From owner-p4-projects@FreeBSD.ORG Mon Jan 22 16:04:56 2007 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 11F0316A403; Mon, 22 Jan 2007 16:04:56 +0000 (UTC) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id CA1B816A401 for ; Mon, 22 Jan 2007 16:04:55 +0000 (UTC) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (repoman.freebsd.org [69.147.83.41]) by mx1.freebsd.org (Postfix) with ESMTP id AD08313C4B7 for ; Mon, 22 Jan 2007 16:04:55 +0000 (UTC) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id l0MG4jX1027304 for ; Mon, 22 Jan 2007 16:04:45 GMT (envelope-from millert@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.6/8.13.4/Submit) id l0MG4jrL027301 for perforce@freebsd.org; Mon, 22 Jan 2007 16:04:45 GMT (envelope-from millert@freebsd.org) Date: Mon, 22 Jan 2007 16:04:45 GMT Message-Id: <200701221604.l0MG4jrL027301@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to millert@freebsd.org using -f From: Todd Miller To: Perforce Change Reviews Cc: Subject: PERFORCE change 113345 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Jan 2007 16:04:56 -0000 http://perforce.freebsd.org/chv.cgi?CH=113345 Change 113345 by millert@millert_macbook on 2007/01/22 16:03:51 No longer need MAC_SOCKET, use MAC instead. Affected files ... .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/conf/MASTER#3 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/sys_socket.c#6 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/uipc_socket.c#7 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/uipc_socket2.c#7 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/uipc_syscalls.c#4 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/uipc_usrreq.c#9 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet/raw_ip.c#7 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet/tcp_input.c#7 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet/tcp_output.c#7 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet/tcp_subr.c#8 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/conf/MASTER#3 (text+ko) ==== @@ -93,7 +93,6 @@ options HW_AST # Hardware ast support # options HW_FOOTPRINT # Cache footprint support # options MAC # Mandatory ACcess Control -options MAC_SOCKET # MAC socket labels options LCTX # Login Context options MACH # Standard Mach features # options MACH_ASSERT # Compile in assertions # ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/sys_socket.c#6 (text+ko) ==== @@ -124,7 +124,7 @@ struct mbuf **controlp, int *flagsp); -#ifdef MAC_SOCKET +#ifdef MAC int error; #endif @@ -132,7 +132,7 @@ /* This is not a valid open file descriptor */ return(EBADF); } -#ifdef MAC_SOCKET +#ifdef MAC SOCK_LOCK(so); error = mac_socket_check_receive(cred, so); SOCK_UNLOCK(so); @@ -160,7 +160,7 @@ struct uio *uio2, struct mbuf *top, struct mbuf *control, int flags2); int stat; -#ifdef MAC_SOCKET +#ifdef MAC int error; #endif @@ -169,7 +169,7 @@ return (EBADF); } -#ifdef MAC_SOCKET +#ifdef MAC SOCK_LOCK(so); error = mac_socket_check_send(cred, so); SOCK_UNLOCK(so); @@ -367,7 +367,7 @@ return (0); socket_lock(so, 1); -#ifdef MAC_SOCKET +#ifdef MAC if (mac_socket_check_select(proc_ucred(p), so, which)) goto done; /* will unlock 'so' */ #endif @@ -417,7 +417,7 @@ { int stat; -#ifdef MAC_SOCKET +#ifdef MAC SOCK_LOCK(so); stat = mac_socket_check_stat(kauth_cred_get(), so); SOCK_UNLOCK(so); ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/uipc_socket.c#7 (text+ko) ==== @@ -431,7 +431,7 @@ if (so) { so->so_gencnt = ++so_gencnt; so->so_zone = socket_zone; -#ifdef MAC_SOCKET +#ifdef MAC if (mac_socket_label_init(so, waitok) != 0) { sodealloc(so); return (NULL); @@ -497,7 +497,7 @@ so->so_rcv.sb_flags |= SB_RECV; /* XXX */ so->so_rcv.sb_so = so->so_snd.sb_so = so; #endif -#ifdef MAC_SOCKET +#ifdef MAC mac_socket_label_associate(kauth_cred_get(), so); #endif @@ -581,7 +581,7 @@ { so->so_gencnt = ++so_gencnt; -#ifdef MAC_SOCKET +#ifdef MAC mac_socket_label_destroy(so); #endif #ifndef __APPLE__ @@ -2155,7 +2155,7 @@ struct linger l; struct timeval tv; short val; -#ifdef MAC_SOCKET +#ifdef MAC struct mac extmac; #endif @@ -2349,7 +2349,7 @@ break; case SO_LABEL: -#ifdef MAC_SOCKET +#ifdef MAC error = sooptcopyin(sopt, &extmac, sizeof