PERFORCE change 107194 for review
Todd Miller
millert at FreeBSD.org
Tue Oct 3 09:29:07 PDT 2006
http://perforce.freebsd.org/chv.cgi?CH=107194
Change 107194 by millert at millert_macbook on 2006/10/03 16:26:07
Rename entrypoints again; hopefully for the last time
Remove mac_devfs_create_symlink(); Darwin devfs doesn't have them.
Use a perl script to generate access control checks in mac_test
Affected files ...
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/bsm/audit_kernel.h#4 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/bsd_init.c#5 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_audit.c#6 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_credential.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_exec.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_exit.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_fork.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_proc.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_prot.c#6 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_sig.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/posix_sem.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/posix_shm.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/sys_pipe.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/sysv_msg.c#5 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/sysv_sem.c#5 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/sysv_shm.c#5 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/uipc_mbuf.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/uipc_mbuf2.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/uipc_socket.c#5 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/uipc_socket2.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/uipc_usrreq.c#5 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/miscfs/devfs/devfs_tree.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/miscfs/devfs/devfs_vfsops.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/miscfs/devfs/devfs_vnops.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/net/bpf.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/net/bsd_comp.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/net/dlil.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/net/ppp_deflate.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet/igmp.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet/ip_icmp.c#5 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet/ip_output.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet/raw_ip.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet/tcp_input.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet/tcp_output.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet/tcp_subr.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet6/mld6.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet6/nd6_nbr.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/nfs/nfs_vfsops.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/sys/kauth.h#2 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/vfs/vfs_init.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/vfs/vfs_subr.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/vfs/vfs_syscalls.c#9 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/vfs/vfs_xattr.c#6 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/config/MACFramework.exports#6 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/ipc/ipc_labelh.c#9 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/ipc/ipc_object.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/ipc/ipc_port.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/ipc/mach_msg.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/ipc/mach_port.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/kern/ipc_kobject.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/kern/ipc_tt.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/kern/security.c#5 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/kern/task.c#6 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/mach/security.defs#3 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac.h#9 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_audit.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_base.c#15 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_framework.h#5 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_internal.h#8 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_mach_internal.h#6 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_net.c#5 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_pipe.c#6 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_policy.h#11 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_port.c#6 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_posix_sem.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_posix_shm.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_process.c#8 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_socket.c#6 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_sysv_msg.c#5 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_sysv_sem.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_sysv_shm.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_task.c#5 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_vfs.c#8 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_vfs_subr.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/basetest/mac_basetest.c#5 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/color/mac_color.c#6 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/console/mac_console.c#5 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/console/mac_console.h#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/device_access/mac_device_access.c#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/extattr_test/mac_extattr_test.c#5 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/fwinteg/mac_fwinteg.c#5 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/ipctrace/module/ipctrace.c#6 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/mls/mac_mls.c#10 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/multilabel/multilabel.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/readonly/mac_readonly.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#21 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/stacktrace/module/mac_stacktrace.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/test/Makefile#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/test/mac_parse.pl#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/test/mac_test.c#9 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/vanity/vanity.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/xattr/xattr.c#4 edit
Differences ...
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/bsm/audit_kernel.h#4 (text+ko) ====
@@ -250,7 +250,7 @@
#ifdef MAC
/* MAC security related fields added by MAC policies
- * ar_forced_by_mac is 1 if mac_audit_preselect() forced this
+ * ar_forced_by_mac is 1 if mac_audit_check_preselect() forced this
* call to be audited, 0 otherwise.
*/
LIST_HEAD(mac_audit_record_list_t, mac_audit_record) *ar_mac_records;
@@ -291,7 +291,7 @@
#ifdef MAC
/*
* The parameter list of audit_syscall_exit() was modified to also take the
- * Darwin syscall number, which is required by mac_audit_postselect().
+ * Darwin syscall number, which is required by mac_audit_check_postselect().
