PERFORCE change 32229 for review

Robert Watson rwatson at FreeBSD.org
Sat May 31 21:39:32 GMT 2003


http://perforce.freebsd.org/chv.cgi?CH=32229

Change 32229 by rwatson at rwatson_tislabs on 2003/05/31 14:39:06

	Teach mac_test to test label constants in label consumers,
	not just in label maintainers.  Right now we don't
	distinguish initialized from created/associated, that will
	come in a next iteration.
	
	Note: for mac_test to be useful, it must be built with
	-DINVARIANTS, or linked directly to the kernel.

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#102 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#102 (text+ko) ====

@@ -92,6 +92,30 @@
 #define	EXMAGIC		0x849ba1fd
 
 #define	SLOT(x)	LABEL_TO_SLOT((x), test_slot).l_long
+
+#define	ASSERT_BPF_LABEL(x)	KASSERT(SLOT(x) == BPFMAGIC ||		\
+	SLOT(x) == 0, ("%s: Bad BPF label", __func__ ))
+#define	ASSERT_DEVFS_LABEL(x)	KASSERT(SLOT(x) == DEVFSMAGIC ||	\
+	SLOT(x) == 0, ("%s: Bad DEVFS label", __func__ ))
+#define	ASSERT_IFNET_LABEL(x)	KASSERT(SLOT(x) == IFNETMAGIC ||	\
+	SLOT(x) == 0, ("%s: Bad IFNET label", __func__ ))
+#define	ASSERT_IPQ_LABEL(x)	KASSERT(SLOT(x) == IPQMAGIC ||	\
+	SLOT(x) == 0, ("%s: Bad IPQ label", __func__ ))
+#define	ASSERT_MBUF_LABEL(x)	KASSERT(SLOT(x) == MBUFMAGIC ||		\
+	SLOT(x) == 0, ("%s: Bad MBUF label", __func__ ))
+#define	ASSERT_MOUNT_LABEL(x)	KASSERT(SLOT(x) == MOUNTMAGIC ||	\
+	SLOT(x) == 0, ("%s: Bad MOUNT label", __func__ ))
+#define	ASSERT_SOCKET_LABEL(x)	KASSERT(SLOT(x) == SOCKETMAGIC ||	\
+	SLOT(x) == 0, ("%s: Bad SOCKET label", __func__ ))
+#define	ASSERT_PIPE_LABEL(x)	KASSERT(SLOT(x) == PIPEMAGIC ||		\
+	SLOT(x) == 0, ("%s: Bad PIPE label", __func__ ))
+#define	ASSERT_PROC_LABEL(x)	KASSERT(SLOT(x) == PROCMAGIC ||		\
+	SLOT(x) == 0, ("%s: Bad PROC label", __func__ ))
+#define	ASSERT_CRED_LABEL(x)	KASSERT(SLOT(x) == CREDMAGIC ||		\
+	SLOT(x) == 0, ("%s: Bad CRED label", __func__ ))
+#define	ASSERT_VNODE_LABEL(x)	KASSERT(SLOT(x) == VNODEMAGIC ||	\
+	SLOT(x) == 0, ("%s: Bad VNODE label", __func__ ))
+
 static int	test_slot;
 SYSCTL_INT(_security_mac_test, OID_AUTO, slot, CTLFLAG_RD,
     &test_slot, 0, "Slot allocated by framework");
@@ -536,6 +560,9 @@
 
 	atomic_add_int(&externalize_count, 1);
 
+	KASSERT(SLOT(label) != EXMAGIC,
+	    ("mac_test_externalize_label: destroyed label"));
+
 	return (0);
 }
 
@@ -546,6 +573,9 @@
 
 	atomic_add_int(&internalize_count, 1);
 
+	KASSERT(SLOT(label) != EXMAGIC,
+	    ("mac_test_internalize_label: destroyed label"));
+
 	return (0);
 }
 
@@ -559,6 +589,9 @@
     struct label *vlabel)
 {
 
+	ASSERT_MOUNT_LABEL(fslabel);
+	ASSERT_DEVFS_LABEL(delabel);
+	ASSERT_VNODE_LABEL(vlabel);
 }
 
 static int
@@ -566,6 +599,8 @@
     struct vnode *vp, struct label *vlabel)
 {
 
+	ASSERT_MOUNT_LABEL(fslabel);
+	ASSERT_VNODE_LABEL(vlabel);
 	return (0);
 }
 
@@ -574,6 +609,8 @@
     struct label *fslabel, struct vnode *vp, struct label *vlabel)
 {
 
