PERFORCE change 100997 for review
Robert Watson
rwatson at FreeBSD.org
Sat Jul 8 13:20:45 UTC 2006
http://perforce.freebsd.org/chv.cgi?CH=100997
Change 100997 by rwatson at rwatson_zoo on 2006/07/08 13:20:05
Rename policy calls.
Remove fs_label.
Affected files ...
.. //depot/projects/trustedbsd/mac2/sys/security/mac_test/mac_test.c#2 edit
Differences ...
==== //depot/projects/trustedbsd/mac2/sys/security/mac_test/mac_test.c#2 (text+ko) ====
@@ -1,6 +1,7 @@
/*-
* Copyright (c) 1999-2002 Robert N. M. Watson
* Copyright (c) 2001-2005 McAfee, Inc.
+ * Copyright (c) 2006 SPARTA, Inc.
* All rights reserved.
*
* This software was developed by Robert Watson for the TrustedBSD Project.
@@ -10,6 +11,9 @@
* DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
* CHATS research program.
*
+ * This software was enhanced by SPARTA ISSO under SPAWAR contract
+ * N66001-04-C-6019 ("SEFOS").
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -46,7 +50,7 @@
#include <sys/kdb.h>
#include <sys/extattr.h>
#include <sys/kernel.h>
-#include <sys/mac.h>
+#include <sys/mac_framework.h>
#include <sys/malloc.h>
#include <sys/mount.h>
#include <sys/proc.h>
@@ -182,9 +186,6 @@
static int init_count_mount;
SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_mount, CTLFLAG_RD,
&init_count_mount, 0, "mount init calls");
-static int init_count_mount_fslabel;
-SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_mount_fslabel, CTLFLAG_RD,
- &init_count_mount_fslabel, 0, "mount_fslabel init calls");
static int init_count_socket;
SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_socket, CTLFLAG_RD,
&init_count_socket, 0, "socket init calls");
@@ -241,10 +242,6 @@
static int destroy_count_mount;
SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_mount, CTLFLAG_RD,
&destroy_count_mount, 0, "mount destroy calls");
-static int destroy_count_mount_fslabel;
-SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_mount_fslabel,
- CTLFLAG_RD, &destroy_count_mount_fslabel, 0,
- "mount_fslabel destroy calls");
static int destroy_count_socket;
SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_socket, CTLFLAG_RD,
&destroy_count_socket, 0, "socket destroy calls");
@@ -282,13 +279,13 @@
* Policy module operations.
*/
static void
-mac_test_destroy(struct mac_policy_conf *conf)
+mac_test_policy_destroy(struct mac_policy_conf *conf)
{
}
static void
-mac_test_init(struct mac_policy_conf *conf)
+mac_test_policy_init(struct mac_policy_conf *conf)
{
}
@@ -413,14 +410,6 @@
atomic_add_int(&init_count_mount, 1);
}
-static void
-mac_test_init_mount_fs_label(struct label *label)
-{
-
- SLOT(label) = MOUNTMAGIC;
- atomic_add_int(&init_count_mount_fslabel, 1);
-}
-
static int
mac_test_init_socket_label(struct label *label, int flag)
{
@@ -660,20 +649,6 @@
}
static void
-mac_test_destroy_mount_fs_label(struct label *label)
-{
-
- if ((SLOT(label) == MOUNTMAGIC || SLOT(label) == 0)) {
- atomic_add_int(&destroy_count_mount_fslabel, 1);
- SLOT(label) = EXMAGIC;
- } else if (SLOT(label) == EXMAGIC) {
- DEBUGGER("mac_test_destroy_mount_fslabel: dup destroy");
- } else {
- DEBUGGER("mac_test_destroy_mount_fslabel: corrupted label");
- }
-}
-
-static void
mac_test_destroy_socket_label(struct label *label)
{
@@ -836,32 +811,32 @@
* a lot like file system objects.
*/
static void
-mac_test_associate_vnode_devfs(struct mount *mp, struct label *fslabel,
+mac_test_associate_vnode_devfs(struct mount *mp, struct label *mntlabel,
struct devfs_dirent *de, struct label *delabel, struct vnode *vp,
struct label *vlabel)
{
- ASSERT_MOUNT_LABEL(fslabel);
+ ASSERT_MOUNT_LABEL(mntlabel);
ASSERT_DEVFS_LABEL(delabel);
ASSERT_VNODE_LABEL(vlabel);
}
static int
-mac_test_associate_vnode_extattr(struct mount *mp, struct label *fslabel,
+mac_test_associate_vnode_extattr(struct mount *mp, struct label *mntlabel,
struct vnode *vp, struct label *vlabel)
{
- ASSERT_MOUNT_LABEL(fslabel);
+ ASSERT_MOUNT_LABEL(mntlabel);
ASSERT_VNODE_LABEL(vlabel);
return (0);
}
static void
mac_test_associate_vnode_singlelabel(struct mount *mp,
- struct label *fslabel, struct vnode *vp, struct label *vlabel)
+ struct label *mntlabel, struct vnode *vp, struct label *vlabel)
{
- ASSERT_MOUNT_LABEL(fslabel);
+ ASSERT_MOUNT_LABEL(mntlabel);
ASSERT_VNODE_LABEL(vlabel);
}
@@ -897,12 +872,12 @@
static int
mac_test_create_vnode_extattr(struct ucred *cred, struct mount *mp,
- struct label *fslabel, struct vnode *dvp, struct label *dlabel,
+ struct label *mntlabel, struct vnode *dvp, struct label *dlabel,
struct vnode *vp, struct label *vlabel, struct componentname *cnp)
{
ASSERT_CRED_LABEL(cred->cr_label);
- ASSERT_MOUNT_LABEL(fslabel);
+ ASSERT_MOUNT_LABEL(mntlabel);
ASSERT_VNODE_LABEL(dlabel);
return (0);
@@ -910,12 +885,11 @@
static void
mac_test_create_mount(struct ucred *cred, struct mount *mp,
- struct label *mntlabel, struct label *fslabel)
+ struct label *mntlabel)
{
ASSERT_CRED_LABEL(cred->cr_label);
ASSERT_MOUNT_LABEL(mntlabel);
- ASSERT_MOUNT_LABEL(fslabel);
}
static void
@@ -2411,7 +2385,6 @@
.mpo_init_ipq_label = mac_test_init_ipq_label,
.mpo_init_mbuf_label = mac_test_init_mbuf_label,
.mpo_init_mount_label = mac_test_init_mount_label,
- .mpo_init_mount_fs_label = mac_test_init_mount_fs_label,
.mpo_init_pipe_label = mac_test_init_pipe_label,
.mpo_init_posix_sem_label = mac_test_init_posix_sem_label,
.mpo_init_proc_label = mac_test_init_proc_label,
@@ -2431,7 +2404,6 @@
.mpo_destroy_ipq_label = mac_test_destroy_ipq_label,
.mpo_destroy_mbuf_label = mac_test_destroy_mbuf_label,
.mpo_destroy_mount_label = mac_test_destroy_mount_label,
- .mpo_destroy_mount_fs_label = mac_test_destroy_mount_fs_label,
.mpo_destroy_pipe_label = mac_test_destroy_pipe_label,
.mpo_destroy_posix_sem_label = mac_test_destroy_posix_sem_label,
.mpo_destroy_proc_label = mac_test_destroy_proc_label,
More information about the trustedbsd-cvs
mailing list