PERFORCE change 32229 for review
Robert Watson
rwatson at FreeBSD.org
Sat May 31 21:39:32 GMT 2003
http://perforce.freebsd.org/chv.cgi?CH=32229
Change 32229 by rwatson at rwatson_tislabs on 2003/05/31 14:39:06
Teach mac_test to test label constants in label consumers,
not just in label maintainers. Right now we don't
distinguish initialized from created/associated, that will
come in a next iteration.
Note: for mac_test to be useful, it must be built with
-DINVARIANTS, or linked directly to the kernel.
Affected files ...
.. //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#102 edit
Differences ...
==== //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#102 (text+ko) ====
@@ -92,6 +92,30 @@
#define EXMAGIC 0x849ba1fd
#define SLOT(x) LABEL_TO_SLOT((x), test_slot).l_long
+
+#define ASSERT_BPF_LABEL(x) KASSERT(SLOT(x) == BPFMAGIC || \
+ SLOT(x) == 0, ("%s: Bad BPF label", __func__ ))
+#define ASSERT_DEVFS_LABEL(x) KASSERT(SLOT(x) == DEVFSMAGIC || \
+ SLOT(x) == 0, ("%s: Bad DEVFS label", __func__ ))
+#define ASSERT_IFNET_LABEL(x) KASSERT(SLOT(x) == IFNETMAGIC || \
+ SLOT(x) == 0, ("%s: Bad IFNET label", __func__ ))
+#define ASSERT_IPQ_LABEL(x) KASSERT(SLOT(x) == IPQMAGIC || \
+ SLOT(x) == 0, ("%s: Bad IPQ label", __func__ ))
+#define ASSERT_MBUF_LABEL(x) KASSERT(SLOT(x) == MBUFMAGIC || \
+ SLOT(x) == 0, ("%s: Bad MBUF label", __func__ ))
+#define ASSERT_MOUNT_LABEL(x) KASSERT(SLOT(x) == MOUNTMAGIC || \
+ SLOT(x) == 0, ("%s: Bad MOUNT label", __func__ ))
+#define ASSERT_SOCKET_LABEL(x) KASSERT(SLOT(x) == SOCKETMAGIC || \
+ SLOT(x) == 0, ("%s: Bad SOCKET label", __func__ ))
+#define ASSERT_PIPE_LABEL(x) KASSERT(SLOT(x) == PIPEMAGIC || \
+ SLOT(x) == 0, ("%s: Bad PIPE label", __func__ ))
+#define ASSERT_PROC_LABEL(x) KASSERT(SLOT(x) == PROCMAGIC || \
+ SLOT(x) == 0, ("%s: Bad PROC label", __func__ ))
+#define ASSERT_CRED_LABEL(x) KASSERT(SLOT(x) == CREDMAGIC || \
+ SLOT(x) == 0, ("%s: Bad CRED label", __func__ ))
+#define ASSERT_VNODE_LABEL(x) KASSERT(SLOT(x) == VNODEMAGIC || \
+ SLOT(x) == 0, ("%s: Bad VNODE label", __func__ ))
+
static int test_slot;
SYSCTL_INT(_security_mac_test, OID_AUTO, slot, CTLFLAG_RD,
&test_slot, 0, "Slot allocated by framework");
@@ -536,6 +560,9 @@
atomic_add_int(&externalize_count, 1);
+ KASSERT(SLOT(label) != EXMAGIC,
+ ("mac_test_externalize_label: destroyed label"));
+
return (0);
}
@@ -546,6 +573,9 @@
atomic_add_int(&internalize_count, 1);
+ KASSERT(SLOT(label) != EXMAGIC,
+ ("mac_test_internalize_label: destroyed label"));
+
return (0);
}
@@ -559,6 +589,9 @@
struct label *vlabel)
{
+ ASSERT_MOUNT_LABEL(fslabel);
+ ASSERT_DEVFS_LABEL(delabel);
+ ASSERT_VNODE_LABEL(vlabel);
}
static int
@@ -566,6 +599,8 @@
struct vnode *vp, struct label *vlabel)
{
+ ASSERT_MOUNT_LABEL(fslabel);
+ ASSERT_VNODE_LABEL(vlabel);
return (0);
}
@@ -574,6 +609,8 @@
struct label *fslabel, struct vnode *vp, struct label *vlabel)
{
+ ASSERT_MOUNT_LABEL(fslabel);
+ ASSERT_VNODE_LABEL(vlabel);
}
static void
@@ -582,6 +619,7 @@
const char *fullpath)
{
+ ASSERT_DEVFS_LABEL(label);
}
static void
@@ -590,6 +628,7 @@
const char *fullpath)
{
+ ASSERT_DEVFS_LABEL(label);
}
static void
@@ -598,6 +637,9 @@
struct label *delabel, const char *fullpath)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_DEVFS_LABEL(ddlabel);
+ ASSERT_DEVFS_LABEL(delabel);
}
static int
@@ -606,6 +648,10 @@
struct vnode *vp, struct label *vlabel, struct componentname *cnp)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_MOUNT_LABEL(fslabel);
+ ASSERT_VNODE_LABEL(dlabel);
+
return (0);
}
@@ -614,6 +660,9 @@
