Date: Thu, 27 Oct 2005 17:03:17 GMT From: Todd Miller <millert@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 85932 for review Message-ID: <200510271703.j9RH3Hwt010401@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=85932 Change 85932 by millert@millert_ibook on 2005/10/27 17:03:01 Fix the most egregious style nits. Other, more minor, ones remain. Affected files ... .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd.c#14 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd.c#14 (text+ko) ==== @@ -480,29 +480,29 @@ static void sebsd_destroy_cred_label(struct label *label) { - sebsd_free (SLOT(label)); - SLOT(label) = NULL; + sebsd_free (SLOT(label)); + SLOT(label) = NULL; } static void sebsd_destroy_vnode_label(struct label *label) { - sebsd_free (SLOT(label)); - SLOT(label) = NULL; + sebsd_free (SLOT(label)); + SLOT(label) = NULL; } static void sebsd_destroy_mount_label(struct label *label) { - sebsd_free (SLOT(label)); - SLOT(label) = NULL; + sebsd_free (SLOT(label)); + SLOT(label) = NULL; } static void sebsd_destroy_mount_fs_label(struct label *label) { - sebsd_free (SLOT(label)); - SLOT(label) = NULL; + sebsd_free (SLOT(label)); + SLOT(label) = NULL; } #if 0 @@ -573,6 +573,7 @@ * currently uses a backing file pre-allocated with fixed-size * attributes. */ + struct vattr va; char context[256]; u_int32_t context_len; struct proc *p = current_proc(); @@ -614,13 +615,13 @@ } #endif - if (p == NULL || vp == NULL || vp->v_op == NULL || vp->v_tag != VT_HFS || vp->v_data == NULL) - goto dosclass; + if (p == NULL || vp == NULL || vp->v_op == NULL || + vp->v_tag != VT_HFS || vp->v_data == NULL) + goto dosclass; - struct vattr va; error = VOP_GETATTR (vp, &va, p->p_ucred, p); if (error) - goto dosclass; + goto dosclass; error = security_context_to_sid(context, strlen(context), &vsec->sid); if (error) { @@ -632,16 +633,15 @@ dosclass: /* TBD: */ vsec->sclass = vnode_type_to_security_class(vp->v_type); - if (vsec->sclass == 0) { + if (vsec->sclass == 0) printf("sebsd_update_vnode_from_extattr:: sclass is 0\n"); - } return (0); } static void sebsd_associate_vnode_singlelabel(struct mount *mp, struct label *fslabel, - struct vnode *vp, struct label *vlabel) + struct vnode *vp, struct label *vlabel) { struct mount_fs_security_struct *sbsec; struct vnode_security_struct *vsec; @@ -650,14 +650,12 @@ vsec = SLOT(vlabel); vsec->sclass = vnode_type_to_security_class(vp->v_type); - if (sbsec == NULL) - { - if (vp->v_mount != NULL) - printf ("create_vnode: no mount label for mnt=%s\n", - vp->v_mount->mnt_stat.f_mntonname); - } - else - vsec->sid = sbsec->sid; + if (sbsec == NULL) { + if (vp->v_mount != NULL) + printf ("create_vnode: no mount label for mnt=%s\n", + vp->v_mount->mnt_stat.f_mntonname); + } else + vsec->sid = sbsec->sid; } static void @@ -676,16 +674,14 @@ /* Default to using the attributes from the parent process */ task->osid = parent->osid; task->sid = parent->sid; - - return; } static void -sebsd_create_task (struct task *parent, struct task *child, struct label *pl, - struct label *chl, struct label *chpl) +sebsd_create_task(struct task *parent, struct task *child, struct label *pl, + struct label *chl, struct label *chpl) { - sebsd_create_credlabels (pl, chl); - sebsd_create_credlabels (pl, chpl); + sebsd_create_credlabels(pl, chl); + sebsd_create_credlabels(pl, chpl); } static void @@ -702,15 +698,15 @@ } static void -sebsd_copy_cred_to_task (struct label *cred, struct label *task) +sebsd_copy_cred_to_task(struct label *cred, struct label *task) { - struct task_security_struct *cl, *tl; + struct task_security_struct *cl, *tl; - cl = SLOT(cred); - tl = SLOT(task); + cl = SLOT(cred); + tl = SLOT(task); - tl->osid = cl->osid; - tl->sid = cl->sid; + tl->osid = cl->osid; + tl->sid = cl->sid; } @@ -728,13 +724,11 @@ task = SLOT(cred_child->cr_label); if (parent == task) - panic ("parent child equal"); + panic ("parent child equal"); /* Default to using the attributes from the parent process */ task->osid = parent->osid; task->sid = parent->sid; - - return; } static void @@ -752,19 +746,22 @@ static void sebsd_create_port (struct label *it, struct label *st, struct label *port) { - struct task_security_struct *its, *sts, *psec; - int rc; + struct task_security_struct *its, *sts, *psec; + int error; - its = SLOT (it); - sts = SLOT (st); - psec = SLOT (port); + its = SLOT(it); + sts = SLOT(st); + psec = SLOT(port); - rc = security_change_sid (its->sid, sts->sid, SECCLASS_MACH_PORT, &psec->sid); + error = security_change_sid(its->sid, sts->sid, SECCLASS_MACH_PORT, + &psec->sid); - /* default - label ports the same as owner process. - This is consistent with other IPC objects. */ - if (rc) - psec->sid = sts->sid; + /* + * On error label ports the same as owner process. + * This is consistent with other IPC objects. + */ + if (error) + psec->sid = sts->sid; } static void @@ -772,7 +769,7 @@ { struct task_security_struct *psec; - psec = SLOT (port); + psec = SLOT(port); psec->sid = SECINITSID_KERNEL; } @@ -820,16 +817,13 @@ /* Default to the filesystem SID. */ dirent->sid = SECINITSID_DEVFS; dirent->task_sid = SECINITSID_KERNEL; - dirent->sclass = - devfs_type_to_security_class(devfs_dirent->dn_type); + dirent->sclass = devfs_type_to_security_class(devfs_dirent->dn_type); /* Obtain a SID based on the fstype, path, and class. */ path = sebsd_malloc(strlen(fullpath) + 2, M_ZERO | M_WAITOK); path[0] = '/'; strcpy(&path[1], fullpath); - rc = security_genfs_sid("devfs", path, dirent->sclass, - &newsid); - + rc = security_genfs_sid("devfs", path, dirent->sclass, &newsid); if (rc == 0) dirent->sid = newsid; @@ -838,11 +832,11 @@ if (cr != NULL) { struct task_security_struct *task = SLOT(cr->cr_label); - /* XXX: uses the type specified by genfs instead of the parent directory - like it should! */ - int error = security_transition_sid(task->sid, dirent->sid, dirent->sclass, - &newsid); - if (error == 0) + /* XXX: uses the type specified by genfs instead of the parent + directory like it should! */ + rc = security_transition_sid(task->sid, dirent->sid, + dirent->sclass, &newsid); + if (rc == 0) dirent->sid = newsid; } @@ -853,7 +847,7 @@ "dirent=%d\n", path, rc, dirent->sclass, newsid, dirent->sid); } - sebsd_free (path); + sebsd_free(path); } #if 0 @@ -997,7 +991,7 @@ * which the filesystem will use if not a "multilabel" type. */ rc = security_fs_use(mp->mnt_vfc->vfc_name, &behavior, &sbsec->sid); - if (rc) { + if (rc != 0) { printf("sebsd_create_mount: security_fs_use(%s) returned %d\n", mp->mnt_vfc->vfc_name, rc); behavior = SECURITY_FS_USE_NONE; @@ -1121,8 +1115,7 @@ vsec->sclass = tclass; /* store label in vnode */ - error = security_sid_to_context(vsec->sid, &context, - &context_len); + error = security_sid_to_context(vsec->sid, &context, &context_len); if (error) return (error); @@ -1137,10 +1130,10 @@ #ifdef CAPABILITIES static int -sebsd_check_cap (struct ucred *cred, cap_value_t capv) +sebsd_check_cap(struct ucred *cred, cap_value_t capv) { - return cred_has_capability (cred, capv); + return cred_has_capability(cred, capv); } #endif @@ -1158,17 +1151,17 @@ tsec = SLOT(cred->cr_label); if (nsec == NULL) - return 0; + return 0; rc = avc_has_perm_ref_audit(tsec->sid, tsec->sid, SECCLASS_PROCESS, FILE__RELABELFROM, NULL, NULL); if (rc) - return (rc); + return (rc); rc = avc_has_perm_audit(tsec->sid, nsec->sid, SECCLASS_PROCESS, FILE__RELABELTO, NULL); if (rc) - return (rc); + return (rc); /* if (nsec != NULL && nsec->sid != tsec->sid) @@ -1178,35 +1171,37 @@ } static int -sebsd_check_port_relabel(struct label *task, struct label *oldlabel, struct label *newlabel) +sebsd_check_port_relabel(struct label *task, struct label *oldlabel, + struct label *newlabel) { - struct task_security_struct *tsec, *olds, *news; - int rc; + struct task_security_struct *tsec, *olds, *news; + int rc; - news = SLOT(newlabel); - olds = SLOT(oldlabel); - tsec = SLOT(task); + news = SLOT(newlabel); + olds = SLOT(oldlabel); + tsec = SLOT(task); - rc = avc_has_perm_ref_audit (tsec->sid, olds->sid, SECCLASS_MACH_PORT, - MACH_PORT__RELABELFROM, NULL, NULL); - if (rc) - return (rc); + rc = avc_has_perm_ref_audit(tsec->sid, olds->sid, SECCLASS_MACH_PORT, + MACH_PORT__RELABELFROM, NULL, NULL); + if (rc) + return (rc); - rc = avc_has_perm_audit(tsec->sid, news->sid, SECCLASS_MACH_PORT, - MACH_PORT__RELABELTO, NULL); - if (rc) - return (rc); + rc = avc_has_perm_audit(tsec->sid, news->sid, SECCLASS_MACH_PORT, + MACH_PORT__RELABELTO, NULL); + if (rc) + return (rc); - return 0; + return 0; } #define CHECK_SIMPLE_PERM(func,class,perm) \ -static int sebsd_check_##func (struct label *task, struct label *port) \ +static int sebsd_check_##func(struct label *task, struct label *port) \ { \ - struct task_security_struct *tsec, *psec; \ - psec = SLOT(port); \ - tsec = SLOT(task); \ - return avc_has_perm_ref_audit (tsec->sid, psec->sid, class, perm, NULL, NULL); \ + struct task_security_struct *tsec, *psec; \ + psec = SLOT(port); \ + tsec = SLOT(task); \ + return avc_has_perm_ref_audit (tsec->sid, psec->sid, class, \ + perm, NULL, NULL); \ } CHECK_SIMPLE_PERM(msg_send,SECCLASS_MACH_PORT,MACH_PORT__SEND); @@ -1217,47 +1212,48 @@ extern struct