PERFORCE change 1191605 for review
Brooks Davis
brooks at FreeBSD.org
Fri Mar 7 22:30:47 UTC 2014
http://p4web.freebsd.org/@@1191605?ac=10
Change 1191605 by brooks at brooks_zenith on 2014/03/07 22:30:22
Rename TESLA_MAC to TESLA_MAC_ALL before splitting the assertions.
Affected files ...
.. //depot/projects/ctsrd/tesla/src/sys/amd64/conf/TESLA#5 edit
.. //depot/projects/ctsrd/tesla/src/sys/amd64/conf/TESLA_ND_ALL#3 edit
.. //depot/projects/ctsrd/tesla/src/sys/amd64/conf/TESLA_ND_ALL_REGRESSION#3 edit
.. //depot/projects/ctsrd/tesla/src/sys/amd64/conf/TESLA_ND_MAC#2 edit
.. //depot/projects/ctsrd/tesla/src/sys/amd64/conf/TESLA_ND_MAC_PROC#2 edit
.. //depot/projects/ctsrd/tesla/src/sys/conf/options#6 edit
.. //depot/projects/ctsrd/tesla/src/sys/kern/kern_prot.c#8 edit
.. //depot/projects/ctsrd/tesla/src/sys/kern/uipc_socket.c#6 edit
.. //depot/projects/ctsrd/tesla/src/sys/security/mac/mac_cred.c#4 edit
.. //depot/projects/ctsrd/tesla/src/sys/security/mac/mac_pipe.c#4 edit
.. //depot/projects/ctsrd/tesla/src/sys/security/mac/mac_process.c#5 edit
.. //depot/projects/ctsrd/tesla/src/sys/security/mac/mac_socket.c#4 edit
.. //depot/projects/ctsrd/tesla/src/sys/security/mac/mac_vfs.c#4 edit
.. //depot/projects/ctsrd/tesla/src/sys/ufs/ffs/ffs_vnops.c#17 edit
.. //depot/projects/ctsrd/tesla/src/sys/ufs/ufs/ufs_acl.c#4 edit
.. //depot/projects/ctsrd/tesla/src/sys/ufs/ufs/ufs_lookup.c#6 edit
.. //depot/projects/ctsrd/tesla/src/sys/ufs/ufs/ufs_vnops.c#7 edit
Differences ...
==== //depot/projects/ctsrd/tesla/src/sys/amd64/conf/TESLA#5 (text+ko) ====
@@ -3,6 +3,6 @@
options TESLA
options TESLA_CAPSICUM
-options TESLA_MAC
+options TESLA_MAC_ALL
options TESLA_PRIV
options TESLA_PROC
==== //depot/projects/ctsrd/tesla/src/sys/amd64/conf/TESLA_ND_ALL#3 (text+ko) ====
@@ -3,7 +3,7 @@
options TESLA
options TESLA_CAPSICUM
-options TESLA_MAC
+options TESLA_MAC_ALL
options TESLA_PRIV
options TESLA_PROC
options TESLA_TEST
==== //depot/projects/ctsrd/tesla/src/sys/amd64/conf/TESLA_ND_ALL_REGRESSION#3 (text+ko) ====
@@ -4,6 +4,6 @@
options REGRESSION
options TESLA
options TESLA_CAPSICUM
-options TESLA_MAC
+options TESLA_MAC_ALL
options TESLA_PRIV
options TESLA_PROC
==== //depot/projects/ctsrd/tesla/src/sys/amd64/conf/TESLA_ND_MAC#2 (text+ko) ====
@@ -2,4 +2,4 @@
ident TESLA_ND_MAC
options TESLA
-options TESLA_MAC
+options TESLA_MAC_ALL
==== //depot/projects/ctsrd/tesla/src/sys/amd64/conf/TESLA_ND_MAC_PROC#2 (text+ko) ====
@@ -2,5 +2,5 @@
ident TESLA_ND_MAC_PROC
options TESLA
-options TESLA_MAC
+options TESLA_MAC_ALL
options TESLA_PROC
==== //depot/projects/ctsrd/tesla/src/sys/conf/options#6 (text+ko) ====
@@ -673,7 +673,7 @@
KTR_VERBOSE opt_ktr.h
TESLA opt_global.h
TESLA_CAPSICUM opt_global.h
-TESLA_MAC opt_global.h
+TESLA_MAC_ALL opt_global.h
TESLA_PRIV opt_global.h
TESLA_PROC opt_global.h
TESLA_TEST opt_global.h
==== //depot/projects/ctsrd/tesla/src/sys/kern/kern_prot.c#8 (text+ko) ====
