PERFORCE change 20698 for review

Robert Watson rwatson at freebsd.org
Tue Nov 5 17:17:20 GMT 2002 

http://perforce.freebsd.org/chv.cgi?CH=20698

Change 20698 by rwatson at rwatson_tislabs on 2002/11/05 09:16:21

	Attempt to consistently refer to the interpreter label as
	"interpvnodelabel" as opposed to "shelllabel", "interpfilelabel"
	and various other variations in various files.
	
	While I'm here, remove the transition implementations from
	Biba and MLS, as they don't implement transitioning.

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#350 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#178 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#34 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#141 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#101 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#77 edit
.. //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#56 edit
.. //depot/projects/trustedbsd/mac/sys/sys/mac.h#213 edit
.. //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#165 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#350 (text+ko) ====

@@ -1321,7 +1321,7 @@
 
 void
 mac_execve_transition(struct ucred *old, struct ucred *new, struct vnode *vp,
-    struct label *shelllabel, struct image_params *imgp)
+    struct label *interpvnodelabel, struct image_params *imgp)
 {
 
 	ASSERT_VOP_LOCKED(vp, "mac_execve_transition");
@@ -1330,12 +1330,12 @@
 		return;
 
 	MAC_PERFORM(execve_transition, old, new, vp, &vp->v_label,
-	    shelllabel, imgp);
+	    interpvnodelabel, imgp);
 }
 
 int
 mac_execve_will_transition(struct ucred *old, struct vnode *vp,
-    struct label *shelllabel, struct image_params *imgp)
+    struct label *interpvnodelabel, struct image_params *imgp)
 {
 	int result;
 
@@ -1346,7 +1346,7 @@
 
 	result = 0;
 	MAC_BOOLEAN(execve_will_transition, ||, old, vp, &vp->v_label,
-	    shelllabel, imgp);
+	    interpvnodelabel, imgp);
 
 	return (result);
 }

==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#178 (text+ko) ====

@@ -1355,29 +1355,6 @@
 }
 
 static void
-mac_biba_execve_transition(struct ucred *old, struct ucred *new,
-    struct vnode *vp, struct label *vnodelabel, struct label *shellvnodelabel,
-    struct image_params *imgp)
-{
-	struct mac_biba *source, *dest;
-
-	source = SLOT(&old->cr_label);
-	dest = SLOT(&new->cr_label);
-
-	mac_biba_copy_single(source, dest);
-	mac_biba_copy_range(source, dest);
-}
-
-static int
-mac_biba_execve_will_transition(struct ucred *old, struct vnode *vp,
-    struct label *vnodelabel, struct label *shellvnodelabel,
-    struct image_params *imgp)
-{
-
-	return (0);
-}
-
-static void
 mac_biba_create_proc0(struct ucred *cred)
 {
 	struct mac_biba *dest;
@@ -2629,8 +2606,6 @@
 	.mpo_relabel_ifnet = mac_biba_relabel_ifnet,
 	.mpo_update_ipq = mac_biba_update_ipq,
 	.mpo_create_cred = mac_biba_create_cred,
-	.mpo_execve_transition = mac_biba_execve_transition,
-	.mpo_execve_will_transition = mac_biba_execve_will_transition,
 	.mpo_create_proc0 = mac_biba_create_proc0,
 	.mpo_create_proc1 = mac_biba_create_proc1,
 	.mpo_relabel_cred = mac_biba_relabel_cred,

==== //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#34 (text+ko) ====

@@ -1507,15 +1507,15 @@
 
 static void
 mac_lomac_execve_transition(struct ucred *old, struct ucred *new,
-    struct vnode *vp, struct label *vnodelabel, struct label *shellvnodelabel,
-    struct image_params *imgp)
+    struct vnode *vp, struct label *vnodelabel,
+    struct label *interpvnodelabel, struct image_params *imgp)
 {
 	struct mac_lomac *source, *dest, *obj, *robj;
 
 	source = SLOT(&old->cr_label);
 	dest = SLOT(&new->cr_label);
 	obj = SLOT(vnodelabel);
-	robj = shellvnodelabel != NULL ? SLOT(shellvnodelabel) : obj;
+	robj = interpvnodelabel != NULL ? SLOT(interpvnodelabel) : obj;
 
 	mac_lomac_copy(source, dest);
 	/*
@@ -1543,7 +1543,7 @@
 
 static int
 mac_lomac_execve_will_transition(struct ucred *old, struct vnode *vp,
-    struct label *vnodelabel, struct label *shellvnodelabel,
+    struct label *vnodelabel, struct label *interpvnodelabel,
     struct image_params *imgp)
 {
 	struct mac_lomac *subj, *obj, *robj;
@@ -1553,7 +1553,7 @@
 
 	subj = SLOT(&old->cr_label);
 	obj = SLOT(vnodelabel);
-	robj = shellvnodelabel != NULL ? SLOT(shellvnodelabel) : obj;
+	robj = interpvnodelabel != NULL ? SLOT(interpvnodelabel) : obj;
 
 	return ((robj->ml_flags & MAC_LOMAC_FLAG_AUX &&
 	    !mac_lomac_dominate_element(&robj->ml_auxsingle, &subj->ml_single)

