PERFORCE change 15079 for review
Robert Watson
rwatson at freebsd.org
Sun Jul 28 23:43:03 GMT 2002
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=15079
Change 15079 by rwatson at rwatson_paprika on 2002/07/28 16:42:56
Move the pipe_ioctl and pipe_op entry point implementations
into the right place alphabetically for the new naming
convention. No functional change.
Affected files ...
.. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#204 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#81 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#69 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#56 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#61 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#26 edit
.. //depot/projects/trustedbsd/mac/sys/sys/mac.h#131 edit
.. //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#97 edit
Differences ...
==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#204 (text+ko) ====
@@ -674,6 +674,14 @@
mpc->mpc_ops->mpo_check_mount_stat =
mpe->mpe_function;
break;
+ case MAC_CHECK_PIPE_IOCTL:
+ mpc->mpc_ops->mpo_check_pipe_ioctl =
+ mpe->mpe_function;
+ break;
+ case MAC_CHECK_PIPE_OP:
+ mpc->mpc_ops->mpo_check_pipe_op =
+ mpe->mpe_function;
+ break;
case MAC_CHECK_PIPE_RELABEL:
mpc->mpc_ops->mpo_check_pipe_relabel =
mpe->mpe_function;
@@ -818,14 +826,6 @@
mpc->mpc_ops->mpo_check_vnode_op =
mpe->mpe_function;
break;
- case MAC_CHECK_PIPE_IOCTL:
- mpc->mpc_ops->mpo_check_pipe_ioctl =
- mpe->mpe_function;
- break;
- case MAC_CHECK_PIPE_OP:
- mpc->mpc_ops->mpo_check_pipe_op =
- mpe->mpe_function;
- break;
case MAC_INIT_BPFDESC:
mpc->mpc_ops->mpo_init_bpfdesc =
mpe->mpe_function;
@@ -2331,27 +2331,6 @@
&mbuf->m_pkthdr.label);
}
-int
-mac_check_pipe_op(struct ucred *cred, struct pipe *pipe, int op)
-{
- int error;
-
- MAC_CHECK(check_pipe_op, cred, pipe, pipe->pipe_label, op);
-
- return (error);
-}
-
-int
-mac_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe, unsigned long cmd,
- void *data)
-{
- int error;
-
- MAC_CHECK(check_pipe_ioctl, cred, pipe, pipe->pipe_label, cmd, data);
-
- return (error);
-}
-
void
mac_create_mount(struct ucred *cred, struct mount *mp)
{
@@ -2437,6 +2416,27 @@
return (error);
}
+int
+mac_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe, unsigned long cmd,
+ void *data)
+{
+ int error;
+
+ MAC_CHECK(check_pipe_ioctl, cred, pipe, pipe->pipe_label, cmd, data);
+
+ return (error);
+}
+
+int
+mac_check_pipe_op(struct ucred *cred, struct pipe *pipe, int op)
+{
+ int error;
+
+ MAC_CHECK(check_pipe_op, cred, pipe, pipe->pipe_label, op);
+
+ return (error);
+}
+
static int
mac_check_pipe_relabel(struct ucred *cred, struct pipe *pipe,
struct label *newlabel)
==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#81 (text+ko) ====
@@ -1290,6 +1290,49 @@
}
static int
+mac_biba_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe,
+ struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data)
+{
+
+ if(!mac_biba_enabled)
+ return (0);
+
+ /* XXX: This will be implemented soon... */
+
+ return (0);
+}
+
+static int
+mac_biba_check_pipe_op(struct ucred *cred, struct pipe *pipe,
+ struct label *pipelabel, int op)
+{
