Date: Fri, 7 Mar 2014 22:30:46 GMT From: Brooks Davis <brooks@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 1191605 for review Message-ID: <201403072230.s27MUkCs033814@skunkworks.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://p4web.freebsd.org/@@1191605?ac=10 Change 1191605 by brooks@brooks_zenith on 2014/03/07 22:30:22 Rename TESLA_MAC to TESLA_MAC_ALL before splitting the assertions. Affected files ... .. //depot/projects/ctsrd/tesla/src/sys/amd64/conf/TESLA#5 edit .. //depot/projects/ctsrd/tesla/src/sys/amd64/conf/TESLA_ND_ALL#3 edit .. //depot/projects/ctsrd/tesla/src/sys/amd64/conf/TESLA_ND_ALL_REGRESSION#3 edit .. //depot/projects/ctsrd/tesla/src/sys/amd64/conf/TESLA_ND_MAC#2 edit .. //depot/projects/ctsrd/tesla/src/sys/amd64/conf/TESLA_ND_MAC_PROC#2 edit .. //depot/projects/ctsrd/tesla/src/sys/conf/options#6 edit .. //depot/projects/ctsrd/tesla/src/sys/kern/kern_prot.c#8 edit .. //depot/projects/ctsrd/tesla/src/sys/kern/uipc_socket.c#6 edit .. //depot/projects/ctsrd/tesla/src/sys/security/mac/mac_cred.c#4 edit .. //depot/projects/ctsrd/tesla/src/sys/security/mac/mac_pipe.c#4 edit .. //depot/projects/ctsrd/tesla/src/sys/security/mac/mac_process.c#5 edit .. //depot/projects/ctsrd/tesla/src/sys/security/mac/mac_socket.c#4 edit .. //depot/projects/ctsrd/tesla/src/sys/security/mac/mac_vfs.c#4 edit .. //depot/projects/ctsrd/tesla/src/sys/ufs/ffs/ffs_vnops.c#17 edit .. //depot/projects/ctsrd/tesla/src/sys/ufs/ufs/ufs_acl.c#4 edit .. //depot/projects/ctsrd/tesla/src/sys/ufs/ufs/ufs_lookup.c#6 edit .. //depot/projects/ctsrd/tesla/src/sys/ufs/ufs/ufs_vnops.c#7 edit Differences ... ==== //depot/projects/ctsrd/tesla/src/sys/amd64/conf/TESLA#5 (text+ko) ==== @@ -3,6 +3,6 @@ options TESLA options TESLA_CAPSICUM -options TESLA_MAC +options TESLA_MAC_ALL options TESLA_PRIV options TESLA_PROC ==== //depot/projects/ctsrd/tesla/src/sys/amd64/conf/TESLA_ND_ALL#3 (text+ko) ==== @@ -3,7 +3,7 @@ options TESLA options TESLA_CAPSICUM -options TESLA_MAC +options TESLA_MAC_ALL options TESLA_PRIV options TESLA_PROC options TESLA_TEST ==== //depot/projects/ctsrd/tesla/src/sys/amd64/conf/TESLA_ND_ALL_REGRESSION#3 (text+ko) ==== @@ -4,6 +4,6 @@ options REGRESSION options TESLA options TESLA_CAPSICUM -options TESLA_MAC +options TESLA_MAC_ALL options TESLA_PRIV options TESLA_PROC ==== //depot/projects/ctsrd/tesla/src/sys/amd64/conf/TESLA_ND_MAC#2 (text+ko) ==== @@ -2,4 +2,4 @@ ident TESLA_ND_MAC options TESLA -options TESLA_MAC +options TESLA_MAC_ALL ==== //depot/projects/ctsrd/tesla/src/sys/amd64/conf/TESLA_ND_MAC_PROC#2 (text+ko) ==== @@ -2,5 +2,5 @@ ident TESLA_ND_MAC_PROC options