Date: Tue, 1 Mar 2005 11:57:06 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 72226 for review Message-ID: <200503011157.j21Bv6oT042731@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=72226 Change 72226 by rwatson@rwatson_paprika on 2005/03/01 11:56:08 Rename several MAC Framework and policy entry points relating to POSIX semaphores for improved consistency: mac_init_posix_ksem() -> mac_init_posix_sem() mac_create_posix_ksem() -> mac_create_posix_sem() mac_destroy_posix_ksem() -> mac_destroy_posix_sem() Similarly rename functions in mac_posix_sem.c, as well as the various policies currently implementing those entry points. Affected files ... .. //depot/projects/trustedbsd/mac/sys/kern/uipc_sem.c#19 edit .. //depot/projects/trustedbsd/mac/sys/security/mac/mac_posix_sem.c#9 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#248 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#88 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#201 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_stub/mac_stub.c#25 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#140 edit .. //depot/projects/trustedbsd/mac/sys/sys/file.h#22 edit .. //depot/projects/trustedbsd/mac/sys/sys/mac.h#265 edit .. //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#222 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/kern/uipc_sem.c#19 (text+ko) ==== @@ -1,6 +1,6 @@ /* * Copyright (c) 2002 Alfred Perlstein <alfred@FreeBSD.org> - * Copyright (c) 2003 Networks Associates Technology, Inc. + * Copyright (c) 2003-2005 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project in part by Network @@ -259,8 +259,8 @@ else ret->ks_ref = 1; #ifdef MAC - mac_init_posix_ksem(ret); - mac_create_posix_ksem(uc, ret); + mac_init_posix_sem(ret); + mac_create_posix_sem(uc, ret); #endif mtx_lock(&sem_lock); nsems++; @@ -524,7 +524,7 @@ free(ks->ks_name, M_SEM); cv_destroy(&ks->ks_cv); #ifdef MAC - mac_destroy_posix_ksem(ks); + mac_destroy_posix_sem(ks); #endif mtx_destroy(&ks->ks_mtx); free(ks, M_SEM); ==== //depot/projects/trustedbsd/mac/sys/security/mac/mac_posix_sem.c#9 (text+ko) ==== @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2003 Networks Associates Technology, Inc. + * Copyright (c) 2003-2005 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project in part by Network @@ -55,50 +55,50 @@ TUNABLE_INT("security.mac.enforce_posix_sem", &mac_enforce_posix_sem); #ifdef MAC_DEBUG -static unsigned int nmacposixksems; -SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, posix_ksems, CTLFLAG_RD, - &nmacposixksems, 0, "number of posix global semaphores inuse"); +static unsigned int nmacposixsems; +SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, posix_sems, CTLFLAG_RD, + &nmacposixsems, 0, "number of posix global semaphores inuse"); #endif static struct label * -mac_posix_ksem_label_alloc(void) +mac_posix_sem_label_alloc(void) { struct label *label; label = mac_labelzone_alloc(M_WAITOK); - MAC_PERFORM(init_posix_ksem_label, label); - MAC_DEBUG_COUNTER_INC(&nmacposixksems); + MAC_PERFORM(init_posix_sem_label, label); + MAC_DEBUG_COUNTER_INC(&nmacposixsems); return (label); } void -mac_init_posix_ksem(struct ksem *ksemptr) +mac_init_posix_sem(struct ksem *ksemptr) { - ksemptr->ks_label = mac_posix_ksem_label_alloc(); + ksemptr->ks_label = mac_posix_sem_label_alloc(); } static void -mac_posix_ksem_label_free(struct label *label) +mac_posix_sem_label_free(struct label *label) { - MAC_PERFORM(destroy_posix_ksem_label, label); - MAC_DEBUG_COUNTER_DEC(&nmacposixksems); + MAC_PERFORM(destroy_posix_sem_label, label); + MAC_DEBUG_COUNTER_DEC(&nmacposixsems); } void -mac_destroy_posix_ksem(struct