PERFORCE change 15063 for review

Robert Watson rwatson at freebsd.org
Sun Jul 28 19:40:21 GMT 2002


http://people.freebsd.org/~peter/p4db/chv.cgi?CH=15063

Change 15063 by rwatson at rwatson_paprika on 2002/07/28 12:39:59

	Rename VNODE access control check entry points to fit the
	mac_check_object_method style.

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/compat/linux/linux_file.c#8 edit
.. //depot/projects/trustedbsd/mac/sys/compat/linux/linux_getcwd.c#8 edit
.. //depot/projects/trustedbsd/mac/sys/compat/linux/linux_misc.c#14 edit
.. //depot/projects/trustedbsd/mac/sys/compat/svr4/svr4_fcntl.c#8 edit
.. //depot/projects/trustedbsd/mac/sys/compat/svr4/svr4_misc.c#11 edit
.. //depot/projects/trustedbsd/mac/sys/i386/ibcs2/ibcs2_misc.c#7 edit
.. //depot/projects/trustedbsd/mac/sys/kern/kern_acl.c#13 edit
.. //depot/projects/trustedbsd/mac/sys/kern/kern_descrip.c#20 edit
.. //depot/projects/trustedbsd/mac/sys/kern/kern_exec.c#24 edit
.. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#201 edit
.. //depot/projects/trustedbsd/mac/sys/kern/tty_tty.c#7 edit
.. //depot/projects/trustedbsd/mac/sys/kern/uipc_usrreq.c#19 edit
.. //depot/projects/trustedbsd/mac/sys/kern/vfs_lookup.c#20 edit
.. //depot/projects/trustedbsd/mac/sys/kern/vfs_syscalls.c#64 edit
.. //depot/projects/trustedbsd/mac/sys/kern/vfs_vnops.c#31 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#78 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_bsdextended/mac_bsdextended.c#47 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#66 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#53 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#58 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#23 edit
.. //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#16 edit
.. //depot/projects/trustedbsd/mac/sys/sys/mac.h#129 edit
.. //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#94 edit
.. //depot/projects/trustedbsd/mac/sys/vm/vm_mmap.c#12 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/compat/linux/linux_file.c#8 (text+ko) ====

@@ -331,7 +331,7 @@
 	/*
 	 * Do directory search MAC check using non-cached credentials.
 	 */
-	if ((error = mac_check_readdir_vnode(td->td_proc->p_ucred, vp))
+	if ((error = mac_check_vnode_readdir(td->td_proc->p_ucred, vp))
 		goto out;
 #endif /* MAC */
 	if ((error = VOP_READDIR(vp, &auio, fp->f_cred, &eofflag, &ncookies,

==== //depot/projects/trustedbsd/mac/sys/compat/linux/linux_getcwd.c#8 (text+ko) ====

@@ -203,7 +203,7 @@
 		eofflag = 0;
 
 #ifdef MAC
-		error = mac_check_readdir_vnode(td->td_ucred, uvp);
+		error = mac_check_vnode_readdir(td->td_ucred, uvp);
 		if (error == 0)
 #endif /* MAC */
 			error = VOP_READDIR(uvp, &uio, td->td_ucred, &eofflag,

==== //depot/projects/trustedbsd/mac/sys/compat/linux/linux_misc.c#14 (text+ko) ====

@@ -308,7 +308,7 @@
 	 * from vn_open().
 	 */
 #ifdef MAC
-	error = mac_check_open_vnode(td->td_ucred, vp, FREAD);
+	error = mac_check_vnode_open(td->td_ucred, vp, FREAD);
 	if (error)
 		goto cleanup;
 #endif

==== //depot/projects/trustedbsd/mac/sys/compat/svr4/svr4_fcntl.c#8 (text+ko) ====

@@ -266,7 +266,7 @@
 
 #ifdef MAC
 	vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
-	error = mac_check_revoke_vnode(td->td_ucred, vp);
+	error = mac_check_vnode_revoke(td->td_ucred, vp);
 	VOP_UNLOCK(vp, 0, td);
 	if (error)
 		goto out;

==== //depot/projects/trustedbsd/mac/sys/compat/svr4/svr4_misc.c#11 (text+ko) ====

@@ -316,7 +316,7 @@
 
 #ifdef MAC
 	/* Use process's credentials to check directory search MAC. */
-	error = mac_check_readdir_vnode(td->td_proc->p_ucred, vp);
+	error = mac_check_vnode_readdir(td->td_proc->p_ucred, vp);
 	if (error)
 		goto out;
 #endif /* MAC */
@@ -479,7 +479,7 @@
          */
 #ifdef MAC
 	/* Use process's credentials to check directory search MAC. */
-	error = mac_check_readdir_vnode(td->td_proc->p_ucred, vp);
+	error = mac_check_vnode_readdir(td->td_proc->p_ucred, vp);
 	if (error)
 		goto out;
 #endif /* MAC */

==== //depot/projects/trustedbsd/mac/sys/i386/ibcs2/ibcs2_misc.c#7 (text+ko) ====

@@ -352,7 +352,7 @@
 	}
 
 #ifdef MAC
-	error = mac_check_readdir_vnode(td->td_proc->p_ucred, vp);
+	error = mac_check_vnode_readdir(td->td_proc->p_ucred, vp);
 	if (error)
 		goto out;
 #endif /* MAC */
@@ -512,7 +512,7 @@
 	}
 
