PERFORCE change 72226 for review
Robert Watson
rwatson at FreeBSD.org
Tue Mar 1 11:57:06 GMT 2005
http://perforce.freebsd.org/chv.cgi?CH=72226
Change 72226 by rwatson at rwatson_paprika on 2005/03/01 11:56:08
Rename several MAC Framework and policy entry points relating to POSIX
semaphores for improved consistency:
mac_init_posix_ksem() -> mac_init_posix_sem()
mac_create_posix_ksem() -> mac_create_posix_sem()
mac_destroy_posix_ksem() -> mac_destroy_posix_sem()
Similarly rename functions in mac_posix_sem.c, as well as the various
policies currently implementing those entry points.
Affected files ...
.. //depot/projects/trustedbsd/mac/sys/kern/uipc_sem.c#19 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac/mac_posix_sem.c#9 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#248 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#88 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#201 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_stub/mac_stub.c#25 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#140 edit
.. //depot/projects/trustedbsd/mac/sys/sys/file.h#22 edit
.. //depot/projects/trustedbsd/mac/sys/sys/mac.h#265 edit
.. //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#222 edit
Differences ...
==== //depot/projects/trustedbsd/mac/sys/kern/uipc_sem.c#19 (text+ko) ====
@@ -1,6 +1,6 @@
/*
* Copyright (c) 2002 Alfred Perlstein <alfred at FreeBSD.org>
- * Copyright (c) 2003 Networks Associates Technology, Inc.
+ * Copyright (c) 2003-2005 Networks Associates Technology, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project in part by Network
@@ -259,8 +259,8 @@
else
ret->ks_ref = 1;
#ifdef MAC
- mac_init_posix_ksem(ret);
- mac_create_posix_ksem(uc, ret);
+ mac_init_posix_sem(ret);
+ mac_create_posix_sem(uc, ret);
#endif
mtx_lock(&sem_lock);
nsems++;
@@ -524,7 +524,7 @@
free(ks->ks_name, M_SEM);
cv_destroy(&ks->ks_cv);
#ifdef MAC
- mac_destroy_posix_ksem(ks);
+ mac_destroy_posix_sem(ks);
#endif
mtx_destroy(&ks->ks_mtx);
free(ks, M_SEM);
==== //depot/projects/trustedbsd/mac/sys/security/mac/mac_posix_sem.c#9 (text+ko) ====
@@ -1,5 +1,5 @@
/*-
- * Copyright (c) 2003 Networks Associates Technology, Inc.
+ * Copyright (c) 2003-2005 Networks Associates Technology, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project in part by Network
@@ -55,50 +55,50 @@
TUNABLE_INT("security.mac.enforce_posix_sem", &mac_enforce_posix_sem);
#ifdef MAC_DEBUG
-static unsigned int nmacposixksems;
-SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, posix_ksems, CTLFLAG_RD,
- &nmacposixksems, 0, "number of posix global semaphores inuse");
+static unsigned int nmacposixsems;
+SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, posix_sems, CTLFLAG_RD,
+ &nmacposixsems, 0, "number of posix global semaphores inuse");
#endif
static struct label *
-mac_posix_ksem_label_alloc(void)
+mac_posix_sem_label_alloc(void)
{
struct label *label;
label = mac_labelzone_alloc(M_WAITOK);
- MAC_PERFORM(init_posix_ksem_label, label);
- MAC_DEBUG_COUNTER_INC(&nmacposixksems);
+ MAC_PERFORM(init_posix_sem_label, label);
+ MAC_DEBUG_COUNTER_INC(&nmacposixsems);
return (label);
}
void
-mac_init_posix_ksem(struct ksem *ksemptr)
+mac_init_posix_sem(struct ksem *ksemptr)
