PERFORCE change 113345 for review

Todd Miller millert at FreeBSD.org
Mon Jan 22 16:05:21 UTC 2007


http://perforce.freebsd.org/chv.cgi?CH=113345

Change 113345 by millert at millert_macbook on 2007/01/22 16:03:51

	No longer need MAC_SOCKET, use MAC instead.

Affected files ...

.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/conf/MASTER#3 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/sys_socket.c#6 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/uipc_socket.c#7 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/uipc_socket2.c#7 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/uipc_syscalls.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/uipc_usrreq.c#9 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet/raw_ip.c#7 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet/tcp_input.c#7 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet/tcp_output.c#7 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet/tcp_subr.c#8 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/conf/MASTER#3 (text+ko) ====

@@ -93,7 +93,6 @@
 options		HW_AST		# Hardware ast support		# <hw_ast>
 options 	HW_FOOTPRINT	# Cache footprint support	# <hw_foot>
 options		MAC		# Mandatory ACcess Control
-options		MAC_SOCKET	# MAC socket labels
 options		LCTX		# Login Context
 options 	MACH		# Standard Mach features	# <mach>
 options		MACH_ASSERT	# Compile in assertions		# <test>

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/sys_socket.c#6 (text+ko) ====

@@ -124,7 +124,7 @@
 			       struct mbuf **controlp, int *flagsp);
 
 
-#ifdef MAC_SOCKET
+#ifdef MAC
 	int error;
 #endif
 
@@ -132,7 +132,7 @@
                 /* This is not a valid open file descriptor */
 		return(EBADF);
         }
-#ifdef MAC_SOCKET
+#ifdef MAC
 	SOCK_LOCK(so);
 	error = mac_socket_check_receive(cred, so);
 	SOCK_UNLOCK(so);
@@ -160,7 +160,7 @@
 				struct uio *uio2, struct mbuf *top,
 				struct mbuf *control, int flags2);
 	int           stat;
-#ifdef MAC_SOCKET
+#ifdef MAC
 	int error;
 #endif
 
@@ -169,7 +169,7 @@
 		return (EBADF);
 	}
 
-#ifdef MAC_SOCKET
+#ifdef MAC
 	SOCK_LOCK(so);
 	error = mac_socket_check_send(cred, so);
 	SOCK_UNLOCK(so);
@@ -367,7 +367,7 @@
 		return (0);
 
 	socket_lock(so, 1);
-#ifdef MAC_SOCKET
+#ifdef MAC
 	if (mac_socket_check_select(proc_ucred(p), so, which))
 		goto done;	/* will unlock 'so' */
 #endif
@@ -417,7 +417,7 @@
 {
 	int stat;
 
-#ifdef MAC_SOCKET
+#ifdef MAC
 	SOCK_LOCK(so);
 	stat = mac_socket_check_stat(kauth_cred_get(), so);
 	SOCK_UNLOCK(so);

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/uipc_socket.c#7 (text+ko) ====

@@ -431,7 +431,7 @@
 	if (so) {
 	     so->so_gencnt = ++so_gencnt;
 	     so->so_zone = socket_zone;
-#ifdef MAC_SOCKET
+#ifdef MAC
 	     if (mac_socket_label_init(so, waitok) != 0) {
 			sodealloc(so);
 			return (NULL);
@@ -497,7 +497,7 @@
 	so->so_rcv.sb_flags |= SB_RECV;	/* XXX */
 	so->so_rcv.sb_so = so->so_snd.sb_so = so;
 #endif
-#ifdef MAC_SOCKET
+#ifdef MAC
 	mac_socket_label_associate(kauth_cred_get(), so);
 #endif
 	
@@ -581,7 +581,7 @@
 {
 	so->so_gencnt = ++so_gencnt;
 
-#ifdef MAC_SOCKET
+#ifdef MAC
 	mac_socket_label_destroy(so);
 #endif
 #ifndef __APPLE__
@@ -2155,7 +2155,7 @@
 	struct	linger l;
 	struct	timeval tv;
 	short	val;
-#ifdef MAC_SOCKET
+#ifdef MAC
 	struct mac extmac;
 #endif
 
@@ -2349,7 +2349,7 @@
 			break;
 
 		case SO_LABEL:
-#ifdef MAC_SOCKET
+#ifdef MAC
 			error = sooptcopyin(sopt, &extmac, sizeof extmac,
 					    sizeof extmac);
 			if (error)
@@ -2415,7 +2415,7 @@
 	int	error, optval;
 	struct	linger l;
 	struct	timeval tv;
-#ifdef MAC_SOCKET
+#ifdef MAC
 	struct mac extmac;
 #endif
 
@@ -2560,7 +2560,7 @@
 			goto integer;
 
 		case SO_LABEL:
-#ifdef MAC_SOCKET
+#ifdef MAC
 			error = sooptcopyin(sopt, &extmac, sizeof(extmac),
 					    sizeof(extmac));
 			if (error)
@@ -2576,7 +2576,7 @@
 			break;
 
 		case SO_PEERLABEL:
-#ifdef MAC_SOCKET
+#ifdef MAC
 			error = sooptcopyin(sopt, &extmac, sizeof(extmac),
 					    sizeof(extmac));
 			if (error)
@@ -2772,7 +2772,7 @@
 	struct sockbuf *sb;
 	socket_lock(so, 1);
 
-#ifdef MAC_SOCKET
+#ifdef MAC
 	if (mac_socket_check_kqfilter(proc_ucred(p), kn, so) != 0) {
 		socket_unlock(so, 1);
 		return (1);

