PERFORCE change 100766 for review
Robert Watson
rwatson at FreeBSD.org
Thu Jul 6 16:16:49 UTC 2006
http://perforce.freebsd.org/chv.cgi?CH=100766
Change 100766 by rwatson at rwatson_zoo on 2006/07/06 16:15:55
Rename.
Affected files ...
.. //depot/projects/trustedbsd/mac2/sys/security/mac/mac_inet.c#2 edit
.. //depot/projects/trustedbsd/mac2/sys/security/mac/mac_internal.h#4 edit
.. //depot/projects/trustedbsd/mac2/sys/security/mac/mac_label.c#2 edit
.. //depot/projects/trustedbsd/mac2/sys/security/mac/mac_net.c#2 edit
.. //depot/projects/trustedbsd/mac2/sys/security/mac/mac_pipe.c#2 edit
.. //depot/projects/trustedbsd/mac2/sys/security/mac/mac_posix_sem.c#2 edit
.. //depot/projects/trustedbsd/mac2/sys/security/mac/mac_process.c#2 edit
.. //depot/projects/trustedbsd/mac2/sys/security/mac/mac_vfs.c#2 edit
.. //depot/projects/trustedbsd/mac2/sys/sys/mac_framework.h#11 edit
.. //depot/projects/trustedbsd/mac2/sys/sys/mac_policy.h#19 edit
Differences ...
==== //depot/projects/trustedbsd/mac2/sys/security/mac/mac_inet.c#2 (text+ko) ====
@@ -2,6 +2,7 @@
* Copyright (c) 1999-2002 Robert N. M. Watson
* Copyright (c) 2001 Ilmar S. Habibulin
* Copyright (c) 2001-2004 Networks Associates Technology, Inc.
+ * Copyright (c) 2006 SPARTA, Inc.
* All rights reserved.
*
* This software was developed by Robert Watson and Ilmar Habibulin for the
@@ -12,6 +13,9 @@
* Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"),
* as part of the DARPA CHATS research program.
*
+ * This software was enhanced by SPARTA ISSO under SPAWAR contract
+ * N66001-04-C-6019 ("SEFOS").
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -42,9 +46,9 @@
#include <sys/param.h>
#include <sys/kernel.h>
#include <sys/lock.h>
+#include <sys/mac_framework.h>
#include <sys/malloc.h>
#include <sys/mutex.h>
-#include <sys/mac.h>
#include <sys/sbuf.h>
#include <sys/systm.h>
#include <sys/mount.h>
@@ -84,9 +88,9 @@
label = mac_labelzone_alloc(flag);
if (label == NULL)
return (NULL);
- MAC_CHECK(init_inpcb_label, label, flag);
+ MAC_CHECK(inpcb_init_label, label, flag);
if (error) {
- MAC_PERFORM(destroy_inpcb_label, label);
+ MAC_PERFORM(inpcb_destroy_label, label);
mac_labelzone_free(label);
return (NULL);
}
@@ -95,7 +99,7 @@
}
int
-mac_init_inpcb(struct inpcb *inp, int flag)
+mac_inpcb_init(struct inpcb *inp, int flag)
{
inp->inp_label = mac_inpcb_label_alloc(flag);
@@ -114,9 +118,9 @@
if (label == NULL)
return (NULL);
- MAC_CHECK(init_ipq_label, label, flag);
+ MAC_CHECK(ipq_init_label, label, flag);
if (error) {
- MAC_PERFORM(destroy_ipq_label, label);
+ MAC_PERFORM(ipq_destroy_label, label);
mac_labelzone_free(label);
return (NULL);
}
@@ -125,7 +129,7 @@
}
int
-mac_init_ipq(struct ipq *ipq, int flag)
+mac_ipq_init(struct ipq *ipq, int flag)
{
ipq->ipq_label = mac_ipq_label_alloc(flag);
@@ -138,13 +142,13 @@
mac_inpcb_label_free(struct label *label)
{
- MAC_PERFORM(destroy_inpcb_label, label);
+ MAC_PERFORM(inpcb_destroy_label, label);
mac_labelzone_free(label);
MAC_DEBUG_COUNTER_DEC(&nmacinpcbs);
}
void
-mac_destroy_inpcb(struct inpcb *inp)
+mac_inpcb_destroy(struct inpcb *inp)
{
mac_inpcb_label_free(inp->inp_label);
@@ -155,13 +159,13 @@
mac_ipq_label_free(struct label *label)
{
- MAC_PERFORM(destroy_ipq_label, label);
+ MAC_PERFORM(ipq_destroy_label, label);
mac_labelzone_free(label);
MAC_DEBUG_COUNTER_DEC(&nmacipqs);
}
void
-mac_destroy_ipq(struct ipq *ipq)
+mac_ipq_destroy(struct ipq *ipq)
{
mac_ipq_label_free(ipq->ipq_label);
