From owner-p4-projects@FreeBSD.ORG Fri Nov 9 10:48:51 2007 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 21FFB16A46C; Fri, 9 Nov 2007 10:48:51 +0000 (UTC) Delivered-To: perforce@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CD91C16A46D for ; Fri, 9 Nov 2007 10:48:50 +0000 (UTC) (envelope-from zhouzhouyi@FreeBSD.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id AB4BD13C4CE for ; Fri, 9 Nov 2007 10:48:50 +0000 (UTC) (envelope-from zhouzhouyi@FreeBSD.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.1/8.14.1) with ESMTP id lA9AmoLA002252 for ; Fri, 9 Nov 2007 10:48:50 GMT (envelope-from zhouzhouyi@FreeBSD.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.14.1/8.14.1/Submit) id lA9AmoAR002249 for perforce@freebsd.org; Fri, 9 Nov 2007 10:48:50 GMT (envelope-from zhouzhouyi@FreeBSD.org) Date: Fri, 9 Nov 2007 10:48:50 GMT Message-Id: <200711091048.lA9AmoAR002249@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to zhouzhouyi@FreeBSD.org using -f From: Zhouyi ZHOU To: Perforce Change Reviews Cc: Subject: PERFORCE change 128862 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Nov 2007 10:48:51 -0000 http://perforce.freebsd.org/chv.cgi?CH=128862 Change 128862 by zhouzhouyi@zhouzhouyi_mactest on 2007/11/09 10:48:22 As a part of Integration according to rwatson's change to MAC Framework Affected files ... .. //depot/projects/soc2007/zhouzhouyi_mactest_soc/sys/security/mac/mac_vfs.c#8 edit .. //depot/projects/soc2007/zhouzhouyi_mactest_soc/sys/security/mac_biba/mac_biba.c#7 edit .. //depot/projects/soc2007/zhouzhouyi_mactest_soc/sys/security/mac_test/mac_test.c#10 edit .. //depot/projects/soc2007/zhouzhouyi_mactest_soc/sys/security/mac_test/mac_test_private.h#6 edit Differences ... ==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/sys/security/mac/mac_vfs.c#8 (text+ko) ==== @@ -108,6 +108,8 @@ { if (de&&de->de_dirent&&!strncmp(de->de_dirent->d_name,"mactest", 7)) de->de_label = mac_mactest_label_alloc(); + else if (de&&de->de_dirent&&!strncmp(de->de_dirent->d_name,"null", 4)) + de->de_label = mac_mactest_label_alloc(); else de->de_label = mac_devfs_label_alloc(); } ==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/sys/security/mac_biba/mac_biba.c#7 (text+ko) ==== @@ -918,6 +918,7 @@ mb = SLOT(delabel); if (strcmp(dev->si_name, "null") == 0 || strcmp(dev->si_name, "zero") == 0 || + strcmp(dev->si_name, "mactest") == 0 || strcmp(dev->si_name, "random") == 0 || strncmp(dev->si_name, "fd/", strlen("fd/")) == 0) biba_type = MAC_BIBA_TYPE_EQUAL; ==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/sys/security/mac_test/mac_test.c#10 (text+ko) ==== @@ -1,8 +1,8 @@ /*- - * Copyright (c) 2007 Zhouyi Zhou * Copyright (c) 1999-2002, 2007 Robert N. M. Watson * Copyright (c) 2001-2005 McAfee, Inc. * Copyright (c) 2006 SPARTA, Inc. + * Copyright (c) 2007 Zhouyi Zhou * All rights reserved. * * This software was developed by Robert Watson for the TrustedBSD Project. @@ -113,12 +113,39 @@ SYSCTL_NODE(_security_mac_test, OID_AUTO, counter, CTLFLAG_RW, 0, "TrustedBSD mac_test counters controls"); +#define LOG_DECL \ + char *buffer; \ + char *currentchar; \ + char *element1; \ + char *buffer1; \ + int error; \ + struct thread *td1 = curthread; \ + volatile int badmem = 0; \ + error = 0; \ + buffer = malloc(1024, M_MAC_TEST_LOG, M_NOWAIT); \ + if (!buffer) \ + badmem = 1; \ + element1 = buffer + 512; buffer1 = element1 + 256; \ + /*element1 and buffer1 will not be used if badmem == 1*/ \ + currentchar = buffer; + #define COUNTER_DECL(variable) \ static int counter_##variable; \ SYSCTL_INT(_security_mac_test_counter, OID_AUTO, variable, \ CTLFLAG_RD, &counter_##variable, 0, #variable) -#define COUNTER_INC(variable) atomic_add_int(&counter_##variable, 1) +#define COUNTER_INC(variable) do { \ + atomic_add_int(&counter_##variable, 1); \ + if (!badmem) { \ + strcpy(currentchar, #variable); \ + currentchar += strlen(currentchar); \ + sprintf(currentchar, "#pid = %d\n", td1->td_proc->p_pid);\ + mac_test_log_submit(buffer, strlen(buffer)); \ + free(buffer, M_MAC_TEST_LOG); \ + } \ +} while (0) + +#define COUNTER_INC1(variable) atomic_add_int(&counter_##variable, 1) #ifdef KDB #define DEBUGGER(func, string) kdb_enter((string)) @@ -131,9 +158,20 @@ KASSERT(SLOT(label) == magic || SLOT(label) == 0 || \ SLOT(label) == MAGIC_MACTESTLOG, \ ("%s: bad %s label", __func__, #magic)); \ + } \ + if (!badmem) { \ + strcpy(element1, elements); \ + if (label != NULL) { \ + MAC_EXTERNALIZE(cred, label, element1, buffer1, 256); \ + } else \ + strcpy(buffer1,"NULL"); \ + sprintf(currentchar, "%s ", buffer1); \ + currentchar += strlen(currentchar); \ } \ } while (0) + + #define LABEL_DESTROY(label, magic) do { \ if (SLOT(label) == magic || SLOT(label) == 0 || \ SLOT(label) == MAGIC_MACTESTLOG ) { \ @@ -163,7 +201,8 @@ test_bpfdesc_check_receive(struct bpf_d *d, struct label *dlabel, struct ifnet *ifp, struct label *ifplabel) { - + + LOG_DECL LABEL_CHECK(dlabel, MAGIC_BPF); LABEL_CHECK(ifplabel, MAGIC_IFNET); COUNTER_INC(bpfdesc_check_receive); @@ -177,6 +216,7 @@ struct label *dlabel) { + LOG_DECL LABEL_CHECK(cred->cr_label, MAGIC_CRED); LABEL_CHECK(dlabel, MAGIC_BPF); COUNTER_INC(bpfdesc_create); @@ -188,6 +228,7 @@ struct mbuf *m, struct label *mlabel) { + LOG_DECL LABEL_CHECK(dlabel, MAGIC_BPF); LABEL_CHECK(mlabel, MAGIC_MBUF); COUNTER_INC(bpfdesc_create_mbuf); @@ -198,6 +239,7 @@ test_bpfdesc_destroy_label(struct label *label) { + LOG_DECL LABEL_DESTROY(label, MAGIC_BPF); COUNTER_INC(bpfdesc_destroy_label); } @@ -207,6 +249,7 @@ test_bpfdesc_init_label(struct label *label) { + LOG_DECL LABEL_INIT(label, MAGIC_BPF); COUNTER_INC(bpfdesc_init_label); } @@ -216,6 +259,7 @@ test_cred_check_relabel(struct ucred *cred, struct label *newlabel) { + LOG_DECL LABEL_CHECK(cred->cr_label, MAGIC_CRED); LABEL_CHECK(newlabel, MAGIC_CRED); COUNTER_INC(cred_check_relabel); @@ -228,6 +272,7 @@ test_cred_check_visible(struct ucred *u1, struct