@@ -2149,7 +2149,7 @@
euid = euip->ui_uid;
#ifdef MAC
-#ifdef TESLA_MAC
+#ifdef TESLA_MAC_ALL
/* XXXRW: In the exec() case, really want imgp->attr.uid. */
TESLA_SYSCALL(
previously(mac_cred_check_setuid(ANY(ptr), euid) == 0) ||
@@ -2183,7 +2183,7 @@
{
#ifdef MAC
-#ifdef TESLA_MAC
+#ifdef TESLA_MAC_ALL
/* XXXRW: In the exec() case, really want imgp->attr.gid. */
TESLA_SYSCALL(
previously(mac_cred_check_setegid(ANY(ptr), egid) == 0) ||
@@ -2217,7 +2217,7 @@
uid_t ruid = ruip->ui_uid;
#ifdef MAC
-#ifdef TESLA_MAC
+#ifdef TESLA_MAC_ALL
/* XXXRW: In the exec() case, really want imgp->attr.uid. */
TESLA_SYSCALL(
previously(mac_cred_check_setuid(ANY(ptr), ruid) == 0) ||
@@ -2253,7 +2253,7 @@
{
#ifdef MAC
-#ifdef TESLA_MAC
+#ifdef TESLA_MAC_ALL
/* XXXRW: In the exec() case, really want imgp->attr.gid. */
TESLA_SYSCALL(
previously(mac_cred_check_setgid(ANY(ptr), rgid) == 0) ||
@@ -2284,7 +2284,7 @@
{
#ifdef MAC
-#ifdef TESLA_MAC
+#ifdef TESLA_MAC_ALL
/* XXXRW: In the exec() case, really want imgp->attr.uid. */
TESLA_SYSCALL(
previously(mac_cred_check_setuid(ANY(ptr), ANY(int)) == 0) ||
@@ -2315,7 +2315,7 @@
{
#ifdef MAC
-#ifdef TESLA_MAC
+#ifdef TESLA_MAC_ALL
/* XXXRW: In the exec() case, really want imgp->attr.gid. */
TESLA_SYSCALL(
previously(mac_cred_check_setgid(ANY(ptr), ANY(int)) == 0) ||
==== //depot/projects/ctsrd/tesla/src/sys/kern/uipc_socket.c#6 (text+ko) ====
@@ -425,7 +425,7 @@
int error;
#ifdef MAC
-#ifdef TESLA_MAC
+#ifdef TESLA_MAC_ALL
TESLA_SYSCALL_PREVIOUSLY(mac_socket_check_create(cred, dom, type,
proto) == 0);
#endif
@@ -627,7 +627,7 @@
int error;
#ifdef MAC
-#ifdef TESLA_MAC
+#ifdef TESLA_MAC_ALL
TESLA_SYSCALL_PREVIOUSLY(mac_socket_check_bind(ANY(ptr), so, nam) ==
0);
#endif
@@ -645,7 +645,7 @@
int error;
#ifdef MAC
-#ifdef TESLA_MAC
+#ifdef TESLA_MAC_ALL
TESLA_SYSCALL_PREVIOUSLY(mac_socket_check_bind(ANY(ptr), so, nam) ==
0);
#endif
@@ -675,7 +675,7 @@
int error;
#ifdef MAC
-#ifdef TESLA_MAC
+#ifdef TESLA_MAC_ALL
TESLA_SYSCALL_PREVIOUSLY(mac_socket_check_listen(ANY(ptr), so) == 0);
#endif
#endif
@@ -929,7 +929,7 @@
#ifdef MAC
/* Access-control check is on head rather than so. */
-#ifdef TESLA_MAC
+#ifdef TESLA_MAC_ALL
TESLA_SYSCALL_PREVIOUSLY(mac_socket_check_accept(ANY(ptr), ANY(ptr)) ==
0);
#endif
@@ -951,7 +951,7 @@
{
#ifdef MAC
-#ifdef TESLA_MAC
+#ifdef TESLA_MAC_ALL
TESLA_SYSCALL_PREVIOUSLY(mac_socket_check_connect(td->td_ucred, so,
nam) == 0);
#endif
@@ -1495,7 +1495,7 @@
int error;
#ifdef MAC
-#ifdef TESLA_MAC
+#ifdef TESLA_MAC_ALL
TESLA_SYSCALL_PREVIOUSLY(mac_socket_check_send(ANY(ptr), so) == 0);
#endif
#endif
@@ -2457,7 +2457,7 @@
int error;
#ifdef MAC
-#ifdef TESLA_MAC
+#ifdef TESLA_MAC_ALL
TESLA_SYSCALL_PREVIOUSLY(mac_socket_check_receive(ANY(ptr), so) == 0);
#endif
#endif
@@ -3140,7 +3140,7 @@
* XXXRW: Should be active_cred but actually fp->f_cred is getting
* passed down the stack, so the wrong cred here!
