PERFORCE change 41574 for review
Robert Watson
rwatson at FreeBSD.org
Thu Nov 6 07:16:13 GMT 2003
http://perforce.freebsd.org/chv.cgi?CH=41574
Change 41574 by rwatson at rwatson_paprika on 2003/11/05 23:15:36
Store 'struct label *' pointers in struct ucred and struct proc,
rather than actual 'struct label' instances. Removes the size
of 'struct label' from the ABI for credentials and processes
relating to both kernel and policy modules.
Affected files ...
.. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#423 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac/mac_process.c#6 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#223 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#71 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#181 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_partition/mac_partition.c#27 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#115 edit
.. //depot/projects/trustedbsd/mac/sys/sys/proc.h#48 edit
.. //depot/projects/trustedbsd/mac/sys/sys/ucred.h#20 edit
Differences ...
==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#423 (text+ko) ====
@@ -589,7 +589,7 @@
}
buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK | M_ZERO);
- error = mac_externalize_cred_label(&tcred->cr_label, elements,
+ error = mac_externalize_cred_label(tcred->cr_label, elements,
buffer, mac.m_buflen);
if (error == 0)
error = copyout(buffer, mac.m_string, strlen(buffer)+1);
@@ -626,7 +626,7 @@
}
buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK | M_ZERO);
- error = mac_externalize_cred_label(&td->td_ucred->cr_label,
+ error = mac_externalize_cred_label(td->td_ucred->cr_label,
elements, buffer, mac.m_buflen);
if (error == 0)
error = copyout(buffer, mac.m_string, strlen(buffer)+1);
==== //depot/projects/trustedbsd/mac/sys/security/mac/mac_process.c#6 (text+ko) ====
@@ -105,20 +105,49 @@
MAC_DEBUG_COUNTER_INC(&nmaccreds);
}
+static struct label *
+mac_cred_label_alloc(void)
+{
+ struct label *label;
+
+ label = mac_labelzone_alloc(M_WAITOK);
+ MAC_PERFORM(init_cred_label, label);
+ MAC_DEBUG_COUNTER_INC(&nmaccreds);
+ return (label);
+}
+
void
mac_init_cred(struct ucred *cred)
{
- mac_init_cred_label(&cred->cr_label);
+ cred->cr_label = mac_cred_label_alloc();
+}
+
+static struct label *
+mac_proc_label_alloc(void)
+{
+ struct label *label;
+
+ label = mac_labelzone_alloc(M_WAITOK);
+ MAC_PERFORM(init_proc_label, label);
+ MAC_DEBUG_COUNTER_INC(&nmacprocs);
+ return (label);
}
void
mac_init_proc(struct proc *p)
{
- mac_init_label(&p->p_label);
- MAC_PERFORM(init_proc_label, &p->p_label);
- MAC_DEBUG_COUNTER_INC(&nmacprocs);
+ p->p_label = mac_proc_label_alloc();
+}
+
+static void
+mac_cred_label_free(struct label *label)
+{
+
+ MAC_PERFORM(destroy_cred_label, label);
+ mac_labelzone_free(label);
+ MAC_DEBUG_COUNTER_DEC(&nmaccreds);
}
void
@@ -134,16 +163,25 @@
mac_destroy_cred(struct ucred *cred)
{
- mac_destroy_cred_label(&cred->cr_label);
+ mac_cred_label_free(cred->cr_label);
+ cred->cr_label = NULL;
+}
+
+static void
+mac_proc_label_free(struct label *label)
+{
+
+ MAC_PERFORM(destroy_proc_label, label);
+ mac_labelzone_free(label);
+ MAC_DEBUG_COUNTER_DEC(&nmacprocs);
}
void
mac_destroy_proc(struct proc *p)
{
- MAC_PERFORM(destroy_proc_label, &p->p_label);
- mac_destroy_label(&p->p_label);
- MAC_DEBUG_COUNTER_DEC(&nmacprocs);
+ mac_proc_label_free(p->p_label);
+ p->p_label = NULL;
}
int
==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#223 (text+ko) ====
@@ -900,7 +900,7 @@
{
struct mac_biba *source, *dest;
- source = SLOT(&cred->cr_label);
+ source = SLOT(cred->cr_label);
dest = SLOT(delabel);
mac_biba_copy_single(source, dest);
@@ -912,7 +912,7 @@
{
struct mac_biba *source, *dest;
- source = SLOT(&cred->cr_label);
+ source = SLOT(cred->cr_label);
dest = SLOT(mntlabel);
mac_biba_copy_single(source, dest);
dest = SLOT(fslabel);
@@ -1034,7 +1034,7 @@
buflen = sizeof(temp);
bzero(&temp, buflen);