@@ -169,59 +173,57 @@
}
void
-mac_create_inpcb_from_socket(struct socket *so, struct inpcb *inp)
+mac_inpcb_create(struct socket *so, struct inpcb *inp)
{
- MAC_PERFORM(create_inpcb_from_socket, so, so->so_label, inp,
- inp->inp_label);
+ MAC_PERFORM(inpcb_create, so, so->so_label, inp, inp->inp_label);
}
void
-mac_create_datagram_from_ipq(struct ipq *ipq, struct mbuf *datagram)
+mac_ipq_reassemble(struct ipq *ipq, struct mbuf *datagram)
{
struct label *label;
label = mac_mbuf_to_label(datagram);
- MAC_PERFORM(create_datagram_from_ipq, ipq, ipq->ipq_label,
- datagram, label);
+ MAC_PERFORM(ipq_reassemble, ipq, ipq->ipq_label, datagram, label);
}
void
-mac_create_fragment(struct mbuf *datagram, struct mbuf *fragment)
+mac_netinet_fragment(struct mbuf *datagram, struct mbuf *fragment)
{
struct label *datagramlabel, *fragmentlabel;
datagramlabel = mac_mbuf_to_label(datagram);
fragmentlabel = mac_mbuf_to_label(fragment);
- MAC_PERFORM(create_fragment, datagram, datagramlabel, fragment,
+ MAC_PERFORM(netinet_fragment, datagram, datagramlabel, fragment,
fragmentlabel);
}
void
-mac_create_ipq(struct mbuf *fragment, struct ipq *ipq)
+mac_ipq_create(struct mbuf *fragment, struct ipq *ipq)
{
struct label *label;
label = mac_mbuf_to_label(fragment);
- MAC_PERFORM(create_ipq, fragment, label, ipq, ipq->ipq_label);
+ MAC_PERFORM(ipq_create, fragment, label, ipq, ipq->ipq_label);
}
void
-mac_create_mbuf_from_inpcb(struct inpcb *inp, struct mbuf *m)
+mac_inpcb_create_mbuf(struct inpcb *inp, struct mbuf *m)
{
struct label *mlabel;
INP_LOCK_ASSERT(inp);
mlabel = mac_mbuf_to_label(m);
- MAC_PERFORM(create_mbuf_from_inpcb, inp, inp->inp_label, m, mlabel);
+ MAC_PERFORM(inpcb_create_mbuf, inp, inp->inp_label, m, mlabel);
}
int
-mac_fragment_match(struct mbuf *fragment, struct ipq *ipq)
+mac_ipq_match(struct mbuf *fragment, struct ipq *ipq)
{
struct label *label;
int result;
@@ -229,43 +231,42 @@
label = mac_mbuf_to_label(fragment);
result = 1;
- MAC_BOOLEAN(fragment_match, &&, fragment, label, ipq,
- ipq->ipq_label);
+ MAC_BOOLEAN(ipq_match, &&, fragment, label, ipq, ipq->ipq_label);
return (result);
}
void
-mac_reflect_mbuf_icmp(struct mbuf *m)
+mac_netinet_icmp_reply(struct mbuf *m)
{
struct label *label;
label = mac_mbuf_to_label(m);
- MAC_PERFORM(reflect_mbuf_icmp, m, label);
+ MAC_PERFORM(netinet_icmp_reply, m, label);
}
void
-mac_reflect_mbuf_tcp(struct mbuf *m)
+mac_netinet_tcp_reply(struct mbuf *m)
{
struct label *label;
label = mac_mbuf_to_label(m);
- MAC_PERFORM(reflect_mbuf_tcp, m, label);
+ MAC_PERFORM(netinet_tcp_reply, m, label);
}
void
-mac_update_ipq(struct mbuf *fragment, struct ipq *ipq)
+mac_ipq_update(struct mbuf *fragment, struct ipq *ipq)
{
struct label *label;
label = mac_mbuf_to_label(fragment);
- MAC_PERFORM(update_ipq, fragment, label, ipq, ipq->ipq_label);
+ MAC_PERFORM(ipq_update, fragment, label, ipq, ipq->ipq_label);
}
int
-mac_check_inpcb_deliver(struct inpcb *inp, struct mbuf *m)
+mac_inpcb_check_deliver(struct inpcb *inp, struct mbuf *m)
{
struct label *label;
int error;
@@ -277,7 +278,7 @@
label = mac_mbuf_to_label(m);
- MAC_CHECK(check_inpcb_deliver, inp, inp->inp_label, m, label);
+ MAC_CHECK(inpcb_check_deliver, inp, inp->inp_label, m, label);
return (error);
}
==== //depot/projects/trustedbsd/mac2/sys/security/mac/mac_internal.h#4 (text+ko) ====
@@ -13,6 +13,9 @@
* Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"),
* as part of the DARPA CHATS research program.
