Date: Wed, 13 Oct 2004 12:21:58 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 63152 for review Message-ID: <200410131221.i9DCLw2d001269@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=63152 Change 63152 by rwatson@rwatson_tislabs on 2004/10/13 12:21:16 Merge McAfee Research change made to System V IPC MAC support on SEDarwin: rename System V IPC MAC Framework entry points and policy entry points to use _sysv_ instead of _ipc_ to make it more clear when System V vs Posix or Mach IPC are in use. Submitted by: cvance Affected files ... .. //depot/projects/trustedbsd/mac/sys/kern/sysv_msg.c#25 edit .. //depot/projects/trustedbsd/mac/sys/kern/sysv_sem.c#28 edit .. //depot/projects/trustedbsd/mac/sys/kern/sysv_shm.c#25 edit .. //depot/projects/trustedbsd/mac/sys/security/mac/mac_sysv_msg.c#9 edit .. //depot/projects/trustedbsd/mac/sys/security/mac/mac_sysv_sem.c#9 edit .. //depot/projects/trustedbsd/mac/sys/security/mac/mac_sysv_shm.c#8 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#246 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#87 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#200 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_stub/mac_stub.c#23 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#136 edit .. //depot/projects/trustedbsd/mac/sys/sys/mac.h#262 edit .. //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#217 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/kern/sysv_msg.c#25 (text+ko) ==== @@ -194,7 +194,7 @@ msghdrs[i-1].msg_next = &msghdrs[i]; msghdrs[i].msg_next = NULL; #ifdef MAC - mac_init_ipc_msgmsg(&msghdrs[i]); + mac_init_sysv_msgmsg(&msghdrs[i]); #endif } free_msghdrs = &msghdrs[0]; @@ -207,7 +207,7 @@ msqids[i].u.msg_perm.seq = 0; /* reset to a known value */ msqids[i].u.msg_perm.mode = 0; #ifdef MAC - mac_init_ipc_msgqueue(&msqids[i]); + mac_init_sysv_msgqueue(&msqids[i]); #endif } mtx_init(&msq_mtx, "msq", NULL, MTX_DEF); @@ -243,10 +243,10 @@ int i; /* Clean up the MAC label associated with the msg objects. */ for (i = 0; i < msginfo.msgtql; i++) - mac_destroy_ipc_msgmsg(&msghdrs[i]); + mac_destroy_sysv_msgmsg(&msghdrs[i]); /* Clean up the MAC label associated with the msq objects. */ for (msqid = 0; msqid < msginfo.msgmni; msqid++) - mac_destroy_ipc_msgqueue(&msqids[msqid]); + mac_destroy_sysv_msgqueue(&msqids[msqid]); #endif free(msgpool, M_MSG); free(msgmaps, M_MSG); @@ -347,7 +347,7 @@ free_msghdrs = msghdr; #ifdef MAC /* XXX: Reset the MAC label */ - mac_cleanup_ipc_msgmsg(msghdr); + mac_cleanup_sysv_msgmsg(msghdr); #endif } @@ -403,9 +403,9 @@ goto done2; } #ifdef MAC - if ((error = mac_check_ipc_msqctl(td->td_ucred,msqkptr,cmd))) { + if ((error = mac_check_sysv_msqctl(td->td_ucred,msqkptr,cmd))) { MPRINTF(( - "MAC Framework: mac_check_ipc_msqctl permission denied!\n")); + "MAC Framework: mac_check_sysv_msqctl permission denied!