PERFORCE change 100972 for review
Robert Watson
rwatson at FreeBSD.org
Sat Jul 8 10:13:00 UTC 2006
http://perforce.freebsd.org/chv.cgi?CH=100972
Change 100972 by rwatson at rwatson_zoo on 2006/07/08 10:10:35
Rename.
Affected files ...
.. //depot/projects/trustedbsd/mac2/sys/i386/i386/sys_machdep.c#3 edit
.. //depot/projects/trustedbsd/mac2/sys/kern/kern_exec.c#4 edit
.. //depot/projects/trustedbsd/mac2/sys/kern/uipc_sem.c#3 edit
.. //depot/projects/trustedbsd/mac2/sys/net/bsd_comp.c#3 edit
.. //depot/projects/trustedbsd/mac2/sys/net/if_atmsubr.c#3 edit
.. //depot/projects/trustedbsd/mac2/sys/net/if_fddisubr.c#3 edit
.. //depot/projects/trustedbsd/mac2/sys/net/if_fwsubr.c#3 edit
.. //depot/projects/trustedbsd/mac2/sys/net/if_iso88025subr.c#3 edit
.. //depot/projects/trustedbsd/mac2/sys/net/if_stf.c#3 edit
.. //depot/projects/trustedbsd/mac2/sys/netatalk/ddp_input.c#3 edit
.. //depot/projects/trustedbsd/mac2/sys/netatalk/ddp_output.c#3 edit
.. //depot/projects/trustedbsd/mac2/sys/netinet/ip_divert.c#3 edit
.. //depot/projects/trustedbsd/mac2/sys/netinet/ip_mroute.c#3 edit
.. //depot/projects/trustedbsd/mac2/sys/security/mac/mac_process.c#3 edit
.. //depot/projects/trustedbsd/mac2/sys/security/mac/mac_socket.c#2 edit
.. //depot/projects/trustedbsd/mac2/sys/security/mac/mac_system.c#2 edit
.. //depot/projects/trustedbsd/mac2/sys/security/mac/mac_sysv_msg.c#2 edit
.. //depot/projects/trustedbsd/mac2/sys/security/mac/mac_sysv_sem.c#2 edit
.. //depot/projects/trustedbsd/mac2/sys/security/mac/mac_sysv_shm.c#2 edit
.. //depot/projects/trustedbsd/mac2/sys/security/mac/mac_vfs.c#3 edit
.. //depot/projects/trustedbsd/mac2/sys/sys/mac.h#4 edit
.. //depot/projects/trustedbsd/mac2/sys/sys/mac_framework.h#13 edit
.. //depot/projects/trustedbsd/mac2/sys/sys/mac_policy.h#21 edit
.. //depot/projects/trustedbsd/mac2/sys/ufs/ffs/ffs_vfsops.c#3 edit
.. //depot/projects/trustedbsd/mac2/sys/ufs/ufs/ufs_vnops.c#3 edit
.. //depot/projects/trustedbsd/mac2/sys/vm/swap_pager.c#2 edit
.. //depot/projects/trustedbsd/mac2/sys/vm/vm_mmap.c#3 edit
Differences ...
==== //depot/projects/trustedbsd/mac2/sys/i386/i386/sys_machdep.c#3 (text+ko) ====
@@ -286,7 +286,7 @@
char *iomap;
#ifdef MAC
- if ((error = mac_check_sysarch_ioperm(td->td_ucred)) != 0)
+ if ((error = mac_system_check_ioperm(td->td_ucred)) != 0)
return (error);
#endif
if ((error = suser(td)) != 0)
==== //depot/projects/trustedbsd/mac2/sys/kern/kern_exec.c#4 (text+ko) ====
@@ -548,7 +548,7 @@
credential_changing |= (attr.va_mode & VSGID) && oldcred->cr_gid !=
attr.va_gid;
#ifdef MAC
- will_transition = mac_execve_will_transition(oldcred, imgp->vp,
+ will_transition = mac_vnode_execve_will_transition(oldcred, imgp->vp,
interplabel, imgp);
credential_changing |= will_transition;
#endif
@@ -600,8 +600,8 @@
change_egid(newcred, attr.va_gid);
#ifdef MAC
if (will_transition) {
- mac_execve_transition(oldcred, newcred, imgp->vp,
- interplabel, imgp);
+ mac_vnode_execve_transition(oldcred, newcred,
+ imgp->vp, interplabel, imgp);
}
#endif
/*
==== //depot/projects/trustedbsd/mac2/sys/kern/uipc_sem.c#3 (text+ko) ====
@@ -1,6 +1,6 @@
/*-
* Copyright (c) 2002 Alfred Perlstein <alfred at FreeBSD.org>
- * Copyright (c) 2003-2005 SPARTA, Inc.