{
- ksemptr->ks_label = mac_posix_ksem_label_alloc();
+ ksemptr->ks_label = mac_posix_sem_label_alloc();
}
static void
-mac_posix_ksem_label_free(struct label *label)
+mac_posix_sem_label_free(struct label *label)
{
- MAC_PERFORM(destroy_posix_ksem_label, label);
- MAC_DEBUG_COUNTER_DEC(&nmacposixksems);
+ MAC_PERFORM(destroy_posix_sem_label, label);
+ MAC_DEBUG_COUNTER_DEC(&nmacposixsems);
}
void
-mac_destroy_posix_ksem(struct ksem *ksemptr)
+mac_destroy_posix_sem(struct ksem *ksemptr)
{
- mac_posix_ksem_label_free(ksemptr->ks_label);
+ mac_posix_sem_label_free(ksemptr->ks_label);
ksemptr->ks_label = NULL;
}
void
-mac_create_posix_ksem(struct ucred *cred, struct ksem *ksemptr)
+mac_create_posix_sem(struct ucred *cred, struct ksem *ksemptr)
{
- MAC_PERFORM(create_posix_ksem, cred, ksemptr, ksemptr->ks_label);
+ MAC_PERFORM(create_posix_sem, cred, ksemptr, ksemptr->ks_label);
}
int
==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#248 (text+ko) ====
@@ -1,6 +1,6 @@
/*-
* Copyright (c) 1999-2002 Robert N. M. Watson
- * Copyright (c) 2001-2004 Networks Associates Technology, Inc.
+ * Copyright (c) 2001-2005 Networks Associates Technology, Inc.
* All rights reserved.
*
* This software was developed by Robert Watson for the TrustedBSD Project.
@@ -1116,7 +1116,7 @@
}
static void
-mac_biba_create_posix_ksem(struct ucred *cred, struct ksem *ksemptr,
+mac_biba_create_posix_sem(struct ucred *cred, struct ksem *ksemptr,
struct label *ks_label)
{
struct mac_biba *source, *dest;
@@ -3158,7 +3158,7 @@
.mpo_init_mount_label = mac_biba_init_label,
.mpo_init_mount_fs_label = mac_biba_init_label,
.mpo_init_pipe_label = mac_biba_init_label,
- .mpo_init_posix_ksem_label = mac_biba_init_label,
+ .mpo_init_posix_sem_label = mac_biba_init_label,
.mpo_init_socket_label = mac_biba_init_label_waitcheck,
.mpo_init_socket_peer_label = mac_biba_init_label_waitcheck,
.mpo_init_vnode_label = mac_biba_init_label,
@@ -3176,7 +3176,7 @@
.mpo_destroy_mount_label = mac_biba_destroy_label,
.mpo_destroy_mount_fs_label = mac_biba_destroy_label,
.mpo_destroy_pipe_label = mac_biba_destroy_label,
- .mpo_destroy_posix_ksem_label = mac_biba_destroy_label,
+ .mpo_destroy_posix_sem_label = mac_biba_destroy_label,
.mpo_destroy_socket_label = mac_biba_destroy_label,
.mpo_destroy_socket_peer_label = mac_biba_destroy_label,
.mpo_destroy_vnode_label = mac_biba_destroy_label,
@@ -3211,7 +3211,7 @@
.mpo_setlabel_vnode_extattr = mac_biba_setlabel_vnode_extattr,
.mpo_create_mbuf_from_socket = mac_biba_create_mbuf_from_socket,
.mpo_create_pipe = mac_biba_create_pipe,
- .mpo_create_posix_ksem = mac_biba_create_posix_ksem,
+ .mpo_create_posix_sem = mac_biba_create_posix_sem,
.mpo_create_socket = mac_biba_create_socket,
.mpo_create_socket_from_socket = mac_biba_create_socket_from_socket,
.mpo_relabel_pipe = mac_biba_relabel_pipe,
==== //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#88 (text+ko) ====
@@ -1,6 +1,6 @@
/*-
* Copyright (c) 1999-2002 Robert N. M. Watson
- * Copyright (c) 2001-2003 Networks Associates Technology, Inc.
+ * Copyright (c) 2001-2005 Networks Associates Technology, Inc.
* All rights reserved.
*
* This software was developed by Robert Watson for the TrustedBSD Project.