\n")); goto done2; } #endif @@ -433,10 +433,10 @@ */ msghdr = msqkptr->u.msg_first; while (msghdr != NULL) { - if ((error = mac_check_ipc_msgrmid(td->td_ucred, + if ((error = mac_check_sysv_msgrmid(td->td_ucred, msghdr))) { MPRINTF( - "MAC Framework: mac_check_ipc_msgrmid permission denied\n"); + "MAC Framework: mac_check_sysv_msgrmid permission denied\n"); /* XXX wakeup(msqkptr); ??? */ goto done2; } @@ -466,7 +466,7 @@ #ifdef MAC /* XXX: Reset the MAC label */ - mac_cleanup_ipc_msgqueue(msqkptr); + mac_cleanup_sysv_msgqueue(msqkptr); #endif wakeup(msqkptr); @@ -570,9 +570,9 @@ goto done2; } #ifdef MAC - if ((error = mac_check_ipc_msqget(cred, msqkptr))) { + if ((error = mac_check_sysv_msqget(cred, msqkptr))) { MPRINTF( - "MAC Framework: mac_check_ipc_msqget access denied\n"); + "MAC Framework: mac_check_sysv_msqget access denied\n"); goto done2; } #endif @@ -619,7 +619,7 @@ msqkptr->u.msg_rtime = 0; msqkptr->u.msg_ctime = time_second; #ifdef MAC - mac_create_ipc_msgqueue(cred, msqkptr); + mac_create_sysv_msgqueue(cred, msqkptr); #endif } else { DPRINTF(("didn't find it and wasn't asked to create it\n")); @@ -698,9 +698,9 @@ * Make sure that the thread has access rights to the message * queue. */ - if ((error = mac_check_ipc_msqsnd(td->td_ucred, msqkptr))) { + if ((error = mac_check_sysv_msqsnd(td->td_ucred, msqkptr))) { MPRINTF(( -"MAC Framework: mac_check_ipc_msqsnd permission denied\n")); +"MAC Framework: mac_check_sysv_msqsnd permission denied\n")); goto done2; } #endif @@ -819,9 +819,9 @@ msghdr->msg_spot = -1; msghdr->msg_ts = msgsz; #ifdef MAC - mac_create_ipc_msgmsg(td->td_ucred, msqkptr, msghdr); + mac_create_sysv_msgmsg(td->td_ucred, msqkptr, msghdr); /* - * XXX: Should the mac_check_ipc_msgmsq check follow here + * XXX: Should the mac_check_sysv_msgmsq check follow here * immediately? Or, should it be checked just before the msg is * enqueued in the msgq (as it is done now)? */ @@ -939,16 +939,16 @@ * Note: Since the task/thread allocates the msghdr and usually * primes it with its own MAC label,for a majority of policies, it * won't be necessary to check whether the msghdr has access - * permissions to the msgq. The mac_check_ipc_msqsnd check would + * permissions to the msgq. The mac_check_sysv_msqsnd check would * suffice in that case. However, this hook may be required where * individual policies derive a non-identical label for the msghdr * from the current thread label and may want to check the msghdr * enqueue permissions, along with read/write permissions to the * msgq. */ - if ((error = mac_check_ipc_msgmsq(td->td_ucred,msghdr,msqkptr))) { + if ((error = mac_check_sysv_msgmsq(td->td_ucred,msghdr,msqkptr))) { MPRINTF(( - "MAC Framework: mac_check_ipc_msqmsq permission denied\n")); + "MAC Framework: mac_check_sysv_msqmsq permission denied\n")); msg_freehdr(msghdr); wakeup(msqkptr); goto done2; @@ -1041,9 +1041,9 @@ /* * Make sure that the thread has access rights to the message queue. */ - if ((error = mac_check_ipc_msqrcv(td->td_ucred, msqkptr))) { + if ((error = mac_check_sysv_msqrcv(td->td_ucred, msqkptr))) { MPRINTF(( -"MAC Framework: mac_check_ipc_msqrcv permission denied\n")); +"MAC Framework: mac_check_sysv_msqrcv permission denied\n")); goto done2; } #endif @@ -1066,10 +1066,10 @@ * Make sure that the thread has access * rights to the message header. */ - if ((error = mac_check_ipc_msgrcv(td->td_ucred, + if ((error = mac_check_sysv_msgrcv(td->td_ucred, msghdr))) { MPRINTF(( - "MAC Framework: mac_check_ipc_msgrcv permission denied\n")); + "MAC Framework: mac_check_sysv_msgrcv permission denied\n")); goto done2; } #endif @@ -1119,10 +1119,10 @@ * header. */ if ((error = - mac_check_ipc_msgrcv(td->td_ucred, + mac_check_sysv_msgrcv(td->td_ucred, msghdr))) { MPRINTF(( - "MAC Framework: mac_check_ipc_msgrcv permission denied\n")); + "MAC