PERFORCE change 15005 for review
Robert Watson
rwatson at freebsd.org
Sat Jul 27 21:15:25 GMT 2002
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=15005
Change 15005 by rwatson at rwatson_paprika on 2002/07/27 14:14:53
s/cred_check/check/g; reduce function name length and complexity
prior to main tree merge.
Affected files ...
.. //depot/projects/trustedbsd/mac/sys/alpha/osf1/osf1_mount.c#5 edit
.. //depot/projects/trustedbsd/mac/sys/compat/linux/linux_file.c#7 edit
.. //depot/projects/trustedbsd/mac/sys/compat/linux/linux_getcwd.c#7 edit
.. //depot/projects/trustedbsd/mac/sys/compat/linux/linux_misc.c#13 edit
.. //depot/projects/trustedbsd/mac/sys/compat/linux/linux_stats.c#6 edit
.. //depot/projects/trustedbsd/mac/sys/compat/svr4/svr4_fcntl.c#7 edit
.. //depot/projects/trustedbsd/mac/sys/compat/svr4/svr4_misc.c#10 edit
.. //depot/projects/trustedbsd/mac/sys/i386/ibcs2/ibcs2_misc.c#6 edit
.. //depot/projects/trustedbsd/mac/sys/kern/kern_acl.c#12 edit
.. //depot/projects/trustedbsd/mac/sys/kern/kern_descrip.c#19 edit
.. //depot/projects/trustedbsd/mac/sys/kern/kern_ktrace.c#10 edit
.. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#195 edit
.. //depot/projects/trustedbsd/mac/sys/kern/sys_pipe.c#15 edit
.. //depot/projects/trustedbsd/mac/sys/kern/tty_tty.c#6 edit
.. //depot/projects/trustedbsd/mac/sys/kern/uipc_syscalls.c#13 edit
.. //depot/projects/trustedbsd/mac/sys/kern/uipc_usrreq.c#18 edit
.. //depot/projects/trustedbsd/mac/sys/kern/vfs_lookup.c#19 edit
.. //depot/projects/trustedbsd/mac/sys/kern/vfs_syscalls.c#62 edit
.. //depot/projects/trustedbsd/mac/sys/kern/vfs_vnops.c#28 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#72 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_bsdextended/mac_bsdextended.c#45 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#61 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#47 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_partition/mac_partition.c#6 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_seeotheruids/mac_seeotheruids.c#11 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#52 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#17 edit
.. //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#15 edit
.. //depot/projects/trustedbsd/mac/sys/sys/mac.h#123 edit
.. //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#88 edit
.. //depot/projects/trustedbsd/mac/sys/vm/vm_mmap.c#11 edit
Differences ...
==== //depot/projects/trustedbsd/mac/sys/alpha/osf1/osf1_mount.c#5 (text+ko) ====
@@ -134,7 +134,7 @@
sp = &mp->mnt_stat;
vrele(nd.ni_vp);
#ifdef MAC
- error = mac_cred_check_statfs(td->td_proc->p_ucred, mp);
+ error = mac_check_statfs(td->td_proc->p_ucred, mp);
if (error)
return (error);
#endif
@@ -161,7 +161,7 @@
return (error);
mp = ((struct vnode *)fp->f_data)->v_mount;
#ifdef MAC
- error = mac_cred_check_statfs(td->td_proc->p_ucred, mp);
+ error = mac_check_statfs(td->td_proc->p_ucred, mp);
if (error) {
drop(fp, td);
return (error);
@@ -199,8 +199,7 @@
nmp = TAILQ_NEXT(mp, mnt_list);
if (osf_sfsp && count < maxcount) {
#ifdef MAC
- error = mac_cred_check_statfs(td->td_proc->p_ucred,
- mp);
+ error = mac_check_statfs(td->td_proc->p_ucred, mp);
if (error)
continue;
#endif
==== //depot/projects/trustedbsd/mac/sys/compat/linux/linux_file.c#7 (text+ko) ====
@@ -331,7 +331,7 @@
/*
* Do directory search MAC check using non-cached credentials.
*/
- if ((error = mac_cred_check_readdir_vnode(td->td_proc->p_ucred, vp))
+ if ((error = mac_check_readdir_vnode(td->td_proc->p_ucred, vp))
goto out;
#endif /* MAC */
if ((error = VOP_READDIR(vp, &auio, fp->f_cred, &eofflag, &ncookies,
==== //depot/projects/trustedbsd/mac/sys/compat/linux/linux_getcwd.c#7 (text+ko) ====
@@ -203,7 +203,7 @@
eofflag = 0;
#ifdef MAC
- error = mac_cred_check_readdir_vnode(td->td_ucred, uvp);
+ error = mac_check_readdir_vnode(td->td_ucred, uvp);
if (error == 0)
#endif /* MAC */
error = VOP_READDIR(uvp, &uio, td->td_ucred, &eofflag,
==== //depot/projects/trustedbsd/mac/sys/compat/linux/linux_misc.c#13 (text+ko) ====
@@ -308,7 +308,7 @@
* from vn_open().
