PERFORCE change 105365 for review
Todd Miller
millert at FreeBSD.org
Wed Aug 30 21:24:09 UTC 2006
http://perforce.freebsd.org/chv.cgi?CH=105365
Change 105365 by millert at millert_g4tower on 2006/08/30 21:23:45
Rename MAC Framework entry points to be either mpo_<object>_<method>()
or mpo_<object>_check_<method>(). These changes are similar to
those made in the TrustedBSD mac2 branch.
TODO: re-sort entrypoints, more mach entrypoint renaming
Affected files ...
.. //depot/projects/trustedbsd/sedarwin8/darwin/mach_cmds/ca.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/hfs/hfs_search.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/bsd_init.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_acct.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_audit.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_credential.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_descrip.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_exec.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_exit.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_fork.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_ktrace.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_mman.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_proc.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_prot.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_resource.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_sig.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_sysctl.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_time.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_xxx.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/posix_sem.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/posix_shm.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/sys_pipe.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/sys_socket.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/sysv_msg.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/sysv_sem.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/sysv_shm.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/uipc_mbuf.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/uipc_mbuf2.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/uipc_socket.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/uipc_socket2.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/uipc_syscalls.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/uipc_usrreq.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/miscfs/devfs/devfs_tree.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/miscfs/devfs/devfs_vfsops.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/miscfs/devfs/devfs_vnops.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/net/bpf.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/net/bsd_comp.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/net/dlil.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/net/ppp_deflate.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet/igmp.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet/ip_icmp.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet/ip_mroute.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet/ip_output.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet/raw_ip.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet/tcp_input.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet/tcp_output.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet/tcp_subr.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet6/ip6_mroute.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet6/ip6_output.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet6/mld6.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/nfs/nfs_syscalls.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/nfs/nfs_vfsops.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/vfs/vfs_attrlist.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/vfs/vfs_cache.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/vfs/vfs_init.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/vfs/vfs_lookup.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/vfs/vfs_subr.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/vfs/vfs_syscalls.c#6 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/vfs/vfs_vnops.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/vfs/vfs_xattr.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/vm/dp_backing_file.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/ipc/ipc_kmsg.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/ipc/ipc_labelh.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/ipc/ipc_mqueue.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/ipc/ipc_object.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/ipc/ipc_port.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/ipc/ipc_right.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/ipc/mach_msg.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/ipc/mach_port.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/kern/ipc_kobject.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/kern/ipc_tt.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/kern/security.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/kern/startup.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/kern/task.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/mach/security.defs#2 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_audit.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_base.c#6 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_framework.h#2 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_internal.h#6 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_mach_internal.h#2 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_net.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_pipe.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_policy.h#5 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_port.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_posix_sem.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_posix_shm.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_process.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_socket.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_system.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_sysv_msg.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_sysv_sem.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_sysv_shm.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_task.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_vfs.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_vfs_subr.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/basetest/mac_basetest.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/color/mac_color.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/console/mac_console.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/count/Makefile#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/count/mac_count.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/extattr_test/mac_extattr_test.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/fwinteg/mac_fwinteg.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/ipctrace/module/ipctrace.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/mls/mac_mls.c#7 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/multilabel/multilabel.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/none/mac_none.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/readonly/mac_readonly.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#10 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.h#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/ss/mach_av.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/stacktrace/module/Makefile#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/stacktrace/module/mac_stacktrace.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/test/mac_test.c#5 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/vanity/vanity.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/xattr/xattr.c#3 edit
Differences ...
