From owner-p4-projects@FreeBSD.ORG Thu Jul 6 16:16:24 2006 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id F1EF116A4DE; Thu, 6 Jul 2006 16:16:23 +0000 (UTC) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8A5E416A4E9 for ; Thu, 6 Jul 2006 16:16:23 +0000 (UTC) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id D7C9F43D5E for ; Thu, 6 Jul 2006 16:16:12 +0000 (GMT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id k66GGC3r097301 for ; Thu, 6 Jul 2006 16:16:12 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.6/8.13.4/Submit) id k66GGCw6097298 for perforce@freebsd.org; Thu, 6 Jul 2006 16:16:12 GMT (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Thu, 6 Jul 2006 16:16:12 GMT Message-Id: <200607061616.k66GGCw6097298@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson To: Perforce Change Reviews Cc: Subject: PERFORCE change 100766 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Jul 2006 16:16:24 -0000 http://perforce.freebsd.org/chv.cgi?CH=100766 Change 100766 by rwatson@rwatson_zoo on 2006/07/06 16:15:55 Rename. Affected files ... .. //depot/projects/trustedbsd/mac2/sys/security/mac/mac_inet.c#2 edit .. //depot/projects/trustedbsd/mac2/sys/security/mac/mac_internal.h#4 edit .. //depot/projects/trustedbsd/mac2/sys/security/mac/mac_label.c#2 edit .. //depot/projects/trustedbsd/mac2/sys/security/mac/mac_net.c#2 edit .. //depot/projects/trustedbsd/mac2/sys/security/mac/mac_pipe.c#2 edit .. //depot/projects/trustedbsd/mac2/sys/security/mac/mac_posix_sem.c#2 edit .. //depot/projects/trustedbsd/mac2/sys/security/mac/mac_process.c#2 edit .. //depot/projects/trustedbsd/mac2/sys/security/mac/mac_vfs.c#2 edit .. //depot/projects/trustedbsd/mac2/sys/sys/mac_framework.h#11 edit .. //depot/projects/trustedbsd/mac2/sys/sys/mac_policy.h#19 edit Differences ... ==== //depot/projects/trustedbsd/mac2/sys/security/mac/mac_inet.c#2 (text+ko) ==== @@ -2,6 +2,7 @@ * Copyright (c) 1999-2002 Robert N. M. Watson * Copyright (c) 2001 Ilmar S. Habibulin * Copyright (c) 2001-2004 Networks Associates Technology, Inc. + * Copyright (c) 2006 SPARTA, Inc. * All rights reserved. * * This software was developed by Robert Watson and Ilmar Habibulin for the @@ -12,6 +13,9 @@ * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), * as part of the DARPA CHATS research program. * + * This software was enhanced by SPARTA ISSO under SPAWAR contract + * N66001-04-C-6019 ("SEFOS"). + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -42,9 +46,9 @@ #include #include #include +#include #include #include -#include #include #include #include @@ -84,9 +88,9 @@ label = mac_labelzone_alloc(flag); if (label == NULL) return (NULL); - MAC_CHECK(init_inpcb_label, label, flag); + MAC_CHECK(inpcb_init_label, label, flag); if (error) { - MAC_PERFORM(destroy_inpcb_label, label); + MAC_PERFORM(inpcb_destroy_label, label); mac_labelzone_free(label); return (NULL); } @@ -95,7 +99,7 @@ } int -mac_init_inpcb(struct inpcb *inp, int flag) +mac_inpcb_init(struct inpcb *inp, int flag) { inp->inp_label = mac_inpcb_label_alloc(flag); @@ -114,9 +118,9 @@ if (label == NULL) return (NULL); - MAC_CHECK(init_ipq_label, label, flag); + MAC_CHECK(ipq_init_label, label, flag); if (error) { - MAC_PERFORM(destroy_ipq_label, label); + MAC_PERFORM(ipq_destroy_label, label); mac_labelzone_free(label); return (NULL); } @@ -125,7 +129,7 @@ } int -mac_init_ipq(struct ipq *ipq, int flag) +mac_ipq_init(struct ipq *ipq, int flag) { ipq->ipq_label = mac_ipq_label_alloc(flag); @@ -138,13 +142,13 @@ mac_inpcb_label_free(struct label *label) { - MAC_PERFORM(destroy_inpcb_label, label); + MAC_PERFORM(inpcb_destroy_label, label); mac_labelzone_free(label); MAC_DEBUG_COUNTER_DEC(&nmacinpcbs); } void -mac_destroy_inpcb(struct inpcb *inp) +mac_inpcb_destroy(struct inpcb *inp) { mac_inpcb_label_free(inp->inp_label); @@ -155,13 +159,13 @@ mac_ipq_label_free(struct label *label) { - MAC_PERFORM(destroy_ipq_label, label); + MAC_PERFORM(ipq_destroy_label, label); mac_labelzone_free(label); MAC_DEBUG_COUNTER_DEC(&nmacipqs); } void -mac_destroy_ipq(struct ipq *ipq) +mac_ipq_destroy(struct ipq *ipq) { mac_ipq_label_free(ipq->ipq_label); @@ -169,59 +173,57 @@ } void -mac_create_inpcb_from_socket(struct socket *so, struct inpcb *inp) +mac_inpcb_create(struct socket *so, struct inpcb *inp) { - MAC_PERFORM(create_inpcb_from_socket, so, so->so_label, inp, - inp->inp_label); + MAC_PERFORM(inpcb_create, so, so->so_label, inp, inp->inp_label); } void -mac_create_datagram_from_ipq(struct ipq *ipq, struct mbuf *datagram) +mac_ipq_reassemble(struct ipq *ipq, struct mbuf *datagram) { struct label *label; label = mac_mbuf_to_label(datagram); - MAC_PERFORM(create_datagram_from_ipq, ipq, ipq->ipq_label, - datagram, label); + MAC_PERFORM(ipq_reassemble, ipq, ipq->ipq_label, datagram, label); } void -mac_create_fragment(struct mbuf *datagram, struct mbuf *fragment) +mac_netinet_fragment(struct mbuf *datagram, struct mbuf *fragment) { struct label *datagramlabel, *fragmentlabel; datagramlabel = mac_mbuf_to_label(datagram); fragmentlabel = mac_mbuf_to_label(fragment); - MAC_PERFORM(create_fragment, datagram, datagramlabel, fragment, + MAC_PERFORM(netinet_fragment, datagram, datagramlabel, fragment, fragmentlabel); } void -mac_create_ipq(struct mbuf *fragment, struct ipq *ipq) +mac_ipq_create(struct mbuf *fragment, struct ipq *ipq) { struct label *label; label = mac_mbuf_to_label(fragment); - MAC_PERFORM(create_ipq, fragment, label, ipq, ipq->ipq_label); + MAC_PERFORM(ipq_create, fragment, label, ipq, ipq->ipq_label); } void -mac_create_mbuf_from_inpcb(struct inpcb *inp, struct mbuf *m) +mac_inpcb_create_mbuf(struct inpcb *inp, struct mbuf *m) { struct label *mlabel; INP_LOCK_ASSERT(inp); mlabel = mac_mbuf_to_label(m); - MAC_PERFORM(create_mbuf_from_inpcb, inp, inp->inp_label, m, mlabel); + MAC_PERFORM(inpcb_create_mbuf, inp, inp->inp_label, m, mlabel); } int -mac_fragment_match(struct mbuf *fragment, struct ipq *ipq) +mac_ipq_match(struct mbuf *fragment, struct ipq *ipq) { struct label *label; int result; @@ -229,43 +231,42 @@ label = mac_mbuf_to_label(fragment); result = 1; - MAC_BOOLEAN(fragment_match, &&, fragment, label, ipq, - ipq->ipq_label); + MAC_BOOLEAN(ipq_match, &&, fragment, label, ipq, ipq->ipq_label); return (result); } void -mac_reflect_mbuf_icmp(struct mbuf *m) +mac_netinet_icmp_reply(struct mbuf *m) { struct label *label; label = mac_mbuf_to_label(m); - MAC_PERFORM(reflect_mbuf_icmp, m, label); + MAC_PERFORM(netinet_icmp_reply, m, label); } void -mac_reflect_mbuf_tcp(struct mbuf *m) +mac_netinet_tcp_reply(struct mbuf *m) { struct label *label; label = mac_mbuf_to_label(m); - MAC_PERFORM(reflect_mbuf_tcp, m, label); + MAC_PERFORM(netinet_tcp_reply, m, label); } void -mac_update_ipq(struct mbuf *fragment, struct ipq *ipq) +mac_ipq_update(struct mbuf *fragment, struct ipq *ipq) { struct label *label; label = mac_mbuf_to_label(fragment); - MAC_PERFORM(update_ipq, fragment, label, ipq, ipq->ipq_label); + MAC_PERFORM(ipq_update, fragment, label, ipq, ipq->ipq_label); } int -mac_check_inpcb_deliver(struct inpcb *inp, struct mbuf *m) +mac_inpcb_check_deliver(struct inpcb *inp, struct mbuf *m) { struct label *label; int error; @@ -277,7 +278,7 @@ label = mac_mbuf_to_label(m); - MAC_CHECK(check_inpcb_deliver, inp, inp->inp_label, m, label); + MAC_CHECK(inpcb_check_deliver, inp, inp->inp_label, m, label); return (error); } ==== //depot/projects/trustedbsd/mac2/sys/security/mac/mac_internal.h#4 (text+ko) ==== @@ -13,6 +13,9 @@ * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), * as part of the DARPA CHATS research program. * + * This software was enhanced by SPARTA ISSO under SPAWAR contract + * N66001-04-C-6019 ("SEFOS"). + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -223,7 +226,7 @@ break; \ } \ claimed = 0; \ - MAC_CHECK(externalize_ ## type ## _label, label, \ + MAC_CHECK(type ## _externalize_label, label, \ element_name, &sb, &claimed); \ if (error) \ break; \ @@ -254,7 +257,7 @@ break; \ } \ claimed = 0; \ - MAC_CHECK(internalize_ ## type ## _label, label, \ + MAC_CHECK(type ## _internalize_label, label, \ element_name, element_data, &claimed); \ if (error) \ break; \ ==== //depot/projects/trustedbsd/mac2/sys/security/mac/mac_label.c#2 (text+ko) ==== @@ -35,7 +35,7 @@ #include "opt_mac.h" #include -#include +#include #include #include ==== //depot/projects/trustedbsd/mac2/sys/security/mac/mac_net.c#2 (text+ko) ==== @@ -2,6 +2,7 @@ * Copyright (c) 1999-2002 Robert N. M. Watson * Copyright (c) 2001 Ilmar S. Habibulin * Copyright (c) 2001-2004 Networks Associates Technology, Inc. + * Copyright (c) 2006 SPARTA, Inc. * All rights reserved. * * This software was developed by Robert Watson and Ilmar Habibulin for the @@ -12,6 +13,9 @@ * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), * as part of the DARPA CHATS research program. * + * This software was enhanced by SPARTA ISSO under SPAWAR contract + * N66001-04-C-6019 ("SEFOS"). + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -45,6 +49,7 @@ #include #include #include +#include #include #include #include @@ -114,13 +119,13 @@ struct label *label; label = mac_labelzone_alloc(M_WAITOK); - MAC_PERFORM(init_bpfdesc_label, label); + MAC_PERFORM(bpfdesc_init_label, label); MAC_DEBUG_COUNTER_INC(&nmacbpfdescs); return (label); } void -mac_init_bpfdesc(struct bpf_d *bpf_d) +mac_bpfdesc_init(struct bpf_d *bpf_d) { bpf_d->bd_label = mac_bpfdesc_label_alloc(); @@ -132,20 +137,20 @@ struct label *label; label = mac_labelzone_alloc(M_WAITOK); - MAC_PERFORM(init_ifnet_label, label); + MAC_PERFORM(ifnet_init_label, label); MAC_DEBUG_COUNTER_INC(&nmacifnets); return (label); } void -mac_init_ifnet(struct ifnet *ifp) +mac_ifnet_init(struct ifnet *ifp) { ifp->if_label = mac_ifnet_label_alloc(); } int -mac_init_mbuf_tag(struct m_tag *tag, int flag) +mac_mbuf_tag_init(struct m_tag *tag, int flag) { struct label *label; int error; @@ -153,9 +158,9 @@ label = (struct label *) (tag + 1); mac_init_label(label); - MAC_CHECK(init_mbuf_label, label, flag); + MAC_CHECK(mbuf_init_label, label, flag); if (error) { - MAC_PERFORM(destroy_mbuf_label, label); + MAC_PERFORM(mbuf_destroy_label, label); mac_destroy_label(label); } else { MAC_DEBUG_COUNTER_INC(&nmacmbufs); @@ -164,7 +169,7 @@ } int -mac_init_mbuf(struct mbuf *m, int flag) +mac_mbuf_init(struct mbuf *m, int flag) { struct m_tag *tag; int error; @@ -183,7 +188,7 @@ flag); if (tag == NULL) return (ENOMEM); - error = mac_init_mbuf_tag(tag, flag); + error = mac_mbuf_tag_init(tag, flag); if (error) { m_tag_free(tag); return (error); @@ -196,13 +201,13 @@ mac_bpfdesc_label_free(struct label *label) { - MAC_PERFORM(destroy_bpfdesc_label, label); + MAC_PERFORM(bpfdesc_destroy_label, label); mac_labelzone_free(label); MAC_DEBUG_COUNTER_DEC(&nmacbpfdescs); } void -mac_destroy_bpfdesc(struct bpf_d *bpf_d) +mac_bpfdesc_destroy(struct bpf_d *bpf_d) { mac_bpfdesc_label_free(bpf_d->bd_label); @@ -213,13 +218,13 @@ mac_ifnet_label_free(struct label *label) { - MAC_PERFORM(destroy_ifnet_label, label); + MAC_PERFORM(ifnet_destroy_label, label); mac_labelzone_free(label); MAC_DEBUG_COUNTER_DEC(&nmacifnets); } void -mac_destroy_ifnet(struct ifnet *ifp) +mac_ifnet_destroy(struct ifnet *ifp) { mac_ifnet_label_free(ifp->if_label); @@ -227,19 +232,19 @@ } void -mac_destroy_mbuf_tag(struct m_tag *tag) +mac_mbuf_tag_destroy(struct m_tag *tag) { struct label *label; label = (struct label *)(tag+1); - MAC_PERFORM(destroy_mbuf_label, label); + MAC_PERFORM(mbuf_destroy_label, label); mac_destroy_label(label); MAC_DEBUG_COUNTER_DEC(&nmacmbufs); } void -mac_copy_mbuf_tag(struct m_tag *src, struct m_tag *dest) +mac_mbuf_tag_copy(struct m_tag *src, struct m_tag *dest) { struct label *src_label, *dest_label; @@ -247,32 +252,32 @@ dest_label = (struct label *)(dest+1); /* - * mac_init_mbuf_tag() is called on the target tag in + * mac_mbuf_tag_init() is called on the target tag in * m_tag_copy(), so we don't need to call it here. */ - MAC_PERFORM(copy_mbuf_label, src_label, dest_label); + MAC_PERFORM(mbuf_copy_label, src_label, dest_label); } void -mac_copy_mbuf(struct mbuf *m_from, struct mbuf *m_to) +mac_mbuf_copy(struct mbuf *m_from, struct mbuf *m_to) { struct label *src_label, *dest_label; src_label = mac_mbuf_to_label(m_from); dest_label = mac_mbuf_to_label(m_to); - MAC_PERFORM(copy_mbuf_label, src_label, dest_label); + MAC_PERFORM(mbuf_copy_label, src_label, dest_label); } static