From owner-p4-projects  Tue Jul 30 12:48:45 2002
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 7DB2337B40B; Tue, 30 Jul 2002 12:48:33 -0700 (PDT)
Delivered-To: perforce@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id CB83D37B405
	for <perforce@freebsd.org>; Tue, 30 Jul 2002 12:48:32 -0700 (PDT)
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 931B643E3B
	for <perforce@freebsd.org>; Tue, 30 Jul 2002 12:46:59 -0700 (PDT)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: from freefall.freebsd.org (perforce@localhost [127.0.0.1])
	by freefall.freebsd.org (8.12.4/8.12.4) with ESMTP id g6UJknJU049263
	for <perforce@freebsd.org>; Tue, 30 Jul 2002 12:46:49 -0700 (PDT)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: (from perforce@localhost)
	by freefall.freebsd.org (8.12.4/8.12.4/Submit) id g6UJkn2b049260
	for perforce@freebsd.org; Tue, 30 Jul 2002 12:46:49 -0700 (PDT)
Date: Tue, 30 Jul 2002 12:46:49 -0700 (PDT)
Message-Id: <200207301946.g6UJkn2b049260@freefall.freebsd.org>
X-Authentication-Warning: freefall.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f
From: Robert Watson <rwatson@FreeBSD.org>
Subject: PERFORCE change 15213 for review
To: Perforce Change Reviews <perforce@freebsd.org>
Sender: owner-p4-projects@FreeBSD.ORG
Precedence: bulk
List-ID: <p4-projects.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20p4-projects>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20p4-projects>
X-Loop: FreeBSD.ORG

http://people.freebsd.org/~peter/p4db/chv.cgi?CH=15213

Change 15213 by rwatson@rwatson_tislabs on 2002/07/30 12:46:17

	Comment and content cleanup for mac.h; also, don't export
	mac_debug_label_fallback outside of kern_mac.c.

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#222 edit
.. //depot/projects/trustedbsd/mac/sys/sys/mac.h#138 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#222 (text+ko) ====

@@ -93,7 +93,7 @@
 SYSCTL_NODE(_security_mac, OID_AUTO, debug, CTLFLAG_RW, 0,
     "TrustedBSD MAC debug info");
 
-int	mac_debug_label_fallback = 0;
+static int	mac_debug_label_fallback = 0;
 SYSCTL_INT(_security_mac_debug, OID_AUTO, label_fallback, CTLFLAG_RW,
     &mac_debug_label_fallback, 0, "Filesystems should fall back to fs label"
     "when label is corrupted.");

==== //depot/projects/trustedbsd/mac/sys/sys/mac.h#138 (text+ko) ====

@@ -49,15 +49,25 @@
 #define	_POSIX_MAC
 #endif
 
+/*
+ * XXXMAC: The single MAC extended attribute will be deprecated once
+ * compound EA writes on a single target file can be performed cleanly
+ * with UFS2.
+ */
 #define	FREEBSD_MAC_EXTATTR_NAME	"freebsd.mac"
 #define	FREEBSD_MAC_EXTATTR_NAMESPACE	EXTATTR_NAMESPACE_SYSTEM
 
 /*
+ * XXXMAC: Per-policy structures will be moved from mac.h to per-policy
+ * include files once the revised user interface is available.
+ */
+
+/*
  * Structures and constants associated with a Biba Integrity policy.
  * mac_biba represents a Biba label, with mb_type determining its properties,
  * and mb_grade represents the hierarchal grade if valid for the current
  * mb_type.  These structures will move to mac_biba.h once we have dymamic
- * labels.
+ * labels exposed to userland.
  */
 struct mac_biba_element {
 	u_short	mbe_type;
@@ -81,7 +91,7 @@
  * mac_mls represents an MLS label, with mm_type determining its properties,
  * and mm_level represents the hierarchal sensitivity level if valid for the
  * current mm_type.  These structures will move to mac_mls.h once we have
- * dynamic labels.
+ * dynamic labels exposed to userland.
  */
 struct mac_mls_element {
 	u_short	mme_type;
@@ -154,6 +164,7 @@
  * Extensions to POSIX.1e visible in the application namespace.
  */
 int	mac_is_present_np(const char *_policyname);
+int	mac_policy(const char *_policyname, int call, void *arg);
 
 /*
  * System calls wrapped by some POSIX.1e functions.
@@ -169,7 +180,7 @@
 #endif /* _KERNEL */
 
 /*
- * XXX: This shouldn't be exported to userland, but is because of ucred.h
+ * XXXMAC: This shouldn't be exported to userland, but is because of ucred.h
  * and various other messes.
  */
 
@@ -186,12 +197,6 @@
 #ifdef _KERNEL
 
 /*
- * Policy flags exported to consumers of MAC APIs.  Probably, this shouldn't
- * be done.
- */
-extern int	mac_debug_label_fallback;
-
-/*
  * MAC entry point operations
  */
 enum mac_ep_ops {
@@ -272,7 +277,6 @@
 void	mac_update_procfsvnode(struct vnode *vp, struct ucred *cred);
 void	mac_update_vnode_from_mount(struct vnode *vp, struct mount *mp);
 
-
 /*
  * Labeling event operations: IPC objects.
  */

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe p4-projects" in the body of the message