Date: Mon, 15 Jul 2002 13:21:15 -0700 (PDT) From: Chris Costello <chris@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 14298 for review Message-ID: <200207152021.g6FKLFYo009622@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=14298 Change 14298 by chris@chris_holly on 2002/07/15 13:20:56 o Document mac_policy_cred_check_relabel_subject and mac_policy_cred_check_statfs. o Change <varname> in the paramter list to <parameter>. o Slightly reword mac_policy_cred_check_debug_proc ("should be debugging" -> "should be allowed to debug"). Affected files ... .. //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/mac/chapter.sgml#3 edit Differences ... ==== //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/mac/chapter.sgml#3 (text+ko) ==== @@ -83,6 +83,111 @@ <para>...</para> + <sect3 id="mac-mpo-cred-check-relabel-subject"> + <title><function>mac_<replaceable>policy</replaceable>_cred_check_relabel_subject</function></title> + + <funcsynopsis> + <funcprototype> + <funcdef>static int + <function>mac_<replaceable>policy</replaceable>_cred_check_relabel_subject</function> + </funcdef> + + <paramdef>struct ucred + *<parameter>cred</parameter></paramdef> + <paramdef>struct label + *<parameter>newlabel</parameter></paramdef> + </funcprototype> + </funcsynopsis> + + <informaltable> + <tgroup cols="2"> + <thead> + <row> + <entry>Parameter</entry> + <entry>Description</entry> + </row> + </thead> + + <tbody> + <row> + <entry><parameter>cred</parameter></entry> + <entry>Subject credential</entry> + </row> + + <row> + <entry><parameter>newlabel</parameter</entry> + <entry>New label to apply to subject</entry> + </tbody> + </tgroup> + </informaltable> + + <para>This policy operation is intended to determine whether a + subject should be allowed to change its label. Generally, + this is implemented by checking if the subject would be + upgrading its own privilege by making the requested change, + and denying (returning typically + <errorcode>EPERM</errorcode>) the request if so.</para> + </sect3> + + <sect3 id="mac-mpo-cred-check-statfs"> + <title><function>mac_<replaceable>policy</replaceable>_cred_check_statfs</function</title> + + <funcsynopsis> + <funcprototype> + <funcdef>static int + <function>mac_<replaceable>policy</replaceable>_cred_check_statfs</function> + </funcdef> + + <paramdef>struct ucred + *<parameter>cred</parameter></paramdef> + <paramdef>struct mount + *<parameter>mp</parameter></paramdef> + <paramdef>struct label + *<parameter>mntlabel</parameter></paramdef> + </funcprototype> + </funcsynopsis> + + <informaltable> + <tgroup cols="2"> + <thead> + <row> + <entry>Parameter</entry> + <entry>Description</entry> + </row> + </thead> + <tbody> + <row> + <entry><parameter>cred</parameter></entry> + <entry>Subject credential</entry> + </row> + + <row> + <entry><parameter>mp</parameter></entry> + <entry>Object; file system mount point</entry> + </row> + + <row> + <entry><parameter>mntlabel</parameter></entry> + <entry>Object label</entry> + </tbody> + </tgroup> + </informaltable> + + <para>This policy operation is intended to determine whether a + specified subject should be allowed to retrieve file system + statistics information. Generally a policy module + implementing this operation would compare the subject label + (<varname>cred->cr_label</varname>) to the object label + (<varname>mntlabel</varname>) and return + <literal>0</literal> if the subject is to be granted the + information requested, and <errorcode>EACCES</errorcode> + otherwise.</para> + + <note><para>Figure out a scenario where using + <parameter>mp</parameter> is immenently practical, especially + for use in the sample module.</para></note> + </sect3> + <sect3 id="mac-mpo-cred-check-debug-proc"> <title><function>mac_<replaceable>policy</replaceable>_cred_check_debug_proc</function></title> @@ -99,9 +204,7 @@ </funcprototype> </funcsynopsis> - <table> - <title>Parameters</title> - + <informaltable> <tgroup cols="2"> <thead> <row> @@ -112,7 +215,7 @@ <tbody> <row> - <entry><varname>cred</varname></entry> + <entry><parameter>cred</parameter></entry> <entry>Subject credential</entry> </row> @@ -122,20 +225,17 @@ </row> </tbody> </tgroup> - </table> + </informaltable> <para>This policy operation is intended to determine whether a - specified subject process should be debugging a specified - object process. Generally a policy module implementing this - operation would compare the subject label + specified subject process should be allowed to debug a + specified object process. Generally a policy module + implementing this operation would compare the subject label (<varname>cred->cr_label</varname>) to the object label (<varname>proc->p_ucred->cr_label</varname>) and return <literal>0</literal> if the subject is allowed to debug the - object, or <errorcode>EACCES</errorcode> if it - cannot.</para> - - <note><para>Why does BIBA return 'No such process' if the - process is of lower integrity?</para></note> + object, or an error (typically + <errorcode>EACCES</errorcode>) if it cannot.</para> </sect3> </sect2> </sect1> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200207152021.g6FKLFYo009622>