PERFORCE change 15073 for review
Robert Watson
rwatson at freebsd.org
Sun Jul 28 21:27:15 GMT 2002
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=15073
Change 15073 by rwatson at rwatson_paprika on 2002/07/28 14:27:00
Rename mac_check_statfs to mac_check_mount_stat to conform
to new naming scheme.
Affected files ...
.. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#202 edit
.. //depot/projects/trustedbsd/mac/sys/kern/vfs_syscalls.c#65 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#79 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#67 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#54 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#59 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#24 edit
.. //depot/projects/trustedbsd/mac/sys/sys/mac.h#130 edit
.. //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#95 edit
Differences ...
==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#202 (text+ko) ====
@@ -662,6 +662,10 @@
mpc->mpc_ops->mpo_check_ifnet_transmit =
mpe->mpe_function;
break;
+ case MAC_CHECK_MOUNT_STAT:
+ mpc->mpc_ops->mpo_check_mount_stat =
+ mpe->mpe_function;
+ break;
case MAC_CHECK_PROC_DEBUG:
mpc->mpc_ops->mpo_check_proc_debug =
mpe->mpe_function;
@@ -714,9 +718,6 @@
mpc->mpc_ops->mpo_check_relabel_vnode =
mpe->mpe_function;
break;
- case MAC_CHECK_STATFS:
- mpc->mpc_ops->mpo_check_statfs = mpe->mpe_function;
- break;
case MAC_CHECK_VNODE_ACCESS:
mpc->mpc_ops->mpo_check_vnode_access =
mpe->mpe_function;
@@ -2453,6 +2454,19 @@
}
int
+mac_check_mount_stat(struct ucred *cred, struct mount *mount)
+{
+ int error;
+
+ if (!mac_enforce_fs)
+ return (0);
+
+ MAC_CHECK(check_mount_stat, cred, mount, &mount->mnt_mntlabel);
+
+ return (error);
+}
+
+int
mac_check_proc_debug(struct ucred *cred, struct proc *proc)
{
int error;
@@ -2679,19 +2693,6 @@
}
int
-mac_check_statfs(struct ucred *cred, struct mount *mount)
-{
- int error;
-
- if (!mac_enforce_fs)
- return (0);
-
- MAC_CHECK(check_statfs, cred, mount, &mount->mnt_mntlabel);
-
- return (error);
-}
-
-int
mac_check_vnode_op(struct ucred *cred, struct vnode *vp, int op)
{
int error;
==== //depot/projects/trustedbsd/mac/sys/kern/vfs_syscalls.c#65 (text+ko) ====
@@ -1290,7 +1290,7 @@
NDFREE(&nd, NDF_ONLY_PNBUF);
vrele(nd.ni_vp);
#ifdef MAC
- error = mac_check_statfs(td->td_ucred, mp);
+ error = mac_check_mount_stat(td->td_ucred, mp);
if (error)
return (error);
#endif
@@ -1337,7 +1337,7 @@
if (mp == NULL)
return (EBADF);
#ifdef MAC
- error = mac_check_statfs(td->td_ucred, mp);
+ error = mac_check_mount_stat(td->td_ucred, mp);
if (error)
return (error);
#endif
@@ -1384,7 +1384,7 @@
mtx_lock(&mountlist_mtx);
for (mp = TAILQ_FIRST(&mountlist); mp != NULL; mp = nmp) {
#ifdef MAC
- if (mac_check_statfs(td->td_ucred, mp) != 0) {
+ if (mac_check_mount_stat(td->td_ucred, mp) != 0) {
nmp = TAILQ_NEXT(mp, mnt_list);
continue;
}
@@ -4671,7 +4671,7 @@
sp = &mp->mnt_stat;
vput(vp);
#ifdef MAC
- error = mac_check_statfs(td->td_ucred, mp);
+ error = mac_check_mount_stat(td->td_ucred, mp);
