PERFORCE change 36602 for review
Robert Watson
rwatson at FreeBSD.org
Thu Aug 21 17:32:37 GMT 2003
http://perforce.freebsd.org/chv.cgi?CH=36602
Change 36602 by rwatson at rwatson_tislabs on 2003/08/21 10:31:49
Loop-back integration of mac_stub updates for new entry points
and mac_test label life cycle assertion checks from FreeBSD
vendor branch to TrustedBSD base branch.
Affected files ...
.. //depot/projects/trustedbsd/base/sys/security/mac_stub/mac_stub.c#3 integrate
.. //depot/projects/trustedbsd/base/sys/security/mac_test/mac_test.c#22 integrate
Differences ...
==== //depot/projects/trustedbsd/base/sys/security/mac_stub/mac_stub.c#3 (text+ko) ====
@@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $FreeBSD: src/sys/security/mac_stub/mac_stub.c,v 1.31 2003/08/21 16:22:52 rwatson Exp $
+ * $FreeBSD: src/sys/security/mac_stub/mac_stub.c,v 1.32 2003/08/21 17:05:36 rwatson Exp $
*/
/*
@@ -389,6 +389,18 @@
}
static void
+stub_reflect_mbuf_icmp(struct mbuf *m, struct label *mlabel)
+{
+
+}
+
+static void
+stub_reflect_mbuf_tcp(struct mbuf *m, struct label *mlabel)
+{
+
+}
+
+static void
stub_relabel_ifnet(struct ucred *cred, struct ifnet *ifnet,
struct label *ifnetlabel, struct label *newlabel)
{
@@ -772,6 +784,14 @@
}
static int
+stub_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp,
+ struct label *label, int attrnamespace, const char *name)
+{
+
+ return (0);
+}
+
+static int
stub_check_vnode_exec(struct ucred *cred, struct vnode *vp,
struct label *label, struct image_params *imgp,
struct label *execlabel)
@@ -806,6 +826,14 @@
}
static int
+stub_check_vnode_listextattr(struct ucred *cred, struct vnode *vp,
+ struct label *label, int attrnamespace)
+{
+
+ return (0);
+}
+
+static int
stub_check_vnode_lookup(struct ucred *cred, struct vnode *dvp,
struct label *dlabel, struct componentname *cnp)
{
@@ -1040,6 +1068,8 @@
.mpo_create_mbuf_multicast_encap = stub_create_mbuf_multicast_encap,
.mpo_create_mbuf_netlayer = stub_create_mbuf_netlayer,
.mpo_fragment_match = stub_fragment_match,
+ .mpo_reflect_mbuf_icmp = stub_reflect_mbuf_icmp,
+ .mpo_reflect_mbuf_tcp = stub_reflect_mbuf_tcp,
.mpo_relabel_ifnet = stub_relabel_ifnet,
.mpo_update_ipq = stub_update_ipq,
.mpo_create_cred = stub_create_cred,
@@ -1090,10 +1120,12 @@
.mpo_check_vnode_create = stub_check_vnode_create,
.mpo_check_vnode_delete = stub_check_vnode_delete,
.mpo_check_vnode_deleteacl = stub_check_vnode_deleteacl,
+ .mpo_check_vnode_deleteextattr = stub_check_vnode_deleteextattr,
.mpo_check_vnode_exec = stub_check_vnode_exec,
.mpo_check_vnode_getacl = stub_check_vnode_getacl,
.mpo_check_vnode_getextattr = stub_check_vnode_getextattr,
.mpo_check_vnode_link = stub_check_vnode_link,
+ .mpo_check_vnode_listextattr = stub_check_vnode_listextattr,
.mpo_check_vnode_lookup = stub_check_vnode_lookup,
.mpo_check_vnode_mmap = stub_check_vnode_mmap,
.mpo_check_vnode_mprotect = stub_check_vnode_mprotect,
==== //depot/projects/trustedbsd/base/sys/security/mac_test/mac_test.c#22 (text+ko) ====
@@ -1,6 +1,6 @@
/*-
* Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson
- * Copyright (c) 2001, 2002 Networks Associates Technology, Inc.
