From owner-p4-projects Sat Jul 27 14:16:37 2002 Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 3D50B37B401; Sat, 27 Jul 2002 14:15:27 -0700 (PDT) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DBFFC37B400 for ; Sat, 27 Jul 2002 14:15:26 -0700 (PDT) Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id D2FC943E5E for ; Sat, 27 Jul 2002 14:15:25 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from freefall.freebsd.org (perforce@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.4/8.12.4) with ESMTP id g6RLFPJU036458 for ; Sat, 27 Jul 2002 14:15:25 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by freefall.freebsd.org (8.12.4/8.12.4/Submit) id g6RLFPpZ036449 for perforce@freebsd.org; Sat, 27 Jul 2002 14:15:25 -0700 (PDT) Date: Sat, 27 Jul 2002 14:15:25 -0700 (PDT) Message-Id: <200207272115.g6RLFPpZ036449@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson Subject: PERFORCE change 15005 for review To: Perforce Change Reviews Sender: owner-p4-projects@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG http://people.freebsd.org/~peter/p4db/chv.cgi?CH=15005 Change 15005 by rwatson@rwatson_paprika on 2002/07/27 14:14:53 s/cred_check/check/g; reduce function name length and complexity prior to main tree merge. Affected files ... .. //depot/projects/trustedbsd/mac/sys/alpha/osf1/osf1_mount.c#5 edit .. //depot/projects/trustedbsd/mac/sys/compat/linux/linux_file.c#7 edit .. //depot/projects/trustedbsd/mac/sys/compat/linux/linux_getcwd.c#7 edit .. //depot/projects/trustedbsd/mac/sys/compat/linux/linux_misc.c#13 edit .. //depot/projects/trustedbsd/mac/sys/compat/linux/linux_stats.c#6 edit .. //depot/projects/trustedbsd/mac/sys/compat/svr4/svr4_fcntl.c#7 edit .. //depot/projects/trustedbsd/mac/sys/compat/svr4/svr4_misc.c#10 edit .. //depot/projects/trustedbsd/mac/sys/i386/ibcs2/ibcs2_misc.c#6 edit .. //depot/projects/trustedbsd/mac/sys/kern/kern_acl.c#12 edit .. //depot/projects/trustedbsd/mac/sys/kern/kern_descrip.c#19 edit .. //depot/projects/trustedbsd/mac/sys/kern/kern_ktrace.c#10 edit .. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#195 edit .. //depot/projects/trustedbsd/mac/sys/kern/sys_pipe.c#15 edit .. //depot/projects/trustedbsd/mac/sys/kern/tty_tty.c#6 edit .. //depot/projects/trustedbsd/mac/sys/kern/uipc_syscalls.c#13 edit .. //depot/projects/trustedbsd/mac/sys/kern/uipc_usrreq.c#18 edit .. //depot/projects/trustedbsd/mac/sys/kern/vfs_lookup.c#19 edit .. //depot/projects/trustedbsd/mac/sys/kern/vfs_syscalls.c#62 edit .. //depot/projects/trustedbsd/mac/sys/kern/vfs_vnops.c#28 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#72 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_bsdextended/mac_bsdextended.c#45 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#61 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#47 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_partition/mac_partition.c#6 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_seeotheruids/mac_seeotheruids.c#11 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#52 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#17 edit .. //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#15 edit .. //depot/projects/trustedbsd/mac/sys/sys/mac.h#123 edit .. //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#88 edit .. //depot/projects/trustedbsd/mac/sys/vm/vm_mmap.c#11 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/alpha/osf1/osf1_mount.c#5 (text+ko) ==== @@ -134,7 +134,7 @@ sp = &mp->mnt_stat; vrele(nd.ni_vp); #ifdef MAC - error = mac_cred_check_statfs(td->td_proc->p_ucred, mp); + error = mac_check_statfs(td->td_proc->p_ucred, mp); if (error) return (error); #endif @@ -161,7 +161,7 @@ return (error); mp = ((struct vnode *)fp->f_data)->v_mount; #ifdef MAC - error = mac_cred_check_statfs(td->td_proc->p_ucred, mp); + error = mac_check_statfs(td->td_proc->p_ucred, mp); if (error) { drop(fp, td); return (error); @@ -199,8 +199,7 @@ nmp = TAILQ_NEXT(mp, mnt_list); if (osf_sfsp && count < maxcount) { #ifdef MAC - error = mac_cred_check_statfs(td->td_proc->p_ucred, - mp); + error = mac_check_statfs(td->td_proc->p_ucred, mp); if (error) continue; #endif ==== //depot/projects/trustedbsd/mac/sys/compat/linux/linux_file.c#7 (text+ko) ==== @@ -331,7 +331,7 @@ /* * Do directory search MAC check using non-cached credentials. */ - if ((error = mac_cred_check_readdir_vnode(td->td_proc->p_ucred, vp)) + if ((error = mac_check_readdir_vnode(td->td_proc->p_ucred, vp)) goto out; #endif /* MAC */ if ((error = VOP_READDIR(vp, &auio, fp->f_cred, &eofflag, &ncookies, ==== //depot/projects/trustedbsd/mac/sys/compat/linux/linux_getcwd.c#7 (text+ko) ==== @@ -203,7 +203,7 @@ eofflag = 0; #ifdef MAC - error = mac_cred_check_readdir_vnode(td->td_ucred, uvp); + error = mac_check_readdir_vnode(td->td_ucred, uvp); if (error == 0) #endif /* MAC */ error = VOP_READDIR(uvp, &uio, td->td_ucred, &eofflag, ==== //depot/projects/trustedbsd/mac/sys/compat/linux/linux_misc.c#13 (text+ko) ==== @@ -308,7 +308,7 @@ * from vn_open(). */ #ifdef MAC - error = mac_cred_check_open_vnode(td->td_ucred, vp, FREAD); + error = mac_check_open_vnode(td->td_ucred, vp, FREAD); if (error) goto cleanup; #endif ==== //depot/projects/trustedbsd/mac/sys/compat/linux/linux_stats.c#6 (text+ko) ==== @@ -251,7 +251,7 @@ bsd_statfs = &mp->mnt_stat; vrele(ndp->ni_vp); #ifdef MAC - error = mac_cred_check_statfs(td->td_proc->p_ucred, mp); + error = mac_check_statfs(td->td_proc->p_ucred, mp); if (error) return (error); #endif @@ -291,7 +291,7 @@ return error; mp = ((struct vnode *)fp->f_data)->v_mount; #ifdef MAC - error = mac_cred_check_statfs(td->td_proc->p_ucred, mp); + error = mac_check_statfs(td->td_proc->p_ucred, mp); if (error) { fdrop(fp, td); return (error); @@ -360,7 +360,7 @@ if (vp->v_mount == NULL) return (EINVAL); #ifdef MAC - error = mac_cred_check_statfs(td->td_proc->p_ucred, mp); + error = mac_check_statfs(td->td_proc->p_ucred, mp); if (error) return (error); #endif ==== //depot/projects/trustedbsd/mac/sys/compat/svr4/svr4_fcntl.c#7 (text+ko) ==== @@ -266,7 +266,7 @@ #ifdef MAC vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); - error = mac_cred_check_revoke_vnode(td->td_ucred, vp); + error = mac_check_revoke_vnode(td->td_ucred, vp); VOP_UNLOCK(vp, 0, td); if (error) goto out; ==== //depot/projects/trustedbsd/mac/sys/compat/svr4/svr4_misc.c#10 (text+ko) ==== @@ -316,7 +316,7 @@ #ifdef MAC /* Use process's credentials to check directory search MAC. */ - error = mac_cred_check_readdir_vnode(td->td_proc->p_ucred, vp); + error = mac_check_readdir_vnode(td->td_proc->p_ucred, vp); if (error) goto out; #endif /* MAC */ @@ -479,7 +479,7 @@ */ #ifdef MAC /* Use process's credentials to check directory search MAC. */ - error = mac_cred_check_readdir_vnode(td->td_proc->p_ucred, vp); + error = mac_check_readdir_vnode(td->td_proc->p_ucred, vp); if (error) goto out; #endif /* MAC */ ==== //depot/projects/trustedbsd/mac/sys/i386/ibcs2/ibcs2_misc.c#6 (text+ko) ==== @@ -352,7 +352,7 @@ } #ifdef MAC - error = mac_cred_check_readdir_vnode(td->td_proc->p_ucred, vp); + error = mac_check_readdir_vnode(td->td_proc->p_ucred, vp); if (error) goto out; #endif /* MAC */ @@ -512,7 +512,7 @@ } #ifdef MAC - error = mac_cred_check_readdir_vnode(td->td_proc->p_ucred, vp); + error = mac_check_readdir_vnode(td->td_proc->p_ucred, vp); if (error) goto out; #endif /* MAC */ ==== //depot/projects/trustedbsd/mac/sys/kern/kern_acl.c#12 (text+ko) ==== @@ -585,8 +585,7 @@ VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE); vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); #ifdef MAC - error = mac_cred_check_setacl_vnode(td->td_ucred, vp, type, - &inkernacl); + error = mac_check_setacl_vnode(td->td_ucred, vp, type, &inkernacl); if (error != 0) goto out; #endif @@ -612,7 +611,7 @@ VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE); vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); #ifdef MAC - error = mac_cred_check_getacl_vnode(td->td_ucred, vp, type); + error = mac_check_getacl_vnode(td->td_ucred, vp, type); if (error != 0) goto out; #endif @@ -641,7 +640,7 @@ VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE); vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); #ifdef MAC - error = mac_cred_check_deleteacl_vnode(td->td_ucred, vp, type); + error = mac_check_deleteacl_vnode(td->td_ucred, vp, type); if (error) goto out; #endif ==== //depot/projects/trustedbsd/mac/sys/kern/kern_descrip.c#19 (text+ko) ==== @@ -331,7 +331,7 @@ * to pass in both the old and the new flags, * with authorization performed only on the delta. */ - error = mac_cred_check_open_vnode(td->td_ucred, + error = mac_check_open_vnode(td->td_ucred, (struct vnode *)fp->f_data, mode); VOP_UNLOCK((struct vnode *)fp->f_data, 0, td); if (error) { ==== //depot/projects/trustedbsd/mac/sys/kern/kern_ktrace.c#10 (text+ko) ==== @@ -769,7 +769,7 @@ vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); (void)VOP_LEASE(vp, td, cred, LEASE_WRITE); #ifdef MAC - error = mac_cred_check_vnode_op(cred, vp, MAC_OP_VNODE_WRITE); + error = mac_check_vnode_op(cred, vp, MAC_OP_VNODE_WRITE); if (error == 0) #endif error = VOP_WRITE(vp, &auio, IO_UNIT | IO_APPEND, cred); ==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#195 (text+ko) ==== @@ -342,7 +342,7 @@ continue; vp = (struct vnode *)object->handle; vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); - result = mac_cred_check_mmap_vnode_prot(cred, vp, 0); + result = mac_check_mmap_vnode_prot(cred, vp, 0); VOP_UNLOCK(vp, 0, td); /* * Find out what maximum protection we may be allowing @@ -654,167 +654,167 @@ mpc->mpc_ops->mpo_bpfdesc_check_receive_from_ifnet = mpe->mpe_function; break; - case MAC_CRED_CHECK_BIND_SOCKET: - mpc->mpc_ops->mpo_cred_check_bind_socket = + case MAC_CHECK_BIND_SOCKET: + mpc->mpc_ops->mpo_check_bind_socket = mpe->mpe_function; break; - case MAC_CRED_CHECK_CONNECT_SOCKET: - mpc->mpc_ops->mpo_cred_check_connect_socket = + case MAC_CHECK_CONNECT_SOCKET: + mpc->mpc_ops->mpo_check_connect_socket = mpe->mpe_function; break; - case MAC_CRED_CHECK_SEE_CRED: - mpc->mpc_ops->mpo_cred_check_see_cred = + case MAC_CHECK_SEE_CRED: + mpc->mpc_ops->mpo_check_see_cred = mpe->mpe_function; break; - case MAC_CRED_CHECK_SEE_SOCKET: - mpc->mpc_ops->mpo_cred_check_see_socket = + case MAC_CHECK_SEE_SOCKET: + mpc->mpc_ops->mpo_check_see_socket = mpe->mpe_function; break; - case MAC_CRED_CHECK_RELABEL_IFNET: - mpc->mpc_ops->mpo_cred_check_relabel_ifnet = + case MAC_CHECK_RELABEL_IFNET: + mpc->mpc_ops->mpo_check_relabel_ifnet = mpe->mpe_function; break; - case MAC_CRED_CHECK_RELABEL_PIPE: - mpc->mpc_ops->mpo_cred_check_relabel_pipe = + case MAC_CHECK_RELABEL_PIPE: + mpc->mpc_ops->mpo_check_relabel_pipe = mpe->mpe_function; break; - case MAC_CRED_CHECK_RELABEL_SOCKET: - mpc->mpc_ops->mpo_cred_check_relabel_socket = + case MAC_CHECK_RELABEL_SOCKET: + mpc->mpc_ops->mpo_check_relabel_socket = mpe->mpe_function; break; - case MAC_CRED_CHECK_RELABEL_SUBJECT: - mpc->mpc_ops->mpo_cred_check_relabel_subject = + case MAC_CHECK_RELABEL_SUBJECT: + mpc->mpc_ops->mpo_check_relabel_subject = mpe->mpe_function; break; - case MAC_CRED_CHECK_RELABEL_VNODE: - mpc->mpc_ops->mpo_cred_check_relabel_vnode = + case MAC_CHECK_RELABEL_VNODE: + mpc->mpc_ops->mpo_check_relabel_vnode = mpe->mpe_function; break; - case MAC_CRED_CHECK_STATFS: - mpc->mpc_ops->mpo_cred_check_statfs = mpe->mpe_function; + case MAC_CHECK_STATFS: + mpc->mpc_ops->mpo_check_statfs = mpe->mpe_function; break; - case MAC_CRED_CHECK_DEBUG_PROC: - mpc->mpc_ops->mpo_cred_check_debug_proc = + case MAC_CHECK_DEBUG_PROC: + mpc->mpc_ops->mpo_check_debug_proc = mpe->mpe_function; break; - case MAC_CRED_CHECK_ACCESS_VNODE: - mpc->mpc_ops->mpo_cred_check_access_vnode = + case MAC_CHECK_ACCESS_VNODE: + mpc->mpc_ops->mpo_check_access_vnode = mpe->mpe_function; break; - case MAC_CRED_CHECK_CHDIR_VNODE: - mpc->mpc_ops->mpo_cred_check_chdir_vnode = + case MAC_CHECK_CHDIR_VNODE: + mpc->mpc_ops->mpo_check_chdir_vnode = mpe->mpe_function; break; - case MAC_CRED_CHECK_CHROOT_VNODE: - mpc->mpc_ops->mpo_cred_check_chroot_vnode = + case MAC_CHECK_CHROOT_VNODE: + mpc->mpc_ops->mpo_check_chroot_vnode = mpe->mpe_function; break; - case MAC_CRED_CHECK_CREATE_VNODE: - mpc->mpc_ops->mpo_cred_check_create_vnode = + case MAC_CHECK_CREATE_VNODE: + mpc->mpc_ops->mpo_check_create_vnode = mpe->mpe_function; break; - case MAC_CRED_CHECK_DELETE_VNODE: - mpc->mpc_ops->mpo_cred_check_delete_vnode = + case MAC_CHECK_DELETE_VNODE: + mpc->mpc_ops->mpo_check_delete_vnode = mpe->mpe_function; break; - case MAC_CRED_CHECK_DELETEACL_VNODE: - mpc->mpc_ops->mpo_cred_check_deleteacl_vnode = + case MAC_CHECK_DELETEACL_VNODE: + mpc->mpc_ops->mpo_check_deleteacl_vnode = mpe->mpe_function; break; - case MAC_CRED_CHECK_EXEC_VNODE: - mpc->mpc_ops->mpo_cred_check_exec_vnode = + case MAC_CHECK_EXEC_VNODE: + mpc->mpc_ops->mpo_check_exec_vnode = mpe->mpe_function; break; - case MAC_CRED_CHECK_GETACL_VNODE: - mpc->mpc_ops->mpo_cred_check_getacl_vnode = + case MAC_CHECK_GETACL_VNODE: + mpc->mpc_ops->mpo_check_getacl_vnode = mpe->mpe_function; break; - case MAC_CRED_CHECK_GETEXTATTR_VNODE: - mpc->mpc_ops->mpo_cred_check_getextattr_vnode = + case MAC_CHECK_GETEXTATTR_VNODE: + mpc->mpc_ops->mpo_check_getextattr_vnode = mpe->mpe_function; break; - case MAC_CRED_CHECK_LISTEN_SOCKET: - mpc->mpc_ops->mpo_cred_check_listen_socket = + case MAC_CHECK_LISTEN_SOCKET: + mpc->mpc_ops->mpo_check_listen_socket = mpe->mpe_function; break; - case MAC_CRED_CHECK_LOOKUP_VNODE: - mpc->mpc_ops->mpo_cred_check_lookup_vnode = + case MAC_CHECK_LOOKUP_VNODE: + mpc->mpc_ops->mpo_check_lookup_vnode = mpe->mpe_function; break; - case MAC_CRED_CHECK_OPEN_VNODE: - mpc->mpc_ops->mpo_cred_check_open_vnode = + case MAC_CHECK_OPEN_VNODE: + mpc->mpc_ops->mpo_check_open_vnode = mpe->mpe_function; break; - case MAC_CRED_CHECK_READDIR_VNODE: - mpc->mpc_ops->mpo_cred_check_readdir_vnode = + case MAC_CHECK_READDIR_VNODE: + mpc->mpc_ops->mpo_check_readdir_vnode = mpe->mpe_function; break; - case MAC_CRED_CHECK_READLINK_VNODE: - mpc->mpc_ops->mpo_cred_check_readlink_vnode = + case MAC_CHECK_READLINK_VNODE: + mpc->mpc_ops->mpo_check_readlink_vnode = mpe->mpe_function; break; - case MAC_CRED_CHECK_RENAME_FROM_VNODE: - mpc->mpc_ops->mpo_cred_check_rename_from_vnode = + case MAC_CHECK_RENAME_FROM_VNODE: + mpc->mpc_ops->mpo_check_rename_from_vnode = mpe->mpe_function; break; - case MAC_CRED_CHECK_RENAME_TO_VNODE: - mpc->mpc_ops->mpo_cred_check_rename_to_vnode = + case MAC_CHECK_RENAME_TO_VNODE: + mpc->mpc_ops->mpo_check_rename_to_vnode = mpe->mpe_function; break; - case MAC_CRED_CHECK_REVOKE_VNODE: - mpc->mpc_ops->mpo_cred_check_revoke_vnode = + case MAC_CHECK_REVOKE_VNODE: + mpc->mpc_ops->mpo_check_revoke_vnode = mpe->mpe_function; break; - case