*/
void audit_syscall_exit(unsigned short code, int error,
struct proc *proc, struct uthread *uthread);
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/bsd_init.c#5 (text+ko) ====
@@ -391,8 +391,8 @@
file_lock_init();
#ifdef MAC
- mac_proc_create_swapper(p->p_ucred);
- mac_task_update_from_cred (p->p_ucred, (struct task *) p->task);
+ mac_cred_label_associate_kernel(p->p_ucred);
+ mac_task_label_update_cred (p->p_ucred, (struct task *) p->task);
#endif
/* Create the file descriptor table. */
@@ -662,8 +662,8 @@
vm_set_shared_region(get_threadtask(th_act), system_region);
}
#ifdef MAC
- mac_proc_create_init(p->p_ucred);
- mac_task_update_from_cred (p->p_ucred, (struct task *) p->task);
+ mac_cred_label_associate_user(p->p_ucred);
+ mac_task_label_update_cred (p->p_ucred, (struct task *) p->task);
#endif
load_init_program(p);
/* turn on app-profiling i.e. pre-heating */
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_audit.c#6 (text+ko) ====
@@ -1506,7 +1506,7 @@
}
mac.m_buflen = MAC_AUDIT_LABEL_LEN;
mac.m_string = ar->k_ar.ar_cred_mac_labels;
- mac_cred_get_audit_labels(p, &mac);
+ mac_cred_label_externalize_audit(p, &mac);
ar->k_ar.ar_mac_records = (struct mac_audit_record_list_t *)
kalloc(sizeof(*ar->k_ar.ar_mac_records));
@@ -1708,7 +1708,7 @@
do {
int error;
- error = mac_audit_preselect(kauth_cred_get(), code,
+ error = mac_audit_check_preselect(kauth_cred_get(), code,
(void *) uthread->uu_arg);
if (error == MAC_AUDIT_YES) {
@@ -1736,7 +1736,7 @@
/*
* Note: The audit_syscall_exit() parameter list was modified to support
- * mac_audit_postselect(), which requires the Darwin syscall number.
+ * mac_audit_check_postselect(), which requires the Darwin syscall number.
*/
#ifdef MAC
void
@@ -1770,13 +1770,13 @@
/*
* Note, no other postselect mechanism exists. If
- * mac_audit_postselect returns MAC_AUDIT_NO, the
+ * mac_audit_check_postselect returns MAC_AUDIT_NO, the
* record will be suppressed. Other values at this
* point result in the audit record being committed.
* This suppression behavior will probably go away in
* the port to 10.3.4.
*/
- mac_error = mac_audit_postselect(kauth_cred_get(), code,
+ mac_error = mac_audit_check_postselect(kauth_cred_get(), code,
(void *) uthread->uu_arg, error, retval,
uthread->uu_ar->k_ar.ar_forced_by_mac);
@@ -2505,7 +2505,7 @@
if (*vnode_mac_labelp != NULL) {
mac.m_buflen = MAC_AUDIT_LABEL_LEN;
mac.m_string = *vnode_mac_labelp;
- mac_vnode_get_audit_labels(vp, &mac);
+ mac_vnode_label_externalize_audit(vp, &mac);
} else {
/* XXX What to do here? This may be an "audit6" req. */
printf("Could not store vnode audit labels");
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_credential.c#4 (text+ko) ====
@@ -1601,7 +1601,7 @@
#endif
#ifdef MAC
- mac_cred_init(newcred);
+ mac_cred_label_init(newcred);
#endif
return(newcred);
@@ -1654,7 +1654,7 @@
if (err == 0)
break;
#ifdef MAC
- mac_cred_destroy(new_cred);
+ mac_cred_label_destroy(new_cred);
#endif
FREE(new_cred, M_KAUTH);
new_cred = NULL;
@@ -1932,19 +1932,19 @@
* Update the MAC label associated with a credential.
*/
kauth_cred_t
-kauth_cred_setlabel(kauth_cred_t cred, struct label *label)
+kauth_cred_label_update(kauth_cred_t cred, struct label *label)
{
kauth_cred_t newcred;
struct ucred temp_cred;
bcopy(cred, &temp_cred, sizeof(temp_cred));
- mac_cred_init(&temp_cred);
- mac_cred_create(cred, &temp_cred);
- mac_cred_setlabel(&temp_cred, label);
+ mac_cred_label_init(&temp_cred);
+ mac_cred_label_associate(cred, &temp_cred);
+ mac_cred_label_update(&temp_cred, label);
newcred = kauth_cred_update(cred, &temp_cred, TRUE);
- mac_cred_destroy(&temp_cred);
+ mac_cred_label_destroy(&temp_cred);
return (newcred);
}
#endif
@@ -2016,7 +2016,7 @@
bcopy(cred, newcred, sizeof(*newcred));
#ifdef MAC
newcred->cr_label = temp_label;
- mac_cred_create(cred, newcred);
+ mac_cred_label_associate(cred, newcred);
#endif
newcred->cr_ref = 1;
}
@@ -2041,7 +2041,7 @@
if (error == 0)
break;
#ifdef MAC
- mac_cred_destroy(newcred);
+ mac_cred_label_destroy(newcred);
#endif
FREE(newcred, M_KAUTH);
}
@@ -2106,7 +2106,7 @@
if (err == 0)
break;
#ifdef MAC
- mac_cred_destroy(newcred);
+ mac_cred_label_destroy(newcred);
#endif
FREE(newcred, M_KAUTH);
newcred = NULL;
@@ -2162,7 +2162,7 @@
if (err == 0)
break;
#ifdef MAC
- mac_cred_destroy(new_cred);
+ mac_cred_label_destroy(new_cred);
#endif
FREE(new_cred, M_KAUTH);
new_cred = NULL;
@@ -2226,7 +2226,7 @@
/* found a match, remove it from the hash table */
TAILQ_REMOVE(&kauth_cred_table_anchor[hash_key], found_cred, cr_link);
#ifdef MAC
- mac_cred_destroy(cred);
+ mac_cred_label_destroy(cred);
#endif
FREE(cred, M_KAUTH);
#if KAUTH_CRED_HASH_DEBUG
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_exec.c#4 (text+ko) ====
@@ -886,10 +886,10 @@
#ifdef MAC
if (uap->mac_p != USER_ADDR_NULL) {
- imgp->ip_execlabelp = mac_cred_alloc_label();
+ imgp->ip_execlabelp = mac_cred_label_alloc();
error = mac_execve_enter(uap->mac_p, imgp->ip_execlabelp);
if (error) {
- mac_cred_free_label(imgp->ip_execlabelp);
+ mac_cred_label_free(imgp->ip_execlabelp);
return (error);
}
}
@@ -973,8 +973,8 @@
* actually read by the interpreter.
