Remove dm_root entry from struct devfs_mount. It's never set, and is

unused.  Replace it with a dm_mount back-pointer to the struct mount
that the devfs_mount is associated with.  Export that pointer to MAC
Framework entry points, where all current policies don't use the
pointer.  This permits the SEBSD port of SELinux's FLASK/TE to compile
out-of-the-box on 5.0-CURRENT with full file system labeling support.

Approved by:	re (murray)
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories

sys/fs/devfs/devfs.h

@@ -168,7 +168,7 @@ struct devfs_dirent {
 };
 
 struct devfs_mount {
-	struct vnode	*dm_root;	/* Root node */
+	struct mount	*dm_mount;
 	struct devfs_dirent *dm_rootdir;
 	struct devfs_dirent *dm_basedir;
 	unsigned	dm_generation;

sys/fs/devfs/devfs_devs.c

@@ -334,8 +334,8 @@ devfs_populate(struct devfs_mount *dm)
 				if (de == NULL) {
 					de = devfs_vmkdir(s, q - s, dd);
 #ifdef MAC
-					mac_create_devfs_directory(s, q - s,
-					    de);
+					mac_create_devfs_directory(
+					    dm->dm_mount, s, q - s, de);
 #endif
 					de->de_inode = dm->dm_inode++;
 					TAILQ_INSERT_TAIL(&dd->de_dlist, de, de_list);
@@ -363,7 +363,7 @@ devfs_populate(struct devfs_mount *dm)
 				de->de_dirent->d_type = DT_CHR;
 			}
 #ifdef MAC
-			mac_create_devfs_device(dev, de);
+			mac_create_devfs_device(dm->dm_mount, dev, de);
 #endif
 			*dep = de;
 			de->de_dir = dd;

sys/fs/devfs/devfs_vfsops.c

@@ -88,6 +88,7 @@ devfs_nmount(mp, ndp, td)
 #ifdef MAC
 	mp->mnt_flag |= MNT_MULTILABEL;
 #endif
+	fmp->dm_mount = mp;
 	mp->mnt_data = (qaddr_t) fmp;
 	vfs_getnewfsid(mp);
 
@@ -96,7 +97,7 @@ devfs_nmount(mp, ndp, td)
 	fmp->dm_rootdir = devfs_vmkdir("(root)", 6, NULL);
 	fmp->dm_rootdir->de_inode = 2;
 #ifdef MAC
-	mac_create_devfs_directory("", 0, fmp->dm_rootdir);
+	mac_create_devfs_directory(mp, "", 0, fmp->dm_rootdir);
 #endif
 	fmp->dm_basedir = fmp->dm_rootdir;
 	devfs_rules_newmount(fmp, td);

sys/fs/devfs/devfs_vnops.c

@@ -832,7 +832,7 @@ devfs_setlabel(ap)
 	de = vp->v_data;
 
 	mac_relabel_vnode(ap->a_cred, vp, ap->a_label);
-	mac_update_devfsdirent(de, vp);
+	mac_update_devfsdirent(vp->v_mount, de, vp);
 
 	return (0);
 }
@@ -869,7 +869,7 @@ devfs_symlink(ap)
 	bcopy(ap->a_target, de->de_symlink, i);
 	lockmgr(&dmp->dm_lock, LK_EXCLUSIVE, 0, curthread);
 #ifdef MAC
-	mac_create_devfs_symlink(ap->a_cnp->cn_cred, dd, de);
+	mac_create_devfs_symlink(ap->a_cnp->cn_cred, dmp->dm_mount, dd, de);
 #endif
 	TAILQ_INSERT_TAIL(&dd->de_dlist, de, de_list);
 	devfs_allocv(de, ap->a_dvp->v_mount, ap->a_vpp, 0);

sys/kern/kern_mac.c

@@ -1196,10 +1196,12 @@ mac_create_cred(struct ucred *parent_cred, struct ucred *child_cred)
 }
 
 void
-mac_update_devfsdirent(struct devfs_dirent *de, struct vnode *vp)
+mac_update_devfsdirent(struct mount *mp, struct devfs_dirent *de,
+    struct vnode *vp)
 {
 
-	MAC_PERFORM(update_devfsdirent, de, &de->de_label, vp, &vp->v_label);
+	MAC_PERFORM(update_devfsdirent, mp, de, &de->de_label, vp,
+	    &vp->v_label);
 }
 
 void
@@ -2801,27 +2803,27 @@ mac_ioctl_ifnet_set(struct ucred *cred, struct ifreq *ifr,
 }
 
 void
-mac_create_devfs_device(dev_t dev, struct devfs_dirent *de)
+mac_create_devfs_device(struct mount *mp, dev_t dev, struct devfs_dirent *de)
 {
 
-	MAC_PERFORM(create_devfs_device, dev, de, &de->de_label);
+	MAC_PERFORM(create_devfs_device, mp, dev, de, &de->de_label);
 }
 
 void
-mac_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd,
-    struct devfs_dirent *de)
+mac_create_devfs_symlink(struct ucred *cred, struct mount *mp,
+    struct devfs_dirent *dd, struct devfs_dirent *de)
 {
 
