From owner-p4-projects Mon Jan 13 22:46:59 2003 Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 6364D37B405; Mon, 13 Jan 2003 22:46:40 -0800 (PST) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C44F837B401 for ; Mon, 13 Jan 2003 22:46:39 -0800 (PST) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id E7C0643E4A for ; Mon, 13 Jan 2003 22:46:38 -0800 (PST) (envelope-from chris@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.12.6/8.12.6) with ESMTP id h0E6kcfh047988 for ; Mon, 13 Jan 2003 22:46:38 -0800 (PST) (envelope-from chris@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.12.6/8.12.6/Submit) id h0E6kc8H047985 for perforce@freebsd.org; Mon, 13 Jan 2003 22:46:38 -0800 (PST) Date: Mon, 13 Jan 2003 22:46:38 -0800 (PST) Message-Id: <200301140646.h0E6kc8H047985@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to chris@freebsd.org using -f From: Chris Costello Subject: PERFORCE change 23720 for review To: Perforce Change Reviews Sender: owner-p4-projects@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG http://perforce.freebsd.org/chv.cgi?CH=23720 Change 23720 by chris@chris_holly on 2003/01/13 22:46:30 Finish adding all the remaining MAC policy op entry points. Affected files ... .. //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/mac/chapter.sgml#24 edit Differences ... ==== //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/developers-handbook/mac/chapter.sgml#24 (text+ko) ==== @@ -446,6 +446,119 @@ label. + + <function>&mac.mpo;_associate_vnode_extattr</function> + + + + int + &mac.mpo;_associate_vnode_extattr + + struct mount + *mp + struct label + *fslabel + struct vnode + *vp + struct label + *vlabel + + + + + + &mac.thead; + + + + mp + File system mount point + + + + fslabel + File system label + + + + vp + Vnode to label + + + + vlabel + Policy label associated with + vp + + + + + + Attempt to retrieve the label for + vp from the file system extended + attributes. Upon success, the value 0 + is returned. Should extended attribute retrieval not be + supported, an accepted fallback is to copy + fslabel into + vlabel. In the event of an error, + an appropriate value for errno should + be returned. + + + + <function>&mac.mpo;_associate_vnode_singlelabel</function> + + + + void + &mac.mpo;_associate_vnode_singlelabel + + struct mount + *mp + struct label + *fslabel + struct vnode + *vp + struct label + *vlabel + + + + + + &mac.thead; + + + + mp + File system mount point + + + + fslabel + File system label + + + + vp + Vnode to label + + + + vlabel + Policy label associated with + vp + + + + + + On non-multilabel file systems, this entry point is + called to set the policy label for + vp based on the file system label, + fslabel. + + <function>&mac.mpo;_copy_vnode_label</function> @@ -991,6 +1104,61 @@ &mac.internalize.para; + + <function>&mac.mpo;_setlabel_vnode_extattr</function> + + + + int + &mac.mpo;_setlabel_vnode_extattr + + struct ucred + *cred + struct vnode + *vp + struct label + *vlabel + struct label + *intlabel + + + + + + &mac.thead; + + + + cred + Subject credential + + + + vp + Vnode for which the label is being + written + + + + vlabel + Policy label associated with + vp + + + + intlabel + Label to write out + + + + + + Write out the policy from + intlabel to an extended + attribute. This is called from + vop_stdcreatevnode_ea. + + <function>&mac.mpo;_update_devfsdirent</function> @@ -1365,9 +1533,55 @@ Set the label on a newly created mbuf header from the passed socket label. This call is made when a new datagram - or messsage is generated by the socket and stored in the + or message is generated by the socket and stored in the passed mbuf. + + + <function>&mac.mpo;_create_pipe</function> + + + + void + &mac.mpo;_create_pipe + + struct ucred + *cred + struct pipe + *pipe + struct label + *pipelabel + + + + + + &mac.thead; + + + + cred + Subject credential + + + + pipe + Pipe + + + + pipelabel + Policy label associated with + pipe + + + + + + Set the label on a newly created pipe from the passed + subject credential. This call is made when a new pipe is + created. + <function>&mac.mpo;_create_socket</function> @@ -1577,6 +1791,59 @@ &mac.internalize.para; + + <function>&mac.mpo;_relabel_pipe</function> + + + + void + &mac.mpo;_relabel_pipe + + struct ucred + *cred + struct pipe + *pipe + struct label + *oldlabel + struct label + *newlabel + + + + + + &mac.thead; + + + + cred + Subject credential + + + + pipe + Pipe + + + + oldlabel + Current policy label associated with + pipe + + + + newlabel + Policy label update to apply to + pipe + + + + + + Apply a new label, newlabel, to + pipe. + + <function>&mac.mpo;_relabel_socket</function> @@ -3185,7 +3452,299 @@ Determine whether the subject should be allowed to unload a kernel module. - + + + <function>&mac.mpo;_check_pipe_ioctl</function> + + + + int + &mac.mpo;_check_pipe_ioctl + + struct ucred + *cred + struct pipe + *pipe + struct label + *pipelabel + unsigned long + cmd + void *data + + + + + + &mac.thead; + + + + cred + Subject credential + + + + pipe + Pipe + + + + pipelabel + Policy label associated with + pipe + + + + cmd + &man.ioctl.2; command + + + + data + &man.ioctl.2; data + + + + + + Determine whether the subject should be allowed to make + the specified &man.ioctl.2; call. + + + + <function>&mac.mpo;_check_pipe_poll</function> + + + + int + &mac.mpo;_check_pipe_poll + + struct ucred + *cred + struct pipe + *pipe + struct label + *pipelabel + + + + + + &mac.thead; + + + + cred + Subject credential + + + + pipe + Pipe + + + + pipelabel + Policy label associated with + pipe + + + + + + Determine whether the subject should be allowed to poll + pipe. + + + + <function>&mac.mpo;_check_pipe_read</function> + + + + int + &mac.mpo;_check_pipe_read + + struct ucred + *cred + struct pipe + *pipe + struct label + *pipelabel + + + + + + &mac.thead; + + + + cred + Subject credential + + + + pipe + Pipe + + + + pipelabel + Policy label associated with + pipe + + + + + + Determine whether the subject should be allowed read + access to pipe. + + + + <function>&mac.mpo;_check_pipe_relabel</function> + + + + int + &mac.mpo;_check_pipe_relabel + + struct ucred + *cred + struct pipe + *pipe + struct label + *pipelabel + struct label + *newlabel + + + + + + &mac.thead; + + + + cred + Subject credential + + + + pipe + Pipe + + + + pipelabel + Current policy label associated with + pipe + + + + newlabel + Label update to + pipelabel + + + + + + Determine whether the subject should be allowed to + relabel pipe. + + + + <function>&mac.mpo;_check_pipe_stat</function> + + + + int + &mac.mpo;_check_pipe_stat + + struct ucred + *cred + struct pipe + *pipe + struct label + *pipelabel + + + + + + &mac.thead; + + + + cred + Subject credential + + + + pipe + Pipe + + + + pipelabel + Policy label associated with + pipe + + + + + + Determine whether the subject should be allowed to + retrieve statistics related to + pipe. + + + + <function>&mac.mpo;_check_pipe_write</function> + + + + int + &mac.mpo;_check_pipe_write + + struct ucred + *cred + struct pipe + *pipe + struct label + *pipelabel + + + + + + &mac.thead; + + + + cred + Subject credential + + + + pipe + Pipe + + + + pipelabel + Policy label associated with + pipe + + + + + + Determine whether the subject should be allowed to write + to pipe. + + <function>&mac.mpo;_check_socket_bind</function> @@ -3296,6 +3855,98 @@ failure: EACCES for label mismatches, EPERM for lack of privilege. + + + <function>&mac.mpo;_check_socket_receive</function> + + + + int + &mac.mpo;_check_socket_receive + + struct ucred + *cred + struct socket + *so + struct label + *socketlabel + + + + + + &mac.thead; + + + + cred + Subject credential + + + + so + Socket + + + + socketlabel + Policy label associated with + so + + + + + + Determine whether the subject should be allowed to + receive information from the socket + so. + + + + <function>&mac.mpo;_check_socket_send</function> + + + + int + &mac.mpo;_check_socket_send + + struct ucred + *cred + struct socket + *so + struct label + *socketlabel + + + + + + &mac.thead; + + + + cred + Subject credential + + + + so + Socket + + + + socketlabel + Policy label associated with + so + + + + + + Determine whether the subject should be allowed to send + information across the socket + so. + <function>&mac.mpo;_check_cred_visible</function> @@ -7110,7 +7761,42 @@ own. + + <function>&mac.mpo;_thread_userret</function> + + + + void + &mac.mpo;_thread_userret + struct thread + *td + + + + + + &mac.thead; + + + + td + Returning thread + + + + + + + This entry point permits policy modules to perform + MAC-related events when a thread returns to user space. + This is required for policies that have floating process + labels, as it's not always possible to acquire the process + lock at arbitrary points in the stack during system call + processing; process labels might represent traditional + authentication data, process history information, or other + data. + To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message