PERFORCE change 63152 for review
Robert Watson
rwatson at FreeBSD.org
Wed Oct 13 12:21:58 GMT 2004
http://perforce.freebsd.org/chv.cgi?CH=63152
Change 63152 by rwatson at rwatson_tislabs on 2004/10/13 12:21:16
Merge McAfee Research change made to System V IPC MAC support
on SEDarwin: rename System V IPC MAC Framework entry points and
policy entry points to use _sysv_ instead of _ipc_ to make it
more clear when System V vs Posix or Mach IPC are in use.
Submitted by: cvance
Affected files ...
.. //depot/projects/trustedbsd/mac/sys/kern/sysv_msg.c#25 edit
.. //depot/projects/trustedbsd/mac/sys/kern/sysv_sem.c#28 edit
.. //depot/projects/trustedbsd/mac/sys/kern/sysv_shm.c#25 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac/mac_sysv_msg.c#9 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac/mac_sysv_sem.c#9 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac/mac_sysv_shm.c#8 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#246 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#87 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#200 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_stub/mac_stub.c#23 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#136 edit
.. //depot/projects/trustedbsd/mac/sys/sys/mac.h#262 edit
.. //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#217 edit
Differences ...
==== //depot/projects/trustedbsd/mac/sys/kern/sysv_msg.c#25 (text+ko) ====
@@ -194,7 +194,7 @@
msghdrs[i-1].msg_next = &msghdrs[i];
msghdrs[i].msg_next = NULL;
#ifdef MAC
- mac_init_ipc_msgmsg(&msghdrs[i]);
+ mac_init_sysv_msgmsg(&msghdrs[i]);
#endif
}
free_msghdrs = &msghdrs[0];
@@ -207,7 +207,7 @@
msqids[i].u.msg_perm.seq = 0; /* reset to a known value */
msqids[i].u.msg_perm.mode = 0;
#ifdef MAC
- mac_init_ipc_msgqueue(&msqids[i]);
+ mac_init_sysv_msgqueue(&msqids[i]);
#endif
}
mtx_init(&msq_mtx, "msq", NULL, MTX_DEF);
@@ -243,10 +243,10 @@
int i;
/* Clean up the MAC label associated with the msg objects. */
for (i = 0; i < msginfo.msgtql; i++)
- mac_destroy_ipc_msgmsg(&msghdrs[i]);
+ mac_destroy_sysv_msgmsg(&msghdrs[i]);
/* Clean up the MAC label associated with the msq objects. */
for (msqid = 0; msqid < msginfo.msgmni; msqid++)
- mac_destroy_ipc_msgqueue(&msqids[msqid]);
+ mac_destroy_sysv_msgqueue(&msqids[msqid]);
#endif
free(msgpool, M_MSG);
free(msgmaps, M_MSG);
@@ -347,7 +347,7 @@
free_msghdrs = msghdr;
#ifdef MAC
/* XXX: Reset the MAC label */
- mac_cleanup_ipc_msgmsg(msghdr);
+ mac_cleanup_sysv_msgmsg(msghdr);
#endif
}
@@ -403,9 +403,9 @@
goto done2;
}
#ifdef MAC
- if ((error = mac_check_ipc_msqctl(td->td_ucred,msqkptr,cmd))) {
+ if ((error = mac_check_sysv_msqctl(td->td_ucred,msqkptr,cmd))) {
MPRINTF((
- "MAC Framework: mac_check_ipc_msqctl permission denied!\n"));
+ "MAC Framework: mac_check_sysv_msqctl permission denied!\n"));
goto done2;
}
#endif
@@ -433,10 +433,10 @@
*/
msghdr = msqkptr->u.msg_first;
while (msghdr != NULL) {
- if ((error = mac_check_ipc_msgrmid(td->td_ucred,
+ if ((error = mac_check_sysv_msgrmid(td->td_ucred,
msghdr))) {
MPRINTF(
- "MAC Framework: mac_check_ipc_msgrmid permission denied\n");
+ "MAC Framework: mac_check_sysv_msgrmid permission denied\n");
/* XXX wakeup(msqkptr); ??? */
goto done2;
}
@@ -466,7 +466,7 @@
#ifdef MAC
/* XXX: Reset the MAC label */
- mac_cleanup_ipc_msgqueue(msqkptr);
+ mac_cleanup_sysv_msgqueue(msqkptr);
#endif
wakeup(msqkptr);
@@ -570,9 +570,9 @@
goto done2;
}
#ifdef MAC
- if ((error = mac_check_ipc_msqget(cred, msqkptr))) {
+ if ((error = mac_check_sysv_msqget(cred, msqkptr))) {
MPRINTF(
- "MAC Framework: mac_check_ipc_msqget access denied\n");
+ "MAC Framework: mac_check_sysv_msqget access denied\n");
goto done2;
}
#endif
@@ -619,7 +619,7 @@
msqkptr->u.msg_rtime = 0;
msqkptr->u.msg_ctime = time_second;
#ifdef MAC
- mac_create_ipc_msgqueue(cred, msqkptr);
+ mac_create_sysv_msgqueue(cred, msqkptr);
#endif
} else {
DPRINTF(("didn't find it and wasn't asked to create it\n"));
@@ -698,9 +698,9 @@
* Make sure that the thread has access rights to the message
* queue.
