PERFORCE change 105784 for review

Todd Miller millert at FreeBSD.org
Thu Sep 7 13:53:08 UTC 2006 

http://perforce.freebsd.org/chv.cgi?CH=105784

Change 105784 by millert at millert_g5tower on 2006/09/07 13:33:39

	Add a mach_ prefix to the the Mach IPC entry points.
	Rename mpo_syscall to mpo_policy_syscall.

Affected files ...

.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/ipc/mach_msg.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/kern/security.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_base.c#7 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_mach_internal.h#5 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_policy.h#8 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_port.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/ipctrace/module/ipctrace.c#5 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/mls/mac_mls.c#9 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#13 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/test/mac_test.c#7 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/ipc/mach_msg.c#3 (text+ko) ====

@@ -314,7 +314,7 @@
 #ifdef MAC
 		  if (kmsg->ikm_sender != NULL &&
 		    IP_VALID(kmsg->ikm_header->msgh_remote_port) &&
-		    mac_ipc_check_method(&kmsg->ikm_sender->lh_label,
+		    mac_mach_ipc_check_method(&kmsg->ikm_sender->lh_label,
 		    &((ipc_port_t)kmsg->ikm_header->msgh_remote_port)->ip_label,
 		    kmsg->ikm_header->msgh_id) == 0)
 		      trailer->msgh_ad = 1;

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/osfmk/kern/security.c#4 (text+ko) ====

@@ -283,7 +283,7 @@
 		goto errout;
 
 	mac_port_init_label(&outl);
-	rc = mac_request_object_label(subl, objl, serv, &outl);
+	rc = mac_mach_request_object_label(subl, objl, serv, &outl);
 	io_unlocklabel(subp);
 	io_unlock(subp);
 	io_unlocklabel(objp);

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_base.c#7 (text+ko) ====

@@ -998,12 +998,12 @@
 }
 
 int
-mac_request_object_label(struct label *subj, struct label *obj,
+mac_mach_request_object_label(struct label *subj, struct label *obj,
     const char *s, struct label *out)
 {
 	int error;
 
-	MAC_CHECK(request_object_label, subj, obj, s, out);
+	MAC_CHECK(mach_request_object_label, subj, obj, s, out);
 	return error;
 }
 
@@ -1636,8 +1636,8 @@
 			continue;
 
 		if (strcmp(mpc->mpc_name, target) == 0 &&
-		    mpc->mpc_ops->mpo_syscall != NULL) {
-			error = mpc->mpc_ops->mpo_syscall(p,
+		    mpc->mpc_ops->mpo_policy_syscall != NULL) {
+			error = mpc->mpc_ops->mpo_policy_syscall(p,
 			    uap->call, uap->arg);
 			break;
 		}
@@ -1649,8 +1649,8 @@
 				continue;
 
 			if (strcmp(mpc->mpc_name, target) == 0 &&
-			    mpc->mpc_ops->mpo_syscall != NULL) {
-				error = mpc->mpc_ops->mpo_syscall(p,
+			    mpc->mpc_ops->mpo_policy_syscall != NULL) {
+				error = mpc->mpc_ops->mpo_policy_syscall(p,
 				    uap->call, uap->arg);
 				break;
 			}

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_mach_internal.h#5 (text+ko) ====

@@ -29,9 +29,10 @@
 
 int mac_task_check_service_access(task_t self, task_t obj, const char *perm);
 void mac_task_update_label(struct label *pl, struct task *t);
-int mac_request_object_label(struct label *subj, struct label *obj,
+int mac_mach_request_object_label(struct label *subj, struct label *obj,
     const char *serv, struct label *out);
-int mac_ipc_check_method(struct label *task, struct label *port, int msgid);
+int mac_mach_ipc_check_method(struct label *task, struct label *port,
+    int msgid);
 
 #ifdef MAC
 void mac_policy_init(void);

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_policy.h#8 (text+ko) ====

@@ -252,7 +252,7 @@
   @return In the event of an error, an appropriate value for errno
   should be returned, otherwise return 0 upon success.
 */
-typedef int mpo_syscall_t(
+typedef int mpo_policy_syscall_t(
 	struct proc *p,
 	int call,
 	user_addr_t arg
@@ -2213,7 +2213,7 @@
 
   @return 0 on success, or an errno value for failure.
 */
-typedef int mpo_request_object_label_t(
+typedef int mpo_mach_request_object_label_t(
 	struct label *subj,
 	struct label *obj,
 	const char *serv,
@@ -2741,7 +2741,7 @@
   @return 0 for access granted, nonzero for access denied.
 */
 
