PERFORCE change 15085 for review
Robert Watson
rwatson at freebsd.org
Mon Jul 29 01:46:38 GMT 2002
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=15085
Change 15085 by rwatson at rwatson_paprika on 2002/07/28 18:45:59
Generally rename "subject" to "cred" where we're specifically
referring to credentials.
Affected files ...
.. //depot/projects/trustedbsd/mac/sys/fs/procfs/procfs_mac.c#5 edit
.. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#205 edit
.. //depot/projects/trustedbsd/mac/sys/kern/kern_prot.c#25 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#82 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#70 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#57 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_partition/mac_partition.c#10 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#62 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#27 edit
.. //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#18 edit
.. //depot/projects/trustedbsd/mac/sys/sys/mac.h#132 edit
.. //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#98 edit
Differences ...
==== //depot/projects/trustedbsd/mac/sys/fs/procfs/procfs_mac.c#5 (text+ko) ====
@@ -60,7 +60,7 @@
mac_update_vnode_from_mount(vp, vp->v_mount);
else {
PROC_LOCK(p);
- mac_update_procfsvnode_from_subject(vp, p->p_ucred);
+ mac_update_procfsvnode_from_cred(vp, p->p_ucred);
PROC_UNLOCK(p);
}
==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#205 (text+ko) ====
@@ -531,8 +531,8 @@
mpc->mpc_ops->mpo_update_devfsdirent_from_vnode =
mpe->mpe_function;
break;
- case MAC_UPDATE_PROCFSVNODE_FROM_SUBJECT:
- mpc->mpc_ops->mpo_update_procfsvnode_from_subject =
+ case MAC_UPDATE_PROCFSVNODE_FROM_CRED:
+ mpc->mpc_ops->mpo_update_procfsvnode_from_cred =
mpe->mpe_function;
break;
case MAC_UPDATE_VNODE_FROM_EXTATTR:
@@ -630,8 +630,9 @@
mpc->mpc_ops->mpo_update_ipq_from_fragment =
mpe->mpe_function;
break;
- case MAC_CREATE_SUBJECT:
- mpc->mpc_ops->mpo_create_subject = mpe->mpe_function;
+ case MAC_CREATE_CRED:
+ mpc->mpc_ops->mpo_create_cred =
+ mpe->mpe_function;
break;
case MAC_EXECVE_TRANSITION:
mpc->mpc_ops->mpo_execve_transition = mpe->mpe_function;
@@ -646,8 +647,8 @@
case MAC_CREATE_PROC1:
mpc->mpc_ops->mpo_create_proc1 = mpe->mpe_function;
break;
- case MAC_RELABEL_SUBJECT:
- mpc->mpc_ops->mpo_relabel_subject =
+ case MAC_RELABEL_CRED:
+ mpc->mpc_ops->mpo_relabel_cred =
mpe->mpe_function;
break;
case MAC_CHECK_BPFDESC_RECEIVE:
@@ -830,6 +831,10 @@
mpc->mpc_ops->mpo_init_bpfdesc =
mpe->mpe_function;
break;
+ case MAC_INIT_CRED:
+ mpc->mpc_ops->mpo_init_cred =
+ mpe->mpe_function;
+ break;
case MAC_INIT_DEVFSDIRENT:
mpc->mpc_ops->mpo_init_devfsdirent =
mpe->mpe_function;
@@ -858,10 +863,6 @@
mpc->mpc_ops->mpo_init_socket =
mpe->mpe_function;
break;
- case MAC_INIT_SUBJECT:
- mpc->mpc_ops->mpo_init_subject =
- mpe->mpe_function;
- break;
case MAC_INIT_TEMP:
mpc->mpc_ops->mpo_init_temp =
mpe->mpe_function;
@@ -874,6 +875,10 @@
mpc->mpc_ops->mpo_destroy_bpfdesc =
mpe->mpe_function;
break;
+ case MAC_DESTROY_CRED:
+ mpc->mpc_ops->mpo_destroy_cred =
+ mpe->mpe_function;
+ break;
case MAC_DESTROY_DEVFSDIRENT:
mpc->mpc_ops->mpo_destroy_devfsdirent =
mpe->mpe_function;
@@ -902,10 +907,6 @@
mpc->mpc_ops->mpo_destroy_socket =
mpe->mpe_function;
break;
- case MAC_DESTROY_SUBJECT:
- mpc->mpc_ops->mpo_destroy_subject =
- mpe->mpe_function;
- break;
case MAC_DESTROY_TEMP:
mpc->mpc_ops->mpo_destroy_temp =
mpe->mpe_function;
@@ -1050,10 +1051,10 @@
}
void
-mac_update_procfsvnode_from_subject(struct vnode *vp, struct ucred *cred)
+mac_update_procfsvnode_from_cred(struct vnode *vp, struct ucred *cred)
{
- MAC_PERFORM(update_procfsvnode_from_subject, vp, &vp->v_label, cred);
+ MAC_PERFORM(update_procfsvnode_from_cred, vp, &vp->v_label, cred);
}
/*
@@ -1348,13 +1349,13 @@
/* label->l_flags &= ~MAC_FLAG_INITIALIZED; */
}
-static unsigned int nmacmbufs, nmacsubjects, nmacifnets, nmacbpfdescs,
+static unsigned int nmacmbufs, nmaccreds, nmacifnets, nmacbpfdescs,
nmacsockets, nmacmounts, nmactemp, nmacvnodes, nmacdevfsdirents,
nmacipqs, nmacpipes;
SYSCTL_UINT(_security_mac_debug, OID_AUTO, mbufs, CTLFLAG_RD,
&nmacmbufs, 0, "number of mbufs in use");
-SYSCTL_UINT(_security_mac_debug, OID_AUTO, subjects, CTLFLAG_RD,
- &nmacsubjects, 0, "number of ucreds in use");
+SYSCTL_UINT(_security_mac_debug, OID_AUTO, creds, CTLFLAG_RD,
+ &nmaccreds, 0, "number of ucreds in use");
SYSCTL_UINT(_security_mac_debug, OID_AUTO, ifnets, CTLFLAG_RD,
&nmacifnets, 0, "number of ifnets in use");
SYSCTL_UINT(_security_mac_debug, OID_AUTO, ipqs, CTLFLAG_RD,
@@ -1396,21 +1397,21 @@
}
void
-mac_init_subject(struct ucred *cr)
+mac_init_cred(struct ucred *cr)
{
mac_init_label(&cr->cr_label);
- MAC_PERFORM(init_subject, cr, &cr->cr_label);
- atomic_add_int(&nmacsubjects, 1);
+ MAC_PERFORM(init_cred, cr, &cr->cr_label);
+ atomic_add_int(&nmaccreds, 1);
}
void
-mac_destroy_subject(struct ucred *cr)
+mac_destroy_cred(struct ucred *cr)
{
- MAC_PERFORM(destroy_subject, cr, &cr->cr_label);
+ MAC_PERFORM(destroy_cred, cr, &cr->cr_label);
mac_destroy_label(&cr->cr_label);
- atomic_subtract_int(&nmacsubjects, 1);
+ atomic_subtract_int(&nmaccreds, 1);
}
void
@@ -1661,10 +1662,10 @@
* deltas. This function allows that processing to take place.
*/
void
-mac_create_subject(struct ucred *parent_cred, struct ucred *child_cred)
+mac_create_cred(struct ucred *parent_cred, struct ucred *child_cred)
{
- MAC_PERFORM(create_subject, parent_cred, child_cred);
+ MAC_PERFORM(create_cred, parent_cred, child_cred);
}
int
@@ -2146,10 +2147,10 @@
* buffer cache.
*/
static void
-mac_relabel_subject(struct ucred *cred, struct label *newlabel)
+mac_relabel_cred(struct ucred *cred, struct label *newlabel)
{
- MAC_PERFORM(relabel_subject, cred, newlabel);
+ MAC_PERFORM(relabel_cred, cred, newlabel);
mac_subject_mmapped_drop_perms(curthread, cred);
}
@@ -2895,7 +2896,7 @@
setsugid(p);
crcopy(newcred, oldcred);
PROC_UNLOCK(p);
- mac_relabel_subject(newcred, &intlabel);
+ mac_relabel_cred(newcred, &intlabel);
PROC_LOCK(p);
p->p_ucred = newcred;
==== //depot/projects/trustedbsd/mac/sys/kern/kern_prot.c#25 (text+ko) ====
@@ -1694,7 +1694,7 @@
cr->cr_ref = 1;
cr->cr_mtxp = mtx_pool_find(cr);
#ifdef MAC
- mac_init_subject(cr);
+ mac_init_cred(cr);
#endif /* MAC */
return (cr);
}
@@ -1741,7 +1741,7 @@
if (jailed(cr))
prison_free(cr->cr_prison);
#ifdef MAC
- mac_destroy_subject(cr);
+ mac_destroy_cred(cr);
#endif /* MAC */
FREE(cr, M_CRED);
mtx_unlock(&Giant);
@@ -1780,7 +1780,7 @@
if (jailed(dest))
prison_hold(dest->cr_prison);
#if MAC
- mac_create_subject(src, dest);
+ mac_create_cred(src, dest);
#endif
}
==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#82 (text+ko) ====
@@ -410,6 +410,13 @@
}
static void
+mac_biba_init_cred(struct ucred *ucred, struct label *label)
+{
+
+ SLOT(label) = biba_alloc(M_WAITOK);
+}
+
+static void
mac_biba_init_devfsdirent(struct devfs_dirent *devfs_dirent,
struct label *label)
{
@@ -468,28 +475,29 @@
}
static void
-mac_biba_init_subject(struct ucred *ucred, struct label *label)
+mac_biba_init_temp(struct label *label)
{
SLOT(label) = biba_alloc(M_WAITOK);
}
static void
-mac_biba_init_temp(struct label *label)
+mac_biba_init_vnode(struct vnode *vp, struct label *label)
{
SLOT(label) = biba_alloc(M_WAITOK);
}
static void
-mac_biba_init_vnode(struct vnode *vp, struct label *label)
+mac_biba_destroy_bpfdesc(struct bpf_d *bpf_d, struct label *label)
{
- SLOT(label) = biba_alloc(M_WAITOK);
+ biba_free(SLOT(label));
+ SLOT(label) = NULL;
}
static void
-mac_biba_destroy_bpfdesc(struct bpf_d *bpf_d, struct label *label)
+mac_biba_destroy_cred(struct ucred *ucred, struct label *label)
{
biba_free(SLOT(label));
@@ -560,14 +568,6 @@
}
static void
-mac_biba_destroy_subject(struct ucred *ucred, struct label *label)
-{
-
- biba_free(SLOT(label));
- SLOT(label) = NULL;
-}
-
-static void
mac_biba_destroy_temp(struct label *label)
{
@@ -724,7 +724,7 @@
}
static void
-mac_biba_update_procfsvnode_from_subject(struct vnode *vp,
+mac_biba_update_procfsvnode_from_cred(struct vnode *vp,
struct label *vnodelabel, struct ucred *cred)
{
struct mac_biba *source, *dest;
@@ -1094,7 +1094,7 @@
* Labeling event operations: processes.
*/
static void
-mac_biba_create_subject(struct ucred *cred_parent, struct ucred *cred_child)
+mac_biba_create_cred(struct ucred *cred_parent, struct ucred *cred_child)
{
struct mac_biba *source, *dest;
@@ -1149,7 +1149,7 @@
}
static void
-mac_biba_relabel_subject(struct ucred *cred, struct label *newlabel)
+mac_biba_relabel_cred(struct ucred *cred, struct label *newlabel)
{
struct mac_biba *source, *dest;
@@ -2016,6 +2016,8 @@
(macop_t)mac_biba_init },
{ MAC_INIT_BPFDESC,
(macop_t)mac_biba_init_bpfdesc },
+ { MAC_INIT_CRED,
+ (macop_t)mac_biba_init_cred },
{ MAC_INIT_DEVFSDIRENT,
(macop_t)mac_biba_init_devfsdirent },
{ MAC_INIT_IFNET,
@@ -2030,14 +2032,14 @@
(macop_t)mac_biba_init_pipe },
{ MAC_INIT_SOCKET,
(macop_t)mac_biba_init_socket },
- { MAC_INIT_SUBJECT,
- (macop_t)mac_biba_init_subject },
{ MAC_INIT_TEMP,
(macop_t)mac_biba_init_temp },
{ MAC_INIT_VNODE,
(macop_t)mac_biba_init_vnode },
{ MAC_DESTROY_BPFDESC,
(macop_t)mac_biba_destroy_bpfdesc },
+ { MAC_DESTROY_CRED,
+ (macop_t)mac_biba_destroy_cred },
{ MAC_DESTROY_DEVFSDIRENT,
(macop_t)mac_biba_destroy_devfsdirent },
{ MAC_DESTROY_IFNET,
@@ -2052,8 +2054,6 @@
(macop_t)mac_biba_destroy_pipe },
{ MAC_DESTROY_SOCKET,
(macop_t)mac_biba_destroy_socket },
- { MAC_DESTROY_SUBJECT,
- (macop_t)mac_biba_destroy_subject },
{ MAC_DESTROY_TEMP,
(macop_t)mac_biba_destroy_temp },
{ MAC_DESTROY_VNODE,
@@ -2078,8 +2078,8 @@
(macop_t)mac_biba_relabel_vnode },
{ MAC_UPDATE_DEVFSDIRENT_FROM_VNODE,
(macop_t)mac_biba_update_devfsdirent_from_vnode },
- { MAC_UPDATE_PROCFSVNODE_FROM_SUBJECT,
- (macop_t)mac_biba_update_procfsvnode_from_subject },
+ { MAC_UPDATE_PROCFSVNODE_FROM_CRED,
+ (macop_t)mac_biba_update_procfsvnode_from_cred },
{ MAC_UPDATE_VNODE_FROM_EXTERNALIZED,
(macop_t)mac_biba_update_vnode_from_externalized },
{ MAC_UPDATE_VNODE_FROM_MOUNT,
@@ -2128,8 +2128,8 @@
(macop_t)mac_biba_relabel_ifnet },
{ MAC_UPDATE_IPQ_FROM_FRAGMENT,
(macop_t)mac_biba_update_ipq_from_fragment },
- { MAC_CREATE_SUBJECT,
- (macop_t)mac_biba_create_subject },
+ { MAC_CREATE_CRED,
+ (macop_t)mac_biba_create_cred },
{ MAC_EXECVE_TRANSITION,
(macop_t)mac_biba_execve_transition },
{ MAC_EXECVE_WILL_TRANSITION,
@@ -2138,8 +2138,8 @@
(macop_t)mac_biba_create_proc0 },
{ MAC_CREATE_PROC1,
(macop_t)mac_biba_create_proc1 },
- { MAC_RELABEL_SUBJECT,
- (macop_t)mac_biba_relabel_subject },
+ { MAC_RELABEL_CRED,
+ (macop_t)mac_biba_relabel_cred },
{ MAC_CHECK_BPFDESC_RECEIVE,
(macop_t)mac_biba_check_bpfdesc_receive },
{ MAC_CHECK_CRED_RELABEL,
==== //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#70 (text+ko) ====
@@ -392,6 +392,13 @@
}
static void
+mac_mls_init_cred(struct ucred *ucred, struct label *label)
+{
+
+ SLOT(label) = mls_alloc(M_WAITOK);
+}
+
+static void
mac_mls_init_devfsdirent(struct devfs_dirent *devfs_dirent,
struct label *label)
{
@@ -450,28 +457,29 @@
}
static void
-mac_mls_init_subject(struct ucred *ucred, struct label *label)
+mac_mls_init_temp(struct label *label)
{
SLOT(label) = mls_alloc(M_WAITOK);
}
static void
-mac_mls_init_temp(struct label *label)
+mac_mls_init_vnode(struct vnode *vp, struct label *label)
{
SLOT(label) = mls_alloc(M_WAITOK);
}
static void
-mac_mls_init_vnode(struct vnode *vp, struct label *label)
