From owner-trustedbsd-cvs@FreeBSD.ORG Sat Jul 8 12:23:58 2006 Return-Path: X-Original-To: trustedbsd-cvs@freebsd.org Delivered-To: trustedbsd-cvs@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E0E6616A4DE for ; Sat, 8 Jul 2006 12:23:57 +0000 (UTC) (envelope-from owner-perforce@freebsd.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3B4BE43D53 for ; Sat, 8 Jul 2006 12:23:57 +0000 (GMT) (envelope-from owner-perforce@freebsd.org) Received: from mx2.freebsd.org (mx2.freebsd.org [216.136.204.119]) by cyrus.watson.org (Postfix) with ESMTP id 2ED7746C1C for ; Sat, 8 Jul 2006 08:23:56 -0400 (EDT) Received: from hub.freebsd.org (hub.freebsd.org [216.136.204.18]) by mx2.freebsd.org (Postfix) with ESMTP id 75C1255B50; Sat, 8 Jul 2006 12:23:54 +0000 (GMT) (envelope-from owner-perforce@freebsd.org) Received: by hub.freebsd.org (Postfix, from userid 32767) id 6EEE616A4E0; Sat, 8 Jul 2006 12:23:54 +0000 (UTC) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3082D16A4DA for ; Sat, 8 Jul 2006 12:23:54 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id CB5D143D4C for ; Sat, 8 Jul 2006 12:23:53 +0000 (GMT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id k68CNr2o067937 for ; Sat, 8 Jul 2006 12:23:53 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.6/8.13.4/Submit) id k68CNpqs067907 for perforce@freebsd.org; Sat, 8 Jul 2006 12:23:51 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Sat, 8 Jul 2006 12:23:51 GMT Message-Id: <200607081223.k68CNpqs067907@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson To: Perforce Change Reviews Cc: Subject: PERFORCE change 100984 for review X-BeenThere: trustedbsd-cvs@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD CVS and Perforce commit message list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 08 Jul 2006 12:23:58 -0000 http://perforce.freebsd.org/chv.cgi?CH=100984 Change 100984 by rwatson@rwatson_zoo on 2006/07/08 12:22:59 Further renaming. Affected files ... .. //depot/projects/trustedbsd/mac2/sys/compat/svr4/svr4_stream.c#3 edit .. //depot/projects/trustedbsd/mac2/sys/kern/kern_alq.c#3 edit .. //depot/projects/trustedbsd/mac2/sys/kern/link_elf_obj.c#3 edit .. //depot/projects/trustedbsd/mac2/sys/kern/uipc_usrreq.c#4 edit .. //depot/projects/trustedbsd/mac2/sys/netatalk/aarp.c#3 edit .. //depot/projects/trustedbsd/mac2/sys/netinet/if_ether.c#3 edit .. //depot/projects/trustedbsd/mac2/sys/netinet/igmp.c#3 edit .. //depot/projects/trustedbsd/mac2/sys/netinet/tcp_input.c#4 edit .. //depot/projects/trustedbsd/mac2/sys/netinet/tcp_syncache.c#4 edit .. //depot/projects/trustedbsd/mac2/sys/netinet6/nd6.c#3 edit .. //depot/projects/trustedbsd/mac2/sys/security/mac/mac_net.c#3 edit .. //depot/projects/trustedbsd/mac2/sys/security/mac/mac_socket.c#3 edit .. //depot/projects/trustedbsd/mac2/sys/security/mac_portacl/mac_portacl.c#2 edit .. //depot/projects/trustedbsd/mac2/sys/sys/mac_framework.h#14 edit .. //depot/projects/trustedbsd/mac2/sys/sys/mac_policy.h#23 edit Differences ... ==== //depot/projects/trustedbsd/mac2/sys/compat/svr4/svr4_stream.c#3 (text+ko) ==== @@ -176,7 +176,7 @@ #ifdef MAC SOCK_LOCK(so); - error = mac_check_socket_send(td->td_ucred, so); + error = mac_socket_check_send(td->td_ucred, so); SOCK_UNLOCK(so); if (error) goto done1; @@ -276,7 +276,7 @@ #ifdef MAC SOCK_LOCK(so); - error = mac_check_socket_receive(td->td_ucred, so); + error = mac_socket_check_receive(td->td_ucred, so); SOCK_UNLOCK(so); if (error) goto done1; ==== //depot/projects/trustedbsd/mac2/sys/kern/kern_alq.c#3 (text+ko) ==== @@ -299,7 +299,7 @@ * XXX: VOP_WRITE error checks are ignored. */ #ifdef MAC - if (mac_check_vnode_write(alq->aq_cred, NOCRED, vp) == 0) + if (mac_vnode_check_write(alq->aq_cred, NOCRED, vp) == 0) #endif VOP_WRITE(vp, &auio, IO_UNIT | IO_APPEND, alq->aq_cred); VOP_UNLOCK(vp, 0, td); ==== //depot/projects/trustedbsd/mac2/sys/kern/link_elf_obj.c#3 (text+ko) ==== @@ -409,7 +409,7 @@ vfslocked = NDHASGIANT(&nd); NDFREE(&nd, NDF_ONLY_PNBUF); #ifdef MAC - error = mac_check_kld_load(td->td_ucred, nd.ni_vp); + error = mac_kld_check_load(td->td_ucred, nd.ni_vp); if (error) { goto out; } ==== //depot/projects/trustedbsd/mac2/sys/kern/uipc_usrreq.c#4 (text+ko) ==== @@ -951,8 +951,8 @@ unp3->unp_flags |= UNP_WANTCRED; #ifdef MAC SOCK_LOCK(so); - mac_socket_set_peer_from_socket(so, so3); - mac_socket_set_peer_from_socket(so3, so); + mac_socket_peer_set_from_socket(so, so3); + mac_socket_peer_set_from_socket(so3, so); SOCK_UNLOCK(so); #endif ==== //depot/projects/trustedbsd/mac2/sys/netatalk/aarp.c#3 (text+ko) ==== @@ -183,7 +183,7 @@ return; } #ifdef MAC - mac_create_mbuf_linklayer(ifp, m); + mac_mbuf_create_linklayer(ifp, m); #endif m->m_len = sizeof(*ea); m->m_pkthdr.len = sizeof(*ea); @@ -616,7 +616,7 @@ return; } #ifdef MAC - mac_create_mbuf_linklayer(ifp, m); + mac_mbuf_create_linklayer(ifp, m); #endif m->m_len = sizeof(*ea); m->m_pkthdr.len = sizeof(*ea); ==== //depot/projects/trustedbsd/mac2/sys/netinet/if_ether.c#3 (text+ko) ==== @@ -350,7 +350,7 @@ ah = mtod(m, struct arphdr *); bzero((caddr_t)ah, m->m_len); #ifdef MAC - mac_create_mbuf_linklayer(ifp, m); + mac_mbuf_create_linklayer(ifp, m); #endif ah->ar_pro = htons(ETHERTYPE_IP); ah->ar_hln = ifp->if_addrlen; /* hardware address length */ ==== //depot/projects/trustedbsd/mac2/sys/netinet/igmp.c#3 (text+ko) ==== @@ -469,7 +469,7 @@ m->m_pkthdr.rcvif = loif; #ifdef MAC - mac_create_mbuf_linklayer(inm->inm_ifp, m); + mac_mbuf_create_linklayer(inm->inm_ifp, m); #endif m->m_pkthdr.len = sizeof(struct ip) + IGMP_MINLEN; MH_ALIGN(m, IGMP_MINLEN + sizeof(struct ip)); ==== //depot/projects/trustedbsd/mac2/sys/netinet/tcp_input.c#4 (text+ko) ==== @@ -1403,7 +1403,7 @@ soisconnected(so); #ifdef MAC SOCK_LOCK(so); - mac_socket_set_peer_from_mbuf(m, so); + mac_socket_peer_set_from_mbuf(m, so); SOCK_UNLOCK(so); #endif /* Do window scaling on this connection? */ ==== //depot/projects/trustedbsd/mac2/sys/netinet/tcp_syncache.c#4 (text+ko) ==== @@ -562,7 +562,7 @@ } #ifdef MAC SOCK_LOCK(so); - mac_socket_set_peer_from_mbuf(m, so); + mac_socket_peer_set_from_mbuf(m, so); SOCK_UNLOCK(so); #endif ==== //depot/projects/trustedbsd/mac2/sys/netinet6/nd6.c#3 (text+ko) ==== @@ -2129,7 +2129,7 @@ #endif #ifdef MAC - mac_create_mbuf_linklayer(ifp, m); + mac_mbuf_create_linklayer(ifp, m); #endif if ((ifp->if_flags & IFF_LOOPBACK) != 0) { return ((*ifp->if_output)(origifp, m, (struct sockaddr *)dst, ==== //depot/projects/trustedbsd/mac2/sys/security/mac/mac_net.c#3 (text+ko) ==== @@ -326,27 +326,27 @@ } void -mac_create_mbuf_linklayer(struct ifnet *ifnet, struct mbuf *mbuf) +mac_ifnet_create_mbuf(struct ifnet *ifnet, struct mbuf *mbuf) { struct label *label; label = mac_mbuf_to_label(mbuf); MAC_IFNET_LOCK(ifnet); - MAC_PERFORM(create_mbuf_linklayer, ifnet, ifnet->if_label, mbuf, - label); + MAC_PERFORM(ifnet_create_mbuf, ifnet, ifnet->if_label, mbuf, label); MAC_IFNET_UNLOCK(ifnet); } void -mac_ifnet_create_mbuf(struct ifnet *ifnet, struct mbuf *mbuf) +mac_mbuf_create_linklayer(struct ifnet *ifnet, struct mbuf *mbuf) { struct label *label; label = mac_mbuf_to_label(mbuf); MAC_IFNET_LOCK(ifnet); - MAC_PERFORM(ifnet_create_mbuf, ifnet, ifnet->if_label, mbuf, label); + MAC_PERFORM(mbuf_create_linklayer, ifnet, ifnet->if_label, mbuf, + label); MAC_IFNET_UNLOCK(ifnet); } ==== //depot/projects/trustedbsd/mac2/sys/security/mac/mac_socket.c#3 (text+ko) ==== @@ -118,9 +118,9 @@ if (label == NULL) return (NULL); - MAC_CHECK(socket_init_peer_label, label, flag); + MAC_CHECK(socket_peer_init_label, label, flag); if (error) { - MAC_PERFORM(socket_destroy_peer_label, label); + MAC_PERFORM(socket_peer_destroy_label, label); mac_labelzone_free(label); return (NULL); } @@ -157,7 +157,7 @@ mac_socket_peer_label_free(struct label *label) { - MAC_PERFORM(socket_destroy_peer_label, label); + MAC_PERFORM(socket_peer_destroy_label, label); mac_labelzone_free(label); MAC_DEBUG_COUNTER_DEC(&nmacsockets); } @@ -237,7 +237,7 @@ } void -mac_socket_set_peer_from_mbuf(struct mbuf *mbuf, struct socket *socket) +mac_socket_peer_set_from_mbuf(struct mbuf *mbuf, struct socket *socket) { struct label *label; @@ -245,12 +245,12 @@ label = mac_mbuf_to_label(mbuf); - MAC_PERFORM(socket_set_peer_from_mbuf, mbuf, label, socket, + MAC_PERFORM(socket_peer_set_from_mbuf, mbuf, label, socket, socket->so_peerlabel); } void -mac_socket_set_peer_from_socket(struct socket *oldsocket, +mac_socket_peer_set_from_socket(struct socket *oldsocket, struct socket *newsocket) { @@ -260,7 +260,7 @@ * called in both directions, so we can't assert the lock * here currently. */ - MAC_PERFORM(socket_set_peer_from_socket, oldsocket, + MAC_PERFORM(socket_peer_set_from_socket, oldsocket, oldsocket->so_label, newsocket, newsocket->so_peerlabel); } ==== //depot/projects/trustedbsd/mac2/sys/security/mac_portacl/mac_portacl.c#2 (text+ko) ==== @@ -1,5 +1,6 @@ /*- * Copyright (c) 2003-2004 Networks Associates Technology, Inc. + * Copyright (c) 2006 SPARTA, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by Network @@ -7,6 +8,9 @@ * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), * as part of the DARPA CHATS research program. * + * This software was enhanced by SPARTA ISSO under SPAWAR contract + * N66001-04-C-6019 ("SEFOS"). + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -162,7 +166,7 @@ * and access via sysctl. */ static void -destroy(struct mac_policy_conf *mpc) +policy_destroy(struct mac_policy_conf *mpc) { mtx_destroy(&rule_mtx); @@ -170,7 +174,7 @@ } static void -init(struct mac_policy_conf *mpc) +policy_init(struct mac_policy_conf *mpc) { mtx_init(&rule_mtx, "rule_mtx", NULL, MTX_DEF); @@ -438,7 +442,7 @@ * the source port is left up to the IP stack to determine automatically. */ static int -check_socket_bind(struct ucred *cred, struct socket *so, +socket_check_bind(struct ucred *cred, struct socket *so, struct label *socketlabel, struct sockaddr *sockaddr) { struct sockaddr_in *sin; @@ -489,9 +493,9 @@ static struct mac_policy_ops mac_portacl_ops = { - .mpo_destroy = destroy, - .mpo_init = init, - .mpo_check_socket_bind = check_socket_bind, + .mpo_policy_destroy = policy_destroy, + .mpo_policy_init = policy_init, + .mpo_socket_check_bind = socket_check_bind, }; MAC_POLICY_SET(&mac_portacl_ops, trustedbsd_mac_portacl, ==== //depot/projects/trustedbsd/mac2/sys/sys/mac_framework.h#14 (text+ko) ==== @@ -118,8 +118,8 @@ void mac_ifnet_init(struct ifnet *); void mac_ifnet_destroy(struct ifnet *); void mac_ifnet_create(struct ifnet *ifp); -void mac_create_mbuf_linklayer(struct ifnet *ifnet, struct mbuf *m); void