*/
#ifdef MAC
- imgp->ip_scriptlabelp = mac_vnode_alloc_label();
- mac_vnode_copy_label(imgp->ip_vp->v_label,
+ imgp->ip_scriptlabelp = mac_vnode_label_alloc();
+ mac_vnode_label_copy(imgp->ip_vp->v_label,
imgp->ip_scriptlabelp);
#endif
vnode_put(imgp->ip_vp);
@@ -1019,9 +1019,9 @@
}
#ifdef MAC
if (imgp->ip_execlabelp)
- mac_cred_free_label(imgp->ip_execlabelp);
+ mac_cred_label_free(imgp->ip_execlabelp);
if (imgp->ip_scriptlabelp)
- mac_vnode_free_label(imgp->ip_scriptlabelp);
+ mac_vnode_label_free(imgp->ip_scriptlabelp);
#endif
return(error);
@@ -1462,7 +1462,7 @@
#ifdef MAC
int mac_transition;
- mac_transition = mac_vnode_execve_will_transition(cred, imgp->ip_vp,
+ mac_transition = mac_cred_check_label_update_execve(cred, imgp->ip_vp,
imgp->ip_scriptlabelp, imgp->ip_execlabelp, p);
#endif
@@ -1507,9 +1507,9 @@
* something similar here, or risk vulnerability.
*/
if (mac_transition && !imgp->ip_no_trans) {
- mac_vnode_execve_transition(cred, p->p_ucred, imgp->ip_vp,
+ mac_cred_label_update_execve(cred, p->p_ucred, imgp->ip_vp,
imgp->ip_scriptlabelp, imgp->ip_execlabelp);
- mac_task_update_from_cred(p->p_ucred, p->task);
+ mac_task_label_update_cred(p->p_ucred, p->task);
}
#endif
/*
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_exit.c#4 (text+ko) ====
@@ -209,7 +209,7 @@
/*
* The parameter list of audit_syscall_exit() was augmented to
* take the Darwin syscall number as the first parameter,
- * which is currently required by mac_audit_postselect().
+ * which is currently required by mac_audit_check_postselect().
*/
AUDIT_SYSCALL_EXIT(SYS_exit, 0, p, ut); /* Exit is always successfull */
@@ -630,7 +630,7 @@
wakeup(&child->p_stat);
#ifdef MAC
- mac_proc_destroy(child);
+ mac_proc_label_destroy(child);
#endif
lck_mtx_destroy(&child->p_mlock, proc_lck_grp);
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_fork.c#4 (text+ko) ====
@@ -290,7 +290,7 @@
}
#ifdef MAC
- mac_task_update_from_cred(child->p_ucred, task);
+ mac_task_label_update_cred(child->p_ucred, task);
#endif
if (child->p_nice != 0)
@@ -443,7 +443,7 @@
panic("forkproc: M_SUBPROC zone exhausted (p_sigacts)");
#ifdef MAC
- mac_proc_init(newproc);
+ mac_proc_label_init(newproc);
#endif
/*
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_proc.c#4 (text+ko) ====
@@ -894,7 +894,7 @@
LIST_INIT(&l->lc_members);
lck_mtx_init(&l->lc_mtx, lctx_lck_grp, lctx_lck_attr);
#ifdef MAC
- l->lc_label = mac_lctx_alloc_label();
+ l->lc_label = mac_lctx_label_alloc();
#endif
ALLLCTX_LOCK;
LIST_INSERT_HEAD(&alllctx, l, lc_list);
@@ -920,9 +920,9 @@
#ifdef MAC
if (create)
- mac_proc_create_lctx(p, l);
+ mac_lctx_label_associate(p, l);
else
- mac_proc_join_lctx(p, l);
+ mac_lctx_notify_join(p, l);
#endif
LCTX_UNLOCK(l);
@@ -946,7 +946,7 @@
LIST_REMOVE(p, p_lclist);
l->lc_mc--;
#ifdef MAC
- mac_proc_leave_lctx(p, l);
+ mac_lctx_notify_leave(p, l);
#endif
if (LIST_EMPTY(&l->lc_members)) {
ALLLCTX_LOCK;
@@ -956,7 +956,7 @@
LCTX_UNLOCK(l);
lck_mtx_destroy(&l->lc_mtx, lctx_lck_grp);
#ifdef MAC
- mac_lctx_free_label(l->lc_label);
+ mac_lctx_label_free(l->lc_label);
l->lc_label = NULL;
#endif
FREE(l, M_LCTX);
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_prot.c#6 (text+ko) ====
@@ -1013,7 +1013,7 @@
HOST_PRIV_NULL :
host_priv_self()) != KERN_SUCCESS);
#ifdef MAC
- mac_task_update_from_cred(p->p_ucred, p->task);
+ mac_task_label_update_cred(p->p_ucred, p->task);
#endif
}
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_sig.c#4 (text+ko) ====
@@ -135,7 +135,7 @@
void exit1(struct proc *, int, int *);
void psignal_uthread(thread_t, int);
kern_return_t do_bsdexception(int, int, int);
-void __posixsem_syscall_return(kern_return_t);
+void __posix_sem_syscall_return(kern_return_t);
/* implementations in osfmk/kern/sync_sema.c. We do not want port.h in this scope, so void * them */
kern_return_t semaphore_timedwait_signal_trap_internal(void *, void *,time_t, int32_t, void (*)(int));
@@ -841,7 +841,7 @@
}
void
-__posixsem_syscall_return(kern_return_t kern_result)
+__posix_sem_syscall_return(kern_return_t kern_result)
{
int error = 0;
@@ -885,17 +885,17 @@
}
if (uap->mutex_sem == (void *)NULL)
- kern_result = semaphore_timedwait_trap_internal(uap->cond_sem, then.tv_sec, then.tv_nsec, __posixsem_syscall_return);
+ kern_result = semaphore_timedwait_trap_internal(uap->cond_sem, then.tv_sec, then.tv_nsec, __posix_sem_syscall_return);
else
- kern_result = semaphore_timedwait_signal_trap_internal(uap->cond_sem, uap->mutex_sem, then.tv_sec, then.tv_nsec, __posixsem_syscall_return);
+ kern_result = semaphore_timedwait_signal_trap_internal(uap->cond_sem, uap->mutex_sem, then.tv_sec, then.tv_nsec, __posix_sem_syscall_return);
} else {
if (uap->mutex_sem == (void *)NULL)
- kern_result = semaphore_wait_trap_internal(uap->cond_sem, __posixsem_syscall_return);
+ kern_result = semaphore_wait_trap_internal(uap->cond_sem, __posix_sem_syscall_return);
else
- kern_result = semaphore_wait_signal_trap_internal(uap->cond_sem, uap->mutex_sem, __posixsem_syscall_return);
+ kern_result = semaphore_wait_signal_trap_internal(uap->cond_sem, uap->mutex_sem, __posix_sem_syscall_return);
}
out:
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/posix_sem.c#3 (text+ko) ====
@@ -144,11 +144,11 @@
LIST_HEAD(psemhashhead, psemcache) *psemhashtbl; /* Hash Table */
u_long psemhash; /* size of hash table - 1 */
long psemnument; /* number of cache entries allocated */
-long posixsem_max = 10000; /* tunable for max POSIX semaphores */
+long posix_sem_max = 10000; /* tunable for max POSIX semaphores */
/* 10000 limits to ~1M of memory */
SYSCTL_NODE(_kern, KERN_POSIX, posix, CTLFLAG_RW, 0, "Posix");
SYSCTL_NODE(_kern_posix, OID_AUTO, sem, CTLFLAG_RW, 0, "Semaphores");
-SYSCTL_INT (_kern_posix_sem, OID_AUTO, max, CTLFLAG_RW, &posixsem_max, 0, "max");
+SYSCTL_INT (_kern_posix_sem, OID_AUTO, max, CTLFLAG_RW, &posix_sem_max, 0, "max");
struct psemstats psemstats; /* cache effectiveness statistics */
@@ -271,7 +271,7 @@
if (psem_cache_search(&dpinfo, pnp, &dpcp) == -1) {
return(EEXIST);
}
- if (psemnument >= posixsem_max)
+ if (psemnument >= posix_sem_max)
return(ENOSPC);
psemnument++;
/*
@@ -487,14 +487,14 @@
pinfo->sem_proc = p;
#ifdef MAC
PSEM_SUBSYS_UNLOCK();
- mac_posixsem_init(pinfo);
+ mac_posixsem_label_init(pinfo);
PSEM_SUBSYS_LOCK();
error = mac_posixsem_check_create(kauth_cred_get(), nameptr);
if (error) {
PSEM_SUBSYS_UNLOCK();
goto bad2;
}
- mac_posixsem_create(kauth_cred_get(), pinfo, nameptr);
+ mac_posixsem_label_associate(kauth_cred_get(), pinfo, nameptr);
#endif
} else {
/* semaphore should exist as it is without O_CREAT */
@@ -582,7 +582,7 @@
bad1:
if (pinfo_alloc) {
#ifdef MAC
- mac_posixsem_destroy(pinfo);
+ mac_posixsem_label_destroy(pinfo);
#endif
FREE(pinfo, M_SHM);
}
@@ -1030,7 +1030,7 @@
kret = semaphore_destroy(kernel_task, pinfo->psem_semobject);
#ifdef MAC
- mac_posixsem_destroy(pinfo);
+ mac_posixsem_label_destroy(pinfo);
#endif
switch (kret) {
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/posix_shm.c#3 (text+ko) ====
@@ -488,14 +488,14 @@
pinfo->pshm_gid = kauth_cred_get()->cr_gid;
#ifdef MAC
PSHM_SUBSYS_UNLOCK();
- mac_posixshm_init(pinfo);
+ mac_posixshm_label_init(pinfo);
PSHM_SUBSYS_LOCK();
error = mac_posixshm_check_create(kauth_cred_get(), nameptr);
if (error) {
PSHM_SUBSYS_UNLOCK();
goto bad2;
}
- mac_posixshm_create(kauth_cred_get(), pinfo, nameptr);
+ mac_posixshm_label_associate(kauth_cred_get(), pinfo, nameptr);
#endif
} else {
/* already exists */
@@ -597,7 +597,7 @@
bad2:
if (pinfo_alloc) {
#ifdef MAC
- mac_posixshm_destroy(pinfo);
+ mac_posixshm_label_destroy(pinfo);
#endif
FREE(pinfo, M_SHM);
}
@@ -1028,7 +1028,7 @@
mach_memory_entry_port_release(pinfo->pshm_memobject);
PSHM_SUBSYS_LOCK();
#ifdef MAC
- mac_posixshm_destroy(pinfo);
+ mac_posixshm_label_destroy(pinfo);
#endif
FREE(pinfo,M_SHM);
}
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/sys_pipe.c#3 (text+ko) ====
@@ -353,12 +353,12 @@
* XXXXXXXX SHOULD NOT HOLD FILE_LOCK() XXXXXXXXXXXX
*
* struct pipe represents a pipe endpoint. The MAC label is shared
- * between the connected endpoints. As a result mac_pipe_init() and
- * mac_pipe_create() should only be called on one of the endpoints
+ * between the connected endpoints. As a result mac_pipe_label_init() and
+ * mac_pipe_label_associate() should only be called on one of the endpoints
* after they have been connected.
*/
- mac_pipe_init(rpipe);
- mac_pipe_create(kauth_cred_get(), rpipe);
+ mac_pipe_label_init(rpipe);
+ mac_pipe_label_associate(kauth_cred_get(), rpipe);
wpipe->pipe_label = rpipe->pipe_label;
#endif
proc_fdlock(p);
@@ -1479,7 +1479,7 @@
* Free the shared pipe label only after the two ends are disconnected.