+ * Copyright (c) 2003-2006 SPARTA, Inc.
* Copyright (c) 2005 Robert N. M. Watson
* All rights reserved.
*
@@ -9,6 +9,9 @@
* Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"),
* as part of the DARPA CHATS research program.
*
+ * This software was enhanced by SPARTA ISSO under SPAWAR contract
+ * N66001-04-C-6019 ("SEFOS").
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -213,8 +216,8 @@
cv_init(&ret->ks_cv, "sem");
LIST_INIT(&ret->ks_users);
#ifdef MAC
- mac_init_posix_sem(ret);
- mac_create_posix_sem(uc, ret);
+ mac_posix_sem_init(ret);
+ mac_posix_sem_create(uc, ret);
#endif
if (name != NULL)
sem_enter(td->td_proc, ret);
@@ -379,7 +382,7 @@
}
} else {
#ifdef MAC
- error = mac_check_posix_sem_open(td->td_ucred, ks);
+ error = mac_posix_sem_check_open(td->td_ucred, ks);
if (error)
goto err_open;
#endif
@@ -531,7 +534,7 @@
ks = sem_lookup_byname(name);
if (ks != NULL) {
#ifdef MAC
- error = mac_check_posix_sem_unlink(td->td_ucred, ks);
+ error = mac_posix_sem_check_unlink(td->td_ucred, ks);
if (error) {
mtx_unlock(&sem_lock);
return (error);
@@ -606,7 +609,7 @@
goto err;
}
#ifdef MAC
- error = mac_check_posix_sem_post(td->td_ucred, ks);
+ error = mac_posix_sem_check_post(td->td_ucred, ks);
if (error)
goto err;
#endif
@@ -702,7 +705,7 @@
goto err;
}
#ifdef MAC
- error = mac_check_posix_sem_wait(td->td_ucred, ks);
+ error = mac_posix_sem_check_wait(td->td_ucred, ks);
if (error) {
DP(("kern_sem_wait mac failed\n"));
goto err;
@@ -765,7 +768,7 @@
return (EINVAL);
}
#ifdef MAC
- error = mac_check_posix_sem_getvalue(td->td_ucred, ks);
+ error = mac_posix_sem_check_getvalue(td->td_ucred, ks);
if (error) {
mtx_unlock(&sem_lock);
return (error);
@@ -797,7 +800,7 @@
goto err;
}
#ifdef MAC
- error = mac_check_posix_sem_destroy(td->td_ucred, ks);
+ error = mac_posix_sem_check_destroy(td->td_ucred, ks);
if (error)
goto err;
#endif
==== //depot/projects/trustedbsd/mac2/sys/net/bsd_comp.c#3 (text+ko) ====
@@ -880,7 +880,7 @@
wptr = mtod(dmp, u_char *);
space = M_TRAILINGSPACE(dmp) - PPP_HDRLEN + 1;
#ifdef MAC
- mac_copy_mbuf(cmp, dmp);
+ mac_mbuf_copy(cmp, dmp);
#endif
/*
==== //depot/projects/trustedbsd/mac2/sys/net/if_atmsubr.c#3 (text+ko) ====
@@ -133,7 +133,7 @@
u_int32_t atm_flags;
#ifdef MAC
- error = mac_check_ifnet_transmit(ifp, m);
+ error = mac_ifnet_check_transmit(ifp, m);
if (error)
senderr(error);
#endif
@@ -266,7 +266,7 @@
return;
}
#ifdef MAC
- mac_create_mbuf_from_ifnet(ifp, m);
+ mac_ifnet_create_mbuf(ifp, m);
#endif
ifp->if_ibytes += m->m_pkthdr.len;
==== //depot/projects/trustedbsd/mac2/sys/net/if_fddisubr.c#3 (text+ko) ====
@@ -120,7 +120,7 @@
struct fddi_header *fh;
#ifdef MAC
- error = mac_check_ifnet_transmit(ifp, m);
+ error = mac_ifnet_check_transmit(ifp, m);
if (error)
senderr(error);
#endif
@@ -406,7 +406,7 @@
}
#ifdef MAC
- mac_create_mbuf_from_ifnet(ifp, m);
+ mac_ifnet_create_mbuf(ifp, m);
#endif
/*
==== //depot/projects/trustedbsd/mac2/sys/net/if_fwsubr.c#3 (text+ko) ====
@@ -90,7 +90,7 @@
static int next_dgl;
#ifdef MAC
- error = mac_check_ifnet_transmit(ifp, m);
+ error = mac_ifnet_check_transmit(ifp, m);
if (error)
goto bad;
#endif
@@ -558,7 +558,7 @@
* Tag the mbuf with an appropriate MAC label before any other
* consumers can get to it.
