Date: Wed, 30 Aug 2006 21:24:03 GMT From: Todd Miller <millert@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 105365 for review Message-ID: <200608302124.k7ULO37j036923@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=105365 Change 105365 by millert@millert_g4tower on 2006/08/30 21:23:45 Rename MAC Framework entry points to be either mpo_<object>_<method>() or mpo_<object>_check_<method>(). These changes are similar to those made in the TrustedBSD mac2 branch. TODO: re-sort entrypoints, more mach entrypoint renaming Affected files ... .. //depot/projects/trustedbsd/sedarwin8/darwin/mach_cmds/ca.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/hfs/hfs_search.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/bsd_init.c#4 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_acct.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_audit.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_credential.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_descrip.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_exec.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_exit.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_fork.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_ktrace.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_mman.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_proc.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_prot.c#4 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_resource.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_sig.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_sysctl.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_time.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_xxx.c#4 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/posix_sem.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/posix_shm.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/sys_pipe.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/sys_socket.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/sysv_msg.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/sysv_sem.c#4 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/sysv_shm.c#4 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/uipc_mbuf.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/uipc_mbuf2.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/uipc_socket.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/uipc_socket2.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/uipc_syscalls.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/uipc_usrreq.c#4 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/miscfs/devfs/devfs_tree.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/miscfs/devfs/devfs_vfsops.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/miscfs/devfs/devfs_vnops.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/net/bpf.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/net/bsd_comp.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/net/dlil.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/net/ppp_deflate.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet/igmp.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet/ip_icmp.c#4 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet/ip_mroute.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet/ip_output.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet/raw_ip.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet/tcp_input.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet/tcp_output.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet/tcp_subr.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet6/ip6_mroute.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet6/ip6_output.c#4 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet6/mld6.