==== //depot/projects/trustedbsd/sedarwin8/darwin/mach_cmds/ca.c#2 (text+ko) ====
@@ -72,7 +72,7 @@
return (1);
}
- r = mac_check_port_access (mach_task_self(),
+ r = mac_port_check_access(mach_task_self(),
subl, objl, argv[3], argv[4]);
printf("access %s %s:%s { %s } = %d\n",
argv[1], argv[2], argv[3], argv[4], r);
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/hfs/hfs_search.c#3 (text+ko) ====
@@ -607,9 +607,9 @@
#ifdef MAC
if (vp->v_type == VDIR) {
- myErr = mac_check_vnode_readdir(vfs_context_ucred(ctx), vp);
+ myErr = mac_vnode_check_readdir(vfs_context_ucred(ctx), vp);
} else {
- myErr = mac_check_vnode_stat(vfs_context_ucred(ctx), NOCRED, vp);
+ myErr = mac_vnode_check_stat(vfs_context_ucred(ctx), NOCRED, vp);
}
if (myErr) {
vnode_put(vp);
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/bsd_init.c#4 (text+ko) ====
@@ -337,7 +337,7 @@
/*
* Initialize the MAC Framework
*/
- mac_init_bsd();
+ mac_policy_initbsd();
#endif /* MAC */
/*
@@ -391,8 +391,8 @@
file_lock_init();
#ifdef MAC
- mac_create_proc0(p->p_ucred);
- mac_update_task_from_cred (p->p_ucred, (struct task *) p->task);
+ mac_proc_create_swapper(p->p_ucred);
+ mac_task_update_from_cred (p->p_ucred, (struct task *) p->task);
#endif
/* Create the file descriptor table. */
@@ -662,8 +662,8 @@
vm_set_shared_region(get_threadtask(th_act), system_region);
}
#ifdef MAC
- mac_create_proc1(p->p_ucred);
- mac_update_task_from_cred (p->p_ucred, (struct task *) p->task);
+ mac_proc_create_init(p->p_ucred);
+ mac_task_update_from_cred (p->p_ucred, (struct task *) p->task);
#endif
load_init_program(p);
/* turn on app-profiling i.e. pre-heating */
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_acct.c#3 (text+ko) ====
@@ -169,7 +169,7 @@
#ifdef MAC
if (uap->path != USER_ADDR_NULL) {
vnode_lock(nd.ni_vp);
- error = mac_check_system_acct(p->p_ucred, nd.ni_vp);
+ error = mac_system_check_acct(p->p_ucred, nd.ni_vp);
vnode_unlock(nd.ni_vp);
if (error) {
vn_close(nd.ni_vp, FWRITE, kauth_cred_get(), p);
@@ -177,7 +177,7 @@
}
}
else {
- error = mac_check_system_acct(p->p_ucred, NULL);
+ error = mac_system_check_acct(p->p_ucred, NULL);
if (error)
return (error);
}
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_audit.c#3 (text+ko) ====
@@ -843,7 +843,7 @@
goto free_out;
#ifdef MAC
- error = mac_check_system_audit(kauth_cred_get(), rec, uap->length);
+ error = mac_system_check_audit(kauth_cred_get(), rec, uap->length);
if (error)
goto free_out;
#endif
@@ -889,7 +889,7 @@
return (ret);
#ifdef MAC
- ret = mac_check_system_auditon(kauth_cred_get(), uap->cmd);
+ ret = mac_system_check_auditon(kauth_cred_get(), uap->cmd);
if (ret)
return (ret);
#endif
@@ -1126,7 +1126,7 @@
int error;
#ifdef MAC
- error = mac_check_proc_getauid(kauth_cred_get());
+ error = mac_proc_check_getauid(kauth_cred_get());
if (error)
return (error);
#endif
@@ -1156,7 +1156,7 @@
if (error)
return (error);
#ifdef MAC
- error = mac_check_proc_setauid(kauth_cred_get(), temp_au_id);
+ error = mac_proc_check_setauid(kauth_cred_get(), temp_au_id);
if (error)
return (error);
#endif
@@ -1224,7 +1224,7 @@
int error;
#ifdef MAC
- error = mac_check_proc_getaudit(kauth_cred_get());
+ error = mac_proc_check_getaudit(kauth_cred_get());
if (error)
return (error);
#endif
@@ -1262,7 +1262,7 @@
return (error);
#ifdef MAC
- error = mac_check_proc_setaudit(kauth_cred_get(), &temp_auditinfo);
+ error = mac_proc_check_setaudit(kauth_cred_get(), &temp_auditinfo);
if (error)
return (error);
@@ -1374,7 +1374,7 @@
#ifdef MAC
/*
* Accessibility of the vnode was determined in
- * vn_open; the mac_check_system_auditctl should only
+ * vn_open; the mac_system_check_auditctl should only
* determine whether that vnode is appropriate for
* storing audit data, or that the caller was
* permitted to control the auditing system at all.
@@ -1383,7 +1383,7 @@
* sensitivity.