*/
- mac_create_mbuf_from_ifnet(ifp, m);
+ mac_ifnet_create_mbuf(ifp, m);
#endif
/*
==== //depot/projects/trustedbsd/mac2/sys/net/if_iso88025subr.c#3 (text+ko) ====
@@ -243,7 +243,7 @@
struct rtentry *rt = NULL;
#ifdef MAC
- error = mac_check_ifnet_transmit(ifp, m);
+ error = mac_ifnet_check_transmit(ifp, m);
if (error)
senderr(error);
#endif
@@ -502,7 +502,7 @@
}
#ifdef MAC
- mac_create_mbuf_from_ifnet(ifp, m);
+ mac_ifnet_create_mbuf(ifp, m);
#endif
/*
==== //depot/projects/trustedbsd/mac2/sys/net/if_stf.c#3 (text+ko) ====
@@ -407,7 +407,7 @@
#ifdef MAC
int error;
- error = mac_check_ifnet_transmit(ifp, m);
+ error = mac_ifnet_check_transmit(ifp, m);
if (error) {
m_freem(m);
return (error);
@@ -675,7 +675,7 @@
ifp = STF2IFP(sc);
#ifdef MAC
- mac_create_mbuf_from_ifnet(ifp, m);
+ mac_ifnet_create_mbuf(ifp, m);
#endif
/*
==== //depot/projects/trustedbsd/mac2/sys/netatalk/ddp_input.c#3 (text+ko) ====
@@ -411,7 +411,7 @@
#ifdef MAC
SOCK_LOCK(ddp->ddp_socket);
- if (mac_check_socket_deliver(ddp->ddp_socket, m) != 0) {
+ if (mac_socket_check_deliver(ddp->ddp_socket, m) != 0) {
SOCK_UNLOCK(ddp->ddp_socket);
goto out;
}
==== //depot/projects/trustedbsd/mac2/sys/netatalk/ddp_output.c#3 (text+ko) ====
@@ -53,7 +53,7 @@
#ifdef MAC
SOCK_LOCK(so);
- mac_create_mbuf_from_socket(so, m);
+ mac_socket_create_mbuf(so, m);
SOCK_UNLOCK(so);
#endif
@@ -207,7 +207,7 @@
return (ENOBUFS);
}
#ifdef MAC
- mac_copy_mbuf(m, m0);
+ mac_mbuf_copy(m, m0);
#endif
m0->m_next = m;
/* XXX perhaps we ought to align the header? */
==== //depot/projects/trustedbsd/mac2/sys/netinet/ip_divert.c#3 (text+ko) ====
@@ -349,7 +349,7 @@
ipstat.ips_rawout++; /* XXX */
#ifdef MAC
- mac_create_mbuf_from_inpcb(inp, m);
+ mac_inpcb_create_mbuf(inp, m);
#endif
error = ip_output(m,
inp->inp_options, NULL,
@@ -381,7 +381,7 @@
}
#ifdef MAC
SOCK_LOCK(so);
- mac_create_mbuf_from_socket(so, m);
+ mac_socket_create_mbuf(so, m);
SOCK_UNLOCK(so);
#endif
/* Send packet to input processing */
==== //depot/projects/trustedbsd/mac2/sys/netinet/ip_mroute.c#3 (text+ko) ====
@@ -1908,7 +1908,7 @@
if (mb_copy == NULL)
return;
#ifdef MAC
- mac_create_mbuf_multicast_encap(m, vifp->v_ifp, mb_copy);
+ mac_mbuf_create_multicast_encap(m, vifp->v_ifp, mb_copy);
#endif
mb_copy->m_data += max_linkhdr;
mb_copy->m_len = sizeof(multicast_encap_iphdr);
==== //depot/projects/trustedbsd/mac2/sys/security/mac/mac_process.c#3 (text+ko) ====
@@ -51,6 +51,7 @@
#include <sys/lock.h>
#include <sys/malloc.h>
#include <sys/mutex.h>
+#include <sys/mac.h>
#include <sys/mac_framework.h>
#include <sys/proc.h>
#include <sys/sbuf.h>
@@ -378,7 +379,7 @@
vfslocked = VFS_LOCK_GIANT(vp->v_mount);
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
result = vme->max_protection;
- mac_check_vnode_mmap_downgrade(cred, vp, &result);