TESLA -options TESLA_MAC +options TESLA_MAC_ALL options TESLA_PROC ==== //depot/projects/ctsrd/tesla/src/sys/conf/options#6 (text+ko) ==== @@ -673,7 +673,7 @@ KTR_VERBOSE opt_ktr.h TESLA opt_global.h TESLA_CAPSICUM opt_global.h -TESLA_MAC opt_global.h +TESLA_MAC_ALL opt_global.h TESLA_PRIV opt_global.h TESLA_PROC opt_global.h TESLA_TEST opt_global.h ==== //depot/projects/ctsrd/tesla/src/sys/kern/kern_prot.c#8 (text+ko) ==== @@ -2149,7 +2149,7 @@ euid = euip->ui_uid; #ifdef MAC -#ifdef TESLA_MAC +#ifdef TESLA_MAC_ALL /* XXXRW: In the exec() case, really want imgp->attr.uid. */ TESLA_SYSCALL( previously(mac_cred_check_setuid(ANY(ptr), euid) == 0) || @@ -2183,7 +2183,7 @@ { #ifdef MAC -#ifdef TESLA_MAC +#ifdef TESLA_MAC_ALL /* XXXRW: In the exec() case, really want imgp->attr.gid. */ TESLA_SYSCALL( previously(mac_cred_check_setegid(ANY(ptr), egid) == 0) || @@ -2217,7 +2217,7 @@ uid_t ruid = ruip->ui_uid; #ifdef MAC -#ifdef TESLA_MAC +#ifdef TESLA_MAC_ALL /* XXXRW: In the exec() case, really want imgp->attr.uid. */ TESLA_SYSCALL( previously(mac_cred_check_setuid(ANY(ptr), ruid) == 0) || @@ -2253,7 +2253,7 @@ { #ifdef MAC -#ifdef TESLA_MAC +#ifdef TESLA_MAC_ALL /* XXXRW: In the exec() case, really want imgp->attr.gid. */ TESLA_SYSCALL( previously(mac_cred_check_setgid(ANY(ptr), rgid) == 0) || @@ -2284,7 +2284,7 @@ { #ifdef MAC -#ifdef TESLA_MAC +#ifdef TESLA_MAC_ALL /* XXXRW: In the exec() case, really want imgp->attr.uid. */ TESLA_SYSCALL( previously(mac_cred_check_setuid(ANY(ptr), ANY(int)) == 0) || @@ -2315,7 +2315,7 @@ { #ifdef MAC -#ifdef TESLA_MAC +#ifdef TESLA_MAC_ALL /* XXXRW: In the exec() case, really want imgp->attr.gid. */ TESLA_SYSCALL( previously(mac_cred_check_setgid(ANY(ptr), ANY(int)) == 0) || ==== //depot/projects/ctsrd/tesla/src/sys/kern/uipc_socket.c#6 (text+ko) ==== @@ -425,7 +425,7 @@ int error; #ifdef MAC -#ifdef TESLA_MAC +#ifdef TESLA_MAC_ALL TESLA_SYSCALL_PREVIOUSLY(mac_socket_check_create(cred, dom, type, proto) == 0); #endif @@ -627,7 +627,7 @@ int error; #ifdef MAC -#ifdef TESLA_MAC +#ifdef TESLA_MAC_ALL TESLA_SYSCALL_PREVIOUSLY(mac_socket_check_bind(ANY(ptr), so, nam) == 0); #endif @@ -645,7 +645,7 @@ int error; #ifdef MAC -#ifdef TESLA_MAC +#ifdef TESLA_MAC_ALL TESLA_SYSCALL_PREVIOUSLY(mac_socket_check_bind(ANY(ptr), so, nam) == 0); #endif @@ -675,7 +675,7 @@ int error; #ifdef MAC -#ifdef TESLA_MAC +#ifdef TESLA_MAC_ALL TESLA_SYSCALL_PREVIOUSLY(mac_socket_check_listen(ANY(ptr), so) == 0); #endif #endif @@ -929,7 +929,7 @@ #ifdef MAC /* Access-control check is on head rather than so. */ -#ifdef TESLA_MAC +#ifdef TESLA_MAC_ALL