if (error)
return (error);
#endif
==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#79 (text+ko) ====
@@ -1214,6 +1214,24 @@
}
static int
+mac_biba_check_mount_stat(struct ucred *cred, struct mount *mp,
+ struct label *mntlabel)
+{
+ struct mac_biba *subj, *obj;
+
+ if (!mac_biba_enabled)
+ return (0);
+
+ subj = SLOT(&cred->cr_label);
+ obj = SLOT(mntlabel);
+
+ if (!mac_biba_dominate_single(obj, subj))
+ return (EACCES);
+
+ return (0);
+}
+
+static int
mac_biba_check_proc_debug(struct ucred *cred, struct proc *proc)
{
struct mac_biba *subj, *obj;
@@ -1464,24 +1482,6 @@
}
static int
-mac_biba_check_statfs(struct ucred *cred, struct mount *mp,
- struct label *mntlabel)
-{
- struct mac_biba *subj, *obj;
-
- if (!mac_biba_enabled)
- return (0);
-
- subj = SLOT(&cred->cr_label);
- obj = SLOT(mntlabel);
-
- if (!mac_biba_dominate_single(obj, subj))
- return (EACCES);
-
- return (0);
-}
-
-static int
mac_biba_check_vnode_access(struct ucred *cred, struct vnode *vp,
struct label *label, mode_t flags)
{
@@ -2146,6 +2146,8 @@
(macop_t)mac_biba_check_cred_visible },
{ MAC_CHECK_IFNET_TRANSMIT,
(macop_t)mac_biba_check_ifnet_transmit },
+ { MAC_CHECK_MOUNT_STAT,
+ (macop_t)mac_biba_check_mount_stat },
{ MAC_CHECK_PROC_DEBUG,
(macop_t)mac_biba_check_proc_debug },
{ MAC_CHECK_PROC_SCHED,
@@ -2166,8 +2168,6 @@
(macop_t)mac_biba_check_relabel_subject },
{ MAC_CHECK_RELABEL_VNODE,
(macop_t)mac_biba_check_relabel_vnode },
- { MAC_CHECK_STATFS,
- (macop_t)mac_biba_check_statfs },
{ MAC_CHECK_VNODE_ACCESS,
(macop_t)mac_biba_check_vnode_access },
{ MAC_CHECK_VNODE_CHDIR,
==== //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#67 (text+ko) ====
@@ -1163,6 +1163,24 @@
}
static int
+mac_mls_check_mount_stat(struct ucred *cred, struct mount *mp,
+ struct label *mntlabel)
+{
+ struct mac_mls *subj, *obj;
+
+ if (!mac_mls_enabled)
+ return (0);
+
+ subj = SLOT(&cred->cr_label);
+ obj = SLOT(mntlabel);
+
+ if (!mac_mls_dominate_single(subj, obj))
+ return (EACCES);
+
+ return (0);
+}
+
+static int
mac_mls_check_proc_debug(struct ucred *cred, struct proc *proc)
{
struct mac_mls *subj, *obj;
@@ -1413,24 +1431,6 @@
}
static int
-mac_mls_check_statfs(struct ucred *cred, struct mount *mp,
- struct label *mntlabel)
-{
- struct mac_mls *subj, *obj;
-
- if (!mac_mls_enabled)
- return (0);
-
- subj = SLOT(&cred->cr_label);
- obj = SLOT(mntlabel);
-
- if (!mac_mls_dominate_single(subj, obj))
- return (EACCES);
-
- return (0);
-}
-
-static int
mac_mls_check_vnode_access(struct ucred *cred, struct vnode *vp,
struct label *label, mode_t flags)
{
@@ -2095,6 +2095,8 @@
(macop_t)mac_mls_check_cred_visible },
{ MAC_CHECK_IFNET_TRANSMIT,
(macop_t)mac_mls_check_ifnet_transmit },
+ { MAC_CHECK_MOUNT_STAT,
+ (macop_t)mac_mls_check_mount_stat },
{ MAC_CHECK_PROC_DEBUG,
(macop_t)mac_mls_check_proc_debug },
{ MAC_CHECK_PROC_SCHED,
@@ -2115,8 +2117,6 @@
(macop_t)mac_mls_check_relabel_subject },
{ MAC_CHECK_RELABEL_VNODE,
(macop_t)mac_mls_check_relabel_vnode },