*/
- if ((error = mac_check_ipc_msqsnd(td->td_ucred, msqkptr))) {
+ if ((error = mac_check_sysv_msqsnd(td->td_ucred, msqkptr))) {
MPRINTF((
-"MAC Framework: mac_check_ipc_msqsnd permission denied\n"));
+"MAC Framework: mac_check_sysv_msqsnd permission denied\n"));
goto done2;
}
#endif
@@ -819,9 +819,9 @@
msghdr->msg_spot = -1;
msghdr->msg_ts = msgsz;
#ifdef MAC
- mac_create_ipc_msgmsg(td->td_ucred, msqkptr, msghdr);
+ mac_create_sysv_msgmsg(td->td_ucred, msqkptr, msghdr);
/*
- * XXX: Should the mac_check_ipc_msgmsq check follow here
+ * XXX: Should the mac_check_sysv_msgmsq check follow here
* immediately? Or, should it be checked just before the msg is
* enqueued in the msgq (as it is done now)?
*/
@@ -939,16 +939,16 @@
* Note: Since the task/thread allocates the msghdr and usually
* primes it with its own MAC label,for a majority of policies, it
* won't be necessary to check whether the msghdr has access
- * permissions to the msgq. The mac_check_ipc_msqsnd check would
+ * permissions to the msgq. The mac_check_sysv_msqsnd check would
* suffice in that case. However, this hook may be required where
* individual policies derive a non-identical label for the msghdr
* from the current thread label and may want to check the msghdr
* enqueue permissions, along with read/write permissions to the
* msgq.
*/
- if ((error = mac_check_ipc_msgmsq(td->td_ucred,msghdr,msqkptr))) {
+ if ((error = mac_check_sysv_msgmsq(td->td_ucred,msghdr,msqkptr))) {
MPRINTF((
- "MAC Framework: mac_check_ipc_msqmsq permission denied\n"));
+ "MAC Framework: mac_check_sysv_msqmsq permission denied\n"));
msg_freehdr(msghdr);
wakeup(msqkptr);
goto done2;
@@ -1041,9 +1041,9 @@
/*
* Make sure that the thread has access rights to the message queue.
*/
- if ((error = mac_check_ipc_msqrcv(td->td_ucred, msqkptr))) {
+ if ((error = mac_check_sysv_msqrcv(td->td_ucred, msqkptr))) {
MPRINTF((
-"MAC Framework: mac_check_ipc_msqrcv permission denied\n"));
+"MAC Framework: mac_check_sysv_msqrcv permission denied\n"));
goto done2;
}
#endif
@@ -1066,10 +1066,10 @@
* Make sure that the thread has access
* rights to the message header.
*/
- if ((error = mac_check_ipc_msgrcv(td->td_ucred,
+ if ((error = mac_check_sysv_msgrcv(td->td_ucred,
msghdr))) {
MPRINTF((
- "MAC Framework: mac_check_ipc_msgrcv permission denied\n"));
+ "MAC Framework: mac_check_sysv_msgrcv permission denied\n"));
goto done2;
}
#endif
@@ -1119,10 +1119,10 @@
* header.