struct label *mntlabel, struct label *fslabel)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_MOUNT_LABEL(mntlabel);
+ ASSERT_MOUNT_LABEL(fslabel);
}
static void
@@ -621,6 +670,9 @@
struct label *mntlabel, struct label *fslabel)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_MOUNT_LABEL(mntlabel);
+ ASSERT_MOUNT_LABEL(fslabel);
}
static void
@@ -628,6 +680,9 @@
struct label *vnodelabel, struct label *label)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_VNODE_LABEL(vnodelabel);
+ ASSERT_VNODE_LABEL(label);
}
static int
@@ -635,6 +690,9 @@
struct label *vlabel, struct label *intlabel)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_VNODE_LABEL(vlabel);
+ ASSERT_VNODE_LABEL(intlabel);
return (0);
}
@@ -644,6 +702,8 @@
struct vnode *vp, struct label *vnodelabel)
{
+ ASSERT_DEVFS_LABEL(direntlabel);
+ ASSERT_VNODE_LABEL(vnodelabel);
}
/*
@@ -654,6 +714,8 @@
struct mbuf *m, struct label *mbuflabel)
{
+ ASSERT_SOCKET_LABEL(socketlabel);
+ ASSERT_MBUF_LABEL(mbuflabel);
}
static void
@@ -661,6 +723,8 @@
struct label *socketlabel)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_SOCKET_LABEL(socketlabel);
}
static void
@@ -668,6 +732,8 @@
struct label *pipelabel)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_PIPE_LABEL(pipelabel);
}
static void
@@ -676,6 +742,8 @@
struct label *newsocketlabel)
{
+ ASSERT_SOCKET_LABEL(oldsocketlabel);
+ ASSERT_SOCKET_LABEL(newsocketlabel);
}
static void
@@ -683,6 +751,8 @@
struct label *socketlabel, struct label *newlabel)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_SOCKET_LABEL(newlabel);
}
static void
@@ -690,6 +760,9 @@
struct label *pipelabel, struct label *newlabel)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_PIPE_LABEL(pipelabel);
+ ASSERT_PIPE_LABEL(newlabel);
}
static void
@@ -697,6 +770,8 @@
struct socket *socket, struct label *socketpeerlabel)
{
+ ASSERT_MBUF_LABEL(mbuflabel);
+ ASSERT_SOCKET_LABEL(socketpeerlabel);
}
/*
@@ -708,6 +783,8 @@
struct label *newsocketpeerlabel)
{
+ ASSERT_SOCKET_LABEL(oldsocketlabel);
+ ASSERT_SOCKET_LABEL(newsocketpeerlabel);
}
static void
@@ -715,6 +792,8 @@
struct label *bpflabel)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_BPF_LABEL(bpflabel);
}
static void
@@ -722,6 +801,8 @@
struct mbuf *datagram, struct label *datagramlabel)
{
+ ASSERT_IPQ_LABEL(ipqlabel);
+ ASSERT_MBUF_LABEL(datagramlabel);
}
static void
@@ -729,12 +810,15 @@
struct mbuf *fragment, struct label *fragmentlabel)
{
+ ASSERT_MBUF_LABEL(datagramlabel);
+ ASSERT_MBUF_LABEL(fragmentlabel);
}
static void
mac_test_create_ifnet(struct ifnet *ifnet, struct label *ifnetlabel)
{
+ ASSERT_IFNET_LABEL(ifnetlabel);
}
static void
@@ -742,6 +826,8 @@
struct ipq *ipq, struct label *ipqlabel)
{
+ ASSERT_MBUF_LABEL(fragmentlabel);
+ ASSERT_IPQ_LABEL(ipqlabel);
}
static void
@@ -750,6 +836,8 @@
struct label *newmbuflabel)
{
+ ASSERT_MBUF_LABEL(oldmbuflabel);
+ ASSERT_MBUF_LABEL(newmbuflabel);
}
static void
@@ -757,6 +845,8 @@
struct mbuf *mbuf, struct label *mbuflabel)
{
+ ASSERT_IFNET_LABEL(ifnetlabel);
+ ASSERT_MBUF_LABEL(mbuflabel);
}
static void
@@ -764,6 +854,8 @@
struct mbuf *mbuf, struct label *mbuflabel)
{
+ ASSERT_BPF_LABEL(bpflabel);
+ ASSERT_MBUF_LABEL(mbuflabel);
}
static void
@@ -771,6 +863,8 @@
struct mbuf *m, struct label *mbuflabel)
{
+ ASSERT_IFNET_LABEL(ifnetlabel);
+ ASSERT_MBUF_LABEL(mbuflabel);
}
static void
@@ -779,6 +873,9 @@
struct mbuf *newmbuf, struct label *newmbuflabel)
{
+ ASSERT_MBUF_LABEL(oldmbuflabel);
+ ASSERT_IFNET_LABEL(ifnetlabel);
+ ASSERT_MBUF_LABEL(newmbuflabel);
