From owner-trustedbsd-cvs@FreeBSD.ORG Thu Sep 7 13:53:08 2006 Return-Path: X-Original-To: trustedbsd-cvs@freebsd.org Delivered-To: trustedbsd-cvs@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6D10E16A4DA for ; Thu, 7 Sep 2006 13:53:08 +0000 (UTC) (envelope-from owner-perforce@freebsd.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2F6B443D53 for ; Thu, 7 Sep 2006 13:52:42 +0000 (GMT) (envelope-from owner-perforce@freebsd.org) Received: from mx2.freebsd.org (mx2.freebsd.org [216.136.204.119]) by cyrus.watson.org (Postfix) with ESMTP id 5222B46D94 for ; Thu, 7 Sep 2006 09:52:41 -0400 (EDT) Received: from hub.freebsd.org (hub.freebsd.org [216.136.204.18]) by mx2.freebsd.org (Postfix) with ESMTP id AA63C573A5; Thu, 7 Sep 2006 13:35:18 +0000 (GMT) (envelope-from owner-perforce@freebsd.org) Received: by hub.freebsd.org (Postfix, from userid 32767) id A38FB16A4EF; Thu, 7 Sep 2006 13:35:18 +0000 (UTC) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7E7E116A4E8 for ; Thu, 7 Sep 2006 13:35:18 +0000 (UTC) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 64E8E43E85 for ; Thu, 7 Sep 2006 13:34:14 +0000 (GMT) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id k87DYE9F011826 for ; Thu, 7 Sep 2006 13:34:14 GMT (envelope-from millert@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.6/8.13.4/Submit) id k87DYDvd011823 for perforce@freebsd.org; Thu, 7 Sep 2006 13:34:13 GMT (envelope-from millert@freebsd.org) Date: Thu, 7 Sep 2006 13:34:13 GMT Message-Id: <200609071334.k87DYDvd011823@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to millert@freebsd.org using -f From: Todd Miller To: Perforce Change Reviews Cc: Subject: PERFORCE change 105784 for review X-BeenThere: trustedbsd-cvs@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD CVS and Perforce commit message list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Sep 2006 13:53:08 -0000 http://perforce.freebsd.org/chv.cgi?CH=105784 Change 105784 by millert@millert_g5tower on 2006/09/07 13:33:39 Add a mach_ prefix to the the Mach IPC entry points. Rename mpo_syscall to mpo_policy_syscall. Affected files ... .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/ipc/mach_msg.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/kern/security.c#4 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_base.c#7 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_mach_internal.h#5 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_policy.h#8 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_port.c#4 edit .. //depot/projects/trustedbsd/sedarwin8/policies/ipctrace/module/ipctrace.c#5 edit .. //depot/projects/trustedbsd/sedarwin8/policies/mls/mac_mls.c#9 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#13 edit .. //depot/projects/trustedbsd/sedarwin8/policies/test/mac_test.c#7 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/ipc/mach_msg.c#3 (text+ko) ==== @@ -314,7 +314,7 @@ #ifdef MAC if (kmsg->ikm_sender != NULL && IP_VALID(kmsg->ikm_header->msgh_remote_port) && - mac_ipc_check_method(&kmsg->ikm_sender->lh_label, + mac_mach_ipc_check_method(&kmsg->ikm_sender->lh_label, &((ipc_port_t)kmsg->ikm_header->msgh_remote_port)->ip_label, kmsg->ikm_header->msgh_id) == 0) trailer->msgh_ad = 1; ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/kern/security.c#4 (text+ko) ==== @@ -283,7 +283,7 @@ goto errout; mac_port_init_label(&outl); - rc = mac_request_object_label(subl, objl, serv, &outl); + rc = mac_mach_request_object_label(subl, objl, serv, &outl); io_unlocklabel(subp); io_unlock(subp); io_unlocklabel(objp); ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_base.c#7 (text+ko) ==== @@ -998,12 +998,12 @@ } int -mac_request_object_label(struct label *subj, struct label *obj, +mac_mach_request_object_label(struct label *subj, struct label *obj, const char *s, struct label *out) { int error; - MAC_CHECK(request_object_label, subj, obj, s, out); + MAC_CHECK(mach_request_object_label, subj, obj, s, out); return error; } @@ -1636,8 +1636,8 @@ continue; if (strcmp(mpc->mpc_name, target) == 0 && - mpc->mpc_ops->mpo_syscall != NULL) { - error = mpc->mpc_ops->mpo_syscall(p, + mpc->mpc_ops->mpo_policy_syscall != NULL) { + error = mpc->mpc_ops->mpo_policy_syscall(p, uap->call, uap->arg); break; } @@ -1649,8 +1649,8 @@ continue; if (strcmp(mpc->mpc_name, target) == 0 && - mpc->mpc_ops->mpo_syscall != NULL) { - error = mpc->mpc_ops->mpo_syscall(p, + mpc->mpc_ops->mpo_policy_syscall != NULL) { + error = mpc->mpc_ops->mpo_policy_syscall(p, uap->call, uap->arg); break; } ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_mach_internal.h#5 (text+ko) ==== @@ -29,9 +29,10 @@ int mac_task_check_service_access(task_t self, task_t obj, const char *perm); void mac_task_update_label(struct label *pl, struct task *t); -int mac_request_object_label(struct label *subj, struct label *obj, +int mac_mach_request_object_label(struct label *subj, struct label *obj, const char *serv, struct label *out); -int mac_ipc_check_method(struct label *task, struct label *port, int msgid); +int mac_mach_ipc_check_method(struct label *task, struct label *port, + int msgid); #ifdef MAC void mac_policy_init(void); ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_policy.h#8 (text+ko) ==== @@ -252,7 +252,7 @@ @return In the event of an error, an appropriate value for errno should be returned, otherwise return 0 upon success. */ -typedef int mpo_syscall_t( +typedef int mpo_policy_syscall_t( struct proc *p, int call, user_addr_t arg @@ -2213,7 +2213,7 @@ @return 0 on success, or an errno value for failure. */ -typedef int mpo_request_object_label_t( +typedef int mpo_mach_request_object_label_t( struct label *subj, struct label *obj, const char *serv, @@ -2741,7 +2741,7 @@ @return 0 for access granted, nonzero for access denied. */ -typedef int mpo_ipc_check_method_t( +typedef int mpo_mach_ipc_check_method_t( struct label *task, struct label *port, int msgid @@ -4881,7 +4881,7 @@ mpo_policy_destroy_t *mpo_policy_destroy; mpo_policy_init_t *mpo_policy_init; mpo_policy_initbsd_t *mpo_policy_initbsd; - mpo_syscall_t *mpo_syscall; + mpo_policy_syscall_t *mpo_policy_syscall; /* * Audit operations @@ -5024,7 +5024,7 @@ mpo_proc_create_init_t *mpo_proc_create_init; mpo_cred_setlabel_t *mpo_cred_setlabel; - mpo_request_object_label_t *mpo_request_object_label; + mpo_mach_request_object_label_t *mpo_mach_request_object_label; /* * Labeling event operations: Pipe objects. @@ -5062,7 +5062,7 @@ mpo_file_check_fcntl_t *mpo_file_check_fcntl; mpo_check_get_fd_t *mpo_check_get_fd; mpo_check_ioctl_t *mpo_check_ioctl; - mpo_ipc_check_method_t *mpo_ipc_check_method; + mpo_mach_ipc_check_method_t *mpo_mach_ipc_check_method; mpo_posixsem_check_create_t *mpo_posixsem_check_create; mpo_posixsem_check_open_t *mpo_posixsem_check_open; mpo_posixsem_check_post_t *mpo_posixsem_check_post; ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_port.c#4 (text+ko) ==== @@ -242,11 +242,11 @@ } int -mac_ipc_check_method(struct label *task, struct label *port, int msgid) +mac_mach_ipc_check_method(struct label *task, struct label *port, int msgid) { int error; - MAC_CHECK(ipc_check_method, task, port, msgid); + MAC_CHECK(mach_ipc_check_method, task, port, msgid); return (error); } ==== //depot/projects/trustedbsd/sedarwin8/policies/ipctrace/module/ipctrace.c#5 (text+ko) ==== @@ -391,7 +391,7 @@ { .mpo_policy_init = ipctrace_policy_init, .mpo_policy_destroy = ipctrace_policy_destroy, - .mpo_syscall = ipctrace_syscall, + .mpo_policy_syscall = ipctrace_syscall, .mpo_cred_init_label = ipctrace_init_label, .mpo_task_init_label = ipctrace_init_label, .mpo_port_init_label = ipctrace_init_label, ==== //depot/projects/trustedbsd/sedarwin8/policies/mls/mac_mls.c#9 (text+ko) ==== @@ -1919,11 +1919,11 @@ } static int -mac_mls_request_object_label (struct label *subj, struct label *obj, +mac_mls_mach_request_object_label (struct label *subj, struct label *obj, const char *serv, struct label *out) { -#warning Implement mac_mls_request_object_label() +#warning Implement mac_mls_mach_request_object_label() return (0); } @@ -3074,7 +3074,7 @@ } static int -mac_mls_ipc_check_method(struct label *task, struct label *port, int