*/
if ((error =
- mac_check_ipc_msgrcv(td->td_ucred,
+ mac_check_sysv_msgrcv(td->td_ucred,
msghdr))) {
MPRINTF((
- "MAC Framework: mac_check_ipc_msgrcv permission denied\n"));
+ "MAC Framework: mac_check_sysv_msgrcv permission denied\n"));
goto done2;
}
#endif
==== //depot/projects/trustedbsd/mac/sys/kern/sysv_sem.c#28 (text+ko) ====
@@ -208,7 +208,7 @@
sema[i].u.sem_perm.mode = 0;
sema[i].u.sem_perm.seq = 0;
#ifdef MAC
- mac_init_ipc_sema(&sema[i]);
+ mac_init_sysv_sema(&sema[i]);
#endif
}
for (i = 0; i < seminfo.semmni; i++)
@@ -234,7 +234,7 @@
EVENTHANDLER_DEREGISTER(process_exit, semexit_tag);
#ifdef MAC
for (i = 0; i < seminfo.semmni; i++)
- mac_destroy_ipc_sema(&sema[i]);
+ mac_destroy_sysv_sema(&sema[i]);
#endif
free(sem, M_SEM);
free(sema, M_SEM);
@@ -551,9 +551,9 @@
if ((error = ipcperm(td, &semakptr->u.sem_perm, IPC_R)))
goto done2;
#ifdef MAC
- if ((error = mac_check_ipc_semctl(cred, semakptr, cmd))) {
+ if ((error = mac_check_sysv_semctl(cred, semakptr, cmd))) {
MPRINTF((
- "MAC Framework: mac_check_ipc_semctl access denied\n"));
+ "MAC Framework: mac_check_sysv_semctl access denied\n"));
goto done2;
}
#endif
@@ -574,9 +574,9 @@
sema_mtxp = &sema_mtx[semid];
#ifdef MAC
mtx_lock(sema_mtxp);
- if ((error = mac_check_ipc_semctl(cred, semakptr, cmd))) {
+ if ((error = mac_check_sysv_semctl(cred, semakptr, cmd))) {
MPRINTF((
- "MAC Framework: mac_check_ipc_semctl access denied\n"));
+ "MAC Framework: mac_check_sysv_semctl access denied\n"));
goto done2;
}
mtx_unlock(sema_mtxp);
@@ -604,7 +604,7 @@
}
semakptr->u.sem_perm.mode = 0;
#ifdef MAC
- mac_cleanup_ipc_sema(semakptr);
+ mac_cleanup_sysv_sema(semakptr);
#endif
SEMUNDO_LOCK();
semundo_clear(semid, -1);
@@ -838,10 +838,10 @@
goto done2;
}
#ifdef MAC
- if ((error = mac_check_ipc_semget(cred,
+ if ((error = mac_check_sysv_semget(cred,
&sema[semid]))) {
MPRINTF((
- "MAC Framework: mac_check_ipc_semget access denied\n"));
+ "MAC Framework: mac_check_sysv_semget access denied\n"));
goto done2;
}
#endif
@@ -890,7 +890,7 @@
bzero(sema[semid].u.sem_base,
sizeof(sema[semid].u.sem_base[0])*nsems);
#ifdef MAC
- mac_create_ipc_sema(cred, &sema[semid]);
+ mac_create_sysv_sema(cred, &sema[semid]);
#endif
DPRINTF(("sembase = 0x%x, next = 0x%x\n",
sema[semid].u.sem_base, &sem[semtot]));
@@ -1004,9 +1004,9 @@
* write) permissions to the semaphore array based on the
* sopptr->sem_op value.
*/
- if ((error = mac_check_ipc_semop(td->td_ucred, semakptr, j))) {
+ if ((error = mac_check_sysv_semop(td->td_ucred, semakptr, j))) {
MPRINTF((
- "MAC Framework: mac_check_ipc_semop access denied\n"));
+ "MAC Framework: mac_check_sysv_semop access denied\n"));
goto done2;
}
#endif
==== //depot/projects/trustedbsd/mac/sys/kern/sysv_shm.c#25 (text+ko) ====
@@ -222,7 +222,7 @@
shmseg->u.shm_perm.mode = SHMSEG_FREE;
#ifdef MAC
/* Reset the MAC label */
- mac_cleanup_ipc_shm(shmseg);
+ mac_cleanup_sysv_shm(shmseg);
#endif
}
@@ -295,9 +295,9 @@
*/
struct shmid_kernel *shmsegptr;
shmsegptr = &shmsegs[IPCID_TO_IX(shmmap_s->shmid)];
- if ((error = mac_check_ipc_shmdt(td->td_ucred, shmsegptr))) {
+ if ((error = mac_check_sysv_shmdt(td->td_ucred, shmsegptr))) {
MPRINTF((
- "MAC Framework: mac_check_ipc_shmdt access denied\n"));
+ "MAC Framework: mac_check_sysv_shmdt access denied\n"));
goto done2;
}
#endif
@@ -356,9 +356,9 @@
if (error)
goto done2;
#ifdef MAC
