From 2197ab2d9342ec86dee8d80f036f78a3fced3ff7 Mon Sep 17 00:00:00 2001
From: rwatson <rwatson@FreeBSD.org>
Date: Wed, 4 May 2005 10:39:15 +0000
Subject: Introduce MAC Framework and MAC Policy entry points to label and
 control access to POSIX Semaphores:

mac_init_posix_sem()            Initialize label for POSIX semaphore
mac_create_posix_sem()          Create POSIX semaphore
mac_destroy_posix_sem()         Destroy POSIX semaphore
mac_check_posix_sem_destroy()   Check whether semaphore may be destroyed
mac_check_posix_sem_getvalue()  Check whether semaphore may be queried
mac_check_possix_sem_open()     Check whether semaphore may be opened
mac_check_posix_sem_post()      Check whether semaphore may be posted to
mac_check_posix_sem_unlink()    Check whether semaphore may be unlinked
mac_check_posix_sem_wait()      Check whether may wait on semaphore

Update Biba, MLS, Stub, and Test policies to implement these entry points.
For information flow policies, most semaphore operations are effectively
read/write.

Submitted by:	Dandekar Hrishikesh <rishi_dandekar at sbcglobal dot net>
Sponsored by:	DARPA, McAfee, SPARTA
Obtained from:	TrustedBSD Project
---
 sys/sys/ksem.h | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'sys/sys/ksem.h')

diff --git a/sys/sys/ksem.h b/sys/sys/ksem.h
index 29b0a53..71979da 100644
--- a/sys/sys/ksem.h
+++ b/sys/sys/ksem.h
@@ -33,6 +33,9 @@
 #error "no user-servicable parts inside"
 #endif
 
+#include <sys/condvar.h>
+#include <sys/queue.h>
+
 struct kuser {
 	pid_t ku_pid;
 	LIST_ENTRY(kuser) ku_next;
@@ -50,6 +53,7 @@ struct ksem {
 	struct cv ks_cv;		/* waiters sleep here */
 	int ks_waiters;			/* number of waiters */
 	LIST_HEAD(, kuser) ks_users;	/* pids using this sem */
+	struct label *ks_label;		/* MAC label */
 };
 
 #endif /* !_POSIX4_KSEM_H_ */
-- 
cgit v1.1