Date: Sat, 8 Jul 2006 10:11:31 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 100972 for review Message-ID: <200607081011.k68ABVeD082835@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=100972 Change 100972 by rwatson@rwatson_zoo on 2006/07/08 10:10:35 Rename. Affected files ... .. //depot/projects/trustedbsd/mac2/sys/i386/i386/sys_machdep.c#3 edit .. //depot/projects/trustedbsd/mac2/sys/kern/kern_exec.c#4 edit .. //depot/projects/trustedbsd/mac2/sys/kern/uipc_sem.c#3 edit .. //depot/projects/trustedbsd/mac2/sys/net/bsd_comp.c#3 edit .. //depot/projects/trustedbsd/mac2/sys/net/if_atmsubr.c#3 edit .. //depot/projects/trustedbsd/mac2/sys/net/if_fddisubr.c#3 edit .. //depot/projects/trustedbsd/mac2/sys/net/if_fwsubr.c#3 edit .. //depot/projects/trustedbsd/mac2/sys/net/if_iso88025subr.c#3 edit .. //depot/projects/trustedbsd/mac2/sys/net/if_stf.c#3 edit .. //depot/projects/trustedbsd/mac2/sys/netatalk/ddp_input.c#3 edit .. //depot/projects/trustedbsd/mac2/sys/netatalk/ddp_output.c#3 edit .. //depot/projects/trustedbsd/mac2/sys/netinet/ip_divert.c#3 edit .. //depot/projects/trustedbsd/mac2/sys/netinet/ip_mroute.c#3 edit .. //depot/projects/trustedbsd/mac2/sys/security/mac/mac_process.c#3 edit .. //depot/projects/trustedbsd/mac2/sys/security/mac/mac_socket.c#2 edit .. //depot/projects/trustedbsd/mac2/sys/security/mac/mac_system.c#2 edit .. //depot/projects/trustedbsd/mac2/sys/security/mac/mac_sysv_msg.c#2 edit .. //depot/projects/trustedbsd/mac2/sys/security/mac/mac_sysv_sem.c#2 edit .. //depot/projects/trustedbsd/mac2/sys/security/mac/mac_sysv_shm.c#2 edit .. //depot/projects/trustedbsd/mac2/sys/security/mac/mac_vfs.c#3 edit .. //depot/projects/trustedbsd/mac2/sys/sys/mac.h#4 edit .. //depot/projects/trustedbsd/mac2/sys/sys/mac_framework.h#13 edit .. //depot/projects/trustedbsd/mac2/sys/sys/mac_policy.h#21 edit .. //depot/projects/trustedbsd/mac2/sys/ufs/ffs/ffs_vfsops.c#3 edit .. //depot/projects/trustedbsd/mac2/sys/ufs/ufs/ufs_vnops.c#3 edit .. //depot/projects/trustedbsd/mac2/sys/vm/swap_pager.c#2 edit .. //depot/projects/trustedbsd/mac2/sys/vm/vm_mmap.c#3 edit Differences ... ==== //depot/projects/trustedbsd/mac2/sys/i386/i386/sys_machdep.c#3 (text+ko) ==== @@ -286,7 +286,7 @@ char *iomap; #ifdef MAC - if ((error = mac_check_sysarch_ioperm(td->td_ucred)) != 0) + if ((error = mac_system_check_ioperm(td->td_ucred)) != 0) return (error); #endif if ((error = suser(td)) != 0) ==== //depot/projects/trustedbsd/mac2/sys/kern/kern_exec.c#4 (text+ko) ==== @@ -548,7 +548,7 @@ credential_changing |= (attr.va_mode & VSGID) && oldcred->cr_gid != attr.va_gid; #ifdef MAC - will_transition = mac_execve_will_transition(oldcred, imgp->vp, + will_transition = mac_vnode_execve_will_transition(oldcred, imgp->vp, interplabel, imgp); credential_changing |= will_transition; #endif @@ -600,8 +600,8 @@ change_egid(newcred, attr.va_gid); #ifdef MAC if (will_transition) { - mac_execve_transition(oldcred, newcred, imgp->vp, - interplabel, imgp); + mac_vnode_execve_transition(oldcred, newcred, + imgp->vp, interplabel, imgp); } #endif /* ==== //depot/projects/trustedbsd/mac2/sys/kern/uipc_sem.c#3 (text+ko) ==== @@ -1,6 +1,6 @@ /*- * Copyright (c) 2002 Alfred Perlstein <alfred@FreeBSD.org> - * Copyright (c) 2003-2005 SPARTA, Inc. + * Copyright (c) 2003-2006 SPARTA, Inc. * Copyright (c) 2005 Robert N. M. Watson * All rights reserved. * @@ -9,6 +9,9 @@ * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), * as part of the DARPA CHATS research program. * + * This software was enhanced by SPARTA ISSO under SPAWAR contract + * N66001-04-C-6019 ("SEFOS"). + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -213,8 +216,8 @@ cv_init(&ret->ks_cv, "sem"); LIST_INIT(&ret->ks_users); #ifdef MAC - mac_init_posix_sem(ret); - mac_create_posix_sem(uc, ret); + mac_posix_sem_init(ret); + mac_posix_sem_create(uc, ret); #endif if (name != NULL) sem_enter(td->td_proc, ret); @@ -379,7 +382,7 @@ } } else { #ifdef MAC - error = mac_check_posix_sem_open(td->td_ucred, ks); + error = mac_posix_sem_check_open(td->td_ucred, ks); if (error) goto err_open; #endif @@ -531,7 +534,7 @@ ks = sem_lookup_byname(name); if (ks != NULL) { #ifdef MAC - error = mac_check_posix_sem_unlink(td->td_ucred, ks); + error = mac_posix_sem_check_unlink(td->td_ucred, ks); if (error) { mtx_unlock(&sem_lock); return (error); @@ -606,7 +609,7 @@ goto err; } #ifdef MAC - error = mac_check_posix_sem_post(td->td_ucred, ks); + error = mac_posix_sem_check_post(td->td_ucred, ks); if (error) goto err; #endif @@ -702,7 +705,7 @@ goto err; } #ifdef MAC - error = mac_check_posix_sem_wait(td->td_ucred, ks); + error = mac_posix_sem_check_wait(td->td_ucred, ks); if (error) { DP(("kern_sem_wait mac failed\n")); goto err; @@ -765,7 +768,7 @@ return (EINVAL); } #ifdef MAC - error = mac_check_posix_sem_getvalue(td->td_ucred, ks); + error = mac_posix_sem_check_getvalue(td->td_ucred, ks); if (error) { mtx_unlock(&sem_lock); return (error); @@ -797,7 +800,7 @@ goto err; } #ifdef MAC - error = mac_check_posix_sem_destroy(td->td_ucred, ks); + error = mac_posix_sem_check_destroy(td->td_ucred, ks); if (error) goto err; #endif ==== //depot/projects/trustedbsd/mac2/sys/net/bsd_comp.c#3 (text+ko) ==== @@ -880,7 +880,7 @@ wptr = mtod(dmp, u_char *); space = M_TRAILINGSPACE(dmp) - PPP_HDRLEN + 1; #ifdef MAC - mac_copy_mbuf(cmp, dmp); + mac_mbuf_copy(cmp, dmp); #endif /* ==== //depot/projects/trustedbsd/mac2/sys/net/if_atmsubr.c#3 (text+ko) ==== @@ -133,7 +133,7 @@ u_int32_t atm_flags; #ifdef MAC - error = mac_check_ifnet_transmit(ifp, m); + error = mac_ifnet_check_transmit(ifp, m); if (error) senderr(error); #endif @@ -266,7 +266,7 @@ return; } #ifdef MAC - mac_create_mbuf_from_ifnet(ifp, m); + mac_ifnet_create_mbuf(ifp, m); #endif ifp->if_ibytes += m->m_pkthdr.len; ==== //depot/projects/trustedbsd/mac2/sys/net/if_fddisubr.c#3 (text+ko) ==== @@ -120,7 +120,7 @@ struct fddi_header *fh; #ifdef MAC - error = mac_check_ifnet_transmit(ifp, m); + error = mac_ifnet_check_transmit(ifp, m); if (error) senderr(error); #endif @@ -406,7 +406,7 @@ } #ifdef MAC - mac_create_mbuf_from_ifnet(ifp, m); + mac_ifnet_create_mbuf(ifp, m); #endif /* ==== //depot/projects/trustedbsd/mac2/sys/net/if_fwsubr.c#3 (text+ko) ==== @@ -90,7 +90,7 @@ static int next_dgl; #ifdef MAC - error = mac_check_ifnet_transmit(ifp, m); + error = mac_ifnet_check_transmit(ifp, m); if (error) goto bad; #endif @@ -558,7 +558,7 @@ * Tag the mbuf with an appropriate MAC label before any other * consumers can get to it. */ - mac_create_mbuf_from_ifnet(ifp, m); + mac_ifnet_create_mbuf(ifp, m); #endif /* ==== //depot/projects/trustedbsd/mac2/sys/net/if_iso88025subr.c#3 (text+ko) ==== @@ -243,7 +243,7 @@ struct rtentry *rt = NULL; #ifdef MAC - error = mac_check_ifnet_transmit(ifp, m); + error = mac_ifnet_check_transmit(ifp, m); if (error) senderr(error); #endif @@ -502,7 +502,7 @@ } #ifdef MAC - mac_create_mbuf_from_ifnet(ifp, m); + mac_ifnet_create_mbuf(ifp, m); #endif /* ==== //depot/projects/trustedbsd/mac2/sys/net/if_stf.c#3 (text+ko) ==== @@ -407,7 +407,7 @@ #ifdef MAC int error; - error = mac_check_ifnet_transmit(ifp, m); + error = mac_ifnet_check_transmit(ifp, m); if (error) { m_freem(m); return (error); @@ -675,7 +675,7 @@ ifp = STF2IFP(sc); #ifdef MAC - mac_create_mbuf_from_ifnet(ifp, m); + mac_ifnet_create_mbuf(ifp, m); #endif /* ==== //depot/projects/trustedbsd/mac2/sys/netatalk/ddp_input.c#3 (text+ko) ==== @@ -411,7 +411,7 @@ #ifdef MAC SOCK_LOCK(ddp->ddp_socket); - if (mac_check_socket_deliver(ddp->ddp_socket, m) != 0) { + if (mac_socket_check_deliver(ddp->ddp_socket, m) != 0) { SOCK_UNLOCK(ddp->ddp_socket); goto out; } ==== //depot/projects/trustedbsd/mac2/sys/netatalk/ddp_output.c#3 (text+ko) ==== @@ -53,7 +53,7 @@ #ifdef MAC SOCK_LOCK(so); - mac_create_mbuf_from_socket(so, m); + mac_socket_create_mbuf(so, m); SOCK_UNLOCK(so); #endif @@ -207,7 +207,7 @@ return (ENOBUFS); } #ifdef MAC - mac_copy_mbuf(m, m0); + mac_mbuf_copy(m, m0); #endif m0->m_next = m; /* XXX perhaps we ought to align the header? */ ==== //depot/projects/trustedbsd/mac2/sys/netinet/ip_divert.c#3 (text+ko) ==== @@ -349,7 +349,7 @@ ipstat.ips_rawout++; /* XXX */ #ifdef MAC - mac_create_mbuf_from_inpcb(inp, m); + mac_inpcb_create_mbuf(inp, m); #endif error = ip_output(m, inp->inp_options, NULL, @@ -381,7 +381,7 @@ } #ifdef MAC SOCK_LOCK(so); - mac_create_mbuf_from_socket(so, m); + mac_socket_create_mbuf(so, m); SOCK_UNLOCK(so); #endif /* Send packet to input processing */ ==== //depot/projects/trustedbsd/mac2/sys/netinet/ip_mroute.c#3 (text+ko) ==== @@ -1908,7 +1908,7 @@ if (mb_copy == NULL) return; #ifdef MAC - mac_create_mbuf_multicast_encap(m, vifp->v_ifp, mb_copy); + mac_mbuf_create_multicast_encap(m, vifp->v_ifp, mb_copy); #endif mb_copy->m_data += max_linkhdr; mb_copy->m_len = sizeof(multicast_encap_iphdr); ==== //depot/projects/trustedbsd/mac2/sys/security/mac/mac_process.c#3 (text+ko) ==== @@ -51,6 +51,7 @@ #include <sys/lock.h> #include <sys/malloc.h> #include <sys/mutex.h> +#include <sys/mac.h> #include <sys/mac_framework.h> #include <sys/proc.h> #include <sys/sbuf.h> @@ -378,7 +379,7 @@ vfslocked = VFS_LOCK_GIANT(vp->v_mount); vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); result = vme->max_protection; - mac_check_vnode_mmap_downgrade(cred, vp, &result); + mac_vnode_check_mmap_downgrade(cred, vp, &result); VOP_UNLOCK(vp, 0, td); /* * Find out what maximum protection we may be allowing @@ -461,37 +462,37 @@ * buffer cache. */ void -mac_relabel_cred(struct ucred *cred, struct label *newlabel) +mac_cred_relabel(struct ucred *cred, struct label *newlabel) { - MAC_PERFORM(relabel_cred, cred, newlabel); + MAC_PERFORM(cred_relabel, cred, newlabel); } int -mac_check_cred_relabel(struct ucred *cred, struct label *newlabel) +mac_cred_check_relabel(struct ucred *cred, struct label *newlabel) { int error; - MAC_CHECK(check_cred_relabel, cred, newlabel); + MAC_CHECK(cred_check_relabel, cred, newlabel); return (error); } int -mac_check_cred_visible(struct ucred *u1, struct ucred *u2) +mac_cred_check_visible(struct ucred *u1, struct ucred *u2) { int error; if (!mac_enforce_process) return (0); - MAC_CHECK(check_cred_visible, u1, u2); + MAC_CHECK(cred_check_visible, u1, u2); return (error); } int -mac_check_proc_debug(struct ucred *cred, struct proc *proc) +mac_proc_check_debug(struct ucred *cred, struct proc *proc) { int error; @@ -500,13 +501,13 @@ if (!mac_enforce_process) return (0); - MAC_CHECK(check_proc_debug, cred, proc); + MAC_CHECK(proc_check_debug, cred, proc); return (error); } int -mac_check_proc_sched(struct ucred *cred, struct proc *proc) +mac_proc_check_sched(struct ucred *cred, struct proc *proc) { int error; @@ -515,13 +516,13 @@ if (!mac_enforce_process) return (0); - MAC_CHECK(check_proc_sched, cred, proc); + MAC_CHECK(proc_check_sched, cred, proc); return (error); } int -mac_check_proc_signal(struct ucred *cred, struct proc *proc, int signum) +mac_proc_check_signal(struct ucred *cred, struct proc *proc, int signum) { int error; @@ -530,13 +531,13 @@ if (!mac_enforce_process) return (0); - MAC_CHECK(check_proc_signal, cred, proc, signum); + MAC_CHECK(proc_check_signal, cred, proc, signum); return (error); } int -mac_check_proc_setuid(struct proc *proc, struct ucred *cred, uid_t uid) +mac_proc_check_setuid(struct proc *proc, struct ucred *cred, uid_t uid) { int error; @@ -545,12 +546,12 @@ if (!mac_enforce_suid) return (0); - MAC_CHECK(check_proc_setuid, cred, uid); + MAC_CHECK(proc_check_setuid, cred, uid); return (error); } int -mac_check_proc_seteuid(struct proc *proc, struct ucred *cred, uid_t euid) +mac_proc_check_seteuid(struct proc *proc, struct ucred *cred, uid_t euid) { int error; @@ -559,12 +560,12 @@ if (!mac_enforce_suid) return (0); - MAC_CHECK(check_proc_seteuid, cred, euid); + MAC_CHECK(proc_check_seteuid, cred, euid); return (error); } int -mac_check_proc_setgid(struct proc *proc, struct ucred *cred, gid_t gid) +mac_proc_check_setgid(struct proc *proc, struct ucred *cred, gid_t gid) { int error; @@ -573,12 +574,12 @@ if (!mac_enforce_suid) return (0); - MAC_CHECK(check_proc_setgid, cred, gid); + MAC_CHECK(proc_check_setgid, cred, gid); return (error); } int -mac_check_proc_setegid(struct proc *proc, struct ucred *cred, gid_t egid) +mac_proc_check_setegid(struct