*/
- error = mac_check_system_auditctl(kauth_cred_get(), nd.ni_vp);
+ error = mac_system_check_auditctl(kauth_cred_get(), nd.ni_vp);
if (error) {
vn_close(nd.ni_vp, audit_close_flags, kauth_cred_get(), p);
vnode_put(vp);
@@ -1401,7 +1401,7 @@
}
#ifdef MAC
else {
- error = mac_check_system_auditctl(kauth_cred_get(), NULL);
+ error = mac_system_check_auditctl(kauth_cred_get(), NULL);
if (error)
return (error);
}
@@ -1502,7 +1502,7 @@
}
mac.m_buflen = MAC_AUDIT_LABEL_LEN;
mac.m_string = ar->k_ar.ar_cred_mac_labels;
- mac_get_cred_audit_labels(p, &mac);
+ mac_cred_get_audit_labels(p, &mac);
ar->k_ar.ar_mac_records = (struct mac_audit_record_list_t *)
kalloc(sizeof(*ar->k_ar.ar_mac_records));
@@ -2501,7 +2501,7 @@
if (*vnode_mac_labelp != NULL) {
mac.m_buflen = MAC_AUDIT_LABEL_LEN;
mac.m_string = *vnode_mac_labelp;
- mac_get_vnode_audit_labels(vp, &mac);
+ mac_vnode_get_audit_labels(vp, &mac);
} else {
/* XXX What to do here? This may be an "audit6" req. */
printf("Could not store vnode audit labels");
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_credential.c#3 (text+ko) ====
@@ -1601,7 +1601,7 @@
#endif
#ifdef MAC
- mac_init_cred(newcred);
+ mac_cred_init(newcred);
#endif
return(newcred);
@@ -1654,7 +1654,7 @@
if (err == 0)
break;
#ifdef MAC
- mac_destroy_cred(new_cred);
+ mac_cred_destroy(new_cred);
#endif
FREE(new_cred, M_KAUTH);
new_cred = NULL;
@@ -1939,12 +1939,12 @@
bcopy(cred, &temp_cred, sizeof(temp_cred));
- mac_init_cred(&temp_cred);
- mac_create_cred(cred, &temp_cred);
- mac_relabel_cred(&temp_cred, label);
+ mac_cred_init(&temp_cred);
+ mac_cred_create(cred, &temp_cred);
+ mac_cred_setlabel(&temp_cred, label);
newcred = kauth_cred_update(cred, &temp_cred, TRUE);
- mac_destroy_cred(&temp_cred);
+ mac_cred_destroy(&temp_cred);
return (newcred);
}
#endif
@@ -2016,7 +2016,7 @@
bcopy(cred, newcred, sizeof(*newcred));
#ifdef MAC
newcred->cr_label = temp_label;
- mac_create_cred(cred, newcred);
+ mac_cred_create(cred, newcred);
#endif
newcred->cr_ref = 1;
}
@@ -2041,7 +2041,7 @@
if (error == 0)
break;
#ifdef MAC
- mac_destroy_cred(newcred);
+ mac_cred_destroy(newcred);
#endif
FREE(newcred, M_KAUTH);
}
@@ -2106,7 +2106,7 @@
if (err == 0)
break;
#ifdef MAC
- mac_destroy_cred(newcred);
+ mac_cred_destroy(newcred);
#endif
FREE(newcred, M_KAUTH);
newcred = NULL;
@@ -2162,7 +2162,7 @@
if (err == 0)
break;
#ifdef MAC
- mac_destroy_cred(new_cred);
+ mac_cred_destroy(new_cred);
#endif
FREE(new_cred, M_KAUTH);
new_cred = NULL;
@@ -2226,7 +2226,7 @@
/* found a match, remove it from the hash table */
TAILQ_REMOVE(&kauth_cred_table_anchor[hash_key], found_cred, cr_link);
#ifdef MAC
- mac_destroy_cred(cred);
+ mac_cred_destroy(cred);
#endif
FREE(cred, M_KAUTH);
#if KAUTH_CRED_HASH_DEBUG
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_descrip.c#2 (text+ko) ====
@@ -381,7 +381,7 @@
pop = &fdp->fd_ofileflags[fd];
#ifdef MAC
- error = mac_check_fcntl(fp->f_cred, fp, uap->cmd, uap->arg);
+ error = mac_file_check_fcntl(fp->f_cred, fp, uap->cmd, uap->arg);
if (error)
goto out;
#endif
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_exec.c#3 (text+ko) ====
@@ -886,10 +886,10 @@
#ifdef MAC
if (uap->mac_p != USER_ADDR_NULL) {
- imgp->ip_execlabelp = mac_cred_label_alloc();
+ imgp->ip_execlabelp = mac_cred_alloc_label();
error = mac_execve_enter(uap->mac_p, imgp->ip_execlabelp);
if (error) {
- mac_cred_label_free(imgp->ip_execlabelp);
+ mac_cred_free_label(imgp->ip_execlabelp);
return (error);
}
}
@@ -973,8 +973,8 @@
* actually read by the interpreter.
