From owner-p4-projects  Mon Jul 15 13:21:30 2002
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id F031137B401; Mon, 15 Jul 2002 13:21:16 -0700 (PDT)
Delivered-To: perforce@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8696137B400
	for <perforce@freebsd.org>; Mon, 15 Jul 2002 13:21:16 -0700 (PDT)
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3050043E31
	for <perforce@freebsd.org>; Mon, 15 Jul 2002 13:21:16 -0700 (PDT)
	(envelope-from chris@freebsd.org)
Received: from freefall.freebsd.org (perforce@localhost [127.0.0.1])
	by freefall.freebsd.org (8.12.4/8.12.4) with ESMTP id g6FKLGJU009625
	for <perforce@freebsd.org>; Mon, 15 Jul 2002 13:21:16 -0700 (PDT)
	(envelope-from chris@freebsd.org)
Received: (from perforce@localhost)
	by freefall.freebsd.org (8.12.4/8.12.4/Submit) id g6FKLFYo009622
	for perforce@freebsd.org; Mon, 15 Jul 2002 13:21:15 -0700 (PDT)
Date: Mon, 15 Jul 2002 13:21:15 -0700 (PDT)
Message-Id: <200207152021.g6FKLFYo009622@freefall.freebsd.org>
X-Authentication-Warning: freefall.freebsd.org: perforce set sender to chris@freebsd.org using -f
From: Chris Costello <chris@FreeBSD.org>
Subject: PERFORCE change 14298 for review
To: Perforce Change Reviews <perforce@freebsd.org>
Sender: owner-p4-projects@FreeBSD.ORG
Precedence: bulk
List-ID: <p4-projects.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20p4-projects>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20p4-projects>
X-Loop: FreeBSD.ORG

http://people.freebsd.org/~peter/p4db/chv.cgi?CH=14298

Change 14298 by chris@chris_holly on 2002/07/15 13:20:56

	o Document mac_policy_cred_check_relabel_subject and
	  mac_policy_cred_check_statfs.
	o Change <varname> in the paramter list to <parameter>.
	o Slightly reword mac_policy_cred_check_debug_proc ("should be
	  debugging" -> "should be allowed to debug").

Affected files ...

.. //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/mac/chapter.sgml#3 edit

Differences ...

==== //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/mac/chapter.sgml#3 (text+ko) ====

@@ -83,6 +83,111 @@
 
       <para>...</para>
 
+      <sect3 id="mac-mpo-cred-check-relabel-subject">
+        <title><function>mac_<replaceable>policy</replaceable>_cred_check_relabel_subject</function></title>
+
+        <funcsynopsis>
+          <funcprototype>
+            <funcdef>static int
+              <function>mac_<replaceable>policy</replaceable>_cred_check_relabel_subject</function>
+            </funcdef>
+
+            <paramdef>struct ucred
+              *<parameter>cred</parameter></paramdef>
+            <paramdef>struct label
+              *<parameter>newlabel</parameter></paramdef>
+          </funcprototype>
+        </funcsynopsis>
+
+        <informaltable>
+          <tgroup cols="2">
+            <thead>
+              <row>
+                <entry>Parameter</entry>
+                <entry>Description</entry>
+              </row>
+            </thead>
+
+            <tbody>
+              <row>
+                <entry><parameter>cred</parameter></entry>
+                <entry>Subject credential</entry>
+              </row>
+
+              <row>
+                <entry><parameter>newlabel</parameter</entry>
+                <entry>New label to apply to subject</entry>
+            </tbody>
+          </tgroup>
+        </informaltable>
+
+        <para>This policy operation is intended to determine whether a
+          subject should be allowed to change its label.  Generally,
+          this is implemented by checking if the subject would be
+          upgrading its own privilege by making the requested change,
+          and denying (returning typically
+          <errorcode>EPERM</errorcode>) the request if so.</para>
+      </sect3>
+
+      <sect3 id="mac-mpo-cred-check-statfs">
+        <title><function>mac_<replaceable>policy</replaceable>_cred_check_statfs</function</title>
+
+        <funcsynopsis>
+          <funcprototype>
+            <funcdef>static int
+              <function>mac_<replaceable>policy</replaceable>_cred_check_statfs</function>
+            </funcdef>
+
+            <paramdef>struct ucred
+              *<parameter>cred</parameter></paramdef>
+            <paramdef>struct mount
+              *<parameter>mp</parameter></paramdef>
+            <paramdef>struct label
+              *<parameter>mntlabel</parameter></paramdef>
+          </funcprototype>
+        </funcsynopsis>
+
+        <informaltable>
+          <tgroup cols="2">
+            <thead>
+              <row>
+                <entry>Parameter</entry>
+                <entry>Description</entry>
+              </row>
+            </thead>
+            <tbody>
+              <row>
+                <entry><parameter>cred</parameter></entry>
+                <entry>Subject credential</entry>
+              </row>
+
+              <row>
+                <entry><parameter>mp</parameter></entry>
+                <entry>Object; file system mount point</entry>
+              </row>
+
+              <row>
+                <entry><parameter>mntlabel</parameter></entry>
+                <entry>Object label</entry>
+            </tbody>
+          </tgroup>
+        </informaltable>
+
+        <para>This policy operation is intended to determine whether a
+          specified subject should be allowed to retrieve file system
+          statistics information.  Generally a policy module
+          implementing this operation would compare the subject label
+          (<varname>cred->cr_label</varname>) to the object label
+          (<varname>mntlabel</varname>) and return
+          <literal>0</literal> if the subject is to be granted the
+          information requested, and <errorcode>EACCES</errorcode>
+          otherwise.</para>
+
+        <note><para>Figure out a scenario where using
+            <parameter>mp</parameter> is immenently practical, especially
+            for use in the sample module.</para></note>
+      </sect3>
+
       <sect3 id="mac-mpo-cred-check-debug-proc">
         <title><function>mac_<replaceable>policy</replaceable>_cred_check_debug_proc</function></title>
 
@@ -99,9 +204,7 @@
           </funcprototype>
         </funcsynopsis>
 
-        <table>
-          <title>Parameters</title>
-
+        <informaltable>
           <tgroup cols="2">
             <thead>
               <row>
@@ -112,7 +215,7 @@
 
             <tbody>
               <row>
-                <entry><varname>cred</varname></entry>
+                <entry><parameter>cred</parameter></entry>
                 <entry>Subject credential</entry>
               </row>
 
@@ -122,20 +225,17 @@
               </row>
             </tbody>
           </tgroup>
-        </table>
+        </informaltable>
 
         <para>This policy operation is intended to determine whether a
-          specified subject process should be debugging a specified
-          object process.  Generally a policy module implementing this
-          operation would compare the subject label
+          specified subject process should be allowed to debug a
+          specified object process.  Generally a policy module
+          implementing this operation would compare the subject label
           (<varname>cred->cr_label</varname>) to the object label
           (<varname>proc->p_ucred->cr_label</varname>) and return
           <literal>0</literal> if the subject is allowed to debug the
-          object, or <errorcode>EACCES</errorcode> if it
-          cannot.</para>
-
-        <note><para>Why does BIBA return 'No such process' if the
-            process is of lower integrity?</para></note>
+          object, or an error (typically
+          <errorcode>EACCES</errorcode>) if it cannot.</para>
       </sect3>
     </sect2>
   </sect1>

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe p4-projects" in the body of the message