*/
#ifdef MAC
- error = mac_cred_check_open_vnode(td->td_ucred, vp, FREAD);
+ error = mac_check_open_vnode(td->td_ucred, vp, FREAD);
if (error)
goto cleanup;
#endif
==== //depot/projects/trustedbsd/mac/sys/compat/linux/linux_stats.c#6 (text+ko) ====
@@ -251,7 +251,7 @@
bsd_statfs = &mp->mnt_stat;
vrele(ndp->ni_vp);
#ifdef MAC
- error = mac_cred_check_statfs(td->td_proc->p_ucred, mp);
+ error = mac_check_statfs(td->td_proc->p_ucred, mp);
if (error)
return (error);
#endif
@@ -291,7 +291,7 @@
return error;
mp = ((struct vnode *)fp->f_data)->v_mount;
#ifdef MAC
- error = mac_cred_check_statfs(td->td_proc->p_ucred, mp);
+ error = mac_check_statfs(td->td_proc->p_ucred, mp);
if (error) {
fdrop(fp, td);
return (error);
@@ -360,7 +360,7 @@
if (vp->v_mount == NULL)
return (EINVAL);
#ifdef MAC
- error = mac_cred_check_statfs(td->td_proc->p_ucred, mp);
+ error = mac_check_statfs(td->td_proc->p_ucred, mp);
if (error)
return (error);
#endif
==== //depot/projects/trustedbsd/mac/sys/compat/svr4/svr4_fcntl.c#7 (text+ko) ====
@@ -266,7 +266,7 @@
#ifdef MAC
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
- error = mac_cred_check_revoke_vnode(td->td_ucred, vp);
+ error = mac_check_revoke_vnode(td->td_ucred, vp);
VOP_UNLOCK(vp, 0, td);
if (error)
goto out;
==== //depot/projects/trustedbsd/mac/sys/compat/svr4/svr4_misc.c#10 (text+ko) ====
@@ -316,7 +316,7 @@
#ifdef MAC
/* Use process's credentials to check directory search MAC. */
- error = mac_cred_check_readdir_vnode(td->td_proc->p_ucred, vp);
+ error = mac_check_readdir_vnode(td->td_proc->p_ucred, vp);
if (error)
goto out;
#endif /* MAC */
@@ -479,7 +479,7 @@
*/
#ifdef MAC
/* Use process's credentials to check directory search MAC. */
- error = mac_cred_check_readdir_vnode(td->td_proc->p_ucred, vp);
+ error = mac_check_readdir_vnode(td->td_proc->p_ucred, vp);
if (error)
goto out;
#endif /* MAC */
==== //depot/projects/trustedbsd/mac/sys/i386/ibcs2/ibcs2_misc.c#6 (text+ko) ====
@@ -352,7 +352,7 @@
}
#ifdef MAC
- error = mac_cred_check_readdir_vnode(td->td_proc->p_ucred, vp);
+ error = mac_check_readdir_vnode(td->td_proc->p_ucred, vp);
if (error)
goto out;
#endif /* MAC */
@@ -512,7 +512,7 @@
}
#ifdef MAC
- error = mac_cred_check_readdir_vnode(td->td_proc->p_ucred, vp);
+ error = mac_check_readdir_vnode(td->td_proc->p_ucred, vp);
if (error)
goto out;
#endif /* MAC */
==== //depot/projects/trustedbsd/mac/sys/kern/kern_acl.c#12 (text+ko) ====
@@ -585,8 +585,7 @@
VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE);
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
#ifdef MAC
- error = mac_cred_check_setacl_vnode(td->td_ucred, vp, type,
- &inkernacl);
+ error = mac_check_setacl_vnode(td->td_ucred, vp, type, &inkernacl);
if (error != 0)
goto out;
#endif
@@ -612,7 +611,7 @@
VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE);
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
#ifdef MAC
- error = mac_cred_check_getacl_vnode(td->td_ucred, vp, type);
+ error = mac_check_getacl_vnode(td->td_ucred, vp, type);
if (error != 0)
goto out;
#endif
@@ -641,7 +640,7 @@
VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE);
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
#ifdef MAC
- error = mac_cred_check_deleteacl_vnode(td->td_ucred, vp, type);
+ error = mac_check_deleteacl_vnode(td->td_ucred, vp, type);
if (error)
goto out;
#endif
==== //depot/projects/trustedbsd/mac/sys/kern/kern_descrip.c#19 (text+ko) ====
@@ -331,7 +331,7 @@
* to pass in both the old and the new flags,
* with authorization performed only on the delta.
