From owner-p4-projects  Mon Jul 15  9:10: 7 2002
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 05AD537B401; Mon, 15 Jul 2002 09:09:53 -0700 (PDT)
Delivered-To: perforce@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8B36C37B400
	for <perforce@freebsd.org>; Mon, 15 Jul 2002 09:09:52 -0700 (PDT)
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 0994043E6A
	for <perforce@freebsd.org>; Mon, 15 Jul 2002 09:09:52 -0700 (PDT)
	(envelope-from chris@freebsd.org)
Received: from freefall.freebsd.org (perforce@localhost [127.0.0.1])
	by freefall.freebsd.org (8.12.4/8.12.4) with ESMTP id g6FG9pJU055892
	for <perforce@freebsd.org>; Mon, 15 Jul 2002 09:09:51 -0700 (PDT)
	(envelope-from chris@freebsd.org)
Received: (from perforce@localhost)
	by freefall.freebsd.org (8.12.4/8.12.4/Submit) id g6FG9peO055886
	for perforce@freebsd.org; Mon, 15 Jul 2002 09:09:51 -0700 (PDT)
Date: Mon, 15 Jul 2002 09:09:51 -0700 (PDT)
Message-Id: <200207151609.g6FG9peO055886@freefall.freebsd.org>
X-Authentication-Warning: freefall.freebsd.org: perforce set sender to chris@freebsd.org using -f
From: Chris Costello <chris@FreeBSD.org>
Subject: PERFORCE change 14278 for review
To: Perforce Change Reviews <perforce@freebsd.org>
Sender: owner-p4-projects@FreeBSD.ORG
Precedence: bulk
List-ID: <p4-projects.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20p4-projects>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20p4-projects>
X-Loop: FreeBSD.ORG

http://people.freebsd.org/~peter/p4db/chv.cgi?CH=14278

Change 14278 by chris@chris_holly on 2002/07/15 09:09:01

	o Move the copyright over to the left one so it doesn't exceed 80
	  columns.
	o Turn the sample category and function into an actual MAC Policy
	  Operation description.  The introduction to the Access Control
	  Checks section will be written after I figure out what information
	  becomes redundant in each subsection.

Affected files ...

.. //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/mac/chapter.sgml#2 edit

Differences ...

==== //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/mac/chapter.sgml#2 (text+ko) ====

@@ -1,41 +1,41 @@
 <!--
-     Copyright (c) 2002 Networks Associates Technology, Inc.
-     All rights reserved.
-     
-     This software was developed for the FreeBSD Project by Chris
-     Costello at Safeport Network Services and NAI Labs, the Security
-     Research Division of Network Associates, Inc. under DARPA/SPAWAR
-     contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS
-     research program.
-     
-     Redistribution and use in source and binary forms, with or without
-     modification, are permitted provided that the following conditions
-     are met:
-     1. Redistributions of source code must retain the above copyright
-        notice, this list of conditions and the following disclaimer.
-     2. Redistributions in binary form must reproduce the above copyright
-        notice, this list of conditions and the following disclaimer in the
-        documentation and/or other materials provided with the distribution.
-     3. The names of the authors may not be used to endorse or promote
-        products derived from this software without specific prior written
-        permission.
-     
-     THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
-     ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-     IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-     ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
-     FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-     DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-     OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-     HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-     LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-     OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-     SUCH DAMAGE.
-     
-     $FreeBSD$
+    Copyright (c) 2002 Networks Associates Technology, Inc.
+    All rights reserved.
+    
+    This software was developed for the FreeBSD Project by Chris
+    Costello at Safeport Network Services and NAI Labs, the Security
+    Research Division of Network Associates, Inc. under DARPA/SPAWAR
+    contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS
+    research program.
+    
+    Redistribution and use in source and binary forms, with or without
+    modification, are permitted provided that the following conditions
+    are met:
+    1. Redistributions of source code must retain the above copyright
+       notice, this list of conditions and the following disclaimer.
+    2. Redistributions in binary form must reproduce the above copyright
+       notice, this list of conditions and the following disclaimer in the
+       documentation and/or other materials provided with the distribution.
+    3. The names of the authors may not be used to endorse or promote
+       products derived from this software without specific prior written
+       permission.
+    
+    THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
+    ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+    IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+    ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
+    FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+    DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+    OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+    HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+    LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+    OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+    SUCH DAMAGE.
+    
+    $FreeBSD$
 -->
 
-<!--  DOCTYPE chapter PUBLIC "-//FreeBSD//DTD DocBook V4.1-Based Extension//EN" -->
+<!-- DOCTYPE chapter PUBLIC "-//FreeBSD//DTD DocBook V4.1-Based Extension//EN"-->
 
 <chapter id="mac">
   <chapterinfo>
@@ -78,13 +78,12 @@
       which supply policy modules with relevant data on a subject and
       the operation it is attempting to perform on an object.</para>
 
-    <sect2 id="mac-mpo-mac-object-action">
-      <title>Category</title>
+    <sect2 id="mac-access-control-checks">
+      <title>Access Control Checks</title>
 
-      <para>General information regarding this family of mac policy
-        ops.</para>
+      <para>...</para>
 
-      <sect3>
+      <sect3 id="mac-mpo-cred-check-debug-proc">
         <title><function>mac_<replaceable>policy</replaceable>_cred_check_debug_proc</function></title>
 
         <funcsynopsis>
@@ -125,7 +124,18 @@
           </tgroup>
         </table>
 
-        <para>Such and such ...</para>
+        <para>This policy operation is intended to determine whether a
+          specified subject process should be debugging a specified
+          object process.  Generally a policy module implementing this
+          operation would compare the subject label
+          (<varname>cred->cr_label</varname>) to the object label
+          (<varname>proc->p_ucred->cr_label</varname>) and return
+          <literal>0</literal> if the subject is allowed to debug the
+          object, or <errorcode>EACCES</errorcode> if it
+          cannot.</para>
+
+        <note><para>Why does BIBA return 'No such process' if the
+            process is of lower integrity?</para></note>
       </sect3>
     </sect2>
   </sect1>

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe p4-projects" in the body of the message