*/
#ifdef MAC
- imgp->ip_scriptlabelp = mac_vnode_label_alloc();
- mac_copy_vnode_label(imgp->ip_vp->v_label,
+ imgp->ip_scriptlabelp = mac_vnode_alloc_label();
+ mac_vnode_copy_label(imgp->ip_vp->v_label,
imgp->ip_scriptlabelp);
#endif
vnode_put(imgp->ip_vp);
@@ -1019,9 +1019,9 @@
}
#ifdef MAC
if (imgp->ip_execlabelp)
- mac_cred_label_free(imgp->ip_execlabelp);
+ mac_cred_free_label(imgp->ip_execlabelp);
if (imgp->ip_scriptlabelp)
- mac_vnode_label_free(imgp->ip_scriptlabelp);
+ mac_vnode_free_label(imgp->ip_scriptlabelp);
#endif
return(error);
@@ -1402,7 +1402,7 @@
}
#ifdef MAC
- error = mac_check_vnode_exec(p->p_ucred, vp, imgp->ip_execlabelp);
+ error = mac_vnode_check_exec(p->p_ucred, vp, imgp->ip_execlabelp);
if (error)
return (error);
#endif
@@ -1462,7 +1462,7 @@
#ifdef MAC
int mac_transition;
- mac_transition = mac_execve_will_transition(cred, imgp->ip_vp,
+ mac_transition = mac_vnode_execve_will_transition(cred, imgp->ip_vp,
imgp->ip_scriptlabelp, imgp->ip_execlabelp, p);
#endif
@@ -1507,9 +1507,9 @@
* something similar here, or risk vulnerability.
*/
if (mac_transition && !imgp->ip_no_trans) {
- mac_execve_transition(cred, p->p_ucred, imgp->ip_vp,
+ mac_vnode_execve_transition(cred, p->p_ucred, imgp->ip_vp,
imgp->ip_scriptlabelp, imgp->ip_execlabelp);
- mac_update_task_from_cred(p->p_ucred, p->task);
+ mac_task_update_from_cred(p->p_ucred, p->task);
}
#endif
/*
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_exit.c#3 (text+ko) ====
@@ -630,7 +630,7 @@
wakeup(&child->p_stat);
#ifdef MAC
- mac_destroy_proc(child);
+ mac_proc_destroy(child);
#endif
lck_mtx_destroy(&child->p_mlock, proc_lck_grp);
@@ -678,7 +678,7 @@
continue;
#ifdef MAC
- if ((error = mac_check_proc_wait(kauth_cred_get(), p)) != 0)
+ if ((error = mac_proc_check_wait(kauth_cred_get(), p)) != 0)
return (error);
#endif
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_fork.c#3 (text+ko) ====
@@ -290,7 +290,7 @@
}
#ifdef MAC
- mac_update_task_from_cred(child->p_ucred, task);
+ mac_task_update_from_cred(child->p_ucred, task);
#endif
if (child->p_nice != 0)
@@ -443,7 +443,7 @@
panic("forkproc: M_SUBPROC zone exhausted (p_sigacts)");
#ifdef MAC
- mac_init_proc(newproc);
+ mac_proc_init(newproc);
#endif
/*
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_ktrace.c#2 (text+ko) ====
@@ -625,7 +625,7 @@
!suser(caller, NULL))
return (1);
#ifdef MAC
- error = mac_check_proc_debug(caller, targetp);
+ error = mac_proc_check_debug(caller, targetp);
if (error)
return (error);
#endif
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_mman.c#3 (text+ko) ====
@@ -373,7 +373,7 @@
handle = (void *)vp;
#ifdef MAC
- error = mac_check_vnode_mmap(vfs_context_ucred(&context),
+ error = mac_vnode_check_mmap(vfs_context_ucred(&context),
vp, prot, flags, &maxprot);
if (error) {
(void)vnode_put(vp);
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_proc.c#3 (text+ko) ====
@@ -894,7 +894,7 @@
LIST_INIT(&l->lc_members);
lck_mtx_init(&l->lc_mtx, lctx_lck_grp, lctx_lck_attr);
#ifdef MAC
- l->lc_label = mac_lctx_label_alloc();
+ l->lc_label = mac_lctx_alloc_label();
#endif
ALLLCTX_LOCK;
LIST_INSERT_HEAD(&alllctx, l, lc_list);
@@ -956,7 +956,7 @@
LCTX_UNLOCK(l);
lck_mtx_destroy(&l->lc_mtx, lctx_lck_grp);