ksem *ksemptr) +mac_destroy_posix_sem(struct ksem *ksemptr) { - mac_posix_ksem_label_free(ksemptr->ks_label); + mac_posix_sem_label_free(ksemptr->ks_label); ksemptr->ks_label = NULL; } void -mac_create_posix_ksem(struct ucred *cred, struct ksem *ksemptr) +mac_create_posix_sem(struct ucred *cred, struct ksem *ksemptr) { - MAC_PERFORM(create_posix_ksem, cred, ksemptr, ksemptr->ks_label); + MAC_PERFORM(create_posix_sem, cred, ksemptr, ksemptr->ks_label); } int ==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#248 (text+ko) ==== @@ -1,6 +1,6 @@ /*- * Copyright (c) 1999-2002 Robert N. M. Watson - * Copyright (c) 2001-2004 Networks Associates Technology, Inc. + * Copyright (c) 2001-2005 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed by Robert Watson for the TrustedBSD Project. @@ -1116,7 +1116,7 @@ } static void -mac_biba_create_posix_ksem(struct ucred *cred, struct ksem *ksemptr, +mac_biba_create_posix_sem(struct ucred *cred, struct ksem *ksemptr, struct label *ks_label) { struct mac_biba *source, *dest; @@ -3158,7 +3158,7 @@ .mpo_init_mount_label = mac_biba_init_label, .mpo_init_mount_fs_label = mac_biba_init_label, .mpo_init_pipe_label = mac_biba_init_label, - .mpo_init_posix_ksem_label = mac_biba_init_label, + .mpo_init_posix_sem_label = mac_biba_init_label, .mpo_init_socket_label = mac_biba_init_label_waitcheck, .mpo_init_socket_peer_label = mac_biba_init_label_waitcheck, .mpo_init_vnode_label = mac_biba_init_label, @@ -3176,7 +3176,7 @@ .mpo_destroy_mount_label = mac_biba_destroy_label, .mpo_destroy_mount_fs_label = mac_biba_destroy_label, .mpo_destroy_pipe_label = mac_biba_destroy_label, - .mpo_destroy_posix_ksem_label = mac_biba_destroy_label, + .mpo_destroy_posix_sem_label = mac_biba_destroy_label, .mpo_destroy_socket_label = mac_biba_destroy_label, .mpo_destroy_socket_peer_label = mac_biba_destroy_label, .mpo_destroy_vnode_label = mac_biba_destroy_label, @@ -3211,7 +3211,7 @@ .mpo_setlabel_vnode_extattr = mac_biba_setlabel_vnode_extattr, .mpo_create_mbuf_from_socket = mac_biba_create_mbuf_from_socket, .mpo_create_pipe = mac_biba_create_pipe, - .mpo_create_posix_ksem = mac_biba_create_posix_ksem, + .mpo_create_posix_sem = mac_biba_create_posix_sem, .mpo_create_socket = mac_biba_create_socket, .mpo_create_socket_from_socket = mac_biba_create_socket_from_socket, .mpo_relabel_pipe = mac_biba_relabel_pipe, ==== //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#88 (text+ko) ==== @@ -1,6 +1,6 @@ /*- * Copyright (c) 1999-2002 Robert N. M. Watson - * Copyright (c) 2001-2003 Networks Associates Technology, Inc. + * Copyright (c) 2001-2005 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed by Robert Watson for the TrustedBSD Project. @@ -1188,7 +1188,7 @@ } static void -mac_lomac_create_posix_ksem(struct ucred *cred, struct ksem *ksemptr, +mac_lomac_create_posix_sem(struct ucred *cred, struct ksem *ksemptr, struct label *ks_label) { struct mac_lomac *source, *dest; @@ -3083,7 +3083,7 @@ .mpo_init_mount_label = mac_lomac_init_label, .mpo_init_mount_fs_label = mac_lomac_init_label, .mpo_init_pipe_label = mac_lomac_init_label, - .mpo_init_posix_ksem_label = mac_lomac_init_label, + .mpo_init_posix_sem_label = mac_lomac_init_label, .mpo_init_proc_label = mac_lomac_init_proc_label, .mpo_init_socket_label = mac_lomac_init_label_waitcheck, .mpo_init_socket_peer_label = mac_lomac_init_label_waitcheck, @@ -3102,7 +3102,7 @@ .mpo_destroy_mount_label = mac_lomac_destroy_label, .mpo_destroy_mount_fs_label = mac_lomac_destroy_label, .mpo_destroy_pipe_label = mac_lomac_destroy_label, - .mpo_destroy_posix_ksem_label = mac_lomac_destroy_label, + .mpo_destroy_posix_sem_label = mac_lomac_destroy_label, .mpo_destroy_proc_label = mac_lomac_destroy_proc_label, .mpo_destroy_socket_label = mac_lomac_destroy_label, .mpo_destroy_socket_peer_label = mac_lomac_destroy_label, @@ -3139,7 +3139,7 @@ .mpo_setlabel_vnode_extattr = mac_lomac_setlabel_vnode_extattr, .mpo_create_mbuf_from_socket = mac_lomac_create_mbuf_from_socket, .mpo_create_pipe = mac_lomac_create_pipe, - .mpo_create_posix_ksem = mac_lomac_create_posix_ksem, + .mpo_create_posix_sem = mac_lomac_create_posix_sem, .mpo_create_socket = mac_lomac_create_socket, .mpo_create_socket_from_socket = mac_lomac_create_socket_from_socket, .mpo_relabel_pipe = mac_lomac_relabel_pipe, ==== //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#201 (text+ko) ==== @@ -1,6 +1,6 @@ /*- * Copyright (c) 1999-2002 Robert N. M. Watson - * Copyright (c) 2001-2004 Networks Associates Technology, Inc. + * Copyright (c) 2001-2005 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed by Robert Watson for the TrustedBSD Project. @@ -1082,7 +1082,7 @@ } static void -mac_mls_create_posix_ksem(struct ucred *cred, struct ksem *ksemptr, +mac_mls_create_posix_sem(struct ucred *cred, struct ksem *ksemptr, struct label *ks_label) { struct mac_mls *source, *dest; @@ -2939,7 +2939,7 @@ .mpo_init_mount_label = mac_mls_init_label, .mpo_init_mount_fs_label = mac_mls_init_label, .mpo_init_pipe_label = mac_mls_init_label, - .mpo_init_posix_ksem_label = mac_mls_init_label, + .mpo_init_posix_sem_label = mac_mls_init_label, .mpo_init_socket_label = mac_mls_init_label_waitcheck, .mpo_init_socket_peer_label = mac_mls_init_label_waitcheck, .mpo_init_vnode_label = mac_mls_init_label, @@ -2957,7 +2957,7 @@ .mpo_destroy_mount_label = mac_mls_destroy_label, .mpo_destroy_mount_fs_label = mac_mls_destroy_label, .mpo_destroy_pipe_label = mac_mls_destroy_label, - .mpo_destroy_posix_ksem_label = mac_mls_destroy_label, + .mpo_destroy_posix_sem_label = mac_mls_destroy_label, .mpo_destroy_socket_label = mac_mls_destroy_label, .mpo_destroy_socket_peer_label = mac_mls_destroy_label, .mpo_destroy_vnode_label = mac_mls_destroy_label, @@ -2992,7 +2992,7 @@ .mpo_setlabel_vnode_extattr = mac_mls_setlabel_vnode_extattr, .mpo_create_mbuf_from_socket = mac_mls_create_mbuf_from_socket, .mpo_create_pipe = mac_mls_create_pipe, - .mpo_create_posix_ksem = mac_mls_create_posix_ksem, + .mpo_create_posix_sem = mac_mls_create_posix_sem, .mpo_create_socket = mac_mls_create_socket, .mpo_create_socket_from_socket = mac_mls_create_socket_from_socket, .mpo_relabel_pipe = mac_mls_relabel_pipe, ==== //depot/projects/trustedbsd/mac/sys/security/mac_stub/mac_stub.c#25 (text+ko) ==== @@ -1,6 +1,6 @@ /*- * Copyright (c) 1999-2002 Robert N. M. Watson - * Copyright (c) 2001-2003 Networks Associates Technology, Inc. + * Copyright (c) 2001-2005 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed by Robert Watson for the TrustedBSD Project. @@ -277,7 +277,7 @@ } static void -stub_create_posix_ksem(struct ucred *cred, struct ksem *ksemptr, +stub_create_posix_sem(struct ucred *cred, struct ksem *ksemptr, struct label *ks_label) { @@ -1370,7 +1370,7 @@ .mpo_init_mount_label = stub_init_label, .mpo_init_mount_fs_label = stub_init_label, .mpo_init_pipe_label = stub_init_label, - .mpo_init_posix_ksem_label = stub_init_label, + .mpo_init_posix_sem_label = stub_init_label, .mpo_init_socket_label = stub_init_label_waitcheck, .mpo_init_socket_peer_label = stub_init_label_waitcheck, .mpo_init_vnode_label = stub_init_label, @@ -1388,7 +1388,7 @@ .mpo_destroy_mount_label = stub_destroy_label, .mpo_destroy_mount_fs_label = stub_destroy_label, .mpo_destroy_pipe_label = stub_destroy_label, - .mpo_destroy_posix_ksem_label = stub_destroy_label, + .mpo_destroy_posix_sem_label = stub_destroy_label, .mpo_destroy_socket_label = stub_destroy_label, .mpo_destroy_socket_peer_label = stub_destroy_label, .mpo_destroy_vnode_label = stub_destroy_label, @@ -1427,7 +1427,7 @@ .mpo_update_devfsdirent = stub_update_devfsdirent, .mpo_create_mbuf_from_socket = stub_create_mbuf_from_socket, .mpo_create_pipe = stub_create_pipe, - .mpo_create_posix_ksem = stub_create_posix_ksem, + .mpo_create_posix_sem = stub_create_posix_sem, .mpo_create_socket = stub_create_socket, .mpo_create_socket_from_socket = stub_create_socket_from_socket, .mpo_relabel_pipe = stub_relabel_pipe, ==== //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#140 (text+ko) ==== @@ -1,6 +1,6 @@ /*- * Copyright (c) 1999-2002 Robert N. M. Watson - * Copyright (c) 2001-2004 Networks Associates Technology, Inc. + * Copyright (c) 2001-2005 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed by Robert Watson for the TrustedBSD Project. @@ -457,7 +457,7 @@ } static void -mac_test_init_posix_ksem_label(struct label *label) +mac_test_init_posix_sem_label(struct label *label) { SLOT(label) = POSIXSEMMAGIC; @@ -715,16 +715,16 @@ } static void -mac_test_destroy_posix_ksem_label(struct label *label) +mac_test_destroy_posix_sem_label(struct label *label) { if ((SLOT(label) == POSIXSEMMAGIC || SLOT(label) == 0)) { atomic_add_int(&destroy_count_posixsems, 1); SLOT(label) = EXMAGIC; } else if (SLOT(label) == EXMAGIC) { - DEBUGGER("mac_test_destroy_posix_ksem: dup destroy"); + DEBUGGER("mac_test_destroy_posix_sem: dup destroy"); } else { - DEBUGGER("mac_test_destroy_posix_ksem: corrupted label"); + DEBUGGER("mac_test_destroy_posix_sem: corrupted label"); } } @@ -988,7 +988,7 @@ } static void -mac_test_create_posix_ksem(struct ucred *cred, struct ksem *ksem, +mac_test_create_posix_sem(struct ucred *cred, struct ksem *ksem, struct label *posixlabel) { @@ -1745,7 +1745,7 @@ } static int -mac_test_check_posix_ksem(struct ucred *cred, struct ksem *ksemptr, +mac_test_check_posix_sem(struct ucred *cred, struct ksem *ksemptr, struct label *ks_label) { @@ -2412,7 +2412,7 @@ .mpo_init_mount_label = mac_test_init_mount_label, .mpo_init_mount_fs_label = mac_test_init_mount_fs_label, .mpo_init_pipe_label = mac_test_init_pipe_label, - .mpo_init_posix_ksem_label = mac_test_init_posix_ksem_label, + .mpo_init_posix_sem_label = mac_test_init_posix_sem_label, .mpo_init_proc_label = mac_test_init_proc_label, .mpo_init_socket_label = mac_test_init_socket_label, .mpo_init_socket_peer_label = mac_test_init_socket_peer_label, @@ -2432,7 +2432,7 @@ .mpo_destroy_mount_label = mac_test_destroy_mount_label, .mpo_destroy_mount_fs_label = mac_test_destroy_mount_fs_label, .mpo_destroy_pipe_label = mac_test_destroy_pipe_label, - .mpo_destroy_posix_ksem_label = mac_test_destroy_posix_ksem_label, + .mpo_destroy_posix_sem_label = mac_test_destroy_posix_sem_label, .mpo_destroy_proc_label = mac_test_destroy_proc_label, .mpo_destroy_socket_label = mac_test_destroy_socket_label, .mpo_destroy_socket_peer_label = mac_test_destroy_socket_peer_label, @@ -2468,7 +2468,7 @@ .mpo_update_devfsdirent = mac_test_update_devfsdirent, .mpo_create_mbuf_from_socket = mac_test_create_mbuf_from_socket, .mpo_create_pipe = mac_test_create_pipe, - .mpo_create_posix_ksem = mac_test_create_posix_ksem, + .mpo_create_posix_sem = mac_test_create_posix_sem, .mpo_create_socket = mac_test_create_socket, .mpo_create_socket_from_socket = mac_test_create_socket_from_socket, .mpo_relabel_pipe = mac_test_relabel_pipe, @@ -2543,13 +2543,13 @@ .mpo_check_pipe_relabel = mac_test_check_pipe_relabel, .mpo_check_pipe_stat = mac_test_check_pipe_stat, .mpo_check_pipe_write = mac_test_check_pipe_write, - .mpo_check_posix_sem_close = mac_test_check_posix_ksem, - .mpo_check_posix_sem_destroy = mac_test_check_posix_ksem, - .mpo_check_posix_sem_getvalue = mac_test_check_posix_ksem, - .mpo_check_posix_sem_openexisting = mac_test_check_posix_ksem, - .mpo_check_posix_sem_post = mac_test_check_posix_ksem, - .mpo_check_posix_sem_unlink = mac_test_check_posix_ksem, - .mpo_check_posix_sem_wait = mac_test_check_posix_ksem, + .mpo_check_posix_sem_close = mac_test_check_posix_sem, + .mpo_check_posix_sem_destroy = mac_test_check_posix_sem, + .mpo_check_posix_sem_getvalue = mac_test_check_posix_sem, + .mpo_check_posix_sem_openexisting = mac_test_check_posix_sem, + .mpo_check_posix_sem_post = mac_test_check_posix_sem, + .mpo_check_posix_sem_unlink = mac_test_check_posix_sem, + .mpo_check_posix_sem_wait = mac_test_check_posix_sem, .mpo_check_proc_debug = mac_test_check_proc_debug, .mpo_check_proc_sched = mac_test_check_proc_sched, .mpo_check_proc_setuid = mac_test_check_proc_setuid, ==== //depot/projects/trustedbsd/mac/sys/sys/file.h#22 (text+ko) ==== @@ -131,6 +131,7 @@ off_t f_nextoff; /* * offset of next expected read or write */ + void *f_label; /* Place-holder for struct label pointer. */ }; #endif /* _KERNEL */ ==== //depot/projects/trustedbsd/mac/sys/sys/mac.h#265 (text+ko) ==== @@ -156,7 +156,7 @@ int mac_init_ipq(struct ipq *, int flag); int mac_init_socket(struct socket *, int flag); void mac_init_pipe(struct pipepair *); -void mac_init_posix_ksem(struct ksem *); +void mac_init_posix_sem(struct ksem *); int mac_init_mbuf(struct mbuf *mbuf, int flag); int mac_init_mbuf_tag(struct m_tag *, int flag); void mac_init_mount(struct mount *); @@ -176,7 +176,7 @@ void mac_destroy_ipq(struct ipq *); void mac_destroy_socket(struct socket *); void mac_destroy_pipe(struct pipepair *); -void mac_destroy_posix_ksem(struct ksem *); +void mac_destroy_posix_sem(struct ksem *); void mac_destroy_proc(struct proc *); void mac_destroy_mbuf_tag(struct m_tag *); void mac_destroy_mount(struct mount *); @@ -239,7 +239,7 @@ /* * Labeling event operations: POSIX (global/inter-process) semaphores. */ -void mac_create_posix_ksem(struct ucred *cred, struct ksem *ksemptr); +void mac_create_posix_sem(struct ucred *cred, struct ksem *ksemptr); /* ==== //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#222 (text+ko) ==== @@ -115,7 +115,7 @@ int (*mpo_init_socket_label)(struct label *label, int flag); int (*mpo_init_socket_peer_label)(struct label *label, int flag); void (*mpo_init_pipe_label)(struct label *label); - void (*mpo_init_posix_ksem_label)(struct label *label); + void (*mpo_init_posix_sem_label)(struct label *label); void (*mpo_init_proc_label)(struct label *label); void (*mpo_init_vnode_label)(struct label *label); void (*mpo_destroy_bpfdesc_label)(struct label *label); @@ -134,7 +134,7 @@ void (*mpo_destroy_socket_label)(struct label *label); void (*mpo_destroy_socket_peer_label)(struct label *label); void (*mpo_destroy_pipe_label)(struct label *label); - void (*mpo_destroy_posix_ksem_label)(struct label *label); + void (*mpo_destroy_posix_sem_label)(struct label *label); void (*mpo_destroy_proc_label)(struct label *label); void (*mpo_destroy_vnode_label)(struct label *label); void (*mpo_cleanup_sysv_msgmsg)(struct label *msglabel); @@ -259,7 +259,7 @@ /* * Labeling event operations: POSIX (global/inter-process) semaphores. */ - void (*mpo_create_posix_ksem)(struct ucred *cred, + void (*mpo_create_posix_sem)(struct ucred *cred, struct ksem *ksemptr, struct label *ks_label); /*
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200503011157.j21Bv6oT042731>