mac_ifnet_create_mbuf(struct ifnet *ifnet, struct mbuf *m); +void mac_mbuf_create_linklayer(struct ifnet *ifnet, struct mbuf *m); void mac_mbuf_create_multicast_encap(struct mbuf *oldmbuf, struct ifnet *ifnet, struct mbuf *newmbuf); int mac_ifnet_check_transmit(struct ifnet *ifnet, struct mbuf *m); @@ -226,9 +226,9 @@ void mac_socket_create(struct ucred *cred, struct socket *socket); void mac_socket_accept(struct socket *oldsocket, struct socket *newsocket); -void mac_socket_set_peer_from_mbuf(struct mbuf *mbuf, +void mac_socket_peer_set_from_mbuf(struct mbuf *mbuf, struct socket *socket); -void mac_socket_set_peer_from_socket(struct socket *oldsocket, +void mac_socket_peer_set_from_socket(struct socket *oldsocket, struct socket *newsocket); int mac_socket_check_accept(struct ucred *cred, struct socket *so); int mac_socket_check_bind(struct ucred *cred, struct socket *so, ==== //depot/projects/trustedbsd/mac2/sys/sys/mac_policy.h#23 (text+ko) ==== @@ -198,10 +198,10 @@ char *element_name, char *element_data, int *claimed); typedef void (*mpo_ifnet_create_t)(struct ifnet *ifnet, struct label *ifnetlabel); -typedef void (*mpo_create_mbuf_linklayer_t)(struct ifnet *ifnet, +typedef void (*mpo_ifnet_create_mbuf_t)(struct ifnet *ifnet, struct label *ifnetlabel, struct mbuf *mbuf, struct label *mbuflabel); -typedef void (*mpo_ifnet_create_mbuf_t)(struct ifnet *ifnet, +typedef void (*mpo_mbuf_create_linklayer_t)(struct ifnet *ifnet, struct label *ifnetlabel, struct mbuf *mbuf, struct label *mbuflabel); typedef void (*mpo_mbuf_create_multicast_encap_t)(struct mbuf *oldmbuf, @@ -482,13 +482,13 @@ struct label *newsocketlabel); typedef void (*mpo_socket_relabel_t)(struct ucred *cred, struct socket *so, struct label *oldlabel, struct label *newlabel); -typedef void (*mpo_socket_set_peer_from_socket_t)(struct socket *oldsocket, +typedef void (*mpo_socket_peer_set_from_socket_t)(struct socket *oldsocket, struct label *oldsocketlabel, struct socket *newsocket, struct label *newsocketpeerlabel); typedef void (*mpo_socket_create_mbuf_t)(struct socket *so, struct label *socketlabel, struct mbuf *m, struct label *mbuflabel); -typedef void (*mpo_socket_set_peer_from_mbuf_t)(struct mbuf *mbuf, +typedef void (*mpo_socket_peer_set_from_mbuf_t)(struct mbuf *mbuf, struct label *mbuflabel, struct socket *so, struct label *socketpeerlabel); typedef int (*mpo_socket_check_accept_t)(struct ucred *cred, @@ -707,8 +707,8 @@ mpo_ifnet_externalize_label_t mpo_ifnet_externalize_label; mpo_ifnet_internalize_label_t mpo_ifnet_internalize_label; mpo_ifnet_create_t mpo_ifnet_create; - mpo_create_mbuf_linklayer_t mpo_create_mbuf_linklayer; mpo_ifnet_create_mbuf_t mpo_ifnet_create_mbuf; + mpo_mbuf_create_linklayer_t mpo_mbuf_create_linklayer; mpo_mbuf_create_multicast_encap_t mpo_mbuf_create_multicast_encap; mpo_ifnet_relabel_t mpo_ifnet_relabel; mpo_ifnet_check_relabel_t mpo_ifnet_check_relabel; @@ -851,9 +851,9 @@ mpo_socket_create_t mpo_socket_create; mpo_socket_accept_t mpo_socket_accept; mpo_socket_relabel_t mpo_socket_relabel; - mpo_socket_set_peer_from_socket_t mpo_socket_set_peer_from_socket; + mpo_socket_peer_set_from_socket_t mpo_socket_peer_set_from_socket; mpo_socket_create_mbuf_t mpo_socket_create_mbuf; - mpo_socket_set_peer_from_mbuf_t mpo_socket_set_peer_from_mbuf; + mpo_socket_peer_set_from_mbuf_t mpo_socket_peer_set_from_mbuf; mpo_socket_check_accept_t mpo_socket_check_accept; mpo_socket_check_bind_t mpo_socket_check_bind; mpo_socket_check_connect_t mpo_socket_check_connect;