*/
- error = mac_cred_check_open_vnode(td->td_ucred,
+ error = mac_check_open_vnode(td->td_ucred,
(struct vnode *)fp->f_data, mode);
VOP_UNLOCK((struct vnode *)fp->f_data, 0, td);
if (error) {
==== //depot/projects/trustedbsd/mac/sys/kern/kern_ktrace.c#10 (text+ko) ====
@@ -769,7 +769,7 @@
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
(void)VOP_LEASE(vp, td, cred, LEASE_WRITE);
#ifdef MAC
- error = mac_cred_check_vnode_op(cred, vp, MAC_OP_VNODE_WRITE);
+ error = mac_check_vnode_op(cred, vp, MAC_OP_VNODE_WRITE);
if (error == 0)
#endif
error = VOP_WRITE(vp, &auio, IO_UNIT | IO_APPEND, cred);
==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#195 (text+ko) ====
@@ -342,7 +342,7 @@
continue;
vp = (struct vnode *)object->handle;
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
- result = mac_cred_check_mmap_vnode_prot(cred, vp, 0);
+ result = mac_check_mmap_vnode_prot(cred, vp, 0);
VOP_UNLOCK(vp, 0, td);
/*
* Find out what maximum protection we may be allowing
@@ -654,167 +654,167 @@
mpc->mpc_ops->mpo_bpfdesc_check_receive_from_ifnet =
mpe->mpe_function;
break;
- case MAC_CRED_CHECK_BIND_SOCKET:
- mpc->mpc_ops->mpo_cred_check_bind_socket =
+ case MAC_CHECK_BIND_SOCKET:
+ mpc->mpc_ops->mpo_check_bind_socket =
mpe->mpe_function;
break;
- case MAC_CRED_CHECK_CONNECT_SOCKET:
- mpc->mpc_ops->mpo_cred_check_connect_socket =
+ case MAC_CHECK_CONNECT_SOCKET:
+ mpc->mpc_ops->mpo_check_connect_socket =
mpe->mpe_function;
break;
- case MAC_CRED_CHECK_SEE_CRED:
- mpc->mpc_ops->mpo_cred_check_see_cred =
+ case MAC_CHECK_SEE_CRED:
+ mpc->mpc_ops->mpo_check_see_cred =
mpe->mpe_function;
break;
- case MAC_CRED_CHECK_SEE_SOCKET:
- mpc->mpc_ops->mpo_cred_check_see_socket =
+ case MAC_CHECK_SEE_SOCKET:
+ mpc->mpc_ops->mpo_check_see_socket =
mpe->mpe_function;
break;
- case MAC_CRED_CHECK_RELABEL_IFNET:
- mpc->mpc_ops->mpo_cred_check_relabel_ifnet =
+ case MAC_CHECK_RELABEL_IFNET:
+ mpc->mpc_ops->mpo_check_relabel_ifnet =
mpe->mpe_function;
break;
- case MAC_CRED_CHECK_RELABEL_PIPE:
- mpc->mpc_ops->mpo_cred_check_relabel_pipe =
+ case MAC_CHECK_RELABEL_PIPE:
+ mpc->mpc_ops->mpo_check_relabel_pipe =
mpe->mpe_function;
break;
- case MAC_CRED_CHECK_RELABEL_SOCKET:
- mpc->mpc_ops->mpo_cred_check_relabel_socket =
+ case MAC_CHECK_RELABEL_SOCKET:
+ mpc->mpc_ops->mpo_check_relabel_socket =
mpe->mpe_function;
break;
- case MAC_CRED_CHECK_RELABEL_SUBJECT:
- mpc->mpc_ops->mpo_cred_check_relabel_subject =
+ case MAC_CHECK_RELABEL_SUBJECT:
+ mpc->mpc_ops->mpo_check_relabel_subject =
mpe->mpe_function;
break;
- case MAC_CRED_CHECK_RELABEL_VNODE:
- mpc->mpc_ops->mpo_cred_check_relabel_vnode =
+ case MAC_CHECK_RELABEL_VNODE:
+ mpc->mpc_ops->mpo_check_relabel_vnode =
mpe->mpe_function;
break;
- case MAC_CRED_CHECK_STATFS:
- mpc->mpc_ops->mpo_cred_check_statfs = mpe->mpe_function;
+ case MAC_CHECK_STATFS:
+ mpc->mpc_ops->mpo_check_statfs = mpe->mpe_function;
break;
- case MAC_CRED_CHECK_DEBUG_PROC:
- mpc->mpc_ops->mpo_cred_check_debug_proc =
+ case MAC_CHECK_DEBUG_PROC:
+ mpc->mpc_ops->mpo_check_debug_proc =
mpe->mpe_function;
break;
- case MAC_CRED_CHECK_ACCESS_VNODE:
- mpc->mpc_ops->mpo_cred_check_access_vnode =
+ case MAC_CHECK_ACCESS_VNODE:
+ mpc->mpc_ops->mpo_check_access_vnode =
mpe->mpe_function;
break;