policydb policydb; static int -sebsd_check_service_access (struct label *subj, struct label *obj, - const char *s, const char * pn) +sebsd_check_service_access(struct label *subj, struct label *obj, + const char *s, const char * pn) { - struct task_security_struct *tsec, *psec; - struct class_datum *cld; - struct perm_datum *p; + struct task_security_struct *tsec, *psec; + struct class_datum *cld; + struct perm_datum *p; + + psec = SLOT(obj); + tsec = SLOT(subj); - psec = SLOT(obj); - tsec = SLOT(subj); + cld = hashtab_search (policydb.p_classes.table, s); + if (cld == NULL) + return EINVAL; - cld = hashtab_search (policydb.p_classes.table, s); - if (cld == NULL) - return EINVAL; - - p = hashtab_search (cld->permissions.table, pn); - if (p == NULL && cld->comdatum) - p = hashtab_search (cld->comdatum->permissions.table, pn); - if (p == NULL) - return EINVAL; + p = hashtab_search (cld->permissions.table, pn); + if (p == NULL && cld->comdatum) + p = hashtab_search (cld->comdatum->permissions.table, pn); + if (p == NULL) + return EINVAL; - return avc_has_perm_ref_audit (tsec->sid, psec->sid, cld->value, 1 << (p->value-1), - NULL, NULL); + return avc_has_perm_ref_audit(tsec->sid, psec->sid, cld->value, + 1 << (p->value-1), NULL, NULL); } static int sebsd_request_label (struct label *subj, struct label *obj, const char *s, struct label *out) { - struct task_security_struct *tsec, *psec, *osec; - struct class_datum *cld; - struct perm_datum *p; + struct task_security_struct *tsec, *psec, *osec; + struct class_datum *cld; + struct perm_datum *p; - psec = SLOT(obj); - tsec = SLOT(subj); - osec = SLOT(out); + psec = SLOT(obj); + tsec = SLOT(subj); + osec = SLOT(out); - cld = hashtab_search (policydb.p_classes.table, s); - if (cld == NULL) - return EINVAL; + cld = hashtab_search (policydb.p_classes.table, s); + if (cld == NULL) + return EINVAL; - return security_change_sid (tsec->sid, psec->sid, cld->value, &osec->sid); + return security_change_sid(tsec->sid, psec->sid, cld->value, + &osec->sid); } extern int selinux_enforcing; @@ -1271,7 +1267,7 @@ psec = SLOT(obj); tsec = SLOT(subj); - return sebsd_check_ipc_method1 (tsec->sid,psec->sid, msgid); + return sebsd_check_ipc_method1(tsec->sid,psec->sid, msgid); } static int @@ -1322,8 +1318,8 @@ } static int -sebsd_check_remount(struct ucred *cred, struct mount *mp, struct label *mntlabel, - struct label *mount_arg_label) +sebsd_check_remount(struct ucred *cred, struct mount *mp, + struct label *mntlabel, struct label *mount_arg_label) { /* cannot change labels on filesystems */ @@ -1391,7 +1387,7 @@ FIFO_FILE__RELABELTO, NULL, NULL); /* - * TBD: SELinux also check filesystem associate permission: + * TBD: SELinux also checks filesystem associate permission: return avc_has_perm_audit(newsid, sbsec->sid, SECCLASS_FILESYSTEM, @@ -1728,13 +1724,12 @@ if (dvp->v_mount) { /* XXX: mpo_check_vnode_create should probably pass the mntlabel */ - sbsec = SLOT (dvp->v_mount->mnt_mntlabel); - if (sbsec == NULL) - { - printf ("create_vnode: no mount label for mnt=%s\n", + sbsec = SLOT(dvp->v_mount->mnt_mntlabel); + if (sbsec == NULL) { + printf ("create_vnode: no mount label for mnt=%s\n", dvp->v_mount->mnt_stat.f_mntonname); - return 0; - } + return 0; + } rc = avc_has_perm_audit(newsid, sbsec->sid, SECCLASS_FILESYSTEM, FILESYSTEM__ASSOCIATE, &ad); if (rc) @@ -1815,7 +1810,7 @@ file = SLOT(label); if (execlabel == NULL) { rc = security_transition_sid(task->sid, file->sid, - SECCLASS_PROCESS, &newsid); + SECCLASS_PROCESS, &newsid); if (rc) return EACCES; } else { @@ -1923,8 +1918,8 @@ sebsd_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, struct label *dlabel, struct componentname *cnp) { - if (dvp->v_type != VDIR) - return ENOTDIR; + if (dvp->v_type != VDIR) + return ENOTDIR; /* TBD: DIR__READ as well? */ return (vnode_has_perm(cred, dvp, DIR__SEARCH, NULL)); @@ -1935,18 +1930,19 @@ struct label *filelabel, int fmode) { int acc_mode = 0; + if (fmode & O_TRUNC) - acc_mode |= VWRITE; + acc_mode |= VWRITE; if (fmode & FWRITE) - acc_mode |= VWRITE; + acc_mode |= VWRITE; if (fmode & FREAD) - acc_mode |= VREAD; + acc_mode |= VREAD; if (!acc_mode) return 0; return (vnode_has_perm(cred, vp, file_mask_to_av(vp->v_type, acc_mode), - NULL)); + NULL)); } static int @@ -2016,7 +2012,7 @@ if (vp->v_mount) { /* XXX: mpo_check_vnode_relabel should probably pass the mntlabel */ - sbsec = SLOT (vp->v_mount->mnt_mntlabel); + sbsec = SLOT(vp->v_mount->mnt_mntlabel); rc = avc_has_perm_audit (new->sid, sbsec->sid, SECCLASS_FILESYSTEM, FILESYSTEM__ASSOCIATE, &ad); if (rc) @@ -2202,7 +2198,6 @@ return vnode_has_perm(cred, vp, FILE__GETATTR, NULL); } - /* * TBD: LSM/SELinux doesn't have a nfsd hook */ @@ -2213,7 +2208,6 @@ return (0); } - static int sebsd_check_system_swapon(struct ucred *cred, struct vnode *vp, struct label *vnodelabel) @@ -2239,7 +2233,7 @@ size_t newlen) { - return (0); + return (0); } static int @@ -2587,118 +2581,118 @@ extern int sebsd_syscall(struct proc *p, int call, void *args); static struct mac_policy_ops sebsd_ops = { - .mpo_init = sebsd_init, - .mpo_init_bsd = sebsd_init_bsd, - .mpo_init_cred_label = sebsd_init_cred_label, - .mpo_init_task_label = sebsd_init_cred_label, - .mpo_init_port_label = sebsd_init_cred_label, - .mpo_init_vnode_label = sebsd_init_vnode_label, - .mpo_init_devfsdirent_label = sebsd_init_devfs_label, + .mpo_init = sebsd_init, + .mpo_init_bsd = sebsd_init_bsd, + .mpo_init_cred_label = sebsd_init_cred_label, + .mpo_init_task_label = sebsd_init_cred_label, + .mpo_init_port_label = sebsd_init_cred_label, + .mpo_init_vnode_label = sebsd_init_vnode_label, + .mpo_init_devfsdirent_label = sebsd_init_devfs_label, - .mpo_destroy = sebsd_destroy, - .mpo_destroy_cred_label = sebsd_destroy_cred_label, - .mpo_destroy_task_label = sebsd_destroy_cred_label, - .mpo_destroy_port_label = sebsd_destroy_cred_label, - .mpo_destroy_vnode_label = sebsd_destroy_vnode_label, - .mpo_destroy_devfsdirent_label = sebsd_destroy_vnode_label, + .mpo_destroy = sebsd_destroy, + .mpo_destroy_cred_label = sebsd_destroy_cred_label, + .mpo_destroy_task_label = sebsd_destroy_cred_label, + .mpo_destroy_port_label = sebsd_destroy_cred_label, + .mpo_destroy_vnode_label = sebsd_destroy_vnode_label, + .mpo_destroy_devfsdirent_label = sebsd_destroy_vnode_label, - .mpo_copy_cred_to_task = sebsd_copy_cred_to_task, - .mpo_copy_vnode_label = sebsd_copy_vnode_label, - .mpo_copy_devfs_label = sebsd_copy_vnode_label, - .mpo_copy_port_label = sebsd_copy_port_label, - .mpo_update_port_from_cred_label = sebsd_update_port_from_cred_label, + .mpo_copy_cred_to_task = sebsd_copy_cred_to_task, + .mpo_copy_vnode_label = sebsd_copy_vnode_label, + .mpo_copy_devfs_label = sebsd_copy_vnode_label, + .mpo_copy_port_label = sebsd_copy_port_label, + .mpo_update_port_from_cred_label = sebsd_update_port_from_cred_label, - .mpo_internalize_cred_label = sebsd_internalize_cred_label, - .mpo_externalize_cred_label = sebsd_externalize_cred_label, - .mpo_externalize_cred_audit_label = sebsd_externalize_cred_label, + .mpo_internalize_cred_label = sebsd_internalize_cred_label, + .mpo_externalize_cred_label = sebsd_externalize_cred_label, + .mpo_externalize_cred_audit_label = sebsd_externalize_cred_label, - .mpo_internalize_vnode_label = sebsd_internalize_vnode_label, - .mpo_externalize_vnode_label = sebsd_externalize_vnode_label, - .mpo_externalize_vnode_audit_label = sebsd_externalize_vnode_label, + .mpo_internalize_vnode_label = sebsd_internalize_vnode_label, + .mpo_externalize_vnode_label = sebsd_externalize_vnode_label, + .mpo_externalize_vnode_audit_label = sebsd_externalize_vnode_label, - .mpo_relabel_cred = sebsd_relabel_cred, - .mpo_relabel_vnode = sebsd_relabel_vnode, + .mpo_relabel_cred = sebsd_relabel_cred, + .mpo_relabel_vnode = sebsd_relabel_vnode, - /* Create Labels */ + /* Create Labels */ - .mpo_create_cred = sebsd_create_cred, - .mpo_create_task = sebsd_create_task, - .mpo_create_kernel_task = sebsd_create_kernel_task, - .mpo_create_devfs_device = sebsd_create_devfs_device, - .mpo_create_proc0 = sebsd_create_proc0, - .mpo_create_proc1 = sebsd_create_proc1, - .mpo_create_vnode_extattr = sebsd_create_vnode_extattr, - .mpo_create_port = sebsd_create_port, + .mpo_create_cred = sebsd_create_cred, + .mpo_create_task = sebsd_create_task, + .mpo_create_kernel_task = sebsd_create_kernel_task, + .mpo_create_devfs_device = sebsd_create_devfs_device, + .mpo_create_proc0 = sebsd_create_proc0, + .mpo_create_proc1 = sebsd_create_proc1, + .mpo_create_vnode_extattr = sebsd_create_vnode_extattr, + .mpo_create_port = sebsd_create_port, - .mpo_associate_vnode_singlelabel = sebsd_associate_vnode_singlelabel, - .mpo_associate_vnode_extattr = sebsd_associate_vnode_extattr, - .mpo_associate_vnode_devfs = sebsd_associate_vnode_devfs, + .mpo_associate_vnode_singlelabel = sebsd_associate_vnode_singlelabel, + .mpo_associate_vnode_extattr = sebsd_associate_vnode_extattr, + .mpo_associate_vnode_devfs = sebsd_associate_vnode_devfs, - .mpo_request_object_label = sebsd_request_label, + .mpo_request_object_label = sebsd_request_label, - /* Transition */ - .mpo_execve_will_transition = sebsd_execve_will_transition, - .mpo_execve_transition = sebsd_execve_transition, + /* Transition */ + .mpo_execve_will_transition = sebsd_execve_will_transition, + .mpo_execve_transition = sebsd_execve_transition, - /* Checks */ - .mpo_check_service_access = sebsd_check_service_access, - .mpo_check_cred_relabel = sebsd_check_cred_relabel, - .mpo_check_port_relabel = sebsd_check_port_relabel, + /* Checks */ + .mpo_check_service_access = sebsd_check_service_access, + .mpo_check_cred_relabel = sebsd_check_cred_relabel, + .mpo_check_port_relabel = sebsd_check_port_relabel, /* * The sebsd_check_msg_send is known to be broken */ -/* .mpo_check_port_send = sebsd_check_msg_send, */ +/* .mpo_check_port_send = sebsd_check_msg_send, */ - .mpo_check_port_make_send = sebsd_check_port_make_send, - .mpo_check_port_copy_send = sebsd_check_port_copy_send, - .mpo_check_port_move_receive = sebsd_check_port_move_recv, - .mpo_check_proc_signal = sebsd_check_proc_signal, - .mpo_check_vnode_access = sebsd_check_vnode_access, - .mpo_check_vnode_chdir = sebsd_check_vnode_chdir, - .mpo_check_vnode_chroot = sebsd_check_vnode_chroot, - .mpo_check_vnode_create = sebsd_check_vnode_create, - .mpo_check_vnode_delete = sebsd_check_vnode_delete, - .mpo_check_vnode_exchangedata = sebsd_check_vnode_exchangedata, - .mpo_check_vnode_exec = sebsd_check_vnode_exec, + .mpo_check_port_make_send = sebsd_check_port_make_send, + .mpo_check_port_copy_send = sebsd_check_port_copy_send, + .mpo_check_port_move_receive = sebsd_check_port_move_recv, + .mpo_check_proc_signal = sebsd_check_proc_signal, + .mpo_check_vnode_access = sebsd_check_vnode_access, + .mpo_check_vnode_chdir = sebsd_check_vnode_chdir, + .mpo_check_vnode_chroot = sebsd_check_vnode_chroot, + .mpo_check_vnode_create = sebsd_check_vnode_create, + .mpo_check_vnode_delete = sebsd_check_vnode_delete, + .mpo_check_vnode_exchangedata = sebsd_check_vnode_exchangedata, + .mpo_check_vnode_exec = sebsd_check_vnode_exec, #ifdef EXTATTR .mpo_check_vnode_getextattr = sebsd_check_vnode_getextattr, .mpo_check_vnode_listextattr = NOT_IMPLEMENTED, .mpo_check_vnode_deleteextattr = NOT_IMPLEMENTED, #endif - .mpo_check_vnode_getattrlist = sebsd_check_vnode_getattrlist, - .mpo_check_vnode_link = sebsd_check_vnode_link, - .mpo_check_vnode_lookup = sebsd_check_vnode_lookup, - .mpo_check_vnode_mmap = sebsd_check_vnode_mmap, - .mpo_check_vnode_open = sebsd_check_vnode_open, - .mpo_check_vnode_poll = sebsd_check_vnode_poll, - .mpo_check_vnode_read = sebsd_check_vnode_read, - .mpo_check_vnode_readdir = sebsd_check_vnode_readdir, - .mpo_check_vnode_readlink = sebsd_check_vnode_readlink, - .mpo_check_vnode_relabel = sebsd_check_vnode_relabel, - .mpo_check_vnode_rename_from = sebsd_check_vnode_rename_from, - .mpo_check_vnode_rename_to = sebsd_check_vnode_rename_to, - .mpo_check_vnode_revoke = sebsd_check_vnode_revoke, - .mpo_check_vnode_setattrlist = sebsd_check_vnode_setattrlist, + .mpo_check_vnode_getattrlist = sebsd_check_vnode_getattrlist, + .mpo_check_vnode_link = sebsd_check_vnode_link, + .mpo_check_vnode_lookup = sebsd_check_vnode_lookup, + .mpo_check_vnode_mmap = sebsd_check_vnode_mmap, + .mpo_check_vnode_open = sebsd_check_vnode_open, + .mpo_check_vnode_poll = sebsd_check_vnode_poll, + .mpo_check_vnode_read = sebsd_check_vnode_read, + .mpo_check_vnode_readdir = sebsd_check_vnode_readdir, + .mpo_check_vnode_readlink = sebsd_check_vnode_readlink, + .mpo_check_vnode_relabel = sebsd_check_vnode_relabel, + .mpo_check_vnode_rename_from = sebsd_check_vnode_rename_from, + .mpo_check_vnode_rename_to = sebsd_check_vnode_rename_to, + .mpo_check_vnode_revoke = sebsd_check_vnode_revoke, + .mpo_check_vnode_setattrlist = sebsd_check_vnode_setattrlist, #ifdef HAS_EXTATTRS .mpo_check_vnode_setextattr = sebsd_check_vnode_setextattr, #endif - .mpo_check_vnode_setflags = sebsd_check_vnode_setflags, - .mpo_check_vnode_setmode = sebsd_check_vnode_setmode, - .mpo_check_vnode_setowner = sebsd_check_vnode_setowner, - .mpo_check_vnode_setutimes = sebsd_check_vnode_setutimes, - .mpo_check_vnode_stat = sebsd_check_vnode_stat, - .mpo_check_vnode_write = sebsd_check_vnode_write, + .mpo_check_vnode_setflags = sebsd_check_vnode_setflags, + .mpo_check_vnode_setmode = sebsd_check_vnode_setmode, + .mpo_check_vnode_setowner = sebsd_check_vnode_setowner, + .mpo_check_vnode_setutimes = sebsd_check_vnode_setutimes, + .mpo_check_vnode_stat = sebsd_check_vnode_stat, + .mpo_check_vnode_write = sebsd_check_vnode_write, - /* Mount Points */ - .mpo_init_mount_label = sebsd_init_mount_label, - .mpo_init_mount_fs_label = sebsd_init_mount_fs_label, - .mpo_create_mount = sebsd_create_mount, - .mpo_destroy_mount_label = sebsd_destroy_mount_label, - .mpo_destroy_mount_fs_label = sebsd_destroy_mount_fs_label, + /* Mount Points */ + .mpo_init_mount_label = sebsd_init_mount_label, + .mpo_init_mount_fs_label = sebsd_init_mount_fs_label, + .mpo_create_mount = sebsd_create_mount, + .mpo_destroy_mount_label = sebsd_destroy_mount_label, + .mpo_destroy_mount_fs_label = sebsd_destroy_mount_fs_label, - .mpo_setlabel_vnode_extattr = sebsd_setlabel_vnode_extattr, + .mpo_setlabel_vnode_extattr = sebsd_setlabel_vnode_extattr, /* System V IPC Entry Points */ .mpo_init_sysv_sem_label = sebsd_init_sysv_label, @@ -2719,9 +2713,9 @@ // .mpo_check_sysv_shmdt = sebsd_check_sysv_shmdt, .mpo_check_sysv_shmget = sebsd_check_sysv_shmget, - .mpo_check_ipc_method = sebsd_check_ipc_method, + .mpo_check_ipc_method = sebsd_check_ipc_method, - .mpo_syscall = sebsd_syscall + .mpo_syscall = sebsd_syscall }; @@ -2970,14 +2964,16 @@ }; #ifdef KEXT -static kern_return_t kmod_start (kmod_info_t *ki, void *xd) +static kern_return_t +kmod_start (kmod_info_t *ki, void *xd) { - return mac_policy_register (&sebsd_mac_policy_conf); + return mac_policy_register(&sebsd_mac_policy_conf); } -static kern_return_t kmod_stop (kmod_info_t *ki, void *xd) +static kern_return_t +kmod_stop (kmod_info_t *ki, void *xd) { - return mac_policy_unregister (&sebsd_mac_policy_conf); + return mac_policy_unregister(&sebsd_mac_policy_conf); } extern kern_return_t _start(kmod_info_t *ki, void *data);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200510271703.j9RH3Hwt010401>