*/
-#ifdef TESLA_MAC
+#ifdef TESLA_MAC_ALL
TESLA_SYSCALL_PREVIOUSLY(mac_socket_check_poll(ANY(ptr), so) == 0);
#endif
#endif
@@ -3191,7 +3191,7 @@
struct sockbuf *sb;
#ifdef MAC
-#ifdef TESLA_MAC
+#ifdef TESLA_MAC_ALL
TESLA_SYSCALL_PREVIOUSLY(mac_socket_check_poll(ANY(ptr), so) == 0);
#endif
#endif
==== //depot/projects/ctsrd/tesla/src/sys/security/mac/mac_cred.c#4 (text+ko) ====
@@ -196,7 +196,7 @@
mac_cred_relabel(struct ucred *cred, struct label *newlabel)
{
-#ifdef TESLA_MAC
+#ifdef TESLA_MAC_ALL
TESLA_SYSCALL(previously(mac_cred_check_relabel(cred, newlabel) ==
0));
#endif
==== //depot/projects/ctsrd/tesla/src/sys/security/mac/mac_pipe.c#4 (text+ko) ====
@@ -143,7 +143,7 @@
struct label *newlabel)
{
-#ifdef TESLA_MAC
+#ifdef TESLA_MAC_ALL
TESLA_SYSCALL_PREVIOUSLY(mac_pipe_check_relabel(cred, pp, newlabel)
== 0);
#endif
==== //depot/projects/ctsrd/tesla/src/sys/security/mac/mac_process.c#5 (text+ko) ====
@@ -172,7 +172,7 @@
}
imgp->execlabel = label;
-#ifdef TESLA_MAC
+#ifdef TESLA_MAC_ALL
TESLA_SYSCALL_EVENTUALLY(called(mac_execve_exit));
#endif
@@ -183,7 +183,7 @@
mac_execve_exit(struct image_params *imgp)
{
-#ifdef TESLA_MAC
+#ifdef TESLA_MAC_ALL
TESLA_SYSCALL_PREVIOUSLY(called(mac_execve_enter(imgp, ANY(ptr))));
#endif
@@ -204,7 +204,7 @@
} else
*interpvplabel = NULL;
-#ifdef TESLA_MAC
+#ifdef TESLA_MAC_ALL
TESLA_SYSCALL_EVENTUALLY(called(mac_execve_interpreter_exit));
#endif
}
@@ -215,7 +215,7 @@
if (interpvplabel != NULL) {
/* Awkwardly, _exit() may be called even if _enter() wasn't. */
-#ifdef TESLA_MAC
+#ifdef TESLA_MAC_ALL
TESLA_SYSCALL_PREVIOUSLY(called(
mac_execve_interpreter_enter(ANY(ptr), ANY(ptr))));
#endif
==== //depot/projects/ctsrd/tesla/src/sys/security/mac/mac_socket.c#4 (text+ko) ====
@@ -258,7 +258,7 @@
struct label *newlabel)
{
-#ifdef TESLA_MAC
+#ifdef TESLA_MAC_ALL
TESLA_SYSCALL_PREVIOUSLY(mac_socket_check_relabel(cred, so, newlabel)
== 0);
#endif
==== //depot/projects/ctsrd/tesla/src/sys/security/mac/mac_vfs.c#4 (text+ko) ====
@@ -949,7 +949,7 @@
struct label *newlabel)
{
-#ifdef TESLA_MAC
+#ifdef TESLA_MAC_ALL
TESLA_SYSCALL(previously(mac_vnode_check_relabel(cred, vp, newlabel)
== 0));
#endif
==== //depot/projects/ctsrd/tesla/src/sys/ufs/ffs/ffs_vnops.c#17 (text+ko) ====
@@ -440,7 +440,7 @@
vp = ap->a_vp;
#ifdef MAC
-#ifdef TESLA_MAC
+#ifdef TESLA_MAC_ALL
TESLA_SYSCALL(
incallstack(ufs_readdir) ||
previously(called(vn_rdwr(ANY(int), vp, ANY(ptr), ANY(int),
@@ -674,7 +674,7 @@
vp = ap->a_vp;
#ifdef MAC
-#ifdef TESLA_MAC
+#ifdef TESLA_MAC_ALL
TESLA_SYSCALL(
previously(called(vn_rdwr(ANY(int), vp, ANY(ptr), ANY(int),