MAC_CRED_CHECK_SETACL_VNODE: - mpc->mpc_ops->mpo_cred_check_setacl_vnode = + case MAC_CHECK_SETACL_VNODE: + mpc->mpc_ops->mpo_check_setacl_vnode = mpe->mpe_function; break; - case MAC_CRED_CHECK_SETEXTATTR_VNODE: - mpc->mpc_ops->mpo_cred_check_setextattr_vnode = + case MAC_CHECK_SETEXTATTR_VNODE: + mpc->mpc_ops->mpo_check_setextattr_vnode = mpe->mpe_function; break; - case MAC_CRED_CHECK_SETFLAGS_VNODE: - mpc->mpc_ops->mpo_cred_check_setflags_vnode = + case MAC_CHECK_SETFLAGS_VNODE: + mpc->mpc_ops->mpo_check_setflags_vnode = mpe->mpe_function; break; - case MAC_CRED_CHECK_SETMODE_VNODE: - mpc->mpc_ops->mpo_cred_check_setmode_vnode = + case MAC_CHECK_SETMODE_VNODE: + mpc->mpc_ops->mpo_check_setmode_vnode = mpe->mpe_function; break; - case MAC_CRED_CHECK_SETOWNER_VNODE: - mpc->mpc_ops->mpo_cred_check_setowner_vnode = + case MAC_CHECK_SETOWNER_VNODE: + mpc->mpc_ops->mpo_check_setowner_vnode = mpe->mpe_function; break; - case MAC_CRED_CHECK_SETUTIMES_VNODE: - mpc->mpc_ops->mpo_cred_check_setutimes_vnode = + case MAC_CHECK_SETUTIMES_VNODE: + mpc->mpc_ops->mpo_check_setutimes_vnode = mpe->mpe_function; break; - case MAC_CRED_CHECK_SCHED_PROC: - mpc->mpc_ops->mpo_cred_check_sched_proc = + case MAC_CHECK_SCHED_PROC: + mpc->mpc_ops->mpo_check_sched_proc = mpe->mpe_function; break; - case MAC_CRED_CHECK_SIGNAL_PROC: - mpc->mpc_ops->mpo_cred_check_signal_proc = + case MAC_CHECK_SIGNAL_PROC: + mpc->mpc_ops->mpo_check_signal_proc = mpe->mpe_function; break; - case MAC_CRED_CHECK_STAT_VNODE: - mpc->mpc_ops->mpo_cred_check_stat_vnode = + case MAC_CHECK_STAT_VNODE: + mpc->mpc_ops->mpo_check_stat_vnode = mpe->mpe_function; break; - case MAC_CRED_CHECK_VNODE_MMAP_PERMS: - mpc->mpc_ops->mpo_cred_check_vnode_mmap_perms = + case MAC_CHECK_VNODE_MMAP_PERMS: + mpc->mpc_ops->mpo_check_vnode_mmap_perms = mpe->mpe_function; break; - case MAC_CRED_CHECK_VNODE_OP: - mpc->mpc_ops->mpo_cred_check_vnode_op = + case MAC_CHECK_VNODE_OP: + mpc->mpc_ops->mpo_check_vnode_op = mpe->mpe_function; break; - case MAC_CRED_CHECK_PIPE_IOCTL: - mpc->mpc_ops->mpo_cred_check_pipe_ioctl = + case MAC_CHECK_PIPE_IOCTL: + mpc->mpc_ops->mpo_check_pipe_ioctl = mpe->mpe_function; break; - case MAC_CRED_CHECK_PIPE_OP: - mpc->mpc_ops->mpo_cred_check_pipe_op = + case MAC_CHECK_PIPE_OP: + mpc->mpc_ops->mpo_check_pipe_op = mpe->mpe_function; break; case MAC_IFNET_CHECK_SEND_MBUF: @@ -1048,7 +1048,7 @@ if (!mac_enforce_process) return (0); - MAC_CHECK(cred_check_see_cred, u1, u2); + MAC_CHECK(check_see_cred, u1, u2); return (error); } @@ -1061,7 +1061,7 @@ if (!mac_enforce_socket) return (0); - MAC_CHECK(cred_check_see_socket, cred, socket, &socket->so_label); + MAC_CHECK(check_see_socket, cred, socket, &socket->so_label); return (error); } @@ -1074,7 +1074,7 @@ if (!mac_enforce_process) return (0); - MAC_CHECK(cred_check_signal_proc, cred, proc, signum); + MAC_CHECK(check_signal_proc, cred, proc, signum); return (error); } @@ -1087,7 +1087,7 @@ if (!mac_enforce_process) return (0); - MAC_CHECK(cred_check_sched_proc, cred, proc); + MAC_CHECK(check_sched_proc, cred, proc); return (error); } @@ -1100,7 +1100,7 @@ if (!mac_enforce_process) return (0); - MAC_CHECK(cred_check_debug_proc, cred, proc); + MAC_CHECK(check_debug_proc, cred, proc); return (error); } @@ -1365,7 +1365,7 @@ error = vn_refreshlabel(vp, cred); if (error) return (error); - MAC_CHECK(cred_check_exec_vnode, cred, vp, &vp->v_label); + MAC_CHECK(check_exec_vnode, cred, vp, &vp->v_label); return (error); } @@ -1755,38 +1755,38 @@ * 0 is returned for success, otherwise an errno. */ static int -mac_cred_check_relabel_subject(struct ucred *cred, struct label *newlabel) +mac_check_relabel_subject(struct ucred *cred, struct label *newlabel) { int error; - MAC_CHECK(cred_check_relabel_subject, cred, newlabel); + MAC_CHECK(check_relabel_subject, cred, newlabel); return (error); } static int -mac_cred_check_relabel_vnode(struct ucred *cred, struct vnode *vp, +mac_check_relabel_vnode(struct ucred *cred, struct vnode *vp, struct label *newlabel) { int error; - ASSERT_VOP_LOCKED(vp, "mac_cred_check_relabel_vnode"); + ASSERT_VOP_LOCKED(vp, "mac_check_relabel_vnode"); error = vn_refreshlabel(vp, cred); if (error) return (error); - MAC_CHECK(cred_check_relabel_vnode, cred, vp, &vp->v_label, newlabel); + MAC_CHECK(check_relabel_vnode, cred, vp, &vp->v_label, newlabel); return (error); } int -mac_cred_check_access_vnode(struct ucred *cred, struct vnode *vp, int flags) +mac_check_access_vnode(struct ucred *cred, struct vnode *vp, int flags) { int error; - ASSERT_VOP_LOCKED(vp, "mac_cred_check_access_vnode"); + ASSERT_VOP_LOCKED(vp, "mac_check_access_vnode"); if (!mac_enforce_fs) return (0); @@ -1795,16 +1795,16 @@ if (error) return (error); - MAC_CHECK(cred_check_access_vnode, cred, vp, &vp->v_label, flags); + MAC_CHECK(check_access_vnode, cred, vp, &vp->v_label, flags); return (error); } int -mac_cred_check_chdir_vnode(struct ucred *cred, struct vnode *dvp) +mac_check_chdir_vnode(struct ucred *cred, struct vnode *dvp) { int error; - ASSERT_VOP_LOCKED(dvp, "mac_cred_check_chdir_vnode"); + ASSERT_VOP_LOCKED(dvp, "mac_check_chdir_vnode"); if (!mac_enforce_fs) return (0); @@ -1813,16 +1813,16 @@ if (error) return (error); - MAC_CHECK(cred_check_chdir_vnode, cred, dvp, &dvp->v_label); + MAC_CHECK(check_chdir_vnode, cred, dvp, &dvp->v_label); return (error); } int -mac_cred_check_chroot_vnode(struct ucred *cred, struct vnode *dvp) +mac_check_chroot_vnode(struct ucred *cred, struct vnode *dvp) { int error; - ASSERT_VOP_LOCKED(dvp, "mac_cred_check_chroot_vnode"); + ASSERT_VOP_LOCKED(dvp, "mac_check_chroot_vnode"); if (!mac_enforce_fs) return (0); @@ -1831,17 +1831,17 @@ if (error) return (error); - MAC_CHECK(cred_check_chroot_vnode, cred, dvp, &dvp->v_label); + MAC_CHECK(check_chroot_vnode, cred, dvp, &dvp->v_label); return (error); } int -mac_cred_check_create_vnode(struct ucred *cred, struct vnode *dvp, +mac_check_create_vnode(struct ucred *cred, struct vnode *dvp, struct componentname *cnp, struct vattr *vap) { int error; - ASSERT_VOP_LOCKED(dvp, "mac_cred_check_create_vnode"); + ASSERT_VOP_LOCKED(dvp, "mac_check_create_vnode"); if (!mac_enforce_fs) return (0); @@ -1850,17 +1850,16 @@ if (error) return (error); - MAC_CHECK(cred_check_create_vnode, cred, dvp, &dvp->v_label, cnp, vap); + MAC_CHECK(check_create_vnode, cred, dvp, &dvp->v_label, cnp, vap); return (error); } int -mac_cred_check_getacl_vnode(struct ucred *cred, struct vnode *vp, - acl_type_t type) +mac_check_getacl_vnode(struct ucred *cred, struct vnode *vp, acl_type_t type) { int error; - ASSERT_VOP_LOCKED(vp, "mac_cred_check_getacl_vnode"); + ASSERT_VOP_LOCKED(vp, "mac_check_getacl_vnode"); if (!mac_enforce_fs) return (0); @@ -1869,17 +1868,17 @@ if (error) return (error); - MAC_CHECK(cred_check_getacl_vnode, cred, vp, &vp->v_label, type); + MAC_CHECK(check_getacl_vnode, cred, vp, &vp->v_label, type); return (error); } int -mac_cred_check_getextattr_vnode(struct ucred *cred, struct vnode *vp, +mac_check_getextattr_vnode(struct ucred *cred, struct vnode *vp, int attrnamespace, const char *name, struct uio *uio) { int error; - ASSERT_VOP_LOCKED(vp, "mac_cred_check_getextattr_vnode"); + ASSERT_VOP_LOCKED(vp, "mac_check_getextattr_vnode"); if (!mac_enforce_fs) return (0); @@ -1888,30 +1887,30 @@ if (error) return (error); - MAC_CHECK(cred_check_getextattr_vnode, cred, vp, &vp->v_label, + MAC_CHECK(check_getextattr_vnode, cred, vp, &vp->v_label, attrnamespace, name, uio); return (error); } int -mac_cred_check_listen_socket(struct ucred *cred, struct socket *socket) +mac_check_listen_socket(struct ucred *cred, struct socket *socket) { int error; if (!mac_enforce_socket) return (0); - MAC_CHECK(cred_check_listen_socket, cred, socket, &socket->so_label); + MAC_CHECK(check_listen_socket, cred, socket, &socket->so_label); return (error); } int -mac_cred_check_lookup_vnode(struct ucred *cred, struct vnode *dvp, +mac_check_lookup_vnode(struct ucred *cred, struct vnode *dvp, struct componentname *cnp) { int error; - ASSERT_VOP_LOCKED(dvp, "mac_cred_check_lookup_vnode"); + ASSERT_VOP_LOCKED(dvp, "mac_check_lookup_vnode"); if (!mac_enforce_fs) return (0); @@ -1920,31 +1919,30 @@ if (error) return (error); - MAC_CHECK(cred_check_lookup_vnode, cred, dvp, &dvp->v_label, cnp); + MAC_CHECK(check_lookup_vnode, cred, dvp, &dvp->v_label, cnp); return (error); } vm_prot_t -mac_cred_check_mmap_vnode_prot(struct ucred *cred, struct vnode *vp, - int newmapping) +mac_check_mmap_vnode_prot(struct ucred *cred, struct vnode *vp, int newmapping) { vm_prot_t result = VM_PROT_ALL; /* * This should be some sort of MAC_BITWISE, maybe :) */ - ASSERT_VOP_LOCKED(vp, "mac_cred_check_mmap_vnode_perms"); - MAC_BOOLEAN(cred_check_vnode_mmap_perms, &, cred, vp, &vp->v_label, + ASSERT_VOP_LOCKED(vp, "mac_check_mmap_vnode_perms"); + MAC_BOOLEAN(check_vnode_mmap_perms, &, cred, vp, &vp->v_label, newmapping); return (result); } int -mac_cred_check_open_vnode(struct ucred *cred, struct vnode *vp, mode_t acc_mode) +mac_check_open_vnode(struct ucred *cred, struct vnode *vp, mode_t acc_mode) { int error; - ASSERT_VOP_LOCKED(vp, "mac_cred_check_open_vnode"); + ASSERT_VOP_LOCKED(vp, "mac_check_open_vnode"); if (!mac_enforce_fs) return (0); @@ -1953,16 +1951,16 @@ if (error) return (error); - MAC_CHECK(cred_check_open_vnode, cred, vp, &vp->v_label, acc_mode); + MAC_CHECK(check_open_vnode, cred, vp, &vp->v_label, acc_mode); return (error); } int -mac_cred_check_readdir_vnode(struct ucred *cred, struct vnode *dvp) +mac_check_readdir_vnode(struct ucred *cred, struct vnode *dvp) { int error; - ASSERT_VOP_LOCKED(dvp, "mac_cred_check_readdir_vnode"); + ASSERT_VOP_LOCKED(dvp, "mac_check_readdir_vnode"); if (!mac_enforce_fs) return (0); @@ -1971,16 +1969,16 @@ if (error) return (error); - MAC_CHECK(cred_check_readdir_vnode, cred, dvp, &dvp->v_label); + MAC_CHECK(check_readdir_vnode, cred, dvp, &dvp->v_label); return (error); } int -mac_cred_check_readlink_vnode(struct ucred *cred, struct vnode *vp) +mac_check_readlink_vnode(struct ucred *cred, struct vnode *vp) { int error; - ASSERT_VOP_LOCKED(vp, "mac_cred_check_readlink_vnode"); + ASSERT_VOP_LOCKED(vp, "mac_check_readlink_vnode"); if (!mac_enforce_fs) return (0); @@ -1989,16 +1987,16 @@ if (error) return (error); - MAC_CHECK(cred_check_readlink_vnode, cred, vp, &vp->v_label); + MAC_CHECK(check_readlink_vnode, cred, vp, &vp->v_label); return (error); } int -mac_cred_check_revoke_vnode(struct ucred *cred, struct vnode *vp) +mac_check_revoke_vnode(struct ucred *cred, struct vnode *vp) { int error; - ASSERT_VOP_LOCKED(vp, "mac_cred_check_revoke_vnode"); + ASSERT_VOP_LOCKED(vp, "mac_check_revoke_vnode"); if (!mac_enforce_fs) return (0); @@ -2007,17 +2005,17 @@ if (error) return (error); - MAC_CHECK(cred_check_revoke_vnode, cred, vp, &vp->v_label); + MAC_CHECK(check_revoke_vnode, cred, vp, &vp->v_label); return (error); } int -mac_cred_check_setacl_vnode(struct ucred *cred, struct vnode *vp, - acl_type_t type, struct acl *acl) +mac_check_setacl_vnode(struct ucred *cred, struct vnode *vp, acl_type_t type, + struct acl *acl) { int