*
+ * This software was enhanced by SPARTA ISSO under SPAWAR contract
+ * N66001-04-C-6019 ("SEFOS").
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -223,7 +226,7 @@
break; \
} \
claimed = 0; \
- MAC_CHECK(externalize_ ## type ## _label, label, \
+ MAC_CHECK(type ## _externalize_label, label, \
element_name, &sb, &claimed); \
if (error) \
break; \
@@ -254,7 +257,7 @@
break; \
} \
claimed = 0; \
- MAC_CHECK(internalize_ ## type ## _label, label, \
+ MAC_CHECK(type ## _internalize_label, label, \
element_name, element_data, &claimed); \
if (error) \
break; \
==== //depot/projects/trustedbsd/mac2/sys/security/mac/mac_label.c#2 (text+ko) ====
@@ -35,7 +35,7 @@
#include "opt_mac.h"
#include <sys/param.h>
-#include <sys/mac.h>
+#include <sys/mac_framework.h>
#include <sys/sysctl.h>
#include <sys/systm.h>
==== //depot/projects/trustedbsd/mac2/sys/security/mac/mac_net.c#2 (text+ko) ====
@@ -2,6 +2,7 @@
* Copyright (c) 1999-2002 Robert N. M. Watson
* Copyright (c) 2001 Ilmar S. Habibulin
* Copyright (c) 2001-2004 Networks Associates Technology, Inc.
+ * Copyright (c) 2006 SPARTA, Inc.
* All rights reserved.
*
* This software was developed by Robert Watson and Ilmar Habibulin for the
@@ -12,6 +13,9 @@
* Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"),
* as part of the DARPA CHATS research program.
*
+ * This software was enhanced by SPARTA ISSO under SPAWAR contract
+ * N66001-04-C-6019 ("SEFOS").
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -45,6 +49,7 @@
#include <sys/malloc.h>
#include <sys/mutex.h>
#include <sys/mac.h>
+#include <sys/mac_framework.h>
#include <sys/sbuf.h>
#include <sys/systm.h>
#include <sys/mount.h>
@@ -114,13 +119,13 @@
struct label *label;
label = mac_labelzone_alloc(M_WAITOK);
- MAC_PERFORM(init_bpfdesc_label, label);
+ MAC_PERFORM(bpfdesc_init_label, label);
MAC_DEBUG_COUNTER_INC(&nmacbpfdescs);
return (label);
}
void
-mac_init_bpfdesc(struct bpf_d *bpf_d)
+mac_bpfdesc_init(struct bpf_d *bpf_d)
{
bpf_d->bd_label = mac_bpfdesc_label_alloc();
@@ -132,20 +137,20 @@
struct label *label;
label = mac_labelzone_alloc(M_WAITOK);
- MAC_PERFORM(init_ifnet_label, label);
+ MAC_PERFORM(ifnet_init_label, label);
MAC_DEBUG_COUNTER_INC(&nmacifnets);
return (label);
}
void
-mac_init_ifnet(struct ifnet *ifp)
+mac_ifnet_init(struct ifnet *ifp)
{
ifp->if_label = mac_ifnet_label_alloc();
}
int
-mac_init_mbuf_tag(struct m_tag *tag, int flag)
+mac_mbuf_tag_init(struct m_tag *tag, int flag)
{
struct label *label;
int error;
@@ -153,9 +158,9 @@
label = (struct label *) (tag + 1);
mac_init_label(label);
- MAC_CHECK(init_mbuf_label, label, flag);
+ MAC_CHECK(mbuf_init_label, label, flag);
if (error) {