+mac_mls_destroy_bpfdesc(struct bpf_d *bpf_d, struct label *label)
{
- SLOT(label) = mls_alloc(M_WAITOK);
+ mls_free(SLOT(label));
+ SLOT(label) = NULL;
}
static void
-mac_mls_destroy_bpfdesc(struct bpf_d *bpf_d, struct label *label)
+mac_mls_destroy_cred(struct ucred *ucred, struct label *label)
{
mls_free(SLOT(label));
@@ -542,14 +550,6 @@
}
static void
-mac_mls_destroy_subject(struct ucred *ucred, struct label *label)
-{
-
- mls_free(SLOT(label));
- SLOT(label) = NULL;
-}
-
-static void
mac_mls_destroy_temp(struct label *label)
{
@@ -709,7 +709,7 @@
}
static void
-mac_mls_update_procfsvnode_from_subject(struct vnode *vp,
+mac_mls_update_procfsvnode_from_cred(struct vnode *vp,
struct label *vnodelabel, struct ucred *cred)
{
struct mac_mls *source, *dest;
@@ -1043,7 +1043,7 @@
* Labeling event operations: processes.
*/
static void
-mac_mls_create_subject(struct ucred *cred_parent, struct ucred *cred_child)
+mac_mls_create_cred(struct ucred *cred_parent, struct ucred *cred_child)
{
struct mac_mls *source, *dest;
@@ -1098,7 +1098,7 @@
}
static void
-mac_mls_relabel_subject(struct ucred *cred, struct label *newlabel)
+mac_mls_relabel_cred(struct ucred *cred, struct label *newlabel)
{
struct mac_mls *source, *dest;
@@ -1967,6 +1967,8 @@
(macop_t)mac_mls_init },
{ MAC_INIT_BPFDESC,
(macop_t)mac_mls_init_bpfdesc },
+ { MAC_INIT_CRED,
+ (macop_t)mac_mls_init_cred },
{ MAC_INIT_DEVFSDIRENT,
(macop_t)mac_mls_init_devfsdirent },
{ MAC_INIT_IFNET,
@@ -1981,14 +1983,14 @@
(macop_t)mac_mls_init_pipe },
{ MAC_INIT_SOCKET,
(macop_t)mac_mls_init_socket },
- { MAC_INIT_SUBJECT,
- (macop_t)mac_mls_init_subject },
{ MAC_INIT_TEMP,
(macop_t)mac_mls_init_temp },
{ MAC_INIT_VNODE,
(macop_t)mac_mls_init_vnode },
{ MAC_DESTROY_BPFDESC,
(macop_t)mac_mls_destroy_bpfdesc },
+ { MAC_DESTROY_CRED,
+ (macop_t)mac_mls_destroy_cred },
{ MAC_DESTROY_DEVFSDIRENT,
(macop_t)mac_mls_destroy_devfsdirent },
{ MAC_DESTROY_IFNET,
@@ -2003,8 +2005,6 @@
(macop_t)mac_mls_destroy_pipe },
{ MAC_DESTROY_SOCKET,
(macop_t)mac_mls_destroy_socket },
- { MAC_DESTROY_SUBJECT,
- (macop_t)mac_mls_destroy_subject },
{ MAC_DESTROY_TEMP,
(macop_t)mac_mls_destroy_temp },
{ MAC_DESTROY_VNODE,
@@ -2029,8 +2029,8 @@
(macop_t)mac_mls_relabel_vnode },
{ MAC_UPDATE_DEVFSDIRENT_FROM_VNODE,
(macop_t)mac_mls_update_devfsdirent_from_vnode },
- { MAC_UPDATE_PROCFSVNODE_FROM_SUBJECT,
- (macop_t)mac_mls_update_procfsvnode_from_subject },
+ { MAC_UPDATE_PROCFSVNODE_FROM_CRED,
+ (macop_t)mac_mls_update_procfsvnode_from_cred },
{ MAC_UPDATE_VNODE_FROM_EXTERNALIZED,
(macop_t)mac_mls_update_vnode_from_externalized },
{ MAC_UPDATE_VNODE_FROM_MOUNT,
@@ -2079,8 +2079,8 @@
(macop_t)mac_mls_relabel_ifnet },
{ MAC_UPDATE_IPQ_FROM_FRAGMENT,
(macop_t)mac_mls_update_ipq_from_fragment },
- { MAC_CREATE_SUBJECT,
- (macop_t)mac_mls_create_subject },
+ { MAC_CREATE_CRED,
+ (macop_t)mac_mls_create_cred },
{ MAC_EXECVE_TRANSITION,
(macop_t)mac_mls_execve_transition },
{ MAC_EXECVE_WILL_TRANSITION,
@@ -2089,8 +2089,8 @@
(macop_t)mac_mls_create_proc0 },
{ MAC_CREATE_PROC1,
(macop_t)mac_mls_create_proc1 },
- { MAC_RELABEL_SUBJECT,
- (macop_t)mac_mls_relabel_subject },
+ { MAC_RELABEL_CRED,
+ (macop_t)mac_mls_relabel_cred },