Framework: mac_check_sysv_msgrcv permission denied\n")); goto done2; } #endif ==== //depot/projects/trustedbsd/mac/sys/kern/sysv_sem.c#28 (text+ko) ==== @@ -208,7 +208,7 @@ sema[i].u.sem_perm.mode = 0; sema[i].u.sem_perm.seq = 0; #ifdef MAC - mac_init_ipc_sema(&sema[i]); + mac_init_sysv_sema(&sema[i]); #endif } for (i = 0; i < seminfo.semmni; i++) @@ -234,7 +234,7 @@ EVENTHANDLER_DEREGISTER(process_exit, semexit_tag); #ifdef MAC for (i = 0; i < seminfo.semmni; i++) - mac_destroy_ipc_sema(&sema[i]); + mac_destroy_sysv_sema(&sema[i]); #endif free(sem, M_SEM); free(sema, M_SEM); @@ -551,9 +551,9 @@ if ((error = ipcperm(td, &semakptr->u.sem_perm, IPC_R))) goto done2; #ifdef MAC - if ((error = mac_check_ipc_semctl(cred, semakptr, cmd))) { + if ((error = mac_check_sysv_semctl(cred, semakptr, cmd))) { MPRINTF(( - "MAC Framework: mac_check_ipc_semctl access denied\n")); + "MAC Framework: mac_check_sysv_semctl access denied\n")); goto done2; } #endif @@ -574,9 +574,9 @@ sema_mtxp = &sema_mtx[semid]; #ifdef MAC mtx_lock(sema_mtxp); - if ((error = mac_check_ipc_semctl(cred, semakptr, cmd))) { + if ((error = mac_check_sysv_semctl(cred, semakptr, cmd))) { MPRINTF(( - "MAC Framework: mac_check_ipc_semctl access denied\n")); + "MAC Framework: mac_check_sysv_semctl access denied\n")); goto done2; } mtx_unlock(sema_mtxp); @@ -604,7 +604,7 @@ } semakptr->u.sem_perm.mode = 0; #ifdef MAC - mac_cleanup_ipc_sema(semakptr); + mac_cleanup_sysv_sema(semakptr); #endif SEMUNDO_LOCK(); semundo_clear(semid, -1); @@ -838,10 +838,10 @@ goto done2; } #ifdef MAC - if ((error = mac_check_ipc_semget(cred, + if ((error = mac_check_sysv_semget(cred, &sema[semid]))) { MPRINTF(( - "MAC Framework: mac_check_ipc_semget access denied\n")); + "MAC Framework: mac_check_sysv_semget access denied\n")); goto done2; } #endif @@ -890,7 +890,7 @@ bzero(sema[semid].u.sem_base, sizeof(sema[semid].u.sem_base[0])*nsems); #ifdef MAC - mac_create_ipc_sema(cred, &sema[semid]); + mac_create_sysv_sema(cred, &sema[semid]); #endif DPRINTF(("sembase = 0x%x, next = 0x%x\n", sema[semid].u.sem_base, &sem[semtot])); @@ -1004,9 +1004,9 @@ * write) permissions to the semaphore array based on the * sopptr->sem_op value. */ - if ((error = mac_check_ipc_semop(td->td_ucred, semakptr, j))) { + if ((error = mac_check_sysv_semop(td->td_ucred, semakptr, j))) { MPRINTF(( - "MAC Framework: mac_check_ipc_semop access denied\n")); + "MAC Framework: mac_check_sysv_semop access denied\n")); goto done2; } #endif ==== //depot/projects/trustedbsd/mac/sys/kern/sysv_shm.c#25 (text+ko) ==== @@ -222,7 +222,7 @@ shmseg->u.shm_perm.mode = SHMSEG_FREE; #ifdef MAC /* Reset the MAC label */ - mac_cleanup_ipc_shm(shmseg); + mac_cleanup_sysv_shm(shmseg); #endif } @@ -295,9 +295,9 @@ */ struct shmid_kernel *shmsegptr; shmsegptr = &shmsegs[IPCID_TO_IX(shmmap_s->shmid)]; - if ((error = mac_check_ipc_shmdt(td->td_ucred, shmsegptr))) { + if ((error = mac_check_sysv_shmdt(td->td_ucred, shmsegptr))) { MPRINTF(( - "MAC Framework: mac_check_ipc_shmdt access denied\n")); + "MAC Framework: mac_check_sysv_shmdt access denied\n")); goto done2; } #endif @@ -356,9 +356,9 @@ if (error) goto done2; #ifdef MAC - if ((error = mac_check_ipc_shmat(td->td_ucred, shmseg, shmflg))) { + if ((error = mac_check_sysv_shmat(td->td_ucred, shmseg, shmflg))) { MPRINTF(( - "MAC Framework: mac_check_ipc_shmat