From 23c3d46ae871eeaf7c54d857aa73dbdf2a8f6fd9 Mon Sep 17 00:00:00 2001
From: Robert Watson <rwatson@FreeBSD.org>
Date: Wed, 20 Dec 2006 23:15:27 +0000
Subject: [PATCH] Additional comments regarding the interaction between the
 kernel privilege model and the MAC Framework.

Obtained from:	TrustedBSD Project
---
 sys/security/mac/mac_priv.c | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/sys/security/mac/mac_priv.c b/sys/security/mac/mac_priv.c
index 76ce71e88057..9832e33a3fef 100644
--- a/sys/security/mac/mac_priv.c
+++ b/sys/security/mac/mac_priv.c
@@ -43,6 +43,20 @@
 #include <security/mac/mac_framework.h>
 #include <security/mac/mac_internal.h>
 
+/*
+ * The MAC Framework interacts with kernel privilege checks in two ways: it
+ * may restrict the granting of privilege to a subject, and it may grant
+ * additional privileges to the subject.  Policies may implement none, one,
+ * or both of these entry points.  Restriction of privilege by any policy
+ * always overrides granting of privilege by any policy or other privilege
+ * mechanism.  See kern_priv.c:priv_check_cred() for details of the
+ * composition.
+ */
+
+/*
+ * Restrict access to a privilege for a credential.  Return failure if any
+ * policy denies access.
+ */
 int
 mac_priv_check(struct ucred *cred, int priv)
 {
@@ -53,6 +67,10 @@ mac_priv_check(struct ucred *cred, int priv)
 	return (error);
 }
 
+/*
+ * Grant access to a privilege for a credential.  Return success if any
+ * policy grants access.
+ */
 int
 mac_priv_grant(struct ucred *cred, int priv)
 {