proc *proc, struct ucred *cred, gid_t egid) { int error; @@ -587,12 +588,12 @@ if (!mac_enforce_suid) return (0); - MAC_CHECK(check_proc_setegid, cred, egid); + MAC_CHECK(proc_check_setegid, cred, egid); return (error); } int -mac_check_proc_setgroups(struct proc *proc, struct ucred *cred, +mac_proc_check_setgroups(struct proc *proc, struct ucred *cred, int ngroups, gid_t *gidset) { int error; @@ -602,12 +603,12 @@ if (!mac_enforce_suid) return (0); - MAC_CHECK(check_proc_setgroups, cred, ngroups, gidset); + MAC_CHECK(proc_check_setgroups, cred, ngroups, gidset); return (error); } int -mac_check_proc_setreuid(struct proc *proc, struct ucred *cred, uid_t ruid, +mac_proc_check_setreuid(struct proc *proc, struct ucred *cred, uid_t ruid, uid_t euid) { int error; @@ -617,12 +618,12 @@ if (!mac_enforce_suid) return (0); - MAC_CHECK(check_proc_setreuid, cred, ruid, euid); + MAC_CHECK(proc_check_setreuid, cred, ruid, euid); return (error); } int -mac_check_proc_setregid(struct proc *proc, struct ucred *cred, gid_t rgid, +mac_proc_check_setregid(struct proc *proc, struct ucred *cred, gid_t rgid, gid_t egid) { int error; @@ -632,12 +633,12 @@ if (!mac_enforce_suid) return (0); - MAC_CHECK(check_proc_setregid, cred, rgid, egid); + MAC_CHECK(proc_check_setregid, cred, rgid, egid); return (error); } int -mac_check_proc_setresuid(struct proc *proc, struct ucred *cred, uid_t ruid, +mac_proc_check_setresuid(struct proc *proc, struct ucred *cred, uid_t ruid, uid_t euid, uid_t suid) { int error; @@ -647,12 +648,12 @@ if (!mac_enforce_suid) return (0); - MAC_CHECK(check_proc_setresuid, cred, ruid, euid, suid); + MAC_CHECK(proc_check_setresuid, cred, ruid, euid, suid); return (error); } int -mac_check_proc_setresgid(struct proc *proc, struct ucred *cred, gid_t rgid, +mac_proc_check_setresgid(struct proc *proc, struct ucred *cred, gid_t rgid, gid_t egid, gid_t sgid) { int error; @@ -662,12 +663,12 @@ if (!mac_enforce_suid) return (0); - MAC_CHECK(check_proc_setresgid, cred, rgid, egid, sgid); + MAC_CHECK(proc_check_setresgid, cred, rgid, egid, sgid); return (error); } int -mac_check_proc_wait(struct ucred *cred, struct proc *proc) +mac_proc_check_wait(struct ucred *cred, struct proc *proc) { int error; @@ -676,7 +677,7 @@ if (!mac_enforce_process) return (0); - MAC_CHECK(check_proc_wait, cred, proc); + MAC_CHECK(proc_check_wait, cred, proc); return (error); } ==== //depot/projects/trustedbsd/mac2/sys/security/mac/mac_socket.c#2 (text+ko) ==== @@ -2,7 +2,7 @@ * Copyright (c) 1999-2002 Robert N. M. Watson * Copyright (c) 2001 Ilmar S. Habibulin * Copyright (c) 2001-2005 Networks Associates Technology, Inc. - * Copyright (c) 2005 SPARTA, Inc. + * Copyright (c) 2005-2006 SPARTA, Inc. * All rights reserved. * * This software was developed by Robert Watson and Ilmar Habibulin for the @@ -49,6 +49,7 @@ #include <sys/malloc.h> #include <sys/mutex.h> #include <sys/mac.h> +#include <sys/mac_framework.h> #include <sys/sbuf.h> #include <sys/systm.h> #include <sys/mount.h> @@ -97,9 +98,9 @@ if (label == NULL) return (NULL); - MAC_CHECK(init_socket_label, label, flag); + MAC_CHECK(socket_init_label, label, flag); if (error) { - MAC_PERFORM(destroy_socket_label, label); + MAC_PERFORM(socket_destroy_label, label); mac_labelzone_free(label); return (NULL); } @@ -117,9 +118,9 @@ if (label == NULL) return (NULL); - MAC_CHECK(init_socket_peer_label, label, flag); + MAC_CHECK(socket_init_peer_label, label, flag); if (error) { - MAC_PERFORM(destroy_socket_peer_label, label); + MAC_PERFORM(socket_destroy_peer_label, label); mac_labelzone_free(label); return (NULL); } @@ -128,7 +129,7 @@ } int -mac_init_socket(struct socket *so, int flag) +mac_socket_init(struct socket *so, int flag) { so->so_label = mac_socket_label_alloc(flag); @@ -147,7 +148,7 @@ mac_socket_label_free(struct label *label) { - MAC_PERFORM(destroy_socket_label, label); + MAC_PERFORM(socket_destroy_label, label); mac_labelzone_free(label); MAC_DEBUG_COUNTER_DEC(&nmacsockets); } @@ -156,13 +157,13 @@ mac_socket_peer_label_free(struct label *label) { - MAC_PERFORM(destroy_socket_peer_label, label); + MAC_PERFORM(socket_destroy_peer_label, label); mac_labelzone_free(label); MAC_DEBUG_COUNTER_DEC(&nmacsockets); } void -mac_destroy_socket(struct socket *socket) +mac_socket_destroy(struct socket *socket) { mac_socket_label_free(socket->so_label); @@ -172,14 +173,14 @@ } void -mac_copy_socket_label(struct label *src, struct label *dest) +mac_socket_copy_label(struct label *src, struct label *dest) { - MAC_PERFORM(copy_socket_label, src, dest); + MAC_PERFORM(socket_copy_label, src, dest); } int -mac_externalize_socket_label(struct label *label, char *elements, +mac_socket_externalize_label(struct label *label, char *elements, char *outbuf, size_t outbuflen) { int error; @@ -190,7 +191,7 @@ } static int -mac_externalize_socket_peer_label(struct label *label, char *elements, +mac_socket_peer_externalize_label(struct label *label, char *elements, char *outbuf, size_t outbuflen) { int error; @@ -201,7 +202,7 @@ } int -mac_internalize_socket_label(struct label *label, char *string) +mac_socket_internalize_label(struct label *label, char *string) { int error; @@ -211,33 +212,32 @@ } void -mac_create_socket(struct ucred *cred, struct socket *socket) +mac_socket_create(struct ucred *cred, struct socket *socket) { - MAC_PERFORM(create_socket, cred, socket, socket->so_label); + MAC_PERFORM(socket_create, cred, socket, socket->so_label); } void -mac_create_socket_from_socket(struct socket *oldsocket, - struct socket *newsocket) +mac_socket_accept(struct socket *oldsocket, struct socket *newsocket) { SOCK_LOCK_ASSERT(oldsocket); - MAC_PERFORM(create_socket_from_socket, oldsocket, oldsocket->so_label, - newsocket, newsocket->so_label); + MAC_PERFORM(socket_accept, oldsocket, oldsocket->so_label, newsocket, + newsocket->so_label); } static void -mac_relabel_socket(struct ucred *cred, struct socket *socket, +mac_socket_relabel(struct ucred *cred, struct socket *socket, struct label *newlabel) { SOCK_LOCK_ASSERT(socket); - MAC_PERFORM(relabel_socket, cred, socket, socket->so_label, newlabel); + MAC_PERFORM(socket_relabel, cred, socket, socket->so_label, newlabel); } void -mac_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct socket *socket) +mac_socket_set_peer_from_mbuf(struct mbuf *mbuf, struct socket *socket) { struct label *label; @@ -245,12 +245,12 @@ label = mac_mbuf_to_label(mbuf); - MAC_PERFORM(set_socket_peer_from_mbuf, mbuf, label, socket, + MAC_PERFORM(socket_set_peer_from_mbuf, mbuf, label, socket, socket->so_peerlabel); } void -mac_set_socket_peer_from_socket(struct socket *oldsocket, +mac_socket_set_peer_from_socket(struct socket *oldsocket, struct socket *newsocket) { @@ -260,24 +260,24 @@ * called in both directions, so we can't assert the lock * here currently. */ - MAC_PERFORM(set_socket_peer_from_socket, oldsocket, + MAC_PERFORM(socket_set_peer_from_socket, oldsocket, oldsocket->so_label, newsocket, newsocket->so_peerlabel); } void -mac_create_mbuf_from_socket(struct socket *socket, struct mbuf *mbuf) +mac_socket_create_mbuf(struct socket *socket, struct mbuf *mbuf) { struct label *label; label = mac_mbuf_to_label(mbuf); SOCK_LOCK_ASSERT(socket); - MAC_PERFORM(create_mbuf_from_socket, socket, socket->so_label, mbuf, + MAC_PERFORM(socket_create_mbuf, socket, socket->so_label, mbuf, label); } int -mac_check_socket_accept(struct ucred *cred, struct socket *socket) +mac_socket_check_accept(struct ucred *cred, struct socket *socket) { int error; @@ -286,13 +286,13 @@ if (!mac_enforce_socket) return (0); - MAC_CHECK(check_socket_accept, cred, socket, socket->so_label); + MAC_CHECK(socket_check_accept, cred, socket, socket->so_label); return (error); } int -mac_check_socket_bind(struct ucred *ucred, struct socket *socket, +mac_socket_check_bind(struct ucred *ucred, struct socket *socket, struct sockaddr *sockaddr) { int error; @@ -302,14 +302,14 @@ if (!mac_enforce_socket) return (0); - MAC_CHECK(check_socket_bind, ucred, socket, socket->so_label, + MAC_CHECK(socket_check_bind, ucred, socket, socket->so_label, sockaddr); return (error); } int -mac_check_socket_connect(struct ucred *cred, struct socket *socket, +mac_socket_check_connect(struct ucred *cred, struct socket *socket, struct sockaddr *sockaddr) { int error; @@ -319,14 +319,14 @@ if (!mac_enforce_socket) return (0); - MAC_CHECK(check_socket_connect, cred, socket, socket->so_label, + MAC_CHECK(socket_check_connect, cred, socket, socket->so_label, sockaddr); return (error); } int -mac_check_socket_create(struct ucred *cred, int domain, int type, +mac_socket_check_create(struct ucred *cred, int domain, int type, int protocol) { int error; @@ -334,13 +334,13 @@ if (!mac_enforce_socket) return (0); - MAC_CHECK(check_socket_create, cred, domain, type, protocol); + MAC_CHECK(socket_check_create, cred, domain, type, protocol); return (error); } int -mac_check_socket_deliver(struct socket *socket, struct mbuf *mbuf) +mac_socket_check_deliver(struct socket *socket, struct mbuf *mbuf) { struct label *label; int error; @@ -352,14 +352,14 @@ label = mac_mbuf_to_label(mbuf); - MAC_CHECK(check_socket_deliver, socket, socket->so_label, mbuf, + MAC_CHECK(socket_check_deliver, socket, socket->so_label, mbuf, label); return (error); } int -mac_check_socket_listen(struct ucred *cred, struct socket *socket) +mac_socket_check_listen(struct ucred *cred, struct socket *socket) { int error; @@ -368,12 +368,12 @@ if (!mac_enforce_socket) return (0); - MAC_CHECK(check_socket_listen, cred, socket, socket->so_label); + MAC_CHECK(socket_check_listen, cred, socket, socket->so_label); return (error); } int -mac_check_socket_poll(struct ucred *cred, struct socket *so) +mac_socket_check_poll(struct ucred *cred, struct socket *so) { int error; @@ -382,12 +382,12 @@ if (!mac_enforce_socket) return (0); - MAC_CHECK(check_socket_poll, cred, so, so->so_label); + MAC_CHECK(socket_check_poll, cred, so, so->so_label); return (error); } int -mac_check_socket_receive(struct ucred *cred, struct socket *so) +mac_socket_check_receive(struct ucred *cred, struct socket *so) { int error; @@ -396,27 +396,27 @@ if (!mac_enforce_socket) return (0); - MAC_CHECK(check_socket_receive, cred, so, so->so_label); + MAC_CHECK(socket_check_receive, cred, so, so->so_label); return (error); } static int -mac_check_socket_relabel(struct ucred *cred, struct socket *socket, +mac_socket_check_relabel(struct ucred *cred, struct socket *socket, struct label *newlabel) { int error; SOCK_LOCK_ASSERT(socket); - MAC_CHECK(check_socket_relabel, cred, socket, socket->so_label, + MAC_CHECK(socket_check_relabel, cred, socket, socket->so_label, newlabel); return (error); } int -mac_check_socket_send(struct ucred *cred, struct socket *so) +mac_socket_check_send(struct ucred *cred, struct socket *so) { int error; @@ -425,13 +425,13 @@ if (!mac_enforce_socket) return (0); - MAC_CHECK(check_socket_send, cred, so, so->so_label); + MAC_CHECK(socket_check_send, cred, so, so->so_label); return (error); } int -mac_check_socket_stat(struct ucred *cred, struct socket *so) +mac_socket_check_stat(struct ucred *cred, struct socket *so) { int error; @@ -440,13 +440,13 @@ if (!mac_enforce_socket) return (0); - MAC_CHECK(check_socket_stat, cred, so, so->so_label); + MAC_CHECK(socket_check_stat, cred, so, so->so_label); return (error); } int -mac_check_socket_visible(struct ucred *cred, struct socket *socket) +mac_socket_check_visible(struct ucred *cred, struct socket *socket) { int error; @@ -455,7 +455,7 @@ if (!mac_enforce_socket) return (0); - MAC_CHECK(check_socket_visible, cred, socket, socket->so_label); + MAC_CHECK(socket_check_visible, cred, socket, socket->so_label); return (error); } @@ -476,13 +476,13 @@ * before refreshing, holding both locks. */ SOCK_LOCK(so); - error = mac_check_socket_relabel(cred, so, label); + error = mac_socket_check_relabel(cred, so, label); if (error) { SOCK_UNLOCK(so); return (error); } - mac_relabel_socket(cred, so, label); + mac_socket_relabel(cred, so, label); SOCK_UNLOCK(so); /* * If the protocol has expressed interest in socket layer changes, @@ -497,7 +497,8 @@ } >>> TRUNCATED FOR MAIL (1000 lines) <<<
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200607081011.k68ABVeD082835>