 #ifdef MAC
-	error = mac_check_readdir_vnode(td->td_proc->p_ucred, vp);
+	error = mac_check_vnode_readdir(td->td_proc->p_ucred, vp);
 	if (error)
 		goto out;
 #endif /* MAC */

==== //depot/projects/trustedbsd/mac/sys/kern/kern_acl.c#13 (text+ko) ====

@@ -585,7 +585,7 @@
 	VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE);
 	vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
 #ifdef MAC
-	error = mac_check_setacl_vnode(td->td_ucred, vp, type, &inkernacl);
+	error = mac_check_vnode_setacl(td->td_ucred, vp, type, &inkernacl);
 	if (error != 0)
 		goto out;
 #endif
@@ -611,7 +611,7 @@
 	VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE);
 	vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
 #ifdef MAC
-	error = mac_check_getacl_vnode(td->td_ucred, vp, type);
+	error = mac_check_vnode_getacl(td->td_ucred, vp, type);
 	if (error != 0)
 		goto out;
 #endif
@@ -640,7 +640,7 @@
 	VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE);
 	vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
 #ifdef MAC
-	error = mac_check_deleteacl_vnode(td->td_ucred, vp, type);
+	error = mac_check_vnode_deleteacl(td->td_ucred, vp, type);
 	if (error)
 		goto out;
 #endif

==== //depot/projects/trustedbsd/mac/sys/kern/kern_descrip.c#20 (text+ko) ====

@@ -331,7 +331,7 @@
 			 * to pass in both the old and the new flags,
 			 * with authorization performed only on the delta.
 			 */
-			error = mac_check_open_vnode(td->td_ucred,
+			error = mac_check_vnode_open(td->td_ucred,
 			    (struct vnode *)fp->f_data, mode);
 			VOP_UNLOCK((struct vnode *)fp->f_data, 0, td);
 			if (error) {

==== //depot/projects/trustedbsd/mac/sys/kern/kern_exec.c#24 (text+ko) ====

@@ -948,7 +948,7 @@
 	 * that the label is retained for use later for MAC models that
 	 * support subject domain transitions at execve()-time.
 	 */
-	error = mac_cred_canexec(curthread->td_ucred, imgp->vp);
+	error = mac_check_vnode_exec(curthread->td_ucred, imgp->vp);
 	if (error)
 		return (error);
 #endif

