diff options
author | rwatson <rwatson@FreeBSD.org> | 2006-12-28 21:48:38 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2006-12-28 21:48:38 +0000 |
commit | d4e941ae596e212c14945fda583fb9fde7d9753a (patch) | |
tree | 675bacf0bde1d91c5bee22cf8f1ec0ae1ff3b6a0 /sys/security/mac/mac_policy.h | |
parent | 8a59ab518d7f3acbb4450fac6d41d3ac7f911e81 (diff) | |
download | FreeBSD-src-d4e941ae596e212c14945fda583fb9fde7d9753a.zip FreeBSD-src-d4e941ae596e212c14945fda583fb9fde7d9753a.tar.gz |
Centralize definition of MAC_VERSION in mac_policy.h, as it defines the
kernel<->policy ABI version. Add a comment to the definition describing
it and listing known versions. Modify MAC_POLICY_SET() to reference the
current kernel version by name rather than by number.
Staticize mac_late, which is used only in mac_framework.c.
Obtained from: TrustedBSD Project
Diffstat (limited to 'sys/security/mac/mac_policy.h')
-rw-r--r-- | sys/security/mac/mac_policy.h | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/sys/security/mac/mac_policy.h b/sys/security/mac/mac_policy.h index c7de3c8..5de8ff6 100644 --- a/sys/security/mac/mac_policy.h +++ b/sys/security/mac/mac_policy.h @@ -926,6 +926,20 @@ struct mac_policy_conf { /* Flags for the mpc_runtime_flags field. */ #define MPC_RUNTIME_FLAG_REGISTERED 0x00000001 +/*- + * The TrustedBSD MAC Framework has a major version number, MAC_VERSION, + * which defines the ABI of the Framework present in the kernel (and depended + * on by policy modules compiled against that kernel). Currently, + * MAC_POLICY_SET() requires that the kernel and module ABI version numbers + * exactly match. The following major versions have been defined to date: + * + * MAC version FreeBSD versions + * 1 5.x + * 2 6.x + * 3 7.x + */ +#define MAC_VERSION 3 + #define MAC_POLICY_SET(mpops, mpname, mpfullname, mpflags, privdata_wanted) \ static struct mac_policy_conf mpname##_mac_policy_conf = { \ #mpname, \ @@ -940,7 +954,8 @@ struct mac_policy_conf { mac_policy_modevent, \ &mpname##_mac_policy_conf \ }; \ - MODULE_DEPEND(mpname, kernel_mac_support, 3, 3, 3); \ + MODULE_DEPEND(mpname, kernel_mac_support, MAC_VERSION, \ + MAC_VERSION, MAC_VERSION); \ DECLARE_MODULE(mpname, mpname##_mod, SI_SUB_MAC_POLICY, \ SI_ORDER_MIDDLE) |