From owner-p4-projects@FreeBSD.ORG Wed Nov 5 23:16:16 2003 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 9CE4E16A4D0; Wed, 5 Nov 2003 23:16:16 -0800 (PST) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7600B16A4CE for ; Wed, 5 Nov 2003 23:16:16 -0800 (PST) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 09A6C43F75 for ; Wed, 5 Nov 2003 23:16:14 -0800 (PST) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.12.9/8.12.9) with ESMTP id hA67GDXJ098003 for ; Wed, 5 Nov 2003 23:16:13 -0800 (PST) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.12.9/8.12.9/Submit) id hA67GDdH098000 for perforce@freebsd.org; Wed, 5 Nov 2003 23:16:13 -0800 (PST) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Wed, 5 Nov 2003 23:16:13 -0800 (PST) Message-Id: <200311060716.hA67GDdH098000@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson To: Perforce Change Reviews Subject: PERFORCE change 41574 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Nov 2003 07:16:17 -0000 http://perforce.freebsd.org/chv.cgi?CH=41574 Change 41574 by rwatson@rwatson_paprika on 2003/11/05 23:15:36 Store 'struct label *' pointers in struct ucred and struct proc, rather than actual 'struct label' instances. Removes the size of 'struct label' from the ABI for credentials and processes relating to both kernel and policy modules. Affected files ... .. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#423 edit .. //depot/projects/trustedbsd/mac/sys/security/mac/mac_process.c#6 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#223 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#71 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#181 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_partition/mac_partition.c#27 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#115 edit .. //depot/projects/trustedbsd/mac/sys/sys/proc.h#48 edit .. //depot/projects/trustedbsd/mac/sys/sys/ucred.h#20 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#423 (text+ko) ==== @@ -589,7 +589,7 @@ } buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK | M_ZERO); - error = mac_externalize_cred_label(&tcred->cr_label, elements, + error = mac_externalize_cred_label(tcred->cr_label, elements, buffer, mac.m_buflen); if (error == 0) error = copyout(buffer, mac.m_string, strlen(buffer)+1); @@ -626,7 +626,7 @@ } buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK | M_ZERO); - error = mac_externalize_cred_label(&td->td_ucred->cr_label, + error = mac_externalize_cred_label(td->td_ucred->cr_label, elements, buffer, mac.m_buflen); if (error == 0) error = copyout(buffer, mac.m_string, strlen(buffer)+1); ==== //depot/projects/trustedbsd/mac/sys/security/mac/mac_process.c#6 (text+ko) ==== @@ -105,20 +105,49 @@ MAC_DEBUG_COUNTER_INC(&nmaccreds); } +static struct label * +mac_cred_label_alloc(void) +{ + struct label *label; + + label = mac_labelzone_alloc(M_WAITOK); + MAC_PERFORM(init_cred_label, label); + MAC_DEBUG_COUNTER_INC(&nmaccreds); + return (label); +} + void mac_init_cred(struct ucred *cred) { - mac_init_cred_label(&cred->cr_label); + cred->cr_label = mac_cred_label_alloc(); +} + +static struct label * +mac_proc_label_alloc(void) +{ + struct label *label; + + label = mac_labelzone_alloc(M_WAITOK); + MAC_PERFORM(init_proc_label, label); + MAC_DEBUG_COUNTER_INC(&nmacprocs); + return (label); } void mac_init_proc(struct proc *p) { - mac_init_label(&p->p_label); - MAC_PERFORM(init_proc_label, &p->p_label); - MAC_DEBUG_COUNTER_INC(&nmacprocs); + p->p_label = mac_proc_label_alloc(); +} + +static void +mac_cred_label_free(struct label *label) +{ + + MAC_PERFORM(destroy_cred_label, label); + mac_labelzone_free(label); + MAC_DEBUG_COUNTER_DEC(&nmaccreds); } void @@ -134,16 +163,25 @@ mac_destroy_cred(struct ucred *cred) { - mac_destroy_cred_label(&cred->cr_label); + mac_cred_label_free(cred->cr_label); + cred->cr_label = NULL; +} + +static void +mac_proc_label_free(struct label *label) +{ + + MAC_PERFORM(destroy_proc_label, label); + mac_labelzone_free(label); + MAC_DEBUG_COUNTER_DEC(&nmacprocs); } void mac_destroy_proc(struct proc *p) { - MAC_PERFORM(destroy_proc_label, &p->p_label); - mac_destroy_label(&p->p_label); - MAC_DEBUG_COUNTER_DEC(&nmacprocs); + mac_proc_label_free(p->p_label); + p->p_label = NULL; } int ==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#223 (text+ko) ==== @@ -900,7 +900,7 @@ { struct mac_biba *source, *dest; - source = SLOT(&cred->cr_label); + source = SLOT(cred->cr_label); dest = SLOT(delabel); mac_biba_copy_single(source, dest); @@ -912,7 +912,7 @@ { struct mac_biba *source, *dest; - source = SLOT(&cred->cr_label); + source = SLOT(cred->cr_label); dest = SLOT(mntlabel); mac_biba_copy_single(source, dest); dest = SLOT(fslabel); @@ -1034,7 +1034,7 @@ buflen = sizeof(temp); bzero(&temp, buflen); - source = SLOT(&cred->cr_label); + source = SLOT(cred->cr_label); dest = SLOT(vlabel); mac_biba_copy_single(source, &temp); @@ -1088,7 +1088,7 @@ { struct mac_biba *source, *dest; - source = SLOT(&cred->cr_label); + source = SLOT(cred->cr_label); dest = SLOT(socketlabel); mac_biba_copy_single(source, dest); @@ -1100,7 +1100,7 @@ { struct mac_biba *source, *dest; - source = SLOT(&cred->cr_label); + source = SLOT(cred->cr_label); dest = SLOT(pipelabel); mac_biba_copy_single(source, dest); @@ -1112,7 +1112,7 @@ { struct mac_biba *source, *dest; - source = SLOT(&cred->cr_label); + source = SLOT(cred->cr_label); dest = SLOT(ks_label); mac_biba_copy_single(source, dest); @@ -1178,7 +1178,7 @@ struct mac_biba *source, *dest; /* Ignore the msgq label */ - source = SLOT(&cred->cr_label); + source = SLOT(cred->cr_label); dest = SLOT(msglabel); mac_biba_copy_single(source, dest); @@ -1190,7 +1190,7 @@ { struct mac_biba *source, *dest; - source = SLOT(&cred->cr_label); + source = SLOT(cred->cr_label); dest = SLOT(msqlabel); mac_biba_copy_single(source, dest); @@ -1202,7 +1202,7 @@ { struct mac_biba *source, *dest; - source = SLOT(&cred->cr_label); + source = SLOT(cred->cr_label); dest = SLOT(semalabel); mac_biba_copy_single(source, dest); @@ -1214,7 +1214,7 @@ { struct mac_biba *source, *dest; - source = SLOT(&cred->cr_label); + source = SLOT(cred->cr_label); dest = SLOT(shmlabel); mac_biba_copy_single(source, dest); @@ -1242,7 +1242,7 @@ { struct mac_biba *source, *dest; - source = SLOT(&cred->cr_label); + source = SLOT(cred->cr_label); dest = SLOT(bpflabel); mac_biba_copy_single(source, dest); @@ -1454,8 +1454,8 @@ { struct mac_biba *source, *dest; - source = SLOT(&cred_parent->cr_label); - dest = SLOT(&cred_child->cr_label); + source = SLOT(cred_parent->cr_label); + dest = SLOT(cred_child->cr_label); mac_biba_copy_single(source, dest); mac_biba_copy_range(source, dest); @@ -1466,7 +1466,7 @@ { struct mac_biba *dest; - dest = SLOT(&cred->cr_label); + dest = SLOT(cred->cr_label); mac_biba_set_single(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL); mac_biba_set_range(dest, MAC_BIBA_TYPE_LOW, 0, NULL, @@ -1478,7 +1478,7 @@ { struct mac_biba *dest; - dest = SLOT(&cred->cr_label); + dest = SLOT(cred->cr_label); mac_biba_set_single(dest, MAC_BIBA_TYPE_HIGH, 0, NULL); mac_biba_set_range(dest, MAC_BIBA_TYPE_LOW, 0, NULL, @@ -1491,7 +1491,7 @@ struct mac_biba *source, *dest; source = SLOT(newlabel); - dest = SLOT(&cred->cr_label); + dest = SLOT(cred->cr_label); mac_biba_copy(source, dest); } @@ -1552,7 +1552,7 @@ struct mac_biba *subj, *new; int error; - subj = SLOT(&cred->cr_label); + subj = SLOT(cred->cr_label); new = SLOT(newlabel); /* @@ -1616,8 +1616,8 @@ if (!mac_biba_enabled) return (0); - subj = SLOT(&u1->cr_label); - obj = SLOT(&u2->cr_label); + subj = SLOT(u1->cr_label); + obj = SLOT(u2->cr_label); /* XXX: range */ if (!mac_biba_dominate_single(obj, subj)) @@ -1633,7 +1633,7 @@ struct mac_biba *subj, *new; int error; - subj = SLOT(&cred->cr_label); + subj = SLOT(cred->cr_label); new = SLOT(newlabel); /* @@ -1677,7 +1677,7 @@ if (!mac_biba_enabled) return (0); - subj = SLOT(&cred->cr_label); + subj = SLOT(cred->cr_label); obj = SLOT(&msgptr->label); if (!mac_biba_dominate_single(obj, subj)) @@ -1694,7 +1694,7 @@ if (!mac_biba_enabled) return (0); - subj = SLOT(&cred->cr_label); + subj = SLOT(cred->cr_label); obj = SLOT(&msgptr->label); if (!mac_biba_dominate_single(subj, obj)) @@ -1711,7 +1711,7 @@ if (!mac_biba_enabled) return (0); - subj = SLOT(&cred->cr_label); + subj = SLOT(cred->cr_label); obj = SLOT(&msqkptr->label); if (!mac_biba_dominate_single(obj, subj)) @@ -1728,7 +1728,7 @@ if (!mac_biba_enabled) return (0); - subj = SLOT(&cred->cr_label); + subj = SLOT(cred->cr_label); obj = SLOT(&msqkptr->label); if (!mac_biba_dominate_single(subj, obj)) @@ -1745,7 +1745,7 @@ if (!mac_biba_enabled) return (0); - subj = SLOT(&cred->cr_label); + subj = SLOT(cred->cr_label); obj = SLOT(&msqkptr->label); if (!mac_biba_dominate_single(obj, subj)) @@ -1764,7 +1764,7 @@ if (!mac_biba_enabled) return (0); - subj = SLOT(&cred->cr_label); + subj = SLOT(cred->cr_label); obj = SLOT(&msqkptr->label); switch(cmd) { @@ -1795,7 +1795,7 @@ if (!mac_biba_enabled) return (0); - subj = SLOT(&cred->cr_label); + subj = SLOT(cred->cr_label); obj = SLOT(&semakptr->label); switch(cmd) { @@ -1833,7 +1833,7 @@ if (!mac_biba_enabled) return (0); - subj = SLOT(&cred->cr_label); + subj = SLOT(cred->cr_label); obj = SLOT(&semakptr->label); if (!mac_biba_dominate_single(obj, subj)) @@ -1852,7 +1852,7 @@ if (!mac_biba_enabled) return (0); - subj = SLOT(&cred->cr_label); + subj = SLOT(cred->cr_label); obj = SLOT(&semakptr->label); if (accesstype & SEM_R) @@ -1875,7 +1875,7 @@ if (!mac_biba_enabled) return (0); - subj = SLOT(&cred->cr_label); + subj = SLOT(cred->cr_label); obj = SLOT(&shmsegptr->label); if (!mac_biba_dominate_single(obj, subj)) @@ -1897,7 +1897,7 @@ if (!mac_biba_enabled) return (0); - subj = SLOT(&cred->cr_label); + subj = SLOT(cred->cr_label); obj = SLOT(&shmsegptr->label); switch(cmd) { @@ -1935,7 +1935,7 @@ if (!mac_biba_enabled) return (0); - subj = SLOT(&cred->cr_label); + subj = SLOT(cred->cr_label); obj = SLOT(&shmsegptr->label); if (!mac_biba_dominate_single(subj, obj)) @@ -1954,7 +1954,7 @@ if (!mac_biba_enabled) return (0); - subj = SLOT(&cred->cr_label); + subj = SLOT(cred->cr_label); obj = SLOT(&shmsegptr->label); if (!mac_biba_dominate_single(obj, subj)) @@ -1973,7 +1973,7 @@ if (!mac_biba_enabled) return (0); - subj = SLOT(&cred->cr_label); + subj = SLOT(cred->cr_label); error = mac_biba_subject_privileged(subj); if (error) @@ -1995,7 +1995,7 @@ if (!mac_biba_enabled) return (0); - subj = SLOT(&cred->cr_label); + subj = SLOT(cred->cr_label); return (mac_biba_subject_privileged(subj)); } @@ -2009,7 +2009,7 @@ if (!mac_biba_enabled) return (0); - subj = SLOT(&cred->cr_label); + subj = SLOT(cred->cr_label); obj = SLOT(mntlabel); if (!mac_biba_dominate_single(obj, subj)) @@ -2040,7 +2040,7 @@ if (!mac_biba_enabled) return (0); - subj = SLOT(&cred->cr_label); + subj = SLOT(cred->cr_label); obj = SLOT((pipelabel)); if (!mac_biba_dominate_single(obj, subj)) @@ -2058,7 +2058,7 @@ if (!mac_biba_enabled) return (0); - subj = SLOT(&cred->cr_label); + subj = SLOT(cred->cr_label); obj = SLOT((pipelabel)); if (!mac_biba_dominate_single(obj, subj)) @@ -2075,7 +2075,7 @@ int error; new = SLOT(newlabel); - subj = SLOT(&cred->cr_label); + subj = SLOT(cred->cr_label); obj = SLOT(pipelabel); /* @@ -2127,7 +2127,7 @@ if (!mac_biba_enabled) return (0); - subj = SLOT(&cred->cr_label); + subj = SLOT(cred->cr_label); obj = SLOT((pipelabel)); if (!mac_biba_dominate_single(obj, subj)) @@ -2145,7 +2145,7 @@ if (!mac_biba_enabled) return (0); - subj = SLOT(&cred->cr_label); + subj = SLOT(cred->cr_label); obj = SLOT((pipelabel)); if (!mac_biba_dominate_single(subj, obj)) @@ -2162,7 +2162,7 @@ if (!mac_biba_enabled) return (0); - subj = SLOT(&cred->cr_label); + subj = SLOT(cred->cr_label); obj = SLOT((&ksemptr->ks_label)); if (!mac_biba_dominate_single(subj, obj)) @@ -2179,7 +2179,7 @@ if (!mac_biba_enabled) return (0); - subj = SLOT(&cred->cr_label); + subj = SLOT(cred->cr_label); obj = SLOT((&ksemptr->ks_label)); if (!mac_biba_dominate_single(obj, subj)) @@ -2196,8 +2196,8 @@ if (!mac_biba_enabled) return (0); - subj = SLOT(&cred->cr_label); - obj = SLOT(&proc->p_ucred->cr_label); + subj = SLOT(cred->cr_label); + obj = SLOT(proc->p_ucred->cr_label); /* XXX: range checks */ if (!mac_biba_dominate_single(obj, subj)) @@ -2216,8 +2216,8 @@ if (!mac_biba_enabled) return (0); - subj = SLOT(&cred->cr_label); - obj = SLOT(&proc->p_ucred->cr_label); + subj = SLOT(cred->cr_label); + obj = SLOT(proc->p_ucred->cr_label); /* XXX: range checks */ if (!mac_biba_dominate_single(obj, subj)) @@ -2236,8 +2236,8 @@ if (!mac_biba_enabled) return (0); - subj = SLOT(&cred->cr_label); - obj = SLOT(&proc->p_ucred->cr_label); + subj = SLOT(cred->cr_label); + obj = SLOT(proc->p_ucred->cr_label); /* XXX: range checks */ if (!mac_biba_dominate_single(obj, subj)) @@ -2271,7 +2271,7 @@ int error; new = SLOT(newlabel); - subj = SLOT(&cred->cr_label); + subj = SLOT(cred->cr_label); obj = SLOT(socketlabel); /* @@ -2323,7 +2323,7 @@ if (!mac_biba_enabled) return (0); - subj = SLOT(&cred->cr_label); + subj = SLOT(cred->cr_label); obj = SLOT(socketlabel); if (!mac_biba_dominate_single(obj, subj)) @@ -2341,7 +2341,7 @@ if (!mac_biba_enabled) return (0); - subj = SLOT(&cred->cr_label); + subj = SLOT(cred->cr_label); error = mac_biba_subject_privileged(subj); if (error) @@ -2360,7 +2360,7 @@ if (!mac_biba_enabled) return (0); - subj = SLOT(&cred->cr_label); + subj = SLOT(cred->cr_label); error = mac_biba_subject_privileged(subj); if (error) @@ -2385,7 +2385,7 @@ if (!mac_biba_enabled) return (0); - subj = SLOT(&cred->cr_label); + subj = SLOT(cred->cr_label); error = mac_biba_subject_privileged(subj); if (error) @@ -2404,7 +2404,7 @@ if (!mac_biba_enabled) return (0); - subj = SLOT(&cred->cr_label); + subj = SLOT(cred->cr_label); obj = SLOT(label); error = mac_biba_subject_privileged(subj); @@ -2427,7 +2427,7 @@ if (!mac_biba_enabled) return (0); - subj = SLOT(&cred->cr_label); + subj = SLOT(cred->cr_label); obj = SLOT(label); error = mac_biba_subject_privileged(subj); @@ -2447,7 +2447,7 @@ if (!mac_biba_enabled) return (0); - subj = SLOT(&cred->cr_label); + subj = SLOT(cred->cr_label); /* * In general, treat sysctl variables as biba/high, but also @@ -2480,7 +2480,7 @@ if (!mac_biba_enabled) return (0); - subj = SLOT(&cred->cr_label); + subj = SLOT(cred->cr_label); obj = SLOT(dlabel); if (!mac_biba_dominate_single(obj, subj)) @@ -2498,7 +2498,7 @@ if (!mac_biba_enabled) return (0); - subj = SLOT(&cred->cr_label); + subj = SLOT(cred->cr_label); obj = SLOT(dlabel); if (!mac_biba_dominate_single(obj, subj)) @@ -2516,7 +2516,7 @@ if (!mac_biba_enabled) return (0); - subj = SLOT(&cred->cr_label); + subj = SLOT(cred->cr_label); obj = SLOT(dlabel); if (!mac_biba_dominate_single(subj, obj)) @@ -2535,7 +2535,7 @@ if (!mac_biba_enabled) return (0); - subj = SLOT(&cred->cr_label); + subj = SLOT(cred->cr_label); obj = SLOT(dlabel); if (!mac_biba_dominate_single(subj, obj)) @@ -2558,7 +2558,7 @@ if (!mac_biba_enabled) return (0); - subj = SLOT(&cred->cr_label); + subj = SLOT(cred->cr_label); obj = SLOT(label); if (!mac_biba_dominate_single(subj, obj)) @@ -2576,7 +2576,7 @@ if (!mac_biba_enabled) return (0); - subj = SLOT(&cred->cr_label); + subj = SLOT(cred->cr_label); obj = SLOT(label); if (!mac_biba_dominate_single(subj, obj)) @@ -2608,7 +2608,7 @@ if (!mac_biba_enabled) return (0); - subj = SLOT(&cred->cr_label); + subj = SLOT(cred->cr_label); obj = SLOT(label); if (!mac_biba_dominate_single(obj, subj)) @@ -2626,7 +2626,7 @@ if (!mac_biba_enabled) return (0); - subj = SLOT(&cred->cr_label); + subj = SLOT(cred->cr_label); obj = SLOT(label); if (!mac_biba_dominate_single(obj, subj)) @@ -2644,7 +2644,7 @@ if (!mac_biba_enabled) return (0); - subj = SLOT(&cred->cr_label); + subj = SLOT(cred->cr_label); obj = SLOT(label); if (!mac_biba_dominate_single(obj, subj)) @@ -2663,7 +2663,7 @@ if (!mac_biba_enabled) return (0); - subj = SLOT(&cred->cr_label); + subj = SLOT(cred->cr_label); obj = SLOT(dlabel); if (!mac_biba_dominate_single(subj, obj)) @@ -2686,7 +2686,7 @@ if (!mac_biba_enabled) return (0); - subj = SLOT(&cred->cr_label); + subj = SLOT(cred->cr_label); obj = SLOT(label); if (!mac_biba_dominate_single(obj, subj)) @@ -2704,7 +2704,7 @@ if (!mac_biba_enabled) return (0); - subj = SLOT(&cred->cr_label); + subj = SLOT(cred->cr_label); obj = SLOT(dlabel); if (!mac_biba_dominate_single(obj, subj)) @@ -2726,7 +2726,7 @@ if (!mac_biba_enabled || !revocation_enabled) return (0); - subj = SLOT(&cred->cr_label); + subj = SLOT(cred->cr_label); obj = SLOT(label); if (prot & (VM_PROT_READ | VM_PROT_EXECUTE)) { @@ -2750,7 +2750,7 @@ if (!mac_biba_enabled) return (0); - subj = SLOT(&cred->cr_label); + subj = SLOT(cred->cr_label); obj = SLOT(vnodelabel); /* XXX privilege override for admin? */ @@ -2775,7 +2775,7 @@ if (!mac_biba_enabled || !revocation_enabled) return (0); - subj = SLOT(&active_cred->cr_label); + subj = SLOT(active_cred->cr_label); obj = SLOT(label); if (!mac_biba_dominate_single(obj, subj)) @@ -2793,7 +2793,7 @@ if (!mac_biba_enabled || !revocation_enabled) return (0); - subj = SLOT(&active_cred->cr_label); + subj = SLOT(active_cred->cr_label); obj = SLOT(label); if (!mac_biba_dominate_single(obj, subj)) @@ -2811,7 +2811,7 @@ if (!mac_biba_enabled) return (0); - subj = SLOT(&cred->cr_label); + subj = SLOT(cred->cr_label); obj = SLOT(dlabel); if (!mac_biba_dominate_single(obj, subj)) @@ -2829,7 +2829,7 @@ if (!mac_biba_enabled) return (0); - subj = SLOT(&cred->cr_label); + subj = SLOT(cred->cr_label); obj = SLOT(label); if (!mac_biba_dominate_single(obj, subj)) @@ -2847,7 +2847,7 @@ old = SLOT(vnodelabel); new = SLOT(newlabel); - subj = SLOT(&cred->cr_label); + subj = SLOT(cred->cr_label); /* * If there is a Biba label update for the vnode, it must be a @@ -2899,7 +2899,7 @@ if (!mac_biba_enabled) return (0); - subj = SLOT(&cred->cr_label); + subj = SLOT(cred->cr_label); obj = SLOT(dlabel); if (!mac_biba_dominate_single(subj, obj)) @@ -2923,7 +2923,7 @@ if (!mac_biba_enabled) return (0); - subj = SLOT(&cred->cr_label); + subj = SLOT(cred->cr_label); obj = SLOT(dlabel); if (!mac_biba_dominate_single(subj, obj)) @@ -2948,7 +2948,7 @@ if (!mac_biba_enabled) return (0); - subj = SLOT(&cred->cr_label); + subj = SLOT(cred->cr_label); obj = SLOT(label); if (!mac_biba_dominate_single(subj, obj)) @@ -2966,7 +2966,7 @@ if (!mac_biba_enabled) return (0); - subj = SLOT(&cred->cr_label); + subj = SLOT(cred->cr_label); obj = SLOT(label); if (!mac_biba_dominate_single(subj, obj)) @@ -2985,7 +2985,7 @@ if (!mac_biba_enabled) return (0); - subj = SLOT(&cred->cr_label); + subj = SLOT(cred->cr_label); obj = SLOT(vnodelabel); if (!mac_biba_dominate_single(subj, obj)) @@ -3005,7 +3005,7 @@ if (!mac_biba_enabled) return (0); - subj = SLOT(&cred->cr_label); + subj = SLOT(cred->cr_label); obj = SLOT(vnodelabel); if (!mac_biba_dominate_single(subj, obj)) @@ -3023,7 +3023,7 @@ if (!mac_biba_enabled) return (0); - subj = SLOT(&cred->cr_label); + subj = SLOT(cred->cr_label); obj = SLOT(vnodelabel); if (!mac_biba_dominate_single(subj, obj)) @@ -3041,7 +3041,7 @@ if (!mac_biba_enabled) return (0); - subj = SLOT(&cred->cr_label); + subj = SLOT(cred->cr_label); obj = SLOT(vnodelabel); if (!mac_biba_dominate_single(subj, obj)) @@ -3059,7 +3059,7 @@ if (!mac_biba_enabled) return (0); - subj = SLOT(&cred->cr_label); + subj = SLOT(cred->cr_label); obj = SLOT(vnodelabel); if (!mac_biba_dominate_single(subj, obj)) @@ -3077,7 +3077,7 @@ if (!mac_biba_enabled) return (0); - subj = SLOT(&active_cred->cr_label); + subj = SLOT(active_cred->cr_label); obj = SLOT(vnodelabel); if (!mac_biba_dominate_single(obj, subj)) @@ -3095,7 +3095,7 @@ if (!mac_biba_enabled || !revocation_enabled) return (0); - subj = SLOT(&active_cred->cr_label); + subj = SLOT(active_cred->cr_label); obj = SLOT(label); if (!mac_biba_dominate_single(subj, obj)) ==== //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#71 (text+ko) ==== @@ -516,7 +516,7 @@ struct proc *p; pid_t pgid; - subj = PSLOT(&curthread->td_proc->p_label); + subj = PSLOT(curthread->td_proc->p_label); p = curthread->td_proc; mtx_lock(&subj->mtx); @@ -960,7 +960,7 @@ { struct mac_lomac *source, *dest; - source = SLOT(&cred->cr_label); + source = SLOT(cred->cr_label); dest = SLOT(delabel); mac_lomac_copy_single(source, dest); @@ -972,7 +972,7 @@ { struct mac_lomac *source, *dest; - source = SLOT(&cred->cr_label); + source = SLOT(cred->cr_label); dest = SLOT(mntlabel); mac_lomac_copy_single(source, dest); dest = SLOT(fslabel); @@ -1101,7 +1101,7 @@ buflen = sizeof(temp); bzero(&temp, buflen); - source = SLOT(&cred->cr_label); + source = SLOT(cred->cr_label); dest = SLOT(vlabel); dir = SLOT(dlabel); if (dir->ml_flags & MAC_LOMAC_FLAG_AUX) { @@ -1161,7 +1161,7 @@ { struct mac_lomac *source, *dest; - source = SLOT(&cred->cr_label); + source = SLOT(cred->cr_label); dest = SLOT(socketlabel); mac_lomac_copy_single(source, dest); @@ -1173,7 +1173,7 @@ { struct mac_lomac *source, *dest; - source = SLOT(&cred->cr_label); + source = SLOT(cred->cr_label); dest = SLOT(pipelabel); mac_lomac_copy_single(source, dest); @@ -1185,7 +1185,7 @@ { struct mac_lomac *source, *dest; - source = SLOT(&cred->cr_label); + source = SLOT(cred->cr_label); dest = SLOT(ks_label); mac_lomac_copy_single(source, dest); @@ -1250,7 +1250,7 @@ struct mac_lomac *source, *dest; /* Ignore the msgq label */ - source = SLOT(&cred->cr_label); + source = SLOT(cred->cr_label); dest = SLOT(msglabel); mac_lomac_copy_single(source, dest); @@ -1262,7 +1262,7 @@ { struct mac_lomac *source, *dest; - source = SLOT(&cred->cr_label); + source = SLOT(cred->cr_label); dest = SLOT(msqlabel); mac_lomac_copy_single(source, dest); @@ -1274,7 +1274,7 @@ { struct mac_lomac *source, *dest; - source = SLOT(&cred->cr_label); + source = SLOT(cred->cr_label); dest = SLOT(semalabel); mac_lomac_copy_single(source, dest); @@ -1286,7 +1286,7 @@ { struct mac_lomac *source, *dest; - source = SLOT(&cred->cr_label); + source = SLOT(cred->cr_label); dest = SLOT(shmlabel); mac_lomac_copy_single(source, dest); @@ -1314,7 +1314,7 @@ { struct mac_lomac *source, *dest; - source = SLOT(&cred->cr_label); + source = SLOT(cred->cr_label); dest = SLOT(bpflabel); mac_lomac_copy_single(source, dest); @@ -1538,8 +1538,8 @@ { struct mac_lomac *source, *dest; - source = SLOT(&cred_parent->cr_label); - dest = SLOT(&cred_child->cr_label); + source = SLOT(cred_parent->cr_label); + dest = SLOT(cred_child->cr_label); mac_lomac_copy_single(source, dest); >>> TRUNCATED FOR MAIL (1000 lines) <<<