access denied\n")); + "MAC Framework: mac_check_sysv_shmat access denied\n")); goto done2; } #endif @@ -476,9 +476,9 @@ if (error) goto done2; #ifdef MAC - if ((error = mac_check_ipc_shmctl(td->td_ucred, shmseg, uap->cmd))) { + if ((error = mac_check_sysv_shmctl(td->td_ucred, shmseg, uap->cmd))) { MPRINTF(( - "MAC Framework: mac_check_ipc_shmctl access denied\n")); + "MAC Framework: mac_check_sysv_shmctl access denied\n")); goto done2; } #endif @@ -564,9 +564,9 @@ goto done2; } #ifdef MAC - if ((error = mac_check_ipc_shmctl(td->td_ucred, shmseg, cmd))) { + if ((error = mac_check_sysv_shmctl(td->td_ucred, shmseg, cmd))) { MPRINTF(( - "MAC Framework: mac_check_ipc_shmctl access denied\n")); + "MAC Framework: mac_check_sysv_shmctl access denied\n")); goto done2; } #endif @@ -694,9 +694,9 @@ return (EEXIST); error = ipcperm(td, &shmseg->u.shm_perm, mode); #ifdef MAC - if ((error = mac_check_ipc_shmget(td->td_ucred,shmseg,uap->shmflg))) { + if ((error = mac_check_sysv_shmget(td->td_ucred,shmseg,uap->shmflg))) { MPRINTF(( - "MAC Framework: mac_check_ipc_shmget access denied\n")); + "MAC Framework: mac_check_sysv_shmget access denied\n")); } #endif if (error) @@ -775,7 +775,7 @@ shmseg->u.shm_lpid = shmseg->u.shm_nattch = 0; shmseg->u.shm_atime = shmseg->u.shm_dtime = 0; #ifdef MAC - mac_create_ipc_shm(cred, shmseg); + mac_create_sysv_shm(cred, shmseg); #endif shmseg->u.shm_ctime = time_second; shm_committed += btoc(size); @@ -913,7 +913,7 @@ shmsegs[i].u.shm_perm.mode = SHMSEG_FREE; shmsegs[i].u.shm_perm.seq = 0; #ifdef MAC - mac_init_ipc_shm(&shmsegs[i]); + mac_init_sysv_shm(&shmsegs[i]); #endif } free(shmsegs, M_SHM); @@ -945,7 +945,7 @@ shmsegs[i].u.shm_perm.mode = SHMSEG_FREE; shmsegs[i].u.shm_perm.seq = 0; #ifdef MAC - mac_init_ipc_shm(&shmsegs[i]); + mac_init_sysv_shm(&shmsegs[i]); #endif } shm_last_free = 0; @@ -967,7 +967,7 @@ #ifdef MAC for (i = 0; i < shmalloced; i++) - mac_destroy_ipc_shm(&shmsegs[i]); + mac_destroy_sysv_shm(&shmsegs[i]); #endif free(shmsegs, M_SHM); shmexit_hook = NULL; ==== //depot/projects/trustedbsd/mac/sys/security/mac/mac_sysv_msg.c#9 (text+ko) ==== @@ -68,108 +68,108 @@ #endif static struct label * -mac_ipc_msgmsg_label_alloc(void) +mac_sysv_msgmsg_label_alloc(void) { struct label *label; label = mac_labelzone_alloc(M_WAITOK); - MAC_PERFORM(init_ipc_msgmsg_label, label); + MAC_PERFORM(init_sysv_msgmsg_label, label); MAC_DEBUG_COUNTER_INC(&nmacipcmsgs); return (label); } void -mac_init_ipc_msgmsg(struct msg *msgptr) +mac_init_sysv_msgmsg(struct msg *msgptr) { - msgptr->label = mac_ipc_msgmsg_label_alloc(); + msgptr->label = mac_sysv_msgmsg_label_alloc(); } static struct label * -mac_ipc_msgqueue_label_alloc(void) +mac_sysv_msgqueue_label_alloc(void) { struct label *label; label = mac_labelzone_alloc(M_WAITOK); - MAC_PERFORM(init_ipc_msgqueue_label, label); + MAC_PERFORM(init_sysv_msgqueue_label, label); MAC_DEBUG_COUNTER_INC(&nmacipcmsqs); return (label); } void -mac_init_ipc_msgqueue(struct msqid_kernel *msqkptr) +mac_init_sysv_msgqueue(struct msqid_kernel *msqkptr) { - msqkptr->label = mac_ipc_msgqueue_label_alloc(); + msqkptr->label = mac_sysv_msgqueue_label_alloc(); msqkptr->label = NULL; } static void -mac_ipc_msgmsg_label_free(struct label *label) +mac_sysv_msgmsg_label_free(struct label *label) { - MAC_PERFORM(destroy_ipc_msgmsg_label, label); + MAC_PERFORM(destroy_sysv_msgmsg_label, label); mac_labelzone_free(label); MAC_DEBUG_COUNTER_DEC(&nmacipcmsgs); } void -mac_destroy_ipc_msgmsg(struct msg *msgptr) +mac_destroy_sysv_msgmsg(struct msg *msgptr) { - mac_ipc_msgmsg_label_free(msgptr->label); + mac_sysv_msgmsg_label_free(msgptr->label); msgptr->label = NULL; } static void -mac_ipc_msgqueue_label_free(struct label *label) +mac_sysv_msgqueue_label_free(struct label *label) { - MAC_PERFORM(destroy_ipc_msgqueue_label, label); + MAC_PERFORM(destroy_sysv_msgqueue_label, label); mac_labelzone_free(label); MAC_DEBUG_COUNTER_DEC(&nmacipcmsqs); } void -mac_destroy_ipc_msgqueue(struct msqid_kernel *msqkptr) +mac_destroy_sysv_msgqueue(struct msqid_kernel *msqkptr) { - mac_ipc_msgqueue_label_free(msqkptr->label); + mac_sysv_msgqueue_label_free(msqkptr->label); msqkptr->label = NULL; } void -mac_create_ipc_msgmsg(struct ucred *cred, struct msqid_kernel *msqkptr, +mac_create_sysv_msgmsg(struct ucred *cred, struct msqid_kernel *msqkptr, struct msg *msgptr) { - MAC_PERFORM(create_ipc_msgmsg, cred, msqkptr, msqkptr->label, + MAC_PERFORM(create_sysv_msgmsg, cred, msqkptr, msqkptr->label, msgptr, msgptr->label); } void -mac_create_ipc_msgqueue(struct ucred *cred, struct msqid_kernel *msqkptr) +mac_create_sysv_msgqueue(struct ucred *cred, struct msqid_kernel *msqkptr) { - MAC_PERFORM(create_ipc_msgqueue, cred, msqkptr, msqkptr->label); + MAC_PERFORM(create_sysv_msgqueue, cred, msqkptr, msqkptr->label); } void -mac_cleanup_ipc_msgmsg(struct msg *msgptr) +mac_cleanup_sysv_msgmsg(struct msg *msgptr) { - MAC_PERFORM(cleanup_ipc_msgmsg, msgptr->label); + MAC_PERFORM(cleanup_sysv_msgmsg, msgptr->label); } void -mac_cleanup_ipc_msgqueue(struct msqid_kernel *msqkptr) +mac_cleanup_sysv_msgqueue(struct msqid_kernel *msqkptr) { - MAC_PERFORM(cleanup_ipc_msgqueue, msqkptr->label); + MAC_PERFORM(cleanup_sysv_msgqueue, msqkptr->label); } int -mac_check_ipc_msgmsq(struct ucred *cred, struct msg *msgptr, +mac_check_sysv_msgmsq(struct ucred *cred, struct msg *msgptr, struct msqid_kernel *msqkptr) { int error; @@ -177,79 +177,79 @@ if (!mac_enforce_sysv_msg) return (0); - MAC_CHECK(check_ipc_msgmsq, cred, msgptr, msgptr->label, msqkptr, + MAC_CHECK(check_sysv_msgmsq, cred, msgptr, msgptr->label, msqkptr, msqkptr->label); return(error); } int -mac_check_ipc_msgrcv(struct ucred *cred, struct msg *msgptr) +mac_check_sysv_msgrcv(struct ucred *cred, struct msg *msgptr) { int error; if (!mac_enforce_sysv_msg) return (0); - MAC_CHECK(check_ipc_msgrcv, cred, msgptr, msgptr->label); + MAC_CHECK(check_sysv_msgrcv, cred, msgptr, msgptr->label); return(error); } int -mac_check_ipc_msgrmid(struct ucred *cred, struct msg *msgptr) +mac_check_sysv_msgrmid(struct ucred *cred, struct msg *msgptr) { int error; if (!mac_enforce_sysv_msg) return (0); - MAC_CHECK(check_ipc_msgrmid, cred, msgptr, msgptr->label); + MAC_CHECK(check_sysv_msgrmid, cred, msgptr, msgptr->label); return(error); } int -mac_check_ipc_msqget(struct ucred *cred, struct msqid_kernel *msqkptr) +mac_check_sysv_msqget(struct ucred *cred, struct msqid_kernel *msqkptr) { int error; if (!mac_enforce_sysv_msg) return (0); - MAC_CHECK(check_ipc_msqget, cred, msqkptr, msqkptr->label); + MAC_CHECK(check_sysv_msqget, cred, msqkptr, msqkptr->label); return(error); } int -mac_check_ipc_msqsnd(struct ucred *cred, struct