PERFORCE change 15883 for review
Robert Watson
rwatson at freebsd.org
Mon Aug 12 22:40:47 GMT 2002
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=15883
Change 15883 by rwatson at rwatson_curry on 2002/08/12 15:40:43
Generally rename mac_*_check_socket_receive() to
mac_*_check_socket_deliver(), including MAC_CHECK_SOCKET_RECEIVE
and mpo_check_socket_receive(). This allows us to introduce
a socket receive check named intuitively. We may also want to
rename the bpfdesc_receive() check.
Affected files ...
.. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#235 edit
.. //depot/projects/trustedbsd/mac/sys/netatalk/ddp_input.c#8 edit
.. //depot/projects/trustedbsd/mac/sys/netinet/raw_ip.c#17 edit
.. //depot/projects/trustedbsd/mac/sys/netinet/tcp_input.c#20 edit
.. //depot/projects/trustedbsd/mac/sys/netinet/udp_usrreq.c#17 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#97 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_ifoff/mac_ifoff.c#13 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#79 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#63 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#71 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#33 edit
.. //depot/projects/trustedbsd/mac/sys/sys/mac.h#148 edit
.. //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#113 edit
Differences ...
==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#235 (text+ko) ====
@@ -700,14 +700,14 @@
mpc->mpc_ops->mpo_check_socket_connect =
mpe->mpe_function;
break;
+ case MAC_CHECK_SOCKET_DELIVER:
+ mpc->mpc_ops->mpo_check_socket_deliver =
+ mpe->mpe_function;
+ break;
case MAC_CHECK_SOCKET_LISTEN:
mpc->mpc_ops->mpo_check_socket_listen =
mpe->mpe_function;
break;
- case MAC_CHECK_SOCKET_RECEIVE:
- mpc->mpc_ops->mpo_check_socket_receive =
- mpe->mpe_function;
- break;
case MAC_CHECK_SOCKET_RELABEL:
mpc->mpc_ops->mpo_check_socket_relabel =
mpe->mpe_function;
@@ -2592,28 +2592,28 @@
}
int
-mac_check_socket_listen(struct ucred *cred, struct socket *socket)
+mac_check_socket_deliver(struct socket *socket, struct mbuf *mbuf)
{
int error;
if (!mac_enforce_socket)
return (0);
- MAC_CHECK(check_socket_listen, cred, socket, &socket->so_label);
+ MAC_CHECK(check_socket_deliver, socket, &socket->so_label, mbuf,
+ &mbuf->m_pkthdr.label);
+
return (error);
}
int
-mac_check_socket_receive(struct socket *socket, struct mbuf *mbuf)
+mac_check_socket_listen(struct ucred *cred, struct socket *socket)
{
int error;
if (!mac_enforce_socket)
return (0);
- MAC_CHECK(check_socket_receive, socket, &socket->so_label, mbuf,
- &mbuf->m_pkthdr.label);
-
+ MAC_CHECK(check_socket_listen, cred, socket, &socket->so_label);
return (error);
}
==== //depot/projects/trustedbsd/mac/sys/netatalk/ddp_input.c#8 (text+ko) ====
@@ -398,7 +398,7 @@
}
#ifdef MAC
- if (mac_check_socket_receive(ddp->ddp_socket, m) != 0) {
+ if (mac_check_socket_deliver(ddp->ddp_socket, m) != 0) {
m_freem( m );
return;
}
==== //depot/projects/trustedbsd/mac/sys/netinet/raw_ip.c#17 (text+ko) ====
@@ -158,7 +158,7 @@
#endif /*IPSEC*/
#ifdef MAC
if (policyfail == 0 &&
- mac_check_socket_receive(last->inp_socket,
+ mac_check_socket_deliver(last->inp_socket,
n) != 0)
policyfail = 1;
#endif
@@ -195,7 +195,7 @@
}
#endif /*IPSEC*/
#ifdef MAC
- if (mac_check_socket_receive(last->inp_socket, m) != 0) {
+ if (mac_check_socket_deliver(last->inp_socket, m) != 0) {
m_freem(m);
ipstat.ips_delivered--;
return;
==== //depot/projects/trustedbsd/mac/sys/netinet/tcp_input.c#20 (text+ko) ====
@@ -657,7 +657,7 @@
so = inp->inp_socket;
#ifdef MAC
- error = mac_check_socket_receive(so, m);
+ error = mac_check_socket_deliver(so, m);
if (error)
goto drop;
#endif
==== //depot/projects/trustedbsd/mac/sys/netinet/udp_usrreq.c#17 (text+ko) ====
