		*mpo_port_check_receive;
 	mpo_port_check_make_send_t		*mpo_port_check_make_send;
-	mpo_port_check_make_send_t		*mpo_port_check_make_send_once;
+	mpo_port_check_make_send_once_t		*mpo_port_check_make_send_once;
 	mpo_port_check_copy_send_t		*mpo_port_check_copy_send;
 	mpo_port_check_move_send_t		*mpo_port_check_move_send;
-	mpo_port_check_move_send_t		*mpo_port_check_move_send_once;
+	mpo_port_check_move_send_once_t		*mpo_port_check_move_send_once;
 	mpo_port_check_move_receive_t		*mpo_port_check_move_receive;
 	mpo_port_check_hold_send_t		*mpo_port_check_hold_send;
-	mpo_port_check_hold_send_t		*mpo_port_check_hold_send_once;
+	mpo_port_check_hold_send_once_t		*mpo_port_check_hold_send_once;
 	mpo_port_check_hold_receive_t		*mpo_port_check_hold_receive;
 	mpo_cred_check_visible_t		*mpo_cred_check_visible;
 	mpo_file_check_fcntl_t			*mpo_file_check_fcntl;

More information about the trustedbsd-cvs mailing list