-	MAC_PERFORM(create_devfs_symlink, cred, dd, &dd->de_label, de,
+	MAC_PERFORM(create_devfs_symlink, cred, mp, dd, &dd->de_label, de,
 	    &de->de_label);
 }
 
 void
-mac_create_devfs_directory(char *dirname, int dirnamelen,
+mac_create_devfs_directory(struct mount *mp, char *dirname, int dirnamelen,
     struct devfs_dirent *de)
 {
 
-	MAC_PERFORM(create_devfs_directory, dirname, dirnamelen, de,
+	MAC_PERFORM(create_devfs_directory, mp, dirname, dirnamelen, de,
 	    &de->de_label);
 }
 

sys/security/mac/mac_framework.c

@@ -1196,10 +1196,12 @@ mac_create_cred(struct ucred *parent_cred, struct ucred *child_cred)
 }
 
 void
-mac_update_devfsdirent(struct devfs_dirent *de, struct vnode *vp)
+mac_update_devfsdirent(struct mount *mp, struct devfs_dirent *de,
+    struct vnode *vp)
 {
 
-	MAC_PERFORM(update_devfsdirent, de, &de->de_label, vp, &vp->v_label);
+	MAC_PERFORM(update_devfsdirent, mp, de, &de->de_label, vp,
+	    &vp->v_label);
 }
 
 void
@@ -2801,27 +2803,27 @@ mac_ioctl_ifnet_set(struct ucred *cred, struct ifreq *ifr,
 }
 
 void
-mac_create_devfs_device(dev_t dev, struct devfs_dirent *de)
+mac_create_devfs_device(struct mount *mp, dev_t dev, struct devfs_dirent *de)
 {
 
-	MAC_PERFORM(create_devfs_device, dev, de, &de->de_label);
+	MAC_PERFORM(create_devfs_device, mp, dev, de, &de->de_label);
 }
 
 void
-mac_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd,
-    struct devfs_dirent *de)
+mac_create_devfs_symlink(struct ucred *cred, struct mount *mp,
+    struct devfs_dirent *dd, struct devfs_dirent *de)
 {
 
-	MAC_PERFORM(create_devfs_symlink, cred, dd, &dd->de_label, de,
+	MAC_PERFORM(create_devfs_symlink, cred, mp, dd, &dd->de_label, de,
 	    &de->de_label);
 }
 
 void
-mac_create_devfs_directory(char *dirname, int dirnamelen,
+mac_create_devfs_directory(struct mount *mp, char *dirname, int dirnamelen,
     struct devfs_dirent *de)
 {
 
-	MAC_PERFORM(create_devfs_directory, dirname, dirnamelen, de,
+	MAC_PERFORM(create_devfs_directory, mp, dirname, dirnamelen, de,
 	    &de->de_label);
 }
 

sys/security/mac/mac_framework.h

@@ -171,18 +171,20 @@ void	mac_associate_vnode_devfs(struct mount *mp, struct devfs_dirent *de,
 	    struct vnode *vp);
 int	mac_associate_vnode_extattr(struct mount *mp, struct vnode *vp);
 void	mac_associate_vnode_singlelabel(struct mount *mp, struct vnode *vp);
-void	mac_create_devfs_device(dev_t dev, struct devfs_dirent *de);
-void	mac_create_devfs_directory(char *dirname, int dirnamelen,
-	    struct devfs_dirent *de);
-void	mac_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd,
+void	mac_create_devfs_device(struct mount *mp, dev_t dev,
 	    struct devfs_dirent *de);
+void	mac_create_devfs_directory(struct mount *mp, char *dirname,
+	    int dirnamelen, struct devfs_dirent *de);
+void	mac_create_devfs_symlink(struct ucred *cred, struct mount *mp,
+	    struct devfs_dirent *dd, struct devfs_dirent *de);
 int	mac_create_vnode_extattr(struct ucred *cred, struct mount *mp,
 	    struct vnode *dvp, struct vnode *vp, struct componentname *cnp);
 void	mac_create_mount(struct ucred *cred, struct mount *mp);
 void	mac_create_root_mount(struct ucred *cred, struct mount *mp);
 void	mac_relabel_vnode(struct ucred *cred, struct vnode *vp,
 	    struct label *newlabel);
-void	mac_update_devfsdirent(struct devfs_dirent *de, struct vnode *vp);
+void	mac_update_devfsdirent(struct mount *mp, struct devfs_dirent *de,
+	    struct vnode *vp);
 
 /*
  * Labeling event operations: IPC objects.

sys/security/mac/mac_internal.h

@@ -1196,10 +1196,12 @@ mac_create_cred(struct ucred *parent_cred, struct ucred *child_cred)
 }
 
 void
-mac_update_devfsdirent(struct devfs_dirent *de, struct vnode *vp)
+mac_update_devfsdirent(struct mount *mp, struct devfs_dirent *de,
+    struct vnode *vp)
 {
 