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/nfs/nfs_syscalls.c#4 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/nfs/nfs_vfsops.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/vfs/vfs_attrlist.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/vfs/vfs_cache.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/vfs/vfs_init.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/vfs/vfs_lookup.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/vfs/vfs_subr.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/vfs/vfs_syscalls.c#6 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/vfs/vfs_vnops.c#4 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/vfs/vfs_xattr.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/vm/dp_backing_file.c#4 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/ipc/ipc_kmsg.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/ipc/ipc_labelh.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/ipc/ipc_mqueue.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/ipc/ipc_object.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/ipc/ipc_port.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/ipc/ipc_right.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/ipc/mach_msg.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/ipc/mach_port.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/kern/ipc_kobject.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/kern/ipc_tt.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/kern/security.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/kern/startup.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/kern/task.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/mach/security.defs#2 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_audit.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_base.c#6 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_framework.h#2 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_internal.h#6 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_mach_internal.h#2 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_net.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_pipe.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_policy.h#5 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_port.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_posix_sem.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_posix_shm.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_process.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_socket.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_system.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_sysv_msg.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_sysv_sem.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_sysv_shm.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_task.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_vfs.c#4 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_vfs_subr.c#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/basetest/mac_basetest.c#4 edit .. //depot/projects/trustedbsd/sedarwin8/policies/color/mac_color.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/console/mac_console.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/count/Makefile#4 edit .. //depot/projects/trustedbsd/sedarwin8/policies/count/mac_count.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/extattr_test/mac_extattr_test.c#4 edit .. //depot/projects/trustedbsd/sedarwin8/policies/fwinteg/mac_fwinteg.c#4 edit .. //depot/projects/trustedbsd/sedarwin8/policies/ipctrace/module/ipctrace.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/mls/mac_mls.c#7 edit .. //depot/projects/trustedbsd/sedarwin8/policies/multilabel/multilabel.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/none/mac_none.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/readonly/mac_readonly.