PERFORCE change 113326 for review
Todd Miller
millert at FreeBSD.org
Mon Jan 22 15:34:00 UTC 2007
http://perforce.freebsd.org/chv.cgi?CH=113326
Change 113326 by millert at millert_macbook on 2007/01/22 15:30:20
Replace calls to network_label_copy() with sebsd_label_copy()
now that we don't have to check for unlabeled mbufs.
Affected files ...
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#61 edit
Differences ...
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#61 (text+ko) ====
@@ -154,19 +154,10 @@
}
static void
-network_label_copy(struct label *slabel, struct label *dlabel)
+sebsd_label_copy(struct label *src, struct label *dest)
{
- struct network_security_struct *src, *dst;
- if (slabel == NULL || dlabel == NULL)
- return;
-
- src = SLOT(slabel);
- dst = SLOT(dlabel);
- if (src == NULL || dst == NULL)
- return;
-
- *dst = *src;
+ *(struct sebsd_label *)SLOT(dest) = *(struct sebsd_label *)SLOT(src);
}
/*
@@ -930,7 +921,7 @@
struct mbuf *m, struct label *mlabel)
{
- network_label_copy(blabel, mlabel);
+ sebsd_label_copy(blabel, mlabel);
}
static void
@@ -938,7 +929,7 @@
struct mbuf *m, struct label *mlabel)
{
- network_label_copy(ilabel, mlabel);
+ sebsd_label_copy(ilabel, mlabel);
}
static void
@@ -1137,7 +1128,7 @@
struct mbuf *m, struct label *mlabel)
{
- network_label_copy(solabel, mlabel);
+ sebsd_label_copy(solabel, mlabel);
}
static void
@@ -1201,7 +1192,7 @@
struct xsocket *news, struct label *newslabel)
{
- network_label_copy(oldslabel, newslabel);
+ sebsd_label_copy(oldslabel, newslabel);
}
static int
@@ -1812,7 +1803,7 @@
struct label *oldlabel, struct label *newlabel)
{
- network_label_copy(newlabel, oldlabel);
+ sebsd_label_copy(newlabel, oldlabel);
}
static void
@@ -1853,7 +1844,7 @@
struct xsocket *xso, struct label *sopeerlabel)
{
- network_label_copy(mlabel, sopeerlabel);
+ sebsd_label_copy(mlabel, sopeerlabel);
}
static void
@@ -1862,7 +1853,7 @@
struct label *newsockpeerlabel)
{
- network_label_copy(oldslabel, newsockpeerlabel);
+ sebsd_label_copy(oldslabel, newsockpeerlabel);
}
static int
@@ -2926,13 +2917,6 @@
return (sebsd_externalize_sid(sid, element_name, sb));
}
-static void
-sebsd_label_copy(struct label *src, struct label *dest)
-{
-
- *(struct sebsd_label *)SLOT(dest) = *(struct sebsd_label *)SLOT(src);
-}
-
#ifdef FD__CREATE
static int
sebsd_file_check_create(struct ucred *cred)
@@ -3041,7 +3025,7 @@
struct label *ifnetlabel, struct label *newlabel)
{
- network_label_copy(newlabel, ifnetlabel);
+ sebsd_label_copy(newlabel, ifnetlabel);
}
static void
@@ -3096,19 +3080,9 @@
struct network_security_struct *ifsec, *msec;
int error;
- if (ifnetlabel == NULL || mbuflabel == NULL) {
- /* XXX - mbufs are not always labeled! */
- return (0);
- }
-
ifsec = SLOT(ifnetlabel);
msec = SLOT(mbuflabel);
- if (ifsec == NULL || msec == NULL) {
- /* XXX - should not happen, log and fix */
- return (0);
- }
-
/* XXX - use an audit struct so we can log useful info */
error = avc_has_perm(msec->sid, ifsec->sid, SECCLASS_PACKET,
PACKET__SEND, NULL);
@@ -3504,7 +3478,7 @@
.mpo_mbuf_label_associate_bpfdesc = sebsd_mbuf_label_associate_bpfdesc,
.mpo_mbuf_label_associate_ifnet = sebsd_mbuf_label_associate_ifnet,
.mpo_mbuf_label_associate_socket = sebsd_mbuf_label_associate_socket,
- .mpo_mbuf_label_copy = network_label_copy,
+ .mpo_mbuf_label_copy = sebsd_label_copy,
.mpo_mbuf_label_destroy = sebsd_label_destroy,
.mpo_mbuf_label_init = sebsd_label_init2,
.mpo_mount_check_getattr = sebsd_mount_check_getattr,
@@ -3594,7 +3568,7 @@
.mpo_socket_check_stat = sebsd_socket_check_stat,
.mpo_socket_label_associate = sebsd_socket_label_associate,
.mpo_socket_label_associate_accept = sebsd_socket_label_associate_accept,
- .mpo_socket_label_copy = network_label_copy,
+ .mpo_socket_label_copy = sebsd_label_copy,
.mpo_socket_label_destroy = sebsd_label_destroy,
.mpo_socket_label_externalize = sebsd_label_externalize,
.mpo_socket_label_init = sebsd_label_init2,
More information about the trustedbsd-cvs
mailing list