+	ASSERT_MOUNT_LABEL(fslabel);
+	ASSERT_VNODE_LABEL(vlabel);
 }
 
 static void
@@ -582,6 +619,7 @@
     const char *fullpath)
 {
 
+	ASSERT_DEVFS_LABEL(label);
 }
 
 static void
@@ -590,6 +628,7 @@
     const char *fullpath)
 {
 
+	ASSERT_DEVFS_LABEL(label);
 }
 
 static void
@@ -598,6 +637,9 @@
     struct label *delabel, const char *fullpath)
 {
 
+	ASSERT_CRED_LABEL(&cred->cr_label);
+	ASSERT_DEVFS_LABEL(ddlabel);
+	ASSERT_DEVFS_LABEL(delabel);
 }
 
 static int
@@ -606,6 +648,10 @@
     struct vnode *vp, struct label *vlabel, struct componentname *cnp)
 {
 
+	ASSERT_CRED_LABEL(&cred->cr_label);
+	ASSERT_MOUNT_LABEL(fslabel);
+	ASSERT_VNODE_LABEL(dlabel);
+
 	return (0);
 }
 
@@ -614,6 +660,9 @@
     struct label *mntlabel, struct label *fslabel)
 {
 
+	ASSERT_CRED_LABEL(&cred->cr_label);
+	ASSERT_MOUNT_LABEL(mntlabel);
+	ASSERT_MOUNT_LABEL(fslabel);
 }
 
 static void
@@ -621,6 +670,9 @@
     struct label *mntlabel, struct label *fslabel)
 {
 
+	ASSERT_CRED_LABEL(&cred->cr_label);
+	ASSERT_MOUNT_LABEL(mntlabel);
+	ASSERT_MOUNT_LABEL(fslabel);
 }
 
 static void
@@ -628,6 +680,9 @@
     struct label *vnodelabel, struct label *label)
 {
 
+	ASSERT_CRED_LABEL(&cred->cr_label);
+	ASSERT_VNODE_LABEL(vnodelabel);
+	ASSERT_VNODE_LABEL(label);
 }
 
 static int
@@ -635,6 +690,9 @@
     struct label *vlabel, struct label *intlabel)
 {
 
+	ASSERT_CRED_LABEL(&cred->cr_label);
+	ASSERT_VNODE_LABEL(vlabel);
+	ASSERT_VNODE_LABEL(intlabel);
 	return (0);
 }
 
@@ -644,6 +702,8 @@
     struct vnode *vp, struct label *vnodelabel)
 {
 
+	ASSERT_DEVFS_LABEL(direntlabel);
+	ASSERT_VNODE_LABEL(vnodelabel);
 }
 
 /*
@@ -654,6 +714,8 @@
     struct mbuf *m, struct label *mbuflabel)
 {
 
+	ASSERT_SOCKET_LABEL(socketlabel);
+	ASSERT_MBUF_LABEL(mbuflabel);
 }
 
 static void
@@ -661,6 +723,8 @@
    struct label *socketlabel)
 {
 
+	ASSERT_CRED_LABEL(&cred->cr_label);
+	ASSERT_SOCKET_LABEL(socketlabel);
 }
 
 static void
@@ -668,6 +732,8 @@
    struct label *pipelabel)
 {
 
+	ASSERT_CRED_LABEL(&cred->cr_label);
+	ASSERT_PIPE_LABEL(pipelabel);
 }
 
 static void
@@ -676,6 +742,8 @@
     struct label *newsocketlabel)
 {
 
+	ASSERT_SOCKET_LABEL(oldsocketlabel);
+	ASSERT_SOCKET_LABEL(newsocketlabel);
 }
 
 static void
@@ -683,6 +751,8 @@
     struct label *socketlabel, struct label *newlabel)
 {
 
+	ASSERT_CRED_LABEL(&cred->cr_label);
+	ASSERT_SOCKET_LABEL(newlabel);
 }
 
 static void
@@ -690,6 +760,9 @@
     struct label *pipelabel, struct label *newlabel)
 {
 