ucred *u2) { + LOG_DECL LABEL_CHECK(u1->cr_label, MAGIC_CRED); LABEL_CHECK(u2->cr_label, MAGIC_CRED); COUNTER_INC(cred_check_visible); @@ -240,6 +285,7 @@ test_cred_copy_label(struct label *src, struct label *dest) { + LOG_DECL LABEL_CHECK(src, MAGIC_CRED); LABEL_CHECK(dest, MAGIC_CRED); COUNTER_INC(cred_copy_label); @@ -250,6 +296,7 @@ test_cred_destroy_label(struct label *label) { + LOG_DECL LABEL_DESTROY(label, MAGIC_CRED); COUNTER_INC(cred_destroy_label); } @@ -260,8 +307,9 @@ struct sbuf *sb, int *claimed) { - LABEL_CHECK(label, MAGIC_CRED); - COUNTER_INC(cred_externalize_label); +// LOG_DECL +// LABEL_CHECK(label, MAGIC_CRED); + COUNTER_INC1(cred_externalize_label); return (0); } @@ -271,6 +319,7 @@ test_cred_init_label(struct label *label) { + LOG_DECL LABEL_INIT(label, MAGIC_CRED); COUNTER_INC(cred_init_label); } @@ -281,6 +330,7 @@ char *element_data, int *claimed) { + LOG_DECL LABEL_CHECK(label, MAGIC_CRED); COUNTER_INC(cred_internalize_label); @@ -292,6 +342,7 @@ test_cred_relabel(struct ucred *cred, struct label *newlabel) { + LOG_DECL LABEL_CHECK(cred->cr_label, MAGIC_CRED); LABEL_CHECK(newlabel, MAGIC_CRED); COUNTER_INC(cred_relabel); @@ -303,6 +354,7 @@ struct cdev *dev, struct devfs_dirent *de, struct label *delabel) { + LOG_DECL if (cred != NULL) LABEL_CHECK(cred->cr_label, MAGIC_CRED); LABEL_CHECK(delabel, MAGIC_DEVFS); @@ -315,6 +367,7 @@ int dirnamelen, struct devfs_dirent *de, struct label *delabel) { + LOG_DECL LABEL_CHECK(delabel, MAGIC_DEVFS); COUNTER_INC(devfs_create_directory); } @@ -326,6 +379,7 @@ struct label *delabel) { + LOG_DECL LABEL_CHECK(cred->cr_label, MAGIC_CRED); LABEL_CHECK(ddlabel, MAGIC_DEVFS); LABEL_CHECK(delabel, MAGIC_DEVFS); @@ -337,6 +391,7 @@ test_devfs_destroy_label(struct label *label) { + LOG_DECL LABEL_DESTROY(label, MAGIC_DEVFS); COUNTER_INC(devfs_destroy_label); } @@ -346,6 +401,7 @@ test_devfs_init_label(struct label *label) { + LOG_DECL LABEL_INIT(label, MAGIC_DEVFS); COUNTER_INC(devfs_init_label); } @@ -356,6 +412,7 @@ struct label *direntlabel, struct vnode *vp, struct label *vplabel) { + LOG_DECL LABEL_CHECK(direntlabel, MAGIC_DEVFS); LABEL_CHECK(vplabel, MAGIC_VNODE); COUNTER_INC(devfs_update); @@ -368,9 +425,12 @@ struct label *vplabel) { + LOG_DECL LABEL_CHECK(mplabel, MAGIC_MOUNT); LABEL_CHECK(delabel, MAGIC_DEVFS); LABEL_CHECK(vplabel, MAGIC_VNODE); + if (delabel != NULL && SLOT(delabel) == MAGIC_MACTESTLOG) + LABEL_INIT(vplabel, MAGIC_MACTESTLOG); COUNTER_INC(devfs_vnode_associate); } @@ -380,6 +440,7 @@ struct label *ifplabel, struct label *newlabel) { + LOG_DECL LABEL_CHECK(cred->cr_label, MAGIC_CRED); LABEL_CHECK(ifplabel, MAGIC_IFNET); LABEL_CHECK(newlabel, MAGIC_IFNET); @@ -394,6 +455,7 @@ struct mbuf *m, struct label *mlabel) { + LOG_DECL LABEL_CHECK(ifplabel, MAGIC_IFNET); LABEL_CHECK(mlabel, MAGIC_MBUF); COUNTER_INC(ifnet_check_transmit); @@ -406,6 +468,7 @@ test_ifnet_copy_label(struct label *src, struct label *dest) { + LOG_DECL