+ * Copyright (c) 2001, 2002, 2003 Networks Associates Technology, Inc.
* All rights reserved.
*
* This software was developed by Robert Watson for the TrustedBSD Project.
@@ -31,7 +31,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $FreeBSD: src/sys/security/mac_test/mac_test.c,v 1.29 2003/07/05 01:24:36 rwatson Exp $
+ * $FreeBSD: src/sys/security/mac_test/mac_test.c,v 1.30 2003/08/21 17:28:45 rwatson Exp $
*/
/*
@@ -92,6 +92,30 @@
#define EXMAGIC 0x849ba1fd
#define SLOT(x) LABEL_TO_SLOT((x), test_slot).l_long
+
+#define ASSERT_BPF_LABEL(x) KASSERT(SLOT(x) == BPFMAGIC || \
+ SLOT(x) == 0, ("%s: Bad BPF label", __func__ ))
+#define ASSERT_DEVFS_LABEL(x) KASSERT(SLOT(x) == DEVFSMAGIC || \
+ SLOT(x) == 0, ("%s: Bad DEVFS label", __func__ ))
+#define ASSERT_IFNET_LABEL(x) KASSERT(SLOT(x) == IFNETMAGIC || \
+ SLOT(x) == 0, ("%s: Bad IFNET label", __func__ ))
+#define ASSERT_IPQ_LABEL(x) KASSERT(SLOT(x) == IPQMAGIC || \
+ SLOT(x) == 0, ("%s: Bad IPQ label", __func__ ))
+#define ASSERT_MBUF_LABEL(x) KASSERT(SLOT(x) == MBUFMAGIC || \
+ SLOT(x) == 0, ("%s: Bad MBUF label", __func__ ))
+#define ASSERT_MOUNT_LABEL(x) KASSERT(SLOT(x) == MOUNTMAGIC || \
+ SLOT(x) == 0, ("%s: Bad MOUNT label", __func__ ))
+#define ASSERT_SOCKET_LABEL(x) KASSERT(SLOT(x) == SOCKETMAGIC || \
+ SLOT(x) == 0, ("%s: Bad SOCKET label", __func__ ))
+#define ASSERT_PIPE_LABEL(x) KASSERT(SLOT(x) == PIPEMAGIC || \
+ SLOT(x) == 0, ("%s: Bad PIPE label", __func__ ))
+#define ASSERT_PROC_LABEL(x) KASSERT(SLOT(x) == PROCMAGIC || \
+ SLOT(x) == 0, ("%s: Bad PROC label", __func__ ))
+#define ASSERT_CRED_LABEL(x) KASSERT(SLOT(x) == CREDMAGIC || \
+ SLOT(x) == 0, ("%s: Bad CRED label", __func__ ))
+#define ASSERT_VNODE_LABEL(x) KASSERT(SLOT(x) == VNODEMAGIC || \
+ SLOT(x) == 0, ("%s: Bad VNODE label", __func__ ))
+
static int test_slot;
SYSCTL_INT(_security_mac_test, OID_AUTO, slot, CTLFLAG_RD,
&test_slot, 0, "Slot allocated by framework");
@@ -536,6 +560,9 @@
atomic_add_int(&externalize_count, 1);
+ KASSERT(SLOT(label) != EXMAGIC,
+ ("mac_test_externalize_label: destroyed label"));
+
return (0);
}
@@ -546,6 +573,9 @@
atomic_add_int(&internalize_count, 1);
+ KASSERT(SLOT(label) != EXMAGIC,
+ ("mac_test_internalize_label: destroyed label"));
+
return (0);
}
@@ -559,6 +589,9 @@
struct label *vlabel)
{
+ ASSERT_MOUNT_LABEL(fslabel);
+ ASSERT_DEVFS_LABEL(delabel);
+ ASSERT_VNODE_LABEL(vlabel);
}
static int
@@ -566,6 +599,8 @@
struct vnode *vp, struct label *vlabel)
{
+ ASSERT_MOUNT_LABEL(fslabel);
+ ASSERT_VNODE_LABEL(vlabel);
return (0);
}
@@ -574,6 +609,8 @@
struct label *fslabel, struct vnode *vp, struct label *vlabel)
{
+ ASSERT_MOUNT_LABEL(fslabel);
+ ASSERT_VNODE_LABEL(vlabel);
}
static void
@@ -581,6 +618,7 @@
struct devfs_dirent *devfs_dirent, struct label *label)
{
+ ASSERT_DEVFS_LABEL(label);
}
static void
@@ -588,6 +626,7 @@
int dirnamelen, struct devfs_dirent *devfs_dirent, struct label *label)
{
+ ASSERT_DEVFS_LABEL(label);
}
static void
@@ -596,6 +635,9 @@
struct label *delabel)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_DEVFS_LABEL(ddlabel);
+ ASSERT_DEVFS_LABEL(delabel);
}
static int
@@ -604,6 +646,10 @@
struct vnode *vp, struct label *vlabel, struct componentname *cnp)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_MOUNT_LABEL(fslabel);