==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#201 (text+ko) ====

@@ -342,7 +342,7 @@
 			continue;
 		vp = (struct vnode *)object->handle;
 		vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
-		result = mac_check_mmap_vnode_prot(cred, vp, 0);
+		result = mac_check_vnode_mmap_prot(cred, vp, 0);
 		VOP_UNLOCK(vp, 0, td);
 		/*
 		 * Find out what maximum protection we may be allowing
@@ -717,96 +717,96 @@
 		case MAC_CHECK_STATFS:
 			mpc->mpc_ops->mpo_check_statfs = mpe->mpe_function;
 			break;
-		case MAC_CHECK_ACCESS_VNODE:
-			mpc->mpc_ops->mpo_check_access_vnode =
+		case MAC_CHECK_VNODE_ACCESS:
+			mpc->mpc_ops->mpo_check_vnode_access =
 			    mpe->mpe_function;
 			break;
-		case MAC_CHECK_CHDIR_VNODE:
-			mpc->mpc_ops->mpo_check_chdir_vnode =
+		case MAC_CHECK_VNODE_CHDIR:
+			mpc->mpc_ops->mpo_check_vnode_chdir =
 			    mpe->mpe_function;
 			break;
-		case MAC_CHECK_CHROOT_VNODE:
-			mpc->mpc_ops->mpo_check_chroot_vnode =
+		case MAC_CHECK_VNODE_CHROOT:
+			mpc->mpc_ops->mpo_check_vnode_chroot =
 			    mpe->mpe_function;
 			break;
-		case MAC_CHECK_CREATE_VNODE:
-			mpc->mpc_ops->mpo_check_create_vnode =
+		case MAC_CHECK_VNODE_CREATE:
+			mpc->mpc_ops->mpo_check_vnode_create =
 			    mpe->mpe_function;
 			break;
-		case MAC_CHECK_DELETE_VNODE:
-			mpc->mpc_ops->mpo_check_delete_vnode =
+		case MAC_CHECK_VNODE_DELETE:
+			mpc->mpc_ops->mpo_check_vnode_delete =
 			    mpe->mpe_function;
 			break;
-		case MAC_CHECK_DELETEACL_VNODE:
-			mpc->mpc_ops->mpo_check_deleteacl_vnode =
+		case MAC_CHECK_VNODE_DELETEACL:
+			mpc->mpc_ops->mpo_check_vnode_deleteacl =
 			    mpe->mpe_function;
 			break;
-		case MAC_CHECK_EXEC_VNODE:
-			mpc->mpc_ops->mpo_check_exec_vnode =
+		case MAC_CHECK_VNODE_EXEC:
+			mpc->mpc_ops->mpo_check_vnode_exec =
 			    mpe->mpe_function;
 			break;
-		case MAC_CHECK_GETACL_VNODE:
-			mpc->mpc_ops->mpo_check_getacl_vnode =
+		case MAC_CHECK_VNODE_GETACL:
+			mpc->mpc_ops->mpo_check_vnode_getacl =
 			    mpe->mpe_function;
 			break;
-		case MAC_CHECK_GETEXTATTR_VNODE:
-			mpc->mpc_ops->mpo_check_getextattr_vnode =
+		case MAC_CHECK_VNODE_GETEXTATTR:
+			mpc->mpc_ops->mpo_check_vnode_getextattr =
 			    mpe->mpe_function;
 			break;
-		case MAC_CHECK_LOOKUP_VNODE:
-			mpc->mpc_ops->mpo_check_lookup_vnode =
+		case MAC_CHECK_VNODE_LOOKUP:
+			mpc->mpc_ops->mpo_check_vnode_lookup =
 			    mpe->mpe_function;
 			break;
-		case MAC_CHECK_OPEN_VNODE:
-			mpc->mpc_ops->mpo_check_open_vnode =
+		case MAC_CHECK_VNODE_OPEN:
+			mpc->mpc_ops->mpo_check_vnode_open =
 			    mpe->mpe_function;
 			break;
-		case MAC_CHECK_READDIR_VNODE:
-			mpc->mpc_ops->mpo_check_readdir_vnode =
+		case MAC_CHECK_VNODE_READDIR:
+			mpc->mpc_ops->mpo_check_vnode_readdir =
 			    mpe->mpe_function;
 			break;
-		case MAC_CHECK_READLINK_VNODE:
-			mpc->mpc_ops->mpo_check_readlink_vnode =
+		case MAC_CHECK_VNODE_READLINK:
+			mpc->mpc_ops->mpo_check_vnode_readlink =
 			    mpe->mpe_function;
 			break;
-		case MAC_CHECK_RENAME_FROM_VNODE:
-			mpc->mpc_ops->mpo_check_rename_from_vnode =
+		case MAC_CHECK_VNODE_RENAME_FROM:
+			mpc->mpc_ops->mpo_check_vnode_rename_from =
 			    mpe->mpe_function;
 			break;
-		case MAC_CHECK_RENAME_TO_VNODE:
-			mpc->mpc_ops->mpo_check_rename_to_vnode =
+		case MAC_CHECK_VNODE_RENAME_TO:
+			mpc->mpc_ops->mpo_check_vnode_rename_to =
 			    mpe->mpe_function;
 			break;
-		case MAC_CHECK_REVOKE_VNODE:
-			mpc->mpc_ops->mpo_check_revoke_vnode =
+		case MAC_CHECK_VNODE_REVOKE:
+			mpc->mpc_ops->mpo_check_vnode_revoke =
 			    mpe->mpe_function;
 			break;
-		case MAC_CHECK_SETACL_VNODE:
-			mpc->mpc_ops->mpo_check_setacl_vnode =
+		case MAC_CHECK_VNODE_SETACL:
+			mpc->mpc_ops->mpo_check_vnode_setacl =
 			    mpe->mpe_function;
 			break;
-		case MAC_CHECK_SETEXTATTR_VNODE:
-			mpc->mpc_ops->mpo_check_setextattr_vnode =
+		case MAC_CHECK_VNODE_SETEXTATTR:
+			mpc->mpc_ops->mpo_check_vnode_setextattr =
 			    mpe->mpe_function;
 			break;
-		case MAC_CHECK_SETFLAGS_VNODE:
-			mpc->mpc_ops->mpo_check_setflags_vnode =
+		case MAC_CHECK_VNODE_SETFLAGS:
+			mpc->mpc_ops->mpo_check_vnode_setflags =
 			    mpe->mpe_function;
 			break;
-		case MAC_CHECK_SETMODE_VNODE:
-			mpc->mpc_ops->mpo_check_setmode_vnode =
+		case MAC_CHECK_VNODE_SETMODE:
+			mpc->mpc_ops->mpo_check_vnode_setmode =
 			    mpe->mpe_function;
 			break;
-		case MAC_CHECK_SETOWNER_VNODE:
-			mpc->mpc_ops->mpo_check_setowner_vnode =
+		case MAC_CHECK_VNODE_SETOWNER:
+			mpc->mpc_ops->mpo_check_vnode_setowner =
 			    mpe->mpe_function;
 			break;
-		case MAC_CHECK_SETUTIMES_VNODE:
-			mpc->mpc_ops->mpo_check_setutimes_vnode =
+		case MAC_CHECK_VNODE_SETUTIMES:
+			mpc->mpc_ops->mpo_check_vnode_setutimes =
 			    mpe->mpe_function;
 			break;
-		case MAC_CHECK_STAT_VNODE:
-			mpc->mpc_ops->mpo_check_stat_vnode =
+		case MAC_CHECK_VNODE_STAT:
+			mpc->mpc_ops->mpo_check_vnode_stat =
 			    mpe->mpe_function;
 			break;
 		case MAC_CHECK_VNODE_MMAP_PERMS:
@@ -1288,23 +1288,6 @@
 	return (0);
 }
 
