Date: Thu, 28 Mar 2002 09:13:48 -0800 (PST) From: Brian Feldman <green@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 8575 for review Message-ID: <200203281713.g2SHDm939906@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=8575 Change 8575 by green@green_laptop_2 on 2002/03/28 09:13:36 Change the way that MAC policies' operation vectors are declared from a hard-to-maintain struct which enforced strong type-checking in the declarations in the module and strict ordering requirements, to an easily-modifiable array which will not have to be changed necessarily for each addition of a new MAC operation. The downside of this is that the MAC policy authors will have to manually make certain to match arguments of their function declarations with what they pass in via the operation vector, since C cannot help by providing strong type checking here. (I accidentally already submitted kern_mac.c last.) Affected files ... ... //depot/projects/trustedbsd/mac/sys/security/babyaudit/babyaudit.c#6 edit ... //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#25 edit ... //depot/projects/trustedbsd/mac/sys/security/mac_bsdextended/mac_bsdextended.c#26 edit ... //depot/projects/trustedbsd/mac/sys/security/mac_bsdextended/mac_bsdextended.h#5 edit ... //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#21 edit ... //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#20 edit ... //depot/projects/trustedbsd/mac/sys/security/mac_seeotheruids/mac_seeotheruids.c#6 edit ... //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#20 edit ... //depot/projects/trustedbsd/mac/sys/sys/mac.h#91 edit ... //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#56 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/security/babyaudit/babyaudit.c#6 (text+ko) ==== @@ -222,70 +222,35 @@ return (0); } -static struct mac_policy_ops babyaudit_ops = +static struct mac_policy_op_entry babyaudit_ops[] = { - NULL /* babyaudit_destroy */, - NULL /* babyaudit_init */, - NULL /* babyaudit_copy_label */, - NULL /* babyaudit_dominate */, - NULL /* babyaudit_equal */, - NULL /* babyaudit_print_label */, - NULL /* babyaudit_validate_label */, - NULL /* babyaudit_create_devfs_device */, - NULL /* babyaudit_create_devfs_directory */, - NULL /* babyaudit_create_vnode_from_vnode */, - NULL /* babyaudit_mountfs */, - NULL /* babyaudit_mountrootfs */, - NULL /* babyaudit_create_mbuf_from_socket */, - NULL /* babyaudit_create_socket */, - NULL /* babyaudit_relabel_socket */, - NULL /* babyaudit_create_bpfdesc */, - NULL /* babyaudit_create_ifnet */, - NULL /* babyaudit_create_mbuf_datagram_from_mbuf_fragmentqueue */, - NULL /* babyaudit_create_mbuf_fragment_from_mbuf */, - NULL /* babyaudit_create_mbuf_fragmentqueue_from_mbuf_fragment */, - NULL /* babyaudit_create_mbuf_from_mbuf */, - NULL /* babyaudit_create_mbuf_linklayer_for_ifnet */, - NULL /* babyaudit_create_mbuf_from_bpfdesc */, - NULL /* babyaudit_create_mbuf_from_ifnet */, - NULL /* babyaudit_create_mbuf_multicast_encap_from_mbuf */, - NULL /* babyaudit_create_mbuf_netlayer_from_mbuf */, - NULL /* babyaudit_mbuf_fragment_matches_mbuf_fragmentqueue */, - NULL /* babyaudit_relabel_ifnet */, - NULL /* babyaudit_update_mbuf_fragmentqueue_from_mbuf_fragment */, - NULL /* babyaudit_create_subject */, - NULL /* babyaudit_execve_transition */, - NULL /* babyaudit_execve_will_transition */, - NULL /* babyaudit_create_proc0 */, - NULL /* babyaudit_create_proc1 */, - NULL /* babyaudit_relabel_subject */, - NULL /* babyaudit_bpfdesc_check_receive_from_ifnet */, - NULL /* babyaudit_cred_check_see_cred */, - NULL /* babyaudit_cred_check_see_socket */, - NULL /* babyaudit_cred_check_relabel_ifnet */, - NULL /* babyaudit_cred_check_relabel_socket */, - NULL /* babyaudit_cred_check_relabel_subject */, - NULL /* babyaudit_cred_check_relabel_vnode */, - NULL /* babyaudit_cred_check_statfs */, - NULL /* babyaudit_cred_check_debug_proc */, - NULL /* babyaudit_cred_check_exec_file */, - babyaudit_cred_check_chdir_vnode, - babyaudit_cred_check_create_vnode, - babyaudit_cred_check_delete_vnode, - babyaudit_cred_check_exec_vnode, - babyaudit_cred_check_open_vnode, - babyaudit_cred_check_rename_from_vnode, - babyaudit_cred_check_rename_to_vnode, - babyaudit_cred_check_revoke_vnode, - babyaudit_cred_check_search_vnode, - babyaudit_cred_check_setflags_vnode, - babyaudit_cred_check_setmode_vnode, - babyaudit_cred_check_setowner_vnode, - babyaudit_cred_check_setutimes_vnode, - NULL /* babyaudit_cred_check_sched_proc */, - NULL /* babyaudit_cred_check_signal_proc */, - NULL /* babyaudit_ifnet_check_send_mbuf */, - NULL /* babyaudit_socket_check_receive_mbuf */ + { MAC_CRED_CHECK_CHDIR_VNODE, + (macop_t)babyaudit_cred_check_chdir_vnode }, + { MAC_CRED_CHECK_CREATE_VNODE, + (macop_t)babyaudit_cred_check_create_vnode }, + { MAC_CRED_CHECK_DELETE_VNODE, + (macop_t)babyaudit_cred_check_delete_vnode }, + { MAC_CRED_CHECK_EXEC_VNODE, + (macop_t)babyaudit_cred_check_exec_vnode }, + { MAC_CRED_CHECK_OPEN_VNODE, + (macop_t)babyaudit_cred_check_open_vnode }, + { MAC_CRED_CHECK_RENAME_FROM_VNODE, + (macop_t)babyaudit_cred_check_rename_from_vnode }, + { MAC_CRED_CHECK_RENAME_TO_VNODE, + (macop_t)babyaudit_cred_check_rename_to_vnode }, + { MAC_CRED_CHECK_REVOKE_VNODE, + (macop_t)babyaudit_cred_check_revoke_vnode }, + { MAC_CRED_CHECK_SEARCH_VNODE, + (macop_t)babyaudit_cred_check_search_vnode }, + { MAC_CRED_CHECK_SETFLAGS_VNODE, + (macop_t)babyaudit_cred_check_setflags_vnode }, + { MAC_CRED_CHECK_SETMODE_VNODE, + (macop_t)babyaudit_cred_check_setmode_vnode }, + { MAC_CRED_CHECK_SETOWNER_VNODE, + (macop_t)babyaudit_cred_check_setowner_vnode }, + { MAC_CRED_CHECK_SETUTIMES_VNODE, + (macop_t)babyaudit_cred_check_setutimes_vnode }, + { MAC_OP_LAST, NULL } }; MAC_POLICY_SET(babyaudit_ops, trustedbsd_babyaudit, "TrustedBSD MAC/babyaudit", ==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#25 (text+ko) ==== @@ -996,71 +996,129 @@ return (0); } -static struct mac_policy_ops mac_biba_ops = +static struct mac_policy_op_entry mac_biba_ops[] = { - NULL, - NULL, - mac_biba_copy_label, - mac_biba_single_dominate, - mac_biba_equal, /* XXX */ - mac_biba_print_label, - mac_biba_validate_label, - mac_biba_create_devfs_device, - mac_biba_create_devfs_directory, - mac_biba_create_vnode_from_vnode, - mac_biba_mountfs, - mac_biba_mountrootfs, - mac_biba_create_mbuf_from_socket, - mac_biba_create_socket, - mac_biba_relabel_socket, - mac_biba_create_bpfdesc, - mac_biba_create_ifnet, - mac_biba_create_mbuf_datagram_from_mbuf_fragmentqueue, - mac_biba_create_mbuf_fragment_from_mbuf, - mac_biba_create_mbuf_fragmentqueue_from_mbuf_fragment, - mac_biba_create_mbuf_from_mbuf, - mac_biba_create_mbuf_linklayer_for_ifnet, - mac_biba_create_mbuf_from_bpfdesc, - mac_biba_create_mbuf_from_ifnet, - mac_biba_create_mbuf_multicast_encap_from_mbuf, - mac_biba_create_mbuf_netlayer_from_mbuf, - mac_biba_mbuf_fragment_matches_mbuf_fragmentqueue, - mac_biba_relabel_ifnet, - NULL, /* update fragq */ - mac_biba_create_subject, - mac_biba_execve_transition, - mac_biba_execve_will_transition, - mac_biba_create_proc0, - mac_biba_create_proc1, - mac_biba_relabel_subject, - mac_biba_bpfdesc_check_receive_from_ifnet, - mac_biba_cred_check_see_cred, - mac_biba_cred_check_see_socket, - mac_biba_cred_check_relabel_ifnet, - mac_biba_cred_check_relabel_socket, - mac_biba_cred_check_relabel_subject, - mac_biba_cred_check_relabel_vnode, - mac_biba_cred_check_statfs, - mac_biba_cred_check_debug_proc, - mac_biba_cred_check_exec_file, - mac_biba_cred_check_chdir_vnode, - mac_biba_cred_check_create_vnode, - mac_biba_cred_check_delete_vnode, - mac_biba_cred_check_exec_vnode, - mac_biba_cred_check_open_vnode, - mac_biba_cred_check_rename_from_vnode, - mac_biba_cred_check_rename_to_vnode, - mac_biba_cred_check_revoke_vnode, - mac_biba_cred_check_search_vnode, - mac_biba_cred_check_setflags_vnode, - mac_biba_cred_check_setmode_vnode, - mac_biba_cred_check_setowner_vnode, - mac_biba_cred_check_setutimes_vnode, - mac_biba_cred_check_sched_proc, - mac_biba_cred_check_signal_proc, - mac_biba_cred_check_stat_vnode, - mac_biba_ifnet_check_send_mbuf, - mac_biba_socket_check_receive_mbuf + { MAC_COPY_LABEL, + (macop_t)mac_biba_copy_label }, + { MAC_DOMINATE, + (macop_t)mac_biba_single_dominate }, + { MAC_EQUAL, + (macop_t)mac_biba_equal }, /* XXX */ + { MAC_PRINT_LABEL, + (macop_t)mac_biba_print_label }, + { MAC_VALIDATE_LABEL, + (macop_t)mac_biba_validate_label }, + { MAC_CREATE_DEVFS_DEVICE, + (macop_t)mac_biba_create_devfs_device }, + { MAC_CREATE_DEVFS_DIRECTORY, + (macop_t)mac_biba_create_devfs_directory }, + { MAC_CREATE_VNODE_FROM_VNODE, + (macop_t)mac_biba_create_vnode_from_vnode }, + { MAC_CREATE_MOUNT, + (macop_t)mac_biba_mountfs }, + { MAC_CREATE_ROOT_MOUNT, + (macop_t)mac_biba_mountrootfs }, + { MAC_CREATE_MBUF_FROM_SOCKET, + (macop_t)mac_biba_create_mbuf_from_socket }, + { MAC_CREATE_SOCKET, + (macop_t)mac_biba_create_socket }, + { MAC_RELABEL_SOCKET, + (macop_t)mac_biba_relabel_socket }, + { MAC_CREATE_BPFDESC, + (macop_t)mac_biba_create_bpfdesc }, + { MAC_CREATE_IFNET, + (macop_t)mac_biba_create_ifnet }, + { MAC_CREATE_MBUF_DATAGRAM_FROM_MBUF_FRAGMENTQUEUE, + (macop_t)mac_biba_create_mbuf_datagram_from_mbuf_fragmentqueue }, + { MAC_CREATE_MBUF_FRAGMENT_FROM_MBUF, + (macop_t)mac_biba_create_mbuf_fragment_from_mbuf }, + { MAC_CREATE_MBUF_FRAGMENTQUEUE_FROM_MBUF_FRAGMENT, + (macop_t)mac_biba_create_mbuf_fragmentqueue_from_mbuf_fragment }, + { MAC_CREATE_MBUF_FROM_MBUF, + (macop_t)mac_biba_create_mbuf_from_mbuf }, + { MAC_CREATE_MBUF_LINKLAYER_FOR_IFNET, + (macop_t)mac_biba_create_mbuf_linklayer_for_ifnet }, + { MAC_CREATE_MBUF_FROM_BPFDESC, + (macop_t)mac_biba_create_mbuf_from_bpfdesc }, + { MAC_CREATE_MBUF_FROM_IFNET, + (macop_t)mac_biba_create_mbuf_from_ifnet }, + { MAC_CREATE_MBUF_MULTICAST_ENCAP_FROM_MBUF, + (macop_t)mac_biba_create_mbuf_multicast_encap_from_mbuf }, + { MAC_CREATE_MBUF_NETLAYER_FROM_MBUF, + (macop_t)mac_biba_create_mbuf_netlayer_from_mbuf }, + { MAC_MBUF_FRAGMENT_MATCHES_MBUF_FRAGMENTQUEUE, + (macop_t)mac_biba_mbuf_fragment_matches_mbuf_fragmentqueue }, + { MAC_RELABEL_IFNET, + (macop_t)mac_biba_relabel_ifnet }, + { MAC_CREATE_SUBJECT, + (macop_t)mac_biba_create_subject }, + { MAC_EXECVE_TRANSITION, + (macop_t)mac_biba_execve_transition }, + { MAC_EXECVE_WILL_TRANSITION, + (macop_t)mac_biba_execve_will_transition }, + { MAC_CREATE_PROC0, + (macop_t)mac_biba_create_proc0 }, + { MAC_CREATE_PROC1, + (macop_t)mac_biba_create_proc1 }, + { MAC_RELABEL_SUBJECT, + (macop_t)mac_biba_relabel_subject }, + { MAC_BPFDESC_CHECK_RECEIVE_FROM_IFNET, + (macop_t)mac_biba_bpfdesc_check_receive_from_ifnet }, + { MAC_CRED_CHECK_SEE_CRED, + (macop_t)mac_biba_cred_check_see_cred }, + { MAC_CRED_CHECK_SEE_SOCKET, + (macop_t)mac_biba_cred_check_see_socket }, + { MAC_CRED_CHECK_RELABEL_IFNET, + (macop_t)mac_biba_cred_check_relabel_ifnet }, + { MAC_CRED_CHECK_RELABEL_SOCKET, + (macop_t)mac_biba_cred_check_relabel_socket }, + { MAC_CRED_CHECK_RELABEL_SUBJECT, + (macop_t)mac_biba_cred_check_relabel_subject }, + { MAC_CRED_CHECK_RELABEL_VNODE, + (macop_t)mac_biba_cred_check_relabel_vnode }, + { MAC_CRED_CHECK_STATFS, + (macop_t)mac_biba_cred_check_statfs }, + { MAC_CRED_CHECK_DEBUG_PROC, + (macop_t)mac_biba_cred_check_debug_proc }, + { MAC_CRED_CHECK_EXEC_FILE, + (macop_t)mac_biba_cred_check_exec_file }, + { MAC_CRED_CHECK_CHDIR_VNODE, + (macop_t)mac_biba_cred_check_chdir_vnode }, + { MAC_CRED_CHECK_CREATE_VNODE, + (macop_t)mac_biba_cred_check_create_vnode }, + { MAC_CRED_CHECK_DELETE_VNODE, + (macop_t)mac_biba_cred_check_delete_vnode }, + { MAC_CRED_CHECK_EXEC_VNODE, + (macop_t)mac_biba_cred_check_exec_vnode }, + { MAC_CRED_CHECK_OPEN_VNODE, + (macop_t)mac_biba_cred_check_open_vnode }, + { MAC_CRED_CHECK_RENAME_FROM_VNODE, + (macop_t)mac_biba_cred_check_rename_from_vnode }, + { MAC_CRED_CHECK_RENAME_TO_VNODE, + (macop_t)mac_biba_cred_check_rename_to_vnode }, + { MAC_CRED_CHECK_REVOKE_VNODE, + (macop_t)mac_biba_cred_check_revoke_vnode }, + { MAC_CRED_CHECK_SEARCH_VNODE, + (macop_t)mac_biba_cred_check_search_vnode }, + { MAC_CRED_CHECK_SETFLAGS_VNODE, + (macop_t)mac_biba_cred_check_setflags_vnode }, + { MAC_CRED_CHECK_SETMODE_VNODE, + (macop_t)mac_biba_cred_check_setmode_vnode }, + { MAC_CRED_CHECK_SETOWNER_VNODE, + (macop_t)mac_biba_cred_check_setowner_vnode }, + { MAC_CRED_CHECK_SETUTIMES_VNODE, + (macop_t)mac_biba_cred_check_setutimes_vnode }, + { MAC_CRED_CHECK_SCHED_PROC, + (macop_t)mac_biba_cred_check_sched_proc }, + { MAC_CRED_CHECK_SIGNAL_PROC, + (macop_t)mac_biba_cred_check_signal_proc }, + { MAC_CRED_CHECK_STAT_VNODE, + (macop_t)mac_biba_cred_check_stat_vnode }, + { MAC_IFNET_CHECK_SEND_MBUF, + (macop_t)mac_biba_ifnet_check_send_mbuf }, + { MAC_SOCKET_CHECK_RECEIVE_MBUF, + (macop_t)mac_biba_socket_check_receive_mbuf }, + { MAC_OP_LAST, NULL } }; MAC_POLICY_SET(mac_biba_ops, trustedbsd_mac_biba, "TrustedBSD MAC/Biba", 1); ==== //depot/projects/trustedbsd/mac/sys/security/mac_bsdextended/mac_bsdextended.c#26 (text+ko) ==== @@ -585,71 +585,51 @@ return (mac_bsdextended_cred_cantouch(cred, proc)); } -static struct mac_policy_ops mac_bsdextended_ops = +static struct mac_policy_op_entry mac_bsdextended_ops[] = { - mac_bsdextended_init, - mac_bsdextended_destroy, - NULL, /* copy label */ - NULL, /* dominate */ - NULL, /* equal label */ - NULL, /* print label */ - NULL, /* validate label */ - NULL, /* create devfs dev */ - NULL, /* create devfs dir */ - NULL, /* create vnode */ - NULL, /* mount fs */ - NULL, /* mount rootfs */ - NULL, /* mbuf from socket */ - NULL, /* create socket */ - NULL, /* relabel socket */ - NULL, /* create bpf */ - NULL, /* create ifnet */ - NULL, /* mbuf datagram from fragq */ - NULL, /* mbuf fragment */ - NULL, /* mbuf fragment queue */ - NULL, /* mbuf from mbuf */ - NULL, /* mbuf linklayer */ - NULL, /* mbuf from bpf */ - NULL, /* mbuf from ifnet */ - NULL, /* mbuf multicast encap */ - NULL, /* mbuf netlayer */ - NULL, /* fragment queue match */ - NULL, /* relabel ifnet */ - NULL, /* update fragment queue */ - NULL, /* create subject */ - NULL, /* transition */ - NULL, /* will transition */ - NULL, /* proc0 */ - NULL, /* proc1 */ - NULL, /* relabel subject */ - NULL, /* bpfdesc check ifnet */ - mac_bsdextended_cred_check_see_cred, - mac_bsdextended_cred_check_see_socket, - NULL, /* check relabel ifnet */ - NULL, /* check relabel socket */ - NULL, /* check relabel subject */ - NULL, /* check relabel vnode */ - NULL, /* check statfs */ - mac_bsdextended_cred_check_debug_proc, - NULL, /* exec file */ - mac_bsdextended_cred_check_chdir_vnode, - mac_bsdextended_cred_check_create_vnode, - mac_bsdextended_cred_check_delete_vnode, - mac_bsdextended_cred_check_exec_vnode, - mac_bsdextended_cred_check_open_vnode, - mac_bsdextended_cred_check_rename_from_vnode, - mac_bsdextended_cred_check_rename_to_vnode, - mac_bsdextended_cred_check_revoke_vnode, - mac_bsdextended_cred_check_search_vnode, - mac_bsdextended_cred_check_setflags_vnode, - mac_bsdextended_cred_check_setmode_vnode, - mac_bsdextended_cred_check_setowner_vnode, - mac_bsdextended_cred_check_setutimes_vnode, - mac_bsdextended_cred_check_sched_proc, - mac_bsdextended_cred_check_signal_proc, - mac_bsdextended_cred_check_stat_vnode, - NULL, /* ifnet check send mbuf */ - NULL, /* socket check receive mbuf */ + { MAC_DESTROY, + (macop_t)mac_bsdextended_destroy }, + { MAC_INIT, + (macop_t)mac_bsdextended_init }, + { MAC_CRED_CHECK_SEE_CRED, + (macop_t)mac_bsdextended_cred_check_see_cred }, + { MAC_CRED_CHECK_SEE_SOCKET, + (macop_t)mac_bsdextended_cred_check_see_socket }, + { MAC_CRED_CHECK_DEBUG_PROC, + (macop_t)mac_bsdextended_cred_check_debug_proc }, + { MAC_CRED_CHECK_CHDIR_VNODE, + (macop_t)mac_bsdextended_cred_check_chdir_vnode }, + { MAC_CRED_CHECK_CREATE_VNODE, + (macop_t)mac_bsdextended_cred_check_create_vnode }, + { MAC_CRED_CHECK_DELETE_VNODE, + (macop_t)mac_bsdextended_cred_check_delete_vnode }, + { MAC_CRED_CHECK_EXEC_VNODE, + (macop_t)mac_bsdextended_cred_check_exec_vnode }, + { MAC_CRED_CHECK_OPEN_VNODE, + (macop_t)mac_bsdextended_cred_check_open_vnode }, + { MAC_CRED_CHECK_RENAME_FROM_VNODE, + (macop_t)mac_bsdextended_cred_check_rename_from_vnode }, + { MAC_CRED_CHECK_RENAME_TO_VNODE, + (macop_t)mac_bsdextended_cred_check_rename_to_vnode }, + { MAC_CRED_CHECK_REVOKE_VNODE, + (macop_t)mac_bsdextended_cred_check_revoke_vnode }, + { MAC_CRED_CHECK_SEARCH_VNODE, + (macop_t)mac_bsdextended_cred_check_search_vnode }, + { MAC_CRED_CHECK_SETFLAGS_VNODE, + (macop_t)mac_bsdextended_cred_check_setflags_vnode }, + { MAC_CRED_CHECK_SETMODE_VNODE, + (macop_t)mac_bsdextended_cred_check_setmode_vnode }, + { MAC_CRED_CHECK_SETOWNER_VNODE, + (macop_t)mac_bsdextended_cred_check_setowner_vnode }, + { MAC_CRED_CHECK_SETUTIMES_VNODE, + (macop_t)mac_bsdextended_cred_check_setutimes_vnode }, + { MAC_CRED_CHECK_SCHED_PROC, + (macop_t)mac_bsdextended_cred_check_sched_proc }, + { MAC_CRED_CHECK_SIGNAL_PROC, + (macop_t)mac_bsdextended_cred_check_signal_proc }, + { MAC_CRED_CHECK_STAT_VNODE, + (macop_t)mac_bsdextended_cred_check_stat_vnode }, + { MAC_OP_LAST, NULL } }; MAC_POLICY_SET(mac_bsdextended_ops, trustedbsd_mac_bsdextended, ==== //depot/projects/trustedbsd/mac/sys/security/mac_bsdextended/mac_bsdextended.h#5 (text+ko) ==== ==== //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#21 (text+ko) ==== @@ -965,71 +965,129 @@ return (0); } -static struct mac_policy_ops mac_mls_ops = +static struct mac_policy_op_entry mac_mls_ops[] = { - NULL, - NULL, - mac_mls_copy_label, - mac_mls_single_dominate, - mac_mls_equal, /* XXX */ - mac_mls_print_label, - mac_mls_validate_label, - mac_mls_create_devfs_device, - mac_mls_create_devfs_directory, - mac_mls_create_vnode_from_vnode, - mac_mls_mountfs, - mac_mls_mountrootfs, - mac_mls_create_mbuf_from_socket, - mac_mls_create_socket, - mac_mls_relabel_socket, - mac_mls_create_bpfdesc, - mac_mls_create_ifnet, - mac_mls_create_mbuf_datagram_from_mbuf_fragmentqueue, - mac_mls_create_mbuf_fragment_from_mbuf, - mac_mls_create_mbuf_fragmentqueue_from_mbuf_fragment, - mac_mls_create_mbuf_from_mbuf, - mac_mls_create_mbuf_linklayer_for_ifnet, - mac_mls_create_mbuf_from_bpfdesc, - mac_mls_create_mbuf_from_ifnet, - mac_mls_create_mbuf_multicast_encap_from_mbuf, - mac_mls_create_mbuf_netlayer_from_mbuf, - mac_mls_mbuf_fragment_matches_mbuf_fragmentqueue, - mac_mls_relabel_ifnet, - NULL, /* update fragq */ - mac_mls_create_subject, - mac_mls_execve_transition, - mac_mls_execve_will_transition, - mac_mls_create_proc0, - mac_mls_create_proc1, - mac_mls_relabel_subject, - mac_mls_bpfdesc_check_receive_from_ifnet, - mac_mls_cred_check_see_cred, - mac_mls_cred_check_see_socket, - mac_mls_cred_check_relabel_ifnet, - mac_mls_cred_check_relabel_socket, - mac_mls_cred_check_relabel_subject, - mac_mls_cred_check_relabel_vnode, - mac_mls_cred_check_statfs, - mac_mls_cred_check_debug_proc, - mac_mls_cred_check_exec_file, - mac_mls_cred_check_chdir_vnode, - mac_mls_cred_check_create_vnode, - mac_mls_cred_check_delete_vnode, - mac_mls_cred_check_exec_vnode, - mac_mls_cred_check_open_vnode, - mac_mls_cred_check_rename_from_vnode, - mac_mls_cred_check_rename_to_vnode, - mac_mls_cred_check_revoke_vnode, - mac_mls_cred_check_search_vnode, - mac_mls_cred_check_setflags_vnode, - mac_mls_cred_check_setmode_vnode, - mac_mls_cred_check_setowner_vnode, - mac_mls_cred_check_setutimes_vnode, - mac_mls_cred_check_sched_proc, - mac_mls_cred_check_signal_proc, - mac_mls_cred_check_stat_vnode, - mac_mls_ifnet_check_send_mbuf, - mac_mls_socket_check_receive_mbuf + { MAC_COPY_LABEL, + (macop_t)mac_mls_copy_label }, + { MAC_DOMINATE, + (macop_t)mac_mls_single_dominate }, + { MAC_EQUAL, + (macop_t)mac_mls_equal }, /* XXX */ + { MAC_PRINT_LABEL, + (macop_t)mac_mls_print_label }, + { MAC_VALIDATE_LABEL, + (macop_t)mac_mls_validate_label }, + { MAC_CREATE_DEVFS_DEVICE, + (macop_t)mac_mls_create_devfs_device }, + { MAC_CREATE_DEVFS_DIRECTORY, + (macop_t)mac_mls_create_devfs_directory }, + { MAC_CREATE_VNODE_FROM_VNODE, + (macop_t)mac_mls_create_vnode_from_vnode }, + { MAC_CREATE_MOUNT, + (macop_t)mac_mls_mountfs }, + { MAC_CREATE_ROOT_MOUNT, + (macop_t)mac_mls_mountrootfs }, + { MAC_CREATE_MBUF_FROM_SOCKET, + (macop_t)mac_mls_create_mbuf_from_socket }, + { MAC_CREATE_SOCKET, + (macop_t)mac_mls_create_socket }, + { MAC_RELABEL_SOCKET, + (macop_t)mac_mls_relabel_socket }, + { MAC_CREATE_BPFDESC, + (macop_t)mac_mls_create_bpfdesc }, + { MAC_CREATE_IFNET, + (macop_t)mac_mls_create_ifnet }, + { MAC_CREATE_MBUF_DATAGRAM_FROM_MBUF_FRAGMENTQUEUE, + (macop_t)mac_mls_create_mbuf_datagram_from_mbuf_fragmentqueue }, + { MAC_CREATE_MBUF_FRAGMENT_FROM_MBUF, + (macop_t)mac_mls_create_mbuf_fragment_from_mbuf }, + { MAC_CREATE_MBUF_FRAGMENTQUEUE_FROM_MBUF_FRAGMENT, + (macop_t)mac_mls_create_mbuf_fragmentqueue_from_mbuf_fragment }, + { MAC_CREATE_MBUF_FROM_MBUF, + (macop_t)mac_mls_create_mbuf_from_mbuf }, + { MAC_CREATE_MBUF_LINKLAYER_FOR_IFNET, + (macop_t)mac_mls_create_mbuf_linklayer_for_ifnet }, + { MAC_CREATE_MBUF_FROM_BPFDESC, + (macop_t)mac_mls_create_mbuf_from_bpfdesc }, + { MAC_CREATE_MBUF_FROM_IFNET, + (macop_t)mac_mls_create_mbuf_from_ifnet }, + { MAC_CREATE_MBUF_MULTICAST_ENCAP_FROM_MBUF, + (macop_t)mac_mls_create_mbuf_multicast_encap_from_mbuf }, + { MAC_CREATE_MBUF_NETLAYER_FROM_MBUF, + (macop_t)mac_mls_create_mbuf_netlayer_from_mbuf }, + { MAC_MBUF_FRAGMENT_MATCHES_MBUF_FRAGMENTQUEUE, + (macop_t)mac_mls_mbuf_fragment_matches_mbuf_fragmentqueue }, + { MAC_RELABEL_IFNET, + (macop_t)mac_mls_relabel_ifnet }, + { MAC_CREATE_SUBJECT, + (macop_t)mac_mls_create_subject }, + { MAC_EXECVE_TRANSITION, + (macop_t)mac_mls_execve_transition }, + { MAC_EXECVE_WILL_TRANSITION, + (macop_t)mac_mls_execve_will_transition }, + { MAC_CREATE_PROC0, + (macop_t)mac_mls_create_proc0 }, + { MAC_CREATE_PROC1, + (macop_t)mac_mls_create_proc1 }, + { MAC_RELABEL_SUBJECT, + (macop_t)mac_mls_relabel_subject }, + { MAC_BPFDESC_CHECK_RECEIVE_FROM_IFNET, + (macop_t)mac_mls_bpfdesc_check_receive_from_ifnet }, + { MAC_CRED_CHECK_SEE_CRED, + (macop_t)mac_mls_cred_check_see_cred }, + { MAC_CRED_CHECK_SEE_SOCKET, + (macop_t)mac_mls_cred_check_see_socket }, + { MAC_CRED_CHECK_RELABEL_IFNET, + (macop_t)mac_mls_cred_check_relabel_ifnet }, + { MAC_CRED_CHECK_RELABEL_SOCKET, + (macop_t)mac_mls_cred_check_relabel_socket }, + { MAC_CRED_CHECK_RELABEL_SUBJECT, + (macop_t)mac_mls_cred_check_relabel_subject }, + { MAC_CRED_CHECK_RELABEL_VNODE, + (macop_t)mac_mls_cred_check_relabel_vnode }, + { MAC_CRED_CHECK_STATFS, + (macop_t)mac_mls_cred_check_statfs }, + { MAC_CRED_CHECK_DEBUG_PROC, + (macop_t)mac_mls_cred_check_debug_proc }, + { MAC_CRED_CHECK_EXEC_FILE, + (macop_t)mac_mls_cred_check_exec_file }, + { MAC_CRED_CHECK_CHDIR_VNODE, + (macop_t)mac_mls_cred_check_chdir_vnode }, + { MAC_CRED_CHECK_CREATE_VNODE, + (macop_t)mac_mls_cred_check_create_vnode }, + { MAC_CRED_CHECK_DELETE_VNODE, + (macop_t)mac_mls_cred_check_delete_vnode }, + { MAC_CRED_CHECK_EXEC_VNODE, + (macop_t)mac_mls_cred_check_exec_vnode }, + { MAC_CRED_CHECK_OPEN_VNODE, + (macop_t)mac_mls_cred_check_open_vnode }, + { MAC_CRED_CHECK_RENAME_FROM_VNODE, + (macop_t)mac_mls_cred_check_rename_from_vnode }, + { MAC_CRED_CHECK_RENAME_TO_VNODE, + (macop_t)mac_mls_cred_check_rename_to_vnode }, + { MAC_CRED_CHECK_REVOKE_VNODE, + (macop_t)mac_mls_cred_check_revoke_vnode }, + { MAC_CRED_CHECK_SEARCH_VNODE, + (macop_t)mac_mls_cred_check_search_vnode }, + { MAC_CRED_CHECK_SETFLAGS_VNODE, + (macop_t)mac_mls_cred_check_setflags_vnode }, + { MAC_CRED_CHECK_SETMODE_VNODE, + (macop_t)mac_mls_cred_check_setmode_vnode }, + { MAC_CRED_CHECK_SETOWNER_VNODE, + (macop_t)mac_mls_cred_check_setowner_vnode }, + { MAC_CRED_CHECK_SETUTIMES_VNODE, + (macop_t)mac_mls_cred_check_setutimes_vnode }, + { MAC_CRED_CHECK_SCHED_PROC, + (macop_t)mac_mls_cred_check_sched_proc }, + { MAC_CRED_CHECK_SIGNAL_PROC, + (macop_t)mac_mls_cred_check_signal_proc }, + { MAC_CRED_CHECK_STAT_VNODE, + (macop_t)mac_mls_cred_check_stat_vnode }, + { MAC_IFNET_CHECK_SEND_MBUF, + (macop_t)mac_mls_ifnet_check_send_mbuf }, + { MAC_SOCKET_CHECK_RECEIVE_MBUF, + (macop_t)mac_mls_socket_check_receive_mbuf }, + { MAC_OP_LAST, NULL } }; MAC_POLICY_SET(mac_mls_ops, trustedbsd_mac_mls, "TrustedBSD MAC/MLS", 1); ==== //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#20 (text+ko) ==== @@ -586,71 +586,135 @@ return (0); } -static struct mac_policy_ops mac_none_ops = +static struct mac_policy_op_entry mac_none_ops[] = { - mac_none_destroy, - mac_none_init, - mac_none_copy_label, - mac_none_dominate, - mac_none_equal, - mac_none_print_label, - mac_none_validate_label, - mac_none_create_devfs_device, - mac_none_create_devfs_directory, - mac_none_create_vnode_from_vnode, - mac_none_mountfs, - mac_none_mountrootfs, - mac_none_create_mbuf_from_socket, - mac_none_create_socket, - mac_none_relabel_socket, - mac_none_create_bpfdesc, - mac_none_create_ifnet, - mac_none_create_mbuf_datagram_from_mbuf_fragmentqueue, - mac_none_create_mbuf_fragment_from_mbuf, - mac_none_create_mbuf_fragmentqueue_from_mbuf_fragment, - mac_none_create_mbuf_from_mbuf, - mac_none_create_mbuf_linklayer_for_ifnet, - mac_none_create_mbuf_from_bpfdesc, - mac_none_create_mbuf_from_ifnet, - mac_none_create_mbuf_multicast_encap_from_mbuf, - mac_none_create_mbuf_netlayer_from_mbuf, - mac_none_mbuf_fragment_matches_mbuf_fragmentqueue, - mac_none_relabel_ifnet, - mac_none_update_mbuf_fragmentqueue_from_mbuf_fragment, - mac_none_create_subject, - mac_none_execve_transition, - mac_none_execve_will_transition, - mac_none_create_proc0, - mac_none_create_proc1, - mac_none_relabel_subject, - mac_none_bpfdesc_check_receive_from_ifnet, - mac_none_cred_check_see_cred, - mac_none_cred_check_see_socket, - mac_none_cred_check_relabel_ifnet, - mac_none_cred_check_relabel_socket, - mac_none_cred_check_relabel_subject, - mac_none_cred_check_relabel_vnode, - mac_none_cred_check_statfs, - mac_none_cred_check_debug_proc, - mac_none_cred_check_exec_file, - mac_none_cred_check_chdir_vnode, - mac_none_cred_check_create_vnode, - mac_none_cred_check_delete_vnode, - mac_none_cred_check_exec_vnode, - mac_none_cred_check_open_vnode, - mac_none_cred_check_rename_from_vnode, - mac_none_cred_check_rename_to_vnode, - mac_none_cred_check_revoke_vnode, - mac_none_cred_check_search_vnode, - mac_none_cred_check_setflags_vnode, - mac_none_cred_check_setmode_vnode, - mac_none_cred_check_setowner_vnode, - mac_none_cred_check_setutimes_vnode, - mac_none_cred_check_sched_proc, - mac_none_cred_check_signal_proc, - mac_none_cred_check_stat_vnode, - mac_none_ifnet_check_send_mbuf, - mac_none_socket_check_receive_mbuf + { MAC_DESTROY, + (macop_t)mac_none_destroy }, + { MAC_INIT, + (macop_t)mac_none_init }, + { MAC_COPY_LABEL, + (macop_t)mac_none_copy_label }, + { MAC_DOMINATE, + (macop_t)mac_none_dominate }, + { MAC_EQUAL, + (macop_t)mac_none_equal }, + { MAC_PRINT_LABEL, + (macop_t)mac_none_print_label }, + { MAC_VALIDATE_LABEL, + (macop_t)mac_none_validate_label }, + { MAC_CREATE_DEVFS_DEVICE, + (macop_t)mac_none_create_devfs_device }, + { MAC_CREATE_DEVFS_DIRECTORY, + (macop_t)mac_none_create_devfs_directory }, + { MAC_CREATE_VNODE_FROM_VNODE, + (macop_t)mac_none_create_vnode_from_vnode }, + { MAC_CREATE_MOUNT, + (macop_t)mac_none_mountfs }, + { MAC_CREATE_ROOT_MOUNT, + (macop_t)mac_none_mountrootfs }, + { MAC_CREATE_MBUF_FROM_SOCKET, + (macop_t)mac_none_create_mbuf_from_socket }, + { MAC_CREATE_SOCKET, + (macop_t)mac_none_create_socket }, + { MAC_RELABEL_SOCKET, + (macop_t)mac_none_relabel_socket }, + { MAC_CREATE_BPFDESC, + (macop_t)mac_none_create_bpfdesc }, + { MAC_CREATE_IFNET, + (macop_t)mac_none_create_ifnet }, + { MAC_CREATE_MBUF_DATAGRAM_FROM_MBUF_FRAGMENTQUEUE, + (macop_t)mac_none_create_mbuf_datagram_from_mbuf_fragmentqueue }, + { MAC_CREATE_MBUF_FRAGMENT_FROM_MBUF, + (macop_t)mac_none_create_mbuf_fragment_from_mbuf }, + { MAC_CREATE_MBUF_FRAGMENTQUEUE_FROM_MBUF_FRAGMENT, + (macop_t)mac_none_create_mbuf_fragmentqueue_from_mbuf_fragment }, + { MAC_CREATE_MBUF_FROM_MBUF, + (macop_t)mac_none_create_mbuf_from_mbuf }, + { MAC_CREATE_MBUF_LINKLAYER_FOR_IFNET, + (macop_t)mac_none_create_mbuf_linklayer_for_ifnet }, + { MAC_CREATE_MBUF_FROM_BPFDESC, + (macop_t)mac_none_create_mbuf_from_bpfdesc }, + { MAC_CREATE_MBUF_FROM_IFNET, + (macop_t)mac_none_create_mbuf_from_ifnet }, + { MAC_CREATE_MBUF_MULTICAST_ENCAP_FROM_MBUF, + (macop_t)mac_none_create_mbuf_multicast_encap_from_mbuf }, + { MAC_CREATE_MBUF_NETLAYER_FROM_MBUF, + (macop_t)mac_none_create_mbuf_netlayer_from_mbuf }, + { MAC_MBUF_FRAGMENT_MATCHES_MBUF_FRAGMENTQUEUE, + (macop_t)mac_none_mbuf_fragment_matches_mbuf_fragmentqueue }, + { MAC_RELABEL_IFNET, + (macop_t)mac_none_relabel_ifnet }, + { MAC_UPDATE_MBUF_FRAGMENTQUEUE_FROM_MBUF_FRAGMENT, + (macop_t)mac_none_update_mbuf_fragmentqueue_from_mbuf_fragment }, + { MAC_CREATE_SUBJECT, + (macop_t)mac_none_create_subject }, + { MAC_EXECVE_TRANSITION, + (macop_t)mac_none_execve_transition }, + { MAC_EXECVE_WILL_TRANSITION, + (macop_t)mac_none_execve_will_transition }, + { MAC_CREATE_PROC0, + (macop_t)mac_none_create_proc0 }, + { MAC_CREATE_PROC1, + (macop_t)mac_none_create_proc1 }, + { MAC_RELABEL_SUBJECT, + (macop_t)mac_none_relabel_subject }, + { MAC_BPFDESC_CHECK_RECEIVE_FROM_IFNET, + (macop_t)mac_none_bpfdesc_check_receive_from_ifnet }, + { MAC_CRED_CHECK_SEE_CRED, + (macop_t)mac_none_cred_check_see_cred }, + { MAC_CRED_CHECK_SEE_SOCKET, + (macop_t)mac_none_cred_check_see_socket }, + { MAC_CRED_CHECK_RELABEL_IFNET, + (macop_t)mac_none_cred_check_relabel_ifnet }, + { MAC_CRED_CHECK_RELABEL_SOCKET, + (macop_t)mac_none_cred_check_relabel_socket }, + { MAC_CRED_CHECK_RELABEL_SUBJECT, + (macop_t)mac_none_cred_check_relabel_subject }, + { MAC_CRED_CHECK_RELABEL_VNODE, + (macop_t)mac_none_cred_check_relabel_vnode }, + { MAC_CRED_CHECK_STATFS, + (macop_t)mac_none_cred_check_statfs }, + { MAC_CRED_CHECK_DEBUG_PROC, + (macop_t)mac_none_cred_check_debug_proc }, + { MAC_CRED_CHECK_EXEC_FILE, + (macop_t)mac_none_cred_check_exec_file }, + { MAC_CRED_CHECK_CHDIR_VNODE, + (macop_t)mac_none_cred_check_chdir_vnode }, + { MAC_CRED_CHECK_CREATE_VNODE, + (macop_t)mac_none_cred_check_create_vnode }, + { MAC_CRED_CHECK_DELETE_VNODE, + (macop_t)mac_none_cred_check_delete_vnode }, + { MAC_CRED_CHECK_EXEC_VNODE, + (macop_t)mac_none_cred_check_exec_vnode }, + { MAC_CRED_CHECK_OPEN_VNODE, + (macop_t)mac_none_cred_check_open_vnode }, + { MAC_CRED_CHECK_RENAME_FROM_VNODE, + (macop_t)mac_none_cred_check_rename_from_vnode }, + { MAC_CRED_CHECK_RENAME_TO_VNODE, + (macop_t)mac_none_cred_check_rename_to_vnode }, + { MAC_CRED_CHECK_REVOKE_VNODE, + (macop_t)mac_none_cred_check_revoke_vnode }, + { MAC_CRED_CHECK_SEARCH_VNODE, + (macop_t)mac_none_cred_check_search_vnode }, + { MAC_CRED_CHECK_SETFLAGS_VNODE, + (macop_t)mac_none_cred_check_setflags_vnode }, + { MAC_CRED_CHECK_SETMODE_VNODE, + (macop_t)mac_none_cred_check_setmode_vnode }, + { MAC_CRED_CHECK_SETOWNER_VNODE, + (macop_t)mac_none_cred_check_setowner_vnode }, + { MAC_CRED_CHECK_SETUTIMES_VNODE, + (macop_t)mac_none_cred_check_setutimes_vnode }, + { MAC_CRED_CHECK_SCHED_PROC, + (macop_t)mac_none_cred_check_sched_proc }, + { MAC_CRED_CHECK_SIGNAL_PROC, + (macop_t)mac_none_cred_check_signal_proc }, + { MAC_CRED_CHECK_STAT_VNODE, + (macop_t)mac_none_cred_check_stat_vnode }, + { MAC_IFNET_CHECK_SEND_MBUF, + (macop_t)mac_none_ifnet_check_send_mbuf }, + { MAC_SOCKET_CHECK_RECEIVE_MBUF, + (macop_t)mac_none_socket_check_receive_mbuf }, + { MAC_OP_LAST, NULL } }; MAC_POLICY_SET(mac_none_ops, trustedbsd_mac_none, "TrustedBSD MAC/None", 0); ==== //depot/projects/trustedbsd/mac/sys/security/mac_seeotheruids/mac_seeotheruids.c#6 (text+ko) ==== @@ -157,71 +157,19 @@ return (mac_seeotheruids_check(cred, proc->p_ucred)); } -static struct mac_policy_ops mac_seeotheruids_ops = +static struct mac_policy_op_entry mac_seeotheruids_ops[] = { - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - mac_seeotheruids_cred_check_see_cred, - mac_seeotheruids_cred_check_see_socket, - NULL, - NULL, - NULL, - NULL, - NULL, - mac_seeotheruids_cred_check_debug_proc, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - NULL, - mac_seeotheruids_cred_check_sched_proc, - mac_seeotheruids_cred_check_signal_proc, - NULL, - NULL, - NULL, + { MAC_CRED_CHECK_SEE_CRED, + (macop_t)mac_seeotheruids_cred_check_see_cred }, + { MAC_CRED_CHECK_SEE_SOCKET, + (macop_t)mac_seeotheruids_cred_check_see_socket }, + { MAC_CRED_CHECK_DEBUG_PROC, + (macop_t)mac_seeotheruids_cred_check_debug_proc }, + { MAC_CRED_CHECK_SCHED_PROC, + (macop_t)mac_seeotheruids_cred_check_sched_proc }, + { MAC_CRED_CHECK_SIGNAL_PROC, + (macop_t)mac_seeotheruids_cred_check_signal_proc }, + { MAC_OP_LAST, NULL } }; MAC_POLICY_SET(mac_seeotheruids_ops, trustedbsd_mac_seeotheruids, ==== //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#20 (text+ko) ==== @@ -1039,71 +1039,127 @@ return (error); } -static struct mac_policy_ops mac_te_ops = +static struct mac_policy_op_entry mac_te_ops[] = { - NULL, - NULL, - mac_te_copy_label, - NULL, - mac_te_equal, - mac_te_print_label, - mac_te_validate_label, - mac_te_create_devfs_device, - mac_te_create_devfs_directory, - mac_te_create_vnode_from_vnode, - mac_te_mountfs, - mac_te_mountrootfs, - mac_te_create_mbuf_from_socket, - mac_te_create_socket, - mac_te_relabel_socket, - mac_te_create_bpfdesc, - mac_te_create_ifnet, - mac_te_create_mbuf_datagram_from_mbuf_fragmentqueue, - mac_te_create_mbuf_fragment_from_mbuf, - mac_te_create_mbuf_fragmentqueue_from_mbuf_fragment, - mac_te_create_mbuf_from_mbuf, - mac_te_create_mbuf_linklayer_for_ifnet, - mac_te_create_mbuf_from_bpfdesc, - mac_te_create_mbuf_from_ifnet, - mac_te_create_mbuf_multicast_encap_from_mbuf, - mac_te_create_mbuf_netlayer_from_mbuf, - mac_te_mbuf_fragment_matches_mbuf_fragmentqueue, - mac_te_relabel_ifnet, - NULL, /* update fragq */ - mac_te_create_subject, - mac_te_execve_transition, - mac_te_execve_will_transition, - mac_te_create_proc0, - mac_te_create_proc1, - mac_te_relabel_subject, - mac_te_bpfdesc_check_receive_from_ifnet, - mac_te_cred_check_see_cred, - mac_te_cred_check_see_socket, - mac_te_cred_check_relabel_ifnet, - mac_te_cred_check_relabel_socket, - mac_te_cred_check_relabel_subject, - mac_te_cred_check_relabel_vnode, - mac_te_cred_check_statfs, - mac_te_cred_check_debug_proc, - mac_te_cred_check_exec_file, - mac_te_cred_check_chdir_vnode, - mac_te_cred_check_create_vnode, - mac_te_cred_check_delete_vnode, - mac_te_cred_check_exec_vnode, - mac_te_cred_check_open_vnode, - mac_te_cred_check_rename_from_vnode, >>> TRUNCATED FOR MAIL (1000 lines) <<< To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200203281713.g2SHDm939906>