- MAC_PERFORM(destroy_mbuf_label, label);
+ MAC_PERFORM(mbuf_destroy_label, label);
mac_destroy_label(label);
} else {
MAC_DEBUG_COUNTER_INC(&nmacmbufs);
@@ -164,7 +169,7 @@
}
int
-mac_init_mbuf(struct mbuf *m, int flag)
+mac_mbuf_init(struct mbuf *m, int flag)
{
struct m_tag *tag;
int error;
@@ -183,7 +188,7 @@
flag);
if (tag == NULL)
return (ENOMEM);
- error = mac_init_mbuf_tag(tag, flag);
+ error = mac_mbuf_tag_init(tag, flag);
if (error) {
m_tag_free(tag);
return (error);
@@ -196,13 +201,13 @@
mac_bpfdesc_label_free(struct label *label)
{
- MAC_PERFORM(destroy_bpfdesc_label, label);
+ MAC_PERFORM(bpfdesc_destroy_label, label);
mac_labelzone_free(label);
MAC_DEBUG_COUNTER_DEC(&nmacbpfdescs);
}
void
-mac_destroy_bpfdesc(struct bpf_d *bpf_d)
+mac_bpfdesc_destroy(struct bpf_d *bpf_d)
{
mac_bpfdesc_label_free(bpf_d->bd_label);
@@ -213,13 +218,13 @@
mac_ifnet_label_free(struct label *label)
{
- MAC_PERFORM(destroy_ifnet_label, label);
+ MAC_PERFORM(ifnet_destroy_label, label);
mac_labelzone_free(label);
MAC_DEBUG_COUNTER_DEC(&nmacifnets);
}
void
-mac_destroy_ifnet(struct ifnet *ifp)
+mac_ifnet_destroy(struct ifnet *ifp)
{
mac_ifnet_label_free(ifp->if_label);
@@ -227,19 +232,19 @@
}
void
-mac_destroy_mbuf_tag(struct m_tag *tag)
+mac_mbuf_tag_destroy(struct m_tag *tag)
{
struct label *label;
label = (struct label *)(tag+1);
- MAC_PERFORM(destroy_mbuf_label, label);
+ MAC_PERFORM(mbuf_destroy_label, label);
mac_destroy_label(label);
MAC_DEBUG_COUNTER_DEC(&nmacmbufs);
}
void
-mac_copy_mbuf_tag(struct m_tag *src, struct m_tag *dest)
+mac_mbuf_tag_copy(struct m_tag *src, struct m_tag *dest)
{
struct label *src_label, *dest_label;
@@ -247,32 +252,32 @@
dest_label = (struct label *)(dest+1);
/*
- * mac_init_mbuf_tag() is called on the target tag in
+ * mac_mbuf_tag_init() is called on the target tag in
* m_tag_copy(), so we don't need to call it here.
*/
- MAC_PERFORM(copy_mbuf_label, src_label, dest_label);
+ MAC_PERFORM(mbuf_copy_label, src_label, dest_label);
}
void
-mac_copy_mbuf(struct mbuf *m_from, struct mbuf *m_to)
+mac_mbuf_copy(struct mbuf *m_from, struct mbuf *m_to)
{
struct label *src_label, *dest_label;
src_label = mac_mbuf_to_label(m_from);
dest_label = mac_mbuf_to_label(m_to);
- MAC_PERFORM(copy_mbuf_label, src_label, dest_label);
+ MAC_PERFORM(mbuf_copy_label, src_label, dest_label);
}
static void
-mac_copy_ifnet_label(struct label *src, struct label *dest)
+mac_ifnet_copy_label(struct label *src, struct label *dest)
{
- MAC_PERFORM(copy_ifnet_label, src, dest);
+ MAC_PERFORM(ifnet_copy_label, src, dest);
}
static int
-mac_externalize_ifnet_label(struct label *label, char *elements,
+mac_ifnet_externalize_label(struct label *label, char *elements,