#ifdef MAC
- mac_lctx_label_free(l->lc_label);
+ mac_lctx_free_label(l->lc_label);
l->lc_label = NULL;
#endif
FREE(l, M_LCTX);
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_prot.c#4 (text+ko) ====
@@ -1013,7 +1013,7 @@
HOST_PRIV_NULL :
host_priv_self()) != KERN_SUCCESS);
#ifdef MAC
- mac_update_task_from_cred(p->p_ucred, p->task);
+ mac_task_update_from_cred(p->p_ucred, p->task);
#endif
}
@@ -1058,7 +1058,7 @@
}
#ifdef MAC
- error = mac_check_proc_setlcid(p0, p, uap->pid, uap->lcid);
+ error = mac_proc_check_setlcid(p0, p, uap->pid, uap->lcid);
if (error)
return (error);
#endif
@@ -1140,7 +1140,7 @@
}
#ifdef MAC
- error = mac_check_proc_getlcid(p0, p, uap->pid);
+ error = mac_proc_check_getlcid(p0, p, uap->pid);
if (error)
return (error);
#endif
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_resource.c#2 (text+ko) ====
@@ -250,7 +250,7 @@
if (n < chgp->p_nice && suser(ucred, &curp->p_acflag))
return (EACCES);
#ifdef MAC
- error = mac_check_proc_sched(ucred, chgp);
+ error = mac_proc_check_sched(ucred, chgp);
if (error)
return (error);
#endif
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_sig.c#3 (text+ko) ====
@@ -135,7 +135,7 @@
void exit1(struct proc *, int, int *);
void psignal_uthread(thread_t, int);
kern_return_t do_bsdexception(int, int, int);
-void __posix_sem_syscall_return(kern_return_t);
+void __posixsem_syscall_return(kern_return_t);
/* implementations in osfmk/kern/sync_sema.c. We do not want port.h in this scope, so void * them */
kern_return_t semaphore_timedwait_signal_trap_internal(void *, void *,time_t, int32_t, void (*)(int));
@@ -284,7 +284,7 @@
#ifdef MAC
int error;
- error = mac_check_proc_signal(uc, q, signum);
+ error = mac_proc_check_signal(uc, q, signum);
if (error)
return (0);
#endif
@@ -841,7 +841,7 @@
}
void
-__posix_sem_syscall_return(kern_return_t kern_result)
+__posixsem_syscall_return(kern_return_t kern_result)
{
int error = 0;
@@ -885,17 +885,17 @@
}
if (uap->mutex_sem == (void *)NULL)
- kern_result = semaphore_timedwait_trap_internal(uap->cond_sem, then.tv_sec, then.tv_nsec, __posix_sem_syscall_return);
+ kern_result = semaphore_timedwait_trap_internal(uap->cond_sem, then.tv_sec, then.tv_nsec, __posixsem_syscall_return);
else
- kern_result = semaphore_timedwait_signal_trap_internal(uap->cond_sem, uap->mutex_sem, then.tv_sec, then.tv_nsec, __posix_sem_syscall_return);
+ kern_result = semaphore_timedwait_signal_trap_internal(uap->cond_sem, uap->mutex_sem, then.tv_sec, then.tv_nsec, __posixsem_syscall_return);
} else {
if (uap->mutex_sem == (void *)NULL)
- kern_result = semaphore_wait_trap_internal(uap->cond_sem, __posix_sem_syscall_return);
+ kern_result = semaphore_wait_trap_internal(uap->cond_sem, __posixsem_syscall_return);
else
- kern_result = semaphore_wait_signal_trap_internal(uap->cond_sem, uap->mutex_sem, __posix_sem_syscall_return);
+ kern_result = semaphore_wait_signal_trap_internal(uap->cond_sem, uap->mutex_sem, __posixsem_syscall_return);
}
out:
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_sysctl.c#2 (text+ko) ====
@@ -392,7 +392,7 @@
}
#ifdef MAC
- error = mac_check_system_sysctl(
+ error = mac_system_check_sysctl(
p->p_ucred,
(int *) name,
uap->namelen,