+	ASSERT_CRED_LABEL(&cred->cr_label);
+	ASSERT_PIPE_LABEL(pipelabel);
+	ASSERT_PIPE_LABEL(newlabel);
 }
 
 static void
@@ -697,6 +770,8 @@
     struct socket *socket, struct label *socketpeerlabel)
 {
 
+	ASSERT_MBUF_LABEL(mbuflabel);
+	ASSERT_SOCKET_LABEL(socketpeerlabel);
 }
 
 /*
@@ -708,6 +783,8 @@
     struct label *newsocketpeerlabel)
 {
 
+	ASSERT_SOCKET_LABEL(oldsocketlabel);
+	ASSERT_SOCKET_LABEL(newsocketpeerlabel);
 }
 
 static void
@@ -715,6 +792,8 @@
     struct label *bpflabel)
 {
 
+	ASSERT_CRED_LABEL(&cred->cr_label);
+	ASSERT_BPF_LABEL(bpflabel);
 }
 
 static void
@@ -722,6 +801,8 @@
     struct mbuf *datagram, struct label *datagramlabel)
 {
 
+	ASSERT_IPQ_LABEL(ipqlabel);
+	ASSERT_MBUF_LABEL(datagramlabel);
 }
 
 static void
@@ -729,12 +810,15 @@
     struct mbuf *fragment, struct label *fragmentlabel)
 {
 
+	ASSERT_MBUF_LABEL(datagramlabel);
+	ASSERT_MBUF_LABEL(fragmentlabel);
 }
 
 static void
 mac_test_create_ifnet(struct ifnet *ifnet, struct label *ifnetlabel)
 {
 
+	ASSERT_IFNET_LABEL(ifnetlabel);
 }
 
 static void
@@ -742,6 +826,8 @@
     struct ipq *ipq, struct label *ipqlabel)
 {
 
+	ASSERT_MBUF_LABEL(fragmentlabel);
+	ASSERT_IPQ_LABEL(ipqlabel);
 }
 
 static void
@@ -750,6 +836,8 @@
     struct label *newmbuflabel)
 {
 
+	ASSERT_MBUF_LABEL(oldmbuflabel);
+	ASSERT_MBUF_LABEL(newmbuflabel);
 }
 
 static void
@@ -757,6 +845,8 @@
     struct mbuf *mbuf, struct label *mbuflabel)
 {
 
+	ASSERT_IFNET_LABEL(ifnetlabel);
+	ASSERT_MBUF_LABEL(mbuflabel);
 }
 
 static void
@@ -764,6 +854,8 @@
     struct mbuf *mbuf, struct label *mbuflabel)
 {
 
+	ASSERT_BPF_LABEL(bpflabel);
+	ASSERT_MBUF_LABEL(mbuflabel);
 }
 
 static void
@@ -771,6 +863,8 @@
     struct mbuf *m, struct label *mbuflabel)
 {
 
+	ASSERT_IFNET_LABEL(ifnetlabel);
+	ASSERT_MBUF_LABEL(mbuflabel);
 }
 
 static void
@@ -779,6 +873,9 @@
     struct mbuf *newmbuf, struct label *newmbuflabel)
 {
 
+	ASSERT_MBUF_LABEL(oldmbuflabel);
+	ASSERT_IFNET_LABEL(ifnetlabel);
+	ASSERT_MBUF_LABEL(newmbuflabel);
 }
 
 static void
@@ -787,6 +884,8 @@
     struct label *newmbuflabel)
 {
 
+	ASSERT_MBUF_LABEL(oldmbuflabel);
+	ASSERT_MBUF_LABEL(newmbuflabel);
 }
 
 static int
@@ -794,6 +893,9 @@
     struct ipq *ipq, struct label *ipqlabel)
 {
 
+	ASSERT_MBUF_LABEL(fragmentlabel);
+	ASSERT_IPQ_LABEL(ipqlabel);
+
 	return (1);
 }
 
@@ -801,12 +903,14 @@
 mac_test_reflect_mbuf_icmp(struct mbuf *m, struct label *mlabel)
 {
 
+	ASSERT_MBUF_LABEL(mlabel);
 }
 
 static void
 mac_test_reflect_mbuf_tcp(struct mbuf *m, struct label *mlabel)
 {
 
+	ASSERT_MBUF_LABEL(mlabel);
 }
 
 static void
@@ -814,6 +918,9 @@
     struct label *ifnetlabel, struct label *newlabel)
 {
 