char *outbuf, size_t outbuflen)
{
int error;
@@ -283,7 +288,7 @@
}
static int
-mac_internalize_ifnet_label(struct label *label, char *string)
+mac_ifnet_internalize_label(struct label *label, char *string)
{
int error;
@@ -293,23 +298,23 @@
}
void
-mac_create_ifnet(struct ifnet *ifnet)
+mac_ifnet_create(struct ifnet *ifnet)
{
MAC_IFNET_LOCK(ifnet);
- MAC_PERFORM(create_ifnet, ifnet, ifnet->if_label);
+ MAC_PERFORM(ifnet_create, ifnet, ifnet->if_label);
MAC_IFNET_UNLOCK(ifnet);
}
void
-mac_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d)
+mac_bpfdesc_create(struct ucred *cred, struct bpf_d *bpf_d)
{
- MAC_PERFORM(create_bpfdesc, cred, bpf_d, bpf_d->bd_label);
+ MAC_PERFORM(bpfdesc_create, cred, bpf_d, bpf_d->bd_label);
}
void
-mac_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct mbuf *mbuf)
+mac_bpfdesc_create_mbuf(struct bpf_d *bpf_d, struct mbuf *mbuf)
{
struct label *label;
@@ -317,8 +322,7 @@
label = mac_mbuf_to_label(mbuf);
- MAC_PERFORM(create_mbuf_from_bpfdesc, bpf_d, bpf_d->bd_label, mbuf,
- label);
+ MAC_PERFORM(bpfdesc_create_mbuf, bpf_d, bpf_d->bd_label, mbuf, label);
}
void
@@ -335,20 +339,19 @@
}
void
-mac_create_mbuf_from_ifnet(struct ifnet *ifnet, struct mbuf *mbuf)
+mac_ifnet_create_mbuf(struct ifnet *ifnet, struct mbuf *mbuf)
{
struct label *label;
label = mac_mbuf_to_label(mbuf);
MAC_IFNET_LOCK(ifnet);
- MAC_PERFORM(create_mbuf_from_ifnet, ifnet, ifnet->if_label, mbuf,
- label);
+ MAC_PERFORM(ifnet_create_mbuf, ifnet, ifnet->if_label, mbuf, label);
MAC_IFNET_UNLOCK(ifnet);
}
void
-mac_create_mbuf_multicast_encap(struct mbuf *oldmbuf, struct ifnet *ifnet,
+mac_mbuf_create_multicast_encap(struct mbuf *oldmbuf, struct ifnet *ifnet,
struct mbuf *newmbuf)
{
struct label *oldmbuflabel, *newmbuflabel;
@@ -357,25 +360,25 @@
newmbuflabel = mac_mbuf_to_label(newmbuf);
MAC_IFNET_LOCK(ifnet);
- MAC_PERFORM(create_mbuf_multicast_encap, oldmbuf, oldmbuflabel,
+ MAC_PERFORM(mbuf_create_multicast_encap, oldmbuf, oldmbuflabel,
ifnet, ifnet->if_label, newmbuf, newmbuflabel);
MAC_IFNET_UNLOCK(ifnet);
}
void
-mac_create_mbuf_netlayer(struct mbuf *oldmbuf, struct mbuf *newmbuf)
+mac_mbuf_create_netlayer(struct mbuf *oldmbuf, struct mbuf *newmbuf)
{
struct label *oldmbuflabel, *newmbuflabel;
oldmbuflabel = mac_mbuf_to_label(oldmbuf);
newmbuflabel = mac_mbuf_to_label(newmbuf);
- MAC_PERFORM(create_mbuf_netlayer, oldmbuf, oldmbuflabel, newmbuf,
+ MAC_PERFORM(mbuf_create_netlayer, oldmbuf, oldmbuflabel, newmbuf,
newmbuflabel);
}
int
-mac_check_bpfdesc_receive(struct bpf_d *bpf_d, struct ifnet *ifnet)
+mac_bpfdesc_check_receive(struct bpf_d *bpf_d, struct ifnet *ifnet)
{
int error;
@@ -385,7 +388,7 @@
return (0);
MAC_IFNET_LOCK(ifnet);
