PERFORCE change 147195 for review

Christian S.J. Peron csjp at FreeBSD.org
Tue Aug 12 00:27:50 UTC 2008 

http://perforce.freebsd.org/chv.cgi?CH=147195

Change 147195 by csjp at ibm01 on 2008/08/12 00:27:25

	Drop a Phoenix Down on to mac_chkexec and revive it from an unconscious
	state.  This allows it to build.  More goodies to follow.
	
	Submitted by:	Samy Al Bahra

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/security/mac_chkexec/mac_chkexec.c#19 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/security/mac_chkexec/mac_chkexec.c#19 (text+ko) ====

@@ -47,6 +47,7 @@
 #include <sys/tree.h>
 #include <sys/vnode.h>
 #include <sys/file.h>
+#include <sys/fcntl.h>
 #include <sys/socket.h>
 #include <sys/socketvar.h>
 #include <sys/sysctl.h>
@@ -60,10 +61,11 @@
 
 #include <vm/vm.h>
 
+#include <crypto/sha1.h>
+
 #include <security/mac/mac_policy.h>
-#include <security/mac_chkexec/mac_chkexec.h>
+#include "mac_chkexec.h"
 
-#include <crypto/sha1.h>
 
 /*
  * Prototypes
@@ -79,12 +81,12 @@
 static int	 mac_chkexec_set_vcsum(struct vnode *,
 		     struct mac_vcsum *);
 static int	 mac_chkexec_check(struct vnode *, struct ucred *);
-static int	 mac_chkexec_check_vnode_exec(struct ucred *,
+static int	 mac_chkexec_vnode_check_exec(struct ucred *,
 		     struct vnode *, struct label *,
 		     struct image_params *, struct label *);
-static int	 mac_chkexec_check_vnode_mmap(struct ucred *,
+static int	 mac_chkexec_vnode_check_mmap(struct ucred *,
 		     struct vnode *, struct label *, int, int);
-static int	 mac_chkexec_check_kld_load(struct ucred *,
+static int	 mac_chkexec_kld_check_load(struct ucred *,
 		     struct vnode *, struct label *);
 static int	 mac_chkexec_vpcmp(struct vcache *, struct vcache *);
 
@@ -655,7 +657,7 @@
 }
 
 static int
-mac_chkexec_check_vnode_exec(struct ucred *cred, struct vnode *vp,
+mac_chkexec_vnode_check_exec(struct ucred *cred, struct vnode *vp,
     struct label *label, struct image_params *imgp,
     struct label *execlabel)
 {
@@ -669,7 +671,7 @@
 }
 
 static int
-mac_chkexec_check_vnode_mmap(struct ucred *cred, struct vnode *vp,
+mac_chkexec_vnode_check_mmap(struct ucred *cred, struct vnode *vp,
     struct label *label, int prot, int flags)
 {
 	int error;
@@ -687,7 +689,7 @@
 }
 
 static int
-mac_chkexec_check_kld_load(struct ucred *cred, struct vnode *vp,
+mac_chkexec_kld_check_load(struct ucred *cred, struct vnode *vp,
     struct label *vlabel)
 {
 	int error;
@@ -706,7 +708,7 @@
  * with this inode.
  */
 static int
-mac_chkexec_check_vnode_open(struct ucred *cred, struct vnode *vp,
+mac_chkexec_vnode_check_open(struct ucred *cred, struct vnode *vp,
     struct label *vnodelabel, int acc_mode)
 {
 
@@ -720,7 +722,7 @@
 }
 
 static int
-mac_chkexec_check_vnode_delete(struct ucred *cred, struct vnode *dvp,
+mac_chkexec_vnode_check_unlink(struct ucred *cred, struct vnode *dvp,
     struct label *dlabel, struct vnode *vp, struct label *label,
     struct componentname *cnp)
 {
@@ -743,7 +745,7 @@
  * If the checksums do not match, deny access.
  */
 static int
-mac_chkexec_check_vnode_access(struct ucred *cred, struct vnode *vp,
+mac_chkexec_vnode_check_access(struct ucred *cred, struct vnode *vp,
     struct label *label, int acc_mode)
 {
 	int error;
@@ -763,7 +765,7 @@
  * with storing the checksums, deny access.
  */
 static int
-mac_chkexec_check_vnode_setextattr(struct ucred *cred, struct vnode *vp,
+mac_chkexec_vnode_check_setextattr(struct ucred *cred, struct vnode *vp,
     struct label *vnodelabel, int attrnamespace, const char *name,
     struct uio *uio)
 {
@@ -781,7 +783,7 @@
 }
 
 static int
-mac_chkexec_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp,
+mac_chkexec_vnode_check_deleteextattr(struct ucred *cred, struct vnode *vp,
     struct label *label, int attrnamespace, const char *name)
 {
 
@@ -798,7 +800,7 @@
 }
 
 static int
-mac_chkexec_check_vnode_write(struct ucred *cred, struct ucred *fcred,
+mac_chkexec_vnode_check_write(struct ucred *cred, struct ucred *fcred,
     struct vnode *vp, struct label *label)
 {
 
@@ -866,15 +868,15 @@
 {
 	.mpo_init = mac_chkexec_init,
 	.mpo_destroy = mac_chkexec_destroy,
-	.mpo_check_vnode_exec = mac_chkexec_check_vnode_exec,
-	.mpo_check_vnode_mmap = mac_chkexec_check_vnode_mmap,
-	.mpo_check_kld_load = mac_chkexec_check_kld_load,
-	.mpo_check_vnode_open = mac_chkexec_check_vnode_open,
-	.mpo_check_vnode_delete = mac_chkexec_check_vnode_delete,
-	.mpo_check_vnode_access = mac_chkexec_check_vnode_access,
-	.mpo_check_vnode_deleteextattr = mac_chkexec_check_vnode_deleteextattr,
-	.mpo_check_vnode_setextattr = mac_chkexec_check_vnode_setextattr,
-	.mpo_check_vnode_write = mac_chkexec_check_vnode_write,
+	.mpo_vnode_check_exec = mac_chkexec_vnode_check_exec,
+	.mpo_vnode_check_mmap = mac_chkexec_vnode_check_mmap,
+	.mpo_kld_check_load = mac_chkexec_kld_check_load,
+	.mpo_vnode_check_open = mac_chkexec_vnode_check_open,
+	.mpo_vnode_check_unlink = mac_chkexec_vnode_check_unlink,
+	.mpo_vnode_check_access = mac_chkexec_vnode_check_access,
+	.mpo_vnode_check_deleteextattr = mac_chkexec_vnode_check_deleteextattr,
+	.mpo_vnode_check_setextattr = mac_chkexec_vnode_check_setextattr,
+	.mpo_vnode_check_write = mac_chkexec_vnode_check_write,
 	.mpo_syscall = mac_chkexec_syscall,
 };

More information about the p4-projects mailing list