TESLA_SYSCALL_PREVIOUSLY(mac_socket_check_accept(ANY(ptr), ANY(ptr)) == 0); #endif @@ -951,7 +951,7 @@ { #ifdef MAC -#ifdef TESLA_MAC +#ifdef TESLA_MAC_ALL TESLA_SYSCALL_PREVIOUSLY(mac_socket_check_connect(td->td_ucred, so, nam) == 0); #endif @@ -1495,7 +1495,7 @@ int error; #ifdef MAC -#ifdef TESLA_MAC +#ifdef TESLA_MAC_ALL TESLA_SYSCALL_PREVIOUSLY(mac_socket_check_send(ANY(ptr), so) == 0); #endif #endif @@ -2457,7 +2457,7 @@ int error; #ifdef MAC -#ifdef TESLA_MAC +#ifdef TESLA_MAC_ALL TESLA_SYSCALL_PREVIOUSLY(mac_socket_check_receive(ANY(ptr), so) == 0); #endif #endif @@ -3140,7 +3140,7 @@ * XXXRW: Should be active_cred but actually fp->f_cred is getting * passed down the stack, so the wrong cred here! */ -#ifdef TESLA_MAC +#ifdef TESLA_MAC_ALL TESLA_SYSCALL_PREVIOUSLY(mac_socket_check_poll(ANY(ptr), so) == 0); #endif #endif @@ -3191,7 +3191,7 @@ struct sockbuf *sb; #ifdef MAC -#ifdef TESLA_MAC +#ifdef TESLA_MAC_ALL TESLA_SYSCALL_PREVIOUSLY(mac_socket_check_poll(ANY(ptr), so) == 0); #endif #endif ==== //depot/projects/ctsrd/tesla/src/sys/security/mac/mac_cred.c#4 (text+ko) ==== @@ -196,7 +196,7 @@ mac_cred_relabel(struct ucred *cred, struct label *newlabel) { -#ifdef TESLA_MAC +#ifdef TESLA_MAC_ALL TESLA_SYSCALL(previously(mac_cred_check_relabel(cred, newlabel) == 0)); #endif ==== //depot/projects/ctsrd/tesla/src/sys/security/mac/mac_pipe.c#4 (text+ko) ==== @@ -143,7 +143,7 @@ struct label *newlabel) { -#ifdef TESLA_MAC +#ifdef TESLA_MAC_ALL TESLA_SYSCALL_PREVIOUSLY(mac_pipe_check_relabel(cred, pp, newlabel) == 0); #endif ==== //depot/projects/ctsrd/tesla/src/sys/security/mac/mac_process.c#5 (text+ko) ==== @@ -172,7 +172,7 @@ } imgp->execlabel = label; -#ifdef TESLA_MAC +#ifdef TESLA_MAC_ALL TESLA_SYSCALL_EVENTUALLY(called(mac_execve_exit)); #endif @@ -183,7 +183,7 @@ mac_execve_exit(struct image_params *imgp) { -#ifdef TESLA_MAC +#ifdef TESLA_MAC_ALL TESLA_SYSCALL_PREVIOUSLY(called(mac_execve_enter(imgp, ANY(ptr)))); #endif @@ -204,7 +204,7 @@ } else *interpvplabel = NULL; -#ifdef TESLA_MAC +#ifdef TESLA_MAC_ALL TESLA_SYSCALL_EVENTUALLY(called(mac_execve_interpreter_exit)); #endif } @@ -215,7 +215,7 @@ if (interpvplabel != NULL) { /* Awkwardly, _exit() may be called even if _enter() wasn't. */ -#ifdef TESLA_MAC +#ifdef TESLA_MAC_ALL TESLA_SYSCALL_PREVIOUSLY(called( mac_execve_interpreter_enter(ANY(ptr), ANY(ptr)))); #endif ==== //depot/projects/ctsrd/tesla/src/sys/security/mac/mac_socket.c#4 (text+ko) ==== @@ -258,7 +258,7 @@ struct label *newlabel) { -#ifdef TESLA_MAC +#ifdef TESLA_MAC_ALL TESLA_SYSCALL_PREVIOUSLY(mac_socket_check_relabel(cred, so, newlabel) == 0); #endif ==== //depot/projects/ctsrd/tesla/src/sys/security/mac/mac_vfs.c#4 (text+ko) ==== @@ -949,7 +949,7 @@ struct label *newlabel) { -#ifdef TESLA_MAC +#ifdef TESLA_MAC_ALL TESLA_SYSCALL(previously(mac_vnode_check_relabel(cred, vp, newlabel) == 0)); #endif ==== //depot/projects/ctsrd/tesla/src/sys/ufs/ffs/ffs_vnops.c#17 (text+ko) ==== @@ -440,7 +440,7 @@ vp = ap->a_vp; #ifdef MAC -#ifdef TESLA_MAC +#ifdef TESLA_MAC_ALL TESLA_SYSCALL( incallstack(ufs_readdir) || previously(called(vn_rdwr(ANY(int), vp, ANY(ptr), ANY(int), @@ -674,7 +674,7 @@ vp = ap->a_vp; #ifdef MAC -#ifdef TESLA_MAC +#ifdef TESLA_MAC_ALL TESLA_SYSCALL( previously(called(vn_rdwr(ANY(int), vp, ANY(ptr), ANY(int), ANY(int), ANY(int), flags(IO_NOMACCHECK), ANY(ptr), ANY(ptr), @@ -1495,7 +1495,7 @@ u_char *eae, *p; #ifdef MAC -#ifdef TESLA_MAC +#ifdef TESLA_MAC_ALL TESLA_SYSCALL(incallstack(ufs_setacl) || previously(mac_vnode_check_deleteextattr(ANY(ptr), ap->a_vp, ap->a_attrnamespace, ap->a_name) == 0)); @@ -1590,7 +1590,7 @@ int error, ealen; #ifdef MAC -#ifdef TESLA_MAC +#ifdef TESLA_MAC_ALL TESLA_SYSCALL(incallstack(ufs_getacl) || previously(mac_vnode_check_getextattr(ANY(ptr), ap->a_vp, ap->a_attrnamespace, ap->a_name) == 0)); @@ -1654,7 +1654,7 @@ int error, ealen; #ifdef MAC -#ifdef TESLA_MAC +#ifdef TESLA_MAC_ALL TESLA_SYSCALL_PREVIOUSLY(mac_vnode_check_listextattr(ANY(ptr), ap->a_vp, ap->a_attrnamespace) == 0); #endif @@ -1725,7 +1725,7 @@ u_char *eae, *p; #ifdef MAC -#ifdef TESLA_MAC +#ifdef TESLA_MAC_ALL TESLA_SYSCALL(incallstack(ufs_setacl) || previously(mac_vnode_check_setextattr(ANY(ptr), ap->a_vp, ap->a_attrnamespace, ap->a_name) == 0)); ==== //depot/projects/ctsrd/tesla/src/sys/ufs/ufs/ufs_acl.c#4 (text+ko) ==== @@ -364,7 +364,7 @@ { #ifdef MAC -#ifdef TESLA_MAC +#ifdef TESLA_MAC_ALL TESLA_SYSCALL_PREVIOUSLY(mac_vnode_check_getacl(ANY(ptr), ap->a_vp, ap->a_type) == 0); #endif @@ -622,7 +622,7 @@ { #ifdef MAC -#ifdef TESLA_MAC +#ifdef TESLA_MAC_ALL if (ap->a_aclp == NULL) TESLA_SYSCALL_PREVIOUSLY(mac_vnode_check_deleteacl(ANY(ptr), ap->a_vp, ap->a_type) == 0); ==== //depot/projects/ctsrd/tesla/src/sys/ufs/ufs/ufs_lookup.c#6 (text+ko) ==== @@ -53,7 +53,7 @@ #include <sys/sysctl.h> #include <sys/tesla-kernel.h> -#ifdef TESLA_MAC +#ifdef TESLA_MAC_ALL #include <security/mac/mac_framework.h> #endif @@ -217,7 +217,7 @@ { #ifdef MAC -#ifdef TESLA_MAC +#ifdef TESLA_MAC_ALL TESLA_SYSCALL_PREVIOUSLY(mac_vnode_check_lookup(ANY(ptr), ap->a_dvp, ap->a_cnp) == 0); #endif ==== //depot/projects/ctsrd/tesla/src/sys/ufs/ufs/ufs_vnops.c#7 (text+ko) ==== @@ -274,7 +274,7 @@ struct inode *ip; #ifdef MAC -#ifdef TESLA_MAC +#ifdef TESLA_MAC_ALL