- MAC_CHECK(check_bpfdesc_receive, bpf_d, bpf_d->bd_label, ifnet,
+ MAC_CHECK(bpfdesc_check_receive, bpf_d, bpf_d->bd_label, ifnet,
ifnet->if_label);
MAC_IFNET_UNLOCK(ifnet);
@@ -393,7 +396,7 @@
}
int
-mac_check_ifnet_transmit(struct ifnet *ifnet, struct mbuf *mbuf)
+mac_ifnet_check_transmit(struct ifnet *ifnet, struct mbuf *mbuf)
{
struct label *label;
int error;
@@ -406,15 +409,14 @@
label = mac_mbuf_to_label(mbuf);
MAC_IFNET_LOCK(ifnet);
- MAC_CHECK(check_ifnet_transmit, ifnet, ifnet->if_label, mbuf,
- label);
+ MAC_CHECK(ifnet_check_transmit, ifnet, ifnet->if_label, mbuf, label);
MAC_IFNET_UNLOCK(ifnet);
return (error);
}
int
-mac_ioctl_ifnet_get(struct ucred *cred, struct ifreq *ifr,
+mac_ifnet_ioctl_get(struct ucred *cred, struct ifreq *ifr,
struct ifnet *ifnet)
{
char *elements, *buffer;
@@ -440,9 +442,9 @@
buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK | M_ZERO);
intlabel = mac_ifnet_label_alloc();
MAC_IFNET_LOCK(ifnet);
- mac_copy_ifnet_label(ifnet->if_label, intlabel);
+ mac_ifnet_copy_label(ifnet->if_label, intlabel);
MAC_IFNET_UNLOCK(ifnet);
- error = mac_externalize_ifnet_label(ifnet->if_label, elements,
+ error = mac_ifnet_externalize_label(ifnet->if_label, elements,
buffer, mac.m_buflen);
mac_ifnet_label_free(intlabel);
if (error == 0)
@@ -455,7 +457,7 @@
}
int
-mac_ioctl_ifnet_set(struct ucred *cred, struct ifreq *ifr,
+mac_ifnet_ioctl_set(struct ucred *cred, struct ifreq *ifr,
struct ifnet *ifnet)
{
struct label *intlabel;
@@ -479,7 +481,7 @@
}
intlabel = mac_ifnet_label_alloc();
- error = mac_internalize_ifnet_label(intlabel, buffer);
+ error = mac_ifnet_internalize_label(intlabel, buffer);
free(buffer, M_MACTEMP);
if (error) {
mac_ifnet_label_free(intlabel);
@@ -498,7 +500,7 @@
}
MAC_IFNET_LOCK(ifnet);
- MAC_CHECK(check_ifnet_relabel, cred, ifnet, ifnet->if_label,
+ MAC_CHECK(ifnet_check_relabel, cred, ifnet, ifnet->if_label,
intlabel);
if (error) {
MAC_IFNET_UNLOCK(ifnet);
@@ -506,7 +508,7 @@
return (error);
}
- MAC_PERFORM(relabel_ifnet, cred, ifnet, ifnet->if_label, intlabel);
+ MAC_PERFORM(ifnet_relabel, cred, ifnet, ifnet->if_label, intlabel);
MAC_IFNET_UNLOCK(ifnet);
mac_ifnet_label_free(intlabel);
==== //depot/projects/trustedbsd/mac2/sys/security/mac/mac_pipe.c#2 (text+ko) ====
@@ -1,5 +1,6 @@
/*-
* Copyright (c) 2002, 2003 Networks Associates Technology, Inc.
+ * Copyright (c) 2006 SPARTA, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project in part by Network
@@ -7,6 +8,9 @@
* Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"),
* as part of the DARPA CHATS research program.
*
+ * This software was enhanced by SPARTA ISSO under SPAWAR contract
+ * N66001-04-C-6019 ("SEFOS").