- if ((error = mac_check_ipc_shmat(td->td_ucred, shmseg, shmflg))) {
+ if ((error = mac_check_sysv_shmat(td->td_ucred, shmseg, shmflg))) {
MPRINTF((
- "MAC Framework: mac_check_ipc_shmat access denied\n"));
+ "MAC Framework: mac_check_sysv_shmat access denied\n"));
goto done2;
}
#endif
@@ -476,9 +476,9 @@
if (error)
goto done2;
#ifdef MAC
- if ((error = mac_check_ipc_shmctl(td->td_ucred, shmseg, uap->cmd))) {
+ if ((error = mac_check_sysv_shmctl(td->td_ucred, shmseg, uap->cmd))) {
MPRINTF((
- "MAC Framework: mac_check_ipc_shmctl access denied\n"));
+ "MAC Framework: mac_check_sysv_shmctl access denied\n"));
goto done2;
}
#endif
@@ -564,9 +564,9 @@
goto done2;
}
#ifdef MAC
- if ((error = mac_check_ipc_shmctl(td->td_ucred, shmseg, cmd))) {
+ if ((error = mac_check_sysv_shmctl(td->td_ucred, shmseg, cmd))) {
MPRINTF((
- "MAC Framework: mac_check_ipc_shmctl access denied\n"));
+ "MAC Framework: mac_check_sysv_shmctl access denied\n"));
goto done2;
}
#endif
@@ -694,9 +694,9 @@
return (EEXIST);
error = ipcperm(td, &shmseg->u.shm_perm, mode);
#ifdef MAC
- if ((error = mac_check_ipc_shmget(td->td_ucred,shmseg,uap->shmflg))) {
+ if ((error = mac_check_sysv_shmget(td->td_ucred,shmseg,uap->shmflg))) {
MPRINTF((
- "MAC Framework: mac_check_ipc_shmget access denied\n"));
+ "MAC Framework: mac_check_sysv_shmget access denied\n"));
}
#endif
if (error)
@@ -775,7 +775,7 @@
shmseg->u.shm_lpid = shmseg->u.shm_nattch = 0;
shmseg->u.shm_atime = shmseg->u.shm_dtime = 0;
#ifdef MAC
- mac_create_ipc_shm(cred, shmseg);
+ mac_create_sysv_shm(cred, shmseg);
#endif
shmseg->u.shm_ctime = time_second;
shm_committed += btoc(size);
@@ -913,7 +913,7 @@
shmsegs[i].u.shm_perm.mode = SHMSEG_FREE;
shmsegs[i].u.shm_perm.seq = 0;
#ifdef MAC
- mac_init_ipc_shm(&shmsegs[i]);
+ mac_init_sysv_shm(&shmsegs[i]);
#endif
}
free(shmsegs, M_SHM);
@@ -945,7 +945,7 @@
shmsegs[i].u.shm_perm.mode = SHMSEG_FREE;
shmsegs[i].u.shm_perm.seq = 0;
#ifdef MAC
- mac_init_ipc_shm(&shmsegs[i]);
+ mac_init_sysv_shm(&shmsegs[i]);
#endif
}
shm_last_free = 0;
@@ -967,7 +967,7 @@
#ifdef MAC
for (i = 0; i < shmalloced; i++)
- mac_destroy_ipc_shm(&shmsegs[i]);
+ mac_destroy_sysv_shm(&shmsegs[i]);
#endif
free(shmsegs, M_SHM);
shmexit_hook = NULL;
==== //depot/projects/trustedbsd/mac/sys/security/mac/mac_sysv_msg.c#9 (text+ko) ====
@@ -68,108 +68,108 @@
#endif
static struct label *
-mac_ipc_msgmsg_label_alloc(void)
+mac_sysv_msgmsg_label_alloc(void)
{
struct label *label;
label = mac_labelzone_alloc(M_WAITOK);
- MAC_PERFORM(init_ipc_msgmsg_label, label);
+ MAC_PERFORM(init_sysv_msgmsg_label, label);
MAC_DEBUG_COUNTER_INC(&nmacipcmsgs);
return (label);
}
void
-mac_init_ipc_msgmsg(struct msg *msgptr)
+mac_init_sysv_msgmsg(struct msg *msgptr)
{
- msgptr->label = mac_ipc_msgmsg_label_alloc();
+ msgptr->label = mac_sysv_msgmsg_label_alloc();
}
static struct label *
-mac_ipc_msgqueue_label_alloc(void)
+mac_sysv_msgqueue_label_alloc(void)
{
struct label *label;
label = mac_labelzone_alloc(M_WAITOK);
- MAC_PERFORM(init_ipc_msgqueue_label, label);
+ MAC_PERFORM(init_sysv_msgqueue_label, label);
MAC_DEBUG_COUNTER_INC(&nmacipcmsqs);
return (label);
}
void
-mac_init_ipc_msgqueue(struct msqid_kernel *msqkptr)
+mac_init_sysv_msgqueue(struct msqid_kernel *msqkptr)
{
- msqkptr->label = mac_ipc_msgqueue_label_alloc();
+ msqkptr->label = mac_sysv_msgqueue_label_alloc();
msqkptr->label = NULL;
}
static void