{ MAC_CHECK_BPFDESC_RECEIVE,
(macop_t)mac_mls_check_bpfdesc_receive },
{ MAC_CHECK_CRED_RELABEL,
==== //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#57 (text+ko) ====
@@ -108,6 +108,12 @@
}
static void
+mac_none_init_cred(struct ucred *ucred, struct label *label)
+{
+
+}
+
+static void
mac_none_init_devfsdirent(struct devfs_dirent *devfs_dirent,
struct label *label)
{
@@ -154,25 +160,25 @@
}
static void
-mac_none_init_subject(struct ucred *ucred, struct label *label)
+mac_none_init_temp(struct label *label)
{
}
static void
-mac_none_init_temp(struct label *label)
+mac_none_init_vnode(struct vnode *vp, struct label *label)
{
}
static void
-mac_none_init_vnode(struct vnode *vp, struct label *label)
+mac_none_destroy_bpfdesc(struct bpf_d *bpf_d, struct label *label)
{
}
static void
-mac_none_destroy_bpfdesc(struct bpf_d *bpf_d, struct label *label)
+mac_none_destroy_cred(struct ucred *ucred, struct label *label)
{
}
@@ -223,12 +229,6 @@
}
static void
-mac_none_destroy_subject(struct ucred *ucred, struct label *label)
-{
-
-}
-
-static void
mac_none_destroy_temp(struct label *label)
{
@@ -316,7 +316,7 @@
}
static void
-mac_none_update_procfsvnode_from_subject(struct vnode *vp,
+mac_none_update_procfsvnode_from_cred(struct vnode *vp,
struct label *vnodelabel, struct ucred *cred)
{
@@ -507,7 +507,7 @@
* Labeling event operations: processes.
*/
static void
-mac_none_create_subject(struct ucred *cred_parent, struct ucred *cred_child)
+mac_none_create_cred(struct ucred *cred_parent, struct ucred *cred_child)
{
}
@@ -540,7 +540,7 @@
}
static void
-mac_none_relabel_subject(struct ucred *cred, struct label *newlabel)
+mac_none_relabel_cred(struct ucred *cred, struct label *newlabel)
{
}
@@ -890,6 +890,8 @@
(macop_t)mac_none_init },
{ MAC_INIT_BPFDESC,
(macop_t)mac_none_init_bpfdesc },
+ { MAC_INIT_CRED,
+ (macop_t)mac_none_init_cred },
{ MAC_INIT_DEVFSDIRENT,
(macop_t)mac_none_init_devfsdirent },
{ MAC_INIT_IFNET,
@@ -904,14 +906,14 @@
(macop_t)mac_none_init_pipe },
{ MAC_INIT_SOCKET,
(macop_t)mac_none_init_socket },
- { MAC_INIT_SUBJECT,
- (macop_t)mac_none_init_subject },
{ MAC_INIT_TEMP,
(macop_t)mac_none_init_temp },
{ MAC_INIT_VNODE,
(macop_t)mac_none_init_vnode },
{ MAC_DESTROY_BPFDESC,
(macop_t)mac_none_destroy_bpfdesc },
+ { MAC_DESTROY_CRED,
+ (macop_t)mac_none_destroy_cred },
{ MAC_DESTROY_DEVFSDIRENT,
(macop_t)mac_none_destroy_devfsdirent },
{ MAC_DESTROY_IFNET,
@@ -926,8 +928,6 @@
(macop_t)mac_none_destroy_pipe },
{ MAC_DESTROY_SOCKET,
(macop_t)mac_none_destroy_socket },
- { MAC_DESTROY_SUBJECT,
- (macop_t)mac_none_destroy_subject },
{ MAC_DESTROY_TEMP,
(macop_t)mac_none_destroy_temp },
{ MAC_DESTROY_VNODE,
@@ -952,8 +952,8 @@
(macop_t)mac_none_relabel_vnode },
{ MAC_UPDATE_DEVFSDIRENT_FROM_VNODE,
(macop_t)mac_none_update_devfsdirent_from_vnode },
- { MAC_UPDATE_PROCFSVNODE_FROM_SUBJECT,
- (macop_t)mac_none_update_procfsvnode_from_subject },
+ { MAC_UPDATE_PROCFSVNODE_FROM_CRED,
+ (macop_t)mac_none_update_procfsvnode_from_cred },
{ MAC_UPDATE_VNODE_FROM_EXTERNALIZED,
(macop_t)mac_none_update_vnode_from_externalized },
{ MAC_UPDATE_VNODE_FROM_MOUNT,
@@ -1004,8 +1004,8 @@
(macop_t)mac_none_relabel_ifnet },
{ MAC_UPDATE_IPQ_FROM_FRAGMENT,
(macop_t)mac_none_update_ipq_from_fragment },
- { MAC_CREATE_SUBJECT,
- (macop_t)mac_none_create_subject },
+ { MAC_CREATE_CRED,
+ (macop_t)mac_none_create_cred },
{ MAC_EXECVE_TRANSITION,
(macop_t)mac_none_execve_transition },
{ MAC_EXECVE_WILL_TRANSITION,
@@ -1014,8 +1014,8 @@
(macop_t)mac_none_create_proc0 },
{ MAC_CREATE_PROC1,
(macop_t)mac_none_create_proc1 },
- { MAC_RELABEL_SUBJECT,
- (macop_t)mac_none_relabel_subject },
+ { MAC_RELABEL_CRED,
+ (macop_t)mac_none_relabel_cred },
{ MAC_CHECK_BPFDESC_RECEIVE,
(macop_t)mac_none_check_bpfdesc_receive },
{ MAC_CHECK_CRED_RELABEL,
==== //depot/projects/trustedbsd/mac/sys/security/mac_partition/mac_partition.c#10 (text+ko) ====
@@ -88,7 +88,7 @@
}
static void
-mac_partition_init_subject(struct ucred *ucred, struct label *label)
+mac_partition_init_cred(struct ucred *ucred, struct label *label)
{
SLOT(label) = 0;
@@ -102,7 +102,7 @@
}
static void
-mac_partition_destroy_subject(struct ucred *ucred, struct label *label)
+mac_partition_destroy_cred(struct ucred *ucred, struct label *label)
{
SLOT(label) = 0;
@@ -134,8 +134,7 @@
}
static void
-mac_partition_create_subject(struct ucred *cred_parent,
- struct ucred *cred_child)
+mac_partition_create_cred(struct ucred *cred_parent, struct ucred *cred_child)
{
SLOT(&cred_child->cr_label) = SLOT(&cred_parent->cr_label);
@@ -146,7 +145,7 @@
struct vnode *vp, struct label *vnodelabel)
{
- mac_partition_create_subject(old, new);
+ mac_partition_create_cred(old, new);
}
static void
@@ -164,7 +163,7 @@
}
static void
-mac_partition_relabel_subject(struct ucred *cred, struct label *newlabel)
+mac_partition_relabel_cred(struct ucred *cred, struct label *newlabel)
{
if (SLOT(newlabel) != 0)
@@ -255,28 +254,28 @@
{
{ MAC_INIT,
(macop_t)mac_partition_init },
- { MAC_INIT_SUBJECT,
- (macop_t)mac_partition_init_subject },
+ { MAC_INIT_CRED,
+ (macop_t)mac_partition_init_cred },
{ MAC_INIT_TEMP,
(macop_t)mac_partition_init_temp },
- { MAC_DESTROY_SUBJECT,
- (macop_t)mac_partition_destroy_subject },
+ { MAC_DESTROY_CRED,
+ (macop_t)mac_partition_destroy_cred },
{ MAC_DESTROY_TEMP,
(macop_t)mac_partition_destroy_temp },
{ MAC_EXTERNALIZE,
(macop_t)mac_partition_externalize },
{ MAC_INTERNALIZE,
(macop_t)mac_partition_internalize },
- { MAC_CREATE_SUBJECT,
- (macop_t)mac_partition_create_subject },
+ { MAC_CREATE_CRED,
+ (macop_t)mac_partition_create_cred },
{ MAC_EXECVE_TRANSITION,
(macop_t)mac_partition_execve_transition },
{ MAC_CREATE_PROC0,
(macop_t)mac_partition_create_proc0 },
{ MAC_CREATE_PROC1,
(macop_t)mac_partition_create_proc1 },
- { MAC_RELABEL_SUBJECT,
- (macop_t)mac_partition_relabel_subject },
+ { MAC_RELABEL_CRED,
+ (macop_t)mac_partition_relabel_cred },
{ MAC_CHECK_CRED_RELABEL,
(macop_t)mac_partition_check_cred_relabel },
{ MAC_CHECK_CRED_VISIBLE,
==== //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#62 (text+ko) ====
@@ -210,6 +210,13 @@
}
static void
+mac_te_init_cred(struct ucred *ucred, struct label *label)
+{
+
+ SLOT(label) = te_alloc(M_WAITOK);
+}
+
+static void
mac_te_init_devfsdirent(struct devfs_dirent *devfs_dirent,
struct label *label)
{
@@ -268,28 +275,29 @@
}
static void
-mac_te_init_subject(struct ucred *ucred, struct label *label)