- source = SLOT(&cred->cr_label);
+ source = SLOT(cred->cr_label);
dest = SLOT(vlabel);
mac_biba_copy_single(source, &temp);
@@ -1088,7 +1088,7 @@
{
struct mac_biba *source, *dest;
- source = SLOT(&cred->cr_label);
+ source = SLOT(cred->cr_label);
dest = SLOT(socketlabel);
mac_biba_copy_single(source, dest);
@@ -1100,7 +1100,7 @@
{
struct mac_biba *source, *dest;
- source = SLOT(&cred->cr_label);
+ source = SLOT(cred->cr_label);
dest = SLOT(pipelabel);
mac_biba_copy_single(source, dest);
@@ -1112,7 +1112,7 @@
{
struct mac_biba *source, *dest;
- source = SLOT(&cred->cr_label);
+ source = SLOT(cred->cr_label);
dest = SLOT(ks_label);
mac_biba_copy_single(source, dest);
@@ -1178,7 +1178,7 @@
struct mac_biba *source, *dest;
/* Ignore the msgq label */
- source = SLOT(&cred->cr_label);
+ source = SLOT(cred->cr_label);
dest = SLOT(msglabel);
mac_biba_copy_single(source, dest);
@@ -1190,7 +1190,7 @@
{
struct mac_biba *source, *dest;
- source = SLOT(&cred->cr_label);
+ source = SLOT(cred->cr_label);
dest = SLOT(msqlabel);
mac_biba_copy_single(source, dest);
@@ -1202,7 +1202,7 @@
{
struct mac_biba *source, *dest;
- source = SLOT(&cred->cr_label);
+ source = SLOT(cred->cr_label);
dest = SLOT(semalabel);
mac_biba_copy_single(source, dest);
@@ -1214,7 +1214,7 @@
{
struct mac_biba *source, *dest;
- source = SLOT(&cred->cr_label);
+ source = SLOT(cred->cr_label);
dest = SLOT(shmlabel);
mac_biba_copy_single(source, dest);
@@ -1242,7 +1242,7 @@
{
struct mac_biba *source, *dest;
- source = SLOT(&cred->cr_label);
+ source = SLOT(cred->cr_label);
dest = SLOT(bpflabel);
mac_biba_copy_single(source, dest);
@@ -1454,8 +1454,8 @@
{
struct mac_biba *source, *dest;
- source = SLOT(&cred_parent->cr_label);
- dest = SLOT(&cred_child->cr_label);
+ source = SLOT(cred_parent->cr_label);
+ dest = SLOT(cred_child->cr_label);
mac_biba_copy_single(source, dest);
mac_biba_copy_range(source, dest);
@@ -1466,7 +1466,7 @@
{
struct mac_biba *dest;
- dest = SLOT(&cred->cr_label);
+ dest = SLOT(cred->cr_label);
mac_biba_set_single(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL);
mac_biba_set_range(dest, MAC_BIBA_TYPE_LOW, 0, NULL,
@@ -1478,7 +1478,7 @@
{
struct mac_biba *dest;
- dest = SLOT(&cred->cr_label);
+ dest = SLOT(cred->cr_label);
mac_biba_set_single(dest, MAC_BIBA_TYPE_HIGH, 0, NULL);
mac_biba_set_range(dest, MAC_BIBA_TYPE_LOW, 0, NULL,
@@ -1491,7 +1491,7 @@
struct mac_biba *source, *dest;
source = SLOT(newlabel);
- dest = SLOT(&cred->cr_label);
+ dest = SLOT(cred->cr_label);
mac_biba_copy(source, dest);
}
@@ -1552,7 +1552,7 @@
struct mac_biba *subj, *new;
int error;
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
new = SLOT(newlabel);
/*
@@ -1616,8 +1616,8 @@
if (!mac_biba_enabled)
return (0);
- subj = SLOT(&u1->cr_label);
- obj = SLOT(&u2->cr_label);
+ subj = SLOT(u1->cr_label);
+ obj = SLOT(u2->cr_label);
/* XXX: range */
if (!mac_biba_dominate_single(obj, subj))
@@ -1633,7 +1633,7 @@
struct mac_biba *subj, *new;
int error;
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
new = SLOT(newlabel);
/*
@@ -1677,7 +1677,7 @@
if (!mac_biba_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT(&msgptr->label);
if (!mac_biba_dominate_single(obj, subj))
@@ -1694,7 +1694,7 @@
if (!mac_biba_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT(&msgptr->label);
if (!mac_biba_dominate_single(subj, obj))
@@ -1711,7 +1711,7 @@
if (!mac_biba_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT(&msqkptr->label);
if (!mac_biba_dominate_single(obj, subj))
@@ -1728,7 +1728,7 @@
if (!mac_biba_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT(&msqkptr->label);
if (!mac_biba_dominate_single(subj, obj))
@@ -1745,7 +1745,7 @@
if (!mac_biba_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT(&msqkptr->label);
if (!mac_biba_dominate_single(obj, subj))
@@ -1764,7 +1764,7 @@
if (!mac_biba_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT(&msqkptr->label);