-mac_ipc_msgmsg_label_free(struct label *label)
+mac_sysv_msgmsg_label_free(struct label *label)
{
- MAC_PERFORM(destroy_ipc_msgmsg_label, label);
+ MAC_PERFORM(destroy_sysv_msgmsg_label, label);
mac_labelzone_free(label);
MAC_DEBUG_COUNTER_DEC(&nmacipcmsgs);
}
void
-mac_destroy_ipc_msgmsg(struct msg *msgptr)
+mac_destroy_sysv_msgmsg(struct msg *msgptr)
{
- mac_ipc_msgmsg_label_free(msgptr->label);
+ mac_sysv_msgmsg_label_free(msgptr->label);
msgptr->label = NULL;
}
static void
-mac_ipc_msgqueue_label_free(struct label *label)
+mac_sysv_msgqueue_label_free(struct label *label)
{
- MAC_PERFORM(destroy_ipc_msgqueue_label, label);
+ MAC_PERFORM(destroy_sysv_msgqueue_label, label);
mac_labelzone_free(label);
MAC_DEBUG_COUNTER_DEC(&nmacipcmsqs);
}
void
-mac_destroy_ipc_msgqueue(struct msqid_kernel *msqkptr)
+mac_destroy_sysv_msgqueue(struct msqid_kernel *msqkptr)
{
- mac_ipc_msgqueue_label_free(msqkptr->label);
+ mac_sysv_msgqueue_label_free(msqkptr->label);
msqkptr->label = NULL;
}
void
-mac_create_ipc_msgmsg(struct ucred *cred, struct msqid_kernel *msqkptr,
+mac_create_sysv_msgmsg(struct ucred *cred, struct msqid_kernel *msqkptr,
struct msg *msgptr)
{
- MAC_PERFORM(create_ipc_msgmsg, cred, msqkptr, msqkptr->label,
+ MAC_PERFORM(create_sysv_msgmsg, cred, msqkptr, msqkptr->label,
msgptr, msgptr->label);
}
void
-mac_create_ipc_msgqueue(struct ucred *cred, struct msqid_kernel *msqkptr)
+mac_create_sysv_msgqueue(struct ucred *cred, struct msqid_kernel *msqkptr)
{
- MAC_PERFORM(create_ipc_msgqueue, cred, msqkptr, msqkptr->label);
+ MAC_PERFORM(create_sysv_msgqueue, cred, msqkptr, msqkptr->label);
}
void
-mac_cleanup_ipc_msgmsg(struct msg *msgptr)
+mac_cleanup_sysv_msgmsg(struct msg *msgptr)
{
- MAC_PERFORM(cleanup_ipc_msgmsg, msgptr->label);
+ MAC_PERFORM(cleanup_sysv_msgmsg, msgptr->label);
}
void
-mac_cleanup_ipc_msgqueue(struct msqid_kernel *msqkptr)
+mac_cleanup_sysv_msgqueue(struct msqid_kernel *msqkptr)
{
- MAC_PERFORM(cleanup_ipc_msgqueue, msqkptr->label);
+ MAC_PERFORM(cleanup_sysv_msgqueue, msqkptr->label);
}
int
-mac_check_ipc_msgmsq(struct ucred *cred, struct msg *msgptr,
+mac_check_sysv_msgmsq(struct ucred *cred, struct msg *msgptr,
struct msqid_kernel *msqkptr)
{
int error;
@@ -177,79 +177,79 @@
if (!mac_enforce_sysv_msg)
return (0);
- MAC_CHECK(check_ipc_msgmsq, cred, msgptr, msgptr->label, msqkptr,
+ MAC_CHECK(check_sysv_msgmsq, cred, msgptr, msgptr->label, msqkptr,
msqkptr->label);
return(error);
}
int
-mac_check_ipc_msgrcv(struct ucred *cred, struct msg *msgptr)
+mac_check_sysv_msgrcv(struct ucred *cred, struct msg *msgptr)
{
int error;
if (!mac_enforce_sysv_msg)
return (0);
- MAC_CHECK(check_ipc_msgrcv, cred, msgptr, msgptr->label);
+ MAC_CHECK(check_sysv_msgrcv, cred, msgptr, msgptr->label);
return(error);
}
int
-mac_check_ipc_msgrmid(struct ucred *cred, struct msg *msgptr)
+mac_check_sysv_msgrmid(struct ucred *cred, struct msg *msgptr)
{
int error;
if (!mac_enforce_sysv_msg)
return (0);
- MAC_CHECK(check_ipc_msgrmid, cred, msgptr, msgptr->label);
+ MAC_CHECK(check_sysv_msgrmid, cred, msgptr, msgptr->label);
return(error);
}
int
-mac_check_ipc_msqget(struct ucred *cred, struct msqid_kernel *msqkptr)
+mac_check_sysv_msqget(struct ucred *cred, struct msqid_kernel *msqkptr)
{
int error;
if (!mac_enforce_sysv_msg)
return (0);
- MAC_CHECK(check_ipc_msqget, cred, msqkptr, msqkptr->label);
+ MAC_CHECK(check_sysv_msqget, cred, msqkptr, msqkptr->label);