@@ -1188,7 +1188,7 @@
}
static void
-mac_lomac_create_posix_ksem(struct ucred *cred, struct ksem *ksemptr,
+mac_lomac_create_posix_sem(struct ucred *cred, struct ksem *ksemptr,
struct label *ks_label)
{
struct mac_lomac *source, *dest;
@@ -3083,7 +3083,7 @@
.mpo_init_mount_label = mac_lomac_init_label,
.mpo_init_mount_fs_label = mac_lomac_init_label,
.mpo_init_pipe_label = mac_lomac_init_label,
- .mpo_init_posix_ksem_label = mac_lomac_init_label,
+ .mpo_init_posix_sem_label = mac_lomac_init_label,
.mpo_init_proc_label = mac_lomac_init_proc_label,
.mpo_init_socket_label = mac_lomac_init_label_waitcheck,
.mpo_init_socket_peer_label = mac_lomac_init_label_waitcheck,
@@ -3102,7 +3102,7 @@
.mpo_destroy_mount_label = mac_lomac_destroy_label,
.mpo_destroy_mount_fs_label = mac_lomac_destroy_label,
.mpo_destroy_pipe_label = mac_lomac_destroy_label,
- .mpo_destroy_posix_ksem_label = mac_lomac_destroy_label,
+ .mpo_destroy_posix_sem_label = mac_lomac_destroy_label,
.mpo_destroy_proc_label = mac_lomac_destroy_proc_label,
.mpo_destroy_socket_label = mac_lomac_destroy_label,
.mpo_destroy_socket_peer_label = mac_lomac_destroy_label,
@@ -3139,7 +3139,7 @@
.mpo_setlabel_vnode_extattr = mac_lomac_setlabel_vnode_extattr,
.mpo_create_mbuf_from_socket = mac_lomac_create_mbuf_from_socket,
.mpo_create_pipe = mac_lomac_create_pipe,
- .mpo_create_posix_ksem = mac_lomac_create_posix_ksem,
+ .mpo_create_posix_sem = mac_lomac_create_posix_sem,
.mpo_create_socket = mac_lomac_create_socket,
.mpo_create_socket_from_socket = mac_lomac_create_socket_from_socket,
.mpo_relabel_pipe = mac_lomac_relabel_pipe,
==== //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#201 (text+ko) ====
@@ -1,6 +1,6 @@
/*-
* Copyright (c) 1999-2002 Robert N. M. Watson
- * Copyright (c) 2001-2004 Networks Associates Technology, Inc.
+ * Copyright (c) 2001-2005 Networks Associates Technology, Inc.
* All rights reserved.
*
* This software was developed by Robert Watson for the TrustedBSD Project.
@@ -1082,7 +1082,7 @@
}
static void
-mac_mls_create_posix_ksem(struct ucred *cred, struct ksem *ksemptr,
+mac_mls_create_posix_sem(struct ucred *cred, struct ksem *ksemptr,
struct label *ks_label)
{
struct mac_mls *source, *dest;
@@ -2939,7 +2939,7 @@
.mpo_init_mount_label = mac_mls_init_label,
.mpo_init_mount_fs_label = mac_mls_init_label,
.mpo_init_pipe_label = mac_mls_init_label,
- .mpo_init_posix_ksem_label = mac_mls_init_label,
+ .mpo_init_posix_sem_label = mac_mls_init_label,
.mpo_init_socket_label = mac_mls_init_label_waitcheck,
.mpo_init_socket_peer_label = mac_mls_init_label_waitcheck,
.mpo_init_vnode_label = mac_mls_init_label,
@@ -2957,7 +2957,7 @@
.mpo_destroy_mount_label = mac_mls_destroy_label,
.mpo_destroy_mount_fs_label = mac_mls_destroy_label,
.mpo_destroy_pipe_label = mac_mls_destroy_label,
- .mpo_destroy_posix_ksem_label = mac_mls_destroy_label,