-	MAC_PERFORM(update_devfsdirent, de, &de->de_label, vp, &vp->v_label);
+	MAC_PERFORM(update_devfsdirent, mp, de, &de->de_label, vp,
+	    &vp->v_label);
 }
 
 void
@@ -2801,27 +2803,27 @@ mac_ioctl_ifnet_set(struct ucred *cred, struct ifreq *ifr,
 }
 
 void
-mac_create_devfs_device(dev_t dev, struct devfs_dirent *de)
+mac_create_devfs_device(struct mount *mp, dev_t dev, struct devfs_dirent *de)
 {
 
-	MAC_PERFORM(create_devfs_device, dev, de, &de->de_label);
+	MAC_PERFORM(create_devfs_device, mp, dev, de, &de->de_label);
 }
 
 void
-mac_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd,
-    struct devfs_dirent *de)
+mac_create_devfs_symlink(struct ucred *cred, struct mount *mp,
+    struct devfs_dirent *dd, struct devfs_dirent *de)
 {
 
-	MAC_PERFORM(create_devfs_symlink, cred, dd, &dd->de_label, de,
+	MAC_PERFORM(create_devfs_symlink, cred, mp, dd, &dd->de_label, de,
 	    &de->de_label);
 }
 
 void
-mac_create_devfs_directory(char *dirname, int dirnamelen,
+mac_create_devfs_directory(struct mount *mp, char *dirname, int dirnamelen,
     struct devfs_dirent *de)
 {
 
-	MAC_PERFORM(create_devfs_directory, dirname, dirnamelen, de,
+	MAC_PERFORM(create_devfs_directory, mp, dirname, dirnamelen, de,
 	    &de->de_label);
 }
 

sys/security/mac/mac_net.c

@@ -1196,10 +1196,12 @@ mac_create_cred(struct ucred *parent_cred, struct ucred *child_cred)
 }
 
 void
-mac_update_devfsdirent(struct devfs_dirent *de, struct vnode *vp)
+mac_update_devfsdirent(struct mount *mp, struct devfs_dirent *de,
+    struct vnode *vp)
 {
 
-	MAC_PERFORM(update_devfsdirent, de, &de->de_label, vp, &vp->v_label);
+	MAC_PERFORM(update_devfsdirent, mp, de, &de->de_label, vp,
+	    &vp->v_label);
 }
 
 void
@@ -2801,27 +2803,27 @@ mac_ioctl_ifnet_set(struct ucred *cred, struct ifreq *ifr,
 }
 
 void
-mac_create_devfs_device(dev_t dev, struct devfs_dirent *de)
+mac_create_devfs_device(struct mount *mp, dev_t dev, struct devfs_dirent *de)
 {
 
-	MAC_PERFORM(create_devfs_device, dev, de, &de->de_label);
+	MAC_PERFORM(create_devfs_device, mp, dev, de, &de->de_label);
 }
 
 void
-mac_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd,
-    struct devfs_dirent *de)
+mac_create_devfs_symlink(struct ucred *cred, struct mount *mp,
+    struct devfs_dirent *dd, struct devfs_dirent *de)
 {
 
-	MAC_PERFORM(create_devfs_symlink, cred, dd, &dd->de_label, de,
+	MAC_PERFORM(create_devfs_symlink, cred, mp, dd, &dd->de_label, de,
 	    &de->de_label);
 }
 
 void
-mac_create_devfs_directory(char *dirname, int dirnamelen,
+mac_create_devfs_directory(struct mount *mp, char *dirname, int dirnamelen,
     struct devfs_dirent *de)
 {
 
-	MAC_PERFORM(create_devfs_directory, dirname, dirnamelen, de,
+	MAC_PERFORM(create_devfs_directory, mp, dirname, dirnamelen, de,
 	    &de->de_label);
 }
 

sys/security/mac/mac_pipe.c

@@ -1196,10 +1196,12 @@ mac_create_cred(struct ucred *parent_cred, struct ucred *child_cred)
 }
 
 void
-mac_update_devfsdirent(struct devfs_dirent *de, struct vnode *vp)
+mac_update_devfsdirent(struct mount *mp, struct devfs_dirent *de,
+    struct vnode *vp)
 {
 
-	MAC_PERFORM(update_devfsdirent, de, &de->de_label, vp, &vp->v_label);
+	MAC_PERFORM(update_devfsdirent, mp, de, &de->de_label, vp,
+	    &vp->v_label);
 }
 
 void
@@ -2801,27 +2803,27 @@ mac_ioctl_ifnet_set(struct ucred *cred, struct ifreq *ifr,
 }
 
 void
-mac_create_devfs_device(dev_t dev, struct devfs_dirent *de)
+mac_create_devfs_device(struct mount *mp, dev_t dev, struct devfs_dirent *de)
 {
 
-	MAC_PERFORM(create_devfs_device, dev, de, &de->de_label);
+	MAC_PERFORM(create_devfs_device, mp, dev, de, &de->de_label);
 }
 
 void
-mac_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd,
-    struct devfs_dirent *de)
+mac_create_devfs_symlink(struct ucred *cred, struct mount *mp,
+    struct devfs_dirent *dd, struct devfs_dirent *de)
 {
 
-	MAC_PERFORM(create_devfs_symlink, cred, dd, &dd->de_label, de,
+	MAC_PERFORM(create_devfs_symlink, cred, mp, dd, &dd->de_label, de,
 	    &de->de_label);
 }
 
 void
-mac_create_devfs_directory(char *dirname, int dirnamelen,
+mac_create_devfs_directory(struct mount *mp, char *dirname, int dirnamelen,
     struct devfs_dirent *de)
 {
 
-	MAC_PERFORM(create_devfs_directory, dirname, dirnamelen, de,
+	MAC_PERFORM(create_devfs_directory, mp, dirname, dirnamelen, de,
 	    &de->de_label);
 }
 

sys/security/mac/mac_policy.h

@@ -142,13 +142,15 @@ struct mac_policy_ops {
 	void	(*mpo_associate_vnode_singlelabel)(struct mount *mp,
 		    struct label *fslabel, struct vnode *vp,
 		    struct label *vlabel);
-	void	(*mpo_create_devfs_device)(dev_t dev, struct devfs_dirent *de,
-		    struct label *label);
-	void	(*mpo_create_devfs_directory)(char *dirname, int dirnamelen,
+	void	(*mpo_create_devfs_device)(struct mount *mp, dev_t dev,
 		    struct devfs_dirent *de, struct label *label);
+	void	(*mpo_create_devfs_directory)(struct mount *mp, char *dirname,
+		    int dirnamelen, struct devfs_dirent *de,
+		    struct label *label);
 	void	(*mpo_create_devfs_symlink)(struct ucred *cred,
-		    struct devfs_dirent *dd, struct label *ddlabel,
-		    struct devfs_dirent *de, struct label *delabel);
+		    struct mount *mp, struct devfs_dirent *dd,
+		    struct label *ddlabel, struct devfs_dirent *de,
+		    struct label *delabel);
 	int	(*mpo_create_vnode_extattr)(struct ucred *cred,
 		    struct mount *mp, struct label *fslabel,
 		    struct vnode *dvp, struct label *dlabel,
@@ -163,7 +165,8 @@ struct mac_policy_ops {
 	int	(*mpo_setlabel_vnode_extattr)(struct ucred *cred,
 		    struct vnode *vp, struct label *vlabel,
 		    struct label *intlabel);
-	void	(*mpo_update_devfsdirent)(struct devfs_dirent *devfs_dirent,
+	void	(*mpo_update_devfsdirent)(struct mount *mp,
+		    struct devfs_dirent *devfs_dirent,
 		    struct label *direntlabel, struct vnode *vp,
 		    struct label *vnodelabel);
 

sys/security/mac/mac_process.c

@@ -1196,10 +1196,12 @@ mac_create_cred(struct ucred *parent_cred, struct ucred *child_cred)
 }
 
 void
-mac_update_devfsdirent(struct devfs_dirent *de, struct vnode *vp)
+mac_update_devfsdirent(struct mount *mp, struct devfs_dirent *de,
+    struct vnode *vp)
 {
 
-	MAC_PERFORM(update_devfsdirent, de, &de->de_label, vp, &vp->v_label);
+	MAC_PERFORM(update_devfsdirent, mp, de, &de->de_label, vp,
+	    &vp->v_label);
 }
 
 void
@@ -2801,27 +2803,27 @@ mac_ioctl_ifnet_set(struct ucred *cred, struct ifreq *ifr,
 }
 
 void
-mac_create_devfs_device(dev_t dev, struct devfs_dirent *de)
+mac_create_devfs_device(struct mount *mp, dev_t dev, struct devfs_dirent *de)
 {
 
-	MAC_PERFORM(create_devfs_device, dev, de, &de->de_label);
+	MAC_PERFORM(create_devfs_device, mp, dev, de, &de->de_label);
 }
 
 void
-mac_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd,
-    struct devfs_dirent *de)
+mac_create_devfs_symlink(struct ucred *cred, struct mount *mp,
+    struct devfs_dirent *dd, struct devfs_dirent *de)
 {
 
-	MAC_PERFORM(create_devfs_symlink, cred, dd, &dd->de_label, de,
+	MAC_PERFORM(create_devfs_symlink, cred, mp, dd, &dd->de_label, de,
 	    &de->de_label);
 }
 
 void
-mac_create_devfs_directory(char *dirname, int dirnamelen,
+mac_create_devfs_directory(struct mount *mp, char *dirname, int dirnamelen,
     struct devfs_dirent *de)
 {
 
-	MAC_PERFORM(create_devfs_directory, dirname, dirnamelen, de,
+	MAC_PERFORM(create_devfs_directory, mp, dirname, dirnamelen, de,
 	    &de->de_label);
 }
 

sys/security/mac/mac_syscalls.c

@@ -1196,10 +1196,12 @@ mac_create_cred(struct ucred *parent_cred, struct ucred *child_cred)
 }
 
 void
-mac_update_devfsdirent(struct devfs_dirent *de, struct vnode *vp)
+mac_update_devfsdirent(struct mount *mp, struct devfs_dirent *de,
+    struct vnode *vp)
 {
 