TESLA_SYSCALL( previously(mac_kld_check_load(ANY(ptr), vp) == 0) || previously(mac_vnode_check_exec(ANY(ptr), vp, ANY(ptr)) == 0) || @@ -542,7 +542,7 @@ } if (vap->va_flags != VNOVAL) { #ifdef MAC -#ifdef TESLA_MAC +#ifdef TESLA_MAC_ALL TESLA_SYSCALL_PREVIOUSLY(mac_vnode_check_setflags(ANY(ptr), vp, ANY(int)) == 0); #endif @@ -611,7 +611,7 @@ } if (vap->va_size != VNOVAL) { #ifdef MAC -#ifdef TESLA_MAC +#ifdef TESLA_MAC_ALL TESLA_SYSCALL_PREVIOUSLY(mac_vnode_check_write(ANY(ptr), ANY(ptr), vp) == 0); #endif @@ -661,7 +661,7 @@ * XXXRW: TESLA can't currently instrument functions with * struct arguments. */ -#ifdef TESLA_MAC +#ifdef TESLA_MAC_ALL TESLA_SYSCALL_PREVIOUSLY(mac_vnode_check_setutimes(ANY(ptr), vp, ANY(timespec), ANY(timespec)) == 0); #endif @@ -802,7 +802,7 @@ int error; #ifdef MAC -#ifdef TESLA_MAC +#ifdef TESLA_MAC_ALL TESLA_SYSCALL_PREVIOUSLY(mac_vnode_check_setmode(ANY(ptr), vp, mode) == 0); #endif @@ -875,7 +875,7 @@ #endif #ifdef MAC -#ifdef TESLA_MAC +#ifdef TESLA_MAC_ALL TESLA_SYSCALL_PREVIOUSLY(mac_vnode_check_setowner(ANY(ptr), vp, uid, gid) == 0); #endif @@ -994,7 +994,7 @@ struct thread *td; #ifdef MAC -#ifdef TESLA_MAC +#ifdef TESLA_MAC_ALL TESLA_SYSCALL_PREVIOUSLY(mac_vnode_check_unlink(ANY(ptr), dvp, vp, ap->a_cnp) == 0); #endif @@ -1050,7 +1050,7 @@ int error; #ifdef MAC -#ifdef TESLA_MAC +#ifdef TESLA_MAC_ALL TESLA_SYSCALL_PREVIOUSLY(mac_vnode_check_link(ANY(ptr), tdvp, vp, cnp) == 0); #endif @@ -1220,7 +1220,7 @@ ino_t ino; #ifdef MAC -#ifdef TESLA_MAC +#ifdef TESLA_MAC_ALL TESLA_SYSCALL_PREVIOUSLY(mac_vnode_check_rename_from(ANY(ptr), fdvp, fvp, fcnp) == 0); TESLA_SYSCALL_PREVIOUSLY(mac_vnode_check_rename_to(ANY(ptr), tdvp, @@ -1884,7 +1884,7 @@ long blkoff; #ifdef MAC -#ifdef TESLA_MAC +#ifdef TESLA_MAC_ALL TESLA_SYSCALL_PREVIOUSLY(mac_vnode_check_create(ANY(ptr), dvp, cnp, vap) == 0); #endif @@ -2125,7 +2125,7 @@ int error; #ifdef MAC -#ifdef TESLA_MAC +#ifdef TESLA_MAC_ALL TESLA_SYSCALL_PREVIOUSLY(mac_vnode_check_unlink(ANY(ptr), dvp, vp, cnp) == 0); #endif @@ -2276,7 +2276,7 @@ off_t off; #ifdef MAC -#ifdef TESLA_MAC +#ifdef TESLA_MAC_ALL TESLA_SYSCALL_PREVIOUSLY(mac_vnode_check_readdir(ANY(ptr), ap->a_vp) == 0); #endif @@ -2392,7 +2392,7 @@ doff_t isize; #ifdef MAC -#ifdef TESLA_MAC +#ifdef TESLA_MAC_ALL TESLA_SYSCALL_PREVIOUSLY(mac_vnode_check_readlink(ANY(ptr), vp) == 0); #endif #endif @@ -2695,7 +2695,7 @@ int error; #ifdef MAC -#ifdef TESLA_MAC +#ifdef TESLA_MAC_ALL TESLA_SYSCALL_PREVIOUSLY(mac_vnode_check_create(ANY(ptr), dvp, cnp, ANY(ptr)) == 0); #endif
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201403072230.s27MUkCs033814>