+ .mpo_destroy_posix_sem_label = mac_mls_destroy_label,
.mpo_destroy_socket_label = mac_mls_destroy_label,
.mpo_destroy_socket_peer_label = mac_mls_destroy_label,
.mpo_destroy_vnode_label = mac_mls_destroy_label,
@@ -2992,7 +2992,7 @@
.mpo_setlabel_vnode_extattr = mac_mls_setlabel_vnode_extattr,
.mpo_create_mbuf_from_socket = mac_mls_create_mbuf_from_socket,
.mpo_create_pipe = mac_mls_create_pipe,
- .mpo_create_posix_ksem = mac_mls_create_posix_ksem,
+ .mpo_create_posix_sem = mac_mls_create_posix_sem,
.mpo_create_socket = mac_mls_create_socket,
.mpo_create_socket_from_socket = mac_mls_create_socket_from_socket,
.mpo_relabel_pipe = mac_mls_relabel_pipe,
==== //depot/projects/trustedbsd/mac/sys/security/mac_stub/mac_stub.c#25 (text+ko) ====
@@ -1,6 +1,6 @@
/*-
* Copyright (c) 1999-2002 Robert N. M. Watson
- * Copyright (c) 2001-2003 Networks Associates Technology, Inc.
+ * Copyright (c) 2001-2005 Networks Associates Technology, Inc.
* All rights reserved.
*
* This software was developed by Robert Watson for the TrustedBSD Project.
@@ -277,7 +277,7 @@
}
static void
-stub_create_posix_ksem(struct ucred *cred, struct ksem *ksemptr,
+stub_create_posix_sem(struct ucred *cred, struct ksem *ksemptr,
struct label *ks_label)
{
@@ -1370,7 +1370,7 @@
.mpo_init_mount_label = stub_init_label,
.mpo_init_mount_fs_label = stub_init_label,
.mpo_init_pipe_label = stub_init_label,
- .mpo_init_posix_ksem_label = stub_init_label,
+ .mpo_init_posix_sem_label = stub_init_label,
.mpo_init_socket_label = stub_init_label_waitcheck,
.mpo_init_socket_peer_label = stub_init_label_waitcheck,
.mpo_init_vnode_label = stub_init_label,
@@ -1388,7 +1388,7 @@
.mpo_destroy_mount_label = stub_destroy_label,
.mpo_destroy_mount_fs_label = stub_destroy_label,
.mpo_destroy_pipe_label = stub_destroy_label,
- .mpo_destroy_posix_ksem_label = stub_destroy_label,
+ .mpo_destroy_posix_sem_label = stub_destroy_label,
.mpo_destroy_socket_label = stub_destroy_label,
.mpo_destroy_socket_peer_label = stub_destroy_label,
.mpo_destroy_vnode_label = stub_destroy_label,
@@ -1427,7 +1427,7 @@
.mpo_update_devfsdirent = stub_update_devfsdirent,
.mpo_create_mbuf_from_socket = stub_create_mbuf_from_socket,
.mpo_create_pipe = stub_create_pipe,
- .mpo_create_posix_ksem = stub_create_posix_ksem,
+ .mpo_create_posix_sem = stub_create_posix_sem,
.mpo_create_socket = stub_create_socket,
.mpo_create_socket_from_socket = stub_create_socket_from_socket,
.mpo_relabel_pipe = stub_relabel_pipe,
==== //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#140 (text+ko) ====
@@ -1,6 +1,6 @@
/*-
* Copyright (c) 1999-2002 Robert N. M. Watson
- * Copyright (c) 2001-2004 Networks Associates Technology, Inc.
+ * Copyright (c) 2001-2005 Networks Associates Technology, Inc.
* All rights reserved.
*
* This software was developed by Robert Watson for the TrustedBSD Project.
