Date: Tue, 5 Nov 2002 09:17:20 -0800 (PST) From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 20698 for review Message-ID: <200211051717.gA5HHKTn039009@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=20698 Change 20698 by rwatson@rwatson_tislabs on 2002/11/05 09:16:21 Attempt to consistently refer to the interpreter label as "interpvnodelabel" as opposed to "shelllabel", "interpfilelabel" and various other variations in various files. While I'm here, remove the transition implementations from Biba and MLS, as they don't implement transitioning. Affected files ... .. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#350 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#178 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#34 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#141 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#101 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#77 edit .. //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#56 edit .. //depot/projects/trustedbsd/mac/sys/sys/mac.h#213 edit .. //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#165 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#350 (text+ko) ==== @@ -1321,7 +1321,7 @@ void mac_execve_transition(struct ucred *old, struct ucred *new, struct vnode *vp, - struct label *shelllabel, struct image_params *imgp) + struct label *interpvnodelabel, struct image_params *imgp) { ASSERT_VOP_LOCKED(vp, "mac_execve_transition"); @@ -1330,12 +1330,12 @@ return; MAC_PERFORM(execve_transition, old, new, vp, &vp->v_label, - shelllabel, imgp); + interpvnodelabel, imgp); } int mac_execve_will_transition(struct ucred *old, struct vnode *vp, - struct label *shelllabel, struct image_params *imgp) + struct label *interpvnodelabel, struct image_params *imgp) { int result; @@ -1346,7 +1346,7 @@ result = 0; MAC_BOOLEAN(execve_will_transition, ||, old, vp, &vp->v_label, - shelllabel, imgp); + interpvnodelabel, imgp); return (result); } ==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#178 (text+ko) ==== @@ -1355,29 +1355,6 @@ } static void -mac_biba_execve_transition(struct ucred *old, struct ucred *new, - struct vnode *vp, struct label *vnodelabel, struct label *shellvnodelabel, - struct image_params *imgp) -{ - struct mac_biba *source, *dest; - - source = SLOT(&old->cr_label); - dest = SLOT(&new->cr_label); - - mac_biba_copy_single(source, dest); - mac_biba_copy_range(source, dest); -} - -static int -mac_biba_execve_will_transition(struct ucred *old, struct vnode *vp, - struct label *vnodelabel, struct label *shellvnodelabel, - struct image_params *imgp) -{ - - return (0); -} - -static void mac_biba_create_proc0(struct ucred *cred) { struct mac_biba *dest; @@ -2629,8 +2606,6 @@ .mpo_relabel_ifnet = mac_biba_relabel_ifnet, .mpo_update_ipq = mac_biba_update_ipq, .mpo_create_cred = mac_biba_create_cred, - .mpo_execve_transition = mac_biba_execve_transition, - .mpo_execve_will_transition = mac_biba_execve_will_transition, .mpo_create_proc0 = mac_biba_create_proc0, .mpo_create_proc1 = mac_biba_create_proc1, .mpo_relabel_cred = mac_biba_relabel_cred, ==== //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#34 (text+ko) ==== @@ -1507,15 +1507,15 @@ static void mac_lomac_execve_transition(struct ucred *old, struct ucred *new, - struct vnode *vp, struct label *vnodelabel, struct label *shellvnodelabel, - struct image_params *imgp) + struct vnode *vp, struct label *vnodelabel, + struct label *interpvnodelabel, struct image_params *imgp) { struct mac_lomac *source, *dest, *obj, *robj; source = SLOT(&old->cr_label); dest = SLOT(&new->cr_label); obj = SLOT(vnodelabel); - robj = shellvnodelabel != NULL ? SLOT(shellvnodelabel) : obj; + robj = interpvnodelabel != NULL ? SLOT(interpvnodelabel) : obj; mac_lomac_copy(source, dest); /* @@ -1543,7 +1543,7 @@ static int mac_lomac_execve_will_transition(struct ucred *old, struct vnode *vp, - struct label *vnodelabel, struct label *shellvnodelabel, + struct label *vnodelabel, struct label *interpvnodelabel, struct image_params *imgp) { struct mac_lomac *subj, *obj, *robj; @@ -1553,7 +1553,7 @@ subj = SLOT(&old->cr_label); obj = SLOT(vnodelabel); - robj = shellvnodelabel != NULL ? SLOT(shellvnodelabel) : obj; + robj = interpvnodelabel != NULL ? SLOT(interpvnodelabel) : obj; return ((robj->ml_flags & MAC_LOMAC_FLAG_AUX && !mac_lomac_dominate_element(&robj->ml_auxsingle, &subj->ml_single) ==== //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#141 (text+ko) ==== @@ -1282,29 +1282,6 @@ } static void -mac_mls_execve_transition(struct ucred *old, struct ucred *new, - struct vnode *vp, struct