return(error);
}
int
-mac_check_ipc_msqsnd(struct ucred *cred, struct msqid_kernel *msqkptr)
+mac_check_sysv_msqsnd(struct ucred *cred, struct msqid_kernel *msqkptr)
{
int error;
if (!mac_enforce_sysv_msg)
return (0);
- MAC_CHECK(check_ipc_msqsnd, cred, msqkptr, msqkptr->label);
+ MAC_CHECK(check_sysv_msqsnd, cred, msqkptr, msqkptr->label);
return(error);
}
int
-mac_check_ipc_msqrcv(struct ucred *cred, struct msqid_kernel *msqkptr)
+mac_check_sysv_msqrcv(struct ucred *cred, struct msqid_kernel *msqkptr)
{
int error;
if (!mac_enforce_sysv_msg)
return (0);
- MAC_CHECK(check_ipc_msqrcv, cred, msqkptr, msqkptr->label);
+ MAC_CHECK(check_sysv_msqrcv, cred, msqkptr, msqkptr->label);
return(error);
}
int
-mac_check_ipc_msqctl(struct ucred *cred, struct msqid_kernel *msqkptr,
+mac_check_sysv_msqctl(struct ucred *cred, struct msqid_kernel *msqkptr,
int cmd)
{
int error;
@@ -257,7 +257,7 @@
if (!mac_enforce_sysv_msg)
return (0);
- MAC_CHECK(check_ipc_msqctl, cred, msqkptr, msqkptr->label, cmd);
+ MAC_CHECK(check_sysv_msqctl, cred, msqkptr, msqkptr->label, cmd);
return(error);
}
==== //depot/projects/trustedbsd/mac/sys/security/mac/mac_sysv_sem.c#9 (text+ko) ====
@@ -65,56 +65,56 @@
#endif
static struct label *
-mac_ipc_sema_label_alloc(void)
+mac_sysv_sema_label_alloc(void)
{
struct label *label;
label = mac_labelzone_alloc(M_WAITOK);
- MAC_PERFORM(init_ipc_sema_label, label);
+ MAC_PERFORM(init_sysv_sema_label, label);
MAC_DEBUG_COUNTER_INC(&nmacipcsemas);
return (label);
}
void
-mac_init_ipc_sema(struct semid_kernel *semakptr)
+mac_init_sysv_sema(struct semid_kernel *semakptr)
{
- semakptr->label = mac_ipc_sema_label_alloc();
+ semakptr->label = mac_sysv_sema_label_alloc();
}
static void
-mac_ipc_sema_label_free(struct label *label)
+mac_sysv_sema_label_free(struct label *label)
{
- MAC_PERFORM(destroy_ipc_sema_label, label);
+ MAC_PERFORM(destroy_sysv_sema_label, label);
mac_labelzone_free(label);
MAC_DEBUG_COUNTER_DEC(&nmacipcsemas);
}
void
-mac_destroy_ipc_sema(struct semid_kernel *semakptr)
+mac_destroy_sysv_sema(struct semid_kernel *semakptr)
{
- mac_ipc_sema_label_free(semakptr->label);
+ mac_sysv_sema_label_free(semakptr->label);
semakptr->label = NULL;
}
void
-mac_create_ipc_sema(struct ucred *cred, struct semid_kernel *semakptr)
+mac_create_sysv_sema(struct ucred *cred, struct semid_kernel *semakptr)
{
- MAC_PERFORM(create_ipc_sema, cred, semakptr, semakptr->label);
+ MAC_PERFORM(create_sysv_sema, cred, semakptr, semakptr->label);
}
void
-mac_cleanup_ipc_sema(struct semid_kernel *semakptr)
+mac_cleanup_sysv_sema(struct semid_kernel *semakptr)
{
- MAC_PERFORM(cleanup_ipc_sema, semakptr->label);
+ MAC_PERFORM(cleanup_sysv_sema, semakptr->label);
}
int
-mac_check_ipc_semctl(struct ucred *cred, struct semid_kernel *semakptr,
+mac_check_sysv_semctl(struct ucred *cred, struct semid_kernel *semakptr,
int cmd)
{
int error;
@@ -122,26 +122,26 @@
if (!mac_enforce_sysv_sem)
return (0);
- MAC_CHECK(check_ipc_semctl, cred, semakptr, semakptr->label, cmd);
+ MAC_CHECK(check_sysv_semctl, cred, semakptr, semakptr->label, cmd);
return(error);
}
int
-mac_check_ipc_semget(struct ucred *cred, struct semid_kernel *semakptr)
+mac_check_sysv_semget(struct ucred *cred, struct semid_kernel *semakptr)
{
int error;
if (!mac_enforce_sysv_sem)
return (0);
- MAC_CHECK(check_ipc_semget, cred, semakptr, semakptr->label);