@@ -325,7 +325,7 @@
}
#endif /*IPSEC*/
#ifdef MAC
- if (mac_check_socket_receive(last->inp_socket,
+ if (mac_check_socket_deliver(last->inp_socket,
m) != 0)
policyfail = 1;
#endif
@@ -411,7 +411,7 @@
}
#endif /*IPSEC*/
#ifdef MAC
- error = mac_check_socket_receive(inp->inp_socket, m);
+ error = mac_check_socket_deliver(inp->inp_socket, m);
if (error)
goto bad;
#endif
==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#97 (text+ko) ====
@@ -1538,7 +1538,7 @@
}
static int
-mac_biba_check_socket_receive(struct socket *so, struct label *socketlabel,
+mac_biba_check_socket_deliver(struct socket *so, struct label *socketlabel,
struct mbuf *m, struct label *mbuflabel)
{
struct mac_biba *p, *s;
@@ -2352,8 +2352,8 @@
(macop_t)mac_biba_check_proc_sched },
{ MAC_CHECK_PROC_SIGNAL,
(macop_t)mac_biba_check_proc_signal },
- { MAC_CHECK_SOCKET_RECEIVE,
- (macop_t)mac_biba_check_socket_receive },
+ { MAC_CHECK_SOCKET_DELIVER,
+ (macop_t)mac_biba_check_socket_deliver },
{ MAC_CHECK_SOCKET_RELABEL,
(macop_t)mac_biba_check_socket_relabel },
{ MAC_CHECK_SOCKET_VISIBLE,
==== //depot/projects/trustedbsd/mac/sys/security/mac_ifoff/mac_ifoff.c#13 (text+ko) ====
@@ -146,7 +146,7 @@
}
static int
-mac_ifoff_check_socket_receive(struct socket *so, struct label *socketlabel,
+mac_ifoff_check_socket_deliver(struct socket *so, struct label *socketlabel,
struct mbuf *m, struct label *mbuflabel)
{
@@ -164,8 +164,8 @@
(macop_t)mac_ifoff_check_bpfdesc_receive },
{ MAC_CHECK_IFNET_TRANSMIT,
(macop_t)mac_ifoff_check_ifnet_transmit },
- { MAC_CHECK_SOCKET_RECEIVE,
- (macop_t)mac_ifoff_check_socket_receive },
+ { MAC_CHECK_SOCKET_DELIVER,
+ (macop_t)mac_ifoff_check_socket_deliver },
{ MAC_OP_LAST, NULL }
};
==== //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#79 (text+ko) ====
@@ -1490,7 +1490,7 @@
}
static int
-mac_mls_check_socket_receive(struct socket *so, struct label *socketlabel,
+mac_mls_check_socket_deliver(struct socket *so, struct label *socketlabel,
struct mbuf *m, struct label *mbuflabel)
{
struct mac_mls *p, *s;
@@ -2307,8 +2307,8 @@
(macop_t)mac_mls_check_proc_sched },
{ MAC_CHECK_PROC_SIGNAL,
(macop_t)mac_mls_check_proc_signal },
- { MAC_CHECK_SOCKET_RECEIVE,
- (macop_t)mac_mls_check_socket_receive },
+ { MAC_CHECK_SOCKET_DELIVER,
+ (macop_t)mac_mls_check_socket_deliver },
{ MAC_CHECK_SOCKET_RELABEL,
(macop_t)mac_mls_check_socket_relabel },
{ MAC_CHECK_SOCKET_VISIBLE,
==== //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#63 (text+ko) ====
@@ -654,16 +654,16 @@
}
static int
-mac_none_check_socket_listen(struct ucred *cred, struct vnode *vp,
- struct label *socketlabel)
+mac_none_check_socket_deliver(struct socket *so, struct label *socketlabel,
+ struct mbuf *m, struct label *mbuflabel)
{
return (0);
}
static int
-mac_none_check_socket_receive(struct socket *so, struct label *socketlabel,
- struct mbuf *m, struct label *mbuflabel)
+mac_none_check_socket_listen(struct ucred *cred, struct vnode *vp,
+ struct label *socketlabel)
{
return (0);
@@ -1066,10 +1066,10 @@
(macop_t)mac_none_check_socket_bind },
{ MAC_CHECK_SOCKET_CONNECT,
(macop_t)mac_none_check_socket_connect },
+ { MAC_CHECK_SOCKET_DELIVER,
+ (macop_t)mac_none_check_socket_deliver },
{ MAC_CHECK_SOCKET_LISTEN,
(macop_t)mac_none_check_socket_listen },
- { MAC_CHECK_SOCKET_RECEIVE,
- (macop_t)mac_none_check_socket_receive },
{ MAC_CHECK_SOCKET_RELABEL,
(macop_t)mac_none_check_socket_relabel },
{ MAC_CHECK_SOCKET_VISIBLE,
==== //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#71 (text+ko) ====
@@ -780,6 +780,15 @@
}
static int
+mac_te_check_socket_deliver(struct socket *so, struct label *socketlabel,
+ struct mbuf *m, struct label *mbuflabel)
+{
+