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_time.c#3 (text+ko) ====
@@ -168,7 +168,7 @@
int error;
#ifdef MAC
- error = mac_check_system_settime(kauth_cred_get());
+ error = mac_system_check_settime(kauth_cred_get());
if (error)
return (error);
#endif
@@ -221,7 +221,7 @@
int error;
#ifdef MAC
- error = mac_check_system_settime(kauth_cred_get());
+ error = mac_system_check_settime(kauth_cred_get());
if (error)
return (error);
#endif
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_xxx.c#4 (text+ko) ====
@@ -101,7 +101,7 @@
#ifdef MAC
if (error)
return (error);
- error = mac_check_system_reboot(kauth_cred_get(), uap->opt);
+ error = mac_system_check_reboot(kauth_cred_get(), uap->opt);
#endif
if (!error) {
SET(p->p_flag, P_REBOOT); /* No more signals for this proc */
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/posix_sem.c#2 (text+ko) ====
@@ -144,11 +144,11 @@
LIST_HEAD(psemhashhead, psemcache) *psemhashtbl; /* Hash Table */
u_long psemhash; /* size of hash table - 1 */
long psemnument; /* number of cache entries allocated */
-long posix_sem_max = 10000; /* tunable for max POSIX semaphores */
+long posixsem_max = 10000; /* tunable for max POSIX semaphores */
/* 10000 limits to ~1M of memory */
SYSCTL_NODE(_kern, KERN_POSIX, posix, CTLFLAG_RW, 0, "Posix");
SYSCTL_NODE(_kern_posix, OID_AUTO, sem, CTLFLAG_RW, 0, "Semaphores");
-SYSCTL_INT (_kern_posix_sem, OID_AUTO, max, CTLFLAG_RW, &posix_sem_max, 0, "max");
+SYSCTL_INT (_kern_posix_sem, OID_AUTO, max, CTLFLAG_RW, &posixsem_max, 0, "max");
struct psemstats psemstats; /* cache effectiveness statistics */
@@ -271,7 +271,7 @@
if (psem_cache_search(&dpinfo, pnp, &dpcp) == -1) {
return(EEXIST);
}
- if (psemnument >= posix_sem_max)
+ if (psemnument >= posixsem_max)
return(ENOSPC);
psemnument++;
/*
@@ -487,14 +487,14 @@
pinfo->sem_proc = p;
#ifdef MAC
PSEM_SUBSYS_UNLOCK();
- mac_init_posix_sem(pinfo);
+ mac_posixsem_init(pinfo);
PSEM_SUBSYS_LOCK();
- error = mac_check_posix_sem_create(kauth_cred_get(), nameptr);
+ error = mac_posixsem_check_create(kauth_cred_get(), nameptr);
if (error) {
PSEM_SUBSYS_UNLOCK();
goto bad2;
}
- mac_create_posix_sem(kauth_cred_get(), pinfo, nameptr);
+ mac_posixsem_create(kauth_cred_get(), pinfo, nameptr);
#endif
} else {
/* semaphore should exist as it is without O_CREAT */
@@ -511,7 +511,7 @@
AUDIT_ARG(posix_ipc_perm, pinfo->psem_uid,
pinfo->psem_gid, pinfo->psem_mode);
#ifdef MAC
- error = mac_check_posix_sem_open(kauth_cred_get(), pinfo);
+ error = mac_posixsem_check_open(kauth_cred_get(), pinfo);
if (error) {
PSEM_SUBSYS_UNLOCK();
goto bad1;
@@ -582,7 +582,7 @@
bad1:
if (pinfo_alloc) {
#ifdef MAC
- mac_destroy_posix_sem(pinfo);
+ mac_posixsem_destroy(pinfo);
#endif
FREE(pinfo, M_SHM);
}
@@ -705,7 +705,7 @@
} else
incache = 1;
#ifdef MAC
- error = mac_check_posix_sem_unlink(kauth_cred_get(), pinfo, nameptr);
+ error = mac_posixsem_check_unlink(kauth_cred_get(), pinfo, nameptr);
if (error) {
PSEM_SUBSYS_UNLOCK();
goto bad;
@@ -800,7 +800,7 @@
goto out;
}
#ifdef MAC
- error = mac_check_posix_sem_wait(kauth_cred_get(), pinfo);
+ error = mac_posixsem_check_wait(kauth_cred_get(), pinfo);
if (error) {
PSEM_SUBSYS_UNLOCK();
goto out;
@@ -861,7 +861,7 @@
