FreeBSD Mail Archives

Date:      Fri, 20 Apr 2007 14:35:50 GMT
From:      Robert Watson <rwatson@FreeBSD.org>
To:        Perforce Change Reviews <perforce@freebsd.org>
Subject:   PERFORCE change 118477 for review
Message-ID:  <200704201435.l3KEZo7Y022154@repoman.freebsd.org>

next in thread | raw e-mail | index | archive | help

http://perforce.freebsd.org/chv.cgi?CH=118477

Change 118477 by rwatson@rwatson_zoo on 2007/04/20 14:35:39

	Alphabetize now that things are settling out a bit.

Affected files ...

.. //depot/projects/trustedbsd/audit3/sys/security/mac/mac_audit.c#9 edit
.. //depot/projects/trustedbsd/audit3/sys/security/mac/mac_framework.h#7 edit
.. //depot/projects/trustedbsd/audit3/sys/security/mac/mac_policy.h#7 edit

Differences ...

==== //depot/projects/trustedbsd/audit3/sys/security/mac/mac_audit.c#9 (text+ko) ====

@@ -46,56 +46,56 @@
 #include <security/mac/mac_policy.h>
 
 int
-mac_check_system_audit(struct ucred *cred, void *record, int length)
+mac_check_proc_setaudit(struct ucred *cred, struct auditinfo *ai)
 {
 	int error;
 
-	MAC_CHECK(check_system_audit, cred, record, length);
+	MAC_CHECK(check_proc_setaudit, cred, ai);
 
 	return (error);
 }
 
 int
-mac_check_system_auditon(struct ucred *cred, int cmd)
+mac_check_proc_setauid(struct ucred *cred, uid_t auid)
 {
 	int error;
 
-	MAC_CHECK(check_system_auditon, cred, cmd);
+	MAC_CHECK(check_proc_setauid, cred, auid);
 
 	return (error);
 }
 
 int
-mac_check_system_auditctl(struct ucred *cred, struct vnode *vp)
+mac_check_system_audit(struct ucred *cred, void *record, int length)
 {
 	int error;
-	struct label *vl;
 
-	ASSERT_VOP_LOCKED(vp, "mac_check_system_auditctl");
-
-	vl = (vp != NULL) ? vp->v_label : NULL;
+	MAC_CHECK(check_system_audit, cred, record, length);
 
-	MAC_CHECK(check_system_auditctl, cred, vp, vl);
-
 	return (error);
 }
 
 int
-mac_check_proc_setauid(struct ucred *cred, uid_t auid)
+mac_check_system_auditctl(struct ucred *cred, struct vnode *vp)
 {
 	int error;
+	struct label *vl;
+
+	ASSERT_VOP_LOCKED(vp, "mac_check_system_auditctl");
 
-	MAC_CHECK(check_proc_setauid, cred, auid);
+	vl = (vp != NULL) ? vp->v_label : NULL;
+
+	MAC_CHECK(check_system_auditctl, cred, vp, vl);
 
 	return (error);
 }
 
 int
-mac_check_proc_setaudit(struct ucred *cred, struct auditinfo *ai)
+mac_check_system_auditon(struct ucred *cred, int cmd)
 {
 	int error;
 
-	MAC_CHECK(check_proc_setaudit, cred, ai);
+	MAC_CHECK(check_system_auditon, cred, cmd);
 
 	return (error);
 }

==== //depot/projects/trustedbsd/audit3/sys/security/mac/mac_framework.h#7 (text+ko) ====

@@ -298,6 +298,8 @@
 int	mac_check_posix_sem_wait(struct ucred *cred, struct ksem *ksemptr);
 int	mac_check_proc_debug(struct ucred *cred, struct proc *proc);
 int	mac_check_proc_sched(struct ucred *cred, struct proc *proc);
+int	mac_check_proc_setaudit(struct ucred *cred, struct auditinfo *ai);
+int	mac_check_proc_setauid(struct ucred *cred, uid_t auid);
 int	mac_check_proc_setuid(struct proc *proc,  struct ucred *cred,
 	    uid_t uid);
 int	mac_check_proc_seteuid(struct proc *proc, struct ucred *cred,
@@ -335,6 +337,9 @@
 int	mac_check_socket_visible(struct ucred *cred, struct socket *so);
 int	mac_check_sysarch_ioperm(struct ucred *cred);
 int	mac_check_system_acct(struct ucred *cred, struct vnode *vp);
+int	mac_check_system_audit(struct ucred *cred, void *record, int length);
+int	mac_check_system_auditctl(struct ucred *cred, struct vnode *vp);
+int	mac_check_system_auditon(struct ucred *cred, int cmd);
 int	mac_check_system_nfsd(struct ucred *cred);
 int	mac_check_system_reboot(struct ucred *cred, int howto);
 int	mac_check_system_settime(struct ucred *cred);
@@ -417,16 +422,6 @@
 int	mac_priv_grant(struct ucred *cred, int priv);
 