-	MAC_PERFORM(update_devfsdirent, de, &de->de_label, vp, &vp->v_label);
+	MAC_PERFORM(update_devfsdirent, mp, de, &de->de_label, vp,
+	    &vp->v_label);
 }
 
 void
@@ -2801,27 +2803,27 @@ mac_ioctl_ifnet_set(struct ucred *cred, struct ifreq *ifr,
 }
 
 void
-mac_create_devfs_device(dev_t dev, struct devfs_dirent *de)
+mac_create_devfs_device(struct mount *mp, dev_t dev, struct devfs_dirent *de)
 {
 
-	MAC_PERFORM(create_devfs_device, dev, de, &de->de_label);
+	MAC_PERFORM(create_devfs_device, mp, dev, de, &de->de_label);
 }
 
 void
-mac_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd,
-    struct devfs_dirent *de)
+mac_create_devfs_symlink(struct ucred *cred, struct mount *mp,
+    struct devfs_dirent *dd, struct devfs_dirent *de)
 {
 
-	MAC_PERFORM(create_devfs_symlink, cred, dd, &dd->de_label, de,
+	MAC_PERFORM(create_devfs_symlink, cred, mp, dd, &dd->de_label, de,
 	    &de->de_label);
 }
 
 void
-mac_create_devfs_directory(char *dirname, int dirnamelen,
+mac_create_devfs_directory(struct mount *mp, char *dirname, int dirnamelen,
     struct devfs_dirent *de)
 {
 
-	MAC_PERFORM(create_devfs_directory, dirname, dirnamelen, de,
+	MAC_PERFORM(create_devfs_directory, mp, dirname, dirnamelen, de,
 	    &de->de_label);
 }
 

sys/security/mac/mac_system.c

@@ -1196,10 +1196,12 @@ mac_create_cred(struct ucred *parent_cred, struct ucred *child_cred)
 }
 
 void
-mac_update_devfsdirent(struct devfs_dirent *de, struct vnode *vp)
+mac_update_devfsdirent(struct mount *mp, struct devfs_dirent *de,
+    struct vnode *vp)
 {
 
-	MAC_PERFORM(update_devfsdirent, de, &de->de_label, vp, &vp->v_label);
+	MAC_PERFORM(update_devfsdirent, mp, de, &de->de_label, vp,
+	    &vp->v_label);
 }
 
 void
@@ -2801,27 +2803,27 @@ mac_ioctl_ifnet_set(struct ucred *cred, struct ifreq *ifr,
 }
 
 void
-mac_create_devfs_device(dev_t dev, struct devfs_dirent *de)
+mac_create_devfs_device(struct mount *mp, dev_t dev, struct devfs_dirent *de)
 {
 
-	MAC_PERFORM(create_devfs_device, dev, de, &de->de_label);
+	MAC_PERFORM(create_devfs_device, mp, dev, de, &de->de_label);
 }
 
 void
-mac_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd,
-    struct devfs_dirent *de)
+mac_create_devfs_symlink(struct ucred *cred, struct mount *mp,
+    struct devfs_dirent *dd, struct devfs_dirent *de)
 {
 
-	MAC_PERFORM(create_devfs_symlink, cred, dd, &dd->de_label, de,
+	MAC_PERFORM(create_devfs_symlink, cred, mp, dd, &dd->de_label, de,
 	    &de->de_label);
 }
 
 void
-mac_create_devfs_directory(char *dirname, int dirnamelen,
+mac_create_devfs_directory(struct mount *mp, char *dirname, int dirnamelen,
     struct devfs_dirent *de)
 {
 
-	MAC_PERFORM(create_devfs_directory, dirname, dirnamelen, de,
+	MAC_PERFORM(create_devfs_directory, mp, dirname, dirnamelen, de,
 	    &de->de_label);
 }
 

sys/security/mac/mac_vfs.c

@@ -1196,10 +1196,12 @@ mac_create_cred(struct ucred *parent_cred, struct ucred *child_cred)
 }
 
 void
-mac_update_devfsdirent(struct devfs_dirent *de, struct vnode *vp)
+mac_update_devfsdirent(struct mount *mp, struct devfs_dirent *de,
+    struct vnode *vp)
 {
 
-	MAC_PERFORM(update_devfsdirent, de, &de->de_label, vp, &vp->v_label);
+	MAC_PERFORM(update_devfsdirent, mp, de, &de->de_label, vp,
+	    &vp->v_label);
 }
 
 void
@@ -2801,27 +2803,27 @@ mac_ioctl_ifnet_set(struct ucred *cred, struct ifreq *ifr,
 }
 
 void
-mac_create_devfs_device(dev_t dev, struct devfs_dirent *de)
+mac_create_devfs_device(struct mount *mp, dev_t dev, struct devfs_dirent *de)
 {
 
-	MAC_PERFORM(create_devfs_device, dev, de, &de->de_label);
+	MAC_PERFORM(create_devfs_device, mp, dev, de, &de->de_label);
 }
 
 void
-mac_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd,
-    struct devfs_dirent *de)
+mac_create_devfs_symlink(struct ucred *cred, struct mount *mp,
+    struct devfs_dirent *dd, struct devfs_dirent *de)
 {
 