goto out;
}
#ifdef MAC
- error = mac_check_posix_sem_wait(kauth_cred_get(), pinfo);
+ error = mac_posixsem_check_wait(kauth_cred_get(), pinfo);
if (error) {
PSEM_SUBSYS_UNLOCK();
goto out;
@@ -925,7 +925,7 @@
goto out;
}
#ifdef MAC
- error = mac_check_posix_sem_post(kauth_cred_get(), pinfo);
+ error = mac_posixsem_check_post(kauth_cred_get(), pinfo);
if (error) {
PSEM_SUBSYS_UNLOCK();
goto out;
@@ -1030,7 +1030,7 @@
kret = semaphore_destroy(kernel_task, pinfo->psem_semobject);
#ifdef MAC
- mac_destroy_posix_sem(pinfo);
+ mac_posixsem_destroy(pinfo);
#endif
switch (kret) {
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/posix_shm.c#2 (text+ko) ====
@@ -488,14 +488,14 @@
pinfo->pshm_gid = kauth_cred_get()->cr_gid;
#ifdef MAC
PSHM_SUBSYS_UNLOCK();
- mac_init_posix_shm(pinfo);
+ mac_posixshm_init(pinfo);
PSHM_SUBSYS_LOCK();
- error = mac_check_posix_shm_create(kauth_cred_get(), nameptr);
+ error = mac_posixshm_check_create(kauth_cred_get(), nameptr);
if (error) {
PSHM_SUBSYS_UNLOCK();
goto bad2;
}
- mac_create_posix_shm(kauth_cred_get(), pinfo, nameptr);
+ mac_posixshm_create(kauth_cred_get(), pinfo, nameptr);
#endif
} else {
/* already exists */
@@ -507,7 +507,7 @@
AUDIT_ARG(posix_ipc_perm, pinfo->pshm_uid,
pinfo->pshm_gid, pinfo->pshm_mode);
#ifdef MAC
- if ((error = mac_check_posix_shm_open(
+ if ((error = mac_posixshm_check_open(
kauth_cred_get(), pinfo))) {
PSHM_SUBSYS_UNLOCK();
goto bad1;
@@ -597,7 +597,7 @@
bad2:
if (pinfo_alloc) {
#ifdef MAC
- mac_destroy_posix_shm(pinfo);
+ mac_posixshm_destroy(pinfo);
#endif
FREE(pinfo, M_SHM);
}
@@ -642,7 +642,7 @@
return(EINVAL);
}
#ifdef MAC
- error = mac_check_posix_shm_truncate(kauth_cred_get(), pinfo, size);
+ error = mac_posixshm_check_truncate(kauth_cred_get(), pinfo, size);
if (error) {
PSHM_SUBSYS_UNLOCK();
return(error);
@@ -698,7 +698,7 @@
}
#ifdef MAC
- error = mac_check_posix_shm_stat(kauth_cred_get(), pinfo);
+ error = mac_posixshm_check_stat(kauth_cred_get(), pinfo);
if (error) {
PSHM_SUBSYS_UNLOCK();
return(error);
@@ -814,7 +814,7 @@
}
#ifdef MAC
- error = mac_check_posix_shm_mmap(kauth_cred_get(), pinfo, prot, flags);
+ error = mac_posixshm_check_mmap(kauth_cred_get(), pinfo, prot, flags);
if (error) {
PSHM_SUBSYS_UNLOCK();
return(error);
@@ -958,7 +958,7 @@
goto bad;
}
#ifdef MAC
- error = mac_check_posix_shm_unlink(kauth_cred_get(), pinfo, nameptr);
+ error = mac_posixshm_check_unlink(kauth_cred_get(), pinfo, nameptr);
if (error) {
PSHM_SUBSYS_UNLOCK();
goto bad;
@@ -1028,7 +1028,7 @@
mach_memory_entry_port_release(pinfo->pshm_memobject);
PSHM_SUBSYS_LOCK();
#ifdef MAC
- mac_destroy_posix_shm(pinfo);
+ mac_posixshm_destroy(pinfo);
#endif
FREE(pinfo,M_SHM);
}
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/sys_pipe.c#2 (text+ko) ====
@@ -353,12 +353,12 @@
* XXXXXXXX SHOULD NOT HOLD FILE_LOCK() XXXXXXXXXXXX
*
* struct pipe represents a pipe endpoint. The MAC label is shared
- * between the connected endpoints. As a result mac_init_pipe() and
- * mac_create_pipe() should only be called on one of the endpoints
+ * between the connected endpoints. As a result mac_pipe_init() and
+ * mac_pipe_create() should only be called on one of the endpoints
* after they have been connected.
