PERFORCE change 113345 for review
Todd Miller
millert at FreeBSD.org
Mon Jan 22 16:05:21 UTC 2007
http://perforce.freebsd.org/chv.cgi?CH=113345
Change 113345 by millert at millert_macbook on 2007/01/22 16:03:51
No longer need MAC_SOCKET, use MAC instead.
Affected files ...
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/conf/MASTER#3 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/sys_socket.c#6 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/uipc_socket.c#7 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/uipc_socket2.c#7 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/uipc_syscalls.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/uipc_usrreq.c#9 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet/raw_ip.c#7 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet/tcp_input.c#7 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet/tcp_output.c#7 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet/tcp_subr.c#8 edit
Differences ...
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/conf/MASTER#3 (text+ko) ====
@@ -93,7 +93,6 @@
options HW_AST # Hardware ast support # <hw_ast>
options HW_FOOTPRINT # Cache footprint support # <hw_foot>
options MAC # Mandatory ACcess Control
-options MAC_SOCKET # MAC socket labels
options LCTX # Login Context
options MACH # Standard Mach features # <mach>
options MACH_ASSERT # Compile in assertions # <test>
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/sys_socket.c#6 (text+ko) ====
@@ -124,7 +124,7 @@
struct mbuf **controlp, int *flagsp);
-#ifdef MAC_SOCKET
+#ifdef MAC
int error;
#endif
@@ -132,7 +132,7 @@
/* This is not a valid open file descriptor */
return(EBADF);
}
-#ifdef MAC_SOCKET
+#ifdef MAC
SOCK_LOCK(so);
error = mac_socket_check_receive(cred, so);
SOCK_UNLOCK(so);
@@ -160,7 +160,7 @@
struct uio *uio2, struct mbuf *top,
struct mbuf *control, int flags2);
int stat;
-#ifdef MAC_SOCKET
+#ifdef MAC
int error;
#endif
@@ -169,7 +169,7 @@
return (EBADF);
}
-#ifdef MAC_SOCKET
+#ifdef MAC
SOCK_LOCK(so);
error = mac_socket_check_send(cred, so);
SOCK_UNLOCK(so);
@@ -367,7 +367,7 @@
return (0);
socket_lock(so, 1);
-#ifdef MAC_SOCKET
+#ifdef MAC
if (mac_socket_check_select(proc_ucred(p), so, which))
goto done; /* will unlock 'so' */
#endif
@@ -417,7 +417,7 @@
{
int stat;
-#ifdef MAC_SOCKET
+#ifdef MAC
SOCK_LOCK(so);
stat = mac_socket_check_stat(kauth_cred_get(), so);
SOCK_UNLOCK(so);
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/uipc_socket.c#7 (text+ko) ====
@@ -431,7 +431,7 @@
if (so) {
so->so_gencnt = ++so_gencnt;
so->so_zone = socket_zone;
-#ifdef MAC_SOCKET
+#ifdef MAC
if (mac_socket_label_init(so, waitok) != 0) {
sodealloc(so);
return (NULL);
@@ -497,7 +497,7 @@
so->so_rcv.sb_flags |= SB_RECV; /* XXX */
so->so_rcv.sb_so = so->so_snd.sb_so = so;
#endif
-#ifdef MAC_SOCKET
+#ifdef MAC
mac_socket_label_associate(kauth_cred_get(), so);
#endif
@@ -581,7 +581,7 @@
{
so->so_gencnt = ++so_gencnt;
-#ifdef MAC_SOCKET
+#ifdef MAC
mac_socket_label_destroy(so);
#endif
#ifndef __APPLE__
@@ -2155,7 +2155,7 @@
struct linger l;
struct timeval tv;
short val;
-#ifdef MAC_SOCKET
+#ifdef MAC
struct mac extmac;
#endif
@@ -2349,7 +2349,7 @@
break;
case SO_LABEL:
-#ifdef MAC_SOCKET
+#ifdef MAC
error = sooptcopyin(sopt, &extmac, sizeof extmac,
sizeof extmac);
if (error)
@@ -2415,7 +2415,7 @@
int error, optval;
struct linger l;
struct timeval tv;
-#ifdef MAC_SOCKET
+#ifdef MAC
struct mac extmac;
#endif
@@ -2560,7 +2560,7 @@
goto integer;
case SO_LABEL:
-#ifdef MAC_SOCKET
+#ifdef MAC
error = sooptcopyin(sopt, &extmac, sizeof(extmac),
sizeof(extmac));
if (error)
@@ -2576,7 +2576,7 @@
break;
case SO_PEERLABEL:
-#ifdef MAC_SOCKET
+#ifdef MAC
error = sooptcopyin(sopt, &extmac, sizeof(extmac),
sizeof(extmac));