}
static void
@@ -787,6 +884,8 @@
struct label *newmbuflabel)
{
+ ASSERT_MBUF_LABEL(oldmbuflabel);
+ ASSERT_MBUF_LABEL(newmbuflabel);
}
static int
@@ -794,6 +893,9 @@
struct ipq *ipq, struct label *ipqlabel)
{
+ ASSERT_MBUF_LABEL(fragmentlabel);
+ ASSERT_IPQ_LABEL(ipqlabel);
+
return (1);
}
@@ -801,12 +903,14 @@
mac_test_reflect_mbuf_icmp(struct mbuf *m, struct label *mlabel)
{
+ ASSERT_MBUF_LABEL(mlabel);
}
static void
mac_test_reflect_mbuf_tcp(struct mbuf *m, struct label *mlabel)
{
+ ASSERT_MBUF_LABEL(mlabel);
}
static void
@@ -814,6 +918,9 @@
struct label *ifnetlabel, struct label *newlabel)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_IFNET_LABEL(ifnetlabel);
+ ASSERT_IFNET_LABEL(newlabel);
}
static void
@@ -821,6 +928,8 @@
struct ipq *ipq, struct label *ipqlabel)
{
+ ASSERT_MBUF_LABEL(fragmentlabel);
+ ASSERT_IPQ_LABEL(ipqlabel);
}
/*
@@ -830,6 +939,8 @@
mac_test_create_cred(struct ucred *cred_parent, struct ucred *cred_child)
{
+ ASSERT_CRED_LABEL(&cred_parent->cr_label);
+ ASSERT_CRED_LABEL(&cred_child->cr_label);
}
static void
@@ -839,6 +950,11 @@
struct label *execlabel)
{
+ ASSERT_CRED_LABEL(&old->cr_label);
+ ASSERT_CRED_LABEL(&new->cr_label);
+ ASSERT_VNODE_LABEL(filelabel);
+ ASSERT_VNODE_LABEL(interpvnodelabel);
+ ASSERT_VNODE_LABEL(execlabel);
}
static int
@@ -847,6 +963,11 @@
struct image_params *imgp, struct label *execlabel)
{
+ ASSERT_CRED_LABEL(&old->cr_label);
+ ASSERT_VNODE_LABEL(filelabel);
+ ASSERT_VNODE_LABEL(interpvnodelabel);
+ ASSERT_VNODE_LABEL(execlabel);
+
return (0);
}
@@ -854,18 +975,22 @@
mac_test_create_proc0(struct ucred *cred)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
}
static void
mac_test_create_proc1(struct ucred *cred)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
}
static void
mac_test_relabel_cred(struct ucred *cred, struct label *newlabel)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_VNODE_LABEL(newlabel);
}
static int
@@ -899,6 +1024,9 @@
struct ifnet *ifnet, struct label *ifnetlabel)
{
+ ASSERT_BPF_LABEL(bpflabel);
+ ASSERT_IFNET_LABEL(ifnetlabel);
+
return (0);
}
@@ -906,6 +1034,9 @@
mac_test_check_cred_relabel(struct ucred *cred, struct label *newlabel)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_CRED_LABEL(newlabel);
+
return (0);
}
@@ -913,6 +1044,9 @@
mac_test_check_cred_visible(struct ucred *u1, struct ucred *u2)
{
+ ASSERT_CRED_LABEL(&u1->cr_label);
+ ASSERT_CRED_LABEL(&u2->cr_label);
+
return (0);
}
@@ -921,6 +1055,9 @@
struct label *ifnetlabel, struct label *newlabel)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_IFNET_LABEL(ifnetlabel);
+ ASSERT_IFNET_LABEL(newlabel);
return (0);
}
@@ -929,6 +1066,9 @@
struct mbuf *m, struct label *mbuflabel)
{
+ ASSERT_IFNET_LABEL(ifnetlabel);
+ ASSERT_MBUF_LABEL(mbuflabel);
+
return (0);
}
@@ -936,6 +1076,8 @@
mac_test_check_kenv_dump(struct ucred *cred)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+
return (0);
}
@@ -943,6 +1085,8 @@
mac_test_check_kenv_get(struct ucred *cred, char *name)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+
return (0);
}
@@ -950,6 +1094,8 @@
mac_test_check_kenv_set(struct ucred *cred, char *name, char *value)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+
return (0);
}
@@ -957,6 +1103,8 @@
mac_test_check_kenv_unset(struct ucred *cred, char *name)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+
return (0);
}
@@ -965,6 +1113,9 @@
struct label *label)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_VNODE_LABEL(label);
+
return (0);
}
@@ -972,6 +1123,8 @@
