From owner-p4-projects@FreeBSD.ORG Sat Jul 8 13:20:39 2006 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 86ECC16A4E6; Sat, 8 Jul 2006 13:20:39 +0000 (UTC) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5C70C16A4E2 for ; Sat, 8 Jul 2006 13:20:39 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id C9F9E43D5F for ; Sat, 8 Jul 2006 13:20:32 +0000 (GMT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id k68DKQSC017625 for ; Sat, 8 Jul 2006 13:20:26 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.6/8.13.4/Submit) id k68DKQZB017621 for perforce@freebsd.org; Sat, 8 Jul 2006 13:20:26 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Sat, 8 Jul 2006 13:20:26 GMT Message-Id: <200607081320.k68DKQZB017621@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson To: Perforce Change Reviews Cc: Subject: PERFORCE change 100997 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 08 Jul 2006 13:20:39 -0000 http://perforce.freebsd.org/chv.cgi?CH=100997 Change 100997 by rwatson@rwatson_zoo on 2006/07/08 13:20:05 Rename policy calls. Remove fs_label. Affected files ... .. //depot/projects/trustedbsd/mac2/sys/security/mac_test/mac_test.c#2 edit Differences ... ==== //depot/projects/trustedbsd/mac2/sys/security/mac_test/mac_test.c#2 (text+ko) ==== @@ -1,6 +1,7 @@ /*- * Copyright (c) 1999-2002 Robert N. M. Watson * Copyright (c) 2001-2005 McAfee, Inc. + * Copyright (c) 2006 SPARTA, Inc. * All rights reserved. * * This software was developed by Robert Watson for the TrustedBSD Project. @@ -10,6 +11,9 @@ * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA * CHATS research program. * + * This software was enhanced by SPARTA ISSO under SPAWAR contract + * N66001-04-C-6019 ("SEFOS"). + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -46,7 +50,7 @@ #include #include #include -#include +#include #include #include #include @@ -182,9 +186,6 @@ static int init_count_mount; SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_mount, CTLFLAG_RD, &init_count_mount, 0, "mount init calls"); -static int init_count_mount_fslabel; -SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_mount_fslabel, CTLFLAG_RD, - &init_count_mount_fslabel, 0, "mount_fslabel init calls"); static int init_count_socket; SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_socket, CTLFLAG_RD, &init_count_socket, 0, "socket init calls"); @@ -241,10 +242,6 @@ static int destroy_count_mount; SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_mount, CTLFLAG_RD, &destroy_count_mount, 0, "mount destroy calls"); -static int destroy_count_mount_fslabel; -SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_mount_fslabel, - CTLFLAG_RD, &destroy_count_mount_fslabel, 0, - "mount_fslabel destroy calls"); static int destroy_count_socket; SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_socket, CTLFLAG_RD, &destroy_count_socket, 0, "socket destroy calls"); @@ -282,13 +279,13 @@ * Policy module operations. */ static void -mac_test_destroy(struct mac_policy_conf *conf) +mac_test_policy_destroy(struct mac_policy_conf *conf) { } static void -mac_test_init(struct mac_policy_conf *conf) +mac_test_policy_init(struct mac_policy_conf *conf) { } @@ -413,14 +410,6 @@ atomic_add_int(&init_count_mount, 1); } -static void -mac_test_init_mount_fs_label(struct label *label) -{ - - SLOT(label) = MOUNTMAGIC; - atomic_add_int(&init_count_mount_fslabel, 1); -} - static int mac_test_init_socket_label(struct label *label, int flag) { @@ -660,20 +649,6 @@ } static void -mac_test_destroy_mount_fs_label(struct label *label) -{ - - if ((SLOT(label) == MOUNTMAGIC || SLOT(label) == 0)) { - atomic_add_int(&destroy_count_mount_fslabel, 1); - SLOT(label) = EXMAGIC; - } else if (SLOT(label) == EXMAGIC) { - DEBUGGER("mac_test_destroy_mount_fslabel: dup destroy"); - } else { - DEBUGGER("mac_test_destroy_mount_fslabel: corrupted label"); - } -} - -static void mac_test_destroy_socket_label(struct label *label) { @@ -836,32 +811,32 @@ * a lot like file system objects. */ static void -mac_test_associate_vnode_devfs(struct mount *mp, struct label *fslabel, +mac_test_associate_vnode_devfs(struct mount *mp, struct label *mntlabel, struct devfs_dirent *de, struct label *delabel, struct vnode *vp, struct label *vlabel) { - ASSERT_MOUNT_LABEL(fslabel); + ASSERT_MOUNT_LABEL(mntlabel); ASSERT_DEVFS_LABEL(delabel); ASSERT_VNODE_LABEL(vlabel); } static int -mac_test_associate_vnode_extattr(struct mount *mp, struct label *fslabel, +mac_test_associate_vnode_extattr(struct mount *mp, struct label *mntlabel, struct vnode *vp, struct label *vlabel) { - ASSERT_MOUNT_LABEL(fslabel); + ASSERT_MOUNT_LABEL(mntlabel); ASSERT_VNODE_LABEL(vlabel); return (0); } static void mac_test_associate_vnode_singlelabel(struct mount *mp, - struct label *fslabel, struct vnode *vp, struct label *vlabel) + struct label *mntlabel, struct vnode *vp, struct label *vlabel) { - ASSERT_MOUNT_LABEL(fslabel); + ASSERT_MOUNT_LABEL(mntlabel); ASSERT_VNODE_LABEL(vlabel); } @@ -897,12 +872,12 @@ static int mac_test_create_vnode_extattr(struct ucred *cred, struct mount *mp, - struct label *fslabel, struct vnode *dvp, struct label *dlabel, + struct label *mntlabel, struct vnode *dvp, struct label *dlabel, struct vnode *vp, struct label *vlabel, struct componentname *cnp) { ASSERT_CRED_LABEL(cred->cr_label); - ASSERT_MOUNT_LABEL(fslabel); + ASSERT_MOUNT_LABEL(mntlabel); ASSERT_VNODE_LABEL(dlabel); return (0); @@ -910,12 +885,11 @@ static void mac_test_create_mount(struct ucred *cred, struct mount *mp, - struct label *mntlabel, struct label *fslabel) + struct label *mntlabel) { ASSERT_CRED_LABEL(cred->cr_label); ASSERT_MOUNT_LABEL(mntlabel); - ASSERT_MOUNT_LABEL(fslabel); } static void @@ -2411,7 +2385,6 @@ .mpo_init_ipq_label = mac_test_init_ipq_label, .mpo_init_mbuf_label = mac_test_init_mbuf_label, .mpo_init_mount_label = mac_test_init_mount_label, - .mpo_init_mount_fs_label = mac_test_init_mount_fs_label, .mpo_init_pipe_label = mac_test_init_pipe_label, .mpo_init_posix_sem_label = mac_test_init_posix_sem_label, .mpo_init_proc_label = mac_test_init_proc_label, @@ -2431,7 +2404,6 @@ .mpo_destroy_ipq_label = mac_test_destroy_ipq_label, .mpo_destroy_mbuf_label = mac_test_destroy_mbuf_label, .mpo_destroy_mount_label = mac_test_destroy_mount_label, - .mpo_destroy_mount_fs_label = mac_test_destroy_mount_fs_label, .mpo_destroy_pipe_label = mac_test_destroy_pipe_label, .mpo_destroy_posix_sem_label = mac_test_destroy_posix_sem_label, .mpo_destroy_proc_label = mac_test_destroy_proc_label,