*/
if (cpipe->pipe_label != NULL && cpipe->pipe_peer == NULL)
- mac_pipe_destroy(cpipe);
+ mac_pipe_label_destroy(cpipe);
#endif
/*
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/sysv_msg.c#5 (text+ko) ====
@@ -227,7 +227,7 @@
msghdrs[i-1].msg_next = &msghdrs[i];
msghdrs[i].msg_next = NULL;
#ifdef MAC
- mac_sysvmsg_init(&msghdrs[i]);
+ mac_sysvmsg_label_init(&msghdrs[i]);
#endif
}
free_msghdrs = &msghdrs[0];
@@ -239,7 +239,7 @@
msqids[i].u.msg_qbytes = 0; /* implies entry is available */
msqids[i].u.msg_perm.seq = 0; /* reset to a known value */
#ifdef MAC
- mac_sysvmsq_init(&msqids[i]);
+ mac_sysvmsq_label_init(&msqids[i]);
#endif
}
}
@@ -278,7 +278,7 @@
msghdr->msg_next = free_msghdrs;
free_msghdrs = msghdr;
#ifdef MAC
- mac_sysvmsg_cleanup(msghdr);
+ mac_sysvmsg_label_recycle(msghdr);
#endif
}
@@ -383,7 +383,7 @@
msqptr->u.msg_qbytes = 0; /* Mark it as free */
#ifdef MAC
- mac_sysvmsq_cleanup(msqptr);
+ mac_sysvmsq_label_recycle(msqptr);
#endif
wakeup((caddr_t)msqptr);
@@ -570,7 +570,7 @@
msqptr->u.msg_rtime = 0;
msqptr->u.msg_ctime = sysv_msgtime();
#ifdef MAC
- mac_sysvmsq_create(cred, msqptr);
+ mac_sysvmsq_label_associate(cred, msqptr);
#endif
} else {
#ifdef MSG_DEBUG_OK
@@ -803,7 +803,7 @@
msghdr->msg_ts = msgsz;
#ifdef MAC
- mac_sysvmsg_create(kauth_cred_get(), msqptr, msghdr);
+ mac_sysvmsg_label_associate(kauth_cred_get(), msqptr, msghdr);
#endif
/*
* Allocate space for the message
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/sysv_sem.c#5 (text+ko) ====
@@ -326,7 +326,7 @@
#ifdef MAC
for (i = seminfo.semmni; i < newSize; i++)
{
- mac_sysvsem_init(&newSema[i]);
+ mac_sysvsem_label_init(&newSema[i]);
}
#endif
@@ -683,7 +683,7 @@
}
semakptr->u.sem_perm.mode = 0;
#ifdef MAC
- mac_sysvsem_cleanup(semakptr);
+ mac_sysvsem_label_recycle(semakptr);
#endif
semundo_clear(semid, -1);
wakeup((caddr_t)semakptr);
@@ -952,7 +952,7 @@
bzero(sema[semid].u.sem_base,
sizeof(sema[semid].u.sem_base[0])*nsems);
#ifdef MAC
- mac_sysvsem_create(cred, &sema[semid]);
+ mac_sysvsem_label_associate(cred, &sema[semid]);
#endif
#ifdef SEM_DEBUG
printf("sembase = 0x%x, next = 0x%x\n", sema[semid].u.sem_base,
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/sysv_shm.c#5 (text+ko) ====
@@ -246,7 +246,7 @@
shmseg->u.shm_perm.mode = SHMSEG_FREE;
#ifdef MAC
/* Reset the MAC label */
- mac_sysvshm_cleanup(shmseg);
+ mac_sysvshm_label_recycle(shmseg);
#endif
}
@@ -685,7 +685,7 @@
shmseg->u.shm_lpid = shmseg->u.shm_nattch = 0;
shmseg->u.shm_atime = shmseg->u.shm_dtime = 0;
#ifdef MAC
- mac_sysvshm_create(cred, shmseg);
+ mac_sysvshm_label_associate(cred, shmseg);
#endif
shmseg->u.shm_ctime = sysv_shmtime();
shm_committed += btoc(size);
@@ -870,7 +870,7 @@
shmsegs[i].u.shm_perm.mode = SHMSEG_FREE;
shmsegs[i].u.shm_perm.seq = 0;
#ifdef MAC
- mac_sysvshm_init(&shmsegs[i]);
+ mac_sysvshm_label_init(&shmsegs[i]);
#endif
}
shm_last_free = 0;
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/uipc_mbuf.c#4 (text+ko) ====
@@ -506,7 +506,7 @@
m->m_data = m->m_pktdat;
_M_CLEAR_PKTHDR(m);
#ifdef MAC
- if (mac_mbuf_init(m, canwait)) {
+ if (mac_mbuf_label_init(m, canwait)) {
m_free(m);
return (NULL);
}
@@ -577,7 +577,7 @@
m->m_len = 0;
_M_CLEAR_PKTHDR(m)
#ifdef MAC
- if (mac_mbuf_init(m, nowait)) {
+ if (mac_mbuf_label_init(m, nowait)) {
m_free(m);
return (NULL);
}
@@ -921,7 +921,7 @@
_M_CLEAR_PKTHDR(m);
#ifdef MAC
MBUF_UNLOCK();
- if (mac_mbuf_init(m, how)) {
+ if (mac_mbuf_label_init(m, how)) {
m_free(m);
goto fail;
}
@@ -1094,7 +1094,7 @@
_M_CLEAR_PKTHDR(m);
#ifdef MAC
MBUF_UNLOCK();
- if (mac_mbuf_init(m, how)) {
+ if (mac_mbuf_label_init(m, how)) {
m_free(m);
goto fail;
}
@@ -1237,7 +1237,7 @@
_M_CLEAR_PKTHDR(m);
#ifdef MAC
MBUF_UNLOCK();
- if (mac_mbuf_init(m, how)) {
+ if (mac_mbuf_label_init(m, how)) {
m_free(m);
return(top);
}
@@ -1644,7 +1644,7 @@
_M_CLEAR_PKTHDR(n);
#ifdef MAC
MBUF_UNLOCK();
- if (mac_mbuf_init(n, wait)) {
+ if (mac_mbuf_label_init(n, wait)) {
m_free(n);
goto nospace_unlock;
}
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/uipc_mbuf2.c#4 (text+ko) ====
@@ -482,7 +482,7 @@
if (t != NULL &&
t->m_tag_id == KERNEL_MODULE_TAG_ID &&
t->m_tag_type == KERNEL_TAG_TYPE_MACLABEL)
- mac_mbuf_destroy_tag(t);
+ mac_mbuf_tag_destroy(t);
#endif
#ifndef __APPLE__
free(t, M_PACKET_TAGS);
@@ -580,11 +580,11 @@
if (t != NULL &&
t->m_tag_id == KERNEL_MODULE_TAG_ID &&
t->m_tag_type == KERNEL_TAG_TYPE_MACLABEL) {
- if (mac_mbuf_init_tag(p, how) != 0) {
+ if (mac_mbuf_tag_init(p, how) != 0) {
m_tag_free(p);
return (NULL);
}
- mac_mbuf_copy_tag(t, p);
+ mac_mbuf_tag_copy(t, p);
} else
#endif
bcopy(t + 1, p + 1, t->m_tag_len); /* Copy the data */
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/uipc_socket.c#5 (text+ko) ====
@@ -424,7 +424,7 @@
so->so_gencnt = ++so_gencnt;
so->so_zone = socket_zone;
#ifdef MAC_SOCKET
- if (mac_socket_init(so, waitok) != 0) {
+ if (mac_socket_label_init(so, waitok) != 0) {
sodealloc(so);
return (NULL);
}
@@ -490,7 +490,7 @@
so->so_rcv.sb_so = so->so_snd.sb_so = so;
#endif
#ifdef MAC_SOCKET
- mac_socket_create(kauth_cred_get(), so);
+ mac_socket_label_associate(kauth_cred_get(), so);
#endif
//### Attachement will create the per pcb lock if necessary and increase refcount
@@ -574,7 +574,7 @@
so->so_gencnt = ++so_gencnt;
#ifdef MAC_SOCKET
- mac_socket_destroy(so);
+ mac_socket_label_destroy(so);
#endif
#ifndef __APPLE__
if (so->so_rcv.sb_hiwat)
@@ -2557,7 +2557,7 @@
sizeof(extmac));
if (error)
return (error);
- error = mac_socket_getlabel(proc_ucred(sopt->sopt_p),
+ error = mac_socket_label_get(proc_ucred(sopt->sopt_p),
so, &extmac);
if (error)
return (error);
@@ -2573,7 +2573,7 @@
sizeof(extmac));
if (error)
return (error);
- error = mac_getsockopt_peerlabel(
+ error = mac_socketpeer_label_get(
proc_ucred(sopt->sopt_p), so, &extmac);
if (error)
return (error);
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/uipc_socket2.c#4 (text+ko) ====
@@ -294,7 +294,7 @@
so->so_uid = head->so_uid;
so->so_usecount = 1;
#ifdef MAC_SOCKET
- mac_socket_accept(head, so);
+ mac_socket_label_associate_accept(head, so);
#endif
#ifdef __APPLE__
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/uipc_usrreq.c#5 (text+ko) ====
@@ -809,8 +809,8 @@
#ifdef MAC_SOCKET
/* XXXMAC: recursive lock: SOCK_LOCK(so); */
- mac_socket_peer_set_from_socket(so, so3);
- mac_socket_peer_set_from_socket(so3, so);
+ mac_socketpeer_label_associate_socket(so, so3);
+ mac_socketpeer_label_associate_socket(so3, so);