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#10 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.h#4 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/ss/mach_av.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/stacktrace/module/Makefile#4 edit .. //depot/projects/trustedbsd/sedarwin8/policies/stacktrace/module/mac_stacktrace.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/test/mac_test.c#5 edit .. //depot/projects/trustedbsd/sedarwin8/policies/vanity/vanity.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/xattr/xattr.c#3 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin8/darwin/mach_cmds/ca.c#2 (text+ko) ==== @@ -72,7 +72,7 @@ return (1); } - r = mac_check_port_access (mach_task_self(), + r = mac_port_check_access(mach_task_self(), subl, objl, argv[3], argv[4]); printf("access %s %s:%s { %s } = %d\n", argv[1], argv[2], argv[3], argv[4], r); ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/hfs/hfs_search.c#3 (text+ko) ==== @@ -607,9 +607,9 @@ #ifdef MAC if (vp->v_type == VDIR) { - myErr = mac_check_vnode_readdir(vfs_context_ucred(ctx), vp); + myErr = mac_vnode_check_readdir(vfs_context_ucred(ctx), vp); } else { - myErr = mac_check_vnode_stat(vfs_context_ucred(ctx), NOCRED, vp); + myErr = mac_vnode_check_stat(vfs_context_ucred(ctx), NOCRED, vp); } if (myErr) { vnode_put(vp); ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/bsd_init.c#4 (text+ko) ==== @@ -337,7 +337,7 @@ /* * Initialize the MAC Framework */ - mac_init_bsd(); + mac_policy_initbsd(); #endif /* MAC */ /* @@ -391,8 +391,8 @@ file_lock_init(); #ifdef MAC - mac_create_proc0(p->p_ucred); - mac_update_task_from_cred (p->p_ucred, (struct task *) p->task); + mac_proc_create_swapper(p->p_ucred); + mac_task_update_from_cred (p->p_ucred, (struct task *) p->task); #endif /* Create the file descriptor table. */ @@ -662,8 +662,8 @@ vm_set_shared_region(get_threadtask(th_act), system_region); } #ifdef MAC - mac_create_proc1(p->p_ucred); - mac_update_task_from_cred (p->p_ucred, (struct task *) p->task); + mac_proc_create_init(p->p_ucred); + mac_task_update_from_cred (p->p_ucred, (struct task *) p->task); #endif load_init_program(p); /* turn on app-profiling i.e. pre-heating */ ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_acct.c#3 (text+ko) ==== @@ -169,7 +169,7 @@ #ifdef MAC if (uap->path != USER_ADDR_NULL) { vnode_lock(nd.ni_vp); - error = mac_check_system_acct(p->p_ucred, nd.ni_vp); + error = mac_system_check_acct(p->p_ucred, nd.ni_vp); vnode_unlock(nd.ni_vp); if (error) { vn_close(nd.ni_vp, FWRITE, kauth_cred_get(), p); @@ -177,7 +177,7 @@ } } else { - error = mac_check_system_acct(p->p_ucred, NULL); + error = mac_system_check_acct(p->p_ucred, NULL); if (error) return (error); } ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_audit.c#3 (text+ko) ==== @@ -843,7 +843,7 @@ goto free_out; #ifdef MAC - error = mac_check_system_audit(kauth_cred_get(), rec, uap->length); + error = mac_system_check_audit(kauth_cred_get(), rec, uap->length); if (error) goto free_out; #endif @@ -889,7 +889,7 @@ return (ret); #ifdef MAC - ret = mac_check_system_auditon(kauth_cred_get(), uap->cmd); + ret = mac_system_check_auditon(kauth_cred_get(), uap->cmd); if (ret) return (ret); #endif @@ -1126,7 +1126,7 @@ int error; #ifdef MAC - error = mac_check_proc_getauid(kauth_cred_get()); + error = mac_proc_check_getauid(kauth_cred_get()); if (error) return (error); #endif @@ -1156,7 +1156,7 @@ if (error) return (error); #ifdef MAC - error = mac_check_proc_setauid(kauth_cred_get(), temp_au_id); + error = mac_proc_check_setauid(kauth_cred_get(), temp_au_id); if (error) return (error); #endif @@ -1224,7 +1224,7 @@ int error; #ifdef MAC - error = mac_check_proc_getaudit(kauth_cred_get()); + error = mac_proc_check_getaudit(kauth_cred_get()); if (error) return (error); #endif @@ -1262,7 +1262,7 @@ return (error); #ifdef MAC - error = mac_check_proc_setaudit(kauth_cred_get(), &temp_auditinfo); + error = mac_proc_check_setaudit(kauth_cred_get(), &temp_auditinfo); if (error) return (error); @@ -1374,7 +1374,7 @@ #ifdef MAC /* * Accessibility of the vnode was determined in - * vn_open; the mac_check_system_auditctl should only + * vn_open; the mac_system_check_auditctl should only * determine whether that vnode is appropriate for * storing audit data, or that the caller was * permitted to control the auditing system at all. @@ -1383,7 +1383,7 @@ * sensitivity. */ - error = mac_check_system_auditctl(kauth_cred_get(), nd.ni_vp); + error = mac_system_check_auditctl(kauth_cred_get(), nd.ni_vp); if (error) { vn_close(nd.ni_vp, audit_close_flags, kauth_cred_get(), p); vnode_put(vp); @@ -1401,7 +1401,7 @@ } #ifdef MAC else { - error = mac_check_system_auditctl(kauth_cred_get(), NULL); + error = mac_system_check_auditctl(kauth_cred_get(), NULL); if (error) return (error); } @@ -1502,7 +1502,7 @@ } mac.m_buflen = MAC_AUDIT_LABEL_LEN; mac.m_string = ar->k_ar.ar_cred_mac_labels; - mac_get_cred_audit_labels(p, &mac); + mac_cred_get_audit_labels(p, &mac); ar->k_ar.ar_mac_records = (struct mac_audit_record_list_t *) kalloc(sizeof(*ar->k_ar.ar_mac_records)); @@ -2501,7 +2501,7 @@ if (*vnode_mac_labelp != NULL) { mac.m_buflen = MAC_AUDIT_LABEL_LEN; mac.m_string = *vnode_mac_labelp; - mac_get_vnode_audit_labels(vp, &mac); + mac_vnode_get_audit_labels(vp, &mac); } else { /* XXX What to do here? This may be an "audit6" req. */ printf("Could not store vnode audit labels"); ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_credential.c#3 (text+ko) ==== @@ -1601,7 +1601,7 @@ #endif #ifdef MAC - mac_init_cred(newcred); + mac_cred_init(newcred); #endif return(newcred); @@ -1654,7 +1654,7 @@ if (err == 0) break; #ifdef MAC - mac_destroy_cred(new_cred); + mac_cred_destroy(new_cred); #endif FREE(new_cred, M_KAUTH); new_cred = NULL; @@ -1939,12 +1939,12 @@ bcopy(cred, &temp_cred, sizeof(temp_cred)); - mac_init_cred(&temp_cred); - mac_create_cred(cred, &temp_cred); - mac_relabel_cred(&temp_cred, label); + mac_cred_init(&temp_cred); + mac_cred_create(cred, &temp_cred); + mac_cred_setlabel(&temp_cred, label); newcred = kauth_cred_update(cred, &temp_cred, TRUE); - mac_destroy_cred(&temp_cred); + mac_cred_destroy(&temp_cred); return (newcred); } #endif @@ -2016,7 +2016,7 @@ bcopy(cred, newcred, sizeof(*newcred)); #ifdef MAC newcred->cr_label = temp_label; - mac_create_cred(cred, newcred); + mac_cred_create(cred, newcred); #endif newcred->cr_ref = 1; } @@ -2041,7 +2041,7 @@ if (error == 0) break; #ifdef MAC - mac_destroy_cred(newcred); + mac_cred_destroy(newcred); #endif FREE(newcred, M_KAUTH); } @@ -2106,7 +2106,7 @@ if (err == 0) break; #ifdef MAC - mac_destroy_cred(newcred); + mac_cred_destroy(newcred); #endif FREE(newcred, M_KAUTH); newcred = NULL; @@ -2162,7 +2162,7 @@ if (err == 0) break; #ifdef MAC - mac_destroy_cred(new_cred); + mac_cred_destroy(new_cred); #endif FREE(new_cred, M_KAUTH); new_cred = NULL; @@ -2226,7 +2226,7 @@ /* found a match, remove it from the hash table */ TAILQ_REMOVE(&kauth_cred_table_anchor[hash_key], found_cred, cr_link); #ifdef MAC - mac_destroy_cred(cred); + mac_cred_destroy(cred); #endif FREE(cred, M_KAUTH); #if KAUTH_CRED_HASH_DEBUG ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_descrip.c#2 (text+ko) ==== @@ -381,7 +381,7 @@ pop = &fdp->fd_ofileflags[fd]; #ifdef MAC - error = mac_check_fcntl(fp->f_cred, fp, uap->cmd, uap->arg); + error = mac_file_check_fcntl(fp->f_cred, fp, uap->cmd, uap->arg); if (error) goto out; #endif ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_exec.c#3 (text+ko) ==== @@ -886,10 +886,10 @@ #ifdef MAC if (uap->mac_p != USER_ADDR_NULL) { - imgp->ip_execlabelp = mac_cred_label_alloc(); + imgp->ip_execlabelp = mac_cred_alloc_label(); error = mac_execve_enter(uap->mac_p, imgp->ip_execlabelp); if (error) { - mac_cred_label_free(imgp->ip_execlabelp); + mac_cred_free_label(imgp->ip_execlabelp); return (error); } } @@ -973,8 +973,8 @@ * actually read by the interpreter. */ #ifdef MAC - imgp->ip_scriptlabelp = mac_vnode_label_alloc(); - mac_copy_vnode_label(imgp->ip_vp->v_label, + imgp->ip_scriptlabelp = mac_vnode_alloc_label(); + mac_vnode_copy_label(imgp->ip_vp->v_label, imgp->ip_scriptlabelp); #endif vnode_put(imgp->ip_vp); @@ -1019,9 +1019,9 @@ } #ifdef MAC if (imgp->ip_execlabelp) - mac_cred_label_free(imgp->ip_execlabelp); + mac_cred_free_label(imgp->ip_execlabelp); if (imgp->ip_scriptlabelp) - mac_vnode_label_free(imgp->ip_scriptlabelp); + mac_vnode_free_label(imgp->ip_scriptlabelp); #endif return(error); @@ -1402,7 +1402,7 @@ } #ifdef MAC - error = mac_check_vnode_exec(p->p_ucred, vp, imgp->ip_execlabelp); + error = mac_vnode_check_exec(p->p_ucred, vp, imgp->ip_execlabelp); if (error) return (error); #endif @@ -1462,7 +1462,7 @@ #ifdef MAC int mac_transition; - mac_transition = mac_execve_will_transition(cred, imgp->ip_vp, + mac_transition = mac_vnode_execve_will_transition(cred, imgp->ip_vp, imgp->ip_scriptlabelp, imgp->ip_execlabelp, p); #endif @@ -1507,9 +1507,9 @@ * something similar here, or risk vulnerability. */ if (mac_transition && !imgp->ip_no_trans) { - mac_execve_transition(cred, p->p_ucred, imgp->ip_vp, + mac_vnode_execve_transition(cred, p->p_ucred, imgp->ip_vp, imgp->ip_scriptlabelp, imgp->ip_execlabelp); - mac_update_task_from_cred(p->p_ucred, p->task); + mac_task_update_from_cred(p->p_ucred, p->task); } #endif /* ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_exit.c#3 (text+ko) ==== @@ -630,7 +630,7 @@ wakeup(&child->p_stat); #ifdef MAC - mac_destroy_proc(child); + mac_proc_destroy(child); #endif lck_mtx_destroy(&child->p_mlock, proc_lck_grp); @@ -678,7 +678,7 @@ continue; #ifdef MAC - if ((error = mac_check_proc_wait(kauth_cred_get(), p)) != 0) + if ((error = mac_proc_check_wait(kauth_cred_get(), p)) != 0) return (error); #endif ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_fork.c#3 (text+ko) ==== @@ -290,7 +290,7 @@ } #ifdef MAC - mac_update_task_from_cred(child->p_ucred, task); + mac_task_update_from_cred(child->p_ucred, task); #endif if (child->p_nice != 0) @@ -443,7 +443,7 @@ panic("forkproc: M_SUBPROC zone exhausted (p_sigacts)"); #ifdef MAC - mac_init_proc(newproc); + mac_proc_init(newproc); #endif /* ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_ktrace.c#2 (text+ko) ==== @@ -625,7 +625,7 @@ !suser(caller, NULL)) return (1); #ifdef MAC - error = mac_check_proc_debug(caller, targetp); + error = mac_proc_check_debug(caller, targetp); if (error) return (error); #endif ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_mman.c#3 (text+ko) ==== @@ -373,7 +373,7 @@ handle = (void *)vp; #ifdef MAC - error = mac_check_vnode_mmap(vfs_context_ucred(&context), + error = mac_vnode_check_mmap(vfs_context_ucred(&context), vp, prot, flags, &maxprot); if (error) { (void)vnode_put(vp); ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_proc.c#3 (text+ko) ==== @@ -894,7 +894,7 @@ LIST_INIT(&l->lc_members); lck_mtx_init(&l->lc_mtx, lctx_lck_grp, lctx_lck_attr); #ifdef MAC - l->lc_label = mac_lctx_label_alloc(); + l->lc_label = mac_lctx_alloc_label(); #endif ALLLCTX_LOCK; LIST_INSERT_HEAD(&alllctx, l, lc_list); @@ -956,7 +956,7 @@ LCTX_UNLOCK(l); lck_mtx_destroy(&l->lc_mtx, lctx_lck_grp); #ifdef MAC - mac_lctx_label_free(l->lc_label); + mac_lctx_free_label(l->lc_label); l->lc_label = NULL; #endif FREE(l, M_LCTX); ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_prot.c#4 (text+ko) ==== @@ -1013,7 +1013,7 @@ HOST_PRIV_NULL : host_priv_self()) != KERN_SUCCESS); #ifdef MAC - mac_update_task_from_cred(p->p_ucred, p->task); + mac_task_update_from_cred(p->p_ucred, p->task); #endif } @@ -1058,7 +1058,7 @@ } #ifdef MAC - error = mac_check_proc_setlcid(p0, p, uap->pid, uap->lcid); + error = mac_proc_check_setlcid(p0, p, uap->pid, uap->lcid); if (error) return (error); #endif @@ -1140,7 +1140,7 @@ } #ifdef MAC - error = mac_check_proc_getlcid(p0, p, uap->pid); + error = mac_proc_check_getlcid(p0, p, uap->pid); if (error) return (error); #endif ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_resource.c#2 (text+ko) ==== @@ -250,7 +250,7 @@ if (n < chgp->p_nice && suser(ucred, &curp->p_acflag)) return (EACCES); #ifdef MAC - error = mac_check_proc_sched(ucred, chgp); + error = mac_proc_check_sched(ucred, chgp); if (error) return (error); #endif ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_sig.c#3 (text+ko) ==== @@ -135,7 +135,7 @@ void exit1(struct proc *, int, int *); void psignal_uthread(thread_t, int); kern_return_t do_bsdexception(int, int, int); -void __posix_sem_syscall_return(kern_return_t); +void __posixsem_syscall_return(kern_return_t); /* implementations in osfmk/kern/sync_sema.c. We do not want port.h in this scope, so void * them */ kern_return_t semaphore_timedwait_signal_trap_internal(void *, void *,time_t, int32_t, void (*)(int)); @@ -284,7 +284,7 @@ #ifdef MAC int error; - error = mac_check_proc_signal(uc, q, signum); + error = mac_proc_check_signal(uc, q, signum); if (error) return (0); #endif @@ -841,7 +841,7 @@ } void -__posix_sem_syscall_return(kern_return_t kern_result) +__posixsem_syscall_return(kern_return_t kern_result) { int error = 0; @@ -885,17 +885,17 @@ } if (uap->mutex_sem == (void *)NULL) - kern_result = semaphore_timedwait_trap_internal(uap->cond_sem, then.tv_sec, then.tv_nsec, __posix_sem_syscall_return); + kern_result = semaphore_timedwait_trap_internal(uap->cond_sem, then.tv_sec, then.tv_nsec, __posixsem_syscall_return); else - kern_result = semaphore_timedwait_signal_trap_internal(uap->cond_sem, uap->mutex_sem, then.tv_sec, then.tv_nsec, __posix_sem_syscall_return); + kern_result = semaphore_timedwait_signal_trap_internal(uap->cond_sem, uap->mutex_sem, then.tv_sec, then.tv_nsec, __posixsem_syscall_return); } else { if (uap->mutex_sem == (void *)NULL) - kern_result = semaphore_wait_trap_internal(uap->cond_sem, __posix_sem_syscall_return); + kern_result = semaphore_wait_trap_internal(uap->cond_sem, __posixsem_syscall_return); else - kern_result = semaphore_wait_signal_trap_internal(uap->cond_sem, uap->mutex_sem, __posix_sem_syscall_return); + kern_result = semaphore_wait_signal_trap_internal(uap->cond_sem, uap->mutex_sem, __posixsem_syscall_return); } out: ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_sysctl.c#2 (text+ko) ==== @@ -392,7 +392,7 @@ } #ifdef MAC - error = mac_check_system_sysctl( + error = mac_system_check_sysctl( p->p_ucred, (int *) name, uap->namelen, ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_time.c#3 (text+ko) ==== @@ -168,7 +168,7 @@ int error; #ifdef MAC - error = mac_check_system_settime(kauth_cred_get()); + error = mac_system_check_settime(kauth_cred_get()); if (error) return (error); #endif @@ -221,7 +221,7 @@ int error; #ifdef MAC - error = mac_check_system_settime(kauth_cred_get()); + error = mac_system_check_settime(kauth_cred_get()); if (error) return (error); #endif ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/kern_xxx.c#4 (text+ko) ==== @@ -101,7 +101,7 @@ #ifdef MAC if (error) return (error); - error = mac_check_system_reboot(kauth_cred_get(), uap->opt); + error = mac_system_check_reboot(kauth_cred_get(), uap->opt); #endif if (!error) { SET(p->p_flag, P_REBOOT); /* No more signals for this proc */ ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/posix_sem.c#2 (text+ko) ==== @@ -144,11 +144,11 @@ LIST_HEAD(psemhashhead, psemcache) *psemhashtbl; /* Hash Table */ u_long psemhash; /* size of hash table - 1 */ long psemnument; /* number of cache entries allocated */ -long posix_sem_max = 10000; /* tunable for max POSIX semaphores */ +long posixsem_max = 10000; /* tunable for max POSIX semaphores */ /* 10000 limits to ~1M of memory */ SYSCTL_NODE(_kern, KERN_POSIX, posix, CTLFLAG_RW, 0, "Posix"); SYSCTL_NODE(_kern_posix, OID_AUTO, sem, CTLFLAG_RW, 0, "Semaphores"); -SYSCTL_INT (_kern_posix_sem, OID_AUTO, max, CTLFLAG_RW, &posix_sem_max, 0, "max"); +SYSCTL_INT (_kern_posix_sem, OID_AUTO, max, CTLFLAG_RW, &posixsem_max, 0, "max"); struct psemstats psemstats; /* cache effectiveness statistics */ @@ -271,7 +271,7 @@ if (psem_cache_search(&dpinfo, pnp, &dpcp) == -1) { return(EEXIST); } - if (psemnument >= posix_sem_max) + if (psemnument >= posixsem_max) return(ENOSPC); psemnument++; /* @@ -487,14 +487,14 @@ pinfo->sem_proc = p; #ifdef MAC PSEM_SUBSYS_UNLOCK(); - mac_init_posix_sem(pinfo); + mac_posixsem_init(pinfo); PSEM_SUBSYS_LOCK(); - error = mac_check_posix_sem_create(kauth_cred_get(), nameptr); + error = mac_posixsem_check_create(kauth_cred_get(), nameptr); if (error) { PSEM_SUBSYS_UNLOCK(); goto bad2; } - mac_create_posix_sem(kauth_cred_get(), pinfo, nameptr); + mac_posixsem_create(kauth_cred_get(), pinfo, nameptr); #endif } else { /* semaphore should exist as it is without O_CREAT */ @@ -511,7 +511,7 @@ AUDIT_ARG(posix_ipc_perm, pinfo->psem_uid, pinfo->psem_gid, pinfo->psem_mode); #ifdef MAC - error = mac_check_posix_sem_open(kauth_cred_get(), pinfo); + error = mac_posixsem_check_open(kauth_cred_get(), pinfo); if (error) { PSEM_SUBSYS_UNLOCK(); goto bad1; @@ -582,7 +582,7 @@ bad1: if (pinfo_alloc) { #ifdef MAC - mac_destroy_posix_sem(pinfo); + mac_posixsem_destroy(pinfo); #endif FREE(pinfo, M_SHM); } @@ -705,7 +705,7 @@ } else incache = 1; #ifdef MAC - error = mac_check_posix_sem_unlink(kauth_cred_get(), pinfo, nameptr); + error = mac_posixsem_check_unlink(kauth_cred_get(), pinfo, nameptr); if (error) { PSEM_SUBSYS_UNLOCK(); goto bad; @@ -800,7 +800,7 @@ goto out; } #ifdef MAC - error = mac_check_posix_sem_wait(kauth_cred_get(), pinfo); + error = mac_posixsem_check_wait(kauth_cred_get(), pinfo); if (error) { PSEM_SUBSYS_UNLOCK(); goto out; @@ -861,7 +861,7 @@ goto out; } #ifdef MAC - error = mac_check_posix_sem_wait(kauth_cred_get(), pinfo); + error = mac_posixsem_check_wait(kauth_cred_get(), pinfo); if (error) { PSEM_SUBSYS_UNLOCK(); goto out; @@ -925,7 +925,7 @@ goto out; } #ifdef MAC - error = mac_check_posix_sem_post(kauth_cred_get(), pinfo); + error = mac_posixsem_check_post(kauth_cred_get(), pinfo); if (error) { PSEM_SUBSYS_UNLOCK(); goto out; @@ -1030,7 +1030,7 @@ kret = semaphore_destroy(kernel_task, pinfo->psem_semobject); #ifdef MAC - mac_destroy_posix_sem(pinfo); + mac_posixsem_destroy(pinfo); #endif switch (kret) { ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/posix_shm.c#2 (text+ko) ==== @@ -488,14 +488,14 @@ pinfo->pshm_gid = kauth_cred_get()->cr_gid; #ifdef MAC PSHM_SUBSYS_UNLOCK(); - mac_init_posix_shm(pinfo); + mac_posixshm_init(pinfo); PSHM_SUBSYS_LOCK(); - error = mac_check_posix_shm_create(kauth_cred_get(), nameptr); + error = mac_posixshm_check_create(kauth_cred_get(), nameptr); if (error) { PSHM_SUBSYS_UNLOCK(); goto bad2; } - mac_create_posix_shm(kauth_cred_get(), pinfo, nameptr); + mac_posixshm_create(kauth_cred_get(), pinfo, nameptr); #endif } else { /* already exists */ @@ -507,7 +507,7 @@ AUDIT_ARG(posix_ipc_perm, pinfo->pshm_uid, pinfo->pshm_gid, pinfo->pshm_mode); #ifdef MAC - if ((error = mac_check_posix_shm_open( + if ((error = mac_posixshm_check_open( kauth_cred_get(), pinfo))) { PSHM_SUBSYS_UNLOCK(); goto bad1; @@ -597,7 +597,7 @@ bad2: if (pinfo_alloc) { #ifdef MAC - mac_destroy_posix_shm(pinfo); + mac_posixshm_destroy(pinfo); #endif FREE(pinfo, M_SHM); } @@ -642,7 +642,7 @@ return(EINVAL); } #ifdef MAC - error = mac_check_posix_shm_truncate(kauth_cred_get(), pinfo, size); + error = mac_posixshm_check_truncate(kauth_cred_get(), pinfo, size); if (error) { PSHM_SUBSYS_UNLOCK(); return(error); @@ -698,7 +698,7 @@ } #ifdef MAC - error = mac_check_posix_shm_stat(kauth_cred_get(), pinfo); + error = mac_posixshm_check_stat(kauth_cred_get(), pinfo); if (error) { PSHM_SUBSYS_UNLOCK(); return(error); @@ -814,7 +814,7 @@ } #ifdef MAC - error = mac_check_posix_shm_mmap(kauth_cred_get(), pinfo, prot, flags); + error = mac_posixshm_check_mmap(kauth_cred_get(), pinfo, prot, flags); if (error) { PSHM_SUBSYS_UNLOCK(); return(error); @@ -958,7 +958,7 @@ goto bad; } #ifdef MAC - error = mac_check_posix_shm_unlink(kauth_cred_get(), pinfo, nameptr); + error = mac_posixshm_check_unlink(kauth_cred_get(), pinfo, nameptr); if (error) { PSHM_SUBSYS_UNLOCK(); goto bad; @@ -1028,7 +1028,7 @@ mach_memory_entry_port_release(pinfo->pshm_memobject); PSHM_SUBSYS_LOCK(); #ifdef MAC - mac_destroy_posix_shm(pinfo); + mac_posixshm_destroy(pinfo); #endif FREE(pinfo,M_SHM); } ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/sys_pipe.c#2 (text+ko) ==== @@ -353,12 +353,12 @@ * XXXXXXXX SHOULD NOT HOLD FILE_LOCK() XXXXXXXXXXXX * * struct pipe represents a pipe endpoint. The MAC label is shared - * between the connected endpoints. As a result mac_init_pipe() and - * mac_create_pipe() should only be called on one of the endpoints + * between the connected endpoints. As a result mac_pipe_init() and + * mac_pipe_create() should only be called on one of the endpoints * after they have been connected. */ - mac_init_pipe(rpipe); - mac_create_pipe(kauth_cred_get(), rpipe); + mac_pipe_init(rpipe); + mac_pipe_create(kauth_cred_get(), rpipe); wpipe->pipe_label = rpipe->pipe_label; #endif proc_fdlock(p); @@ -396,7 +396,7 @@ return (EBADF); #ifdef MAC PIPE_LOCK(cpipe); - error = mac_check_pipe_stat(kauth_cred_get(), cpipe); + error = mac_pipe_check_stat(kauth_cred_get(), cpipe); PIPE_UNLOCK(cpipe); if (error) return (error); @@ -572,7 +572,7 @@ goto unlocked_error; #ifdef MAC - error = mac_check_pipe_read(kauth_cred_get(), rpipe); + error = mac_pipe_check_read(kauth_cred_get(), rpipe); if (error) goto locked_error; #endif @@ -983,7 +983,7 @@ return (EPIPE); } #ifdef MAC - error = mac_check_pipe_write(kauth_cred_get(), wpipe); + error = mac_pipe_check_write(kauth_cred_get(), wpipe); if (error) { PIPE_UNLOCK(rpipe); return (error); @@ -1292,7 +1292,7 @@ PIPE_LOCK(mpipe); #ifdef MAC - error = mac_check_pipe_ioctl(kauth_cred_get(), mpipe, cmd, data); + error = mac_pipe_check_ioctl(kauth_cred_get(), mpipe, cmd, data); if (error) { PIPE_UNLOCK(mpipe); @@ -1358,7 +1358,7 @@ wpipe = rpipe->pipe_peer; #ifdef MAC - if (mac_check_pipe_select(proc_ucred(p), rpipe, which)) { + if (mac_pipe_check_select(proc_ucred(p), rpipe, which)) { PIPE_UNLOCK(rpipe); return (0); } @@ -1479,7 +1479,7 @@ * Free the shared pipe label only after the two ends are disconnected. */ if (cpipe->pipe_label != NULL && cpipe->pipe_peer == NULL) - mac_destroy_pipe(cpipe); + mac_pipe_destroy(cpipe); #endif /* @@ -1535,7 +1535,7 @@ PIPE_LOCK(cpipe); #ifdef MAC - if (mac_check_pipe_kqfilter(proc_ucred(p), kn, cpipe) != 0) { + if (mac_pipe_check_kqfilter(proc_ucred(p), kn, cpipe) != 0) { PIPE_UNLOCK(cpipe); return (1); } ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/sys_socket.c#3 (text+ko) ==== @@ -126,7 +126,7 @@ } #ifdef MAC_SOCKET SOCK_LOCK(so); - error = mac_check_socket_receive(proc_ucred(p), so); + error = mac_socket_check_receive(proc_ucred(p), so); SOCK_UNLOCK(so); if (error) return (error); @@ -163,7 +163,7 @@ #ifdef MAC_SOCKET SOCK_LOCK(so); - error = mac_check_socket_send(proc_ucred(procp), so); + error = mac_socket_check_send(proc_ucred(procp), so); SOCK_UNLOCK(so); if (error) return (error); @@ -360,7 +360,7 @@ socket_lock(so, 1); #ifdef MAC_SOCKET - if (mac_check_socket_select(proc_ucred(p), so, which)) >>> TRUNCATED FOR MAIL (1000 lines) <<<
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200608302124.k7ULO37j036923>