error; - ASSERT_VOP_LOCKED(vp, "mac_cred_check_setacl_vnode"); + ASSERT_VOP_LOCKED(vp, "mac_check_setacl_vnode"); if (!mac_enforce_fs) return (0); @@ -2026,17 +2024,17 @@ if (error) return (error); - MAC_CHECK(cred_check_setacl_vnode, cred, vp, &vp->v_label, type, acl); + MAC_CHECK(check_setacl_vnode, cred, vp, &vp->v_label, type, acl); return (error); } int -mac_cred_check_setextattr_vnode(struct ucred *cred, struct vnode *vp, +mac_check_setextattr_vnode(struct ucred *cred, struct vnode *vp, int attrnamespace, const char *name, struct uio *uio) { int error; - ASSERT_VOP_LOCKED(vp, "mac_cred_check_setextattr_vnode"); + ASSERT_VOP_LOCKED(vp, "mac_check_setextattr_vnode"); if (!mac_enforce_fs) return (0); @@ -2045,18 +2043,17 @@ if (error) return (error); - MAC_CHECK(cred_check_setextattr_vnode, cred, vp, &vp->v_label, + MAC_CHECK(check_setextattr_vnode, cred, vp, &vp->v_label, attrnamespace, name, uio); return (error); } int -mac_cred_check_setflags_vnode(struct ucred *cred, struct vnode *vp, - u_long flags) +mac_check_setflags_vnode(struct ucred *cred, struct vnode *vp, u_long flags) { int error; - ASSERT_VOP_LOCKED(vp, "mac_cred_check_setflags_vnode"); + ASSERT_VOP_LOCKED(vp, "mac_check_setflags_vnode"); if (!mac_enforce_fs) return (0); @@ -2065,17 +2062,16 @@ if (error) return (error); - MAC_CHECK(cred_check_setflags_vnode, cred, vp, &vp->v_label, flags); + MAC_CHECK(check_setflags_vnode, cred, vp, &vp->v_label, flags); return (error); } int -mac_cred_check_setmode_vnode(struct ucred *cred, struct vnode *vp, - mode_t mode) +mac_check_setmode_vnode(struct ucred *cred, struct vnode *vp, mode_t mode) { int error; - ASSERT_VOP_LOCKED(vp, "mac_cred_check_setmode_vnode"); + ASSERT_VOP_LOCKED(vp, "mac_check_setmode_vnode"); if (!mac_enforce_fs) return (0); @@ -2084,17 +2080,17 @@ if (error) return (error); - MAC_CHECK(cred_check_setmode_vnode, cred, vp, &vp->v_label, mode); + MAC_CHECK(check_setmode_vnode, cred, vp, &vp->v_label, mode); return (error); } int -mac_cred_check_setowner_vnode(struct ucred *cred, struct vnode *vp, uid_t uid, +mac_check_setowner_vnode(struct ucred *cred, struct vnode *vp, uid_t uid, gid_t gid) { int error; - ASSERT_VOP_LOCKED(vp, "mac_cred_check_setowner_vnode"); + ASSERT_VOP_LOCKED(vp, "mac_check_setowner_vnode"); if (!mac_enforce_fs) return (0); @@ -2103,17 +2099,17 @@ if (error) return (error); - MAC_CHECK(cred_check_setowner_vnode, cred, vp, &vp->v_label, uid, gid); + MAC_CHECK(check_setowner_vnode, cred, vp, &vp->v_label, uid, gid); return (error); } int -mac_cred_check_setutimes_vnode(struct ucred *cred, struct vnode *vp, +mac_check_setutimes_vnode(struct ucred *cred, struct vnode *vp, struct timespec atime, struct timespec mtime) { int error; - ASSERT_VOP_LOCKED(vp, "mac_cred_check_setutimes_vnode"); + ASSERT_VOP_LOCKED(vp, "mac_check_setutimes_vnode"); if (!mac_enforce_fs) return (0); @@ -2122,19 +2118,19 @@ if (error) return (error); - MAC_CHECK(cred_check_setutimes_vnode, cred, vp, &vp->v_label, atime, + MAC_CHECK(check_setutimes_vnode, cred, vp, &vp->v_label, atime, mtime); return (error); } int -mac_cred_check_delete_vnode(struct ucred *cred, struct vnode *dvp, - struct vnode *vp, struct componentname *cnp) +mac_check_delete_vnode(struct ucred *cred, struct vnode *dvp, struct vnode *vp, + struct componentname *cnp) { int error; - ASSERT_VOP_LOCKED(dvp, "mac_cred_check_delete_vnode"); - ASSERT_VOP_LOCKED(vp, "mac_cred_check_delete_vnode"); + ASSERT_VOP_LOCKED(dvp, "mac_check_delete_vnode"); + ASSERT_VOP_LOCKED(vp, "mac_check_delete_vnode"); if (!mac_enforce_fs) return (0); @@ -2146,18 +2142,18 @@ if (error) >>> TRUNCATED FOR MAIL (1000 lines) <<< To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message