PERFORCE change 118477 for review
Robert Watson
rwatson at FreeBSD.org
Fri Apr 20 14:35:51 UTC 2007
http://perforce.freebsd.org/chv.cgi?CH=118477
Change 118477 by rwatson at rwatson_zoo on 2007/04/20 14:35:39
Alphabetize now that things are settling out a bit.
Affected files ...
.. //depot/projects/trustedbsd/audit3/sys/security/mac/mac_audit.c#9 edit
.. //depot/projects/trustedbsd/audit3/sys/security/mac/mac_framework.h#7 edit
.. //depot/projects/trustedbsd/audit3/sys/security/mac/mac_policy.h#7 edit
Differences ...
==== //depot/projects/trustedbsd/audit3/sys/security/mac/mac_audit.c#9 (text+ko) ====
@@ -46,56 +46,56 @@
#include <security/mac/mac_policy.h>
int
-mac_check_system_audit(struct ucred *cred, void *record, int length)
+mac_check_proc_setaudit(struct ucred *cred, struct auditinfo *ai)
{
int error;
- MAC_CHECK(check_system_audit, cred, record, length);
+ MAC_CHECK(check_proc_setaudit, cred, ai);
return (error);
}
int
-mac_check_system_auditon(struct ucred *cred, int cmd)
+mac_check_proc_setauid(struct ucred *cred, uid_t auid)
{
int error;
- MAC_CHECK(check_system_auditon, cred, cmd);
+ MAC_CHECK(check_proc_setauid, cred, auid);
return (error);
}
int
-mac_check_system_auditctl(struct ucred *cred, struct vnode *vp)
+mac_check_system_audit(struct ucred *cred, void *record, int length)
{
int error;
- struct label *vl;
- ASSERT_VOP_LOCKED(vp, "mac_check_system_auditctl");
-
- vl = (vp != NULL) ? vp->v_label : NULL;
+ MAC_CHECK(check_system_audit, cred, record, length);
- MAC_CHECK(check_system_auditctl, cred, vp, vl);
-
return (error);
}
int
-mac_check_proc_setauid(struct ucred *cred, uid_t auid)
+mac_check_system_auditctl(struct ucred *cred, struct vnode *vp)
{
int error;
+ struct label *vl;
+
+ ASSERT_VOP_LOCKED(vp, "mac_check_system_auditctl");
- MAC_CHECK(check_proc_setauid, cred, auid);
+ vl = (vp != NULL) ? vp->v_label : NULL;
+
+ MAC_CHECK(check_system_auditctl, cred, vp, vl);
return (error);
}
int
-mac_check_proc_setaudit(struct ucred *cred, struct auditinfo *ai)
+mac_check_system_auditon(struct ucred *cred, int cmd)
{
int error;
- MAC_CHECK(check_proc_setaudit, cred, ai);
+ MAC_CHECK(check_system_auditon, cred, cmd);
return (error);
}
==== //depot/projects/trustedbsd/audit3/sys/security/mac/mac_framework.h#7 (text+ko) ====
@@ -298,6 +298,8 @@
int mac_check_posix_sem_wait(struct ucred *cred, struct ksem *ksemptr);
int mac_check_proc_debug(struct ucred *cred, struct proc *proc);
int mac_check_proc_sched(struct ucred *cred, struct proc *proc);
+int mac_check_proc_setaudit(struct ucred *cred, struct auditinfo *ai);
+int mac_check_proc_setauid(struct ucred *cred, uid_t auid);
int mac_check_proc_setuid(struct proc *proc, struct ucred *cred,
uid_t uid);
int mac_check_proc_seteuid(struct proc *proc, struct ucred *cred,
@@ -335,6 +337,9 @@
int mac_check_socket_visible(struct ucred *cred, struct socket *so);
int mac_check_sysarch_ioperm(struct ucred *cred);
int mac_check_system_acct(struct ucred *cred, struct vnode *vp);
+int mac_check_system_audit(struct ucred *cred, void *record, int length);
+int mac_check_system_auditctl(struct ucred *cred, struct vnode *vp);
+int mac_check_system_auditon(struct ucred *cred, int cmd);
int mac_check_system_nfsd(struct ucred *cred);
int mac_check_system_reboot(struct ucred *cred, int howto);
int mac_check_system_settime(struct ucred *cred);
@@ -417,16 +422,6 @@
int mac_priv_grant(struct ucred *cred, int priv);
/*
- * XXXRW: Audit checks should be above, but list them here to make a more
- * sensible diff for now.
- */
-int mac_check_system_audit(struct ucred *cred, void *record, int length);
-int mac_check_system_auditon(struct ucred *cred, int cmd);
-int mac_check_system_auditctl(struct ucred *cred, struct vnode *vp);
-int mac_check_proc_setauid(struct ucred *cred, uid_t auid);
-int mac_check_proc_setaudit(struct ucred *cred, struct auditinfo *ai);
-
-/*
* Calls to help various file systems implement labeling functionality using
* their existing EA implementation.