LABEL_CHECK(src, MAGIC_IFNET); LABEL_CHECK(dest, MAGIC_IFNET); COUNTER_INC(ifnet_copy_label); @@ -416,6 +479,7 @@ test_ifnet_create(struct ifnet *ifp, struct label *ifplabel) { + LOG_DECL LABEL_CHECK(ifplabel, MAGIC_IFNET); COUNTER_INC(ifnet_create); } @@ -426,6 +490,7 @@ struct mbuf *m, struct label *mlabel) { + LOG_DECL LABEL_CHECK(ifplabel, MAGIC_IFNET); LABEL_CHECK(mlabel, MAGIC_MBUF); COUNTER_INC(ifnet_create_mbuf); @@ -436,6 +501,7 @@ test_ifnet_destroy_label(struct label *label) { + LOG_DECL LABEL_DESTROY(label, MAGIC_IFNET); COUNTER_INC(ifnet_destroy_label); } @@ -446,6 +512,7 @@ struct sbuf *sb, int *claimed) { + LOG_DECL LABEL_CHECK(label, MAGIC_IFNET); COUNTER_INC(ifnet_externalize_label); @@ -457,6 +524,7 @@ test_ifnet_init_label(struct label *label) { + LOG_DECL LABEL_INIT(label, MAGIC_IFNET); COUNTER_INC(ifnet_init_label); } @@ -467,6 +535,7 @@ char *element_data, int *claimed) { + LOG_DECL LABEL_CHECK(label, MAGIC_IFNET); COUNTER_INC(ifnet_internalize_label); @@ -479,6 +548,7 @@ struct label *ifplabel, struct label *newlabel) { + LOG_DECL LABEL_CHECK(cred->cr_label, MAGIC_CRED); LABEL_CHECK(ifplabel, MAGIC_IFNET); LABEL_CHECK(newlabel, MAGIC_IFNET); @@ -491,6 +561,7 @@ struct mbuf *m, struct label *mlabel) { + LOG_DECL LABEL_CHECK(inplabel, MAGIC_INPCB); LABEL_CHECK(mlabel, MAGIC_MBUF); COUNTER_INC(inpcb_check_deliver); @@ -504,6 +575,7 @@ struct inpcb *inp, struct label *inplabel) { + LOG_DECL LABEL_CHECK(solabel, MAGIC_SOCKET); LABEL_CHECK(inplabel, MAGIC_INPCB); COUNTER_INC(inpcb_create); @@ -515,6 +587,7 @@ struct mbuf *m, struct label *mlabel) { + LOG_DECL LABEL_CHECK(inplabel, MAGIC_INPCB); LABEL_CHECK(mlabel, MAGIC_MBUF); COUNTER_INC(inpcb_create_mbuf); @@ -525,6 +598,7 @@ test_inpcb_destroy_label(struct label *label) { + LOG_DECL LABEL_DESTROY(label, MAGIC_INPCB); COUNTER_INC(inpcb_destroy_label); } @@ -534,6 +608,7 @@ test_inpcb_init_label(struct label *label, int flag) { + LOG_DECL if (flag & M_WAITOK) WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, "test_inpcb_init_label() at %s:%d", __FILE__, @@ -550,6 +625,7 @@ struct inpcb *inp, struct label *inplabel) { + LOG_DECL LABEL_CHECK(solabel, MAGIC_SOCKET); LABEL_CHECK(inplabel, MAGIC_INPCB); COUNTER_INC(inpcb_sosetlabel); @@ -561,6 +637,7 @@ struct ipq *ipq, struct label *ipqlabel) { + LOG_DECL LABEL_CHECK(fragmentlabel, MAGIC_MBUF); LABEL_CHECK(ipqlabel, MAGIC_IPQ); COUNTER_INC(ipq_create); @@ -571,6 +648,7 @@ test_ipq_destroy_label(struct label *label) { + LOG_DECL LABEL_DESTROY(label, MAGIC_IPQ); COUNTER_INC(ipq_destroy_label); } @@ -580,6 +658,7 @@ test_ipq_init_label(struct label *label, int flag) { + LOG_DECL if (flag & M_WAITOK) WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, "test_ipq_init_label() at %s:%d", __FILE__, @@ -596,6 +675,7 @@ struct ipq *ipq, struct label *ipqlabel) { + LOG_DECL LABEL_CHECK(fragmentlabel, MAGIC_MBUF); LABEL_CHECK(ipqlabel, MAGIC_IPQ); COUNTER_INC(ipq_match); @@ -609,6 +689,7 @@ struct