==== //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#141 (text+ko) ====

@@ -1282,29 +1282,6 @@
 }
 
 static void
-mac_mls_execve_transition(struct ucred *old, struct ucred *new,
-    struct vnode *vp, struct label *vnodelabel, struct label *shellvnodelabel,
-    struct image_params *imgp)
-{
-	struct mac_mls *source, *dest;
-
-	source = SLOT(&old->cr_label);
-	dest = SLOT(&new->cr_label);
-
-	mac_mls_copy_single(source, dest);
-	mac_mls_copy_range(source, dest);
-}
-
-static int
-mac_mls_execve_will_transition(struct ucred *old, struct vnode *vp,
-    struct label *vnodelabel, struct label *shellvnodelabel,
-    struct image_params *imgp)
-{
-
-	return (0);
-}
-
-static void
 mac_mls_create_proc0(struct ucred *cred)
 {
 	struct mac_mls *dest;
@@ -2466,8 +2443,6 @@
 	.mpo_relabel_ifnet = mac_mls_relabel_ifnet,
 	.mpo_update_ipq = mac_mls_update_ipq,
 	.mpo_create_cred = mac_mls_create_cred,
-	.mpo_execve_transition = mac_mls_execve_transition,
-	.mpo_execve_will_transition = mac_mls_execve_will_transition,
 	.mpo_create_proc0 = mac_mls_create_proc0,
 	.mpo_create_proc1 = mac_mls_create_proc1,
 	.mpo_relabel_cred = mac_mls_relabel_cred,

==== //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#101 (text+ko) ====

@@ -416,15 +416,15 @@
 
 static void
 mac_none_execve_transition(struct ucred *old, struct ucred *new,
-    struct vnode *vp, struct label *vnodelabel, struct label *shellvnodelabel,
-    struct image_params *imgp)
+    struct vnode *vp, struct label *vnodelabel,
+    struct label *interpvnodelabel, struct image_params *imgp)
 {
 
 }
 
 static int
 mac_none_execve_will_transition(struct ucred *old, struct vnode *vp,
-    struct label *vnodelabel, struct label *shellvnodelabel,
+    struct label *vnodelabel, struct label *interpvnodelabel,
     struct image_params *imgp)
 {
 

==== //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#77 (text+ko) ====

@@ -795,15 +795,15 @@
 
 static void
 mac_test_execve_transition(struct ucred *old, struct ucred *new,
-    struct vnode *vp, struct label *filelabel, struct label *shellfilelabel,
-    struct image_params *imgp)
+    struct vnode *vp, struct label *filelabel,
+    struct label *interpvnodelabel, struct image_params *imgp)
 {
 
 }
 
 static int
 mac_test_execve_will_transition(struct ucred *old, struct vnode *vp,
-    struct label *filelabel, struct label *shellfilelabel,
+    struct label *filelabel, struct label *interpvnodelabel,
     struct image_params *imgp)
 {
 

==== //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#56 (text+ko) ====

@@ -310,7 +310,7 @@
 static void
 sebsd_execve_transition(struct ucred *old, struct ucred *new,
 			struct vnode *vp, struct label *vnodelabel,
-			struct label *shellvnodelabel,
+			struct label *interpvnodelabel,
 			struct image_params *imgp)
 {
 	struct task_security_struct *otask, *ntask;
@@ -318,8 +318,8 @@
 
 	otask = SLOT(&old->cr_label);
 	ntask = SLOT(&new->cr_label);
-	if (shellvnodelabel != NULL)
-		file = SLOT(shellvnodelabel);
+	if (interpvnodelabel != NULL)
+		file = SLOT(interpvnodelabel);
 	else
 		file = SLOT(vnodelabel);
 
@@ -351,7 +351,7 @@
 static int
 sebsd_execve_will_transition(struct ucred *old, struct vnode *vp,
 			     struct label *vnodelabel,
-			     struct label *shellvnodelabel,
+			     struct label *interpvnodelabel,
 			     struct image_params *imgp)
 {
 	struct task_security_struct *task;
@@ -359,8 +359,8 @@
 	security_id_t newsid;
 
 	task = SLOT(&old->cr_label);
-	if (shellvnodelabel != NULL)
-		file = SLOT(shellvnodelabel);
+	if (interpvnodelabel != NULL)
+		file = SLOT(interpvnodelabel);
 	else
 		file = SLOT(vnodelabel);
 

==== //depot/projects/trustedbsd/mac/sys/sys/mac.h#213 (text+ko) ====

@@ -224,10 +224,10 @@
 	    struct label *execlabel);
 void	mac_execve_exit(struct image_params *imgp);
 void	mac_execve_transition(struct ucred *old, struct ucred *new,
-	    struct vnode *vp, struct label *shelllabel,
+	    struct vnode *vp, struct label *interpvnodelabel,
 	    struct image_params *imgp);
 int	mac_execve_will_transition(struct ucred *old, struct vnode *vp,
-	    struct label *shelllabel, struct image_params *imgp);
+	    struct label *interpvnodelabel, struct image_params *imgp);
 void	mac_create_proc0(struct ucred *cred);
 void	mac_create_proc1(struct ucred *cred);
 void	mac_thread_userret(struct thread *td);

==== //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#165 (text+ko) ====

@@ -245,11 +245,11 @@
 		    struct ucred *child_cred);
 	void	(*mpo_execve_transition)(struct ucred *old, struct ucred *new,
 		    struct vnode *vp, struct label *vnodelabel,
-		    struct label *shellvnodelabel,
+		    struct label *interpvnodelabel,
 		    struct image_params *imgp);
 	int	(*mpo_execve_will_transition)(struct ucred *old,
 		    struct vnode *vp, struct label *vnodelabel,
-		    struct label *shellvnodelabel,
+		    struct label *interpvnodelabel,
 		    struct image_params *imgp);
 	void	(*mpo_create_proc0)(struct ucred *cred);
 	void	(*mpo_create_proc1)(struct ucred *cred);
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

More information about the trustedbsd-cvs mailing list