From 9caab7a262e3db6d9cd2a199306029b37ef20fcb Mon Sep 17 00:00:00 2001 From: Robert Watson Date: Wed, 20 Dec 2006 20:43:19 +0000 Subject: [PATCH] Comment and white space cleanup. Exapnd comments on System V IPC labeling methods, which could use improved consistency with respect to other object types. Obtained from: TrustedBSD Project --- sys/security/mac/mac_framework.h | 32 +++++++++++++++++--------------- 1 file changed, 17 insertions(+), 15 deletions(-) diff --git a/sys/security/mac/mac_framework.h b/sys/security/mac/mac_framework.h index c8c41c23adb4..9f3ee331bed3 100644 --- a/sys/security/mac/mac_framework.h +++ b/sys/security/mac/mac_framework.h @@ -89,7 +89,6 @@ struct vop_setlabel_args; /* * Kernel functions to manage and evaluate labels. */ - void mac_init_bpfdesc(struct bpf_d *); void mac_init_cred(struct ucred *); void mac_init_devfsdirent(struct devfs_dirent *); @@ -135,8 +134,8 @@ struct label *mac_vnode_label_alloc(void); void mac_vnode_label_free(struct label *label); /* - * Labeling event operations: file system objects, and things that - * look a lot like file system objects. + * Labeling event operations: file system objects, and things that look a lot + * like file system objects. */ void mac_associate_vnode_devfs(struct mount *mp, struct devfs_dirent *de, struct vnode *vp); @@ -186,7 +185,6 @@ void mac_create_sysv_shm(struct ucred *cred, */ void mac_create_posix_sem(struct ucred *cred, struct ksem *ksemptr); - /* * Labeling event operations: network objects. */ @@ -208,12 +206,12 @@ void mac_reflect_mbuf_icmp(struct mbuf *m); void mac_reflect_mbuf_tcp(struct mbuf *m); void mac_update_ipq(struct mbuf *fragment, struct ipq *ipq); void mac_inpcb_sosetlabel(struct socket *so, struct inpcb *inp); - void mac_create_mbuf_from_firewall(struct mbuf *m); void mac_destroy_syncache(struct label **label); int mac_init_syncache(struct label **label); void mac_init_syncache_from_inpcb(struct label *label, struct inpcb *inp); void mac_create_mbuf_from_syncache(struct label *sc_label, struct mbuf *m); + /* * Labeling event operations: processes. */ @@ -230,20 +228,24 @@ void mac_create_proc1(struct ucred *cred); void mac_thread_userret(struct thread *td); /* - * Label cleanup operation: This is the inverse complement for the - * mac_create and associate type of hooks. This hook lets the policy - * module(s) perform a cleanup/flushing operation on the label - * associated with the objects, without freeing up the space allocated. - * This hook is useful in cases where it is desirable to remove any - * labeling reference when recycling any object to a pool. This hook - * does not replace the mac_destroy hooks. + * Label cleanup operation: This is the inverse complement for the mac_create + * and associate type of hooks. This hook lets the policy module(s) perform a + * cleanup/flushing operation on the label associated with the objects, + * without freeing up the space allocated. This hook is useful in cases + * where it is desirable to remove any labeling reference when recycling any + * object to a pool. This hook does not replace the mac_destroy hooks. + * + * XXXRW: These object methods are inconsistent with the life cycles of other + * objects, and likely should be revised to be more consistent. */ void mac_cleanup_sysv_msgmsg(struct msg *msgptr); void mac_cleanup_sysv_msgqueue(struct msqid_kernel *msqkptr); void mac_cleanup_sysv_sem(struct semid_kernel *semakptr); void mac_cleanup_sysv_shm(struct shmid_kernel *shmsegptr); -/* Access control checks. */ +/* + * Access control checks. + */ int mac_check_bpfdesc_receive(struct bpf_d *bpf_d, struct ifnet *ifnet); int mac_check_cred_visible(struct ucred *u1, struct ucred *u2); int mac_check_ifnet_transmit(struct ifnet *ifnet, struct mbuf *m); @@ -415,8 +417,8 @@ int mac_priv_check(struct ucred *cred, int priv); int mac_priv_grant(struct ucred *cred, int priv); /* - * Calls to help various file systems implement labeling functionality - * using their existing EA implementation. + * Calls to help various file systems implement labeling functionality using + * their existing EA implementation. */ int vop_stdsetlabel_ea(struct vop_setlabel_args *ap);