+	ASSERT_CRED_LABEL(&cred->cr_label);
+	ASSERT_IFNET_LABEL(ifnetlabel);
+	ASSERT_IFNET_LABEL(newlabel);
 }
 
 static void
@@ -821,6 +928,8 @@
     struct ipq *ipq, struct label *ipqlabel)
 {
 
+	ASSERT_MBUF_LABEL(fragmentlabel);
+	ASSERT_IPQ_LABEL(ipqlabel);
 }
 
 /*
@@ -830,6 +939,8 @@
 mac_test_create_cred(struct ucred *cred_parent, struct ucred *cred_child)
 {
 
+	ASSERT_CRED_LABEL(&cred_parent->cr_label);
+	ASSERT_CRED_LABEL(&cred_child->cr_label);
 }
 
 static void
@@ -839,6 +950,11 @@
     struct label *execlabel)
 {
 
+	ASSERT_CRED_LABEL(&old->cr_label);
+	ASSERT_CRED_LABEL(&new->cr_label);
+	ASSERT_VNODE_LABEL(filelabel);
+	ASSERT_VNODE_LABEL(interpvnodelabel);
+	ASSERT_VNODE_LABEL(execlabel);
 }
 
 static int
@@ -847,6 +963,11 @@
     struct image_params *imgp, struct label *execlabel)
 {
 
+	ASSERT_CRED_LABEL(&old->cr_label);
+	ASSERT_VNODE_LABEL(filelabel);
+	ASSERT_VNODE_LABEL(interpvnodelabel);
+	ASSERT_VNODE_LABEL(execlabel);
+
 	return (0);
 }
 
@@ -854,18 +975,22 @@
 mac_test_create_proc0(struct ucred *cred)
 {
 
+	ASSERT_CRED_LABEL(&cred->cr_label);
 }
 
 static void
 mac_test_create_proc1(struct ucred *cred)
 {
 
+	ASSERT_CRED_LABEL(&cred->cr_label);
 }
 
 static void
 mac_test_relabel_cred(struct ucred *cred, struct label *newlabel)
 {
 
+	ASSERT_CRED_LABEL(&cred->cr_label);
+	ASSERT_VNODE_LABEL(newlabel);
 }
 
 static int
@@ -899,6 +1024,9 @@
     struct ifnet *ifnet, struct label *ifnetlabel)
 {
 
+	ASSERT_BPF_LABEL(bpflabel);
+	ASSERT_IFNET_LABEL(ifnetlabel);
+
 	return (0);
 }
 
@@ -906,6 +1034,9 @@
 mac_test_check_cred_relabel(struct ucred *cred, struct label *newlabel)
 {
 
+	ASSERT_CRED_LABEL(&cred->cr_label);
+	ASSERT_CRED_LABEL(newlabel);
+
 	return (0);
 }
 
@@ -913,6 +1044,9 @@
 mac_test_check_cred_visible(struct ucred *u1, struct ucred *u2)
 {
 
+	ASSERT_CRED_LABEL(&u1->cr_label);
+	ASSERT_CRED_LABEL(&u2->cr_label);
+
 	return (0);
 }
 
@@ -921,6 +1055,9 @@
     struct label *ifnetlabel, struct label *newlabel)
 {
 
+	ASSERT_CRED_LABEL(&cred->cr_label);
+	ASSERT_IFNET_LABEL(ifnetlabel);
+	ASSERT_IFNET_LABEL(newlabel);
 	return (0);
 }
 
@@ -929,6 +1066,9 @@
     struct mbuf *m, struct label *mbuflabel)
 {
 
+	ASSERT_IFNET_LABEL(ifnetlabel);
+	ASSERT_MBUF_LABEL(mbuflabel);
+
 	return (0);
 }
 
@@ -936,6 +1076,8 @@
 mac_test_check_kenv_dump(struct ucred *cred)
 {
 
+	ASSERT_CRED_LABEL(&cred->cr_label);
+
 	return (0);
 }
 
@@ -943,6 +1085,8 @@
 mac_test_check_kenv_get(struct ucred *cred, char *name)
 {
 
+	ASSERT_CRED_LABEL(&cred->cr_label);
+
 	return (0);
 }
 
@@ -950,6 +1094,8 @@
 mac_test_check_kenv_set(struct ucred *cred, char *name, char *value)
 {
 