void -mac_copy_ifnet_label(struct label *src, struct label *dest) +mac_ifnet_copy_label(struct label *src, struct label *dest) { - MAC_PERFORM(copy_ifnet_label, src, dest); + MAC_PERFORM(ifnet_copy_label, src, dest); } static int -mac_externalize_ifnet_label(struct label *label, char *elements, +mac_ifnet_externalize_label(struct label *label, char *elements, char *outbuf, size_t outbuflen) { int error; @@ -283,7 +288,7 @@ } static int -mac_internalize_ifnet_label(struct label *label, char *string) +mac_ifnet_internalize_label(struct label *label, char *string) { int error; @@ -293,23 +298,23 @@ } void -mac_create_ifnet(struct ifnet *ifnet) +mac_ifnet_create(struct ifnet *ifnet) { MAC_IFNET_LOCK(ifnet); - MAC_PERFORM(create_ifnet, ifnet, ifnet->if_label); + MAC_PERFORM(ifnet_create, ifnet, ifnet->if_label); MAC_IFNET_UNLOCK(ifnet); } void -mac_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d) +mac_bpfdesc_create(struct ucred *cred, struct bpf_d *bpf_d) { - MAC_PERFORM(create_bpfdesc, cred, bpf_d, bpf_d->bd_label); + MAC_PERFORM(bpfdesc_create, cred, bpf_d, bpf_d->bd_label); } void -mac_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct mbuf *mbuf) +mac_bpfdesc_create_mbuf(struct bpf_d *bpf_d, struct mbuf *mbuf) { struct label *label; @@ -317,8 +322,7 @@ label = mac_mbuf_to_label(mbuf); - MAC_PERFORM(create_mbuf_from_bpfdesc, bpf_d, bpf_d->bd_label, mbuf, - label); + MAC_PERFORM(bpfdesc_create_mbuf, bpf_d, bpf_d->bd_label, mbuf, label); } void @@ -335,20 +339,19 @@ } void -mac_create_mbuf_from_ifnet(struct ifnet *ifnet, struct mbuf *mbuf) +mac_ifnet_create_mbuf(struct ifnet *ifnet, struct mbuf *mbuf) { struct label *label; label = mac_mbuf_to_label(mbuf); MAC_IFNET_LOCK(ifnet); - MAC_PERFORM(create_mbuf_from_ifnet, ifnet, ifnet->if_label, mbuf, - label); + MAC_PERFORM(ifnet_create_mbuf, ifnet, ifnet->if_label, mbuf, label); MAC_IFNET_UNLOCK(ifnet); } void -mac_create_mbuf_multicast_encap(struct mbuf *oldmbuf, struct ifnet *ifnet, +mac_mbuf_create_multicast_encap(struct mbuf *oldmbuf, struct ifnet *ifnet, struct mbuf *newmbuf) { struct label *oldmbuflabel, *newmbuflabel; @@ -357,25 +360,25 @@ newmbuflabel = mac_mbuf_to_label(newmbuf); MAC_IFNET_LOCK(ifnet); - MAC_PERFORM(create_mbuf_multicast_encap, oldmbuf, oldmbuflabel, + MAC_PERFORM(mbuf_create_multicast_encap, oldmbuf, oldmbuflabel, ifnet, ifnet->if_label, newmbuf, newmbuflabel); MAC_IFNET_UNLOCK(ifnet); } void -mac_create_mbuf_netlayer(struct mbuf *oldmbuf, struct mbuf *newmbuf) +mac_mbuf_create_netlayer(struct mbuf *oldmbuf, struct mbuf *newmbuf) { struct label *oldmbuflabel, *newmbuflabel; oldmbuflabel = mac_mbuf_to_label(oldmbuf); newmbuflabel = mac_mbuf_to_label(newmbuf); - MAC_PERFORM(create_mbuf_netlayer, oldmbuf, oldmbuflabel, newmbuf, + MAC_PERFORM(mbuf_create_netlayer, oldmbuf, oldmbuflabel, newmbuf, newmbuflabel); } int -mac_check_bpfdesc_receive(struct bpf_d *bpf_d, struct ifnet *ifnet) +mac_bpfdesc_check_receive(struct bpf_d *bpf_d, struct ifnet *ifnet) { int error; @@ -385,7 +388,7 @@ return (0); MAC_IFNET_LOCK(ifnet); - MAC_CHECK(check_bpfdesc_receive, bpf_d, bpf_d->bd_label, ifnet, + MAC_CHECK(bpfdesc_check_receive, bpf_d, bpf_d->bd_label, ifnet, ifnet->if_label); MAC_IFNET_UNLOCK(ifnet); @@ -393,7 +396,7 @@ } int -mac_check_ifnet_transmit(struct ifnet *ifnet, struct mbuf *mbuf) +mac_ifnet_check_transmit(struct ifnet *ifnet, struct mbuf *mbuf) { struct label *label; int error; @@ -406,15 +409,14 @@ label = mac_mbuf_to_label(mbuf); MAC_IFNET_LOCK(ifnet); - MAC_CHECK(check_ifnet_transmit, ifnet, ifnet->if_label, mbuf, - label); + MAC_CHECK(ifnet_check_transmit, ifnet, ifnet->if_label, mbuf, label); MAC_IFNET_UNLOCK(ifnet); return (error); } int -mac_ioctl_ifnet_get(struct ucred *cred, struct ifreq *ifr, +mac_ifnet_ioctl_get(struct ucred *cred, struct ifreq *ifr, struct ifnet *ifnet) { char *elements, *buffer; @@ -440,9 +442,9 @@ buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK | M_ZERO); intlabel = mac_ifnet_label_alloc(); MAC_IFNET_LOCK(ifnet); - mac_copy_ifnet_label(ifnet->if_label, intlabel); + mac_ifnet_copy_label(ifnet->if_label, intlabel); MAC_IFNET_UNLOCK(ifnet); - error = mac_externalize_ifnet_label(ifnet->if_label, elements, + error = mac_ifnet_externalize_label(ifnet->if_label, elements, buffer, mac.m_buflen); mac_ifnet_label_free(intlabel); if (error == 0) @@ -455,7 +457,7 @@ } int -mac_ioctl_ifnet_set(struct ucred *cred, struct ifreq *ifr, +mac_ifnet_ioctl_set(struct ucred *cred, struct ifreq *ifr, struct ifnet *ifnet) { struct label *intlabel; @@ -479,7 +481,7 @@ } intlabel = mac_ifnet_label_alloc(); - error = mac_internalize_ifnet_label(intlabel, buffer); + error = mac_ifnet_internalize_label(intlabel, buffer); free(buffer, M_MACTEMP); if (error) { mac_ifnet_label_free(intlabel); @@ -498,7 +500,7 @@ } MAC_IFNET_LOCK(ifnet); - MAC_CHECK(check_ifnet_relabel, cred, ifnet, ifnet->if_label, + MAC_CHECK(ifnet_check_relabel, cred, ifnet, ifnet->if_label, intlabel); if (error) { MAC_IFNET_UNLOCK(ifnet); @@ -506,7 +508,7 @@ return (error); } - MAC_PERFORM(relabel_ifnet, cred, ifnet, ifnet->if_label, intlabel); + MAC_PERFORM(ifnet_relabel, cred, ifnet, ifnet->if_label, intlabel); MAC_IFNET_UNLOCK(ifnet); mac_ifnet_label_free(intlabel); ==== //depot/projects/trustedbsd/mac2/sys/security/mac/mac_pipe.c#2 (text+ko) ==== @@ -1,5 +1,6 @@ /*- * Copyright (c) 2002, 2003 Networks Associates Technology, Inc. + * Copyright (c) 2006 SPARTA, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project in part by Network @@ -7,6 +8,9 @@ * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), * as part of the DARPA CHATS research program. * + * This software was enhanced by SPARTA ISSO under SPAWAR contract + * N66001-04-C-6019 ("SEFOS"). + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -41,6 +45,7 @@ #include #include #include +#include #include #include #include @@ -68,13 +73,13 @@ struct label *label; label = mac_labelzone_alloc(M_WAITOK); - MAC_PERFORM(init_pipe_label, label); + MAC_PERFORM(pipe_init_label, label); MAC_DEBUG_COUNTER_INC(&nmacpipes); return (label); } void -mac_init_pipe(struct pipepair *pp) +mac_pipe_init(struct pipepair *pp) { pp->pp_label = mac_pipe_label_alloc(); @@ -84,13 +89,13 @@ mac_pipe_label_free(struct label *label) { - MAC_PERFORM(destroy_pipe_label, label); + MAC_PERFORM(pipe_destroy_label, label); mac_labelzone_free(label); MAC_DEBUG_COUNTER_DEC(&nmacpipes); } void -mac_destroy_pipe(struct pipepair *pp) +mac_pipe_destroy(struct pipepair *pp) { mac_pipe_label_free(pp->pp_label); @@ -98,14 +103,14 @@ } void -mac_copy_pipe_label(struct label *src, struct label *dest) +mac_pipe_copy_label(struct label *src, struct label *dest) { - MAC_PERFORM(copy_pipe_label, src, dest); + MAC_PERFORM(pipe_copy_label, src, dest); } int -mac_externalize_pipe_label(struct label *label, char *elements, +mac_pipe_externalize_label(struct label *label, char *elements, char *outbuf, size_t outbuflen) { int error; @@ -116,7 +121,7 @@ } int -mac_internalize_pipe_label(struct label *label, char *string) +mac_pipe_internalize_label(struct label *label, char *string) { int error; @@ -126,22 +131,22 @@ } void -mac_create_pipe(struct ucred *cred, struct pipepair *pp) +mac_pipe_create(struct ucred *cred, struct pipepair *pp) { - MAC_PERFORM(create_pipe, cred, pp, pp->pp_label); + MAC_PERFORM(pipe_create, cred, pp, pp->pp_label); } static void -mac_relabel_pipe(struct ucred *cred, struct pipepair *pp, +mac_pipe_relabel(struct ucred *cred, struct pipepair *pp, struct label *newlabel) { - MAC_PERFORM(relabel_pipe, cred, pp, pp->pp_label, newlabel); + MAC_PERFORM(pipe_relabel, cred, pp, pp->pp_label, newlabel); } int -mac_check_pipe_ioctl(struct ucred *cred, struct pipepair *pp, +mac_pipe_check_ioctl(struct ucred *cred, struct pipepair *pp, unsigned long cmd, void *data) { int error; @@ -151,13 +156,13 @@ if (!mac_enforce_pipe) return (0); - MAC_CHECK(check_pipe_ioctl, cred, pp, pp->pp_label, cmd, data); + MAC_CHECK(pipe_check_ioctl, cred, pp, pp->pp_label, cmd, data); return (error); } int -mac_check_pipe_poll(struct ucred *cred, struct pipepair *pp) +mac_pipe_check_poll(struct ucred *cred, struct pipepair *pp) { int error; @@ -166,13 +171,13 @@ if (!mac_enforce_pipe) return (0); - MAC_CHECK(check_pipe_poll, cred, pp, pp->pp_label); + MAC_CHECK(pipe_check_poll, cred, pp, pp->pp_label); return (error); } int -mac_check_pipe_read(struct ucred *cred, struct pipepair *pp) +mac_pipe_check_read(struct ucred *cred, struct pipepair *pp) { int error; @@ -181,13 +186,13 @@ if (!mac_enforce_pipe) return (0); - MAC_CHECK(check_pipe_read, cred, pp, pp->pp_label); + MAC_CHECK(pipe_check_read, cred, pp, pp->pp_label); return (error); } static int -mac_check_pipe_relabel(struct ucred *cred, struct pipepair *pp, +mac_pipe_check_relabel(struct ucred *cred, struct pipepair *pp, struct label *newlabel) { int error; @@ -197,13 +202,13 @@ if (!mac_enforce_pipe) return (0); - MAC_CHECK(check_pipe_relabel, cred, pp, pp->pp_label, newlabel); + MAC_CHECK(pipe_check_relabel, cred, pp, pp->pp_label, newlabel); return (error); } int -mac_check_pipe_stat(struct ucred *cred, struct pipepair *pp) +mac_pipe_check_stat(struct ucred *cred, struct pipepair *pp) { int error; @@ -212,13 +217,13 @@ if (!mac_enforce_pipe) return (0); - MAC_CHECK(check_pipe_stat, cred, pp, pp->pp_label); + MAC_CHECK(pipe_check_stat, cred, pp, pp->pp_label); return (error); } int -mac_check_pipe_write(struct ucred *cred, struct pipepair *pp) +mac_pipe_check_write(struct ucred *cred, struct pipepair *pp) { int error; @@ -227,7 +232,7 @@ if (!mac_enforce_pipe) return (0); - MAC_CHECK(check_pipe_write, cred, pp, pp->pp_label); + MAC_CHECK(pipe_check_write, cred, pp, pp->pp_label); return (error); } @@ -240,11 +245,11 @@ mtx_assert(&pp->pp_mtx, MA_OWNED); - error = mac_check_pipe_relabel(cred, pp, label); + error = mac_pipe_check_relabel(cred, pp, label); if (error) return (error); - mac_relabel_pipe(cred, pp, label); + mac_pipe_relabel(cred, pp, label); return (0); } ==== //depot/projects/trustedbsd/mac2/sys/security/mac/mac_posix_sem.c#2 (text+ko) ==== @@ -38,7 +38,7 @@ #include #include #include -#include +#include #include #include #include @@ -66,13 +66,13 @@ struct label *label; label = mac_labelzone_alloc(M_WAITOK); - MAC_PERFORM(init_posix_sem_label, label); + MAC_PERFORM(posix_sem_init_label, label); MAC_DEBUG_COUNTER_INC(&nmacposixsems); return (label); } void -mac_init_posix_sem(struct ksem *ksemptr) +mac_posix_sem_init(struct ksem *ksemptr) { ksemptr->ks_label = mac_posix_sem_label_alloc(); @@ -82,12 +82,12 @@ mac_posix_sem_label_free(struct label *label) { - MAC_PERFORM(destroy_posix_sem_label, label); + MAC_PERFORM(posix_sem_destroy_label, label); MAC_DEBUG_COUNTER_DEC(&nmacposixsems); } void -mac_destroy_posix_sem(struct ksem *ksemptr) +mac_posix_sem_destroy(struct ksem *ksemptr) { mac_posix_sem_label_free(ksemptr->ks_label); @@ -95,87 +95,87 @@ } void -mac_create_posix_sem(struct ucred *cred, struct ksem *ksemptr) +mac_posix_sem_create(struct ucred *cred, struct ksem *ksemptr) { - MAC_PERFORM(create_posix_sem, cred, ksemptr, ksemptr->ks_label); + MAC_PERFORM(posix_sem_create, cred, ksemptr, ksemptr->ks_label); } int -mac_check_posix_sem_destroy(struct ucred *cred, struct ksem *ksemptr) +mac_posix_sem_check_destroy(struct ucred *cred, struct ksem *ksemptr) { int error; if (!mac_enforce_posix_sem) return (0); - MAC_CHECK(check_posix_sem_destroy, cred, ksemptr, ksemptr->ks_label); + MAC_CHECK(posix_sem_check_destroy, cred, ksemptr, ksemptr->ks_label); return(error); } int -mac_check_posix_sem_open(struct ucred *cred, struct ksem *ksemptr) +mac_posix_sem_check_open(struct ucred *cred, struct ksem *ksemptr) { int error; if (!mac_enforce_posix_sem) return (0); - MAC_CHECK(check_posix_sem_open, cred, ksemptr, ksemptr->ks_label); + MAC_CHECK(posix_sem_check_open, cred, ksemptr, ksemptr->ks_label); return(error); } int -mac_check_posix_sem_getvalue(struct ucred *cred, struct ksem *ksemptr) +mac_posix_sem_check_getvalue(struct ucred *cred, struct ksem *ksemptr) { int error; if (!mac_enforce_posix_sem) return (0); - MAC_CHECK(check_posix_sem_getvalue, cred, ksemptr, + MAC_CHECK(posix_sem_check_getvalue, cred, ksemptr, ksemptr->ks_label); return(error); } int -mac_check_posix_sem_post(struct ucred *cred, struct ksem *ksemptr) >>> TRUNCATED FOR MAIL (1000 lines) <<<