- { MAC_CHECK_STATFS,
- (macop_t)mac_mls_check_statfs },
{ MAC_CHECK_VNODE_ACCESS,
(macop_t)mac_mls_check_vnode_access },
{ MAC_CHECK_VNODE_CHDIR,
==== //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#54 (text+ko) ====
@@ -572,6 +572,14 @@
}
static int
+mac_none_check_mount_stat(struct ucred *cred, struct mount *mp,
+ struct label *mntlabel)
+{
+
+ return (0);
+}
+
+static int
mac_none_check_proc_debug(struct ucred *cred, struct proc *proc)
{
@@ -672,14 +680,6 @@
}
static int
-mac_none_check_statfs(struct ucred *cred, struct mount *mp,
- struct label *mntlabel)
-{
-
- return (0);
-}
-
-static int
mac_none_check_vnode_access(struct ucred *cred, struct vnode *vp,
struct label *label, mode_t flags)
{
@@ -1022,6 +1022,8 @@
(macop_t)mac_none_check_cred_visible },
{ MAC_CHECK_IFNET_TRANSMIT,
(macop_t)mac_none_check_ifnet_transmit },
+ { MAC_CHECK_MOUNT_STAT,
+ (macop_t)mac_none_check_mount_stat },
{ MAC_CHECK_PROC_DEBUG,
(macop_t)mac_none_check_proc_debug },
{ MAC_CHECK_PROC_SCHED,
@@ -1048,8 +1050,6 @@
(macop_t)mac_none_check_relabel_subject },
{ MAC_CHECK_RELABEL_VNODE,
(macop_t)mac_none_check_relabel_vnode },
- { MAC_CHECK_STATFS,
- (macop_t)mac_none_check_statfs },
{ MAC_CHECK_VNODE_ACCESS,
(macop_t)mac_none_check_vnode_access },
{ MAC_CHECK_VNODE_CHDIR,
==== //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#59 (text+ko) ====
@@ -694,6 +694,18 @@
}
static int
+mac_te_check_mount_stat(struct ucred *cred, struct mount *mp,
+ struct label *mplabel)
+{
+ int error;
+
+ error = mac_te_check(SLOT(&cred->cr_label), SLOT(mplabel),
+ MAC_TE_CLASS_FS, MAC_TE_OPERATION_FS_STATFS);
+
+ return (error);
+}
+
+static int
mac_te_check_proc_debug(struct ucred *cred, struct proc *proc)
{
@@ -1535,18 +1547,6 @@
return (0);
}
-static int
-mac_te_check_statfs(struct ucred *cred, struct mount *mp,
- struct label *mplabel)
-{
- int error;
-
- error = mac_te_check(SLOT(&cred->cr_label), SLOT(mplabel),
- MAC_TE_CLASS_FS, MAC_TE_OPERATION_FS_STATFS);
-
- return (error);
-}
-
static vm_prot_t
mac_te_check_vnode_mmap_perms(struct ucred *cred, struct vnode *vp,
struct label *label, int newmapping)
@@ -1748,6 +1748,8 @@
(macop_t)mac_te_check_cred_visible },
{ MAC_CHECK_IFNET_TRANSMIT,
(macop_t)mac_te_check_ifnet_transmit },
+ { MAC_CHECK_MOUNT_STAT,
+ (macop_t)mac_te_check_mount_stat },
{ MAC_CHECK_PROC_DEBUG,
(macop_t)mac_te_check_proc_debug },
{ MAC_CHECK_PROC_SCHED,
@@ -1774,7 +1776,6 @@
(macop_t)mac_te_check_relabel_subject },
{ MAC_CHECK_RELABEL_VNODE,
(macop_t)mac_te_check_relabel_vnode },
- { MAC_CHECK_STATFS, (macop_t)mac_te_check_statfs },
{ MAC_CHECK_VNODE_ACCESS,
(macop_t)mac_te_check_vnode_access },
{ MAC_CHECK_VNODE_CHDIR,
==== //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#24 (text+ko) ====
@@ -780,6 +780,14 @@
}
static int
+mac_test_check_mount_stat(struct ucred *cred, struct mount *mp,
+ struct label *mntlabel)
+{
+
+ return (0);
+}
+
+static int
mac_test_check_proc_debug(struct ucred *cred, struct proc *proc)
{
@@ -896,14 +904,6 @@
}
static int