switch(cmd) {
@@ -1795,7 +1795,7 @@
if (!mac_biba_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT(&semakptr->label);
switch(cmd) {
@@ -1833,7 +1833,7 @@
if (!mac_biba_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT(&semakptr->label);
if (!mac_biba_dominate_single(obj, subj))
@@ -1852,7 +1852,7 @@
if (!mac_biba_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT(&semakptr->label);
if (accesstype & SEM_R)
@@ -1875,7 +1875,7 @@
if (!mac_biba_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT(&shmsegptr->label);
if (!mac_biba_dominate_single(obj, subj))
@@ -1897,7 +1897,7 @@
if (!mac_biba_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT(&shmsegptr->label);
switch(cmd) {
@@ -1935,7 +1935,7 @@
if (!mac_biba_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT(&shmsegptr->label);
if (!mac_biba_dominate_single(subj, obj))
@@ -1954,7 +1954,7 @@
if (!mac_biba_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT(&shmsegptr->label);
if (!mac_biba_dominate_single(obj, subj))
@@ -1973,7 +1973,7 @@
if (!mac_biba_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
error = mac_biba_subject_privileged(subj);
if (error)
@@ -1995,7 +1995,7 @@
if (!mac_biba_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
return (mac_biba_subject_privileged(subj));
}
@@ -2009,7 +2009,7 @@
if (!mac_biba_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT(mntlabel);
if (!mac_biba_dominate_single(obj, subj))
@@ -2040,7 +2040,7 @@
if (!mac_biba_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT((pipelabel));
if (!mac_biba_dominate_single(obj, subj))
@@ -2058,7 +2058,7 @@
if (!mac_biba_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT((pipelabel));
if (!mac_biba_dominate_single(obj, subj))
@@ -2075,7 +2075,7 @@
int error;
new = SLOT(newlabel);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT(pipelabel);
/*
@@ -2127,7 +2127,7 @@
if (!mac_biba_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT((pipelabel));
if (!mac_biba_dominate_single(obj, subj))
@@ -2145,7 +2145,7 @@
if (!mac_biba_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT((pipelabel));
if (!mac_biba_dominate_single(subj, obj))
@@ -2162,7 +2162,7 @@
if (!mac_biba_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT((&ksemptr->ks_label));
if (!mac_biba_dominate_single(subj, obj))
@@ -2179,7 +2179,7 @@
if (!mac_biba_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT((&ksemptr->ks_label));
if (!mac_biba_dominate_single(obj, subj))
@@ -2196,8 +2196,8 @@
if (!mac_biba_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
- obj = SLOT(&proc->p_ucred->cr_label);
+ subj = SLOT(cred->cr_label);
+ obj = SLOT(proc->p_ucred->cr_label);
/* XXX: range checks */
if (!mac_biba_dominate_single(obj, subj))
@@ -2216,8 +2216,8 @@
if (!mac_biba_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
- obj = SLOT(&proc->p_ucred->cr_label);
+ subj = SLOT(cred->cr_label);
+ obj = SLOT(proc->p_ucred->cr_label);
/* XXX: range checks */
if (!mac_biba_dominate_single(obj, subj))
@@ -2236,8 +2236,8 @@
if (!mac_biba_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
- obj = SLOT(&proc->p_ucred->cr_label);
+ subj = SLOT(cred->cr_label);
+ obj = SLOT(proc->p_ucred->cr_label);
/* XXX: range checks */
if (!mac_biba_dominate_single(obj, subj))
@@ -2271,7 +2271,7 @@
int error;
new = SLOT(newlabel);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT(socketlabel);
/*
@@ -2323,7 +2323,7 @@
if (!mac_biba_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT(socketlabel);
if (!mac_biba_dominate_single(obj, subj))
@@ -2341,7 +2341,7 @@
if (!mac_biba_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
error = mac_biba_subject_privileged(subj);
if (error)
@@ -2360,7 +2360,7 @@
if (!mac_biba_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
error = mac_biba_subject_privileged(subj);
if (error)
@@ -2385,7 +2385,7 @@
if (!mac_biba_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