+ struct mac_biba *subj, *obj;
+
+ if (!mac_biba_enabled)
+ return (0);
+
+ subj = SLOT(&cred->cr_label);
+ obj = SLOT((pipelabel));
+
+ switch(op) {
+ case MAC_OP_PIPE_READ:
+ case MAC_OP_PIPE_STAT:
+ case MAC_OP_PIPE_POLL:
+ if (!mac_biba_dominate_single(obj, subj))
+ return (EACCES);
+ break;
+ case MAC_OP_PIPE_WRITE:
+ if (!mac_biba_dominate_single(subj, obj))
+ return (EACCES);
+ break;
+ default:
+ panic("mac_biba_check_pipe_op: invalid pipe operation");
+ }
+
+ return (0);
+}
+
+static int
mac_biba_check_pipe_relabel(struct ucred *cred, struct pipe *pipe,
struct label *pipelabel, struct label *newlabel)
{
@@ -1965,49 +2008,6 @@
}
}
-static int
-mac_biba_check_pipe_op(struct ucred *cred, struct pipe *pipe,
- struct label *pipelabel, int op)
-{
- struct mac_biba *subj, *obj;
-
- if (!mac_biba_enabled)
- return (0);
-
- subj = SLOT(&cred->cr_label);
- obj = SLOT((pipelabel));
-
- switch(op) {
- case MAC_OP_PIPE_READ:
- case MAC_OP_PIPE_STAT:
- case MAC_OP_PIPE_POLL:
- if (!mac_biba_dominate_single(obj, subj))
- return (EACCES);
- break;
- case MAC_OP_PIPE_WRITE:
- if (!mac_biba_dominate_single(subj, obj))
- return (EACCES);
- break;
- default:
- panic("mac_biba_check_pipe_op: invalid pipe operation");
- }
-
- return (0);
-}
-
-static int
-mac_biba_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe,
- struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data)
-{
-
- if(!mac_biba_enabled)
- return (0);
-
- /* XXX: This will be implemented soon... */
-
- return (0);
-}
-
static struct mac_policy_op_entry mac_biba_ops[] =
{
{ MAC_DESTROY,
@@ -2152,6 +2152,10 @@
(macop_t)mac_biba_check_ifnet_transmit },
{ MAC_CHECK_MOUNT_STAT,
(macop_t)mac_biba_check_mount_stat },
+ { MAC_CHECK_PIPE_IOCTL,
+ (macop_t)mac_biba_check_pipe_ioctl },
+ { MAC_CHECK_PIPE_OP,
+ (macop_t)mac_biba_check_pipe_op },
{ MAC_CHECK_PIPE_RELABEL,
(macop_t)mac_biba_check_pipe_relabel },
{ MAC_CHECK_PROC_DEBUG,
@@ -2188,10 +2192,6 @@
(macop_t)mac_biba_check_vnode_lookup },
{ MAC_CHECK_VNODE_OPEN,
(macop_t)mac_biba_check_vnode_open },
- { MAC_CHECK_PIPE_IOCTL,
- (macop_t)mac_biba_check_pipe_ioctl },
- { MAC_CHECK_PIPE_OP,
- (macop_t)mac_biba_check_pipe_op },
{ MAC_CHECK_VNODE_READDIR,
(macop_t)mac_biba_check_vnode_readdir },
{ MAC_CHECK_VNODE_READLINK,
==== //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#69 (text+ko) ====
@@ -1237,6 +1237,49 @@
}
static int
+mac_mls_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe,
+ struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data)
+{
+
+ if(!mac_mls_enabled)
+ return (0);
+
+ /* XXX: This will be implemented soon... */
+
+ return (0);
+}
+
+static int
+mac_mls_check_pipe_op(struct ucred *cred, struct pipe *pipe,
+ struct label *pipelabel, int op)
+{
+ struct mac_mls *subj, *obj;
+
+ if (!mac_mls_enabled)
+ return (0);
+
+ subj = SLOT(&cred->cr_label);
+ obj = SLOT((pipelabel));
+
+ switch(op) {
+ case MAC_OP_PIPE_READ:
+ case MAC_OP_PIPE_STAT:
+ case MAC_OP_PIPE_POLL:
+ if (!mac_mls_dominate_single(subj, obj))
+ return (EACCES);
+ break;
+ case MAC_OP_PIPE_WRITE:
+ if (!mac_mls_dominate_single(obj, subj))
+ return (EACCES);
+ break;
+ default:
+ panic("mac_mls_check_pipe_op: invalid pipe operation");