msgid) +mac_mls_mach_ipc_check_method(struct label *task, struct label *port, int msgid) { struct mac_mls *subj, *obj; @@ -4045,9 +4045,9 @@ .mpo_policy_destroy = mac_mls_policy_destroy, .mpo_policy_init = mac_mls_policy_init, .mpo_policy_initbsd = mac_mls_policy_initbsd, - .mpo_syscall = mac_mls_syscall, + .mpo_policy_syscall = mac_mls_syscall, - .mpo_request_object_label = mac_mls_request_object_label, + .mpo_mach_request_object_label = mac_mls_mach_request_object_label, .mpo_mach_check_service_access = mac_mls_mach_check_service_access, .mpo_cred_check_setlabel = mac_mls_cred_check_setlabel, .mpo_cred_check_visible = mac_mls_cred_check_visible, @@ -4093,7 +4093,7 @@ .mpo_cred_copy_to_task = mac_mls_cred_copy_to_task, .mpo_port_create = mac_mls_port_create, .mpo_port_create_kernel = mac_mls_port_create_kernel, - .mpo_ipc_check_method = mac_mls_ipc_check_method, + .mpo_mach_ipc_check_method = mac_mls_mach_ipc_check_method, .mpo_port_check_setlabel = mac_mls_port_check_setlabel, .mpo_port_check_send = mac_mls_port_check_send, .mpo_port_check_hold_send = mac_mls_port_check_hold_send, ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#13 (text+ko) ==== @@ -1477,7 +1477,7 @@ } static int -sebsd_ipc_check_method(struct label *subj, struct label *obj, int msgid) +sebsd_mach_ipc_check_method(struct label *subj, struct label *obj, int msgid) { struct task_security_struct *tsec, *psec; @@ -3533,7 +3533,7 @@ .mpo_devfs_vnode_associate = sebsd_devfs_vnode_associate, .mpo_devfs_update = sebsd_devfs_update, - .mpo_request_object_label = sebsd_request_label, + .mpo_mach_request_object_label = sebsd_request_label, /* Transition */ .mpo_vnode_execve_will_transition = sebsd_vnode_execve_will_transition, @@ -3677,7 +3677,7 @@ .mpo_sysvshm_check_shmctl = sebsd_sysvshm_check_shmctl, .mpo_sysvshm_check_shmget = sebsd_sysvshm_check_shmget, - .mpo_ipc_check_method = sebsd_ipc_check_method, + .mpo_mach_ipc_check_method = sebsd_mach_ipc_check_method, /* POSIX IPC Entry Points */ .mpo_posixsem_init_label = sebsd_init_ipc_label, @@ -3703,7 +3703,7 @@ .mpo_socket_peer_set_from_mbuf = sebsd_socket_peer_set_from_mbuf, .mpo_socket_peer_set_from_socket = sebsd_socket_peer_set_from_socket, - .mpo_syscall = sebsd_syscall + .mpo_policy_syscall = sebsd_syscall }; static const char *labelnamespaces[SEBSD_MAC_LABEL_NAME_COUNT] = ==== //depot/projects/trustedbsd/sedarwin8/policies/test/mac_test.c#7 (text+ko) ==== @@ -1316,7 +1316,7 @@ } static int -mac_test_ipc_check_method(struct label *task, struct label *port, int msgid) +mac_test_mach_ipc_check_method(struct label *task, struct label *port, int msgid) { USE_LABEL(task, TASKTYPE); USE_LABEL(port, PORTTYPE); @@ -1603,7 +1603,7 @@ } static int -mac_test_request_object_label (struct label *subj, struct label *obj, +mac_test_mach_request_object_label (struct label *subj, struct label *obj, const char *serv, struct label *out) { @@ -3130,7 +3130,7 @@ .mpo_policy_destroy = mac_test_policy_destroy, .mpo_policy_init = mac_test_policy_init, .mpo_policy_initbsd = mac_test_policy_initbsd, - .mpo_syscall = mac_test_syscall, + .mpo_policy_syscall = mac_test_syscall, /* * Audit selection functions. @@ -3294,7 +3294,7 @@ .mpo_file_check_fcntl = mac_test_file_check_fcntl, .mpo_check_get_fd = mac_test_check_get_fd, .mpo_check_ioctl = mac_test_check_ioctl, - .mpo_ipc_check_method = mac_test_ipc_check_method, + .mpo_mach_ipc_check_method = mac_test_mach_ipc_check_method, .mpo_lctx_check_setlabel = mac_test_lctx_check_setlabel, .mpo_mount_check_getattr = mac_test_mount_check_getattr, .mpo_mount_check_setattr = mac_test_mount_check_setattr, @@ -3328,7 +3328,7 @@ .mpo_proc_check_setlcid = mac_test_proc_check_setlcid, .mpo_proc_check_signal = mac_test_proc_check_signal, .mpo_proc_check_wait = mac_test_proc_check_wait, - .mpo_request_object_label = mac_test_request_object_label, + .mpo_mach_request_object_label = mac_test_mach_request_object_label, .mpo_mach_check_service_access = mac_test_mach_check_service_access, .mpo_check_set_fd = mac_test_check_set_fd, .mpo_pipe_check_kqfilter = mac_test_pipe_check_kqfilter,