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -41,6 +45,7 @@
#include <sys/module.h>
#include <sys/mutex.h>
#include <sys/mac.h>
+#include <sys/mac_framework.h>
#include <sys/sbuf.h>
#include <sys/systm.h>
#include <sys/vnode.h>
@@ -68,13 +73,13 @@
struct label *label;
label = mac_labelzone_alloc(M_WAITOK);
- MAC_PERFORM(init_pipe_label, label);
+ MAC_PERFORM(pipe_init_label, label);
MAC_DEBUG_COUNTER_INC(&nmacpipes);
return (label);
}
void
-mac_init_pipe(struct pipepair *pp)
+mac_pipe_init(struct pipepair *pp)
{
pp->pp_label = mac_pipe_label_alloc();
@@ -84,13 +89,13 @@
mac_pipe_label_free(struct label *label)
{
- MAC_PERFORM(destroy_pipe_label, label);
+ MAC_PERFORM(pipe_destroy_label, label);
mac_labelzone_free(label);
MAC_DEBUG_COUNTER_DEC(&nmacpipes);
}
void
-mac_destroy_pipe(struct pipepair *pp)
+mac_pipe_destroy(struct pipepair *pp)
{
mac_pipe_label_free(pp->pp_label);
@@ -98,14 +103,14 @@
}
void
-mac_copy_pipe_label(struct label *src, struct label *dest)
+mac_pipe_copy_label(struct label *src, struct label *dest)
{
- MAC_PERFORM(copy_pipe_label, src, dest);
+ MAC_PERFORM(pipe_copy_label, src, dest);
}
int
-mac_externalize_pipe_label(struct label *label, char *elements,
+mac_pipe_externalize_label(struct label *label, char *elements,
char *outbuf, size_t outbuflen)
{
int error;
@@ -116,7 +121,7 @@
}
int
-mac_internalize_pipe_label(struct label *label, char *string)
+mac_pipe_internalize_label(struct label *label, char *string)
{
int error;
@@ -126,22 +131,22 @@
}
void
-mac_create_pipe(struct ucred *cred, struct pipepair *pp)
+mac_pipe_create(struct ucred *cred, struct pipepair *pp)
{
- MAC_PERFORM(create_pipe, cred, pp, pp->pp_label);
+ MAC_PERFORM(pipe_create, cred, pp, pp->pp_label);
}
static void
-mac_relabel_pipe(struct ucred *cred, struct pipepair *pp,
+mac_pipe_relabel(struct ucred *cred, struct pipepair *pp,
struct label *newlabel)
{
- MAC_PERFORM(relabel_pipe, cred, pp, pp->pp_label, newlabel);
+ MAC_PERFORM(pipe_relabel, cred, pp, pp->pp_label, newlabel);
}
int
-mac_check_pipe_ioctl(struct ucred *cred, struct pipepair *pp,
+mac_pipe_check_ioctl(struct ucred *cred, struct pipepair *pp,
unsigned long cmd, void *data)
{
int error;
@@ -151,13 +156,13 @@
if (!mac_enforce_pipe)
return (0);
- MAC_CHECK(check_pipe_ioctl, cred, pp, pp->pp_label, cmd, data);
+ MAC_CHECK(pipe_check_ioctl, cred, pp, pp->pp_label, cmd, data);
return (error);
}
int
-mac_check_pipe_poll(struct ucred *cred, struct pipepair *pp)
+mac_pipe_check_poll(struct ucred *cred, struct pipepair *pp)
{
int error;
@@ -166,13 +171,13 @@
if (!mac_enforce_pipe)
return (0);
- MAC_CHECK(check_pipe_poll, cred, pp, pp->pp_label);
+ MAC_CHECK(pipe_check_poll, cred, pp, pp->pp_label);
return (error);
}
int
-mac_check_pipe_read(struct ucred *cred, struct pipepair *pp)
+mac_pipe_check_read(struct ucred *cred, struct pipepair *pp)
{
int error;
@@ -181,13 +186,13 @@
if (!mac_enforce_pipe)
return (0);
- MAC_CHECK(check_pipe_read, cred, pp, pp->pp_label);
+ MAC_CHECK(pipe_check_read, cred, pp, pp->pp_label);
return (error);
}
static int
-mac_check_pipe_relabel(struct ucred *cred, struct pipepair *pp,
+mac_pipe_check_relabel(struct ucred *cred, struct pipepair *pp,
struct label *newlabel)
{
int error;
@@ -197,13 +202,13 @@
if (!mac_enforce_pipe)
return (0);
- MAC_CHECK(check_pipe_relabel, cred, pp, pp->pp_label, newlabel);
+ MAC_CHECK(pipe_check_relabel, cred, pp, pp->pp_label, newlabel);
return (error);
}
int