-
-int
-mac_cred_canexec(struct ucred *cred, struct vnode *vp)
-{
-	int error;
-
-	if (!mac_enforce_process && !mac_enforce_fs)
-		return (0);
-
-	error = vn_refreshlabel(vp, cred);
-	if (error)
-		return (error);
-	MAC_CHECK(check_exec_vnode, cred, vp, &vp->v_label);
-
-	return (error);
-}
-
 void
 mac_execve_transition(struct ucred *old, struct ucred *new, struct vnode *vp)
 {
@@ -1717,11 +1700,11 @@
 }
 
 int
-mac_check_access_vnode(struct ucred *cred, struct vnode *vp, int flags)
+mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int flags)
 {
 	int error;
 
-	ASSERT_VOP_LOCKED(vp, "mac_check_access_vnode");
+	ASSERT_VOP_LOCKED(vp, "mac_check_vnode_access");
 
 	if (!mac_enforce_fs)
 		return (0);
@@ -1730,16 +1713,16 @@
 	if (error)
 		return (error);
 
-	MAC_CHECK(check_access_vnode, cred, vp, &vp->v_label, flags);
+	MAC_CHECK(check_vnode_access, cred, vp, &vp->v_label, flags);
 	return (error);
 }
 
 int
-mac_check_chdir_vnode(struct ucred *cred, struct vnode *dvp)
+mac_check_vnode_chdir(struct ucred *cred, struct vnode *dvp)
 {
 	int error;
 
-	ASSERT_VOP_LOCKED(dvp, "mac_check_chdir_vnode");
+	ASSERT_VOP_LOCKED(dvp, "mac_check_vnode_chdir");
 
 	if (!mac_enforce_fs)
 		return (0);
@@ -1748,16 +1731,16 @@
 	if (error)
 		return (error);
 
-	MAC_CHECK(check_chdir_vnode, cred, dvp, &dvp->v_label);
+	MAC_CHECK(check_vnode_chdir, cred, dvp, &dvp->v_label);
 	return (error);
 }
 
 int
-mac_check_chroot_vnode(struct ucred *cred, struct vnode *dvp)
+mac_check_vnode_chroot(struct ucred *cred, struct vnode *dvp)
 {
 	int error;
 
-	ASSERT_VOP_LOCKED(dvp, "mac_check_chroot_vnode");
+	ASSERT_VOP_LOCKED(dvp, "mac_check_vnode_chroot");
 
 	if (!mac_enforce_fs)
 		return (0);
@@ -1766,17 +1749,17 @@
 	if (error)
 		return (error);
 
-	MAC_CHECK(check_chroot_vnode, cred, dvp, &dvp->v_label);
+	MAC_CHECK(check_vnode_chroot, cred, dvp, &dvp->v_label);
 	return (error);
 }
 
 int
-mac_check_create_vnode(struct ucred *cred, struct vnode *dvp,
+mac_check_vnode_create(struct ucred *cred, struct vnode *dvp,
     struct componentname *cnp, struct vattr *vap)
 {
 	int error;
 
-	ASSERT_VOP_LOCKED(dvp, "mac_check_create_vnode");
+	ASSERT_VOP_LOCKED(dvp, "mac_check_vnode_create");
 
 	if (!mac_enforce_fs)
 		return (0);
@@ -1785,16 +1768,32 @@
 	if (error)
 		return (error);
 
-	MAC_CHECK(check_create_vnode, cred, dvp, &dvp->v_label, cnp, vap);
+	MAC_CHECK(check_vnode_create, cred, dvp, &dvp->v_label, cnp, vap);
+	return (error);
+}
+
+int
+mac_check_vnode_exec(struct ucred *cred, struct vnode *vp)
+{
+	int error;
+
+	if (!mac_enforce_process && !mac_enforce_fs)
+		return (0);
+
+	error = vn_refreshlabel(vp, cred);
+	if (error)
+		return (error);
+	MAC_CHECK(check_vnode_exec, cred, vp, &vp->v_label);
+
 	return (error);
 }
 
 int
-mac_check_getacl_vnode(struct ucred *cred, struct vnode *vp, acl_type_t type)
+mac_check_vnode_getacl(struct ucred *cred, struct vnode *vp, acl_type_t type)
 {
 	int error;
 
-	ASSERT_VOP_LOCKED(vp, "mac_check_getacl_vnode");
+	ASSERT_VOP_LOCKED(vp, "mac_check_vnode_getacl");
 
 	if (!mac_enforce_fs)
 		return (0);
@@ -1803,17 +1802,17 @@
 	if (error)
 		return (error);
 
-	MAC_CHECK(check_getacl_vnode, cred, vp, &vp->v_label, type);
+	MAC_CHECK(check_vnode_getacl, cred, vp, &vp->v_label, type);
 	return (error);
 }
 
 int
-mac_check_getextattr_vnode(struct ucred *cred, struct vnode *vp,
+mac_check_vnode_getextattr(struct ucred *cred, struct vnode *vp,
     int attrnamespace, const char *name, struct uio *uio)
 {
 	int error;
 
-	ASSERT_VOP_LOCKED(vp, "mac_check_getextattr_vnode");
+	ASSERT_VOP_LOCKED(vp, "mac_check_vnode_getextattr");
 
 	if (!mac_enforce_fs)
 		return (0);
@@ -1822,18 +1821,18 @@
 	if (error)
 		return (error);
 