extmac, sizeof extmac); if (error) @@ -2415,7 +2415,7 @@ int error, optval; struct linger l; struct timeval tv; -#ifdef MAC_SOCKET +#ifdef MAC struct mac extmac; #endif @@ -2560,7 +2560,7 @@ goto integer; case SO_LABEL: -#ifdef MAC_SOCKET +#ifdef MAC error = sooptcopyin(sopt, &extmac, sizeof(extmac), sizeof(extmac)); if (error) @@ -2576,7 +2576,7 @@ break; case SO_PEERLABEL: -#ifdef MAC_SOCKET +#ifdef MAC error = sooptcopyin(sopt, &extmac, sizeof(extmac), sizeof(extmac)); if (error) @@ -2772,7 +2772,7 @@ struct sockbuf *sb; socket_lock(so, 1); -#ifdef MAC_SOCKET +#ifdef MAC if (mac_socket_check_kqfilter(proc_ucred(p), kn, so) != 0) { socket_unlock(so, 1); return (1); ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/uipc_socket2.c#7 (text+ko) ==== @@ -305,7 +305,7 @@ so->so_pgid = head->so_pgid; so->so_uid = head->so_uid; so->so_usecount = 1; -#ifdef MAC_SOCKET +#ifdef MAC mac_socket_label_associate_accept(head, so); #endif ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/uipc_syscalls.c#4 (text+ko) ==== @@ -199,7 +199,7 @@ struct fileproc *fp; int fd, error; -#ifdef MAC_SOCKET +#ifdef MAC error = mac_socket_check_create(proc_ucred(p), uap->domain, uap->type, uap->protocol); if (error) @@ -249,7 +249,7 @@ goto out; AUDIT_ARG(sockaddr, p, sa); if (so != NULL) -#ifdef MAC_SOCKET +#ifdef MAC { SOCK_LOCK(so); error = mac_socket_check_bind(proc_ucred(p), so, sa); @@ -281,7 +281,7 @@ if (error) return (error); if (so != NULL) -#ifdef MAC_SOCKET +#ifdef MAC { SOCK_LOCK(so); error = mac_socket_check_listen(proc_ucred(p), so); @@ -353,7 +353,7 @@ error = EINVAL; goto out; } -#ifdef MAC_SOCKET +#ifdef MAC error = mac_socket_check_accept(proc_ucred(p), head); if (error != 0) { socket_unlock(head, 1); @@ -439,7 +439,7 @@ (void) soacceptlock(so, &sa, 0); socket_unlock(head, 1); #ifdef __darinw8_notyet -#ifdef MAC_SOCKET +#ifdef MAC error = mac_socket_check_accepted(proc_ucred(p), so, sa); if (error) { if (sa != 0) @@ -532,7 +532,7 @@ goto out; } AUDIT_ARG(sockaddr, p, sa); -#ifdef MAC_SOCKET +#ifdef MAC error = mac_socket_check_connect(proc_ucred(p), so, sa); if (error) goto bad; @@ -716,7 +716,7 @@ error = EBADF; goto bad; } -#ifdef MAC_SOCKET +#ifdef MAC SOCK_LOCK(so); error = mac_socket_check_send(proc_ucred(p), so); SOCK_UNLOCK(so); @@ -991,7 +991,7 @@ } proc_fdunlock(p); -#ifdef MAC_SOCKET +#ifdef MAC SOCK_LOCK(so); error = mac_socket_check_receive(proc_ucred(p), so); SOCK_UNLOCK(so); @@ -1897,7 +1897,7 @@ error = EINVAL; goto done3; } -#ifdef MAC_SOCKET +#ifdef MAC error = mac_socket_check_send(proc_ucred(p), so); if (error) goto done3; /* will unlock 'so' */ ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/kern/uipc_usrreq.c#9 (text+ko) ==== @@ -815,7 +815,7 @@ sizeof(unp->unp_peercred)); unp->unp_flags |= UNP_HAVEPC; -#ifdef MAC_SOCKET +#ifdef MAC /* XXXMAC: recursive lock: SOCK_LOCK(so); */ mac_socketpeer_label_associate_socket(so, so3); mac_socketpeer_label_associate_socket(so3, so); ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet/raw_ip.c#7 (text+ko) ==== @@ -375,7 +375,7 @@ inp->inp_route.ro_rt = (struct rtentry *)0; } -#ifdef MAC_SOCKET +#ifdef MAC mac_mbuf_label_associate_inpcb(inp, m); #endif ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet/tcp_input.c#7 (text+ko) ==== @@ -910,7 +910,7 @@ else tiwin = th->th_win; -#ifdef MAC_SOCKET +#ifdef MAC if (mac_inpcb_check_deliver(inp, m)) goto drop; #endif @@ -1648,7 +1648,7 @@ if (thflags & TH_ACK) { tcpstat.tcps_connects++; soisconnected(so); -#ifdef MAC_SOCKET +#ifdef MAC /* XXXMAC: recursive lock: SOCK_LOCK(so); */ mac_socketpeer_label_associate_mbuf(m, so); /* XXXMAC: SOCK_UNLOCK(so); */ ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet/tcp_output.c#7 (text+ko) ==== @@ -1005,7 +1005,7 @@ m->m_len = hdrlen; } m->m_pkthdr.rcvif = 0; -#ifdef MAC_SOCKET +#ifdef MAC mac_mbuf_label_associate_inpcb(tp->t_inpcb, m); #endif #if INET6 ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/bsd/netinet/tcp_subr.c#8 (text+ko) ==== @@ -575,7 +575,7 @@ m->m_len = tlen; m->m_pkthdr.len = tlen; m->m_pkthdr.rcvif = 0; -#ifdef MAC_SOCKET +#ifdef MAC if (tp != NULL && tp->t_inpcb != NULL) { /* * Packet is associated with a socket, so allow the