-	MAC_PERFORM(create_devfs_symlink, cred, dd, &dd->de_label, de,
+	MAC_PERFORM(create_devfs_symlink, cred, mp, dd, &dd->de_label, de,
 	    &de->de_label);
 }
 
 void
-mac_create_devfs_directory(char *dirname, int dirnamelen,
+mac_create_devfs_directory(struct mount *mp, char *dirname, int dirnamelen,
     struct devfs_dirent *de)
 {
 
-	MAC_PERFORM(create_devfs_directory, dirname, dirnamelen, de,
+	MAC_PERFORM(create_devfs_directory, mp, dirname, dirnamelen, de,
 	    &de->de_label);
 }
 

sys/security/mac_biba/mac_biba.c

@@ -800,8 +800,8 @@ mac_biba_copy_label(struct label *src, struct label *dest)
  * a lot like file system objects.
  */
 static void
-mac_biba_create_devfs_device(dev_t dev, struct devfs_dirent *devfs_dirent,
-    struct label *label)
+mac_biba_create_devfs_device(struct mount *mp, dev_t dev,
+    struct devfs_dirent *devfs_dirent, struct label *label)
 {
 	struct mac_biba *mac_biba;
 	int biba_type;
@@ -822,8 +822,8 @@ mac_biba_create_devfs_device(dev_t dev, struct devfs_dirent *devfs_dirent,
 }
 
 static void
-mac_biba_create_devfs_directory(char *dirname, int dirnamelen,
-    struct devfs_dirent *devfs_dirent, struct label *label)
+mac_biba_create_devfs_directory(struct mount *mp, char *dirname,
+    int dirnamelen, struct devfs_dirent *devfs_dirent, struct label *label)
 {
 	struct mac_biba *mac_biba;
 
@@ -832,8 +832,9 @@ mac_biba_create_devfs_directory(char *dirname, int dirnamelen,
 }
 
 static void
-mac_biba_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd,
-    struct label *ddlabel, struct devfs_dirent *de, struct label *delabel)
+mac_biba_create_devfs_symlink(struct ucred *cred, struct mount *mp,
+    struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de,
+    struct label *delabel)
 {
 	struct mac_biba *source, *dest;
 
@@ -882,8 +883,9 @@ mac_biba_relabel_vnode(struct ucred *cred, struct vnode *vp,
 }
 
 static void
-mac_biba_update_devfsdirent(struct devfs_dirent *devfs_dirent,
-    struct label *direntlabel, struct vnode *vp, struct label *vnodelabel)
+mac_biba_update_devfsdirent(struct mount *mp,
+    struct devfs_dirent *devfs_dirent, struct label *direntlabel,
+    struct vnode *vp, struct label *vnodelabel)
 {
 	struct mac_biba *source, *dest;
 

sys/security/mac_lomac/mac_lomac.c

@@ -943,8 +943,8 @@ mac_lomac_copy_label(struct label *src, struct label *dest)
  * a lot like file system objects.
  */
 static void
-mac_lomac_create_devfs_device(dev_t dev, struct devfs_dirent *devfs_dirent,
-    struct label *label)
+mac_lomac_create_devfs_device(struct mount *mp, dev_t dev,
+    struct devfs_dirent *devfs_dirent, struct label *label)
 {
 	struct mac_lomac *mac_lomac;
 	int lomac_type;
@@ -966,8 +966,8 @@ mac_lomac_create_devfs_device(dev_t dev, struct devfs_dirent *devfs_dirent,
 }
 
 static void
-mac_lomac_create_devfs_directory(char *dirname, int dirnamelen,
-    struct devfs_dirent *devfs_dirent, struct label *label)
+mac_lomac_create_devfs_directory(struct mount *mp, char *dirname,
+    int dirnamelen, struct devfs_dirent *devfs_dirent, struct label *label)
 {
 	struct mac_lomac *mac_lomac;
 
@@ -976,8 +976,9 @@ mac_lomac_create_devfs_directory(char *dirname, int dirnamelen,
 }
 
 static void
-mac_lomac_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd,
-    struct label *ddlabel, struct devfs_dirent *de, struct label *delabel)
+mac_lomac_create_devfs_symlink(struct ucred *cred, struct mount *mp,
+    struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de,
+    struct label *delabel)
 {
 	struct mac_lomac *source, *dest;
 
@@ -1026,8 +1027,9 @@ mac_lomac_relabel_vnode(struct ucred *cred, struct vnode *vp,
 }
 
 static void
-mac_lomac_update_devfsdirent(struct devfs_dirent *devfs_dirent,
-    struct label *direntlabel, struct vnode *vp, struct label *vnodelabel)
+mac_lomac_update_devfsdirent(struct mount *mp,
+    struct devfs_dirent *devfs_dirent, struct label *direntlabel,
+    struct vnode *vp, struct label *vnodelabel)
 {
 	struct mac_lomac *source, *dest;
 

sys/security/mac_mls/mac_mls.c

@@ -766,8 +766,8 @@ mac_mls_copy_label(struct label *src, struct label *dest)
  * a lot like file system objects.
  */
 static void
-mac_mls_create_devfs_device(dev_t dev, struct devfs_dirent *devfs_dirent,
-    struct label *label)
+mac_mls_create_devfs_device(struct mount *mp, dev_t dev,
+    struct devfs_dirent *devfs_dirent, struct label *label)
 {
 	struct mac_mls *mac_mls;
 	int mls_type;
@@ -791,8 +791,8 @@ mac_mls_create_devfs_device(dev_t dev, struct devfs_dirent *devfs_dirent,
 }
 
 static void
-mac_mls_create_devfs_directory(char *dirname, int dirnamelen,
-    struct devfs_dirent *devfs_dirent, struct label *label)
+mac_mls_create_devfs_directory(struct mount *mp, char *dirname,
+    int dirnamelen, struct devfs_dirent *devfs_dirent, struct label *label)
 {
 	struct mac_mls *mac_mls;
 