- case MAC_CRED_CHECK_CHDIR_VNODE:
- mpc->mpc_ops->mpo_cred_check_chdir_vnode =
+ case MAC_CHECK_CHDIR_VNODE:
+ mpc->mpc_ops->mpo_check_chdir_vnode =
mpe->mpe_function;
break;
- case MAC_CRED_CHECK_CHROOT_VNODE:
- mpc->mpc_ops->mpo_cred_check_chroot_vnode =
+ case MAC_CHECK_CHROOT_VNODE:
+ mpc->mpc_ops->mpo_check_chroot_vnode =
mpe->mpe_function;
break;
- case MAC_CRED_CHECK_CREATE_VNODE:
- mpc->mpc_ops->mpo_cred_check_create_vnode =
+ case MAC_CHECK_CREATE_VNODE:
+ mpc->mpc_ops->mpo_check_create_vnode =
mpe->mpe_function;
break;
- case MAC_CRED_CHECK_DELETE_VNODE:
- mpc->mpc_ops->mpo_cred_check_delete_vnode =
+ case MAC_CHECK_DELETE_VNODE:
+ mpc->mpc_ops->mpo_check_delete_vnode =
mpe->mpe_function;
break;
- case MAC_CRED_CHECK_DELETEACL_VNODE:
- mpc->mpc_ops->mpo_cred_check_deleteacl_vnode =
+ case MAC_CHECK_DELETEACL_VNODE:
+ mpc->mpc_ops->mpo_check_deleteacl_vnode =
mpe->mpe_function;
break;
- case MAC_CRED_CHECK_EXEC_VNODE:
- mpc->mpc_ops->mpo_cred_check_exec_vnode =
+ case MAC_CHECK_EXEC_VNODE:
+ mpc->mpc_ops->mpo_check_exec_vnode =
mpe->mpe_function;
break;
- case MAC_CRED_CHECK_GETACL_VNODE:
- mpc->mpc_ops->mpo_cred_check_getacl_vnode =
+ case MAC_CHECK_GETACL_VNODE:
+ mpc->mpc_ops->mpo_check_getacl_vnode =
mpe->mpe_function;
break;
- case MAC_CRED_CHECK_GETEXTATTR_VNODE:
- mpc->mpc_ops->mpo_cred_check_getextattr_vnode =
+ case MAC_CHECK_GETEXTATTR_VNODE:
+ mpc->mpc_ops->mpo_check_getextattr_vnode =
mpe->mpe_function;
break;
- case MAC_CRED_CHECK_LISTEN_SOCKET:
- mpc->mpc_ops->mpo_cred_check_listen_socket =
+ case MAC_CHECK_LISTEN_SOCKET:
+ mpc->mpc_ops->mpo_check_listen_socket =
mpe->mpe_function;
break;
- case MAC_CRED_CHECK_LOOKUP_VNODE:
- mpc->mpc_ops->mpo_cred_check_lookup_vnode =
+ case MAC_CHECK_LOOKUP_VNODE:
+ mpc->mpc_ops->mpo_check_lookup_vnode =
mpe->mpe_function;
break;
- case MAC_CRED_CHECK_OPEN_VNODE:
- mpc->mpc_ops->mpo_cred_check_open_vnode =
+ case MAC_CHECK_OPEN_VNODE:
+ mpc->mpc_ops->mpo_check_open_vnode =
mpe->mpe_function;
break;
- case MAC_CRED_CHECK_READDIR_VNODE:
- mpc->mpc_ops->mpo_cred_check_readdir_vnode =
+ case MAC_CHECK_READDIR_VNODE:
+ mpc->mpc_ops->mpo_check_readdir_vnode =
mpe->mpe_function;
break;
- case MAC_CRED_CHECK_READLINK_VNODE:
- mpc->mpc_ops->mpo_cred_check_readlink_vnode =
+ case MAC_CHECK_READLINK_VNODE:
+ mpc->mpc_ops->mpo_check_readlink_vnode =
mpe->mpe_function;
break;
- case MAC_CRED_CHECK_RENAME_FROM_VNODE:
- mpc->mpc_ops->mpo_cred_check_rename_from_vnode =
+ case MAC_CHECK_RENAME_FROM_VNODE:
+ mpc->mpc_ops->mpo_check_rename_from_vnode =
mpe->mpe_function;
break;
- case MAC_CRED_CHECK_RENAME_TO_VNODE:
- mpc->mpc_ops->mpo_cred_check_rename_to_vnode =
+ case MAC_CHECK_RENAME_TO_VNODE:
+ mpc->mpc_ops->mpo_check_rename_to_vnode =
mpe->mpe_function;
break;
- case MAC_CRED_CHECK_REVOKE_VNODE:
- mpc->mpc_ops->mpo_cred_check_revoke_vnode =
+ case MAC_CHECK_REVOKE_VNODE:
+ mpc->mpc_ops->mpo_check_revoke_vnode =
mpe->mpe_function;
break;
- case MAC_CRED_CHECK_SETACL_VNODE:
- mpc->mpc_ops->mpo_cred_check_setacl_vnode =
+ case MAC_CHECK_SETACL_VNODE:
+ mpc->mpc_ops->mpo_check_setacl_vnode =
mpe->mpe_function;
break;
- case MAC_CRED_CHECK_SETEXTATTR_VNODE:
- mpc->mpc_ops->mpo_cred_check_setextattr_vnode =
+ case MAC_CHECK_SETEXTATTR_VNODE:
+ mpc->mpc_ops->mpo_check_setextattr_vnode =
mpe->mpe_function;
break;
- case MAC_CRED_CHECK_SETFLAGS_VNODE:
- mpc->mpc_ops->mpo_cred_check_setflags_vnode =
+ case MAC_CHECK_SETFLAGS_VNODE:
+ mpc->mpc_ops->mpo_check_setflags_vnode =
mpe->mpe_function;
break;
- case MAC_CRED_CHECK_SETMODE_VNODE:
- mpc->mpc_ops->mpo_cred_check_setmode_vnode =
+ case MAC_CHECK_SETMODE_VNODE:
+ mpc->mpc_ops->mpo_check_setmode_vnode =
mpe->mpe_function;
break;
- case MAC_CRED_CHECK_SETOWNER_VNODE:
- mpc->mpc_ops->mpo_cred_check_setowner_vnode =
+ case MAC_CHECK_SETOWNER_VNODE:
+ mpc->mpc_ops->mpo_check_setowner_vnode =
mpe->mpe_function;
break;
- case MAC_CRED_CHECK_SETUTIMES_VNODE:
- mpc->mpc_ops->mpo_cred_check_setutimes_vnode =
+ case MAC_CHECK_SETUTIMES_VNODE:
+ mpc->mpc_ops->mpo_check_setutimes_vnode =
mpe->mpe_function;
break;
- case MAC_CRED_CHECK_SCHED_PROC:
- mpc->mpc_ops->mpo_cred_check_sched_proc =
+ case MAC_CHECK_SCHED_PROC:
+ mpc->mpc_ops->mpo_check_sched_proc =
mpe->mpe_function;
break;
- case MAC_CRED_CHECK_SIGNAL_PROC:
- mpc->mpc_ops->mpo_cred_check_signal_proc =
+ case MAC_CHECK_SIGNAL_PROC:
+ mpc->mpc_ops->mpo_check_signal_proc =
mpe->mpe_function;
break;
- case MAC_CRED_CHECK_STAT_VNODE:
- mpc->mpc_ops->mpo_cred_check_stat_vnode =
+ case MAC_CHECK_STAT_VNODE:
+ mpc->mpc_ops->mpo_check_stat_vnode =
mpe->mpe_function;
break;
- case MAC_CRED_CHECK_VNODE_MMAP_PERMS:
- mpc->mpc_ops->mpo_cred_check_vnode_mmap_perms =
+ case MAC_CHECK_VNODE_MMAP_PERMS:
+ mpc->mpc_ops->mpo_check_vnode_mmap_perms =
mpe->mpe_function;
break;
- case MAC_CRED_CHECK_VNODE_OP:
- mpc->mpc_ops->mpo_cred_check_vnode_op =
+ case MAC_CHECK_VNODE_OP:
+ mpc->mpc_ops->mpo_check_vnode_op =
mpe->mpe_function;
break;
- case MAC_CRED_CHECK_PIPE_IOCTL:
- mpc->mpc_ops->mpo_cred_check_pipe_ioctl =
+ case MAC_CHECK_PIPE_IOCTL:
+ mpc->mpc_ops->mpo_check_pipe_ioctl =
mpe->mpe_function;
break;
- case MAC_CRED_CHECK_PIPE_OP:
- mpc->mpc_ops->mpo_cred_check_pipe_op =
+ case MAC_CHECK_PIPE_OP:
+ mpc->mpc_ops->mpo_check_pipe_op =
mpe->mpe_function;
break;
case MAC_IFNET_CHECK_SEND_MBUF:
@@ -1048,7 +1048,7 @@
if (!mac_enforce_process)
return (0);
- MAC_CHECK(cred_check_see_cred, u1, u2);
+ MAC_CHECK(check_see_cred, u1, u2);
return (error);
}
@@ -1061,7 +1061,7 @@
if (!mac_enforce_socket)
return (0);
- MAC_CHECK(cred_check_see_socket, cred, socket, &socket->so_label);
+ MAC_CHECK(check_see_socket, cred, socket, &socket->so_label);
return (error);
}
@@ -1074,7 +1074,7 @@
if (!mac_enforce_process)
return (0);
- MAC_CHECK(cred_check_signal_proc, cred, proc, signum);
+ MAC_CHECK(check_signal_proc, cred, proc, signum);
return (error);
}
@@ -1087,7 +1087,7 @@
if (!mac_enforce_process)
return (0);
- MAC_CHECK(cred_check_sched_proc, cred, proc);
+ MAC_CHECK(check_sched_proc, cred, proc);
return (error);
}
@@ -1100,7 +1100,7 @@
if (!mac_enforce_process)
return (0);
- MAC_CHECK(cred_check_debug_proc, cred, proc);
+ MAC_CHECK(check_debug_proc, cred, proc);
return (error);
}
@@ -1365,7 +1365,7 @@
error = vn_refreshlabel(vp, cred);
if (error)
return (error);
- MAC_CHECK(cred_check_exec_vnode, cred, vp, &vp->v_label);
+ MAC_CHECK(check_exec_vnode, cred, vp, &vp->v_label);
return (error);
}
@@ -1755,38 +1755,38 @@
* 0 is returned for success, otherwise an errno.