-	MAC_CHECK(check_getextattr_vnode, cred, vp, &vp->v_label,
+	MAC_CHECK(check_vnode_getextattr, cred, vp, &vp->v_label,
 	    attrnamespace, name, uio);
 	return (error);
 }
 
 int
-mac_check_lookup_vnode(struct ucred *cred, struct vnode *dvp,
+mac_check_vnode_lookup(struct ucred *cred, struct vnode *dvp,
     struct componentname *cnp)
 {
 	int error;
 
-	ASSERT_VOP_LOCKED(dvp, "mac_check_lookup_vnode");
+	ASSERT_VOP_LOCKED(dvp, "mac_check_vnode_lookup");
 
 	if (!mac_enforce_fs)
 		return (0);
@@ -1842,30 +1841,30 @@
 	if (error)
 		return (error);
 
-	MAC_CHECK(check_lookup_vnode, cred, dvp, &dvp->v_label, cnp);
+	MAC_CHECK(check_vnode_lookup, cred, dvp, &dvp->v_label, cnp);
 	return (error);
 }
 
 vm_prot_t
-mac_check_mmap_vnode_prot(struct ucred *cred, struct vnode *vp, int newmapping)
+mac_check_vnode_mmap_prot(struct ucred *cred, struct vnode *vp, int newmapping)
 {
 	vm_prot_t result = VM_PROT_ALL;
 
 	/*
 	 * This should be some sort of MAC_BITWISE, maybe :)
 	 */
-	ASSERT_VOP_LOCKED(vp, "mac_check_mmap_vnode_perms");
+	ASSERT_VOP_LOCKED(vp, "mac_check_vnode_mmap_perms");
 	MAC_BOOLEAN(check_vnode_mmap_perms, &, cred, vp, &vp->v_label,
 	    newmapping);
 	return (result);
 }
 
 int
-mac_check_open_vnode(struct ucred *cred, struct vnode *vp, mode_t acc_mode)
+mac_check_vnode_open(struct ucred *cred, struct vnode *vp, mode_t acc_mode)
 {
 	int error;
 
-	ASSERT_VOP_LOCKED(vp, "mac_check_open_vnode");
+	ASSERT_VOP_LOCKED(vp, "mac_check_vnode_open");
 
 	if (!mac_enforce_fs)
 		return (0);
@@ -1874,16 +1873,16 @@
 	if (error)
 		return (error);
 
-	MAC_CHECK(check_open_vnode, cred, vp, &vp->v_label, acc_mode);
+	MAC_CHECK(check_vnode_open, cred, vp, &vp->v_label, acc_mode);
 	return (error);
 }
 
 int
-mac_check_readdir_vnode(struct ucred *cred, struct vnode *dvp)
+mac_check_vnode_readdir(struct ucred *cred, struct vnode *dvp)
 {
 	int error;
 
-	ASSERT_VOP_LOCKED(dvp, "mac_check_readdir_vnode");
+	ASSERT_VOP_LOCKED(dvp, "mac_check_vnode_readdir");
 
 	if (!mac_enforce_fs)
 		return (0);
@@ -1892,16 +1891,16 @@
 	if (error)
 		return (error);
 
-	MAC_CHECK(check_readdir_vnode, cred, dvp, &dvp->v_label);
+	MAC_CHECK(check_vnode_readdir, cred, dvp, &dvp->v_label);
 	return (error);
 }
 
 int
-mac_check_readlink_vnode(struct ucred *cred, struct vnode *vp)
+mac_check_vnode_readlink(struct ucred *cred, struct vnode *vp)
 {
 	int error;
 
-	ASSERT_VOP_LOCKED(vp, "mac_check_readlink_vnode");
+	ASSERT_VOP_LOCKED(vp, "mac_check_vnode_readlink");
 
 	if (!mac_enforce_fs)
 		return (0);
@@ -1910,16 +1909,16 @@
 	if (error)
 		return (error);
 
-	MAC_CHECK(check_readlink_vnode, cred, vp, &vp->v_label);
+	MAC_CHECK(check_vnode_readlink, cred, vp, &vp->v_label);
 	return (error);
 }
 
 int
-mac_check_revoke_vnode(struct ucred *cred, struct vnode *vp)
+mac_check_vnode_revoke(struct ucred *cred, struct vnode *vp)
 {
 	int error;
 
-	ASSERT_VOP_LOCKED(vp, "mac_check_revoke_vnode");
+	ASSERT_VOP_LOCKED(vp, "mac_check_vnode_revoke");
 
 	if (!mac_enforce_fs)
 		return (0);
@@ -1928,17 +1927,17 @@
 	if (error)
 		return (error);
 
-	MAC_CHECK(check_revoke_vnode, cred, vp, &vp->v_label);
+	MAC_CHECK(check_vnode_revoke, cred, vp, &vp->v_label);
 	return (error);
 }
 
 int
-mac_check_setacl_vnode(struct ucred *cred, struct vnode *vp, acl_type_t type,
+mac_check_vnode_setacl(struct ucred *cred, struct vnode *vp, acl_type_t type,
     struct acl *acl)
 {
 	int error;
 
-	ASSERT_VOP_LOCKED(vp, "mac_check_setacl_vnode");
+	ASSERT_VOP_LOCKED(vp, "mac_check_vnode_setacl");
 
 	if (!mac_enforce_fs)
 		return (0);
@@ -1947,17 +1946,17 @@
 	if (error)
 		return (error);
 