label *vnodelabel, struct label *shellvnodelabel, - struct image_params *imgp) -{ - struct mac_mls *source, *dest; - - source = SLOT(&old->cr_label); - dest = SLOT(&new->cr_label); - - mac_mls_copy_single(source, dest); - mac_mls_copy_range(source, dest); -} - -static int -mac_mls_execve_will_transition(struct ucred *old, struct vnode *vp, - struct label *vnodelabel, struct label *shellvnodelabel, - struct image_params *imgp) -{ - - return (0); -} - -static void mac_mls_create_proc0(struct ucred *cred) { struct mac_mls *dest; @@ -2466,8 +2443,6 @@ .mpo_relabel_ifnet = mac_mls_relabel_ifnet, .mpo_update_ipq = mac_mls_update_ipq, .mpo_create_cred = mac_mls_create_cred, - .mpo_execve_transition = mac_mls_execve_transition, - .mpo_execve_will_transition = mac_mls_execve_will_transition, .mpo_create_proc0 = mac_mls_create_proc0, .mpo_create_proc1 = mac_mls_create_proc1, .mpo_relabel_cred = mac_mls_relabel_cred, ==== //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#101 (text+ko) ==== @@ -416,15 +416,15 @@ static void mac_none_execve_transition(struct ucred *old, struct ucred *new, - struct vnode *vp, struct label *vnodelabel, struct label *shellvnodelabel, - struct image_params *imgp) + struct vnode *vp, struct label *vnodelabel, + struct label *interpvnodelabel, struct image_params *imgp) { } static int mac_none_execve_will_transition(struct ucred *old, struct vnode *vp, - struct label *vnodelabel, struct label *shellvnodelabel, + struct label *vnodelabel, struct label *interpvnodelabel, struct image_params *imgp) { ==== //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#77 (text+ko) ==== @@ -795,15 +795,15 @@ static void mac_test_execve_transition(struct ucred *old, struct ucred *new, - struct vnode *vp, struct label *filelabel, struct label *shellfilelabel, - struct image_params *imgp) + struct vnode *vp, struct label *filelabel, + struct label *interpvnodelabel, struct image_params *imgp) { } static int mac_test_execve_will_transition(struct ucred *old, struct vnode *vp, - struct label *filelabel, struct label *shellfilelabel, + struct label *filelabel, struct label *interpvnodelabel, struct image_params *imgp) { ==== //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#56 (text+ko) ==== @@ -310,7 +310,7 @@ static void sebsd_execve_transition(struct ucred *old, struct ucred *new, struct vnode *vp, struct label *vnodelabel, - struct label *shellvnodelabel, + struct label *interpvnodelabel, struct image_params *imgp) { struct task_security_struct *otask, *ntask; @@ -318,8 +318,8 @@ otask = SLOT(&old->cr_label); ntask = SLOT(&new->cr_label); - if (shellvnodelabel != NULL) - file = SLOT(shellvnodelabel); + if (interpvnodelabel != NULL) + file = SLOT(interpvnodelabel); else file = SLOT(vnodelabel); @@ -351,7 +351,7 @@ static int sebsd_execve_will_transition(struct ucred *old, struct vnode *vp, struct label *vnodelabel, - struct label *shellvnodelabel, + struct label *interpvnodelabel, struct image_params *imgp) { struct task_security_struct *task; @@ -359,8 +359,8 @@ security_id_t newsid; task = SLOT(&old->cr_label); - if (shellvnodelabel != NULL) - file = SLOT(shellvnodelabel); + if (interpvnodelabel != NULL) + file = SLOT(interpvnodelabel); else file = SLOT(vnodelabel); ==== //depot/projects/trustedbsd/mac/sys/sys/mac.h#213 (text+ko) ==== @@ -224,10 +224,10 @@ struct label *execlabel); void mac_execve_exit(struct image_params *imgp); void mac_execve_transition(struct ucred *old, struct ucred *new, - struct vnode *vp, struct label *shelllabel, + struct vnode *vp, struct label *interpvnodelabel, struct image_params *imgp); int mac_execve_will_transition(struct ucred *old, struct vnode *vp, - struct label *shelllabel, struct image_params *imgp); + struct label *interpvnodelabel, struct image_params *imgp); void mac_create_proc0(struct ucred *cred); void mac_create_proc1(struct ucred *cred); void mac_thread_userret(struct thread *td); ==== //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#165 (text+ko) ==== @@ -245,11 +245,11 @@ struct ucred *child_cred); void (*mpo_execve_transition)(struct ucred *old, struct ucred *new, struct vnode *vp, struct label *vnodelabel, - struct label *shellvnodelabel, + struct label *interpvnodelabel, struct image_params *imgp); int (*mpo_execve_will_transition)(struct ucred *old, struct vnode *vp, struct label *vnodelabel, - struct label *shellvnodelabel, + struct label *interpvnodelabel, struct image_params *imgp); void (*mpo_create_proc0)(struct ucred *cred); void (*mpo_create_proc1)(struct ucred *cred); To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200211051717.gA5HHKTn039009>