Continue 7-CURRENT MAC Framework rearrangement and cleanup:

Don't perform a nested include of _label.h in mac.h, as mac.h now describes only the user API to MAC, and _label.h defines the in-kernel representation of MAC labels. Remove mac.h includes from policies and MAC framework components that do not use userspace MAC API definitions. Add _KERNEL inclusion checks to mac_internal.h and mac_policy.h, as these are kernel-only include files Obtained from: TrustedBSD Project
svn path=/head/; revision=166531
2007-02-06 10:59:23 +00:00 · 2007-02-06 10:59:23 +00:00 · c96ae1968a · 2020-12-20 02:59:44 +00:00
commit c96ae1968a
parent cebf4a4ed6
22 changed files with 10 additions and 21 deletions
--- a/sys/security/mac/mac_inet.c
+++ b/sys/security/mac/mac_inet.c
@ -44,7 +44,6 @@ __FBSDID("$FreeBSD$");
 #include <sys/lock.h>
 #include <sys/malloc.h>
 #include <sys/mutex.h>
-#include <sys/mac.h>
 #include <sys/sbuf.h>
 #include <sys/systm.h>
 #include <sys/mount.h>
--- a/sys/security/mac/mac_internal.h
+++ b/sys/security/mac/mac_internal.h
@ -43,6 +43,10 @@
 #ifndef _SYS_SECURITY_MAC_MAC_INTERNAL_H_
 #define	_SYS_SECURITY_MAC_MAC_INTERNAL_H_

+#ifndef _KERNEL
+#error "no user-serviceable parts inside"
+#endif
+
 /*
 * MAC Framework sysctl namespace.
 */
--- a/sys/security/mac/mac_label.c
+++ b/sys/security/mac/mac_label.c
@ -35,7 +35,6 @@ __FBSDID("$FreeBSD$");
 #include "opt_mac.h"

 #include <sys/param.h>
-#include <sys/mac.h>
 #include <sys/sysctl.h>
 #include <sys/systm.h>

--- a/sys/security/mac/mac_pipe.c
+++ b/sys/security/mac/mac_pipe.c
@ -40,7 +40,6 @@ __FBSDID("$FreeBSD$");
 #include <sys/malloc.h>
 #include <sys/module.h>
 #include <sys/mutex.h>
-#include <sys/mac.h>
 #include <sys/sbuf.h>
 #include <sys/systm.h>
 #include <sys/vnode.h>
--- a/sys/security/mac/mac_policy.h
+++ b/sys/security/mac/mac_policy.h
@ -43,6 +43,12 @@
 #ifndef _SYS_SECURITY_MAC_MAC_POLICY_H_
 #define	_SYS_SECURITY_MAC_MAC_POLICY_H_

+#ifndef _KERNEL
+#error "no user-serviceable parts inside"
+#endif
+
+#include <sys/_label.h>
+
 /*-
 * Pluggable access control policy definition structure.
 *
--- a/sys/security/mac/mac_posix_sem.c
+++ b/sys/security/mac/mac_posix_sem.c
@ -39,7 +39,6 @@ __FBSDID("$FreeBSD$");
 #include <sys/kernel.h>
 #include <sys/ksem.h>
 #include <sys/malloc.h>
-#include <sys/mac.h>
 #include <sys/module.h>
 #include <sys/systm.h>
 #include <sys/sysctl.h>
--- a/sys/security/mac/mac_system.c
+++ b/sys/security/mac/mac_system.c
@ -40,7 +40,6 @@ __FBSDID("$FreeBSD$");
 #include <sys/malloc.h>
 #include <sys/module.h>
 #include <sys/mutex.h>
-#include <sys/mac.h>
 #include <sys/systm.h>
 #include <sys/vnode.h>
 #include <sys/sysctl.h>
--- a/sys/security/mac/mac_sysv_msg.c
+++ b/sys/security/mac/mac_sysv_msg.c
@ -39,7 +39,6 @@ __FBSDID("$FreeBSD$");
 #include <sys/lock.h>
 #include <sys/malloc.h>
 #include <sys/mutex.h>
-#include <sys/mac.h>
 #include <sys/sbuf.h>
 #include <sys/systm.h>
 #include <sys/vnode.h>
--- a/sys/security/mac/mac_sysv_sem.c
+++ b/sys/security/mac/mac_sysv_sem.c
@ -39,7 +39,6 @@ __FBSDID("$FreeBSD$");
 #include <sys/lock.h>
 #include <sys/malloc.h>
 #include <sys/mutex.h>
-#include <sys/mac.h>
 #include <sys/sbuf.h>
 #include <sys/systm.h>
 #include <sys/vnode.h>
--- a/sys/security/mac/mac_sysv_shm.c
+++ b/sys/security/mac/mac_sysv_shm.c
@ -39,7 +39,6 @@ __FBSDID("$FreeBSD$");
 #include <sys/lock.h>
 #include <sys/malloc.h>
 #include <sys/mutex.h>
-#include <sys/mac.h>
 #include <sys/sbuf.h>
 #include <sys/systm.h>
 #include <sys/vnode.h>
--- a/sys/security/mac/mac_vfs.c
+++ b/sys/security/mac/mac_vfs.c
@ -51,7 +51,6 @@ __FBSDID("$FreeBSD$");
 #include <sys/lock.h>
 #include <sys/malloc.h>
 #include <sys/mutex.h>
-#include <sys/mac.h>
 #include <sys/proc.h>
 #include <sys/sbuf.h>
 #include <sys/systm.h>
--- a/sys/security/mac_biba/mac_biba.c
+++ b/sys/security/mac_biba/mac_biba.c
@ -46,7 +46,6 @@
 #include <sys/extattr.h>
 #include <sys/kernel.h>
 #include <sys/ksem.h>
-#include <sys/mac.h>
 #include <sys/malloc.h>
 #include <sys/mman.h>
 #include <sys/mount.h>
--- a/sys/security/mac_bsdextended/mac_bsdextended.c
+++ b/sys/security/mac_bsdextended/mac_bsdextended.c
@ -49,7 +49,6 @@
 #include <sys/kernel.h>
 #include <sys/jail.h>
 #include <sys/lock.h>
-#include <sys/mac.h>
 #include <sys/malloc.h>
 #include <sys/mount.h>
 #include <sys/mutex.h>
--- a/sys/security/mac_ifoff/mac_ifoff.c
+++ b/sys/security/mac_ifoff/mac_ifoff.c
@ -45,7 +45,6 @@
 #include <sys/param.h>
 #include <sys/conf.h>
 #include <sys/kernel.h>
-#include <sys/mac.h>
 #include <sys/mount.h>
 #include <sys/proc.h>
 #include <sys/systm.h>
--- a/sys/security/mac_mls/mac_mls.c
+++ b/sys/security/mac_mls/mac_mls.c
@ -46,7 +46,6 @@
 #include <sys/extattr.h>
 #include <sys/kernel.h>
 #include <sys/ksem.h>
-#include <sys/mac.h>
 #include <sys/mman.h>
 #include <sys/malloc.h>
 #include <sys/mount.h>
--- a/sys/security/mac_none/mac_none.c
+++ b/sys/security/mac_none/mac_none.c
@ -48,7 +48,6 @@
 #include <sys/conf.h>
 #include <sys/extattr.h>
 #include <sys/kernel.h>
-#include <sys/mac.h>
 #include <sys/mount.h>
 #include <sys/proc.h>
 #include <sys/systm.h>
--- a/sys/security/mac_partition/mac_partition.c
+++ b/sys/security/mac_partition/mac_partition.c
@ -43,7 +43,6 @@
 #include <sys/param.h>
 #include <sys/conf.h>
 #include <sys/kernel.h>
-#include <sys/mac.h>
 #include <sys/mount.h>
 #include <sys/priv.h>
 #include <sys/proc.h>
--- a/sys/security/mac_portacl/mac_portacl.c
+++ b/sys/security/mac_portacl/mac_portacl.c
@ -62,7 +62,6 @@
 #include <sys/kernel.h>
 #include <sys/libkern.h>
 #include <sys/lock.h>
-#include <sys/mac.h>
 #include <sys/malloc.h>
 #include <sys/mount.h>
 #include <sys/mutex.h>
--- a/sys/security/mac_seeotheruids/mac_seeotheruids.c
+++ b/sys/security/mac_seeotheruids/mac_seeotheruids.c
@ -44,7 +44,6 @@
 #include <sys/param.h>
 #include <sys/conf.h>
 #include <sys/kernel.h>
-#include <sys/mac.h>
 #include <sys/mount.h>
 #include <sys/priv.h>
 #include <sys/proc.h>
--- a/sys/security/mac_stub/mac_stub.c
+++ b/sys/security/mac_stub/mac_stub.c
@ -52,7 +52,6 @@
 #include <sys/extattr.h>
 #include <sys/kernel.h>
 #include <sys/ksem.h>
-#include <sys/mac.h>
 #include <sys/mount.h>
 #include <sys/proc.h>
 #include <sys/systm.h>
--- a/sys/security/mac_test/mac_test.c
+++ b/sys/security/mac_test/mac_test.c
@ -47,7 +47,6 @@
 #include <sys/extattr.h>
 #include <sys/kernel.h>
 #include <sys/ksem.h>
-#include <sys/mac.h>
 #include <sys/malloc.h>
 #include <sys/mount.h>
 #include <sys/proc.h>
--- a/sys/sys/mac.h
+++ b/sys/sys/mac.h
@ -47,8 +47,6 @@
 #ifndef _SYS_MAC_H_
 #define	_SYS_MAC_H_

-#include <sys/_label.h>
-
 #ifndef _POSIX_MAC
 #define	_POSIX_MAC
 #endif