-	MAC_CHECK(check_setacl_vnode, cred, vp, &vp->v_label, type, acl);
+	MAC_CHECK(check_vnode_setacl, cred, vp, &vp->v_label, type, acl);
 	return (error);
 }
 
 int
-mac_check_setextattr_vnode(struct ucred *cred, struct vnode *vp,
+mac_check_vnode_setextattr(struct ucred *cred, struct vnode *vp,
     int attrnamespace, const char *name, struct uio *uio)
 {
 	int error;
 
-	ASSERT_VOP_LOCKED(vp, "mac_check_setextattr_vnode");
+	ASSERT_VOP_LOCKED(vp, "mac_check_vnode_setextattr");
 
 	if (!mac_enforce_fs)
 		return (0);
@@ -1966,17 +1965,17 @@
 	if (error)
 		return (error);
 
-	MAC_CHECK(check_setextattr_vnode, cred, vp, &vp->v_label,
+	MAC_CHECK(check_vnode_setextattr, cred, vp, &vp->v_label,
 	    attrnamespace, name, uio);
 	return (error);
 }
 
 int
-mac_check_setflags_vnode(struct ucred *cred, struct vnode *vp, u_long flags)
+mac_check_vnode_setflags(struct ucred *cred, struct vnode *vp, u_long flags)
 {
 	int error;
 
-	ASSERT_VOP_LOCKED(vp, "mac_check_setflags_vnode");
+	ASSERT_VOP_LOCKED(vp, "mac_check_vnode_setflags");
 
 	if (!mac_enforce_fs)
 		return (0);
@@ -1985,16 +1984,16 @@
 	if (error)
 		return (error);
 
-	MAC_CHECK(check_setflags_vnode, cred, vp, &vp->v_label, flags);
+	MAC_CHECK(check_vnode_setflags, cred, vp, &vp->v_label, flags);
 	return (error);
 }
 
 int
-mac_check_setmode_vnode(struct ucred *cred, struct vnode *vp, mode_t mode)
+mac_check_vnode_setmode(struct ucred *cred, struct vnode *vp, mode_t mode)
 {
 	int error;
 
-	ASSERT_VOP_LOCKED(vp, "mac_check_setmode_vnode");
+	ASSERT_VOP_LOCKED(vp, "mac_check_vnode_setmode");
 
 	if (!mac_enforce_fs)
 		return (0);
@@ -2003,17 +2002,17 @@
 	if (error)
 		return (error);
 
-	MAC_CHECK(check_setmode_vnode, cred, vp, &vp->v_label, mode);
+	MAC_CHECK(check_vnode_setmode, cred, vp, &vp->v_label, mode);
 	return (error);
 }
 
 int
-mac_check_setowner_vnode(struct ucred *cred, struct vnode *vp, uid_t uid,
+mac_check_vnode_setowner(struct ucred *cred, struct vnode *vp, uid_t uid,
     gid_t gid)
 {
 	int error;
 
-	ASSERT_VOP_LOCKED(vp, "mac_check_setowner_vnode");
+	ASSERT_VOP_LOCKED(vp, "mac_check_vnode_setowner");
 
 	if (!mac_enforce_fs)
 		return (0);
@@ -2022,17 +2021,17 @@
 	if (error)
 		return (error);
 
-	MAC_CHECK(check_setowner_vnode, cred, vp, &vp->v_label, uid, gid);
+	MAC_CHECK(check_vnode_setowner, cred, vp, &vp->v_label, uid, gid);
 	return (error);
 }
 
 int
-mac_check_setutimes_vnode(struct ucred *cred, struct vnode *vp,
+mac_check_vnode_setutimes(struct ucred *cred, struct vnode *vp,
     struct timespec atime, struct timespec mtime)
 {
 	int error;
 
-	ASSERT_VOP_LOCKED(vp, "mac_check_setutimes_vnode");
+	ASSERT_VOP_LOCKED(vp, "mac_check_vnode_setutimes");
 
 	if (!mac_enforce_fs)
 		return (0);
@@ -2041,19 +2040,19 @@
 	if (error)
 		return (error);
 
-	MAC_CHECK(check_setutimes_vnode, cred, vp, &vp->v_label, atime,
+	MAC_CHECK(check_vnode_setutimes, cred, vp, &vp->v_label, atime,
 	    mtime);
 	return (error);
 }
 
 int
-mac_check_delete_vnode(struct ucred *cred, struct vnode *dvp, struct vnode *vp,
+mac_check_vnode_delete(struct ucred *cred, struct vnode *dvp, struct vnode *vp,
     struct componentname *cnp)
 {
 	int error;
 
-	ASSERT_VOP_LOCKED(dvp, "mac_check_delete_vnode");
-	ASSERT_VOP_LOCKED(vp, "mac_check_delete_vnode");
+	ASSERT_VOP_LOCKED(dvp, "mac_check_vnode_delete");
+	ASSERT_VOP_LOCKED(vp, "mac_check_vnode_delete");
 
 	if (!mac_enforce_fs)
 		return (0);
@@ -2065,18 +2064,18 @@
 	if (error)
 		return (error);
 