+	ASSERT_CRED_LABEL(&cred->cr_label);
+
 	return (0);
 }
 
@@ -957,6 +1103,8 @@
 mac_test_check_kenv_unset(struct ucred *cred, char *name)
 {
 
+	ASSERT_CRED_LABEL(&cred->cr_label);
+
 	return (0);
 }
 
@@ -965,6 +1113,9 @@
     struct label *label)
 {
 
+	ASSERT_CRED_LABEL(&cred->cr_label);
+	ASSERT_VNODE_LABEL(label);
+
 	return (0);
 }
 
@@ -972,6 +1123,8 @@
 mac_test_check_kld_stat(struct ucred *cred)
 {
 
+	ASSERT_CRED_LABEL(&cred->cr_label);
+
 	return (0);
 }
 
@@ -979,6 +1132,8 @@
 mac_test_check_kld_unload(struct ucred *cred)
 {
 
+	ASSERT_CRED_LABEL(&cred->cr_label);
+
 	return (0);
 }
 
@@ -987,6 +1142,9 @@
     struct label *mntlabel)
 {
 
+	ASSERT_CRED_LABEL(&cred->cr_label);
+	ASSERT_MOUNT_LABEL(mntlabel);
+
 	return (0);
 }
 
@@ -995,6 +1153,9 @@
     struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data)
 {
 
+	ASSERT_CRED_LABEL(&cred->cr_label);
+	ASSERT_PIPE_LABEL(pipelabel);
+
 	return (0);
 }
 
@@ -1003,6 +1164,9 @@
     struct label *pipelabel)
 {
 
+	ASSERT_CRED_LABEL(&cred->cr_label);
+	ASSERT_PIPE_LABEL(pipelabel);
+
 	return (0);
 }
 
@@ -1011,6 +1175,9 @@
     struct label *pipelabel)
 {
 
+	ASSERT_CRED_LABEL(&cred->cr_label);
+	ASSERT_PIPE_LABEL(pipelabel);
+
 	return (0);
 }
 
@@ -1019,6 +1186,10 @@
     struct label *pipelabel, struct label *newlabel)
 {
 
+	ASSERT_CRED_LABEL(&cred->cr_label);
+	ASSERT_PIPE_LABEL(pipelabel);
+	ASSERT_PIPE_LABEL(newlabel);
+
 	return (0);
 }
 
@@ -1027,6 +1198,9 @@
     struct label *pipelabel)
 {
 
+	ASSERT_CRED_LABEL(&cred->cr_label);
+	ASSERT_PIPE_LABEL(pipelabel);
+
 	return (0);
 }
 
@@ -1035,6 +1209,9 @@
     struct label *pipelabel)
 {
 
+	ASSERT_CRED_LABEL(&cred->cr_label);
+	ASSERT_PIPE_LABEL(pipelabel);
+
 	return (0);
 }
 
@@ -1042,6 +1219,9 @@
 mac_test_check_proc_debug(struct ucred *cred, struct proc *proc)
 {
 
+	ASSERT_CRED_LABEL(&cred->cr_label);
+	ASSERT_CRED_LABEL(&proc->p_ucred->cr_label);
+
 	return (0);
 }
 
@@ -1049,6 +1229,9 @@
 mac_test_check_proc_sched(struct ucred *cred, struct proc *proc)
 {
 
+	ASSERT_CRED_LABEL(&cred->cr_label);
+	ASSERT_CRED_LABEL(&proc->p_ucred->cr_label);
+
 	return (0);
 }
 
@@ -1056,6 +1239,9 @@
 mac_test_check_proc_signal(struct ucred *cred, struct proc *proc, int signum)
 {
 
+	ASSERT_CRED_LABEL(&cred->cr_label);
+	ASSERT_CRED_LABEL(&proc->p_ucred->cr_label);
+
 	return (0);
 }
 
@@ -1064,6 +1250,9 @@
     struct label *socketlabel, struct sockaddr *sockaddr)
 {
 
+	ASSERT_CRED_LABEL(&cred->cr_label);
+	ASSERT_SOCKET_LABEL(socketlabel);
+
 	return (0);
 }
 
@@ -1072,6 +1261,9 @@
     struct label *socketlabel, struct sockaddr *sockaddr)
 {
 