+ MAC_CHECK(check_sysv_semget, cred, semakptr, semakptr->label);
return(error);
}
int
-mac_check_ipc_semop(struct ucred *cred, struct semid_kernel *semakptr,
+mac_check_sysv_semop(struct ucred *cred, struct semid_kernel *semakptr,
size_t accesstype)
{
int error;
@@ -149,7 +149,7 @@
if (!mac_enforce_sysv_sem)
return (0);
- MAC_CHECK(check_ipc_semop, cred, semakptr, semakptr->label,
+ MAC_CHECK(check_sysv_semop, cred, semakptr, semakptr->label,
accesstype);
return(error);
==== //depot/projects/trustedbsd/mac/sys/security/mac/mac_sysv_shm.c#8 (text+ko) ====
@@ -66,56 +66,56 @@
#endif
static struct label *
-mac_ipc_shm_label_alloc(void)
+mac_sysv_shm_label_alloc(void)
{
struct label *label;
label = mac_labelzone_alloc(M_WAITOK);
- MAC_PERFORM(init_ipc_shm_label, label);
+ MAC_PERFORM(init_sysv_shm_label, label);
MAC_DEBUG_COUNTER_INC(&nmacipcshms);
return (label);
}
void
-mac_init_ipc_shm(struct shmid_kernel *shmsegptr)
+mac_init_sysv_shm(struct shmid_kernel *shmsegptr)
{
- shmsegptr->label = mac_ipc_shm_label_alloc();
+ shmsegptr->label = mac_sysv_shm_label_alloc();
}
static void
-mac_ipc_shm_label_free(struct label *label)
+mac_sysv_shm_label_free(struct label *label)
{
- MAC_PERFORM(destroy_ipc_shm_label, label);
+ MAC_PERFORM(destroy_sysv_shm_label, label);
mac_labelzone_free(label);
MAC_DEBUG_COUNTER_DEC(&nmacipcshms);
}
void
-mac_destroy_ipc_shm(struct shmid_kernel *shmsegptr)
+mac_destroy_sysv_shm(struct shmid_kernel *shmsegptr)
{
- mac_ipc_shm_label_free(shmsegptr->label);
+ mac_sysv_shm_label_free(shmsegptr->label);
shmsegptr->label = NULL;
}
void
-mac_create_ipc_shm(struct ucred *cred, struct shmid_kernel *shmsegptr)
+mac_create_sysv_shm(struct ucred *cred, struct shmid_kernel *shmsegptr)
{
- MAC_PERFORM(create_ipc_shm, cred, shmsegptr, shmsegptr->label);
+ MAC_PERFORM(create_sysv_shm, cred, shmsegptr, shmsegptr->label);
}
void
-mac_cleanup_ipc_shm(struct shmid_kernel *shmsegptr)
+mac_cleanup_sysv_shm(struct shmid_kernel *shmsegptr)
{
- MAC_PERFORM(cleanup_ipc_shm, shmsegptr->label);
+ MAC_PERFORM(cleanup_sysv_shm, shmsegptr->label);
}
int
-mac_check_ipc_shmat(struct ucred *cred, struct shmid_kernel *shmsegptr,
+mac_check_sysv_shmat(struct ucred *cred, struct shmid_kernel *shmsegptr,
int shmflg)
{
int error;
@@ -123,14 +123,14 @@
if (!mac_enforce_sysv_shm)
return (0);
- MAC_CHECK(check_ipc_shmat, cred, shmsegptr, shmsegptr->label,
+ MAC_CHECK(check_sysv_shmat, cred, shmsegptr, shmsegptr->label,
shmflg);
return(error);
}
int
-mac_check_ipc_shmctl(struct ucred *cred, struct shmid_kernel *shmsegptr,
+mac_check_sysv_shmctl(struct ucred *cred, struct shmid_kernel *shmsegptr,
int cmd)
{
int error;
@@ -138,27 +138,27 @@
if (!mac_enforce_sysv_shm)
return (0);
- MAC_CHECK(check_ipc_shmctl, cred, shmsegptr, shmsegptr->label,
+ MAC_CHECK(check_sysv_shmctl, cred, shmsegptr, shmsegptr->label,
cmd);
return(error);
}
int
-mac_check_ipc_shmdt(struct ucred *cred, struct shmid_kernel *shmsegptr)
+mac_check_sysv_shmdt(struct ucred *cred, struct shmid_kernel *shmsegptr)
{
int error;
if (!mac_enforce_sysv_shm)
return (0);
- MAC_CHECK(check_ipc_shmdt, cred, shmsegptr, shmsegptr->label);
+ MAC_CHECK(check_sysv_shmdt, cred, shmsegptr, shmsegptr->label);
return(error);
}
int
-mac_check_ipc_shmget(struct ucred *cred, struct shmid_kernel *shmsegptr,
+mac_check_sysv_shmget(struct ucred *cred, struct shmid_kernel *shmsegptr,