-	MAC_CHECK(check_delete_vnode, cred, dvp, &dvp->v_label, vp,
+	MAC_CHECK(check_vnode_delete, cred, dvp, &dvp->v_label, vp,
 	    &vp->v_label, cnp);
 	return (error);
 }
 
 int
-mac_check_deleteacl_vnode(struct ucred *cred, struct vnode *vp,
+mac_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp,
     acl_type_t type)
 {
 	int error;
 
-	ASSERT_VOP_LOCKED(vp, "mac_check_deleteacl_vnode");
+	ASSERT_VOP_LOCKED(vp, "mac_check_vnode_deleteacl");
 
 	if (!mac_enforce_fs)
 		return (0);
@@ -2085,18 +2084,18 @@
 	if (error)
 		return (error);
 
-	MAC_CHECK(check_deleteacl_vnode, cred, vp, &vp->v_label, type);
+	MAC_CHECK(check_vnode_deleteacl, cred, vp, &vp->v_label, type);
 	return (error);
 }
 
 int
-mac_check_rename_from_vnode(struct ucred *cred, struct vnode *dvp,
+mac_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp,
     struct vnode *vp, struct componentname *cnp)
 {
 	int error;
 
-	ASSERT_VOP_LOCKED(dvp, "mac_check_rename_from_vnode");
-	ASSERT_VOP_LOCKED(vp, "mac_check_rename_from_vnode");
+	ASSERT_VOP_LOCKED(dvp, "mac_check_vnode_rename_from");
+	ASSERT_VOP_LOCKED(vp, "mac_check_vnode_rename_from");
 
 	if (!mac_enforce_fs)
 		return (0);
@@ -2108,19 +2107,19 @@
 	if (error)
 		return (error);
 
-	MAC_CHECK(check_rename_from_vnode, cred, dvp, &dvp->v_label, vp,
+	MAC_CHECK(check_vnode_rename_from, cred, dvp, &dvp->v_label, vp,
 	    &vp->v_label, cnp);
 	return (error);
 }
 
 int
-mac_check_rename_to_vnode(struct ucred *cred, struct vnode *dvp,
+mac_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp,
     struct vnode *vp, int samedir, struct componentname *cnp)
 {
 	int error;
 
-	ASSERT_VOP_LOCKED(dvp, "mac_check_rename_to_vnode");
-	ASSERT_VOP_LOCKED(vp, "mac_check_rename_to_vnode");
+	ASSERT_VOP_LOCKED(dvp, "mac_check_vnode_rename_to");
+	ASSERT_VOP_LOCKED(vp, "mac_check_vnode_rename_to");
 
 	if (!mac_enforce_fs)
 		return (0);
@@ -2133,17 +2132,17 @@
 		if (error)
 			return (error);
 	}
-	MAC_CHECK(check_rename_to_vnode, cred, dvp, &dvp->v_label, vp,
+	MAC_CHECK(check_vnode_rename_to, cred, dvp, &dvp->v_label, vp,
 	    vp != NULL ? &vp->v_label : NULL, samedir, cnp);
 	return (error);
 }
 
 int
-mac_check_stat_vnode(struct ucred *cred, struct vnode *vp)
+mac_check_vnode_stat(struct ucred *cred, struct vnode *vp)
 {
 	int error;
 
-	ASSERT_VOP_LOCKED(vp, "mac_check_stat_vnode");
+	ASSERT_VOP_LOCKED(vp, "mac_check_vnode_stat");
 
 	if (!mac_enforce_fs)
 		return (0);
@@ -2152,7 +2151,7 @@
 	if (error)
 		return (error);
 
-	MAC_CHECK(check_stat_vnode, cred, vp, &vp->v_label);
+	MAC_CHECK(check_vnode_stat, cred, vp, &vp->v_label);
 	return (error);
 }
 

==== //depot/projects/trustedbsd/mac/sys/kern/tty_tty.c#7 (text+ko) ====

@@ -98,7 +98,7 @@
 		return (ENXIO);
 	vn_lock(ttyvp, LK_EXCLUSIVE | LK_RETRY, td);
 #ifdef MAC
-	error = mac_check_open_vnode(td->td_ucred, ttyvp, flag);
+	error = mac_check_vnode_open(td->td_ucred, ttyvp, flag);
 	if (error) {
 		VOP_UNLOCK(ttyvp, 0, td);
 		return (error);

==== //depot/projects/trustedbsd/mac/sys/kern/uipc_usrreq.c#19 (text+ko) ====

@@ -639,7 +639,7 @@
 	vattr.va_mode = (ACCESSPERMS & ~td->td_proc->p_fd->fd_cmask);
 	FILEDESC_UNLOCK(td->td_proc->p_fd);
 #ifdef MAC
-	error = mac_check_create_vnode(td->td_ucred, nd.ni_dvp, &nd.ni_cnd,
+	error = mac_check_vnode_create(td->td_ucred, nd.ni_dvp, &nd.ni_cnd,
 	    &vattr);
 #endif /* MAC */
 	if (error == 0) {

