mirror/freebsd
1
0
Fork 0
mirror of https://git.FreeBSD.org/src.git synced 2025-01-19 15:33:56 +00:00
Code Issues Releases Activity

Expand comments on various sections of the MAC Framework Policy API,

Browse Source 
as well as document the properties of the mac_policy_conf structure.
Warn about the ABI risks in changing the structure without careful
consideration.

Obtained from:	TrustedBSD Project
Sponsored by:	SPAWAR
This commit is contained in:
Robert Watson 2004-10-22 11:29:30 +00:00
parent b2e3811c5f
commit 3459e1d2e9
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=136776
2 changed files with 30 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
sys/security/mac/mac_policy.h
View File

@ -83,14 +83,17 @@ struct mac_policy_ops {
void (*mpo_init)(struct mac_policy_conf *mpc);
/*
* General policy-directed security system call so that policies
* may implement new services without reserving explicit
* system call numbers.
* General policy-directed security system call so that policies may
* implement new services without reserving explicit system call
* numbers.
*/
int (*mpo_syscall)(struct thread *td, int call, void *arg);
/*
* Label operations.
* Label operations. Initialize label storage, destroy label
* storage, recycle for re-use without init/destroy, copy a label to
* initialized storage, and externalize/internalize from/to
* initialized storage.
*/
void (*mpo_init_bpfdesc_label)(struct label *label);
void (*mpo_init_cred_label)(struct label *label);
@ -464,6 +467,14 @@ struct mac_policy_ops {
struct label *label);
};
/*
* struct mac_policy_conf is the registration structure for policies, and is
* provided to the MAC Framework using MAC_POLICY_SET() to invoke a SYSINIT
* to register the policy. In general, the fields are immutable, with the
* exception of the "security field", run-time flags, and policy list entry,
* which are managed by the MAC Framework. Be careful when modifying this
* structure, as its layout is statically compiled into all policies.
*/
struct mac_policy_conf {
char *mpc_name; /* policy name */
char *mpc_fullname; /* policy full name */

19
sys/sys/mac_policy.h
View File

@ -83,14 +83,17 @@ struct mac_policy_ops {
void (*mpo_init)(struct mac_policy_conf *mpc);
/*
* General policy-directed security system call so that policies
* may implement new services without reserving explicit
* system call numbers.
* General policy-directed security system call so that policies may
* implement new services without reserving explicit system call
* numbers.
*/
int (*mpo_syscall)(struct thread *td, int call, void *arg);
/*
* Label operations.
* Label operations. Initialize label storage, destroy label
* storage, recycle for re-use without init/destroy, copy a label to
* initialized storage, and externalize/internalize from/to
* initialized storage.
*/
void (*mpo_init_bpfdesc_label)(struct label *label);
void (*mpo_init_cred_label)(struct label *label);
@ -464,6 +467,14 @@ struct mac_policy_ops {
struct label *label);
};
/*
* struct mac_policy_conf is the registration structure for policies, and is
* provided to the MAC Framework using MAC_POLICY_SET() to invoke a SYSINIT
* to register the policy. In general, the fields are immutable, with the
* exception of the "security field", run-time flags, and policy list entry,
* which are managed by the MAC Framework. Be careful when modifying this
* structure, as its layout is statically compiled into all policies.
*/
struct mac_policy_conf {
char *mpc_name; /* policy name */
char *mpc_fullname; /* policy full name */