-mac_test_check_statfs(struct ucred *cred, struct mount *mp,
- struct label *mntlabel)
-{
-
- return (0);
-}
-
-static int
mac_test_check_vnode_access(struct ucred *cred, struct vnode *vp,
struct label *label, mode_t flags)
{
@@ -1228,6 +1228,8 @@
(macop_t)mac_test_check_cred_visible },
{ MAC_CHECK_IFNET_TRANSMIT,
(macop_t)mac_test_check_ifnet_transmit },
+ { MAC_CHECK_MOUNT_STAT,
+ (macop_t)mac_test_check_mount_stat },
{ MAC_CHECK_PROC_DEBUG,
(macop_t)mac_test_check_proc_debug },
{ MAC_CHECK_PROC_SCHED,
@@ -1254,8 +1256,6 @@
(macop_t)mac_test_check_relabel_subject },
{ MAC_CHECK_RELABEL_VNODE,
(macop_t)mac_test_check_relabel_vnode },
- { MAC_CHECK_STATFS,
- (macop_t)mac_test_check_statfs },
{ MAC_CHECK_VNODE_ACCESS,
(macop_t)mac_test_check_vnode_access },
{ MAC_CHECK_VNODE_CHDIR,
==== //depot/projects/trustedbsd/mac/sys/sys/mac.h#130 (text+ko) ====
@@ -258,6 +258,7 @@
/* Authorizational event hooks. */
int mac_check_bpfdesc_receive(struct bpf_d *bpf_d, struct ifnet *ifnet);
+int mac_check_mount_stat(struct ucred *cred, struct mount *mp);
int mac_check_vnode_access(struct ucred *cred, struct vnode *vp,
int flags);
int mac_check_vnode_chdir(struct ucred *cred, struct vnode *dvp);
@@ -300,7 +301,6 @@
int mac_check_vnode_readdir(struct ucred *cred, struct vnode *vp);
int mac_check_vnode_readlink(struct ucred *cred, struct vnode *vp);
int mac_check_vnode_revoke(struct ucred *cred, struct vnode *vp);
-int mac_check_statfs(struct ucred *cred, struct mount *mp);
int mac_check_vnode_op(struct ucred *cred, struct vnode *vp, int op);
int mac_check_pipe_op(struct ucred *cred, struct pipe *pipe, int op);
int mac_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe,
==== //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#95 (text+ko) ====
@@ -235,6 +235,8 @@
int (*mpo_check_ifnet_transmit)(struct ifnet *ifnet,
struct label *ifnetlabel, struct mbuf *m,
struct label *mbuflabel);
+ int (*mpo_check_mount_stat)(struct ucred *cred, struct mount *mp,
+ struct label *mntlabel);
int (*mpo_check_proc_debug)(struct ucred *cred, struct proc *proc);
int (*mpo_check_proc_sched)(struct ucred *cred, struct proc *proc);
int (*mpo_check_proc_signal)(struct ucred *cred, struct proc *proc,
@@ -266,8 +268,6 @@
int (*mpo_check_relabel_vnode)(struct ucred *cred,
struct vnode *vp, struct label *vnodelabel,
struct label *newlabel);
- int (*mpo_check_statfs)(struct ucred *cred, struct mount *mp,
- struct label *mntlabel);
int (*mpo_check_vnode_access)(struct ucred *cred,
struct vnode *vp, struct label *label, int flags);
int (*mpo_check_vnode_chdir)(struct ucred *cred,
@@ -412,6 +412,7 @@
MAC_CHECK_BPFDESC_RECEIVE,
MAC_CHECK_CRED_VISIBLE,
MAC_CHECK_IFNET_TRANSMIT,
+ MAC_CHECK_MOUNT_STAT,
MAC_CHECK_PROC_DEBUG,
MAC_CHECK_PROC_SCHED,
MAC_CHECK_PROC_SIGNAL,
@@ -425,7 +426,6 @@
MAC_CHECK_RELABEL_SOCKET,
MAC_CHECK_RELABEL_SUBJECT,
MAC_CHECK_RELABEL_VNODE,
- MAC_CHECK_STATFS,
MAC_CHECK_VNODE_ACCESS,
MAC_CHECK_VNODE_CHDIR,
MAC_CHECK_VNODE_CHROOT,
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list