+ ASSERT_VNODE_LABEL(dlabel);
+
return (0);
}
@@ -612,6 +658,9 @@
struct label *mntlabel, struct label *fslabel)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_MOUNT_LABEL(mntlabel);
+ ASSERT_MOUNT_LABEL(fslabel);
}
static void
@@ -619,6 +668,9 @@
struct label *mntlabel, struct label *fslabel)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_MOUNT_LABEL(mntlabel);
+ ASSERT_MOUNT_LABEL(fslabel);
}
static void
@@ -626,6 +678,9 @@
struct label *vnodelabel, struct label *label)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_VNODE_LABEL(vnodelabel);
+ ASSERT_VNODE_LABEL(label);
}
static int
@@ -633,6 +688,9 @@
struct label *vlabel, struct label *intlabel)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_VNODE_LABEL(vlabel);
+ ASSERT_VNODE_LABEL(intlabel);
return (0);
}
@@ -642,6 +700,8 @@
struct vnode *vp, struct label *vnodelabel)
{
+ ASSERT_DEVFS_LABEL(direntlabel);
+ ASSERT_VNODE_LABEL(vnodelabel);
}
/*
@@ -652,6 +712,8 @@
struct mbuf *m, struct label *mbuflabel)
{
+ ASSERT_SOCKET_LABEL(socketlabel);
+ ASSERT_MBUF_LABEL(mbuflabel);
}
static void
@@ -659,6 +721,8 @@
struct label *socketlabel)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_SOCKET_LABEL(socketlabel);
}
static void
@@ -666,6 +730,8 @@
struct label *pipelabel)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_PIPE_LABEL(pipelabel);
}
static void
@@ -674,6 +740,8 @@
struct label *newsocketlabel)
{
+ ASSERT_SOCKET_LABEL(oldsocketlabel);
+ ASSERT_SOCKET_LABEL(newsocketlabel);
}
static void
@@ -681,6 +749,8 @@
struct label *socketlabel, struct label *newlabel)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_SOCKET_LABEL(newlabel);
}
static void
@@ -688,6 +758,9 @@
struct label *pipelabel, struct label *newlabel)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_PIPE_LABEL(pipelabel);
+ ASSERT_PIPE_LABEL(newlabel);
}
static void
@@ -695,6 +768,8 @@
struct socket *socket, struct label *socketpeerlabel)
{
+ ASSERT_MBUF_LABEL(mbuflabel);
+ ASSERT_SOCKET_LABEL(socketpeerlabel);
}
/*
@@ -706,6 +781,8 @@
struct label *newsocketpeerlabel)
{
+ ASSERT_SOCKET_LABEL(oldsocketlabel);
+ ASSERT_SOCKET_LABEL(newsocketpeerlabel);
}
static void
@@ -713,6 +790,8 @@
struct label *bpflabel)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_BPF_LABEL(bpflabel);
}
static void
@@ -720,6 +799,8 @@
struct mbuf *datagram, struct label *datagramlabel)
{
+ ASSERT_IPQ_LABEL(ipqlabel);
+ ASSERT_MBUF_LABEL(datagramlabel);
}
static void
@@ -727,12 +808,15 @@
struct mbuf *fragment, struct label *fragmentlabel)
{
+ ASSERT_MBUF_LABEL(datagramlabel);
+ ASSERT_MBUF_LABEL(fragmentlabel);
}
static void
mac_test_create_ifnet(struct ifnet *ifnet, struct label *ifnetlabel)
{
+ ASSERT_IFNET_LABEL(ifnetlabel);
}
static void
@@ -740,6 +824,8 @@
struct ipq *ipq, struct label *ipqlabel)
{
+ ASSERT_MBUF_LABEL(fragmentlabel);
+ ASSERT_IPQ_LABEL(ipqlabel);
}
static void
@@ -748,6 +834,8 @@
struct label *newmbuflabel)
{
+ ASSERT_MBUF_LABEL(oldmbuflabel);
+ ASSERT_MBUF_LABEL(newmbuflabel);
}
static void
@@ -755,6 +843,8 @@
struct mbuf *mbuf, struct label *mbuflabel)
{
+ ASSERT_IFNET_LABEL(ifnetlabel);
+ ASSERT_MBUF_LABEL(mbuflabel);
}
static void