+ }
+
+ return (0);
+}
+
+static int
mac_mls_check_pipe_relabel(struct ucred *cred, struct pipe *pipe,
struct label *pipelabel, struct label *newlabel)
{
@@ -1916,49 +1959,6 @@
}
}
-static int
-mac_mls_check_pipe_op(struct ucred *cred, struct pipe *pipe,
- struct label *pipelabel, int op)
-{
- struct mac_mls *subj, *obj;
-
- if (!mac_mls_enabled)
- return (0);
-
- subj = SLOT(&cred->cr_label);
- obj = SLOT((pipelabel));
-
- switch(op) {
- case MAC_OP_PIPE_READ:
- case MAC_OP_PIPE_STAT:
- case MAC_OP_PIPE_POLL:
- if (!mac_mls_dominate_single(subj, obj))
- return (EACCES);
- break;
- case MAC_OP_PIPE_WRITE:
- if (!mac_mls_dominate_single(obj, subj))
- return (EACCES);
- break;
- default:
- panic("mac_mls_check_pipe_op: invalid pipe operation");
- }
-
- return (0);
-}
-
-static int
-mac_mls_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe,
- struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data)
-{
-
- if(!mac_mls_enabled)
- return (0);
-
- /* XXX: This will be implemented soon... */
-
- return (0);
-}
-
static struct mac_policy_op_entry mac_mls_ops[] =
{
{ MAC_DESTROY,
@@ -2103,6 +2103,10 @@
(macop_t)mac_mls_check_ifnet_transmit },
{ MAC_CHECK_MOUNT_STAT,
(macop_t)mac_mls_check_mount_stat },
+ { MAC_CHECK_PIPE_IOCTL,
+ (macop_t)mac_mls_check_pipe_ioctl },
+ { MAC_CHECK_PIPE_OP,
+ (macop_t)mac_mls_check_pipe_op },
{ MAC_CHECK_PIPE_RELABEL,
(macop_t)mac_mls_check_pipe_relabel },
{ MAC_CHECK_PROC_DEBUG,
@@ -2139,10 +2143,6 @@
(macop_t)mac_mls_check_vnode_lookup },
{ MAC_CHECK_VNODE_OPEN,
(macop_t)mac_mls_check_vnode_open },
- { MAC_CHECK_PIPE_IOCTL,
- (macop_t)mac_mls_check_pipe_ioctl },
- { MAC_CHECK_PIPE_OP,
- (macop_t)mac_mls_check_pipe_op },
{ MAC_CHECK_VNODE_READDIR,
(macop_t)mac_mls_check_vnode_readdir },
{ MAC_CHECK_VNODE_READLINK,
==== //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#56 (text+ko) ====
@@ -595,6 +595,22 @@
}
static int
+mac_none_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe,
+ struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data)
+{
+
+ return (0);
+}
+
+static int
+mac_none_check_pipe_op(struct ucred *cred, struct pipe *pipe,
+ struct label *pipelabel, int op)
+{
+
+ return (0);
+}
+
+static int
mac_none_check_pipe_relabel(struct ucred *cred, struct pipe *pipe,
struct label *pipelabel, struct label *newlabel)
{
@@ -866,22 +882,6 @@
return (0);
}
-static int
-mac_none_check_pipe_op(struct ucred *cred, struct pipe *pipe,
- struct label *pipelabel, int op)
-{
-
- return (0);
-}
-
-static int
-mac_none_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe,
- struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data)
-{
-
- return (0);
-}
-
static struct mac_policy_op_entry mac_none_ops[] =
{
{ MAC_DESTROY,
@@ -1028,6 +1028,10 @@
(macop_t)mac_none_check_ifnet_transmit },
{ MAC_CHECK_MOUNT_STAT,
(macop_t)mac_none_check_mount_stat },
+ { MAC_CHECK_PIPE_IOCTL,
+ (macop_t)mac_none_check_pipe_ioctl },
+ { MAC_CHECK_PIPE_OP,
+ (macop_t)mac_none_check_pipe_op },
{ MAC_CHECK_PIPE_RELABEL,
(macop_t)mac_none_check_pipe_relabel },
{ MAC_CHECK_PROC_DEBUG,
@@ -1096,10 +1100,6 @@
(macop_t)mac_none_check_vnode_setutimes },
{ MAC_CHECK_VNODE_STAT,