@@ -801,8 +801,9 @@ mac_mls_create_devfs_directory(char *dirname, int dirnamelen,
 }
 
 static void
-mac_mls_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd,
-    struct label *ddlabel, struct devfs_dirent *de, struct label *delabel)
+mac_mls_create_devfs_symlink(struct ucred *cred, struct mount *mp,
+    struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de,
+    struct label *delabel)
 {
 	struct mac_mls *source, *dest;
 
@@ -851,8 +852,9 @@ mac_mls_relabel_vnode(struct ucred *cred, struct vnode *vp,
 }
 
 static void
-mac_mls_update_devfsdirent(struct devfs_dirent *devfs_dirent,
-    struct label *direntlabel, struct vnode *vp, struct label *vnodelabel)
+mac_mls_update_devfsdirent(struct mount *mp,
+    struct devfs_dirent *devfs_dirent, struct label *direntlabel,
+    struct vnode *vp, struct label *vnodelabel)
 {
 	struct mac_mls *source, *dest;
 

sys/security/mac_none/mac_none.c

@@ -169,22 +169,23 @@ mac_none_associate_vnode_singlelabel(struct mount *mp,
 }
 
 static void
-mac_none_create_devfs_device(dev_t dev, struct devfs_dirent *devfs_dirent,
-    struct label *label)
-{
-
-}
-
-static void
-mac_none_create_devfs_directory(char *dirname, int dirnamelen,
+mac_none_create_devfs_device(struct mount *mp, dev_t dev,
     struct devfs_dirent *devfs_dirent, struct label *label)
 {
 
 }
 
 static void
-mac_none_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd,
-    struct label *ddlabel, struct devfs_dirent *de, struct label *delabel)
+mac_none_create_devfs_directory(struct mount *mp, char *dirname,
+    int dirnamelen, struct devfs_dirent *devfs_dirent, struct label *label)
+{
+
+}
+
+static void
+mac_none_create_devfs_symlink(struct ucred *cred, struct mount *mp,
+    struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de,
+    struct label *delabel)
 {
 
 }
@@ -228,8 +229,9 @@ mac_none_setlabel_vnode_extattr(struct ucred *cred, struct vnode *vp,
 }
 
 static void
-mac_none_update_devfsdirent(struct devfs_dirent *devfs_dirent,
-    struct label *direntlabel, struct vnode *vp, struct label *vnodelabel)
+mac_none_update_devfsdirent(struct mount *mp,
+    struct devfs_dirent *devfs_dirent, struct label *direntlabel,
+    struct vnode *vp, struct label *vnodelabel)
 {
 
 }

sys/security/mac_stub/mac_stub.c

@@ -169,22 +169,23 @@ mac_none_associate_vnode_singlelabel(struct mount *mp,
 }
 
 static void
-mac_none_create_devfs_device(dev_t dev, struct devfs_dirent *devfs_dirent,
-    struct label *label)
-{
-
-}
-
-static void
-mac_none_create_devfs_directory(char *dirname, int dirnamelen,
+mac_none_create_devfs_device(struct mount *mp, dev_t dev,
     struct devfs_dirent *devfs_dirent, struct label *label)
 {
 
 }
 
 static void
-mac_none_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd,
-    struct label *ddlabel, struct devfs_dirent *de, struct label *delabel)
+mac_none_create_devfs_directory(struct mount *mp, char *dirname,
+    int dirnamelen, struct devfs_dirent *devfs_dirent, struct label *label)
+{
+
+}
+
+static void
+mac_none_create_devfs_symlink(struct ucred *cred, struct mount *mp,
+    struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de,
+    struct label *delabel)
 {
 
 }
@@ -228,8 +229,9 @@ mac_none_setlabel_vnode_extattr(struct ucred *cred, struct vnode *vp,
 }
 
 static void
-mac_none_update_devfsdirent(struct devfs_dirent *devfs_dirent,
-    struct label *direntlabel, struct vnode *vp, struct label *vnodelabel)
+mac_none_update_devfsdirent(struct mount *mp,
+    struct devfs_dirent *devfs_dirent, struct label *direntlabel,
+    struct vnode *vp, struct label *vnodelabel)
 {
 