==== //depot/projects/trustedbsd/mac/sys/kern/vfs_lookup.c#20 (text+ko) ====

@@ -203,7 +203,7 @@
 			break;
 		}
 #ifdef MAC
-		error = mac_check_readlink_vnode(td->td_ucred, ndp->ni_vp);
+		error = mac_check_vnode_readlink(td->td_ucred, ndp->ni_vp);
 		if (error)
 			break;
 #endif
@@ -454,7 +454,7 @@
 	 */
 unionlookup:
 #ifdef MAC
-	error = mac_check_lookup_vnode(td->td_ucred, dp, cnp);
+	error = mac_check_vnode_lookup(td->td_ucred, dp, cnp);
 	if (error)
 		goto bad;
 #endif

==== //depot/projects/trustedbsd/mac/sys/kern/vfs_syscalls.c#64 (text+ko) ====

@@ -1460,7 +1460,7 @@
 	if (vp->v_type != VDIR)
 		error = ENOTDIR;
 #ifdef MAC
-	else if ((error = mac_check_chdir_vnode(td->td_ucred, vp)) != 0) {
+	else if ((error = mac_check_vnode_chdir(td->td_ucred, vp)) != 0) {
 	}
 #endif
 	else
@@ -1600,7 +1600,7 @@
 	NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF, UIO_USERSPACE,
 	    SCARG(uap, path), td);
 #ifdef MAC
-	if ((error = mac_check_chroot_vnode(td->td_ucred, nd.ni_vp))) {
+	if ((error = mac_check_vnode_chroot(td->td_ucred, nd.ni_vp))) {
 		/*
 		 * XXX: Release of namei() structures may be wrong here
 		 * and below in existing code.
@@ -1643,7 +1643,7 @@
 	if (vp->v_type != VDIR)
 		error = ENOTDIR;
 #ifdef MAC
-	else if ((error = mac_check_chdir_vnode(td->td_ucred, vp)) != 0) {
+	else if ((error = mac_check_vnode_chdir(td->td_ucred, vp)) != 0) {
 	}
 #endif
 	else
@@ -1943,7 +1943,7 @@
 	}
 #ifdef MAC
 	if (error == 0 && !whiteout)
-		error = mac_check_create_vnode(td->td_ucred, nd.ni_dvp,
+		error = mac_check_vnode_create(td->td_ucred, nd.ni_dvp,
 		    &nd.ni_cnd, &vattr);
 #endif /* MAC */
 	if (!error) {
@@ -2013,7 +2013,7 @@
 	vattr.va_mode = (SCARG(uap, mode) & ALLPERMS) &~ td->td_proc->p_fd->fd_cmask;
 	FILEDESC_UNLOCK(td->td_proc->p_fd);
 #ifdef MAC
-	error = mac_check_create_vnode(td->td_ucred, nd.ni_dvp, &nd.ni_cnd,
+	error = mac_check_vnode_create(td->td_ucred, nd.ni_dvp, &nd.ni_cnd,
 	    &vattr);
 #endif /* MAC */
 	if (error == 0) {
@@ -2139,7 +2139,7 @@
 	FILEDESC_UNLOCK(td->td_proc->p_fd);
 	vattr.va_type = VLNK;
 #ifdef MAC
-	error = mac_check_create_vnode(td->td_ucred, nd.ni_dvp, &nd.ni_cnd,
+	error = mac_check_vnode_create(td->td_ucred, nd.ni_dvp, &nd.ni_cnd,
 	    &vattr);
 #endif /* MAC */
 	if (error == 0) {
@@ -2261,7 +2261,7 @@
 	vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
 	if (!error) {
 #ifdef MAC
-		error = mac_check_delete_vnode(td->td_ucred, nd.ni_dvp, vp,
+		error = mac_check_vnode_delete(td->td_ucred, nd.ni_dvp, vp,
 		    &nd.ni_cnd);
 		if (error == 0) {
 #endif
@@ -2410,7 +2410,7 @@
 		if (user_flags & X_OK)
 			flags |= VEXEC;
 #ifdef MAC
-		error = mac_check_access_vnode(cred, vp, flags);
+		error = mac_check_vnode_access(cred, vp, flags);
 		if (error)
 			return (error);
 #endif
@@ -2856,7 +2856,7 @@
 	NDFREE(&nd, NDF_ONLY_PNBUF);
 	vp = nd.ni_vp;
 #ifdef MAC
-	error = mac_check_readlink_vnode(td->td_ucred, vp);
+	error = mac_check_vnode_readlink(td->td_ucred, vp);
 	if (error) {
 		vput(vp);
 		return (error);
@@ -2913,7 +2913,7 @@
 	VATTR_NULL(&vattr);
 	vattr.va_flags = flags;
 #if MAC
-	error = mac_check_setflags_vnode(td->td_ucred, vp, vattr.va_flags);
+	error = mac_check_vnode_setflags(td->td_ucred, vp, vattr.va_flags);
 	if (error != 0)
 		goto out;
 #endif
@@ -3027,7 +3027,7 @@
 	VATTR_NULL(&vattr);
 	vattr.va_mode = mode & ALLPERMS;
 #ifdef MAC
-	error = mac_check_setmode_vnode(td->td_ucred, vp, vattr.va_mode);
+	error = mac_check_vnode_setmode(td->td_ucred, vp, vattr.va_mode);
 	if (error != 0)

>>> TRUNCATED FOR MAIL (1000 lines) <<<
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message



More information about the trustedbsd-cvs mailing list