@@ -457,7 +457,7 @@
}
static void
-mac_test_init_posix_ksem_label(struct label *label)
+mac_test_init_posix_sem_label(struct label *label)
{
SLOT(label) = POSIXSEMMAGIC;
@@ -715,16 +715,16 @@
}
static void
-mac_test_destroy_posix_ksem_label(struct label *label)
+mac_test_destroy_posix_sem_label(struct label *label)
{
if ((SLOT(label) == POSIXSEMMAGIC || SLOT(label) == 0)) {
atomic_add_int(&destroy_count_posixsems, 1);
SLOT(label) = EXMAGIC;
} else if (SLOT(label) == EXMAGIC) {
- DEBUGGER("mac_test_destroy_posix_ksem: dup destroy");
+ DEBUGGER("mac_test_destroy_posix_sem: dup destroy");
} else {
- DEBUGGER("mac_test_destroy_posix_ksem: corrupted label");
+ DEBUGGER("mac_test_destroy_posix_sem: corrupted label");
}
}
@@ -988,7 +988,7 @@
}
static void
-mac_test_create_posix_ksem(struct ucred *cred, struct ksem *ksem,
+mac_test_create_posix_sem(struct ucred *cred, struct ksem *ksem,
struct label *posixlabel)
{
@@ -1745,7 +1745,7 @@
}
static int
-mac_test_check_posix_ksem(struct ucred *cred, struct ksem *ksemptr,
+mac_test_check_posix_sem(struct ucred *cred, struct ksem *ksemptr,
struct label *ks_label)
{
@@ -2412,7 +2412,7 @@
.mpo_init_mount_label = mac_test_init_mount_label,
.mpo_init_mount_fs_label = mac_test_init_mount_fs_label,
.mpo_init_pipe_label = mac_test_init_pipe_label,
- .mpo_init_posix_ksem_label = mac_test_init_posix_ksem_label,
+ .mpo_init_posix_sem_label = mac_test_init_posix_sem_label,
.mpo_init_proc_label = mac_test_init_proc_label,
.mpo_init_socket_label = mac_test_init_socket_label,
.mpo_init_socket_peer_label = mac_test_init_socket_peer_label,
@@ -2432,7 +2432,7 @@
.mpo_destroy_mount_label = mac_test_destroy_mount_label,
.mpo_destroy_mount_fs_label = mac_test_destroy_mount_fs_label,
.mpo_destroy_pipe_label = mac_test_destroy_pipe_label,
- .mpo_destroy_posix_ksem_label = mac_test_destroy_posix_ksem_label,
+ .mpo_destroy_posix_sem_label = mac_test_destroy_posix_sem_label,
.mpo_destroy_proc_label = mac_test_destroy_proc_label,
.mpo_destroy_socket_label = mac_test_destroy_socket_label,
.mpo_destroy_socket_peer_label = mac_test_destroy_socket_peer_label,
@@ -2468,7 +2468,7 @@
.mpo_update_devfsdirent = mac_test_update_devfsdirent,
.mpo_create_mbuf_from_socket = mac_test_create_mbuf_from_socket,
.mpo_create_pipe = mac_test_create_pipe,
- .mpo_create_posix_ksem = mac_test_create_posix_ksem,
+ .mpo_create_posix_sem = mac_test_create_posix_sem,
.mpo_create_socket = mac_test_create_socket,
.mpo_create_socket_from_socket = mac_test_create_socket_from_socket,
.mpo_relabel_pipe = mac_test_relabel_pipe,
@@ -2543,13 +2543,13 @@
.mpo_check_pipe_relabel = mac_test_check_pipe_relabel,
.mpo_check_pipe_stat = mac_test_check_pipe_stat,
.mpo_check_pipe_write = mac_test_check_pipe_write,
- .mpo_check_posix_sem_close = mac_test_check_posix_ksem,
- .mpo_check_posix_sem_destroy = mac_test_check_posix_ksem,
- .mpo_check_posix_sem_getvalue = mac_test_check_posix_ksem,
- .mpo_check_posix_sem_openexisting = mac_test_check_posix_ksem,
- .mpo_check_posix_sem_post = mac_test_check_posix_ksem,
- .mpo_check_posix_sem_unlink = mac_test_check_posix_ksem,
- .mpo_check_posix_sem_wait = mac_test_check_posix_ksem,