+mac_te_init_temp(struct label *label)
{
SLOT(label) = te_alloc(M_WAITOK);
}
static void
-mac_te_init_temp(struct label *label)
+mac_te_init_vnode(struct vnode *vp, struct label *label)
{
SLOT(label) = te_alloc(M_WAITOK);
}
static void
-mac_te_init_vnode(struct vnode *vp, struct label *label)
+mac_te_destroy_bpfdesc(struct bpf_d *bpf_d, struct label *label)
{
- SLOT(label) = te_alloc(M_WAITOK);
+ te_free(SLOT(label));
+ SLOT(label) = NULL;
}
static void
-mac_te_destroy_bpfdesc(struct bpf_d *bpf_d, struct label *label)
+mac_te_destroy_cred(struct ucred *ucred, struct label *label)
{
te_free(SLOT(label));
@@ -360,14 +368,6 @@
}
static void
-mac_te_destroy_subject(struct ucred *ucred, struct label *label)
-{
-
- te_free(SLOT(label));
- SLOT(label) = NULL;
-}
-
-static void
mac_te_destroy_temp(struct label *label)
{
@@ -590,7 +590,7 @@
}
static void
-mac_te_create_subject(struct ucred *cred_parent, struct ucred *cred_child)
+mac_te_create_cred(struct ucred *cred_parent, struct ucred *cred_child)
{
mac_te_copy_label(SLOT(&cred_parent->cr_label),
@@ -598,7 +598,7 @@
}
static void
-mac_te_relabel_subject(struct ucred *cred, struct label *newlabel)
+mac_te_relabel_cred(struct ucred *cred, struct label *newlabel)
{
mac_te_copy_label(SLOT(newlabel), SLOT(&cred->cr_label));
@@ -1639,8 +1639,8 @@
}
static void
-mac_te_update_procfsvnode_from_subject(struct vnode *vp,
- struct label *vnodelabel, struct ucred *cred)
+mac_te_update_procfsvnode_from_cred(struct vnode *vp, struct label *vnodelabel,
+ struct ucred *cred)
{
mac_te_copy_label(SLOT(&cred->cr_label), SLOT(vnodelabel));
@@ -1673,6 +1673,7 @@
static struct mac_policy_op_entry mac_te_ops[] =
{
{ MAC_INIT_BPFDESC, (macop_t)mac_te_init_bpfdesc },
+ { MAC_INIT_CRED, (macop_t)mac_te_init_cred },
{ MAC_INIT_DEVFSDIRENT, (macop_t)mac_te_init_devfsdirent },
{ MAC_INIT_IFNET, (macop_t)mac_te_init_ifnet },
{ MAC_INIT_IPQ, (macop_t)mac_te_init_ipq },
@@ -1680,10 +1681,10 @@
{ MAC_INIT_MOUNT, (macop_t)mac_te_init_mount },
{ MAC_INIT_PIPE, (macop_t)mac_te_init_pipe },
{ MAC_INIT_SOCKET, (macop_t)mac_te_init_socket },
- { MAC_INIT_SUBJECT, (macop_t)mac_te_init_subject },
{ MAC_INIT_TEMP, (macop_t)mac_te_init_temp },
{ MAC_INIT_VNODE, (macop_t)mac_te_init_vnode },
{ MAC_DESTROY_BPFDESC, (macop_t)mac_te_destroy_bpfdesc },
+ { MAC_DESTROY_CRED, (macop_t)mac_te_destroy_cred },
{ MAC_DESTROY_DEVFSDIRENT, (macop_t)mac_te_destroy_devfsdirent },
{ MAC_DESTROY_IFNET, (macop_t)mac_te_destroy_ifnet },
{ MAC_DESTROY_IPQ, (macop_t)mac_te_destroy_ipq },
@@ -1691,7 +1692,6 @@
{ MAC_DESTROY_MOUNT, (macop_t)mac_te_destroy_mount },
{ MAC_DESTROY_PIPE, (macop_t)mac_te_destroy_pipe },
{ MAC_DESTROY_SOCKET, (macop_t)mac_te_destroy_socket },
- { MAC_DESTROY_SUBJECT, (macop_t)mac_te_destroy_subject },
{ MAC_DESTROY_TEMP, (macop_t)mac_te_destroy_temp },
{ MAC_DESTROY_VNODE, (macop_t)mac_te_destroy_vnode },
{ MAC_CREATE_DEVFS_DEVICE, (macop_t)mac_te_create_devfs_device },
@@ -1735,12 +1735,12 @@
(macop_t)mac_te_create_mbuf_netlayer_from_mbuf },
{ MAC_FRAGMENT_MATCHES_IPQ, (macop_t)mac_te_fragment_matches_ipq },
{ MAC_RELABEL_IFNET, (macop_t)mac_te_relabel_ifnet },
- { MAC_CREATE_SUBJECT, (macop_t)mac_te_create_subject },