+	ASSERT_CRED_LABEL(&cred->cr_label);
+	ASSERT_SOCKET_LABEL(socketlabel);
+
 	return (0);
 }
 
@@ -1080,6 +1272,9 @@
     struct mbuf *m, struct label *mbuflabel)
 {
 
+	ASSERT_SOCKET_LABEL(socketlabel);
+	ASSERT_MBUF_LABEL(mbuflabel);
+
 	return (0);
 }
 
@@ -1088,6 +1283,9 @@
     struct label *socketlabel)
 {
 
+	ASSERT_CRED_LABEL(&cred->cr_label);
+	ASSERT_SOCKET_LABEL(socketlabel);
+
 	return (0);
 }
 
@@ -1096,6 +1294,9 @@
     struct label *socketlabel)
 {
 
+	ASSERT_CRED_LABEL(&cred->cr_label);
+	ASSERT_SOCKET_LABEL(socketlabel);
+
 	return (0);
 }
 
@@ -1104,6 +1305,10 @@
     struct label *socketlabel, struct label *newlabel)
 {
 
+	ASSERT_CRED_LABEL(&cred->cr_label);
+	ASSERT_SOCKET_LABEL(socketlabel);
+	ASSERT_SOCKET_LABEL(newlabel);
+
 	return (0);
 }
 
@@ -1111,6 +1316,8 @@
 mac_test_check_sysarch_ioperm(struct ucred *cred)
 {
 
+	ASSERT_CRED_LABEL(&cred->cr_label);
+
 	return (0);
 }
 
@@ -1119,6 +1326,8 @@
     struct label *label)
 {
 
+	ASSERT_CRED_LABEL(&cred->cr_label);
+
 	return (0);
 }
 
@@ -1126,6 +1335,8 @@
 mac_test_check_system_reboot(struct ucred *cred, int how)
 {
 
+	ASSERT_CRED_LABEL(&cred->cr_label);
+
 	return (0);
 }
 
@@ -1133,6 +1344,8 @@
 mac_test_check_system_settime(struct ucred *cred)
 {
 
+	ASSERT_CRED_LABEL(&cred->cr_label);
+
 	return (0);
 }
 
@@ -1141,6 +1354,9 @@
     struct label *label)
 {
 
+	ASSERT_CRED_LABEL(&cred->cr_label);
+	ASSERT_VNODE_LABEL(label);
+
 	return (0);
 }
 
@@ -1149,6 +1365,9 @@
     struct label *label)
 {
 
+	ASSERT_CRED_LABEL(&cred->cr_label);
+	ASSERT_VNODE_LABEL(label);
+
 	return (0);
 }
 
@@ -1157,6 +1376,8 @@
     void *old, size_t *oldlenp, int inkernel, void *new, size_t newlen)
 {
 
+	ASSERT_CRED_LABEL(&cred->cr_label);
+
 	return (0);
 }
 
@@ -1165,6 +1386,9 @@
     struct label *label, int acc_mode)
 {
 
+	ASSERT_CRED_LABEL(&cred->cr_label);
+	ASSERT_VNODE_LABEL(label);
+
 	return (0);
 }
 
@@ -1173,6 +1397,9 @@
     struct label *dlabel)
 {
 
+	ASSERT_CRED_LABEL(&cred->cr_label);
+	ASSERT_VNODE_LABEL(dlabel);
+
 	return (0);
 }
 
@@ -1181,6 +1408,9 @@
     struct label *dlabel)
 {
 
+	ASSERT_CRED_LABEL(&cred->cr_label);
+	ASSERT_VNODE_LABEL(dlabel);
+
 	return (0);
 }
 
@@ -1189,6 +1419,9 @@
     struct label *dlabel, struct componentname *cnp, struct vattr *vap)
 {
 
+	ASSERT_CRED_LABEL(&cred->cr_label);
+	ASSERT_VNODE_LABEL(dlabel);
+
 	return (0);
 }
 
@@ -1198,6 +1431,10 @@
     struct componentname *cnp)
 {
 
+	ASSERT_CRED_LABEL(&cred->cr_label);
+	ASSERT_VNODE_LABEL(dlabel);
+	ASSERT_VNODE_LABEL(label);
+
 	return (0);
 }
 