(macop_t)mac_none_check_vnode_stat },
- { MAC_CHECK_PIPE_IOCTL,
- (macop_t)mac_none_check_pipe_ioctl },
- { MAC_CHECK_PIPE_OP,
- (macop_t)mac_none_check_pipe_op },
{ MAC_OP_LAST, NULL }
};
==== //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#61 (text+ko) ====
@@ -686,6 +686,26 @@
}
static int
+mac_te_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe,
+ struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data)
+{
+
+ /* XXX: This will be implemented soon... */
+
+ return (0);
+}
+
+static int
+mac_te_check_pipe_op(struct ucred *cred, struct pipe *pipe,
+ struct label *pipelabel, int op)
+{
+
+ /* XXX: This will be implemented soon... */
+
+ return (0);
+}
+
+static int
mac_te_check_pipe_relabel(struct ucred *cred, struct pipe *pipe,
struct label *pipelabel, struct label *newlabel)
{
@@ -1650,26 +1670,6 @@
mac_te_copy_label(SLOT(fragmentlabel), SLOT(ipqlabel));
}
-static int
-mac_te_check_pipe_op(struct ucred *cred, struct pipe *pipe,
- struct label *pipelabel, int op)
-{
-
- /* XXX: This will be implemented soon... */
-
- return (0);
-}
-
-static int
-mac_te_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe,
- struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data)
-{
-
- /* XXX: This will be implemented soon... */
-
- return (0);
-}
-
static struct mac_policy_op_entry mac_te_ops[] =
{
{ MAC_INIT_BPFDESC, (macop_t)mac_te_init_bpfdesc },
@@ -1754,6 +1754,10 @@
(macop_t)mac_te_check_ifnet_transmit },
{ MAC_CHECK_MOUNT_STAT,
(macop_t)mac_te_check_mount_stat },
+ { MAC_CHECK_PIPE_IOCTL,
+ (macop_t)mac_te_check_pipe_ioctl },
+ { MAC_CHECK_PIPE_OP,
+ (macop_t)mac_te_check_pipe_op },
{ MAC_CHECK_PIPE_RELABEL,
(macop_t)mac_te_check_pipe_relabel },
{ MAC_CHECK_PROC_DEBUG,
@@ -1819,11 +1823,8 @@
(macop_t)mac_te_check_setowner_vnode },
{ MAC_CHECK_VNODE_SETUTIMES,
(macop_t)mac_te_check_vnode_setutimes },
- { MAC_CHECK_PIPE_IOCTL,
- (macop_t)mac_te_check_pipe_ioctl },
- { MAC_CHECK_PIPE_OP,
- (macop_t)mac_te_check_pipe_op },
- { MAC_CHECK_VNODE_STAT, (macop_t)mac_te_check_stat_vnode },
+ { MAC_CHECK_VNODE_STAT,
+ (macop_t)mac_te_check_stat_vnode },
{ MAC_CHECK_VNODE_MMAP_PERMS,
(macop_t)mac_te_check_vnode_mmap_perms },
{ MAC_CHECK_VNODE_OP,
==== //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#26 (text+ko) ====
@@ -803,6 +803,22 @@
}
static int
+mac_test_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe,
+ struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data)
+{
+
+ return (0);
+}
+
+static int
+mac_test_check_pipe_op(struct ucred *cred, struct pipe *pipe,
+ struct label *pipelabel, int op)
+{
+
+ return (0);
+}
+
+static int
mac_test_check_pipe_relabel(struct ucred *cred, struct pipe *pipe,
struct label *pipelabel, struct label *newlabel)
{
@@ -880,22 +896,6 @@
}
static int
-mac_test_check_pipe_op(struct ucred *cred, struct pipe *pipe,
- struct label *pipelabel, int op)
-{
-
- return (0);
-}
-
-static int
-mac_test_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe,
- struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data)
-{
-
- return (0);
-}
-
-static int
mac_test_check_vnode_access(struct ucred *cred, struct vnode *vp,
struct label *label, mode_t flags)
{
@@ -1234,6 +1234,10 @@