ANY(int), ANY(int), flags(IO_NOMACCHECK), ANY(ptr), ANY(ptr),
@@ -1495,7 +1495,7 @@
u_char *eae, *p;
#ifdef MAC
-#ifdef TESLA_MAC
+#ifdef TESLA_MAC_ALL
TESLA_SYSCALL(incallstack(ufs_setacl) ||
previously(mac_vnode_check_deleteextattr(ANY(ptr), ap->a_vp,
ap->a_attrnamespace, ap->a_name) == 0));
@@ -1590,7 +1590,7 @@
int error, ealen;
#ifdef MAC
-#ifdef TESLA_MAC
+#ifdef TESLA_MAC_ALL
TESLA_SYSCALL(incallstack(ufs_getacl) ||
previously(mac_vnode_check_getextattr(ANY(ptr), ap->a_vp,
ap->a_attrnamespace, ap->a_name) == 0));
@@ -1654,7 +1654,7 @@
int error, ealen;
#ifdef MAC
-#ifdef TESLA_MAC
+#ifdef TESLA_MAC_ALL
TESLA_SYSCALL_PREVIOUSLY(mac_vnode_check_listextattr(ANY(ptr),
ap->a_vp, ap->a_attrnamespace) == 0);
#endif
@@ -1725,7 +1725,7 @@
u_char *eae, *p;
#ifdef MAC
-#ifdef TESLA_MAC
+#ifdef TESLA_MAC_ALL
TESLA_SYSCALL(incallstack(ufs_setacl) ||
previously(mac_vnode_check_setextattr(ANY(ptr), ap->a_vp,
ap->a_attrnamespace, ap->a_name) == 0));
==== //depot/projects/ctsrd/tesla/src/sys/ufs/ufs/ufs_acl.c#4 (text+ko) ====
@@ -364,7 +364,7 @@
{
#ifdef MAC
-#ifdef TESLA_MAC
+#ifdef TESLA_MAC_ALL
TESLA_SYSCALL_PREVIOUSLY(mac_vnode_check_getacl(ANY(ptr), ap->a_vp,
ap->a_type) == 0);
#endif
@@ -622,7 +622,7 @@
{
#ifdef MAC
-#ifdef TESLA_MAC
+#ifdef TESLA_MAC_ALL
if (ap->a_aclp == NULL)
TESLA_SYSCALL_PREVIOUSLY(mac_vnode_check_deleteacl(ANY(ptr),
ap->a_vp, ap->a_type) == 0);
==== //depot/projects/ctsrd/tesla/src/sys/ufs/ufs/ufs_lookup.c#6 (text+ko) ====
@@ -53,7 +53,7 @@
#include <sys/sysctl.h>
#include <sys/tesla-kernel.h>
-#ifdef TESLA_MAC
+#ifdef TESLA_MAC_ALL
#include <security/mac/mac_framework.h>
#endif
@@ -217,7 +217,7 @@
{
#ifdef MAC
-#ifdef TESLA_MAC
+#ifdef TESLA_MAC_ALL
TESLA_SYSCALL_PREVIOUSLY(mac_vnode_check_lookup(ANY(ptr), ap->a_dvp,
ap->a_cnp) == 0);
#endif
==== //depot/projects/ctsrd/tesla/src/sys/ufs/ufs/ufs_vnops.c#7 (text+ko) ====
@@ -274,7 +274,7 @@
struct inode *ip;
#ifdef MAC
-#ifdef TESLA_MAC
+#ifdef TESLA_MAC_ALL
TESLA_SYSCALL(
previously(mac_kld_check_load(ANY(ptr), vp) == 0) ||
previously(mac_vnode_check_exec(ANY(ptr), vp, ANY(ptr)) == 0) ||
@@ -542,7 +542,7 @@
}
if (vap->va_flags != VNOVAL) {
#ifdef MAC
-#ifdef TESLA_MAC
+#ifdef TESLA_MAC_ALL
TESLA_SYSCALL_PREVIOUSLY(mac_vnode_check_setflags(ANY(ptr),
vp, ANY(int)) == 0);
#endif
@@ -611,7 +611,7 @@
}
if (vap->va_size != VNOVAL) {
#ifdef MAC
-#ifdef TESLA_MAC
+#ifdef TESLA_MAC_ALL
TESLA_SYSCALL_PREVIOUSLY(mac_vnode_check_write(ANY(ptr),
ANY(ptr), vp) == 0);
#endif
@@ -661,7 +661,7 @@
* XXXRW: TESLA can't currently instrument functions with
* struct arguments.