msqid_kernel *msqkptr) +mac_check_sysv_msqsnd(struct ucred *cred, struct msqid_kernel *msqkptr) { int error; if (!mac_enforce_sysv_msg) return (0); - MAC_CHECK(check_ipc_msqsnd, cred, msqkptr, msqkptr->label); + MAC_CHECK(check_sysv_msqsnd, cred, msqkptr, msqkptr->label); return(error); } int -mac_check_ipc_msqrcv(struct ucred *cred, struct msqid_kernel *msqkptr) +mac_check_sysv_msqrcv(struct ucred *cred, struct msqid_kernel *msqkptr) { int error; if (!mac_enforce_sysv_msg) return (0); - MAC_CHECK(check_ipc_msqrcv, cred, msqkptr, msqkptr->label); + MAC_CHECK(check_sysv_msqrcv, cred, msqkptr, msqkptr->label); return(error); } int -mac_check_ipc_msqctl(struct ucred *cred, struct msqid_kernel *msqkptr, +mac_check_sysv_msqctl(struct ucred *cred, struct msqid_kernel *msqkptr, int cmd) { int error; @@ -257,7 +257,7 @@ if (!mac_enforce_sysv_msg) return (0); - MAC_CHECK(check_ipc_msqctl, cred, msqkptr, msqkptr->label, cmd); + MAC_CHECK(check_sysv_msqctl, cred, msqkptr, msqkptr->label, cmd); return(error); } ==== //depot/projects/trustedbsd/mac/sys/security/mac/mac_sysv_sem.c#9 (text+ko) ==== @@ -65,56 +65,56 @@ #endif static struct label * -mac_ipc_sema_label_alloc(void) +mac_sysv_sema_label_alloc(void) { struct label *label; label = mac_labelzone_alloc(M_WAITOK); - MAC_PERFORM(init_ipc_sema_label, label); + MAC_PERFORM(init_sysv_sema_label, label); MAC_DEBUG_COUNTER_INC(&nmacipcsemas); return (label); } void -mac_init_ipc_sema(struct semid_kernel *semakptr) +mac_init_sysv_sema(struct semid_kernel *semakptr) { - semakptr->label = mac_ipc_sema_label_alloc(); + semakptr->label = mac_sysv_sema_label_alloc(); } static void -mac_ipc_sema_label_free(struct label *label) +mac_sysv_sema_label_free(struct label *label) { - MAC_PERFORM(destroy_ipc_sema_label, label); + MAC_PERFORM(destroy_sysv_sema_label, label); mac_labelzone_free(label); MAC_DEBUG_COUNTER_DEC(&nmacipcsemas); } void -mac_destroy_ipc_sema(struct semid_kernel *semakptr) +mac_destroy_sysv_sema(struct semid_kernel *semakptr) { - mac_ipc_sema_label_free(semakptr->label); + mac_sysv_sema_label_free(semakptr->label); semakptr->label = NULL; } void -mac_create_ipc_sema(struct ucred *cred, struct semid_kernel *semakptr) +mac_create_sysv_sema(struct ucred *cred, struct semid_kernel *semakptr) { - MAC_PERFORM(create_ipc_sema, cred, semakptr, semakptr->label); + MAC_PERFORM(create_sysv_sema, cred, semakptr, semakptr->label); } void -mac_cleanup_ipc_sema(struct semid_kernel *semakptr) +mac_cleanup_sysv_sema(struct semid_kernel *semakptr) { - MAC_PERFORM(cleanup_ipc_sema, semakptr->label); + MAC_PERFORM(cleanup_sysv_sema, semakptr->label); } int -mac_check_ipc_semctl(struct ucred *cred, struct semid_kernel *semakptr, +mac_check_sysv_semctl(struct ucred *cred, struct semid_kernel *semakptr, int cmd) { int error; @@ -122,26 +122,26 @@ if (!mac_enforce_sysv_sem) return (0); - MAC_CHECK(check_ipc_semctl, cred, semakptr, semakptr->label, cmd); + MAC_CHECK(check_sysv_semctl, cred, semakptr, semakptr->label, cmd); return(error); } int -mac_check_ipc_semget(struct ucred *cred, struct semid_kernel *semakptr) +mac_check_sysv_semget(struct ucred *cred, struct semid_kernel *semakptr) { int error; if (!mac_enforce_sysv_sem) return (0); - MAC_CHECK(check_ipc_semget, cred, semakptr, semakptr->label); + MAC_CHECK(check_sysv_semget, cred, semakptr, semakptr->label); return(error); } int -mac_check_ipc_semop(struct ucred *cred, struct semid_kernel *semakptr, +mac_check_sysv_semop(struct ucred *cred, struct semid_kernel *semakptr, size_t accesstype) { int error; @@ -149,7 +149,7 @@ if (!mac_enforce_sysv_sem) return (0); - MAC_CHECK(check_ipc_semop, cred, semakptr, semakptr->label, + MAC_CHECK(check_sysv_semop, cred, semakptr, semakptr->label, accesstype); return(error); ==== //depot/projects/trustedbsd/mac/sys/security/mac/mac_sysv_shm.c#8 (text+ko) ==== @@ -66,56 +66,56 @@ #endif static struct label * -mac_ipc_shm_label_alloc(void) +mac_sysv_shm_label_alloc(void) { struct label *label; label = mac_labelzone_alloc(M_WAITOK); - MAC_PERFORM(init_ipc_shm_label, label); + MAC_PERFORM(init_sysv_shm_label, label); MAC_DEBUG_COUNTER_INC(&nmacipcshms); return (label); } void -mac_init_ipc_shm(struct shmid_kernel *shmsegptr) +mac_init_sysv_shm(struct shmid_kernel *shmsegptr) { - shmsegptr->label = mac_ipc_shm_label_alloc(); + shmsegptr->label = mac_sysv_shm_label_alloc(); } static void -mac_ipc_shm_label_free(struct label *label) +mac_sysv_shm_label_free(struct label *label) { - MAC_PERFORM(destroy_ipc_shm_label, label); + MAC_PERFORM(destroy_sysv_shm_label, label); mac_labelzone_free(label); MAC_DEBUG_COUNTER_DEC(&nmacipcshms); } void -mac_destroy_ipc_shm(struct shmid_kernel *shmsegptr) +mac_destroy_sysv_shm(struct shmid_kernel *shmsegptr) { - mac_ipc_shm_label_free(shmsegptr->label); + mac_sysv_shm_label_free(shmsegptr->label); shmsegptr->label = NULL; } void -mac_create_ipc_shm(struct ucred *cred, struct shmid_kernel *shmsegptr) +mac_create_sysv_shm(struct ucred *cred, struct shmid_kernel *shmsegptr) { - MAC_PERFORM(create_ipc_shm, cred, shmsegptr, shmsegptr->label); + MAC_PERFORM(create_sysv_shm, cred, shmsegptr, shmsegptr->label); } void -mac_cleanup_ipc_shm(struct shmid_kernel *shmsegptr) +mac_cleanup_sysv_shm(struct shmid_kernel *shmsegptr) { - MAC_PERFORM(cleanup_ipc_shm, shmsegptr->label); + MAC_PERFORM(cleanup_sysv_shm, shmsegptr->label); } int -mac_check_ipc_shmat(struct ucred *cred, struct shmid_kernel *shmsegptr, +mac_check_sysv_shmat(struct ucred *cred, struct shmid_kernel *shmsegptr, int shmflg) { int error; @@ -123,14 +123,14 @@ if (!mac_enforce_sysv_shm) return (0); - MAC_CHECK(check_ipc_shmat, cred, shmsegptr, shmsegptr->label, + MAC_CHECK(check_sysv_shmat, cred, shmsegptr, shmsegptr->label, shmflg); return(error); } int -mac_check_ipc_shmctl(struct ucred *cred, struct shmid_kernel *shmsegptr, +mac_check_sysv_shmctl(struct ucred *cred, struct shmid_kernel *shmsegptr, int cmd) { int error; @@ -138,27 +138,27 @@ if (!mac_enforce_sysv_shm) return (0); - MAC_CHECK(check_ipc_shmctl, cred, shmsegptr, shmsegptr->label, + MAC_CHECK(check_sysv_shmctl, cred, shmsegptr, shmsegptr->label, cmd); return(error); } int -mac_check_ipc_shmdt(struct ucred *cred, struct shmid_kernel *shmsegptr) +mac_check_sysv_shmdt(struct ucred *cred, struct shmid_kernel *shmsegptr) { int error; if (!mac_enforce_sysv_shm) return (0); - MAC_CHECK(check_ipc_shmdt, cred, shmsegptr, shmsegptr->label); + MAC_CHECK(check_sysv_shmdt, cred, shmsegptr, shmsegptr->label); return(error); } int -mac_check_ipc_shmget(struct ucred *cred, struct shmid_kernel *shmsegptr, +mac_check_sysv_shmget(struct ucred *cred, struct shmid_kernel *shmsegptr, int shmflg) { int error; @@ -166,7 +166,7 @@ if (!mac_enforce_sysv_shm) return (0); - MAC_CHECK(check_ipc_shmget, cred, shmsegptr, shmsegptr->label, + MAC_CHECK(check_sysv_shmget, cred, shmsegptr, shmsegptr->label, shmflg); return(error); ==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#246 (text+ko) ==== @@ -1181,7 +1181,7 @@ */ static void -mac_biba_create_ipc_msgmsg(struct ucred *cred, struct msqid_kernel *msqkptr, +mac_biba_create_sysv_msgmsg(struct ucred *cred, struct msqid_kernel *msqkptr, struct label *msqlabel, struct msg *msgptr, struct label *msglabel) { struct mac_biba *source, *dest; @@ -1194,8 +1194,8 @@ } static void -mac_biba_create_ipc_msgqueue(struct ucred *cred, struct msqid_kernel *msqkptr, - struct label *msqlabel) +mac_biba_create_sysv_msgqueue(struct ucred *cred, + struct msqid_kernel *msqkptr, struct label *msqlabel) { struct mac_biba *source, *dest; @@ -1206,7 +1206,7 @@ } static void -mac_biba_create_ipc_sema(struct ucred *cred, struct semid_kernel *semakptr, +mac_biba_create_sysv_sema(struct ucred *cred, struct semid_kernel *semakptr, struct label *semalabel) { struct mac_biba *source, *dest; @@ -1218,7 +1218,7 @@ } static void -mac_biba_create_ipc_shm(struct ucred *cred, struct shmid_kernel *shmsegptr, +mac_biba_create_sysv_shm(struct ucred *cred, struct shmid_kernel *shmsegptr, struct label *shmlabel) { struct mac_biba *source, *dest; @@ -1519,28 +1519,28 @@ * Label cleanup/flush operations */ static void -mac_biba_cleanup_ipc_msgmsg(struct label *msglabel) +mac_biba_cleanup_sysv_msgmsg(struct label *msglabel) { bzero(SLOT(msglabel), sizeof(struct mac_biba)); } static void -mac_biba_cleanup_ipc_msgqueue(struct label *msqlabel) +mac_biba_cleanup_sysv_msgqueue(struct label *msqlabel) { bzero(SLOT(msqlabel), sizeof(struct mac_biba)); } static void -mac_biba_cleanup_ipc_sema(struct label *semalabel) +mac_biba_cleanup_sysv_sema(struct label *semalabel) { bzero(SLOT(semalabel), sizeof(struct mac_biba)); } static void -mac_biba_cleanup_ipc_shm(struct label *shmlabel) +mac_biba_cleanup_sysv_shm(struct label *shmlabel) { bzero(SLOT(shmlabel), sizeof(struct mac_biba)); } @@ -1704,7 +1704,7 @@ } static int -mac_biba_check_ipc_msgrcv(struct ucred *cred, struct msg *msgptr, +mac_biba_check_sysv_msgrcv(struct ucred *cred, struct msg *msgptr, struct label *msglabel) { struct mac_biba *subj, *obj; @@ -1722,7 +1722,7 @@ } static int -mac_biba_check_ipc_msgrmid(struct ucred *cred, struct msg *msgptr, +mac_biba_check_sysv_msgrmid(struct ucred *cred, struct msg *msgptr, struct label *msglabel) { struct mac_biba *subj, *obj; @@ -1740,7 +1740,7 @@ } static int -mac_biba_check_ipc_msqget(struct ucred *cred, struct msqid_kernel *msqkptr, +mac_biba_check_sysv_msqget(struct ucred *cred, struct msqid_kernel *msqkptr, struct label *msqklabel) { struct mac_biba *subj, *obj; @@ -1758,7 +1758,7 @@ } static int -mac_biba_check_ipc_msqsnd(struct ucred *cred, struct msqid_kernel *msqkptr, +mac_biba_check_sysv_msqsnd(struct ucred *cred, struct msqid_kernel *msqkptr, struct label *msqklabel) { struct mac_biba *subj, *obj; @@ -1776,7 +1776,7 @@ } static int -mac_biba_check_ipc_msqrcv(struct ucred *cred, struct msqid_kernel *msqkptr, +mac_biba_check_sysv_msqrcv(struct ucred *cred, struct msqid_kernel *msqkptr, >>> TRUNCATED FOR MAIL (1000 lines) <<<
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200410131221.i9DCLw2d001269>