-typedef int mpo_ipc_check_method_t(
+typedef int mpo_mach_ipc_check_method_t(
 	struct label *task,
 	struct label *port,
 	int msgid
@@ -4881,7 +4881,7 @@
 	mpo_policy_destroy_t			*mpo_policy_destroy;
 	mpo_policy_init_t			*mpo_policy_init;
 	mpo_policy_initbsd_t			*mpo_policy_initbsd;
-	mpo_syscall_t				*mpo_syscall;
+	mpo_policy_syscall_t			*mpo_policy_syscall;
 
 	/*
 	 * Audit operations
@@ -5024,7 +5024,7 @@
 	mpo_proc_create_init_t			*mpo_proc_create_init;
 	mpo_cred_setlabel_t			*mpo_cred_setlabel;
 
-	mpo_request_object_label_t		*mpo_request_object_label;
+	mpo_mach_request_object_label_t		*mpo_mach_request_object_label;
 
 	/*
 	 * Labeling event operations: Pipe objects.
@@ -5062,7 +5062,7 @@
 	mpo_file_check_fcntl_t			*mpo_file_check_fcntl;
 	mpo_check_get_fd_t			*mpo_check_get_fd;
 	mpo_check_ioctl_t			*mpo_check_ioctl;
-	mpo_ipc_check_method_t			*mpo_ipc_check_method;
+	mpo_mach_ipc_check_method_t		*mpo_mach_ipc_check_method;
 	mpo_posixsem_check_create_t		*mpo_posixsem_check_create;
 	mpo_posixsem_check_open_t		*mpo_posixsem_check_open;
 	mpo_posixsem_check_post_t		*mpo_posixsem_check_post;

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_port.c#4 (text+ko) ====

@@ -242,11 +242,11 @@
 }
 
 int
-mac_ipc_check_method(struct label *task, struct label *port, int msgid)
+mac_mach_ipc_check_method(struct label *task, struct label *port, int msgid)
 {
 	int error;
 
-	MAC_CHECK(ipc_check_method, task, port, msgid);
+	MAC_CHECK(mach_ipc_check_method, task, port, msgid);
 
 	return (error);
 }

==== //depot/projects/trustedbsd/sedarwin8/policies/ipctrace/module/ipctrace.c#5 (text+ko) ====

@@ -391,7 +391,7 @@
 {
 	.mpo_policy_init = ipctrace_policy_init,
 	.mpo_policy_destroy = ipctrace_policy_destroy,
-	.mpo_syscall = ipctrace_syscall,
+	.mpo_policy_syscall = ipctrace_syscall,
 	.mpo_cred_init_label = ipctrace_init_label,
 	.mpo_task_init_label = ipctrace_init_label,
 	.mpo_port_init_label = ipctrace_init_label,

==== //depot/projects/trustedbsd/sedarwin8/policies/mls/mac_mls.c#9 (text+ko) ====

@@ -1919,11 +1919,11 @@
 }
 
 static int
-mac_mls_request_object_label (struct label *subj, struct label *obj,
+mac_mls_mach_request_object_label (struct label *subj, struct label *obj,
     const char *serv, struct label *out)
 {
 
-#warning Implement mac_mls_request_object_label()
+#warning Implement mac_mls_mach_request_object_label()
 	return (0);
 }
 
@@ -3074,7 +3074,7 @@
 }
 
 static int
-mac_mls_ipc_check_method(struct label *task, struct label *port, int msgid)
+mac_mls_mach_ipc_check_method(struct label *task, struct label *port, int msgid)
 {
 	struct mac_mls *subj, *obj;
 
@@ -4045,9 +4045,9 @@
     .mpo_policy_destroy                 = mac_mls_policy_destroy,
     .mpo_policy_init                    = mac_mls_policy_init,
     .mpo_policy_initbsd                 = mac_mls_policy_initbsd,
-    .mpo_syscall			= mac_mls_syscall,
+    .mpo_policy_syscall			= mac_mls_syscall,
 
-    .mpo_request_object_label		= mac_mls_request_object_label,
+    .mpo_mach_request_object_label	= mac_mls_mach_request_object_label,
     .mpo_mach_check_service_access	= mac_mls_mach_check_service_access,
     .mpo_cred_check_setlabel		= mac_mls_cred_check_setlabel,
     .mpo_cred_check_visible             = mac_mls_cred_check_visible,
@@ -4093,7 +4093,7 @@
     .mpo_cred_copy_to_task		= mac_mls_cred_copy_to_task,
     .mpo_port_create                    = mac_mls_port_create,
     .mpo_port_create_kernel		= mac_mls_port_create_kernel,
-    .mpo_ipc_check_method		= mac_mls_ipc_check_method,
+    .mpo_mach_ipc_check_method		= mac_mls_mach_ipc_check_method,
     .mpo_port_check_setlabel		= mac_mls_port_check_setlabel,
     .mpo_port_check_send		= mac_mls_port_check_send,
     .mpo_port_check_hold_send		= mac_mls_port_check_hold_send,