 }

sys/security/mac_test/mac_test.c

@@ -518,22 +518,23 @@ mac_test_associate_vnode_singlelabel(struct mount *mp,
 }
 
 static void
-mac_test_create_devfs_device(dev_t dev, struct devfs_dirent *devfs_dirent,
-    struct label *label)
-{
-
-}
-
-static void
-mac_test_create_devfs_directory(char *dirname, int dirnamelen,
+mac_test_create_devfs_device(struct mount *mp, dev_t dev,
     struct devfs_dirent *devfs_dirent, struct label *label)
 {
 
 }
 
 static void
-mac_test_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd,
-    struct label *ddlabel, struct devfs_dirent *de, struct label *delabel)
+mac_test_create_devfs_directory(struct mount *mp, char *dirname,
+    int dirnamelen, struct devfs_dirent *devfs_dirent, struct label *label)
+{
+
+}
+
+static void
+mac_test_create_devfs_symlink(struct ucred *cred, struct mount *mp,
+    struct devfs_dirent *dd, struct label *ddlabel, struct devfs_dirent *de,
+    struct label *delabel)
 {
 
 }
@@ -577,8 +578,9 @@ mac_test_setlabel_vnode_extattr(struct ucred *cred, struct vnode *vp,
 }
 
 static void
-mac_test_update_devfsdirent(struct devfs_dirent *devfs_dirent,
-    struct label *direntlabel, struct vnode *vp, struct label *vnodelabel)
+mac_test_update_devfsdirent(struct mount *mp,
+    struct devfs_dirent *devfs_dirent, struct label *direntlabel,
+    struct vnode *vp, struct label *vnodelabel)
 {
 
 }

sys/sys/mac.h

@@ -171,18 +171,20 @@ void	mac_associate_vnode_devfs(struct mount *mp, struct devfs_dirent *de,
 	    struct vnode *vp);
 int	mac_associate_vnode_extattr(struct mount *mp, struct vnode *vp);
 void	mac_associate_vnode_singlelabel(struct mount *mp, struct vnode *vp);
-void	mac_create_devfs_device(dev_t dev, struct devfs_dirent *de);
-void	mac_create_devfs_directory(char *dirname, int dirnamelen,
-	    struct devfs_dirent *de);
-void	mac_create_devfs_symlink(struct ucred *cred, struct devfs_dirent *dd,
+void	mac_create_devfs_device(struct mount *mp, dev_t dev,
 	    struct devfs_dirent *de);
+void	mac_create_devfs_directory(struct mount *mp, char *dirname,
+	    int dirnamelen, struct devfs_dirent *de);
+void	mac_create_devfs_symlink(struct ucred *cred, struct mount *mp,
+	    struct devfs_dirent *dd, struct devfs_dirent *de);
 int	mac_create_vnode_extattr(struct ucred *cred, struct mount *mp,
 	    struct vnode *dvp, struct vnode *vp, struct componentname *cnp);
 void	mac_create_mount(struct ucred *cred, struct mount *mp);
 void	mac_create_root_mount(struct ucred *cred, struct mount *mp);
 void	mac_relabel_vnode(struct ucred *cred, struct vnode *vp,
 	    struct label *newlabel);
-void	mac_update_devfsdirent(struct devfs_dirent *de, struct vnode *vp);
+void	mac_update_devfsdirent(struct mount *mp, struct devfs_dirent *de,
+	    struct vnode *vp);
 
 /*
  * Labeling event operations: IPC objects.

sys/sys/mac_policy.h

@@ -142,13 +142,15 @@ struct mac_policy_ops {
 	void	(*mpo_associate_vnode_singlelabel)(struct mount *mp,
 		    struct label *fslabel, struct vnode *vp,
 		    struct label *vlabel);
-	void	(*mpo_create_devfs_device)(dev_t dev, struct devfs_dirent *de,
-		    struct label *label);
-	void	(*mpo_create_devfs_directory)(char *dirname, int dirnamelen,
+	void	(*mpo_create_devfs_device)(struct mount *mp, dev_t dev,
 		    struct devfs_dirent *de, struct label *label);
+	void	(*mpo_create_devfs_directory)(struct mount *mp, char *dirname,
+		    int dirnamelen, struct devfs_dirent *de,
+		    struct label *label);
 	void	(*mpo_create_devfs_symlink)(struct ucred *cred,
-		    struct devfs_dirent *dd, struct label *ddlabel,
-		    struct devfs_dirent *de, struct label *delabel);
+		    struct mount *mp, struct devfs_dirent *dd,
+		    struct label *ddlabel, struct devfs_dirent *de,
+		    struct label *delabel);
 	int	(*mpo_create_vnode_extattr)(struct ucred *cred,
 		    struct mount *mp, struct label *fslabel,
 		    struct vnode *dvp, struct label *dlabel,
@@ -163,7 +165,8 @@ struct mac_policy_ops {
 	int	(*mpo_setlabel_vnode_extattr)(struct ucred *cred,
 		    struct vnode *vp, struct label *vlabel,
 		    struct label *intlabel);
-	void	(*mpo_update_devfsdirent)(struct devfs_dirent *devfs_dirent,
+	void	(*mpo_update_devfsdirent)(struct mount *mp,
+		    struct devfs_dirent *devfs_dirent,
 		    struct label *direntlabel, struct vnode *vp,
 		    struct label *vnodelabel);