(macop_t)mac_test_check_ifnet_transmit },
{ MAC_CHECK_MOUNT_STAT,
(macop_t)mac_test_check_mount_stat },
+ { MAC_CHECK_PIPE_IOCTL,
+ (macop_t)mac_test_check_pipe_ioctl },
+ { MAC_CHECK_PIPE_OP,
+ (macop_t)mac_test_check_pipe_op },
{ MAC_CHECK_PIPE_RELABEL,
(macop_t)mac_test_check_pipe_relabel },
{ MAC_CHECK_PROC_DEBUG,
@@ -1302,10 +1306,6 @@
(macop_t)mac_test_check_vnode_setutimes },
{ MAC_CHECK_VNODE_STAT,
(macop_t)mac_test_check_vnode_stat },
- { MAC_CHECK_PIPE_IOCTL,
- (macop_t)mac_test_check_pipe_ioctl },
- { MAC_CHECK_PIPE_OP,
- (macop_t)mac_test_check_pipe_op },
{ MAC_OP_LAST, NULL }
};
==== //depot/projects/trustedbsd/mac/sys/sys/mac.h#131 (text+ko) ====
@@ -259,6 +259,9 @@
/* Authorizational event hooks. */
int mac_check_bpfdesc_receive(struct bpf_d *bpf_d, struct ifnet *ifnet);
int mac_check_mount_stat(struct ucred *cred, struct mount *mp);
+int mac_check_pipe_op(struct ucred *cred, struct pipe *pipe, int op);
+int mac_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe,
+ unsigned long cmd, void *data);
int mac_check_vnode_access(struct ucred *cred, struct vnode *vp,
int flags);
int mac_check_vnode_chdir(struct ucred *cred, struct vnode *dvp);
@@ -302,9 +305,6 @@
int mac_check_vnode_readlink(struct ucred *cred, struct vnode *vp);
int mac_check_vnode_revoke(struct ucred *cred, struct vnode *vp);
int mac_check_vnode_op(struct ucred *cred, struct vnode *vp, int op);
-int mac_check_pipe_op(struct ucred *cred, struct pipe *pipe, int op);
-int mac_check_pipe_ioctl(struct ucred *cred, struct pipe *pipe,
- unsigned long cmd, void *data);
int mac_getsockopt_label_get(struct ucred *cred, struct socket *so,
struct mac *extmac);
int mac_getsockopt_peerlabel_get(struct ucred *cred, struct socket *so,
==== //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#97 (text+ko) ====
@@ -242,6 +242,11 @@
struct label *mbuflabel);
int (*mpo_check_mount_stat)(struct ucred *cred, struct mount *mp,
struct label *mntlabel);
+ int (*mpo_check_pipe_ioctl)(struct ucred *cred,
+ struct pipe *pipe, struct label *pipelabel,
+ unsigned long cmd, void *data);
+ int (*mpo_check_pipe_op)(struct ucred *cred,
+ struct pipe *pipe, struct label *pipelabel, int op);
int (*mpo_check_pipe_relabel)(struct ucred *cred,
struct pipe *pipe, struct label *pipelabel,
struct label *newlabel);
@@ -331,11 +336,6 @@
struct vnode *vp, struct label *label, int newmapping);
int (*mpo_check_vnode_op)(struct ucred *cred,
struct vnode *vp, struct label *label, int op);
- int (*mpo_check_pipe_op)(struct ucred *cred,
- struct pipe *pipe, struct label *pipelabel, int op);
- int (*mpo_check_pipe_ioctl)(struct ucred *cred,
- struct pipe *pipe, struct label *pipelabel,
- unsigned long cmd, void /* caddr_t */ *data);
};
typedef void *macop_t;
@@ -415,6 +415,8 @@
MAC_CHECK_IFNET_RELABEL,
MAC_CHECK_IFNET_TRANSMIT,
MAC_CHECK_MOUNT_STAT,
+ MAC_CHECK_PIPE_IOCTL,
+ MAC_CHECK_PIPE_OP,
MAC_CHECK_PIPE_RELABEL,
MAC_CHECK_PROC_DEBUG,
MAC_CHECK_PROC_SCHED,
@@ -451,8 +453,6 @@
MAC_CHECK_VNODE_STAT,
MAC_CHECK_VNODE_MMAP_PERMS,
MAC_CHECK_VNODE_OP,
- MAC_CHECK_PIPE_IOCTL,
- MAC_CHECK_PIPE_OP
};
struct mac_policy_op_entry {
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list