+ .mpo_check_posix_sem_close = mac_test_check_posix_sem,
+ .mpo_check_posix_sem_destroy = mac_test_check_posix_sem,
+ .mpo_check_posix_sem_getvalue = mac_test_check_posix_sem,
+ .mpo_check_posix_sem_openexisting = mac_test_check_posix_sem,
+ .mpo_check_posix_sem_post = mac_test_check_posix_sem,
+ .mpo_check_posix_sem_unlink = mac_test_check_posix_sem,
+ .mpo_check_posix_sem_wait = mac_test_check_posix_sem,
.mpo_check_proc_debug = mac_test_check_proc_debug,
.mpo_check_proc_sched = mac_test_check_proc_sched,
.mpo_check_proc_setuid = mac_test_check_proc_setuid,
==== //depot/projects/trustedbsd/mac/sys/sys/file.h#22 (text+ko) ====
@@ -131,6 +131,7 @@
off_t f_nextoff; /*
* offset of next expected read or write
*/
+ void *f_label; /* Place-holder for struct label pointer. */
};
#endif /* _KERNEL */
==== //depot/projects/trustedbsd/mac/sys/sys/mac.h#265 (text+ko) ====
@@ -156,7 +156,7 @@
int mac_init_ipq(struct ipq *, int flag);
int mac_init_socket(struct socket *, int flag);
void mac_init_pipe(struct pipepair *);
-void mac_init_posix_ksem(struct ksem *);
+void mac_init_posix_sem(struct ksem *);
int mac_init_mbuf(struct mbuf *mbuf, int flag);
int mac_init_mbuf_tag(struct m_tag *, int flag);
void mac_init_mount(struct mount *);
@@ -176,7 +176,7 @@
void mac_destroy_ipq(struct ipq *);
void mac_destroy_socket(struct socket *);
void mac_destroy_pipe(struct pipepair *);
-void mac_destroy_posix_ksem(struct ksem *);
+void mac_destroy_posix_sem(struct ksem *);
void mac_destroy_proc(struct proc *);
void mac_destroy_mbuf_tag(struct m_tag *);
void mac_destroy_mount(struct mount *);
@@ -239,7 +239,7 @@
/*
* Labeling event operations: POSIX (global/inter-process) semaphores.
*/
-void mac_create_posix_ksem(struct ucred *cred, struct ksem *ksemptr);
+void mac_create_posix_sem(struct ucred *cred, struct ksem *ksemptr);
/*
==== //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#222 (text+ko) ====
@@ -115,7 +115,7 @@
int (*mpo_init_socket_label)(struct label *label, int flag);
int (*mpo_init_socket_peer_label)(struct label *label, int flag);
void (*mpo_init_pipe_label)(struct label *label);
- void (*mpo_init_posix_ksem_label)(struct label *label);
+ void (*mpo_init_posix_sem_label)(struct label *label);
void (*mpo_init_proc_label)(struct label *label);
void (*mpo_init_vnode_label)(struct label *label);
void (*mpo_destroy_bpfdesc_label)(struct label *label);
@@ -134,7 +134,7 @@
void (*mpo_destroy_socket_label)(struct label *label);
void (*mpo_destroy_socket_peer_label)(struct label *label);
void (*mpo_destroy_pipe_label)(struct label *label);
- void (*mpo_destroy_posix_ksem_label)(struct label *label);
+ void (*mpo_destroy_posix_sem_label)(struct label *label);
void (*mpo_destroy_proc_label)(struct label *label);
void (*mpo_destroy_vnode_label)(struct label *label);
void (*mpo_cleanup_sysv_msgmsg)(struct label *msglabel);
@@ -259,7 +259,7 @@
/*
* Labeling event operations: POSIX (global/inter-process) semaphores.
*/
- void (*mpo_create_posix_ksem)(struct ucred *cred,
+ void (*mpo_create_posix_sem)(struct ucred *cred,
struct ksem *ksemptr, struct label *ks_label);
/*
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list