+ return (mac_te_check(socketlabel, mbuflabel, MAC_TE_CLASS_MBUF,
+ MAC_TE_OPERATION_MBUF_RECEIVE));
+}
+
+static int
mac_te_check_socket_listen(struct ucred *cred, struct socket *socket,
struct label *socketlabel)
{
@@ -792,15 +801,6 @@
}
static int
-mac_te_check_socket_receive(struct socket *so, struct label *socketlabel,
- struct mbuf *m, struct label *mbuflabel)
-{
-
- return (mac_te_check(socketlabel, mbuflabel, MAC_TE_CLASS_MBUF,
- MAC_TE_OPERATION_MBUF_RECEIVE));
-}
-
-static int
mac_te_check_socket_relabel(struct ucred *cred, struct socket *socket,
struct label *socketlabel, struct label *newlabel)
{
@@ -1781,10 +1781,10 @@
(macop_t)mac_te_check_socket_bind },
{ MAC_CHECK_SOCKET_CONNECT,
(macop_t)mac_te_check_socket_connect },
+ { MAC_CHECK_SOCKET_DELIVER,
+ (macop_t)mac_te_check_socket_deliver },
{ MAC_CHECK_SOCKET_LISTEN,
(macop_t)mac_te_check_socket_listen },
- { MAC_CHECK_SOCKET_RECEIVE,
- (macop_t)mac_te_check_socket_receive },
{ MAC_CHECK_SOCKET_RELABEL,
(macop_t)mac_te_check_socket_relabel },
{ MAC_CHECK_SOCKET_VISIBLE,
==== //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#33 (text+ko) ====
@@ -862,16 +862,16 @@
}
static int
-mac_test_check_socket_listen(struct ucred *cred, struct socket *socket,
- struct label *socketlabel, struct sockaddr *sockaddr)
+mac_test_check_socket_deliver(struct socket *socket, struct label *socketlabel,
+ struct mbuf *m, struct label *mbuflabel)
{
return (0);
}
static int
-mac_test_check_socket_receive(struct socket *socket, struct label *socketlabel,
- struct mbuf *m, struct label *mbuflabel)
+mac_test_check_socket_listen(struct ucred *cred, struct socket *socket,
+ struct label *socketlabel, struct sockaddr *sockaddr)
{
return (0);
@@ -1272,10 +1272,10 @@
(macop_t)mac_test_check_socket_bind },
{ MAC_CHECK_SOCKET_CONNECT,
(macop_t)mac_test_check_socket_connect },
+ { MAC_CHECK_SOCKET_DELIVER,
+ (macop_t)mac_test_check_socket_deliver },
{ MAC_CHECK_SOCKET_LISTEN,
(macop_t)mac_test_check_socket_listen },
- { MAC_CHECK_SOCKET_RECEIVE,
- (macop_t)mac_test_check_socket_receive },
{ MAC_CHECK_SOCKET_RELABEL,
(macop_t)mac_test_check_socket_relabel },
{ MAC_CHECK_SOCKET_VISIBLE,
==== //depot/projects/trustedbsd/mac/sys/sys/mac.h#148 (text+ko) ====
@@ -341,8 +341,8 @@
struct sockaddr *sockaddr);
int mac_check_socket_connect(struct ucred *cred, struct socket *so,
struct sockaddr *sockaddr);
+int mac_check_socket_deliver(struct socket *so, struct mbuf *m);
int mac_check_socket_listen(struct ucred *cred, struct socket *so);
-int mac_check_socket_receive(struct socket *so, struct mbuf *m);
int mac_check_socket_visible(struct ucred *cred, struct socket *so);
int mac_check_vnode_access(struct ucred *cred, struct vnode *vp,
int flags);
==== //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#113 (text+ko) ====
@@ -257,11 +257,11 @@
int (*mpo_check_socket_connect)(struct ucred *cred,
struct socket *so, struct label *socketlabel,
struct sockaddr *sockaddr);
+ int (*mpo_check_socket_deliver)(struct socket *so,
+ struct label *socketlabel, struct mbuf *m,
+ struct label *mbuflabel);
int (*mpo_check_socket_listen)(struct ucred *cred,
struct socket *so, struct label *socketlabel);
- int (*mpo_check_socket_receive)(struct socket *so,
- struct label *socketlabel, struct mbuf *m,
- struct label *mbuflabel);
int (*mpo_check_socket_relabel)(struct ucred *cred,
struct socket *so, struct label *socketlabel,
struct label *newlabel);
@@ -428,9 +428,9 @@
MAC_CHECK_PROC_SIGNAL,
MAC_CHECK_SOCKET_BIND,
MAC_CHECK_SOCKET_CONNECT,
+ MAC_CHECK_SOCKET_DELIVER,
MAC_CHECK_SOCKET_LISTEN,
MAC_CHECK_SOCKET_RELABEL,
- MAC_CHECK_SOCKET_RECEIVE,
MAC_CHECK_SOCKET_VISIBLE,
MAC_CHECK_VNODE_ACCESS,
MAC_CHECK_VNODE_CHDIR,
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list