*/
static int
-mac_cred_check_relabel_subject(struct ucred *cred, struct label *newlabel)
+mac_check_relabel_subject(struct ucred *cred, struct label *newlabel)
{
int error;
- MAC_CHECK(cred_check_relabel_subject, cred, newlabel);
+ MAC_CHECK(check_relabel_subject, cred, newlabel);
return (error);
}
static int
-mac_cred_check_relabel_vnode(struct ucred *cred, struct vnode *vp,
+mac_check_relabel_vnode(struct ucred *cred, struct vnode *vp,
struct label *newlabel)
{
int error;
- ASSERT_VOP_LOCKED(vp, "mac_cred_check_relabel_vnode");
+ ASSERT_VOP_LOCKED(vp, "mac_check_relabel_vnode");
error = vn_refreshlabel(vp, cred);
if (error)
return (error);
- MAC_CHECK(cred_check_relabel_vnode, cred, vp, &vp->v_label, newlabel);
+ MAC_CHECK(check_relabel_vnode, cred, vp, &vp->v_label, newlabel);
return (error);
}
int
-mac_cred_check_access_vnode(struct ucred *cred, struct vnode *vp, int flags)
+mac_check_access_vnode(struct ucred *cred, struct vnode *vp, int flags)
{
int error;
- ASSERT_VOP_LOCKED(vp, "mac_cred_check_access_vnode");
+ ASSERT_VOP_LOCKED(vp, "mac_check_access_vnode");
if (!mac_enforce_fs)
return (0);
@@ -1795,16 +1795,16 @@
if (error)
return (error);
- MAC_CHECK(cred_check_access_vnode, cred, vp, &vp->v_label, flags);
+ MAC_CHECK(check_access_vnode, cred, vp, &vp->v_label, flags);
return (error);
}
int
-mac_cred_check_chdir_vnode(struct ucred *cred, struct vnode *dvp)
+mac_check_chdir_vnode(struct ucred *cred, struct vnode *dvp)
{
int error;
- ASSERT_VOP_LOCKED(dvp, "mac_cred_check_chdir_vnode");
+ ASSERT_VOP_LOCKED(dvp, "mac_check_chdir_vnode");
if (!mac_enforce_fs)
return (0);
@@ -1813,16 +1813,16 @@
if (error)
return (error);
- MAC_CHECK(cred_check_chdir_vnode, cred, dvp, &dvp->v_label);
+ MAC_CHECK(check_chdir_vnode, cred, dvp, &dvp->v_label);
return (error);
}
int
-mac_cred_check_chroot_vnode(struct ucred *cred, struct vnode *dvp)
+mac_check_chroot_vnode(struct ucred *cred, struct vnode *dvp)
{
int error;
- ASSERT_VOP_LOCKED(dvp, "mac_cred_check_chroot_vnode");
+ ASSERT_VOP_LOCKED(dvp, "mac_check_chroot_vnode");
if (!mac_enforce_fs)
return (0);
@@ -1831,17 +1831,17 @@
if (error)
return (error);
- MAC_CHECK(cred_check_chroot_vnode, cred, dvp, &dvp->v_label);
+ MAC_CHECK(check_chroot_vnode, cred, dvp, &dvp->v_label);
return (error);
}
int
-mac_cred_check_create_vnode(struct ucred *cred, struct vnode *dvp,
+mac_check_create_vnode(struct ucred *cred, struct vnode *dvp,
struct componentname *cnp, struct vattr *vap)
{
int error;
- ASSERT_VOP_LOCKED(dvp, "mac_cred_check_create_vnode");
+ ASSERT_VOP_LOCKED(dvp, "mac_check_create_vnode");
if (!mac_enforce_fs)
return (0);
@@ -1850,17 +1850,16 @@
if (error)
return (error);
- MAC_CHECK(cred_check_create_vnode, cred, dvp, &dvp->v_label, cnp, vap);
+ MAC_CHECK(check_create_vnode, cred, dvp, &dvp->v_label, cnp, vap);
return (error);
}
int
-mac_cred_check_getacl_vnode(struct ucred *cred, struct vnode *vp,
- acl_type_t type)
+mac_check_getacl_vnode(struct ucred *cred, struct vnode *vp, acl_type_t type)
{
int error;
- ASSERT_VOP_LOCKED(vp, "mac_cred_check_getacl_vnode");
+ ASSERT_VOP_LOCKED(vp, "mac_check_getacl_vnode");
if (!mac_enforce_fs)
return (0);
@@ -1869,17 +1868,17 @@
if (error)
return (error);
- MAC_CHECK(cred_check_getacl_vnode, cred, vp, &vp->v_label, type);
+ MAC_CHECK(check_getacl_vnode, cred, vp, &vp->v_label, type);
return (error);
}
int
-mac_cred_check_getextattr_vnode(struct ucred *cred, struct vnode *vp,
+mac_check_getextattr_vnode(struct ucred *cred, struct vnode *vp,
int attrnamespace, const char *name, struct uio *uio)
{
int error;
- ASSERT_VOP_LOCKED(vp, "mac_cred_check_getextattr_vnode");
+ ASSERT_VOP_LOCKED(vp, "mac_check_getextattr_vnode");
if (!mac_enforce_fs)
return (0);
@@ -1888,30 +1887,30 @@
if (error)