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/uipc_socket2.c#7 (text+ko) ====

@@ -305,7 +305,7 @@
 	so->so_pgid  = head->so_pgid;
 	so->so_uid = head->so_uid;
 	so->so_usecount = 1;
-#ifdef MAC_SOCKET
+#ifdef MAC
 	mac_socket_label_associate_accept(head, so);
 #endif
 

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/uipc_syscalls.c#4 (text+ko) ====

@@ -199,7 +199,7 @@
 	struct fileproc *fp;
 	int fd, error;
 
-#ifdef MAC_SOCKET
+#ifdef MAC
 	error = mac_socket_check_create(proc_ucred(p), uap->domain, uap->type,
 		uap->protocol);
 	if (error)
@@ -249,7 +249,7 @@
 		goto out;
 	AUDIT_ARG(sockaddr, p, sa);
 	if (so != NULL)	
-#ifdef MAC_SOCKET
+#ifdef MAC
 	{
 		SOCK_LOCK(so);
 		error = mac_socket_check_bind(proc_ucred(p), so, sa);
@@ -281,7 +281,7 @@
 	if (error)
 		return (error);
 	if (so != NULL)
-#ifdef MAC_SOCKET
+#ifdef MAC
 	{
 		SOCK_LOCK(so);
 		error = mac_socket_check_listen(proc_ucred(p), so);
@@ -353,7 +353,7 @@
 		error = EINVAL;
 		goto out;
 	}
-#ifdef MAC_SOCKET
+#ifdef MAC
 	error = mac_socket_check_accept(proc_ucred(p), head);
 	if (error != 0) {
 		socket_unlock(head, 1);
@@ -439,7 +439,7 @@
 	(void) soacceptlock(so, &sa, 0);
 	socket_unlock(head, 1);
 #ifdef __darinw8_notyet
-#ifdef MAC_SOCKET
+#ifdef MAC
 	error = mac_socket_check_accepted(proc_ucred(p), so, sa);
 	if (error) {
 		if (sa != 0)
@@ -532,7 +532,7 @@
 		goto out;
 	}
 	AUDIT_ARG(sockaddr, p, sa);
-#ifdef MAC_SOCKET
+#ifdef MAC
 	error = mac_socket_check_connect(proc_ucred(p), so, sa);
 	if (error)
 		goto bad;
@@ -716,7 +716,7 @@
 		error = EBADF;
 		goto bad;
 	}
-#ifdef MAC_SOCKET
+#ifdef MAC
 	SOCK_LOCK(so);
 	error = mac_socket_check_send(proc_ucred(p), so);
 	SOCK_UNLOCK(so);
@@ -991,7 +991,7 @@
 	}
 	proc_fdunlock(p);
 
-#ifdef MAC_SOCKET
+#ifdef MAC
 	SOCK_LOCK(so);
 	error = mac_socket_check_receive(proc_ucred(p), so);
 	SOCK_UNLOCK(so);
@@ -1897,7 +1897,7 @@
 		error = EINVAL;
 		goto done3;
 	}
-#ifdef MAC_SOCKET
+#ifdef MAC
 	error = mac_socket_check_send(proc_ucred(p), so);
 	if (error)
 		goto done3;	/* will unlock 'so' */

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/uipc_usrreq.c#9 (text+ko) ====

@@ -815,7 +815,7 @@
 		    sizeof(unp->unp_peercred));
 		unp->unp_flags |= UNP_HAVEPC;
 
-#ifdef MAC_SOCKET
+#ifdef MAC
 		/* XXXMAC: recursive lock: SOCK_LOCK(so); */
 		mac_socketpeer_label_associate_socket(so, so3);
 		mac_socketpeer_label_associate_socket(so3, so);

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet/raw_ip.c#7 (text+ko) ====

@@ -375,7 +375,7 @@
 		inp->inp_route.ro_rt = (struct rtentry *)0;
 	}
 
-#ifdef MAC_SOCKET
+#ifdef MAC
 	mac_mbuf_label_associate_inpcb(inp, m);
 #endif
 

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet/tcp_input.c#7 (text+ko) ====

@@ -910,7 +910,7 @@
 	else
 		tiwin = th->th_win;
 
-#ifdef MAC_SOCKET
+#ifdef MAC
 	if (mac_inpcb_check_deliver(inp, m))
 		goto drop;
 #endif
@@ -1648,7 +1648,7 @@
 		if (thflags & TH_ACK) {
 			tcpstat.tcps_connects++;
 			soisconnected(so);
-#ifdef MAC_SOCKET
+#ifdef MAC
 			/* XXXMAC: recursive lock: SOCK_LOCK(so); */
 			mac_socketpeer_label_associate_mbuf(m, so);
 			/* XXXMAC: SOCK_UNLOCK(so); */

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet/tcp_output.c#7 (text+ko) ====

@@ -1005,7 +1005,7 @@
 		m->m_len = hdrlen;
 	}
 	m->m_pkthdr.rcvif = 0;
-#ifdef MAC_SOCKET
+#ifdef MAC
 	mac_mbuf_label_associate_inpcb(tp->t_inpcb, m);
 #endif
 #if INET6

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet/tcp_subr.c#8 (text+ko) ====

@@ -575,7 +575,7 @@
 	m->m_len = tlen;
 	m->m_pkthdr.len = tlen;
 	m->m_pkthdr.rcvif = 0;
-#ifdef MAC_SOCKET
+#ifdef MAC
 	if (tp != NULL && tp->t_inpcb != NULL) {
 		/*
 		 * Packet is associated with a socket, so allow the


More information about the trustedbsd-cvs mailing list