mac_test_check_kld_stat(struct ucred *cred)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+
return (0);
}
@@ -979,6 +1132,8 @@
mac_test_check_kld_unload(struct ucred *cred)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+
return (0);
}
@@ -987,6 +1142,9 @@
struct label *mntlabel)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_MOUNT_LABEL(mntlabel);
+
return (0);
}
@@ -995,6 +1153,9 @@
struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_PIPE_LABEL(pipelabel);
+
return (0);
}
@@ -1003,6 +1164,9 @@
struct label *pipelabel)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_PIPE_LABEL(pipelabel);
+
return (0);
}
@@ -1011,6 +1175,9 @@
struct label *pipelabel)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_PIPE_LABEL(pipelabel);
+
return (0);
}
@@ -1019,6 +1186,10 @@
struct label *pipelabel, struct label *newlabel)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_PIPE_LABEL(pipelabel);
+ ASSERT_PIPE_LABEL(newlabel);
+
return (0);
}
@@ -1027,6 +1198,9 @@
struct label *pipelabel)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_PIPE_LABEL(pipelabel);
+
return (0);
}
@@ -1035,6 +1209,9 @@
struct label *pipelabel)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_PIPE_LABEL(pipelabel);
+
return (0);
}
@@ -1042,6 +1219,9 @@
mac_test_check_proc_debug(struct ucred *cred, struct proc *proc)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_CRED_LABEL(&proc->p_ucred->cr_label);
+
return (0);
}
@@ -1049,6 +1229,9 @@
mac_test_check_proc_sched(struct ucred *cred, struct proc *proc)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_CRED_LABEL(&proc->p_ucred->cr_label);
+
return (0);
}
@@ -1056,6 +1239,9 @@
mac_test_check_proc_signal(struct ucred *cred, struct proc *proc, int signum)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_CRED_LABEL(&proc->p_ucred->cr_label);
+
return (0);
}
@@ -1064,6 +1250,9 @@
struct label *socketlabel, struct sockaddr *sockaddr)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_SOCKET_LABEL(socketlabel);
+
return (0);
}
@@ -1072,6 +1261,9 @@
struct label *socketlabel, struct sockaddr *sockaddr)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_SOCKET_LABEL(socketlabel);
+
return (0);
}
@@ -1080,6 +1272,9 @@
struct mbuf *m, struct label *mbuflabel)
{
+ ASSERT_SOCKET_LABEL(socketlabel);
+ ASSERT_MBUF_LABEL(mbuflabel);
+
return (0);
}
@@ -1088,6 +1283,9 @@
struct label *socketlabel)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_SOCKET_LABEL(socketlabel);
+
return (0);
}
@@ -1096,6 +1294,9 @@
struct label *socketlabel)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_SOCKET_LABEL(socketlabel);
+
return (0);
}
@@ -1104,6 +1305,10 @@
struct label *socketlabel, struct label *newlabel)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_SOCKET_LABEL(socketlabel);
+ ASSERT_SOCKET_LABEL(newlabel);
+
return (0);
}
@@ -1111,6 +1316,8 @@
mac_test_check_sysarch_ioperm(struct ucred *cred)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+
return (0);
}
@@ -1119,6 +1326,8 @@
struct label *label)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+
return (0);
}
@@ -1126,6 +1335,8 @@
mac_test_check_system_reboot(struct ucred *cred, int how)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+
return (0);
}
@@ -1133,6 +1344,8 @@
mac_test_check_system_settime(struct ucred *cred)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+
return (0);
}
@@ -1141,6 +1354,9 @@
struct label *label)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_VNODE_LABEL(label);
+
return (0);
}
@@ -1149,6 +1365,9 @@
