6 files changed, 1 insertions, 130 deletions

diff --git a/sys/fs/devfs/devfs_vnops.c b/sys/fs/devfs/devfs_vnops.c
index 869a20f..f7b99d5 100644
--- a/sys/fs/devfs/devfs_vnops.c
+++ b/sys/fs/devfs/devfs_vnops.c
@@ -167,7 +167,7 @@ loop:
 	de->de_vnode = vp;
 	vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
 #ifdef MAC
-	mac_create_devfs_vnode(de, vp);
+	mac_associate_vnode_devfs(mp, de, vp);
 #endif
 	*vpp = vp;
 	return (0);
diff --git a/sys/fs/procfs/procfs.c b/sys/fs/procfs/procfs.c
index e99653a..f6cab6a 100644
--- a/sys/fs/procfs/procfs.c
+++ b/sys/fs/procfs/procfs.c
@@ -153,7 +153,6 @@ procfs_init(PFS_INIT_ARGS)
 	
 	dir = pfs_create_dir(root, "pid",
 	    procfs_attr, NULL, PFS_PROCDEP);
-	dir->pn_refreshlabel = procfs_piddir_refreshlabel;
 	pfs_create_file(dir, "cmdline", procfs_doproccmdline,
 	    NULL, NULL, PFS_RD);
 	pfs_create_file(dir, "ctl", procfs_doprocctl,
diff --git a/sys/fs/procfs/procfs.h b/sys/fs/procfs/procfs.h
index 61f6e954..4baaf50 100644
--- a/sys/fs/procfs/procfs.h
+++ b/sys/fs/procfs/procfs.h
@@ -61,9 +61,6 @@ int	 procfs_close(PFS_CLOSE_ARGS);
 /* Attributes */
 int	 procfs_attr(PFS_ATTR_ARGS);
 
-/* MAC */
-int	procfs_piddir_refreshlabel(PFS_REFRESHLABEL_ARGS);
-
 /* Visibility */
 int	 procfs_notsystem(PFS_VIS_ARGS);
 int	 procfs_candebug(PFS_VIS_ARGS);
diff --git a/sys/fs/procfs/procfs_mac.c b/sys/fs/procfs/procfs_mac.c
deleted file mode 100644
index ea5c9f5..0000000
--- a/sys/fs/procfs/procfs_mac.c
+++ /dev/null
@@ -1,68 +0,0 @@
-/*-
- * Copyright (c) 2002 Network Associates Technology, Inc.
- * All rights reserved.
- *
- * This software was developed in part by NAI Labs, the Security Research
- * Division of Network Associates, Inc. under DARPA/SPAWAR contract
- * N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS research program.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. The names of the authors may not be used to endorse or promote
- *    products derived from this software without specific prior written
- *    permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * $FreeBSD$
- */
-
-#include "opt_mac.h"
-
-#include <sys/param.h>
-#include <sys/lock.h>
-#include <sys/mac.h>
-#include <sys/mount.h>
-#include <sys/mutex.h>
-#include <sys/proc.h>
-#include <sys/systm.h>
-#include <sys/ucred.h>
-#include <sys/vnode.h>
-
-#include <fs/pseudofs/pseudofs.h>
-#include <fs/procfs/procfs.h>
-
-int
-procfs_piddir_refreshlabel(PFS_REFRESHLABEL_ARGS)
-{
-#ifdef MAC
-
-	if (p == NULL)
-		mac_update_vnode_from_mount(vp, vp->v_mount);
-	else {
-		PROC_LOCK(p);
-		mac_update_procfsvnode(vp, p->p_ucred);
-		PROC_UNLOCK(p);
-	}
-
-	return (0);
-#else
-	return (EOPNOTSUPP);
-#endif
-}
diff --git a/sys/fs/pseudofs/pseudofs.h b/sys/fs/pseudofs/pseudofs.h
index c7a64dd..2b9d01b 100644
--- a/sys/fs/pseudofs/pseudofs.h
+++ b/sys/fs/pseudofs/pseudofs.h
@@ -145,15 +145,6 @@ struct ucred;
 typedef int (*pfs_getextattr_t)(PFS_GETEXTATTR_ARGS);
 
 /*
- * Getlabel callback
- */
-#define	PFS_REFRESHLABEL_ARGS \
-	struct thread *td, struct proc *p, struct vnode *vp, \
-	struct pfs_node *pn, struct ucred *cred
-struct mac;
-typedef int (*pfs_refreshlabel_t)(PFS_REFRESHLABEL_ARGS);
-
-/*
  * Last-close callback
  */
 #define PFS_CLOSE_ARGS \
@@ -194,7 +185,6 @@ struct pfs_node {
 	pfs_attr_t		 pn_attr;
 	pfs_vis_t		 pn_vis;
 	pfs_getextattr_t	 pn_getextattr;
-	pfs_refreshlabel_t	 pn_refreshlabel;
 	void			*pn_data;
 	int			 pn_flags;
 
diff --git a/sys/fs/pseudofs/pseudofs_vnops.c b/sys/fs/pseudofs/pseudofs_vnops.c
index 932adc0..b797aeb 100644
--- a/sys/fs/pseudofs/pseudofs_vnops.c
+++ b/sys/fs/pseudofs/pseudofs_vnops.c
@@ -28,8 +28,6 @@
  *	$FreeBSD$
  */
 
-#include "opt_mac.h"
-
 #include <sys/param.h>
 #include <sys/kernel.h>
 #include <sys/systm.h>
@@ -37,7 +35,6 @@
 #include <sys/dirent.h>
 #include <sys/fcntl.h>
 #include <sys/lock.h>
-#include <sys/mac.h>
 #include <sys/mount.h>
 #include <sys/mutex.h>
 #include <sys/namei.h>
@@ -732,50 +729,6 @@ pfs_reclaim(struct vop_reclaim_args *va)
 	return (pfs_vncache_free(va->a_vp));
 }
 
-#ifdef MAC
-/*
- * Refresh the vnode label as appropriate for the pseudo-file system.
- */
-static int
-pfs_refreshlabel(struct vop_refreshlabel_args *va)
-{
-	struct vnode *vn = va->a_vp;
-	struct pfs_vdata *pvd = (struct pfs_vdata *)vn->v_data;
-	struct pfs_node *pn = pvd->pvd_pn;
-	struct proc *proc = NULL;
-	int error;
-
-	PFS_TRACE((pd->pn_name));
-
-	if (pn->pn_refreshlabel == NULL) {
-		mac_update_vnode_from_mount(vn, vn->v_mount);
-		return (0);
-	}
-
-	/*
-	 * This is necessary because either process' privileges may
-	 * have changed since the last open() call.
-	 */
-	if (!pfs_visible(curthread, pn, pvd->pvd_pid))
-		PFS_RETURN (EIO);
-
-	/* XXX duplicate bits of pfs_visible() */
-	if (pvd->pvd_pid != NO_PID) {
-		if ((proc = pfind(pvd->pvd_pid)) == NULL)
-			PFS_RETURN (EIO);
-		_PHOLD(proc);
-		PROC_UNLOCK(proc);
-	}
-
-	error = (pn->pn_refreshlabel)(curthread, proc, vn, pn, va->a_cred);
-
-	if (proc != NULL)
-		PRELE(proc);
-
-	PFS_RETURN (error);
-}
-#endif
-
 /*
  * Set attributes
  */