-mac_check_pipe_stat(struct ucred *cred, struct pipepair *pp)
+mac_pipe_check_stat(struct ucred *cred, struct pipepair *pp)
{
int error;
@@ -212,13 +217,13 @@
if (!mac_enforce_pipe)
return (0);
- MAC_CHECK(check_pipe_stat, cred, pp, pp->pp_label);
+ MAC_CHECK(pipe_check_stat, cred, pp, pp->pp_label);
return (error);
}
int
-mac_check_pipe_write(struct ucred *cred, struct pipepair *pp)
+mac_pipe_check_write(struct ucred *cred, struct pipepair *pp)
{
int error;
@@ -227,7 +232,7 @@
if (!mac_enforce_pipe)
return (0);
- MAC_CHECK(check_pipe_write, cred, pp, pp->pp_label);
+ MAC_CHECK(pipe_check_write, cred, pp, pp->pp_label);
return (error);
}
@@ -240,11 +245,11 @@
mtx_assert(&pp->pp_mtx, MA_OWNED);
- error = mac_check_pipe_relabel(cred, pp, label);
+ error = mac_pipe_check_relabel(cred, pp, label);
if (error)
return (error);
- mac_relabel_pipe(cred, pp, label);
+ mac_pipe_relabel(cred, pp, label);
return (0);
}
==== //depot/projects/trustedbsd/mac2/sys/security/mac/mac_posix_sem.c#2 (text+ko) ====
@@ -38,7 +38,7 @@
#include <sys/param.h>
#include <sys/kernel.h>
#include <sys/malloc.h>
-#include <sys/mac.h>
+#include <sys/mac_framework.h>
#include <sys/module.h>
#include <sys/systm.h>
#include <sys/sysctl.h>
@@ -66,13 +66,13 @@
struct label *label;
label = mac_labelzone_alloc(M_WAITOK);
- MAC_PERFORM(init_posix_sem_label, label);
+ MAC_PERFORM(posix_sem_init_label, label);
MAC_DEBUG_COUNTER_INC(&nmacposixsems);
return (label);
}
void
-mac_init_posix_sem(struct ksem *ksemptr)
+mac_posix_sem_init(struct ksem *ksemptr)
{
ksemptr->ks_label = mac_posix_sem_label_alloc();
@@ -82,12 +82,12 @@
mac_posix_sem_label_free(struct label *label)
{
- MAC_PERFORM(destroy_posix_sem_label, label);
+ MAC_PERFORM(posix_sem_destroy_label, label);
MAC_DEBUG_COUNTER_DEC(&nmacposixsems);
}
void
-mac_destroy_posix_sem(struct ksem *ksemptr)
+mac_posix_sem_destroy(struct ksem *ksemptr)
{
mac_posix_sem_label_free(ksemptr->ks_label);
@@ -95,87 +95,87 @@
}
void
-mac_create_posix_sem(struct ucred *cred, struct ksem *ksemptr)
+mac_posix_sem_create(struct ucred *cred, struct ksem *ksemptr)
{
- MAC_PERFORM(create_posix_sem, cred, ksemptr, ksemptr->ks_label);
+ MAC_PERFORM(posix_sem_create, cred, ksemptr, ksemptr->ks_label);
}
int
-mac_check_posix_sem_destroy(struct ucred *cred, struct ksem *ksemptr)
+mac_posix_sem_check_destroy(struct ucred *cred, struct ksem *ksemptr)
{
int error;
if (!mac_enforce_posix_sem)
return (0);
- MAC_CHECK(check_posix_sem_destroy, cred, ksemptr, ksemptr->ks_label);
+ MAC_CHECK(posix_sem_check_destroy, cred, ksemptr, ksemptr->ks_label);
return(error);
}
int
-mac_check_posix_sem_open(struct ucred *cred, struct ksem *ksemptr)
+mac_posix_sem_check_open(struct ucred *cred, struct ksem *ksemptr)
{
int error;
if (!mac_enforce_posix_sem)
return (0);
- MAC_CHECK(check_posix_sem_open, cred, ksemptr, ksemptr->ks_label);
+ MAC_CHECK(posix_sem_check_open, cred, ksemptr, ksemptr->ks_label);
return(error);
}
int
-mac_check_posix_sem_getvalue(struct ucred *cred, struct ksem *ksemptr)
+mac_posix_sem_check_getvalue(struct ucred *cred, struct ksem *ksemptr)
{
int error;
if (!mac_enforce_posix_sem)
return (0);
- MAC_CHECK(check_posix_sem_getvalue, cred, ksemptr,
+ MAC_CHECK(posix_sem_check_getvalue, cred, ksemptr,
ksemptr->ks_label);
return(error);
}
int
-mac_check_posix_sem_post(struct ucred *cred, struct ksem *ksemptr)
>>> TRUNCATED FOR MAIL (1000 lines) <<<
More information about the trustedbsd-cvs
mailing list