@@ -762,6 +852,8 @@
struct mbuf *mbuf, struct label *mbuflabel)
{
+ ASSERT_BPF_LABEL(bpflabel);
+ ASSERT_MBUF_LABEL(mbuflabel);
}
static void
@@ -769,6 +861,8 @@
struct mbuf *m, struct label *mbuflabel)
{
+ ASSERT_IFNET_LABEL(ifnetlabel);
+ ASSERT_MBUF_LABEL(mbuflabel);
}
static void
@@ -777,6 +871,9 @@
struct mbuf *newmbuf, struct label *newmbuflabel)
{
+ ASSERT_MBUF_LABEL(oldmbuflabel);
+ ASSERT_IFNET_LABEL(ifnetlabel);
+ ASSERT_MBUF_LABEL(newmbuflabel);
}
static void
@@ -785,6 +882,8 @@
struct label *newmbuflabel)
{
+ ASSERT_MBUF_LABEL(oldmbuflabel);
+ ASSERT_MBUF_LABEL(newmbuflabel);
}
static int
@@ -792,14 +891,34 @@
struct ipq *ipq, struct label *ipqlabel)
{
+ ASSERT_MBUF_LABEL(fragmentlabel);
+ ASSERT_IPQ_LABEL(ipqlabel);
+
return (1);
}
static void
+mac_test_reflect_mbuf_icmp(struct mbuf *m, struct label *mlabel)
+{
+
+ ASSERT_MBUF_LABEL(mlabel);
+}
+
+static void
+mac_test_reflect_mbuf_tcp(struct mbuf *m, struct label *mlabel)
+{
+
+ ASSERT_MBUF_LABEL(mlabel);
+}
+
+static void
mac_test_relabel_ifnet(struct ucred *cred, struct ifnet *ifnet,
struct label *ifnetlabel, struct label *newlabel)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_IFNET_LABEL(ifnetlabel);
+ ASSERT_IFNET_LABEL(newlabel);
}
static void
@@ -807,6 +926,8 @@
struct ipq *ipq, struct label *ipqlabel)
{
+ ASSERT_MBUF_LABEL(fragmentlabel);
+ ASSERT_IPQ_LABEL(ipqlabel);
}
/*
@@ -816,6 +937,8 @@
mac_test_create_cred(struct ucred *cred_parent, struct ucred *cred_child)
{
+ ASSERT_CRED_LABEL(&cred_parent->cr_label);
+ ASSERT_CRED_LABEL(&cred_child->cr_label);
}
static void
@@ -825,6 +948,13 @@
struct label *execlabel)
{
+ ASSERT_CRED_LABEL(&old->cr_label);
+ ASSERT_CRED_LABEL(&new->cr_label);
+ ASSERT_VNODE_LABEL(filelabel);
+ ASSERT_VNODE_LABEL(interpvnodelabel);
+ if (execlabel != NULL) {
+ ASSERT_CRED_LABEL(execlabel);
+ }
}
static int
@@ -833,6 +963,15 @@
struct image_params *imgp, struct label *execlabel)
{
+ ASSERT_CRED_LABEL(&old->cr_label);
+ ASSERT_VNODE_LABEL(filelabel);
+ if (interpvnodelabel != NULL) {
+ ASSERT_VNODE_LABEL(interpvnodelabel);
+ }
+ if (execlabel != NULL) {
+ ASSERT_CRED_LABEL(execlabel);
+ }
+
return (0);
}
@@ -840,24 +979,30 @@
mac_test_create_proc0(struct ucred *cred)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
}
static void
mac_test_create_proc1(struct ucred *cred)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
}
static void
mac_test_relabel_cred(struct ucred *cred, struct label *newlabel)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_VNODE_LABEL(newlabel);
}
static void
mac_test_thread_userret(struct thread *td)
{
+ printf("mac_test_thread_userret(process = %d)\n",
+ curthread->td_proc->p_pid);
}
/*
@@ -868,6 +1013,9 @@
struct ifnet *ifnet, struct label *ifnetlabel)
{
+ ASSERT_BPF_LABEL(bpflabel);
+ ASSERT_IFNET_LABEL(ifnetlabel);
+
return (0);
}
@@ -875,6 +1023,9 @@
mac_test_check_cred_relabel(struct ucred *cred, struct label *newlabel)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_CRED_LABEL(newlabel);
+
return (0);
}
@@ -882,6 +1033,9 @@
mac_test_check_cred_visible(struct ucred *u1, struct ucred *u2)
{
+ ASSERT_CRED_LABEL(&u1->cr_label);
+ ASSERT_CRED_LABEL(&u2->cr_label);
+
return (0);
}
@@ -890,6 +1044,9 @@
