diff options
| author | rwatson <rwatson@FreeBSD.org> | 2006-12-28 21:48:38 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2006-12-28 21:48:38 +0000 |
| commit | d4e941ae596e212c14945fda583fb9fde7d9753a (patch) | |
| tree | 675bacf0bde1d91c5bee22cf8f1ec0ae1ff3b6a0 /sys/security/mac | |
| parent | 8a59ab518d7f3acbb4450fac6d41d3ac7f911e81 (diff) | |
| download | FreeBSD-src-d4e941ae596e212c14945fda583fb9fde7d9753a.zip FreeBSD-src-d4e941ae596e212c14945fda583fb9fde7d9753a.tar.gz | |
Centralize definition of MAC_VERSION in mac_policy.h, as it defines the
kernel<->policy ABI version. Add a comment to the definition describing
it and listing known versions. Modify MAC_POLICY_SET() to reference the
current kernel version by name rather than by number.
Staticize mac_late, which is used only in mac_framework.c.
Obtained from: TrustedBSD Project
Diffstat (limited to 'sys/security/mac')
| -rw-r--r-- | sys/security/mac/mac_framework.c | 7 | ||||
| -rw-r--r-- | sys/security/mac/mac_internal.h | 1 | ||||
| -rw-r--r-- | sys/security/mac/mac_policy.h | 17 |
3 files changed, 19 insertions, 6 deletions
diff --git a/sys/security/mac/mac_framework.c b/sys/security/mac/mac_framework.c index f248e55..94a593e 100644 --- a/sys/security/mac/mac_framework.c +++ b/sys/security/mac/mac_framework.c @@ -90,10 +90,9 @@ SYSCTL_NODE(_security, OID_AUTO, mac, CTLFLAG_RW, 0, * This permits modules to refuse to be loaded if the necessary support isn't * present, even if it's pre-boot. */ -#define MAC_VERSION 3 -static unsigned int mac_version = MAC_VERSION; - MODULE_VERSION(kernel_mac_support, MAC_VERSION); + +static unsigned int mac_version = MAC_VERSION; SYSCTL_UINT(_security_mac, OID_AUTO, version, CTLFLAG_RD, &mac_version, 0, ""); @@ -121,7 +120,7 @@ SYSCTL_UINT(_security_mac, OID_AUTO, max_slots, CTLFLAG_RD, &mac_max_slots, * access to this variable is serialized during the boot process. Following * the end of serialization, we don't update this flag; no locking. */ -int mac_late = 0; +static int mac_late = 0; /* * Flag to indicate whether or not we should allocate label storage for new diff --git a/sys/security/mac/mac_internal.h b/sys/security/mac/mac_internal.h index 24a6cfc..a235bd7 100644 --- a/sys/security/mac/mac_internal.h +++ b/sys/security/mac/mac_internal.h @@ -60,7 +60,6 @@ MALLOC_DECLARE(M_MACTEMP); */ extern struct mac_policy_list_head mac_policy_list; extern struct mac_policy_list_head mac_static_policy_list; -extern int mac_late; #ifndef MAC_ALWAYS_LABEL_MBUF extern int mac_labelmbufs; #endif diff --git a/sys/security/mac/mac_policy.h b/sys/security/mac/mac_policy.h index c7de3c8..5de8ff6 100644 --- a/sys/security/mac/mac_policy.h +++ b/sys/security/mac/mac_policy.h @@ -926,6 +926,20 @@ struct mac_policy_conf { /* Flags for the mpc_runtime_flags field. */ #define MPC_RUNTIME_FLAG_REGISTERED 0x00000001 +/*- + * The TrustedBSD MAC Framework has a major version number, MAC_VERSION, + * which defines the ABI of the Framework present in the kernel (and depended + * on by policy modules compiled against that kernel). Currently, + * MAC_POLICY_SET() requires that the kernel and module ABI version numbers + * exactly match. The following major versions have been defined to date: + * + * MAC version FreeBSD versions + * 1 5.x + * 2 6.x + * 3 7.x + */ +#define MAC_VERSION 3 + #define MAC_POLICY_SET(mpops, mpname, mpfullname, mpflags, privdata_wanted) \ static struct mac_policy_conf mpname##_mac_policy_conf = { \ #mpname, \ @@ -940,7 +954,8 @@ struct mac_policy_conf { mac_policy_modevent, \ &mpname##_mac_policy_conf \ }; \ - MODULE_DEPEND(mpname, kernel_mac_support, 3, 3, 3); \ + MODULE_DEPEND(mpname, kernel_mac_support, MAC_VERSION, \ + MAC_VERSION, MAC_VERSION); \ DECLARE_MODULE(mpname, mpname##_mod, SI_SUB_MAC_POLICY, \ SI_ORDER_MIDDLE) |