+ mac_vnode_check_mmap_downgrade(cred, vp, &result);
VOP_UNLOCK(vp, 0, td);
/*
* Find out what maximum protection we may be allowing
@@ -461,37 +462,37 @@
* buffer cache.
*/
void
-mac_relabel_cred(struct ucred *cred, struct label *newlabel)
+mac_cred_relabel(struct ucred *cred, struct label *newlabel)
{
- MAC_PERFORM(relabel_cred, cred, newlabel);
+ MAC_PERFORM(cred_relabel, cred, newlabel);
}
int
-mac_check_cred_relabel(struct ucred *cred, struct label *newlabel)
+mac_cred_check_relabel(struct ucred *cred, struct label *newlabel)
{
int error;
- MAC_CHECK(check_cred_relabel, cred, newlabel);
+ MAC_CHECK(cred_check_relabel, cred, newlabel);
return (error);
}
int
-mac_check_cred_visible(struct ucred *u1, struct ucred *u2)
+mac_cred_check_visible(struct ucred *u1, struct ucred *u2)
{
int error;
if (!mac_enforce_process)
return (0);
- MAC_CHECK(check_cred_visible, u1, u2);
+ MAC_CHECK(cred_check_visible, u1, u2);
return (error);
}
int
-mac_check_proc_debug(struct ucred *cred, struct proc *proc)
+mac_proc_check_debug(struct ucred *cred, struct proc *proc)
{
int error;
@@ -500,13 +501,13 @@
if (!mac_enforce_process)
return (0);
- MAC_CHECK(check_proc_debug, cred, proc);
+ MAC_CHECK(proc_check_debug, cred, proc);
return (error);
}
int
-mac_check_proc_sched(struct ucred *cred, struct proc *proc)
+mac_proc_check_sched(struct ucred *cred, struct proc *proc)
{
int error;
@@ -515,13 +516,13 @@
if (!mac_enforce_process)
return (0);
- MAC_CHECK(check_proc_sched, cred, proc);
+ MAC_CHECK(proc_check_sched, cred, proc);
return (error);
}
int
-mac_check_proc_signal(struct ucred *cred, struct proc *proc, int signum)
+mac_proc_check_signal(struct ucred *cred, struct proc *proc, int signum)
{
int error;
@@ -530,13 +531,13 @@
if (!mac_enforce_process)
return (0);
- MAC_CHECK(check_proc_signal, cred, proc, signum);
+ MAC_CHECK(proc_check_signal, cred, proc, signum);
return (error);
}
int
-mac_check_proc_setuid(struct proc *proc, struct ucred *cred, uid_t uid)
+mac_proc_check_setuid(struct proc *proc, struct ucred *cred, uid_t uid)
{
int error;
@@ -545,12 +546,12 @@
if (!mac_enforce_suid)
return (0);
- MAC_CHECK(check_proc_setuid, cred, uid);
+ MAC_CHECK(proc_check_setuid, cred, uid);
return (error);
}
int
-mac_check_proc_seteuid(struct proc *proc, struct ucred *cred, uid_t euid)
+mac_proc_check_seteuid(struct proc *proc, struct ucred *cred, uid_t euid)
{
int error;
@@ -559,12 +560,12 @@
if (!mac_enforce_suid)
return (0);
- MAC_CHECK(check_proc_seteuid, cred, euid);
+ MAC_CHECK(proc_check_seteuid, cred, euid);
return (error);
}
int
-mac_check_proc_setgid(struct proc *proc, struct ucred *cred, gid_t gid)
+mac_proc_check_setgid(struct proc *proc, struct ucred *cred, gid_t gid)
{
int error;
@@ -573,12 +574,12 @@
if (!mac_enforce_suid)
return (0);
- MAC_CHECK(check_proc_setgid, cred, gid);
+ MAC_CHECK(proc_check_setgid, cred, gid);
return (error);
}
int
-mac_check_proc_setegid(struct proc *proc, struct ucred *cred, gid_t egid)
+mac_proc_check_setegid(struct proc *proc, struct ucred *cred, gid_t egid)
{
int error;
@@ -587,12 +588,12 @@
if (!mac_enforce_suid)
return (0);
- MAC_CHECK(check_proc_setegid, cred, egid);
+ MAC_CHECK(proc_check_setegid, cred, egid);
return (error);
}
int
-mac_check_proc_setgroups(struct proc *proc, struct ucred *cred,
+mac_proc_check_setgroups(struct proc *proc, struct ucred *cred,
int ngroups, gid_t *gidset)
{
int error;
@@ -602,12 +603,12 @@
if (!mac_enforce_suid)
return (0);
- MAC_CHECK(check_proc_setgroups, cred, ngroups, gidset);
+ MAC_CHECK(proc_check_setgroups, cred, ngroups, gidset);
return (error);
}
int
-mac_check_proc_setreuid(struct proc *proc, struct ucred *cred, uid_t ruid,
+mac_proc_check_setreuid(struct proc *proc, struct ucred *cred, uid_t ruid,
uid_t euid)
{
int error;
@@ -617,12 +618,12 @@
if (!mac_enforce_suid)
return (0);
- MAC_CHECK(check_proc_setreuid, cred, ruid, euid);
+ MAC_CHECK(proc_check_setreuid, cred, ruid, euid);
return (error);
}
int
-mac_check_proc_setregid(struct proc *proc, struct ucred *cred, gid_t rgid,
+mac_proc_check_setregid(struct proc *proc, struct ucred *cred, gid_t rgid,
gid_t egid)
{
int error;
@@ -632,12 +633,12 @@
if (!mac_enforce_suid)
return (0);
- MAC_CHECK(check_proc_setregid, cred, rgid, egid);
+ MAC_CHECK(proc_check_setregid, cred, rgid, egid);
return (error);
}
int
-mac_check_proc_setresuid(struct proc *proc, struct ucred *cred, uid_t ruid,
+mac_proc_check_setresuid(struct proc *proc, struct ucred *cred, uid_t ruid,
uid_t euid, uid_t suid)
{
int error;
@@ -647,12 +648,12 @@
if (!mac_enforce_suid)
return (0);
- MAC_CHECK(check_proc_setresuid, cred, ruid, euid, suid);
+ MAC_CHECK(proc_check_setresuid, cred, ruid, euid, suid);
return (error);
}
int
-mac_check_proc_setresgid(struct proc *proc, struct ucred *cred, gid_t rgid,
+mac_proc_check_setresgid(struct proc *proc, struct ucred *cred, gid_t rgid,
gid_t egid, gid_t sgid)
{
int error;
@@ -662,12 +663,12 @@
if (!mac_enforce_suid)
return (0);
- MAC_CHECK(check_proc_setresgid, cred, rgid, egid, sgid);
+ MAC_CHECK(proc_check_setresgid, cred, rgid, egid, sgid);
return (error);
}
int
-mac_check_proc_wait(struct ucred *cred, struct proc *proc)
+mac_proc_check_wait(struct ucred *cred, struct proc *proc)
{
int error;
@@ -676,7 +677,7 @@
if (!mac_enforce_process)
return (0);
- MAC_CHECK(check_proc_wait, cred, proc);
+ MAC_CHECK(proc_check_wait, cred, proc);
return (error);
}
==== //depot/projects/trustedbsd/mac2/sys/security/mac/mac_socket.c#2 (text+ko) ====
@@ -2,7 +2,7 @@
* Copyright (c) 1999-2002 Robert N. M. Watson
* Copyright (c) 2001 Ilmar S. Habibulin
* Copyright (c) 2001-2005 Networks Associates Technology, Inc.
- * Copyright (c) 2005 SPARTA, Inc.
+ * Copyright (c) 2005-2006 SPARTA, Inc.
* All rights reserved.
*
* This software was developed by Robert Watson and Ilmar Habibulin for the
@@ -49,6 +49,7 @@
#include <sys/malloc.h>
#include <sys/mutex.h>
#include <sys/mac.h>
+#include <sys/mac_framework.h>
#include <sys/sbuf.h>
#include <sys/systm.h>
#include <sys/mount.h>
@@ -97,9 +98,9 @@
if (label == NULL)
return (NULL);
- MAC_CHECK(init_socket_label, label, flag);
+ MAC_CHECK(socket_init_label, label, flag);
if (error) {
- MAC_PERFORM(destroy_socket_label, label);
+ MAC_PERFORM(socket_destroy_label, label);
mac_labelzone_free(label);
return (NULL);
}
@@ -117,9 +118,9 @@
if (label == NULL)
return (NULL);
- MAC_CHECK(init_socket_peer_label, label, flag);
+ MAC_CHECK(socket_init_peer_label, label, flag);
if (error) {
- MAC_PERFORM(destroy_socket_peer_label, label);
+ MAC_PERFORM(socket_destroy_peer_label, label);
mac_labelzone_free(label);
return (NULL);
}
@@ -128,7 +129,7 @@
}
int
-mac_init_socket(struct socket *so, int flag)
+mac_socket_init(struct socket *so, int flag)
{
so->so_label = mac_socket_label_alloc(flag);
@@ -147,7 +148,7 @@
mac_socket_label_free(struct label *label)
{
- MAC_PERFORM(destroy_socket_label, label);
+ MAC_PERFORM(socket_destroy_label, label);
mac_labelzone_free(label);
MAC_DEBUG_COUNTER_DEC(&nmacsockets);
}
@@ -156,13 +157,13 @@
mac_socket_peer_label_free(struct label *label)
{
- MAC_PERFORM(destroy_socket_peer_label, label);
+ MAC_PERFORM(socket_destroy_peer_label, label);
mac_labelzone_free(label);
MAC_DEBUG_COUNTER_DEC(&nmacsockets);
}
void
-mac_destroy_socket(struct socket *socket)
+mac_socket_destroy(struct socket *socket)
{
mac_socket_label_free(socket->so_label);
@@ -172,14 +173,14 @@
}
void
-mac_copy_socket_label(struct label *src, struct label *dest)
+mac_socket_copy_label(struct label *src, struct label *dest)
{
- MAC_PERFORM(copy_socket_label, src, dest);
+ MAC_PERFORM(socket_copy_label, src, dest);
}
int
-mac_externalize_socket_label(struct label *label, char *elements,
+mac_socket_externalize_label(struct label *label, char *elements,
char *outbuf, size_t outbuflen)
{
int error;
@@ -190,7 +191,7 @@
}
static int
-mac_externalize_socket_peer_label(struct label *label, char *elements,
+mac_socket_peer_externalize_label(struct label *label, char *elements,
char *outbuf, size_t outbuflen)
{
int error;
@@ -201,7 +202,7 @@
}
int
-mac_internalize_socket_label(struct label *label, char *string)
+mac_socket_internalize_label(struct label *label, char *string)
{
int error;
@@ -211,33 +212,32 @@
}
void
-mac_create_socket(struct ucred *cred, struct socket *socket)
+mac_socket_create(struct ucred *cred, struct socket *socket)
{
- MAC_PERFORM(create_socket, cred, socket, socket->so_label);
+ MAC_PERFORM(socket_create, cred, socket, socket->so_label);
}
void
-mac_create_socket_from_socket(struct socket *oldsocket,
- struct socket *newsocket)
+mac_socket_accept(struct socket *oldsocket, struct socket *newsocket)
{
SOCK_LOCK_ASSERT(oldsocket);
- MAC_PERFORM(create_socket_from_socket, oldsocket, oldsocket->so_label,
- newsocket, newsocket->so_label);
+ MAC_PERFORM(socket_accept, oldsocket, oldsocket->so_label, newsocket,
+ newsocket->so_label);
}
static void
-mac_relabel_socket(struct ucred *cred, struct socket *socket,
+mac_socket_relabel(struct ucred *cred, struct socket *socket,
struct label *newlabel)
{
SOCK_LOCK_ASSERT(socket);
- MAC_PERFORM(relabel_socket, cred, socket, socket->so_label, newlabel);
+ MAC_PERFORM(socket_relabel, cred, socket, socket->so_label, newlabel);
}
void
-mac_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct socket *socket)
+mac_socket_set_peer_from_mbuf(struct mbuf *mbuf, struct socket *socket)
{
struct label *label;
@@ -245,12 +245,12 @@
label = mac_mbuf_to_label(mbuf);
- MAC_PERFORM(set_socket_peer_from_mbuf, mbuf, label, socket,
+ MAC_PERFORM(socket_set_peer_from_mbuf, mbuf, label, socket,
socket->so_peerlabel);
}
void
-mac_set_socket_peer_from_socket(struct socket *oldsocket,
+mac_socket_set_peer_from_socket(struct socket *oldsocket,
struct socket *newsocket)
{
@@ -260,24 +260,24 @@
* called in both directions, so we can't assert the lock
* here currently.
*/
- MAC_PERFORM(set_socket_peer_from_socket, oldsocket,
+ MAC_PERFORM(socket_set_peer_from_socket, oldsocket,
oldsocket->so_label, newsocket, newsocket->so_peerlabel);
}
void
-mac_create_mbuf_from_socket(struct socket *socket, struct mbuf *mbuf)
+mac_socket_create_mbuf(struct socket *socket, struct mbuf *mbuf)
{
struct label *label;
label = mac_mbuf_to_label(mbuf);
SOCK_LOCK_ASSERT(socket);
- MAC_PERFORM(create_mbuf_from_socket, socket, socket->so_label, mbuf,
+ MAC_PERFORM(socket_create_mbuf, socket, socket->so_label, mbuf,
label);
}
int
-mac_check_socket_accept(struct ucred *cred, struct socket *socket)
+mac_socket_check_accept(struct ucred *cred, struct socket *socket)
{
int error;
@@ -286,13 +286,13 @@
if (!mac_enforce_socket)
return (0);
- MAC_CHECK(check_socket_accept, cred, socket, socket->so_label);
+ MAC_CHECK(socket_check_accept, cred, socket, socket->so_label);
return (error);
}
int
-mac_check_socket_bind(struct ucred *ucred, struct socket *socket,
+mac_socket_check_bind(struct ucred *ucred, struct socket *socket,
struct sockaddr *sockaddr)
{
int error;
@@ -302,14 +302,14 @@
if (!mac_enforce_socket)
return (0);
- MAC_CHECK(check_socket_bind, ucred, socket, socket->so_label,
+ MAC_CHECK(socket_check_bind, ucred, socket, socket->so_label,
sockaddr);
return (error);
}
int
-mac_check_socket_connect(struct ucred *cred, struct socket *socket,
+mac_socket_check_connect(struct ucred *cred, struct socket *socket,
struct sockaddr *sockaddr)
{
int error;
@@ -319,14 +319,14 @@
if (!mac_enforce_socket)
return (0);
- MAC_CHECK(check_socket_connect, cred, socket, socket->so_label,
+ MAC_CHECK(socket_check_connect, cred, socket, socket->so_label,
sockaddr);
return (error);
}
int
-mac_check_socket_create(struct ucred *cred, int domain, int type,
+mac_socket_check_create(struct ucred *cred, int domain, int type,
int protocol)
{
int error;
@@ -334,13 +334,13 @@
if (!mac_enforce_socket)
return (0);
- MAC_CHECK(check_socket_create, cred, domain, type, protocol);
+ MAC_CHECK(socket_check_create, cred, domain, type, protocol);
return (error);
}
int
-mac_check_socket_deliver(struct socket *socket, struct mbuf *mbuf)
+mac_socket_check_deliver(struct socket *socket, struct mbuf *mbuf)