error = mac_biba_subject_privileged(subj);
if (error)
@@ -2404,7 +2404,7 @@
if (!mac_biba_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT(label);
error = mac_biba_subject_privileged(subj);
@@ -2427,7 +2427,7 @@
if (!mac_biba_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT(label);
error = mac_biba_subject_privileged(subj);
@@ -2447,7 +2447,7 @@
if (!mac_biba_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
/*
* In general, treat sysctl variables as biba/high, but also
@@ -2480,7 +2480,7 @@
if (!mac_biba_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT(dlabel);
if (!mac_biba_dominate_single(obj, subj))
@@ -2498,7 +2498,7 @@
if (!mac_biba_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT(dlabel);
if (!mac_biba_dominate_single(obj, subj))
@@ -2516,7 +2516,7 @@
if (!mac_biba_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT(dlabel);
if (!mac_biba_dominate_single(subj, obj))
@@ -2535,7 +2535,7 @@
if (!mac_biba_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT(dlabel);
if (!mac_biba_dominate_single(subj, obj))
@@ -2558,7 +2558,7 @@
if (!mac_biba_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT(label);
if (!mac_biba_dominate_single(subj, obj))
@@ -2576,7 +2576,7 @@
if (!mac_biba_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT(label);
if (!mac_biba_dominate_single(subj, obj))
@@ -2608,7 +2608,7 @@
if (!mac_biba_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT(label);
if (!mac_biba_dominate_single(obj, subj))
@@ -2626,7 +2626,7 @@
if (!mac_biba_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT(label);
if (!mac_biba_dominate_single(obj, subj))
@@ -2644,7 +2644,7 @@
if (!mac_biba_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT(label);
if (!mac_biba_dominate_single(obj, subj))
@@ -2663,7 +2663,7 @@
if (!mac_biba_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT(dlabel);
if (!mac_biba_dominate_single(subj, obj))
@@ -2686,7 +2686,7 @@
if (!mac_biba_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT(label);
if (!mac_biba_dominate_single(obj, subj))
@@ -2704,7 +2704,7 @@
if (!mac_biba_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT(dlabel);
if (!mac_biba_dominate_single(obj, subj))
@@ -2726,7 +2726,7 @@
if (!mac_biba_enabled || !revocation_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT(label);
if (prot & (VM_PROT_READ | VM_PROT_EXECUTE)) {
@@ -2750,7 +2750,7 @@
if (!mac_biba_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT(vnodelabel);
/* XXX privilege override for admin? */
@@ -2775,7 +2775,7 @@
if (!mac_biba_enabled || !revocation_enabled)
return (0);
- subj = SLOT(&active_cred->cr_label);
+ subj = SLOT(active_cred->cr_label);
obj = SLOT(label);
if (!mac_biba_dominate_single(obj, subj))
@@ -2793,7 +2793,7 @@
if (!mac_biba_enabled || !revocation_enabled)
return (0);
- subj = SLOT(&active_cred->cr_label);
+ subj = SLOT(active_cred->cr_label);
obj = SLOT(label);
if (!mac_biba_dominate_single(obj, subj))
@@ -2811,7 +2811,7 @@
if (!mac_biba_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT(dlabel);
if (!mac_biba_dominate_single(obj, subj))
@@ -2829,7 +2829,7 @@
if (!mac_biba_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT(label);
if (!mac_biba_dominate_single(obj, subj))
@@ -2847,7 +2847,7 @@
old = SLOT(vnodelabel);
new = SLOT(newlabel);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
/*
* If there is a Biba label update for the vnode, it must be a
@@ -2899,7 +2899,7 @@
if (!mac_biba_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT(dlabel);
if (!mac_biba_dominate_single(subj, obj))
@@ -2923,7 +2923,7 @@
if (!mac_biba_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT(dlabel);
if (!mac_biba_dominate_single(subj, obj))
@@ -2948,7 +2948,7 @@
if (!mac_biba_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT(label);
if (!mac_biba_dominate_single(subj, obj))
@@ -2966,7 +2966,7 @@
if (!mac_biba_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT(label);
