PERFORCE change 113326 for review

Todd Miller millert at FreeBSD.org
Mon Jan 22 15:34:00 UTC 2007


http://perforce.freebsd.org/chv.cgi?CH=113326

Change 113326 by millert at millert_macbook on 2007/01/22 15:30:20

	Replace calls to network_label_copy() with sebsd_label_copy()
	now that we don't have to check for unlabeled mbufs.

Affected files ...

.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#61 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#61 (text+ko) ====

@@ -154,19 +154,10 @@
 }
 
 static void
-network_label_copy(struct label *slabel, struct label *dlabel)
+sebsd_label_copy(struct label *src, struct label *dest)
 {
-	struct network_security_struct *src, *dst;
 
-	if (slabel == NULL || dlabel == NULL)
-		return;
-
-	src = SLOT(slabel);
-	dst = SLOT(dlabel);
-	if (src == NULL || dst == NULL)
-		return;
-
-	*dst = *src;
+	*(struct sebsd_label *)SLOT(dest) = *(struct sebsd_label *)SLOT(src);
 }
 
 /*
@@ -930,7 +921,7 @@
     struct mbuf *m, struct label *mlabel)
 {
 
-	network_label_copy(blabel, mlabel);
+	sebsd_label_copy(blabel, mlabel);
 }
 
 static void
@@ -938,7 +929,7 @@
     struct mbuf *m, struct label *mlabel)
 {
 
-	network_label_copy(ilabel, mlabel);
+	sebsd_label_copy(ilabel, mlabel);
 }
 
 static void
@@ -1137,7 +1128,7 @@
     struct mbuf *m, struct label *mlabel)
 {
 
-	network_label_copy(solabel, mlabel);
+	sebsd_label_copy(solabel, mlabel);
 }
 
 static void
@@ -1201,7 +1192,7 @@
     struct xsocket *news, struct label *newslabel)
 {
 
-	network_label_copy(oldslabel, newslabel);
+	sebsd_label_copy(oldslabel, newslabel);
 }
 
 static int
@@ -1812,7 +1803,7 @@
     struct label *oldlabel, struct label *newlabel)
 {
 
-	network_label_copy(newlabel, oldlabel);
+	sebsd_label_copy(newlabel, oldlabel);
 }
 
 static void
@@ -1853,7 +1844,7 @@
     struct xsocket *xso, struct label *sopeerlabel)
 {
 
-	network_label_copy(mlabel, sopeerlabel);
+	sebsd_label_copy(mlabel, sopeerlabel);
 }
 
 static void
@@ -1862,7 +1853,7 @@
     struct label *newsockpeerlabel)
 {
 
-	network_label_copy(oldslabel, newsockpeerlabel);
+	sebsd_label_copy(oldslabel, newsockpeerlabel);
 }
 
 static int
@@ -2926,13 +2917,6 @@
 	return (sebsd_externalize_sid(sid, element_name, sb));
 }
 
-static void
-sebsd_label_copy(struct label *src, struct label *dest)
-{
-
-	*(struct sebsd_label *)SLOT(dest) = *(struct sebsd_label *)SLOT(src);
-}
-
 #ifdef FD__CREATE
 static int
 sebsd_file_check_create(struct ucred *cred)
@@ -3041,7 +3025,7 @@
     struct label *ifnetlabel, struct label *newlabel)
 {
 
-	network_label_copy(newlabel, ifnetlabel);
+	sebsd_label_copy(newlabel, ifnetlabel);
 }
 
 static void
@@ -3096,19 +3080,9 @@
 	struct network_security_struct *ifsec, *msec;
 	int error;
 
-	if (ifnetlabel == NULL || mbuflabel == NULL) {
-		/* XXX - mbufs are not always labeled! */
-		return (0);
-	}
-
 	ifsec = SLOT(ifnetlabel);
 	msec = SLOT(mbuflabel);
 
-	if (ifsec == NULL || msec == NULL) {
-		/* XXX - should not happen, log and fix */
-		return (0);
-	}
-
 	/* XXX - use an audit struct so we can log useful info */
 	error = avc_has_perm(msec->sid, ifsec->sid, SECCLASS_PACKET,
 	    PACKET__SEND, NULL);
@@ -3504,7 +3478,7 @@
 	.mpo_mbuf_label_associate_bpfdesc = sebsd_mbuf_label_associate_bpfdesc,
 	.mpo_mbuf_label_associate_ifnet = sebsd_mbuf_label_associate_ifnet,
 	.mpo_mbuf_label_associate_socket = sebsd_mbuf_label_associate_socket,
-	.mpo_mbuf_label_copy = network_label_copy,
+	.mpo_mbuf_label_copy = sebsd_label_copy,
 	.mpo_mbuf_label_destroy = sebsd_label_destroy,
 	.mpo_mbuf_label_init = sebsd_label_init2,
 	.mpo_mount_check_getattr = sebsd_mount_check_getattr,
@@ -3594,7 +3568,7 @@
 	.mpo_socket_check_stat = sebsd_socket_check_stat,
 	.mpo_socket_label_associate = sebsd_socket_label_associate,
 	.mpo_socket_label_associate_accept = sebsd_socket_label_associate_accept,
-	.mpo_socket_label_copy = network_label_copy,
+	.mpo_socket_label_copy = sebsd_label_copy,
 	.mpo_socket_label_destroy = sebsd_label_destroy,
 	.mpo_socket_label_externalize = sebsd_label_externalize,
 	.mpo_socket_label_init = sebsd_label_init2,


More information about the trustedbsd-cvs mailing list