return (error);
- MAC_CHECK(cred_check_getextattr_vnode, cred, vp, &vp->v_label,
+ MAC_CHECK(check_getextattr_vnode, cred, vp, &vp->v_label,
attrnamespace, name, uio);
return (error);
}
int
-mac_cred_check_listen_socket(struct ucred *cred, struct socket *socket)
+mac_check_listen_socket(struct ucred *cred, struct socket *socket)
{
int error;
if (!mac_enforce_socket)
return (0);
- MAC_CHECK(cred_check_listen_socket, cred, socket, &socket->so_label);
+ MAC_CHECK(check_listen_socket, cred, socket, &socket->so_label);
return (error);
}
int
-mac_cred_check_lookup_vnode(struct ucred *cred, struct vnode *dvp,
+mac_check_lookup_vnode(struct ucred *cred, struct vnode *dvp,
struct componentname *cnp)
{
int error;
- ASSERT_VOP_LOCKED(dvp, "mac_cred_check_lookup_vnode");
+ ASSERT_VOP_LOCKED(dvp, "mac_check_lookup_vnode");
if (!mac_enforce_fs)
return (0);
@@ -1920,31 +1919,30 @@
if (error)
return (error);
- MAC_CHECK(cred_check_lookup_vnode, cred, dvp, &dvp->v_label, cnp);
+ MAC_CHECK(check_lookup_vnode, cred, dvp, &dvp->v_label, cnp);
return (error);
}
vm_prot_t
-mac_cred_check_mmap_vnode_prot(struct ucred *cred, struct vnode *vp,
- int newmapping)
+mac_check_mmap_vnode_prot(struct ucred *cred, struct vnode *vp, int newmapping)
{
vm_prot_t result = VM_PROT_ALL;
/*
* This should be some sort of MAC_BITWISE, maybe :)
*/
- ASSERT_VOP_LOCKED(vp, "mac_cred_check_mmap_vnode_perms");
- MAC_BOOLEAN(cred_check_vnode_mmap_perms, &, cred, vp, &vp->v_label,
+ ASSERT_VOP_LOCKED(vp, "mac_check_mmap_vnode_perms");
+ MAC_BOOLEAN(check_vnode_mmap_perms, &, cred, vp, &vp->v_label,
newmapping);
return (result);
}
int
-mac_cred_check_open_vnode(struct ucred *cred, struct vnode *vp, mode_t acc_mode)
+mac_check_open_vnode(struct ucred *cred, struct vnode *vp, mode_t acc_mode)
{
int error;
- ASSERT_VOP_LOCKED(vp, "mac_cred_check_open_vnode");
+ ASSERT_VOP_LOCKED(vp, "mac_check_open_vnode");
if (!mac_enforce_fs)
return (0);
@@ -1953,16 +1951,16 @@
if (error)
return (error);
- MAC_CHECK(cred_check_open_vnode, cred, vp, &vp->v_label, acc_mode);
+ MAC_CHECK(check_open_vnode, cred, vp, &vp->v_label, acc_mode);
return (error);
}
int
-mac_cred_check_readdir_vnode(struct ucred *cred, struct vnode *dvp)
+mac_check_readdir_vnode(struct ucred *cred, struct vnode *dvp)
{
int error;
- ASSERT_VOP_LOCKED(dvp, "mac_cred_check_readdir_vnode");
+ ASSERT_VOP_LOCKED(dvp, "mac_check_readdir_vnode");
if (!mac_enforce_fs)
return (0);
@@ -1971,16 +1969,16 @@
if (error)
return (error);
- MAC_CHECK(cred_check_readdir_vnode, cred, dvp, &dvp->v_label);
+ MAC_CHECK(check_readdir_vnode, cred, dvp, &dvp->v_label);
return (error);
}
int
-mac_cred_check_readlink_vnode(struct ucred *cred, struct vnode *vp)
+mac_check_readlink_vnode(struct ucred *cred, struct vnode *vp)
{
int error;
- ASSERT_VOP_LOCKED(vp, "mac_cred_check_readlink_vnode");
+ ASSERT_VOP_LOCKED(vp, "mac_check_readlink_vnode");
if (!mac_enforce_fs)
return (0);
@@ -1989,16 +1987,16 @@
if (error)
return (error);
- MAC_CHECK(cred_check_readlink_vnode, cred, vp, &vp->v_label);
+ MAC_CHECK(check_readlink_vnode, cred, vp, &vp->v_label);
return (error);
}
int
-mac_cred_check_revoke_vnode(struct ucred *cred, struct vnode *vp)
+mac_check_revoke_vnode(struct ucred *cred, struct vnode *vp)
{
int error;
- ASSERT_VOP_LOCKED(vp, "mac_cred_check_revoke_vnode");
+ ASSERT_VOP_LOCKED(vp, "mac_check_revoke_vnode");
if (!mac_enforce_fs)
return (0);
@@ -2007,17 +2005,17 @@
if (error)
return (error);
- MAC_CHECK(cred_check_revoke_vnode, cred, vp, &vp->v_label);
+ MAC_CHECK(check_revoke_vnode, cred, vp, &vp->v_label);
return (error);
}
int
-mac_cred_check_setacl_vnode(struct ucred *cred, struct vnode *vp,
- acl_type_t type, struct acl *acl)
+mac_check_setacl_vnode(struct ucred *cred, struct vnode *vp, acl_type_t type,