struct label *label)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_VNODE_LABEL(label);
+
return (0);
}
@@ -1157,6 +1376,8 @@
void *old, size_t *oldlenp, int inkernel, void *new, size_t newlen)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+
return (0);
}
@@ -1165,6 +1386,9 @@
struct label *label, int acc_mode)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_VNODE_LABEL(label);
+
return (0);
}
@@ -1173,6 +1397,9 @@
struct label *dlabel)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_VNODE_LABEL(dlabel);
+
return (0);
}
@@ -1181,6 +1408,9 @@
struct label *dlabel)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_VNODE_LABEL(dlabel);
+
return (0);
}
@@ -1189,6 +1419,9 @@
struct label *dlabel, struct componentname *cnp, struct vattr *vap)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_VNODE_LABEL(dlabel);
+
return (0);
}
@@ -1198,6 +1431,10 @@
struct componentname *cnp)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_VNODE_LABEL(dlabel);
+ ASSERT_VNODE_LABEL(label);
+
return (0);
}
@@ -1206,6 +1443,9 @@
struct label *label, acl_type_t type)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_VNODE_LABEL(label);
+
return (0);
}
@@ -1215,6 +1455,10 @@
struct label *execlabel)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_VNODE_LABEL(label);
+ ASSERT_VNODE_LABEL(execlabel);
+
return (0);
}
@@ -1223,6 +1467,9 @@
struct label *label, acl_type_t type)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_VNODE_LABEL(label);
+
return (0);
}
@@ -1231,6 +1478,9 @@
struct label *label, int attrnamespace, const char *name, struct uio *uio)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_VNODE_LABEL(label);
+
return (0);
}
@@ -1240,6 +1490,10 @@
struct componentname *cnp)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_VNODE_LABEL(dlabel);
+ ASSERT_VNODE_LABEL(label);
+
return (0);
}
@@ -1248,6 +1502,9 @@
struct label *dlabel, struct componentname *cnp)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_VNODE_LABEL(dlabel);
+
return (0);
}
@@ -1256,6 +1513,9 @@
struct label *label, int prot)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_VNODE_LABEL(label);
+
return (0);
}
@@ -1264,6 +1524,9 @@
struct label *label, int prot)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_VNODE_LABEL(label);
+
return (0);
}
@@ -1272,6 +1535,9 @@
struct label *filelabel, int acc_mode)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_VNODE_LABEL(filelabel);
+
return (0);
}
@@ -1280,6 +1546,10 @@
struct vnode *vp, struct label *label)
{
+ ASSERT_CRED_LABEL(&active_cred->cr_label);
+ ASSERT_CRED_LABEL(&file_cred->cr_label);
+ ASSERT_VNODE_LABEL(label);
+
return (0);
}
@@ -1288,6 +1558,10 @@
struct vnode *vp, struct label *label)
{
+ ASSERT_CRED_LABEL(&active_cred->cr_label);
+ ASSERT_CRED_LABEL(&file_cred->cr_label);
+ ASSERT_VNODE_LABEL(label);
+
return (0);
}
@@ -1296,6 +1570,9 @@
struct label *dlabel)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_VNODE_LABEL(dlabel);
+
return (0);
}
@@ -1304,6 +1581,9 @@
struct label *vnodelabel)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_VNODE_LABEL(vnodelabel);
+
return (0);
}
@@ -1312,6 +1592,10 @@
struct label *vnodelabel, struct label *newlabel)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_VNODE_LABEL(vnodelabel);
+ ASSERT_VNODE_LABEL(newlabel);
+
return (0);
}
@@ -1321,6 +1605,10 @@
struct componentname *cnp)
{
+ ASSERT_CRED_LABEL(&cred->cr_label);
+ ASSERT_VNODE_LABEL(dlabel);
+ ASSERT_VNODE_LABEL(label);
+
return (0);
>>> TRUNCATED FOR MAIL (1000 lines) <<<
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list