@@ -1206,6 +1443,9 @@
     struct label *label, acl_type_t type)
 {
 
+	ASSERT_CRED_LABEL(&cred->cr_label);
+	ASSERT_VNODE_LABEL(label);
+
 	return (0);
 }
 
@@ -1215,6 +1455,10 @@
     struct label *execlabel)
 {
 
+	ASSERT_CRED_LABEL(&cred->cr_label);
+	ASSERT_VNODE_LABEL(label);
+	ASSERT_VNODE_LABEL(execlabel);
+
 	return (0);
 }
 
@@ -1223,6 +1467,9 @@
     struct label *label, acl_type_t type)
 {
 
+	ASSERT_CRED_LABEL(&cred->cr_label);
+	ASSERT_VNODE_LABEL(label);
+
 	return (0);
 }
 
@@ -1231,6 +1478,9 @@
     struct label *label, int attrnamespace, const char *name, struct uio *uio)
 {
 
+	ASSERT_CRED_LABEL(&cred->cr_label);
+	ASSERT_VNODE_LABEL(label);
+
 	return (0);
 }
 
@@ -1240,6 +1490,10 @@
     struct componentname *cnp)
 {
 
+	ASSERT_CRED_LABEL(&cred->cr_label);
+	ASSERT_VNODE_LABEL(dlabel);
+	ASSERT_VNODE_LABEL(label);
+
 	return (0);
 }
 
@@ -1248,6 +1502,9 @@
     struct label *dlabel, struct componentname *cnp)
 {
 
+	ASSERT_CRED_LABEL(&cred->cr_label);
+	ASSERT_VNODE_LABEL(dlabel);
+
 	return (0);
 }
 
@@ -1256,6 +1513,9 @@
     struct label *label, int prot)
 {
 
+	ASSERT_CRED_LABEL(&cred->cr_label);
+	ASSERT_VNODE_LABEL(label);
+
 	return (0);
 }
 
@@ -1264,6 +1524,9 @@
     struct label *label, int prot)
 {
 
+	ASSERT_CRED_LABEL(&cred->cr_label);
+	ASSERT_VNODE_LABEL(label);
+
 	return (0);
 }
 
@@ -1272,6 +1535,9 @@
     struct label *filelabel, int acc_mode)
 {
 
+	ASSERT_CRED_LABEL(&cred->cr_label);
+	ASSERT_VNODE_LABEL(filelabel);
+
 	return (0);
 }
 
@@ -1280,6 +1546,10 @@
     struct vnode *vp, struct label *label)
 {
 
+	ASSERT_CRED_LABEL(&active_cred->cr_label);
+	ASSERT_CRED_LABEL(&file_cred->cr_label);
+	ASSERT_VNODE_LABEL(label);
+
 	return (0);
 }
 
@@ -1288,6 +1558,10 @@
     struct vnode *vp, struct label *label)
 {
 
+	ASSERT_CRED_LABEL(&active_cred->cr_label);
+	ASSERT_CRED_LABEL(&file_cred->cr_label);
+	ASSERT_VNODE_LABEL(label);
+
 	return (0);
 }
 
@@ -1296,6 +1570,9 @@
     struct label *dlabel)
 {
 
+	ASSERT_CRED_LABEL(&cred->cr_label);
+	ASSERT_VNODE_LABEL(dlabel);
+
 	return (0);
 }
 
@@ -1304,6 +1581,9 @@
     struct label *vnodelabel)
 {
 
+	ASSERT_CRED_LABEL(&cred->cr_label);
+	ASSERT_VNODE_LABEL(vnodelabel);
+
 	return (0);
 }
 
@@ -1312,6 +1592,10 @@
     struct label *vnodelabel, struct label *newlabel)
 {
 
+	ASSERT_CRED_LABEL(&cred->cr_label);
+	ASSERT_VNODE_LABEL(vnodelabel);
+	ASSERT_VNODE_LABEL(newlabel);
+
 	return (0);
 }
 
@@ -1321,6 +1605,10 @@
     struct componentname *cnp)
 {
 
+	ASSERT_CRED_LABEL(&cred->cr_label);
+	ASSERT_VNODE_LABEL(dlabel);
+	ASSERT_VNODE_LABEL(label);
+
 	return (0);

>>> TRUNCATED FOR MAIL (1000 lines) <<<
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message



More information about the trustedbsd-cvs mailing list