if (!mac_biba_dominate_single(subj, obj))
@@ -2985,7 +2985,7 @@
if (!mac_biba_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT(vnodelabel);
if (!mac_biba_dominate_single(subj, obj))
@@ -3005,7 +3005,7 @@
if (!mac_biba_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT(vnodelabel);
if (!mac_biba_dominate_single(subj, obj))
@@ -3023,7 +3023,7 @@
if (!mac_biba_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT(vnodelabel);
if (!mac_biba_dominate_single(subj, obj))
@@ -3041,7 +3041,7 @@
if (!mac_biba_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT(vnodelabel);
if (!mac_biba_dominate_single(subj, obj))
@@ -3059,7 +3059,7 @@
if (!mac_biba_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT(vnodelabel);
if (!mac_biba_dominate_single(subj, obj))
@@ -3077,7 +3077,7 @@
if (!mac_biba_enabled)
return (0);
- subj = SLOT(&active_cred->cr_label);
+ subj = SLOT(active_cred->cr_label);
obj = SLOT(vnodelabel);
if (!mac_biba_dominate_single(obj, subj))
@@ -3095,7 +3095,7 @@
if (!mac_biba_enabled || !revocation_enabled)
return (0);
- subj = SLOT(&active_cred->cr_label);
+ subj = SLOT(active_cred->cr_label);
obj = SLOT(label);
if (!mac_biba_dominate_single(subj, obj))
==== //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#71 (text+ko) ====
@@ -516,7 +516,7 @@
struct proc *p;
pid_t pgid;
- subj = PSLOT(&curthread->td_proc->p_label);
+ subj = PSLOT(curthread->td_proc->p_label);
p = curthread->td_proc;
mtx_lock(&subj->mtx);
@@ -960,7 +960,7 @@
{
struct mac_lomac *source, *dest;
- source = SLOT(&cred->cr_label);
+ source = SLOT(cred->cr_label);
dest = SLOT(delabel);
mac_lomac_copy_single(source, dest);
@@ -972,7 +972,7 @@
{
struct mac_lomac *source, *dest;
- source = SLOT(&cred->cr_label);
+ source = SLOT(cred->cr_label);
dest = SLOT(mntlabel);
mac_lomac_copy_single(source, dest);
dest = SLOT(fslabel);
@@ -1101,7 +1101,7 @@
buflen = sizeof(temp);
bzero(&temp, buflen);
- source = SLOT(&cred->cr_label);
+ source = SLOT(cred->cr_label);
dest = SLOT(vlabel);
dir = SLOT(dlabel);
if (dir->ml_flags & MAC_LOMAC_FLAG_AUX) {
@@ -1161,7 +1161,7 @@
{
struct mac_lomac *source, *dest;
- source = SLOT(&cred->cr_label);
+ source = SLOT(cred->cr_label);
dest = SLOT(socketlabel);
mac_lomac_copy_single(source, dest);
@@ -1173,7 +1173,7 @@
{
struct mac_lomac *source, *dest;
- source = SLOT(&cred->cr_label);
+ source = SLOT(cred->cr_label);
dest = SLOT(pipelabel);
mac_lomac_copy_single(source, dest);
@@ -1185,7 +1185,7 @@
{
struct mac_lomac *source, *dest;
- source = SLOT(&cred->cr_label);
+ source = SLOT(cred->cr_label);
dest = SLOT(ks_label);
mac_lomac_copy_single(source, dest);
@@ -1250,7 +1250,7 @@
struct mac_lomac *source, *dest;
/* Ignore the msgq label */
- source = SLOT(&cred->cr_label);
+ source = SLOT(cred->cr_label);
dest = SLOT(msglabel);
mac_lomac_copy_single(source, dest);
@@ -1262,7 +1262,7 @@
{
struct mac_lomac *source, *dest;
- source = SLOT(&cred->cr_label);
+ source = SLOT(cred->cr_label);
dest = SLOT(msqlabel);
mac_lomac_copy_single(source, dest);
@@ -1274,7 +1274,7 @@
{
struct mac_lomac *source, *dest;
- source = SLOT(&cred->cr_label);
+ source = SLOT(cred->cr_label);
dest = SLOT(semalabel);
mac_lomac_copy_single(source, dest);
@@ -1286,7 +1286,7 @@
{
struct mac_lomac *source, *dest;
- source = SLOT(&cred->cr_label);
+ source = SLOT(cred->cr_label);
dest = SLOT(shmlabel);
mac_lomac_copy_single(source, dest);
@@ -1314,7 +1314,7 @@
{
struct mac_lomac *source, *dest;
- source = SLOT(&cred->cr_label);
+ source = SLOT(cred->cr_label);
dest = SLOT(bpflabel);
mac_lomac_copy_single(source, dest);
@@ -1538,8 +1538,8 @@
{
struct mac_lomac *source, *dest;
- source = SLOT(&cred_parent->cr_label);
- dest = SLOT(&cred_child->cr_label);
+ source = SLOT(cred_parent->cr_label);
+ dest = SLOT(cred_child->cr_label);
mac_lomac_copy_single(source, dest);
>>> TRUNCATED FOR MAIL (1000 lines) <<<
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list