+ { MAC_CREATE_CRED, (macop_t)mac_te_create_cred },
{ MAC_EXECVE_TRANSITION, (macop_t)mac_te_execve_transition },
{ MAC_EXECVE_WILL_TRANSITION, (macop_t)mac_te_execve_will_transition },
{ MAC_CREATE_PROC0, (macop_t)mac_te_create_proc0 },
{ MAC_CREATE_PROC1, (macop_t)mac_te_create_proc1 },
- { MAC_RELABEL_SUBJECT, (macop_t)mac_te_relabel_subject },
+ { MAC_RELABEL_CRED, (macop_t)mac_te_relabel_cred },
{ MAC_RELABEL_VNODE, (macop_t)mac_te_relabel_vnode },
{ MAC_CHECK_BPFDESC_RECEIVE,
(macop_t)mac_te_check_bpfdesc_receive },
@@ -1833,8 +1833,8 @@
{ MAC_INTERNALIZE, (macop_t)mac_te_internalize },
{ MAC_UPDATE_DEVFSDIRENT_FROM_VNODE,
(macop_t)mac_te_update_devfsdirent_from_vnode },
- { MAC_UPDATE_PROCFSVNODE_FROM_SUBJECT,
- (macop_t)mac_te_update_procfsvnode_from_subject },
+ { MAC_UPDATE_PROCFSVNODE_FROM_CRED,
+ (macop_t)mac_te_update_procfsvnode_from_cred },
{ MAC_UPDATE_VNODE_FROM_EXTERNALIZED,
(macop_t)mac_te_update_vnode_from_externalized },
{ MAC_UPDATE_VNODE_FROM_MOUNT,
==== //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#27 (text+ko) ====
@@ -87,7 +87,7 @@
#define MOUNTMAGIC 0xc7c46e47
#define SOCKETMAGIC 0x9199c6cd
#define PIPEMAGIC 0xdc6c9919
-#define SUBJECTMAGIC 0x9a5a4987
+#define CREDMAGIC 0x9a5a4987
#define TEMPMAGIC 0x70336678
#define VNODEMAGIC 0x1a67a45c
#define EXMAGIC 0x849ba1fd
@@ -100,6 +100,9 @@
static int init_count_bpfdesc;
SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_bpfdesc, CTLFLAG_RD,
&init_count_bpfdesc, 0, "bpfdesc init calls");
+static int init_count_cred;
+SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_cred, CTLFLAG_RD,
+ &init_count_cred, 0, "cred init calls");
static int init_count_devfsdirent;
SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_devfsdirent, CTLFLAG_RD,
&init_count_devfsdirent, 0, "devfsdirent init calls");
@@ -121,9 +124,6 @@
static int init_count_pipe;
SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_pipe, CTLFLAG_RD,
&init_count_pipe, 0, "pipe init calls");
-static int init_count_subject;
-SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_subject, CTLFLAG_RD,
- &init_count_subject, 0, "subjec5 init calls");
static int init_count_temp;
SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_temp, CTLFLAG_RD,
&init_count_temp, 0, "temp init calls");
@@ -134,6 +134,9 @@
static int destroy_count_bpfdesc;
SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_bpfdesc, CTLFLAG_RD,
&destroy_count_bpfdesc, 0, "bpfdesc destroy calls");
+static int destroy_count_cred;
+SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_cred, CTLFLAG_RD,
+ &destroy_count_cred, 0, "cred destroy calls");
static int destroy_count_devfsdirent;
SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_devfsdirent, CTLFLAG_RD,
&destroy_count_devfsdirent, 0, "devfsdirent destroy calls");
@@ -155,9 +158,6 @@
static int destroy_count_pipe;
SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_pipe, CTLFLAG_RD,
&destroy_count_pipe, 0, "pipe destroy calls");
-static int destroy_count_subject;
-SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_subject, CTLFLAG_RD,
- &destroy_count_subject, 0, "subjec5 destroy calls");
>>> TRUNCATED FOR MAIL (1000 lines) <<<
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list