+ struct acl *acl)
{
int error;
- ASSERT_VOP_LOCKED(vp, "mac_cred_check_setacl_vnode");
+ ASSERT_VOP_LOCKED(vp, "mac_check_setacl_vnode");
if (!mac_enforce_fs)
return (0);
@@ -2026,17 +2024,17 @@
if (error)
return (error);
- MAC_CHECK(cred_check_setacl_vnode, cred, vp, &vp->v_label, type, acl);
+ MAC_CHECK(check_setacl_vnode, cred, vp, &vp->v_label, type, acl);
return (error);
}
int
-mac_cred_check_setextattr_vnode(struct ucred *cred, struct vnode *vp,
+mac_check_setextattr_vnode(struct ucred *cred, struct vnode *vp,
int attrnamespace, const char *name, struct uio *uio)
{
int error;
- ASSERT_VOP_LOCKED(vp, "mac_cred_check_setextattr_vnode");
+ ASSERT_VOP_LOCKED(vp, "mac_check_setextattr_vnode");
if (!mac_enforce_fs)
return (0);
@@ -2045,18 +2043,17 @@
if (error)
return (error);
- MAC_CHECK(cred_check_setextattr_vnode, cred, vp, &vp->v_label,
+ MAC_CHECK(check_setextattr_vnode, cred, vp, &vp->v_label,
attrnamespace, name, uio);
return (error);
}
int
-mac_cred_check_setflags_vnode(struct ucred *cred, struct vnode *vp,
- u_long flags)
+mac_check_setflags_vnode(struct ucred *cred, struct vnode *vp, u_long flags)
{
int error;
- ASSERT_VOP_LOCKED(vp, "mac_cred_check_setflags_vnode");
+ ASSERT_VOP_LOCKED(vp, "mac_check_setflags_vnode");
if (!mac_enforce_fs)
return (0);
@@ -2065,17 +2062,16 @@
if (error)
return (error);
- MAC_CHECK(cred_check_setflags_vnode, cred, vp, &vp->v_label, flags);
+ MAC_CHECK(check_setflags_vnode, cred, vp, &vp->v_label, flags);
return (error);
}
int
-mac_cred_check_setmode_vnode(struct ucred *cred, struct vnode *vp,
- mode_t mode)
+mac_check_setmode_vnode(struct ucred *cred, struct vnode *vp, mode_t mode)
{
int error;
- ASSERT_VOP_LOCKED(vp, "mac_cred_check_setmode_vnode");
+ ASSERT_VOP_LOCKED(vp, "mac_check_setmode_vnode");
if (!mac_enforce_fs)
return (0);
@@ -2084,17 +2080,17 @@
if (error)
return (error);
- MAC_CHECK(cred_check_setmode_vnode, cred, vp, &vp->v_label, mode);
+ MAC_CHECK(check_setmode_vnode, cred, vp, &vp->v_label, mode);
return (error);
}
int
-mac_cred_check_setowner_vnode(struct ucred *cred, struct vnode *vp, uid_t uid,
+mac_check_setowner_vnode(struct ucred *cred, struct vnode *vp, uid_t uid,
gid_t gid)
{
int error;
- ASSERT_VOP_LOCKED(vp, "mac_cred_check_setowner_vnode");
+ ASSERT_VOP_LOCKED(vp, "mac_check_setowner_vnode");
if (!mac_enforce_fs)
return (0);
@@ -2103,17 +2099,17 @@
if (error)
return (error);
- MAC_CHECK(cred_check_setowner_vnode, cred, vp, &vp->v_label, uid, gid);
+ MAC_CHECK(check_setowner_vnode, cred, vp, &vp->v_label, uid, gid);
return (error);
}
int
-mac_cred_check_setutimes_vnode(struct ucred *cred, struct vnode *vp,
+mac_check_setutimes_vnode(struct ucred *cred, struct vnode *vp,
struct timespec atime, struct timespec mtime)
{
int error;
- ASSERT_VOP_LOCKED(vp, "mac_cred_check_setutimes_vnode");
+ ASSERT_VOP_LOCKED(vp, "mac_check_setutimes_vnode");
if (!mac_enforce_fs)
return (0);
@@ -2122,19 +2118,19 @@
if (error)
return (error);
- MAC_CHECK(cred_check_setutimes_vnode, cred, vp, &vp->v_label, atime,
+ MAC_CHECK(check_setutimes_vnode, cred, vp, &vp->v_label, atime,
mtime);
return (error);
}
int
-mac_cred_check_delete_vnode(struct ucred *cred, struct vnode *dvp,
- struct vnode *vp, struct componentname *cnp)
+mac_check_delete_vnode(struct ucred *cred, struct vnode *dvp, struct vnode *vp,
+ struct componentname *cnp)
{
int error;
- ASSERT_VOP_LOCKED(dvp, "mac_cred_check_delete_vnode");
- ASSERT_VOP_LOCKED(vp, "mac_cred_check_delete_vnode");
+ ASSERT_VOP_LOCKED(dvp, "mac_check_delete_vnode");
+ ASSERT_VOP_LOCKED(vp, "mac_check_delete_vnode");
if (!mac_enforce_fs)
return (0);
@@ -2146,18 +2142,18 @@
if (error)
>>> TRUNCATED FOR MAIL (1000 lines) <<<
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list