label *mlabel) { + LOG_DECL LABEL_CHECK(ipqlabel, MAGIC_IPQ); LABEL_CHECK(mlabel, MAGIC_MBUF); COUNTER_INC(ipq_reassemble); @@ -620,6 +701,7 @@ struct label *ipqlabel) { + LOG_DECL LABEL_CHECK(mlabel, MAGIC_MBUF); LABEL_CHECK(ipqlabel, MAGIC_IPQ); COUNTER_INC(ipq_update); @@ -630,6 +712,7 @@ test_kenv_check_dump(struct ucred *cred) { + LOG_DECL LABEL_CHECK(cred->cr_label, MAGIC_CRED); COUNTER_INC(kenv_check_dump); @@ -641,6 +724,7 @@ test_kenv_check_get(struct ucred *cred, char *name) { + LOG_DECL LABEL_CHECK(cred->cr_label, MAGIC_CRED); COUNTER_INC(kenv_check_get); @@ -652,6 +736,7 @@ test_kenv_check_set(struct ucred *cred, char *name, char *value) { + LOG_DECL LABEL_CHECK(cred->cr_label, MAGIC_CRED); COUNTER_INC(kenv_check_set); @@ -663,6 +748,7 @@ test_kenv_check_unset(struct ucred *cred, char *name) { + LOG_DECL LABEL_CHECK(cred->cr_label, MAGIC_CRED); COUNTER_INC(kenv_check_unset); @@ -675,6 +761,7 @@ struct label *label) { + LOG_DECL LABEL_CHECK(cred->cr_label, MAGIC_CRED); LABEL_CHECK(label, MAGIC_VNODE); COUNTER_INC(kld_check_load); @@ -687,6 +774,7 @@ test_kld_check_stat(struct ucred *cred) { + LOG_DECL LABEL_CHECK(cred->cr_label, MAGIC_CRED); COUNTER_INC(kld_check_stat); @@ -698,6 +786,7 @@ test_mbuf_copy_label(struct label *src, struct label *dest) { + LOG_DECL LABEL_CHECK(src, MAGIC_MBUF); LABEL_CHECK(dest, MAGIC_MBUF); COUNTER_INC(mbuf_copy_label); @@ -708,6 +797,7 @@ test_mbuf_destroy_label(struct label *label) { + LOG_DECL /* * If we're loaded dynamically, there may be mbufs in flight that * didn't have label storage allocated for them. Handle this @@ -725,6 +815,7 @@ test_mbuf_init_label(struct label *label, int flag) { + LOG_DECL if (flag & M_WAITOK) WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, "test_mbuf_init_label() at %s:%d", __FILE__, @@ -741,6 +832,7 @@ struct label *mplabel) { + LOG_DECL LABEL_CHECK(cred->cr_label, MAGIC_CRED); LABEL_CHECK(mplabel, MAGIC_MOUNT); COUNTER_INC(mount_check_stat); @@ -754,6 +846,7 @@ struct label *mplabel) { + LOG_DECL LABEL_CHECK(cred->cr_label, MAGIC_CRED); LABEL_CHECK(mplabel, MAGIC_MOUNT); COUNTER_INC(mount_create); @@ -764,6 +857,7 @@ test_mount_destroy_label(struct label *label) { + LOG_DECL LABEL_DESTROY(label, MAGIC_MOUNT); COUNTER_INC(mount_destroy_label); } @@ -773,6 +867,7 @@ test_mount_init_label(struct label *label) { + LOG_DECL LABEL_INIT(label, MAGIC_MOUNT); COUNTER_INC(mount_init_label); } @@ -783,6 +878,7 @@ struct mbuf *m, struct label *mlabel) { + LOG_DECL LABEL_CHECK(ifplabel, MAGIC_IFNET); LABEL_CHECK(mlabel, MAGIC_MBUF); COUNTER_INC(netatalk_aarp_send); @@ -794,6 +890,7 @@ struct mbuf *m, struct label *mlabel) { + LOG_DECL LABEL_CHECK(ifplabel, MAGIC_IFNET); LABEL_CHECK(mlabel, MAGIC_MBUF); COUNTER_INC(netinet_arp_send); @@ -805,6 +902,7 @@ struct mbuf *frag, struct label *fraglabel) { + LOG_DECL LABEL_CHECK(mlabel, MAGIC_MBUF); LABEL_CHECK(fraglabel, MAGIC_MBUF); COUNTER_INC(netinet_fragment); @@ -816,6 +914,7 @@ struct mbuf *msend, struct label *msendlabel) { + LOG_DECL LABEL_CHECK(mrecvlabel, MAGIC_MBUF); LABEL_CHECK(msendlabel, MAGIC_MBUF); COUNTER_INC(netinet_icmp_reply); @@ -826,6 +925,7 @@ test_netinet_icmp_replyinplace(struct mbuf *m, struct label *mlabel) { + LOG_DECL LABEL_CHECK(mlabel, MAGIC_MBUF); COUNTER_INC(netinet_icmp_replyinplace); } @@ -836,6 +936,7 @@ struct mbuf *m, struct label *mlabel) { + LOG_DECL LABEL_CHECK(ifplabel, MAGIC_IFNET); LABEL_CHECK(mlabel, MAGIC_MBUF); COUNTER_INC(netinet_igmp_send); @@ -846,6 +947,7 @@ test_netinet_tcp_reply(struct mbuf *m, struct label *mlabel) { + LOG_DECL LABEL_CHECK(mlabel, MAGIC_MBUF); COUNTER_INC(netinet_tcp_reply); } @@ -856,6 +958,7 @@ struct mbuf *m, struct label *mlabel) { + LOG_DECL LABEL_CHECK(ifplabel, MAGIC_IFNET); LABEL_CHECK(mlabel, MAGIC_MBUF); COUNTER_INC(netinet6_nd6_send); @@ -867,6 +970,7 @@ struct label *pplabel, unsigned long cmd, void /* caddr_t */ *data) { + LOG_DECL LABEL_CHECK(cred->cr_label, MAGIC_CRED); LABEL_CHECK(pplabel, MAGIC_PIPE); COUNTER_INC(pipe_check_ioctl); @@ -880,6 +984,7 @@ struct label *pplabel) { + LOG_DECL LABEL_CHECK(cred->cr_label, MAGIC_CRED); LABEL_CHECK(pplabel, MAGIC_PIPE); COUNTER_INC(pipe_check_poll); @@ -893,6 +998,7 @@ struct label *pplabel) { + LOG_DECL LABEL_CHECK(cred->cr_label, MAGIC_CRED); LABEL_CHECK(pplabel, MAGIC_PIPE); COUNTER_INC(pipe_check_read); @@ -906,6 +1012,7 @@ struct label *pplabel, struct label *newlabel) { + LOG_DECL LABEL_CHECK(cred->cr_label, MAGIC_CRED); LABEL_CHECK(pplabel, MAGIC_PIPE); LABEL_CHECK(newlabel, MAGIC_PIPE); @@ -920,6 +1027,7 @@ struct label *pplabel) { + LOG_DECL LABEL_CHECK(cred->cr_label, MAGIC_CRED); LABEL_CHECK(pplabel, MAGIC_PIPE); COUNTER_INC(pipe_check_stat); @@ -933,6 +1041,7 @@ struct label *pplabel) { + LOG_DECL LABEL_CHECK(cred->cr_label, MAGIC_CRED); LABEL_CHECK(pplabel, MAGIC_PIPE); COUNTER_INC(pipe_check_write); @@ -945,6 +1054,7 @@ test_pipe_copy_label(struct label *src, struct label *dest) { + LOG_DECL LABEL_CHECK(src, MAGIC_PIPE); LABEL_CHECK(dest, MAGIC_PIPE); COUNTER_INC(pipe_copy_label); @@ -956,6 +1066,7 @@ struct label *pplabel) { + LOG_DECL LABEL_CHECK(cred->cr_label, MAGIC_CRED); LABEL_CHECK(pplabel, MAGIC_PIPE); COUNTER_INC(pipe_create); @@ -966,6 +1077,7 @@ test_pipe_destroy_label(struct label *label) { + LOG_DECL LABEL_DESTROY(label, MAGIC_PIPE); COUNTER_INC(pipe_destroy_label); } @@ -976,6 +1088,7 @@ struct sbuf *sb, int *claimed) { + LOG_DECL LABEL_CHECK(label, MAGIC_PIPE); COUNTER_INC(pipe_externalize_label); @@ -987,6 +1100,7 @@ test_pipe_init_label(struct label *label) { + LOG_DECL LABEL_INIT(label, MAGIC_PIPE); COUNTER_INC(pipe_init_label); } @@ -997,6 +1111,7 @@ char *element_data, int *claimed) { + LOG_DECL LABEL_CHECK(label, MAGIC_PIPE); COUNTER_INC(pipe_internalize_label); @@ -1009,6 +1124,7 @@ struct label *pplabel, struct label *newlabel) { + LOG_DECL LABEL_CHECK(cred->cr_label, MAGIC_CRED); LABEL_CHECK(pplabel, MAGIC_PIPE); LABEL_CHECK(newlabel, MAGIC_PIPE); @@ -1021,6 +1137,7 @@ struct label *kslabel) { + LOG_DECL LABEL_CHECK(cred->cr_label, MAGIC_CRED); LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); COUNTER_INC(posixsem_check_destroy); @@ -1034,6 +1151,7 @@ struct label *kslabel) { + LOG_DECL LABEL_CHECK(cred->cr_label, MAGIC_CRED); LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); COUNTER_INC(posixsem_check_getvalue); @@ -1047,6 +1165,7 @@ struct label *kslabel) { + LOG_DECL LABEL_CHECK(cred->cr_label, MAGIC_CRED); LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); COUNTER_INC(posixsem_check_open); @@ -1060,6 +1179,7 @@ struct label *kslabel) { + LOG_DECL LABEL_CHECK(cred->cr_label, MAGIC_CRED); LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); COUNTER_INC(posixsem_check_post); @@ -1073,6 +1193,7 @@ struct label *kslabel) { + LOG_DECL LABEL_CHECK(cred->cr_label, MAGIC_CRED); LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); COUNTER_INC(posixsem_check_unlink); @@ -1086,6 +1207,7 @@ struct label *kslabel) { + LOG_DECL LABEL_CHECK(cred->cr_label, MAGIC_CRED); LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); COUNTER_INC(posixsem_check_wait); @@ -1099,6 +1221,7 @@ struct label *kslabel) { + LOG_DECL LABEL_CHECK(cred->cr_label, MAGIC_CRED); LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); COUNTER_INC(posixsem_create); @@ -1109,6 +1232,7 @@ test_posixsem_destroy_label(struct label *label) { + LOG_DECL LABEL_DESTROY(label, MAGIC_POSIX_SEM); COUNTER_INC(posixsem_destroy_label); } @@ -1118,6 +1242,7 @@ test_posixsem_init_label(struct label *label) { + LOG_DECL LABEL_INIT(label, MAGIC_POSIX_SEM); COUNTER_INC(posixsem_init_label); } @@ -1127,6 +1252,7 @@ test_proc_check_debug(struct ucred *cred, struct proc *p) { + LOG_DECL LABEL_CHECK(cred->cr_label, MAGIC_CRED); LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); COUNTER_INC(proc_check_debug); @@ -1139,6 +1265,7 @@ test_proc_check_sched(struct ucred *cred, struct proc *p) { + LOG_DECL LABEL_CHECK(cred->cr_label, MAGIC_CRED); LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); COUNTER_INC(proc_check_sched); @@ -1151,6 +1278,7 @@ test_proc_check_signal(struct ucred *cred, struct proc *p, int signum) { + LOG_DECL LABEL_CHECK(cred->cr_label, MAGIC_CRED); LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); COUNTER_INC(proc_check_signal); @@ -1163,6 +1291,7 @@ test_proc_check_setaudit(struct ucred *cred, struct auditinfo *ai) { + LOG_DECL LABEL_CHECK(cred->cr_label, MAGIC_CRED); COUNTER_INC(proc_check_setaudit); @@ -1175,6 +1304,7 @@ struct auditinfo_addr *aia) { + LOG_DECL LABEL_CHECK(cred->cr_label, MAGIC_CRED); COUNTER_INC(proc_check_setaudit_addr); @@ -1186,6 +1316,7 @@ test_proc_check_setauid(struct ucred *cred, uid_t auid) { + LOG_DECL LABEL_CHECK(cred->cr_label, MAGIC_CRED); COUNTER_INC(proc_check_setauid); @@ -1197,6 +1328,7 @@ test_proc_check_setegid(struct ucred *cred, gid_t egid) { + LOG_DECL LABEL_CHECK(cred->cr_label, MAGIC_CRED); COUNTER_INC(proc_check_setegid); @@ -1208,6 +1340,7 @@ test_proc_check_seteuid(struct ucred *cred, uid_t euid) { + LOG_DECL LABEL_CHECK(cred->cr_label, MAGIC_CRED); COUNTER_INC(proc_check_euid); @@ -1219,6 +1352,7 @@ test_proc_check_setregid(struct ucred *cred, gid_t rgid, gid_t egid) { + LOG_DECL LABEL_CHECK(cred->cr_label, MAGIC_CRED); COUNTER_INC(proc_check_setregid); @@ -1230,6 +1364,7 @@ test_proc_check_setreuid(struct ucred *cred, uid_t ruid, uid_t euid) { + LOG_DECL LABEL_CHECK(cred->cr_label, MAGIC_CRED); COUNTER_INC(proc_check_setreuid); @@ -1241,6 +1376,7 @@ test_proc_check_setgid(struct ucred *cred, gid_t gid) { + LOG_DECL LABEL_CHECK(cred->cr_label, MAGIC_CRED); COUNTER_INC(proc_check_setgid); @@ -1253,6 +1389,7 @@ gid_t *gidset) { + LOG_DECL LABEL_CHECK(cred->cr_label, MAGIC_CRED); COUNTER_INC(proc_check_setgroups); @@ -1265,6 +1402,7 @@ gid_t sgid) { + LOG_DECL LABEL_CHECK(cred->cr_label, MAGIC_CRED); COUNTER_INC(proc_check_setresgid); @@ -1277,6 +1415,7 @@ uid_t suid) { + LOG_DECL LABEL_CHECK(cred->cr_label, MAGIC_CRED); COUNTER_INC(proc_check_setresuid); @@ -1288,6 +1427,7 @@ test_proc_check_setuid(struct ucred *cred, uid_t uid) { + LOG_DECL LABEL_CHECK(cred->cr_label, MAGIC_CRED); COUNTER_INC(proc_check_setuid); @@ -1299,6 +1439,7 @@ test_proc_check_wait(struct ucred *cred, struct proc *p) { + LOG_DECL LABEL_CHECK(cred->cr_label, MAGIC_CRED); LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); COUNTER_INC(proc_check_wait); @@ -1311,6 +1452,7 @@ test_proc_create_init(struct ucred *cred) { + LOG_DECL LABEL_CHECK(cred->cr_label, MAGIC_CRED); COUNTER_INC(proc_create_init); } @@ -1320,6 +1462,7 @@ test_proc_create_swapper(struct ucred *cred) { + LOG_DECL LABEL_CHECK(cred->cr_label, MAGIC_CRED); COUNTER_INC(proc_create_swapper); } @@ -1329,6 +1472,7 @@ test_proc_destroy_label(struct label *label) { + LOG_DECL LABEL_DESTROY(label, MAGIC_PROC); COUNTER_INC(proc_destroy_label); } @@ -1338,6 +1482,7 @@ test_proc_init_label(struct label *label) { + LOG_DECL LABEL_INIT(label, MAGIC_PROC); COUNTER_INC(proc_init_label); } @@ -1348,6 +1493,7 @@ struct label *solabel) { + LOG_DECL LABEL_CHECK(cred->cr_label, MAGIC_CRED); LABEL_CHECK(solabel, MAGIC_SOCKET); COUNTER_INC(socket_check_accept); @@ -1361,6 +1507,7 @@ struct label *solabel, struct sockaddr *sa) { + LOG_DECL LABEL_CHECK(cred->cr_label, MAGIC_CRED); LABEL_CHECK(solabel, MAGIC_SOCKET); COUNTER_INC(socket_check_bind); @@ -1374,6 +1521,7 @@ struct label *solabel, struct sockaddr *sa) { + LOG_DECL LABEL_CHECK(cred->cr_label, MAGIC_CRED); LABEL_CHECK(solabel, MAGIC_SOCKET); COUNTER_INC(socket_check_connect); @@ -1387,6 +1535,7 @@ struct mbuf *m, struct label *mlabel) { + LOG_DECL LABEL_CHECK(solabel, MAGIC_SOCKET); LABEL_CHECK(mlabel, MAGIC_MBUF); COUNTER_INC(socket_check_deliver); @@ -1400,6 +1549,7 @@ struct label *solabel) { + LOG_DECL LABEL_CHECK(cred->cr_label, MAGIC_CRED); LABEL_CHECK(solabel, MAGIC_SOCKET); >>> TRUNCATED FOR MAIL (1000 lines) <<<