==== //depot/projects/trustedbsd/base/sys/fs/pseudofs/pseudofs.c#6 (text+ko) - //depot/projects/trustedbsd/mac/sys/fs/pseudofs/pseudofs.c#6 (text+ko) ==== identical
==== //depot/projects/trustedbsd/base/sys/fs/pseudofs/pseudofs.h#6 (text+ko) - //depot/projects/trustedbsd/mac/sys/fs/pseudofs/pseudofs.h#9 (text+ko) ==== content
@@ -145,6 +145,15 @@
 typedef int (*pfs_getextattr_t)(PFS_GETEXTATTR_ARGS);
 
 /*
+ * Getlabel callback
+ */
+#define	PFS_REFRESHLABEL_ARGS \
+	struct thread *td, struct proc *p, struct vnode *vp, \
+	struct pfs_node *pn, struct ucred *cred
+struct mac;
+typedef int (*pfs_refreshlabel_t)(PFS_REFRESHLABEL_ARGS);
+
+/*
  * Last-close callback
  */
 #define PFS_CLOSE_ARGS \
@@ -185,6 +194,7 @@
 	pfs_attr_t		 pn_attr;
 	pfs_vis_t		 pn_vis;
 	pfs_getextattr_t	 pn_getextattr;
+	pfs_refreshlabel_t	 pn_refreshlabel;
 	void			*pn_data;
 	int			 pn_flags;
 
==== //depot/projects/trustedbsd/base/sys/fs/pseudofs/pseudofs_fileno.c#3 (text+ko) - //depot/projects/trustedbsd/mac/sys/fs/pseudofs/pseudofs_fileno.c#3 (text+ko) ==== identical
==== //depot/projects/trustedbsd/base/sys/fs/pseudofs/pseudofs_internal.h#1 (text+ko) - //depot/projects/trustedbsd/mac/sys/fs/pseudofs/pseudofs_internal.h#1 (text+ko) ==== identical
==== //depot/projects/trustedbsd/base/sys/fs/pseudofs/pseudofs_vncache.c#7 (text+ko) - //depot/projects/trustedbsd/mac/sys/fs/pseudofs/pseudofs_vncache.c#9 (text+ko) ==== identical
==== //depot/projects/trustedbsd/base/sys/fs/pseudofs/pseudofs_vnops.c#10 (text+ko) - //depot/projects/trustedbsd/mac/sys/fs/pseudofs/pseudofs_vnops.c#15 (text+ko) ==== content
@@ -28,6 +28,8 @@
  *	$FreeBSD: src/sys/fs/pseudofs/pseudofs_vnops.c,v 1.29 2002/07/08 01:50:14 jeff Exp $
  */
 
+#include "opt_mac.h"
+
 #include <sys/param.h>
 #include <sys/kernel.h>
 #include <sys/systm.h>
@@ -35,6 +37,7 @@
 #include <sys/dirent.h>
 #include <sys/fcntl.h>
 #include <sys/lock.h>
+#include <sys/mac.h>
 #include <sys/mount.h>
 #include <sys/mutex.h>
 #include <sys/namei.h>
@@ -729,6 +732,50 @@
 	return (pfs_vncache_free(va->a_vp));
 }
 
+#ifdef MAC
+/*
+ * Refresh the vnode label as appropriate for the pseudo-file system.
+ */
+static int
+pfs_refreshlabel(struct vop_refreshlabel_args *va)
+{
+	struct vnode *vn = va->a_vp;
+	struct pfs_vdata *pvd = (struct pfs_vdata *)vn->v_data;
+	struct pfs_node *pn = pvd->pvd_pn;
+	struct proc *proc = NULL;
+	int error;
+
+	PFS_TRACE((pd->pn_name));
+
+	if (pn->pn_refreshlabel == NULL) {
+		mac_update_vnode_from_mount(vn, vn->v_mount);
+		return (0);
+	}
+
+	/*
+	 * This is necessary because either process' privileges may
+	 * have changed since the last open() call.
+	 */
+	if (!pfs_visible(curthread, pn, pvd->pvd_pid))
+		PFS_RETURN (EIO);
+
+	/* XXX duplicate bits of pfs_visible() */
+	if (pvd->pvd_pid != NO_PID) {
+		if ((proc = pfind(pvd->pvd_pid)) == NULL)
+			PFS_RETURN (EIO);
+		_PHOLD(proc);
+		PROC_UNLOCK(proc);
+	}
+
+	error = (pn->pn_refreshlabel)(curthread, proc, vn, pn, va->a_cred);
+
+	if (proc != NULL)
+		PRELE(proc);
+
+	PFS_RETURN (error);
+}
+#endif
+
 /*
  * Set attributes
  */
@@ -821,6 +868,9 @@
 	{ &vop_readdir_desc,		(vop_t *)pfs_readdir	},
 	{ &vop_readlink_desc,		(vop_t *)pfs_readlink	},
 	{ &vop_reclaim_desc,		(vop_t *)pfs_reclaim	},
+#ifdef MAC
+	{ &vop_refreshlabel_desc,	(vop_t *)pfs_refreshlabel },
+#endif
 	{ &vop_remove_desc,		(vop_t *)vop_eopnotsupp	},
 	{ &vop_rename_desc,		(vop_t *)vop_eopnotsupp	},
 	{ &vop_rmdir_desc,		(vop_t *)vop_eopnotsupp	},