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#13 (text+ko) ====

@@ -1477,7 +1477,7 @@
 }
 
 static int
-sebsd_ipc_check_method(struct label *subj, struct label *obj, int msgid)
+sebsd_mach_ipc_check_method(struct label *subj, struct label *obj, int msgid)
 {
 	struct task_security_struct *tsec, *psec;
 
@@ -3533,7 +3533,7 @@
 	.mpo_devfs_vnode_associate = sebsd_devfs_vnode_associate,
 	.mpo_devfs_update = sebsd_devfs_update,
 
-	.mpo_request_object_label = sebsd_request_label,
+	.mpo_mach_request_object_label = sebsd_request_label,
 
 	/* Transition */
 	.mpo_vnode_execve_will_transition = sebsd_vnode_execve_will_transition,
@@ -3677,7 +3677,7 @@
 	.mpo_sysvshm_check_shmctl = sebsd_sysvshm_check_shmctl,
 	.mpo_sysvshm_check_shmget = sebsd_sysvshm_check_shmget,
 
-	.mpo_ipc_check_method = sebsd_ipc_check_method,
+	.mpo_mach_ipc_check_method = sebsd_mach_ipc_check_method,
 
 	/* POSIX IPC Entry Points */
 	.mpo_posixsem_init_label = sebsd_init_ipc_label,
@@ -3703,7 +3703,7 @@
 	.mpo_socket_peer_set_from_mbuf = sebsd_socket_peer_set_from_mbuf,
 	.mpo_socket_peer_set_from_socket = sebsd_socket_peer_set_from_socket,
 
-	.mpo_syscall = sebsd_syscall
+	.mpo_policy_syscall = sebsd_syscall
 };
 
 static const char *labelnamespaces[SEBSD_MAC_LABEL_NAME_COUNT] =

==== //depot/projects/trustedbsd/sedarwin8/policies/test/mac_test.c#7 (text+ko) ====

@@ -1316,7 +1316,7 @@
 }
 
 static int
-mac_test_ipc_check_method(struct label *task, struct label *port, int msgid)
+mac_test_mach_ipc_check_method(struct label *task, struct label *port, int msgid)
 {
 	USE_LABEL(task, TASKTYPE);
 	USE_LABEL(port, PORTTYPE);
@@ -1603,7 +1603,7 @@
 }
 
 static int
-mac_test_request_object_label (struct label *subj, struct label *obj,
+mac_test_mach_request_object_label (struct label *subj, struct label *obj,
     const char *serv, struct label *out)
 {
 
@@ -3130,7 +3130,7 @@
 	.mpo_policy_destroy		= mac_test_policy_destroy,
 	.mpo_policy_init		= mac_test_policy_init,
 	.mpo_policy_initbsd		= mac_test_policy_initbsd,
-	.mpo_syscall			= mac_test_syscall,
+	.mpo_policy_syscall		= mac_test_syscall,
 
 	/*
 	 * Audit selection functions.  
@@ -3294,7 +3294,7 @@
 	.mpo_file_check_fcntl		= mac_test_file_check_fcntl,
 	.mpo_check_get_fd		= mac_test_check_get_fd,
 	.mpo_check_ioctl		= mac_test_check_ioctl,
-	.mpo_ipc_check_method		= mac_test_ipc_check_method,
+	.mpo_mach_ipc_check_method	= mac_test_mach_ipc_check_method,
 	.mpo_lctx_check_setlabel	= mac_test_lctx_check_setlabel,
 	.mpo_mount_check_getattr	= mac_test_mount_check_getattr,
 	.mpo_mount_check_setattr	= mac_test_mount_check_setattr,
@@ -3328,7 +3328,7 @@
 	.mpo_proc_check_setlcid		= mac_test_proc_check_setlcid,
 	.mpo_proc_check_signal		= mac_test_proc_check_signal,
 	.mpo_proc_check_wait		= mac_test_proc_check_wait,
-	.mpo_request_object_label	= mac_test_request_object_label,
+	.mpo_mach_request_object_label	= mac_test_mach_request_object_label,
 	.mpo_mach_check_service_access	= mac_test_mach_check_service_access,
 	.mpo_check_set_fd		= mac_test_check_set_fd,
 	.mpo_pipe_check_kqfilter	= mac_test_pipe_check_kqfilter,

More information about the trustedbsd-cvs mailing list