/* XXXMAC: SOCK_UNLOCK(so); */
#endif
so2->so_usecount--; /* drop reference taken on so2 */
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/miscfs/devfs/devfs_tree.c#4 (text+ko) ====
@@ -165,8 +165,8 @@
TAILQ_INIT(&devfs_hidden_mount->mnt_workerqueue);
TAILQ_INIT(&devfs_hidden_mount->mnt_newvnodes);
#ifdef MAC
- mac_mount_init(devfs_hidden_mount);
- mac_mount_create(kauth_cred_get(), devfs_hidden_mount);
+ mac_mount_label_init(devfs_hidden_mount);
+ mac_mount_label_associate(kauth_cred_get(), devfs_hidden_mount);
#endif
/* Initialize the default IO constraints */
@@ -178,7 +178,7 @@
= (struct devfsmount *)devfs_hidden_mount->mnt_data;
#endif /* HIDDEN_MOUNTPOINT */
#ifdef MAC
- mac_devfs_create_directory(NULL, "/", strlen("/"),
+ mac_devfs_label_associate_directory(NULL, "/", strlen("/"),
dev_root->de_dnp, "/");
#endif
devfs_ready = 1;
@@ -308,7 +308,7 @@
break;
dnp = dirent_p->de_dnp;
#ifdef MAC
- mac_devfs_create_directory(NULL,
+ mac_devfs_label_associate_directory(NULL,
dirnode->dn_typeinfo.Dir.myname->de_name,
strlen(dirnode->dn_typeinfo.Dir.myname->de_name),
dnp, fullpath);
@@ -513,8 +513,8 @@
dnp->dn_nextsibling = proto;
proto->dn_prevsiblingp = &(dnp->dn_nextsibling);
#ifdef MAC
- mac_devfs_init(dnp);
- mac_devfs_copy_label(proto->dn_label, dnp->dn_label);
+ mac_devfs_label_init(dnp);
+ mac_devfs_label_copy(proto->dn_label, dnp->dn_label);
#endif
} else {
struct timeval tv;
@@ -531,7 +531,7 @@
dnp->dn_mtime.tv_sec = tv.tv_sec;
dnp->dn_ctime.tv_sec = tv.tv_sec;
#ifdef MAC
- mac_devfs_init(dnp);
+ mac_devfs_label_init(dnp);
#endif
}
dnp->dn_dvm = dvm;
@@ -613,7 +613,7 @@
return;
}
#ifdef MAC
- mac_devfs_destroy(dnp);
+ mac_devfs_label_destroy(dnp);
#endif
if (dnp->dn_type == DEV_SLNK) {
DEVFS_DECR_STRINGSPACE(dnp->dn_typeinfo.Slnk.namelen + 1);
@@ -1080,7 +1080,7 @@
vnode_lock(vn_p);
if ((vn_p->v_lflag & VL_LABELED) == 0) {
vn_p->v_lflag |= VL_LABEL;
- mac_devfs_vnode_associate(dnp->dn_dvm->mount, dnp, vn_p);
+ mac_vnode_label_associate_devfs(dnp->dn_dvm->mount, dnp, vn_p);
vn_p->v_lflag |= VL_LABELED;
vn_p->v_lflag &= ~VL_LABEL;
@@ -1225,7 +1225,7 @@
new_dev->de_dnp->dn_uid = uid;
new_dev->de_dnp->dn_mode |= perms;
#ifdef MAC
- mac_devfs_create_device(NULL, NULL, dev, new_dev->de_dnp,
+ mac_devfs_label_associate_device(NULL, NULL, dev, new_dev->de_dnp,
buff);
#endif
devfs_propogate(dnp->dn_typeinfo.Dir.myname, new_dev);
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/miscfs/devfs/devfs_vfsops.c#3 (text+ko) ====
@@ -419,8 +419,8 @@
mp->mnt_vfsstat.f_owner = kauth_cred_getuid(kauth_cred_get());
(void) copystr(mntname, mp->mnt_vfsstat.f_mntonname, MAXPATHLEN - 1, 0);
#ifdef MAC
- mac_mount_init(mp);
- mac_mount_create(kauth_cred_get(), mp);
+ mac_mount_label_init(mp);
+ mac_mount_label_associate(kauth_cred_get(), mp);
#endif
error = devfs_mount(mp, NULL, NULL, &context);
@@ -433,7 +433,7 @@
mount_lock_destroy(mp);
#ifdef MAC
- mac_mount_destroy(mp);
+ mac_mount_label_destroy(mp);
#endif
FREE_ZONE(mp, sizeof (struct mount), M_MOUNT);
vnode_put(vp);
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/miscfs/devfs/devfs_vnops.c#3 (text+ko) ====
>>> TRUNCATED FOR MAIL (1000 lines) <<<
More information about the trustedbsd-cvs
mailing list