{
struct label *label;
int error;
@@ -352,14 +352,14 @@
label = mac_mbuf_to_label(mbuf);
- MAC_CHECK(check_socket_deliver, socket, socket->so_label, mbuf,
+ MAC_CHECK(socket_check_deliver, socket, socket->so_label, mbuf,
label);
return (error);
}
int
-mac_check_socket_listen(struct ucred *cred, struct socket *socket)
+mac_socket_check_listen(struct ucred *cred, struct socket *socket)
{
int error;
@@ -368,12 +368,12 @@
if (!mac_enforce_socket)
return (0);
- MAC_CHECK(check_socket_listen, cred, socket, socket->so_label);
+ MAC_CHECK(socket_check_listen, cred, socket, socket->so_label);
return (error);
}
int
-mac_check_socket_poll(struct ucred *cred, struct socket *so)
+mac_socket_check_poll(struct ucred *cred, struct socket *so)
{
int error;
@@ -382,12 +382,12 @@
if (!mac_enforce_socket)
return (0);
- MAC_CHECK(check_socket_poll, cred, so, so->so_label);
+ MAC_CHECK(socket_check_poll, cred, so, so->so_label);
return (error);
}
int
-mac_check_socket_receive(struct ucred *cred, struct socket *so)
+mac_socket_check_receive(struct ucred *cred, struct socket *so)
{
int error;
@@ -396,27 +396,27 @@
if (!mac_enforce_socket)
return (0);
- MAC_CHECK(check_socket_receive, cred, so, so->so_label);
+ MAC_CHECK(socket_check_receive, cred, so, so->so_label);
return (error);
}
static int
-mac_check_socket_relabel(struct ucred *cred, struct socket *socket,
+mac_socket_check_relabel(struct ucred *cred, struct socket *socket,
struct label *newlabel)
{
int error;
SOCK_LOCK_ASSERT(socket);
- MAC_CHECK(check_socket_relabel, cred, socket, socket->so_label,
+ MAC_CHECK(socket_check_relabel, cred, socket, socket->so_label,
newlabel);
return (error);
}
int
-mac_check_socket_send(struct ucred *cred, struct socket *so)
+mac_socket_check_send(struct ucred *cred, struct socket *so)
{
int error;
@@ -425,13 +425,13 @@
if (!mac_enforce_socket)
return (0);
- MAC_CHECK(check_socket_send, cred, so, so->so_label);
+ MAC_CHECK(socket_check_send, cred, so, so->so_label);
return (error);
}
int
-mac_check_socket_stat(struct ucred *cred, struct socket *so)
+mac_socket_check_stat(struct ucred *cred, struct socket *so)
{
int error;
@@ -440,13 +440,13 @@
if (!mac_enforce_socket)
return (0);
- MAC_CHECK(check_socket_stat, cred, so, so->so_label);
+ MAC_CHECK(socket_check_stat, cred, so, so->so_label);
return (error);
}
int
-mac_check_socket_visible(struct ucred *cred, struct socket *socket)
+mac_socket_check_visible(struct ucred *cred, struct socket *socket)
{
int error;
@@ -455,7 +455,7 @@
if (!mac_enforce_socket)
return (0);
- MAC_CHECK(check_socket_visible, cred, socket, socket->so_label);
+ MAC_CHECK(socket_check_visible, cred, socket, socket->so_label);
return (error);
}
@@ -476,13 +476,13 @@
* before refreshing, holding both locks.
*/
SOCK_LOCK(so);
- error = mac_check_socket_relabel(cred, so, label);
+ error = mac_socket_check_relabel(cred, so, label);
if (error) {
SOCK_UNLOCK(so);
return (error);
}
- mac_relabel_socket(cred, so, label);
+ mac_socket_relabel(cred, so, label);
SOCK_UNLOCK(so);
/*
* If the protocol has expressed interest in socket layer changes,
@@ -497,7 +497,8 @@
}
>>> TRUNCATED FOR MAIL (1000 lines) <<<
More information about the trustedbsd-cvs
mailing list