*/
- mac_init_pipe(rpipe);
- mac_create_pipe(kauth_cred_get(), rpipe);
+ mac_pipe_init(rpipe);
+ mac_pipe_create(kauth_cred_get(), rpipe);
wpipe->pipe_label = rpipe->pipe_label;
#endif
proc_fdlock(p);
@@ -396,7 +396,7 @@
return (EBADF);
#ifdef MAC
PIPE_LOCK(cpipe);
- error = mac_check_pipe_stat(kauth_cred_get(), cpipe);
+ error = mac_pipe_check_stat(kauth_cred_get(), cpipe);
PIPE_UNLOCK(cpipe);
if (error)
return (error);
@@ -572,7 +572,7 @@
goto unlocked_error;
#ifdef MAC
- error = mac_check_pipe_read(kauth_cred_get(), rpipe);
+ error = mac_pipe_check_read(kauth_cred_get(), rpipe);
if (error)
goto locked_error;
#endif
@@ -983,7 +983,7 @@
return (EPIPE);
}
#ifdef MAC
- error = mac_check_pipe_write(kauth_cred_get(), wpipe);
+ error = mac_pipe_check_write(kauth_cred_get(), wpipe);
if (error) {
PIPE_UNLOCK(rpipe);
return (error);
@@ -1292,7 +1292,7 @@
PIPE_LOCK(mpipe);
#ifdef MAC
- error = mac_check_pipe_ioctl(kauth_cred_get(), mpipe, cmd, data);
+ error = mac_pipe_check_ioctl(kauth_cred_get(), mpipe, cmd, data);
if (error) {
PIPE_UNLOCK(mpipe);
@@ -1358,7 +1358,7 @@
wpipe = rpipe->pipe_peer;
#ifdef MAC
- if (mac_check_pipe_select(proc_ucred(p), rpipe, which)) {
+ if (mac_pipe_check_select(proc_ucred(p), rpipe, which)) {
PIPE_UNLOCK(rpipe);
return (0);
}
@@ -1479,7 +1479,7 @@
* Free the shared pipe label only after the two ends are disconnected.
*/
if (cpipe->pipe_label != NULL && cpipe->pipe_peer == NULL)
- mac_destroy_pipe(cpipe);
+ mac_pipe_destroy(cpipe);
#endif
/*
@@ -1535,7 +1535,7 @@
PIPE_LOCK(cpipe);
#ifdef MAC
- if (mac_check_pipe_kqfilter(proc_ucred(p), kn, cpipe) != 0) {
+ if (mac_pipe_check_kqfilter(proc_ucred(p), kn, cpipe) != 0) {
PIPE_UNLOCK(cpipe);
return (1);
}
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/sys_socket.c#3 (text+ko) ====
@@ -126,7 +126,7 @@
}
#ifdef MAC_SOCKET
SOCK_LOCK(so);
- error = mac_check_socket_receive(proc_ucred(p), so);
+ error = mac_socket_check_receive(proc_ucred(p), so);
SOCK_UNLOCK(so);
if (error)
return (error);
@@ -163,7 +163,7 @@
#ifdef MAC_SOCKET
SOCK_LOCK(so);
- error = mac_check_socket_send(proc_ucred(procp), so);
+ error = mac_socket_check_send(proc_ucred(procp), so);
SOCK_UNLOCK(so);
if (error)
return (error);
@@ -360,7 +360,7 @@
socket_lock(so, 1);
#ifdef MAC_SOCKET
- if (mac_check_socket_select(proc_ucred(p), so, which))
>>> TRUNCATED FOR MAIL (1000 lines) <<<
More information about the trustedbsd-cvs
mailing list