*/
-#ifdef TESLA_MAC
+#ifdef TESLA_MAC_ALL
TESLA_SYSCALL_PREVIOUSLY(mac_vnode_check_setutimes(ANY(ptr),
vp, ANY(timespec), ANY(timespec)) == 0);
#endif
@@ -802,7 +802,7 @@
int error;
#ifdef MAC
-#ifdef TESLA_MAC
+#ifdef TESLA_MAC_ALL
TESLA_SYSCALL_PREVIOUSLY(mac_vnode_check_setmode(ANY(ptr), vp, mode)
== 0);
#endif
@@ -875,7 +875,7 @@
#endif
#ifdef MAC
-#ifdef TESLA_MAC
+#ifdef TESLA_MAC_ALL
TESLA_SYSCALL_PREVIOUSLY(mac_vnode_check_setowner(ANY(ptr), vp, uid,
gid) == 0);
#endif
@@ -994,7 +994,7 @@
struct thread *td;
#ifdef MAC
-#ifdef TESLA_MAC
+#ifdef TESLA_MAC_ALL
TESLA_SYSCALL_PREVIOUSLY(mac_vnode_check_unlink(ANY(ptr), dvp, vp,
ap->a_cnp) == 0);
#endif
@@ -1050,7 +1050,7 @@
int error;
#ifdef MAC
-#ifdef TESLA_MAC
+#ifdef TESLA_MAC_ALL
TESLA_SYSCALL_PREVIOUSLY(mac_vnode_check_link(ANY(ptr), tdvp, vp,
cnp) == 0);
#endif
@@ -1220,7 +1220,7 @@
ino_t ino;
#ifdef MAC
-#ifdef TESLA_MAC
+#ifdef TESLA_MAC_ALL
TESLA_SYSCALL_PREVIOUSLY(mac_vnode_check_rename_from(ANY(ptr), fdvp,
fvp, fcnp) == 0);
TESLA_SYSCALL_PREVIOUSLY(mac_vnode_check_rename_to(ANY(ptr), tdvp,
@@ -1884,7 +1884,7 @@
long blkoff;
#ifdef MAC
-#ifdef TESLA_MAC
+#ifdef TESLA_MAC_ALL
TESLA_SYSCALL_PREVIOUSLY(mac_vnode_check_create(ANY(ptr), dvp, cnp,
vap) == 0);
#endif
@@ -2125,7 +2125,7 @@
int error;
#ifdef MAC
-#ifdef TESLA_MAC
+#ifdef TESLA_MAC_ALL
TESLA_SYSCALL_PREVIOUSLY(mac_vnode_check_unlink(ANY(ptr), dvp, vp,
cnp) == 0);
#endif
@@ -2276,7 +2276,7 @@
off_t off;
#ifdef MAC
-#ifdef TESLA_MAC
+#ifdef TESLA_MAC_ALL
TESLA_SYSCALL_PREVIOUSLY(mac_vnode_check_readdir(ANY(ptr), ap->a_vp)
== 0);
#endif
@@ -2392,7 +2392,7 @@
doff_t isize;
#ifdef MAC
-#ifdef TESLA_MAC
+#ifdef TESLA_MAC_ALL
TESLA_SYSCALL_PREVIOUSLY(mac_vnode_check_readlink(ANY(ptr), vp) == 0);
#endif
#endif
@@ -2695,7 +2695,7 @@
int error;
#ifdef MAC
-#ifdef TESLA_MAC
+#ifdef TESLA_MAC_ALL
TESLA_SYSCALL_PREVIOUSLY(mac_vnode_check_create(ANY(ptr), dvp, cnp,
ANY(ptr)) == 0);
#endif
More information about the p4-projects
mailing list