if (error)
@@ -2772,7 +2772,7 @@
struct sockbuf *sb;
socket_lock(so, 1);
-#ifdef MAC_SOCKET
+#ifdef MAC
if (mac_socket_check_kqfilter(proc_ucred(p), kn, so) != 0) {
socket_unlock(so, 1);
return (1);
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/uipc_socket2.c#7 (text+ko) ====
@@ -305,7 +305,7 @@
so->so_pgid = head->so_pgid;
so->so_uid = head->so_uid;
so->so_usecount = 1;
-#ifdef MAC_SOCKET
+#ifdef MAC
mac_socket_label_associate_accept(head, so);
#endif
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/uipc_syscalls.c#4 (text+ko) ====
@@ -199,7 +199,7 @@
struct fileproc *fp;
int fd, error;
-#ifdef MAC_SOCKET
+#ifdef MAC
error = mac_socket_check_create(proc_ucred(p), uap->domain, uap->type,
uap->protocol);
if (error)
@@ -249,7 +249,7 @@
goto out;
AUDIT_ARG(sockaddr, p, sa);
if (so != NULL)
-#ifdef MAC_SOCKET
+#ifdef MAC
{
SOCK_LOCK(so);
error = mac_socket_check_bind(proc_ucred(p), so, sa);
@@ -281,7 +281,7 @@
if (error)
return (error);
if (so != NULL)
-#ifdef MAC_SOCKET
+#ifdef MAC
{
SOCK_LOCK(so);
error = mac_socket_check_listen(proc_ucred(p), so);
@@ -353,7 +353,7 @@
error = EINVAL;
goto out;
}
-#ifdef MAC_SOCKET
+#ifdef MAC
error = mac_socket_check_accept(proc_ucred(p), head);
if (error != 0) {
socket_unlock(head, 1);
@@ -439,7 +439,7 @@
(void) soacceptlock(so, &sa, 0);
socket_unlock(head, 1);
#ifdef __darinw8_notyet
-#ifdef MAC_SOCKET
+#ifdef MAC
error = mac_socket_check_accepted(proc_ucred(p), so, sa);
if (error) {
if (sa != 0)
@@ -532,7 +532,7 @@
goto out;
}
AUDIT_ARG(sockaddr, p, sa);
-#ifdef MAC_SOCKET
+#ifdef MAC
error = mac_socket_check_connect(proc_ucred(p), so, sa);
if (error)
goto bad;
@@ -716,7 +716,7 @@
error = EBADF;
goto bad;
}
-#ifdef MAC_SOCKET
+#ifdef MAC
SOCK_LOCK(so);
error = mac_socket_check_send(proc_ucred(p), so);
SOCK_UNLOCK(so);
@@ -991,7 +991,7 @@
}
proc_fdunlock(p);
-#ifdef MAC_SOCKET
+#ifdef MAC
SOCK_LOCK(so);
error = mac_socket_check_receive(proc_ucred(p), so);
SOCK_UNLOCK(so);
@@ -1897,7 +1897,7 @@
error = EINVAL;
goto done3;
}
-#ifdef MAC_SOCKET
+#ifdef MAC
error = mac_socket_check_send(proc_ucred(p), so);
if (error)
goto done3; /* will unlock 'so' */
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/uipc_usrreq.c#9 (text+ko) ====
@@ -815,7 +815,7 @@
sizeof(unp->unp_peercred));
unp->unp_flags |= UNP_HAVEPC;
-#ifdef MAC_SOCKET
+#ifdef MAC
/* XXXMAC: recursive lock: SOCK_LOCK(so); */
mac_socketpeer_label_associate_socket(so, so3);
mac_socketpeer_label_associate_socket(so3, so);
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet/raw_ip.c#7 (text+ko) ====
@@ -375,7 +375,7 @@
inp->inp_route.ro_rt = (struct rtentry *)0;
}
-#ifdef MAC_SOCKET
+#ifdef MAC
mac_mbuf_label_associate_inpcb(inp, m);
#endif
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet/tcp_input.c#7 (text+ko) ====
@@ -910,7 +910,7 @@
else
tiwin = th->th_win;
-#ifdef MAC_SOCKET
+#ifdef MAC
if (mac_inpcb_check_deliver(inp, m))
goto drop;
#endif
@@ -1648,7 +1648,7 @@
if (thflags & TH_ACK) {
tcpstat.tcps_connects++;
soisconnected(so);
-#ifdef MAC_SOCKET
+#ifdef MAC
/* XXXMAC: recursive lock: SOCK_LOCK(so); */
mac_socketpeer_label_associate_mbuf(m, so);
/* XXXMAC: SOCK_UNLOCK(so); */
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet/tcp_output.c#7 (text+ko) ====
@@ -1005,7 +1005,7 @@
m->m_len = hdrlen;
}
m->m_pkthdr.rcvif = 0;
-#ifdef MAC_SOCKET
+#ifdef MAC
mac_mbuf_label_associate_inpcb(tp->t_inpcb, m);
#endif
#if INET6
==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet/tcp_subr.c#8 (text+ko) ====
@@ -575,7 +575,7 @@
m->m_len = tlen;
m->m_pkthdr.len = tlen;
m->m_pkthdr.rcvif = 0;
-#ifdef MAC_SOCKET
+#ifdef MAC
if (tp != NULL && tp->t_inpcb != NULL) {
/*
* Packet is associated with a socket, so allow the
More information about the trustedbsd-cvs
mailing list