 /*
- * XXXRW: Audit checks should be above, but list them here to make a more
- * sensible diff for now.
- */
-int	mac_check_system_audit(struct ucred *cred, void *record, int length);
-int	mac_check_system_auditon(struct ucred *cred, int cmd);
-int	mac_check_system_auditctl(struct ucred *cred, struct vnode *vp);
-int	mac_check_proc_setauid(struct ucred *cred, uid_t auid);
-int	mac_check_proc_setaudit(struct ucred *cred, struct auditinfo *ai);
-
-/*
  * Calls to help various file systems implement labeling functionality using
  * their existing EA implementation.
  */

==== //depot/projects/trustedbsd/audit3/sys/security/mac/mac_policy.h#7 (text+ko) ====

@@ -456,6 +456,9 @@
 		    struct proc *proc);
 typedef int	(*mpo_check_proc_sched_t)(struct ucred *cred,
 		    struct proc *proc);
+typedef int	(*mpo_check_proc_setaudit_t)(struct ucred *cred,
+		    struct auditinfo *ai);
+typedef int	(*mpo_check_proc_setauid_t)(struct ucred *cred, uid_t auid);
 typedef int	(*mpo_check_proc_setuid_t)(struct ucred *cred, uid_t uid);
 typedef int	(*mpo_check_proc_seteuid_t)(struct ucred *cred, uid_t euid);
 typedef int	(*mpo_check_proc_setgid_t)(struct ucred *cred, gid_t gid);
@@ -505,6 +508,11 @@
 typedef int	(*mpo_check_sysarch_ioperm_t)(struct ucred *cred);
 typedef int	(*mpo_check_system_acct_t)(struct ucred *cred,
 		    struct vnode *vp, struct label *vlabel);
+typedef int	(*mpo_check_system_audit_t)(struct ucred *cred, void *record,
+		    int length);
+typedef int	(*mpo_check_system_auditctl_t)(struct ucred *cred,
+		    struct vnode *vp, struct label *vplabel);
+typedef int	(*mpo_check_system_auditon_t)(struct ucred *cred, int cmd);
 typedef int	(*mpo_check_system_nfsd_t)(struct ucred *cred);
 typedef int	(*mpo_check_system_reboot_t)(struct ucred *cred, int howto);
 typedef int	(*mpo_check_system_settime_t)(struct ucred *cred);
@@ -608,19 +616,6 @@
 typedef int	(*mpo_priv_check_t)(struct ucred *cred, int priv);
 typedef int	(*mpo_priv_grant_t)(struct ucred *cred, int priv);
 
-/*
- * XXXRW: Audit checks should be above, but list them here to make a more
- * sensible diff for now.
- */
-typedef int	(*mpo_check_system_audit_t)(struct ucred *cred, void *record,
-		    int length);
-typedef int	(*mpo_check_system_auditon_t)(struct ucred *cred, int cmd);
-typedef int	(*mpo_check_system_auditctl_t)(struct ucred *cred,
-		    struct vnode *vp, struct label *vplabel);
-typedef int	(*mpo_check_proc_setauid_t)(struct ucred *cred, uid_t auid);
-typedef int	(*mpo_check_proc_setaudit_t)(struct ucred *cred,
-		    struct auditinfo *ai);
-
 struct mac_policy_ops {
 	/*
 	 * Policy module operations.
@@ -841,6 +836,8 @@
 	mpo_check_posix_sem_wait_t		mpo_check_posix_sem_wait;
 	mpo_check_proc_debug_t			mpo_check_proc_debug;
 	mpo_check_proc_sched_t			mpo_check_proc_sched;
+	mpo_check_proc_setaudit_t		mpo_check_proc_setaudit;
+	mpo_check_proc_setauid_t		mpo_check_proc_setauid;
 	mpo_check_proc_setuid_t			mpo_check_proc_setuid;
 	mpo_check_proc_seteuid_t		mpo_check_proc_seteuid;
 	mpo_check_proc_setgid_t			mpo_check_proc_setgid;
@@ -867,6 +864,9 @@
 	mpo_check_socket_visible_t		mpo_check_socket_visible;
 	mpo_check_sysarch_ioperm_t		mpo_check_sysarch_ioperm;
 	mpo_check_system_acct_t			mpo_check_system_acct;
+	mpo_check_system_audit_t		mpo_check_system_audit;
+	mpo_check_system_auditctl_t		mpo_check_system_auditctl;
+	mpo_check_system_auditon_t		mpo_check_system_auditon;
 	mpo_check_system_nfsd_t			mpo_check_system_nfsd;
 	mpo_check_system_reboot_t		mpo_check_system_reboot;
 	mpo_check_system_settime_t		mpo_check_system_settime;
@@ -916,16 +916,6 @@
 	mpo_create_mbuf_from_syncache_t		mpo_create_mbuf_from_syncache;
 	mpo_priv_check_t			mpo_priv_check;
 	mpo_priv_grant_t			mpo_priv_grant;
-
-	/*
-	 * XXXRW: Audit checks should be above, but list them here to make a
-	 * more sensible diff for now.
-	 */
-	mpo_check_system_audit_t		mpo_check_system_audit;
-	mpo_check_system_auditon_t		mpo_check_system_auditon;
-	mpo_check_system_auditctl_t		mpo_check_system_auditctl;
-	mpo_check_proc_setauid_t		mpo_check_proc_setauid;
-	mpo_check_proc_setaudit_t		mpo_check_proc_setaudit;
 };
 
 /*

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200704201435.l3KEZo7Y022154>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation