PERFORCE change 15027 for review
Robert Watson
rwatson at freebsd.org
Sun Jul 28 02:38:08 GMT 2002
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=15027
Change 15027 by rwatson at rwatson_paprika on 2002/07/27 19:37:38
Rename mac_bpfdesc_check_receive_from_ifnet() to
mac_check_bpfdesc_receive() in the name of entry point name
simplification.
Affected files ...
.. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#196 edit
.. //depot/projects/trustedbsd/mac/sys/net/bpf.c#14 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#73 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_ifoff/mac_ifoff.c#10 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#62 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#48 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#53 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#18 edit
.. //depot/projects/trustedbsd/mac/sys/sys/mac.h#124 edit
.. //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#89 edit
Differences ...
==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#196 (text+ko) ====
@@ -650,12 +650,12 @@
mpc->mpc_ops->mpo_relabel_subject =
mpe->mpe_function;
break;
- case MAC_BPFDESC_CHECK_RECEIVE_FROM_IFNET:
- mpc->mpc_ops->mpo_bpfdesc_check_receive_from_ifnet =
+ case MAC_CHECK_BIND_SOCKET:
+ mpc->mpc_ops->mpo_check_bind_socket =
mpe->mpe_function;
break;
- case MAC_CHECK_BIND_SOCKET:
- mpc->mpc_ops->mpo_check_bind_socket =
+ case MAC_CHECK_BPFDESC_RECEIVE:
+ mpc->mpc_ops->mpo_check_bpfdesc_receive =
mpe->mpe_function;
break;
case MAC_CHECK_CONNECT_SOCKET:
@@ -2504,30 +2504,30 @@
}
int
-mac_bpfdesc_check_receive_from_ifnet(struct bpf_d *bpf_d, struct ifnet *ifnet)
+mac_check_bind_socket(struct ucred *ucred, struct socket *socket,
+ struct sockaddr *sockaddr)
{
int error;
- if (!mac_enforce_network)
+ if (!mac_enforce_socket)
return (0);
- MAC_CHECK(bpfdesc_check_receive_from_ifnet, bpf_d, &bpf_d->bd_label,
- ifnet, &ifnet->if_label);
+ MAC_CHECK(check_bind_socket, ucred, socket, &socket->so_label,
+ sockaddr);
return (error);
}
int
-mac_check_bind_socket(struct ucred *ucred, struct socket *socket,
- struct sockaddr *sockaddr)
+mac_check_bpfdesc_receive(struct bpf_d *bpf_d, struct ifnet *ifnet)
{
int error;
- if (!mac_enforce_socket)
+ if (!mac_enforce_network)
return (0);
- MAC_CHECK(check_bind_socket, ucred, socket, &socket->so_label,
- sockaddr);
+ MAC_CHECK(check_bpfdesc_receive, bpf_d, &bpf_d->bd_label, ifnet,
+ &ifnet->if_label);
return (error);
}
==== //depot/projects/trustedbsd/mac/sys/net/bpf.c#14 (text+ko) ====
@@ -1076,7 +1076,7 @@
slen = bpf_filter(d->bd_filter, pkt, pktlen, pktlen);
if (slen != 0){
#ifdef MAC
- if (mac_bpfdesc_check_receive_from_ifnet(d, ifp) == 0)
+ if (mac_check_bpfdesc_receive(d, ifp) == 0)
#endif
catchpacket(d, pkt, pktlen, slen, bcopy);
==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#73 (text+ko) ====
@@ -1164,8 +1164,8 @@
* Access control checks.
*/
static int
-mac_biba_bpfdesc_check_receive_from_ifnet(struct bpf_d *bpf_d,
- struct label *bpflabel, struct ifnet *ifnet, struct label *ifnetlabel)
+mac_biba_check_bpfdesc_receive(struct bpf_d *bpf_d, struct label *bpflabel,
+ struct ifnet *ifnet, struct label *ifnetlabel)
{
struct mac_biba *a, *b;
@@ -2140,8 +2140,8 @@
(macop_t)mac_biba_create_proc1 },
{ MAC_RELABEL_SUBJECT,
(macop_t)mac_biba_relabel_subject },
- { MAC_BPFDESC_CHECK_RECEIVE_FROM_IFNET,
- (macop_t)mac_biba_bpfdesc_check_receive_from_ifnet },
+ { MAC_CHECK_BPFDESC_RECEIVE,
+ (macop_t)mac_biba_check_bpfdesc_receive },
{ MAC_CHECK_SEE_CRED,
(macop_t)mac_biba_check_see_cred },
{ MAC_CHECK_SEE_SOCKET,
==== //depot/projects/trustedbsd/mac/sys/security/mac_ifoff/mac_ifoff.c#10 (text+ko) ====
@@ -138,8 +138,8 @@
}
static int
-mac_ifoff_bpfdesc_check_receive_from_ifnet(struct bpf_d *bpf_d,
- struct label *bpflabel, struct ifnet *ifnet, struct label *ifnetlabel)
+mac_ifoff_check_bpfdesc_receive(struct bpf_d *bpf_d, struct label *bpflabel,
+ struct ifnet *ifnet, struct label *ifnetlabel)
{
return (check_ifnet_incoming(ifnet, 1));
@@ -160,8 +160,8 @@
static struct mac_policy_op_entry mac_ifoff_ops[] =
{
- { MAC_BPFDESC_CHECK_RECEIVE_FROM_IFNET,
- (macop_t)mac_ifoff_bpfdesc_check_receive_from_ifnet },
+ { MAC_CHECK_BPFDESC_RECEIVE,
+ (macop_t)mac_ifoff_check_bpfdesc_receive },
{ MAC_IFNET_CHECK_SEND_MBUF,
(macop_t)mac_ifoff_ifnet_check_send_mbuf },
{ MAC_SOCKET_CHECK_RECEIVE_MBUF,
==== //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#62 (text+ko) ====
@@ -1110,8 +1110,8 @@
* Access control checks.
*/
static int
-mac_mls_bpfdesc_check_receive_from_ifnet(struct bpf_d *bpf_d,
- struct label *bpflabel, struct ifnet *ifnet, struct label *ifnetlabel)
+mac_mls_check_bpfdesc_receive(struct bpf_d *bpf_d, struct label *bpflabel,
+ struct ifnet *ifnet, struct label *ifnetlabel)
{
struct mac_mls *a, *b;
@@ -2086,8 +2086,8 @@
(macop_t)mac_mls_create_proc1 },
{ MAC_RELABEL_SUBJECT,
(macop_t)mac_mls_relabel_subject },
- { MAC_BPFDESC_CHECK_RECEIVE_FROM_IFNET,
- (macop_t)mac_mls_bpfdesc_check_receive_from_ifnet },
+ { MAC_CHECK_BPFDESC_RECEIVE,
+ (macop_t)mac_mls_check_bpfdesc_receive },
{ MAC_CHECK_SEE_CRED,
(macop_t)mac_mls_check_see_cred },
{ MAC_CHECK_SEE_SOCKET,
==== //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#48 (text+ko) ====
@@ -549,19 +549,19 @@
* Access control checks.
*/
static int
-mac_none_bpfdesc_check_receive_from_ifnet(struct bpf_d *bpf_d,
- struct label *bpflabel, struct ifnet *ifnet, struct label *ifnet_label)
+mac_none_check_bind_socket(struct ucred *cred, struct socket *socket,
+ struct label *socketlabel, struct sockaddr *sockaddr)
{
return (0);
}
static int
-mac_none_check_bind_socket(struct ucred *cred, struct socket *socket,
- struct label *socketlabel, struct sockaddr *sockaddr)
+mac_none_check_bpfdesc_receive(struct bpf_d *bpf_d, struct label *bpflabel,
+ struct ifnet *ifnet, struct label *ifnet_label)
{
- return (0);
+ return (0);
}
static int
@@ -1016,10 +1016,10 @@
(macop_t)mac_none_create_proc1 },
{ MAC_RELABEL_SUBJECT,
(macop_t)mac_none_relabel_subject },
- { MAC_BPFDESC_CHECK_RECEIVE_FROM_IFNET,
- (macop_t)mac_none_bpfdesc_check_receive_from_ifnet },
{ MAC_CHECK_BIND_SOCKET,
(macop_t)mac_none_check_bind_socket },
+ { MAC_CHECK_BPFDESC_RECEIVE,
+ (macop_t)mac_none_check_bpfdesc_receive },
{ MAC_CHECK_CONNECT_SOCKET,
(macop_t)mac_none_check_connect_socket },
{ MAC_CHECK_SEE_CRED,
==== //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#53 (text+ko) ====
@@ -674,27 +674,27 @@
}
static int
-mac_te_bpfdesc_check_receive_from_ifnet(struct bpf_d *bpf_d,
- struct label *bpflabel, struct ifnet *ifnet, struct label *ifnetlabel)
+mac_te_check_bind_socket(struct ucred *cred, struct socket *socket,
+ struct label *socketlabel, struct sockaddr *sockaddr)
{
if (!mac_te_enabled)
return (0);
- return (mac_te_check(SLOT(bpflabel), SLOT(ifnetlabel),
- MAC_TE_CLASS_BPF, MAC_TE_OPERATION_BPF_RECEIVE));
+ return (mac_te_check(SLOT(&cred->cr_label), SLOT(socketlabel),
+ MAC_TE_CLASS_SOCKET, MAC_TE_OPERATION_SOCKET_BIND));
}
static int
-mac_te_check_bind_socket(struct ucred *cred, struct socket *socket,
- struct label *socketlabel, struct sockaddr *sockaddr)
+mac_te_check_bpfdesc_receive(struct bpf_d *bpf_d, struct label *bpflabel,
+ struct ifnet *ifnet, struct label *ifnetlabel)
{
if (!mac_te_enabled)
return (0);
- return (mac_te_check(SLOT(&cred->cr_label), SLOT(socketlabel),
- MAC_TE_CLASS_SOCKET, MAC_TE_OPERATION_SOCKET_BIND));
+ return (mac_te_check(SLOT(bpflabel), SLOT(ifnetlabel),
+ MAC_TE_CLASS_BPF, MAC_TE_OPERATION_BPF_RECEIVE));
}
static int
@@ -1747,11 +1747,10 @@
{ MAC_CREATE_PROC1, (macop_t)mac_te_create_proc1 },
{ MAC_RELABEL_SUBJECT, (macop_t)mac_te_relabel_subject },
{ MAC_RELABEL_VNODE, (macop_t)mac_te_relabel_vnode },
- { MAC_BPFDESC_CHECK_RECEIVE_FROM_IFNET,
- (macop_t)mac_te_bpfdesc_check_receive_from_ifnet },
{ MAC_CHECK_SEE_CRED, (macop_t)mac_te_check_see_cred },
{ MAC_CHECK_SEE_SOCKET, (macop_t)mac_te_check_see_socket },
{ MAC_CHECK_BIND_SOCKET, (macop_t)mac_te_check_bind_socket },
+ { MAC_CHECK_BPFDESC_RECEIVE, (macop_t)mac_te_check_bpfdesc_receive },
{ MAC_CHECK_CONNECT_SOCKET,
(macop_t)mac_te_check_connect_socket },
{ MAC_CHECK_LISTEN_SOCKET,
==== //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#18 (text+ko) ====
@@ -757,16 +757,16 @@
* Access control checks.
*/
static int
-mac_test_bpfdesc_check_receive_from_ifnet(struct bpf_d *bpf_d,
- struct label *bpflabel, struct ifnet *ifnet, struct label *ifnetlabel)
+mac_test_check_bind_socket(struct ucred *cred, struct socket *socket,
+ struct label *socketlabel, struct sockaddr *sockaddr)
{
return (0);
}
static int
-mac_test_check_bind_socket(struct ucred *cred, struct socket *socket,
- struct label *socketlabel, struct sockaddr *sockaddr)
+mac_test_check_bpfdesc_receive(struct bpf_d *bpf_d, struct label *bpflabel,
+ struct ifnet *ifnet, struct label *ifnetlabel)
{
return (0);
@@ -1222,10 +1222,10 @@
(macop_t)mac_test_create_proc1 },
{ MAC_RELABEL_SUBJECT,
(macop_t)mac_test_relabel_subject },
- { MAC_BPFDESC_CHECK_RECEIVE_FROM_IFNET,
- (macop_t)mac_test_bpfdesc_check_receive_from_ifnet },
{ MAC_CHECK_BIND_SOCKET,
(macop_t)mac_test_check_bind_socket },
+ { MAC_CHECK_BPFDESC_RECEIVE,
+ (macop_t)mac_test_check_bpfdesc_receive },
{ MAC_CHECK_CONNECT_SOCKET,
(macop_t)mac_test_check_connect_socket },
{ MAC_CHECK_SEE_CRED,
==== //depot/projects/trustedbsd/mac/sys/sys/mac.h#124 (text+ko) ====
@@ -257,12 +257,11 @@
int mac_execve_will_transition(struct ucred *old, struct vnode *vp);
/* Authorizational event hooks. */
-int mac_bpfdesc_check_receive_from_ifnet(struct bpf_d *bpf_d,
- struct ifnet *ifnet);
int mac_check_access_vnode(struct ucred *cred, struct vnode *vp,
int flags);
int mac_check_bind_socket(struct ucred *cred, struct socket *so,
struct sockaddr *sa);
+int mac_check_bpfdesc_receive(struct bpf_d *bpf_d, struct ifnet *ifnet);
int mac_check_chdir_vnode(struct ucred *cred, struct vnode *dvp);
int mac_check_chroot_vnode(struct ucred *cred, struct vnode *dvp);
int mac_check_connect_socket(struct ucred *cred, struct socket *so,
==== //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#89 (text+ko) ====
@@ -228,12 +228,12 @@
/*
* Access control checks.
*/
- int (*mpo_bpfdesc_check_receive_from_ifnet)(struct bpf_d *bpf_d,
- struct label *bpflabel, struct ifnet *ifnet,
- struct label *ifnetlabel);
int (*mpo_check_bind_socket)(struct ucred *cred,
struct socket *socket, struct label *socketlabel,
struct sockaddr *sockaddr);
+ int (*mpo_check_bpfdesc_receive)(struct bpf_d *bpf_d,
+ struct label *bpflabel, struct ifnet *ifnet,
+ struct label *ifnetlabel);
int (*mpo_check_connect_socket)(struct ucred *cred,
struct socket *socket, struct label *socketlabel,
struct sockaddr *sockaddr);
@@ -411,8 +411,8 @@
MAC_CREATE_PROC0,
MAC_CREATE_PROC1,
MAC_RELABEL_SUBJECT,
- MAC_BPFDESC_CHECK_RECEIVE_FROM_IFNET,
MAC_CHECK_BIND_SOCKET,
+ MAC_CHECK_BPFDESC_RECEIVE,
MAC_CHECK_SEE_CRED,
MAC_CHECK_SEE_SOCKET,
MAC_CHECK_RELABEL_IFNET,
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list