struct label *ifnetlabel, struct label *newlabel)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_IFNET_LABEL(ifnetlabel);
+ ASSERT_IFNET_LABEL(newlabel);
return (0);
}
@@ -898,6 +1055,9 @@
struct mbuf *m, struct label *mbuflabel)
{
+ ASSERT_IFNET_LABEL(ifnetlabel);
+ ASSERT_MBUF_LABEL(mbuflabel);
+
return (0);
}
@@ -905,6 +1065,8 @@
mac_test_check_kenv_dump(struct ucred *cred)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+
return (0);
}
@@ -912,6 +1074,8 @@
mac_test_check_kenv_get(struct ucred *cred, char *name)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+
return (0);
}
@@ -919,6 +1083,8 @@
mac_test_check_kenv_set(struct ucred *cred, char *name, char *value)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+
return (0);
}
@@ -926,6 +1092,8 @@
mac_test_check_kenv_unset(struct ucred *cred, char *name)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+
return (0);
}
@@ -934,6 +1102,9 @@
struct label *label)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_VNODE_LABEL(label);
+
return (0);
}
@@ -941,6 +1112,8 @@
mac_test_check_kld_stat(struct ucred *cred)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+
return (0);
}
@@ -948,6 +1121,8 @@
mac_test_check_kld_unload(struct ucred *cred)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+
return (0);
}
@@ -956,6 +1131,9 @@
struct label *mntlabel)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_MOUNT_LABEL(mntlabel);
+
return (0);
}
@@ -964,6 +1142,9 @@
struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_PIPE_LABEL(pipelabel);
+
return (0);
}
@@ -972,6 +1153,9 @@
struct label *pipelabel)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_PIPE_LABEL(pipelabel);
+
return (0);
}
@@ -980,6 +1164,9 @@
struct label *pipelabel)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_PIPE_LABEL(pipelabel);
+
return (0);
}
@@ -988,6 +1175,10 @@
struct label *pipelabel, struct label *newlabel)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_PIPE_LABEL(pipelabel);
+ ASSERT_PIPE_LABEL(newlabel);
+
return (0);
}
@@ -996,6 +1187,9 @@
struct label *pipelabel)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_PIPE_LABEL(pipelabel);
+
return (0);
}
@@ -1004,6 +1198,9 @@
struct label *pipelabel)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_PIPE_LABEL(pipelabel);
+
return (0);
}
@@ -1011,6 +1208,9 @@
mac_test_check_proc_debug(struct ucred *cred, struct proc *proc)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_CRED_LABEL(&proc->p_ucred->cr_label);
+
return (0);
}
@@ -1018,6 +1218,9 @@
mac_test_check_proc_sched(struct ucred *cred, struct proc *proc)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_CRED_LABEL(&proc->p_ucred->cr_label);
+
return (0);
}
@@ -1025,6 +1228,9 @@
mac_test_check_proc_signal(struct ucred *cred, struct proc *proc, int signum)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_CRED_LABEL(&proc->p_ucred->cr_label);
+
return (0);
}
@@ -1033,6 +1239,9 @@
struct label *socketlabel, struct sockaddr *sockaddr)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_SOCKET_LABEL(socketlabel);
+
return (0);
}
@@ -1041,6 +1250,9 @@
struct label *socketlabel, struct sockaddr *sockaddr)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_SOCKET_LABEL(socketlabel);