*/
==== //depot/projects/trustedbsd/audit3/sys/security/mac/mac_policy.h#7 (text+ko) ====
@@ -456,6 +456,9 @@
struct proc *proc);
typedef int (*mpo_check_proc_sched_t)(struct ucred *cred,
struct proc *proc);
+typedef int (*mpo_check_proc_setaudit_t)(struct ucred *cred,
+ struct auditinfo *ai);
+typedef int (*mpo_check_proc_setauid_t)(struct ucred *cred, uid_t auid);
typedef int (*mpo_check_proc_setuid_t)(struct ucred *cred, uid_t uid);
typedef int (*mpo_check_proc_seteuid_t)(struct ucred *cred, uid_t euid);
typedef int (*mpo_check_proc_setgid_t)(struct ucred *cred, gid_t gid);
@@ -505,6 +508,11 @@
typedef int (*mpo_check_sysarch_ioperm_t)(struct ucred *cred);
typedef int (*mpo_check_system_acct_t)(struct ucred *cred,
struct vnode *vp, struct label *vlabel);
+typedef int (*mpo_check_system_audit_t)(struct ucred *cred, void *record,
+ int length);
+typedef int (*mpo_check_system_auditctl_t)(struct ucred *cred,
+ struct vnode *vp, struct label *vplabel);
+typedef int (*mpo_check_system_auditon_t)(struct ucred *cred, int cmd);
typedef int (*mpo_check_system_nfsd_t)(struct ucred *cred);
typedef int (*mpo_check_system_reboot_t)(struct ucred *cred, int howto);
typedef int (*mpo_check_system_settime_t)(struct ucred *cred);
@@ -608,19 +616,6 @@
typedef int (*mpo_priv_check_t)(struct ucred *cred, int priv);
typedef int (*mpo_priv_grant_t)(struct ucred *cred, int priv);
-/*
- * XXXRW: Audit checks should be above, but list them here to make a more
- * sensible diff for now.
- */
-typedef int (*mpo_check_system_audit_t)(struct ucred *cred, void *record,
- int length);
-typedef int (*mpo_check_system_auditon_t)(struct ucred *cred, int cmd);
-typedef int (*mpo_check_system_auditctl_t)(struct ucred *cred,
- struct vnode *vp, struct label *vplabel);
-typedef int (*mpo_check_proc_setauid_t)(struct ucred *cred, uid_t auid);
-typedef int (*mpo_check_proc_setaudit_t)(struct ucred *cred,
- struct auditinfo *ai);
-
struct mac_policy_ops {
/*
* Policy module operations.
@@ -841,6 +836,8 @@
mpo_check_posix_sem_wait_t mpo_check_posix_sem_wait;
mpo_check_proc_debug_t mpo_check_proc_debug;
mpo_check_proc_sched_t mpo_check_proc_sched;
+ mpo_check_proc_setaudit_t mpo_check_proc_setaudit;
+ mpo_check_proc_setauid_t mpo_check_proc_setauid;
mpo_check_proc_setuid_t mpo_check_proc_setuid;
mpo_check_proc_seteuid_t mpo_check_proc_seteuid;
mpo_check_proc_setgid_t mpo_check_proc_setgid;
@@ -867,6 +864,9 @@
mpo_check_socket_visible_t mpo_check_socket_visible;
mpo_check_sysarch_ioperm_t mpo_check_sysarch_ioperm;
mpo_check_system_acct_t mpo_check_system_acct;
+ mpo_check_system_audit_t mpo_check_system_audit;
+ mpo_check_system_auditctl_t mpo_check_system_auditctl;
+ mpo_check_system_auditon_t mpo_check_system_auditon;
mpo_check_system_nfsd_t mpo_check_system_nfsd;
mpo_check_system_reboot_t mpo_check_system_reboot;
mpo_check_system_settime_t mpo_check_system_settime;
@@ -916,16 +916,6 @@
mpo_create_mbuf_from_syncache_t mpo_create_mbuf_from_syncache;
mpo_priv_check_t mpo_priv_check;
mpo_priv_grant_t mpo_priv_grant;
-
- /*
- * XXXRW: Audit checks should be above, but list them here to make a
- * more sensible diff for now.
- */
- mpo_check_system_audit_t mpo_check_system_audit;
- mpo_check_system_auditon_t mpo_check_system_auditon;
- mpo_check_system_auditctl_t mpo_check_system_auditctl;
- mpo_check_proc_setauid_t mpo_check_proc_setauid;
- mpo_check_proc_setaudit_t mpo_check_proc_setaudit;
};
/*
More information about the p4-projects
mailing list