int shmflg)
{
int error;
@@ -166,7 +166,7 @@
if (!mac_enforce_sysv_shm)
return (0);
- MAC_CHECK(check_ipc_shmget, cred, shmsegptr, shmsegptr->label,
+ MAC_CHECK(check_sysv_shmget, cred, shmsegptr, shmsegptr->label,
shmflg);
return(error);
==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#246 (text+ko) ====
@@ -1181,7 +1181,7 @@
*/
static void
-mac_biba_create_ipc_msgmsg(struct ucred *cred, struct msqid_kernel *msqkptr,
+mac_biba_create_sysv_msgmsg(struct ucred *cred, struct msqid_kernel *msqkptr,
struct label *msqlabel, struct msg *msgptr, struct label *msglabel)
{
struct mac_biba *source, *dest;
@@ -1194,8 +1194,8 @@
}
static void
-mac_biba_create_ipc_msgqueue(struct ucred *cred, struct msqid_kernel *msqkptr,
- struct label *msqlabel)
+mac_biba_create_sysv_msgqueue(struct ucred *cred,
+ struct msqid_kernel *msqkptr, struct label *msqlabel)
{
struct mac_biba *source, *dest;
@@ -1206,7 +1206,7 @@
}
static void
-mac_biba_create_ipc_sema(struct ucred *cred, struct semid_kernel *semakptr,
+mac_biba_create_sysv_sema(struct ucred *cred, struct semid_kernel *semakptr,
struct label *semalabel)
{
struct mac_biba *source, *dest;
@@ -1218,7 +1218,7 @@
}
static void
-mac_biba_create_ipc_shm(struct ucred *cred, struct shmid_kernel *shmsegptr,
+mac_biba_create_sysv_shm(struct ucred *cred, struct shmid_kernel *shmsegptr,
struct label *shmlabel)
{
struct mac_biba *source, *dest;
@@ -1519,28 +1519,28 @@
* Label cleanup/flush operations
*/
static void
-mac_biba_cleanup_ipc_msgmsg(struct label *msglabel)
+mac_biba_cleanup_sysv_msgmsg(struct label *msglabel)
{
bzero(SLOT(msglabel), sizeof(struct mac_biba));
}
static void
-mac_biba_cleanup_ipc_msgqueue(struct label *msqlabel)
+mac_biba_cleanup_sysv_msgqueue(struct label *msqlabel)
{
bzero(SLOT(msqlabel), sizeof(struct mac_biba));
}
static void
-mac_biba_cleanup_ipc_sema(struct label *semalabel)
+mac_biba_cleanup_sysv_sema(struct label *semalabel)
{
bzero(SLOT(semalabel), sizeof(struct mac_biba));
}
static void
-mac_biba_cleanup_ipc_shm(struct label *shmlabel)
+mac_biba_cleanup_sysv_shm(struct label *shmlabel)
{
bzero(SLOT(shmlabel), sizeof(struct mac_biba));
}
@@ -1704,7 +1704,7 @@
}
static int
-mac_biba_check_ipc_msgrcv(struct ucred *cred, struct msg *msgptr,
+mac_biba_check_sysv_msgrcv(struct ucred *cred, struct msg *msgptr,
struct label *msglabel)
{
struct mac_biba *subj, *obj;
@@ -1722,7 +1722,7 @@
}
static int
-mac_biba_check_ipc_msgrmid(struct ucred *cred, struct msg *msgptr,
+mac_biba_check_sysv_msgrmid(struct ucred *cred, struct msg *msgptr,
struct label *msglabel)
{
struct mac_biba *subj, *obj;
@@ -1740,7 +1740,7 @@
}
static int
-mac_biba_check_ipc_msqget(struct ucred *cred, struct msqid_kernel *msqkptr,
+mac_biba_check_sysv_msqget(struct ucred *cred, struct msqid_kernel *msqkptr,
struct label *msqklabel)
{
struct mac_biba *subj, *obj;
@@ -1758,7 +1758,7 @@
}
static int
-mac_biba_check_ipc_msqsnd(struct ucred *cred, struct msqid_kernel *msqkptr,
+mac_biba_check_sysv_msqsnd(struct ucred *cred, struct msqid_kernel *msqkptr,
struct label *msqklabel)
{
struct mac_biba *subj, *obj;
@@ -1776,7 +1776,7 @@
}
static int
-mac_biba_check_ipc_msqrcv(struct ucred *cred, struct msqid_kernel *msqkptr,
+mac_biba_check_sysv_msqrcv(struct ucred *cred, struct msqid_kernel *msqkptr,
>>> TRUNCATED FOR MAIL (1000 lines) <<<
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list