+
return (0);
}
@@ -1049,6 +1261,9 @@
struct mbuf *m, struct label *mbuflabel)
{
+ ASSERT_SOCKET_LABEL(socketlabel);
+ ASSERT_MBUF_LABEL(mbuflabel);
+
return (0);
}
@@ -1057,6 +1272,9 @@
struct label *socketlabel)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_SOCKET_LABEL(socketlabel);
+
return (0);
}
@@ -1065,6 +1283,9 @@
struct label *socketlabel)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_SOCKET_LABEL(socketlabel);
+
return (0);
}
@@ -1073,6 +1294,10 @@
struct label *socketlabel, struct label *newlabel)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_SOCKET_LABEL(socketlabel);
+ ASSERT_SOCKET_LABEL(newlabel);
+
return (0);
}
@@ -1080,6 +1305,8 @@
mac_test_check_sysarch_ioperm(struct ucred *cred)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+
return (0);
}
@@ -1088,6 +1315,8 @@
struct label *label)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+
return (0);
}
@@ -1095,6 +1324,8 @@
mac_test_check_system_reboot(struct ucred *cred, int how)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+
return (0);
}
@@ -1102,6 +1333,8 @@
mac_test_check_system_settime(struct ucred *cred)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+
return (0);
}
@@ -1110,6 +1343,9 @@
struct label *label)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_VNODE_LABEL(label);
+
return (0);
}
@@ -1118,6 +1354,9 @@
struct label *label)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_VNODE_LABEL(label);
+
return (0);
}
@@ -1126,6 +1365,8 @@
void *old, size_t *oldlenp, int inkernel, void *new, size_t newlen)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+
return (0);
}
@@ -1134,6 +1375,9 @@
struct label *label, int acc_mode)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_VNODE_LABEL(label);
+
return (0);
}
@@ -1142,6 +1386,9 @@
struct label *dlabel)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_VNODE_LABEL(dlabel);
+
return (0);
}
@@ -1150,6 +1397,9 @@
struct label *dlabel)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_VNODE_LABEL(dlabel);
+
return (0);
}
@@ -1158,6 +1408,9 @@
struct label *dlabel, struct componentname *cnp, struct vattr *vap)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_VNODE_LABEL(dlabel);
+
return (0);
}
@@ -1167,6 +1420,10 @@
struct componentname *cnp)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_VNODE_LABEL(dlabel);
+ ASSERT_VNODE_LABEL(label);
+
return (0);
}
@@ -1175,6 +1432,20 @@
struct label *label, acl_type_t type)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_VNODE_LABEL(label);
+
+ return (0);
+}
+
+static int
+mac_test_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp,
+ struct label *label, int attrnamespace, const char *name)
+{
+
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_VNODE_LABEL(label);
+
return (0);
}
@@ -1184,6 +1455,12 @@
struct label *execlabel)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_VNODE_LABEL(label);
+ if (execlabel != NULL) {
+ ASSERT_CRED_LABEL(execlabel);
+ }
+
return (0);
}
@@ -1192,6 +1469,9 @@
struct label *label, acl_type_t type)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_VNODE_LABEL(label);
+
return (0);
}
>>> TRUNCATED FOR MAIL (1000 lines) <<<
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list