From owner-p4-projects Sat Jul 27 19:38:33 2002 Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 16D1637B401; Sat, 27 Jul 2002 19:38:10 -0700 (PDT) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B160437B400 for ; Sat, 27 Jul 2002 19:38:09 -0700 (PDT) Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 41AB843E65 for ; Sat, 27 Jul 2002 19:38:09 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from freefall.freebsd.org (perforce@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.4/8.12.4) with ESMTP id g6S2c9JU002473 for ; Sat, 27 Jul 2002 19:38:09 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by freefall.freebsd.org (8.12.4/8.12.4/Submit) id g6S2c8lj002470 for perforce@freebsd.org; Sat, 27 Jul 2002 19:38:08 -0700 (PDT) Date: Sat, 27 Jul 2002 19:38:08 -0700 (PDT) Message-Id: <200207280238.g6S2c8lj002470@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson Subject: PERFORCE change 15027 for review To: Perforce Change Reviews Sender: owner-p4-projects@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG http://people.freebsd.org/~peter/p4db/chv.cgi?CH=15027 Change 15027 by rwatson@rwatson_paprika on 2002/07/27 19:37:38 Rename mac_bpfdesc_check_receive_from_ifnet() to mac_check_bpfdesc_receive() in the name of entry point name simplification. Affected files ... .. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#196 edit .. //depot/projects/trustedbsd/mac/sys/net/bpf.c#14 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#73 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_ifoff/mac_ifoff.c#10 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#62 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#48 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#53 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#18 edit .. //depot/projects/trustedbsd/mac/sys/sys/mac.h#124 edit .. //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#89 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#196 (text+ko) ==== @@ -650,12 +650,12 @@ mpc->mpc_ops->mpo_relabel_subject = mpe->mpe_function; break; - case MAC_BPFDESC_CHECK_RECEIVE_FROM_IFNET: - mpc->mpc_ops->mpo_bpfdesc_check_receive_from_ifnet = + case MAC_CHECK_BIND_SOCKET: + mpc->mpc_ops->mpo_check_bind_socket = mpe->mpe_function; break; - case MAC_CHECK_BIND_SOCKET: - mpc->mpc_ops->mpo_check_bind_socket = + case MAC_CHECK_BPFDESC_RECEIVE: + mpc->mpc_ops->mpo_check_bpfdesc_receive = mpe->mpe_function; break; case MAC_CHECK_CONNECT_SOCKET: @@ -2504,30 +2504,30 @@ } int -mac_bpfdesc_check_receive_from_ifnet(struct bpf_d *bpf_d, struct ifnet *ifnet) +mac_check_bind_socket(struct ucred *ucred, struct socket *socket, + struct sockaddr *sockaddr) { int error; - if (!mac_enforce_network) + if (!mac_enforce_socket) return (0); - MAC_CHECK(bpfdesc_check_receive_from_ifnet, bpf_d, &bpf_d->bd_label, - ifnet, &ifnet->if_label); + MAC_CHECK(check_bind_socket, ucred, socket, &socket->so_label, + sockaddr); return (error); } int -mac_check_bind_socket(struct ucred *ucred, struct socket *socket, - struct sockaddr *sockaddr) +mac_check_bpfdesc_receive(struct bpf_d *bpf_d, struct ifnet *ifnet) { int error; - if (!mac_enforce_socket) + if (!mac_enforce_network) return (0); - MAC_CHECK(check_bind_socket, ucred, socket, &socket->so_label, - sockaddr); + MAC_CHECK(check_bpfdesc_receive, bpf_d, &bpf_d->bd_label, ifnet, + &ifnet->if_label); return (error); } ==== //depot/projects/trustedbsd/mac/sys/net/bpf.c#14 (text+ko) ==== @@ -1076,7 +1076,7 @@ slen = bpf_filter(d->bd_filter, pkt, pktlen, pktlen); if (slen != 0){ #ifdef MAC - if (mac_bpfdesc_check_receive_from_ifnet(d, ifp) == 0) + if (mac_check_bpfdesc_receive(d, ifp) == 0) #endif catchpacket(d, pkt, pktlen, slen, bcopy); ==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#73 (text+ko) ==== @@ -1164,8 +1164,8 @@ * Access control checks. */ static int -mac_biba_bpfdesc_check_receive_from_ifnet(struct bpf_d *bpf_d, - struct label *bpflabel, struct ifnet *ifnet, struct label *ifnetlabel) +mac_biba_check_bpfdesc_receive(struct bpf_d *bpf_d, struct label *bpflabel, + struct ifnet *ifnet, struct label *ifnetlabel) { struct mac_biba *a, *b; @@ -2140,8 +2140,8 @@ (macop_t)mac_biba_create_proc1 }, { MAC_RELABEL_SUBJECT, (macop_t)mac_biba_relabel_subject }, - { MAC_BPFDESC_CHECK_RECEIVE_FROM_IFNET, - (macop_t)mac_biba_bpfdesc_check_receive_from_ifnet }, + { MAC_CHECK_BPFDESC_RECEIVE, + (macop_t)mac_biba_check_bpfdesc_receive }, { MAC_CHECK_SEE_CRED, (macop_t)mac_biba_check_see_cred }, { MAC_CHECK_SEE_SOCKET, ==== //depot/projects/trustedbsd/mac/sys/security/mac_ifoff/mac_ifoff.c#10 (text+ko) ==== @@ -138,8 +138,8 @@ } static int -mac_ifoff_bpfdesc_check_receive_from_ifnet(struct bpf_d *bpf_d, - struct label *bpflabel, struct ifnet *ifnet, struct label *ifnetlabel) +mac_ifoff_check_bpfdesc_receive(struct bpf_d *bpf_d, struct label *bpflabel, + struct ifnet *ifnet, struct label *ifnetlabel) { return (check_ifnet_incoming(ifnet, 1)); @@ -160,8 +160,8 @@ static struct mac_policy_op_entry mac_ifoff_ops[] = { - { MAC_BPFDESC_CHECK_RECEIVE_FROM_IFNET, - (macop_t)mac_ifoff_bpfdesc_check_receive_from_ifnet }, + { MAC_CHECK_BPFDESC_RECEIVE, + (macop_t)mac_ifoff_check_bpfdesc_receive }, { MAC_IFNET_CHECK_SEND_MBUF, (macop_t)mac_ifoff_ifnet_check_send_mbuf }, { MAC_SOCKET_CHECK_RECEIVE_MBUF, ==== //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#62 (text+ko) ==== @@ -1110,8 +1110,8 @@ * Access control checks. */ static int -mac_mls_bpfdesc_check_receive_from_ifnet(struct bpf_d *bpf_d, - struct label *bpflabel, struct ifnet *ifnet, struct label *ifnetlabel) +mac_mls_check_bpfdesc_receive(struct bpf_d *bpf_d, struct label *bpflabel, + struct ifnet *ifnet, struct label *ifnetlabel) { struct mac_mls *a, *b; @@ -2086,8 +2086,8 @@ (macop_t)mac_mls_create_proc1 }, { MAC_RELABEL_SUBJECT, (macop_t)mac_mls_relabel_subject }, - { MAC_BPFDESC_CHECK_RECEIVE_FROM_IFNET, - (macop_t)mac_mls_bpfdesc_check_receive_from_ifnet }, + { MAC_CHECK_BPFDESC_RECEIVE, + (macop_t)mac_mls_check_bpfdesc_receive }, { MAC_CHECK_SEE_CRED, (macop_t)mac_mls_check_see_cred }, { MAC_CHECK_SEE_SOCKET, ==== //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#48 (text+ko) ==== @@ -549,19 +549,19 @@ * Access control checks. */ static int -mac_none_bpfdesc_check_receive_from_ifnet(struct bpf_d *bpf_d, - struct label *bpflabel, struct ifnet *ifnet, struct label *ifnet_label) +mac_none_check_bind_socket(struct ucred *cred, struct socket *socket, + struct label *socketlabel, struct sockaddr *sockaddr) { return (0); } static int -mac_none_check_bind_socket(struct ucred *cred, struct socket *socket, - struct label *socketlabel, struct sockaddr *sockaddr) +mac_none_check_bpfdesc_receive(struct bpf_d *bpf_d, struct label *bpflabel, + struct ifnet *ifnet, struct label *ifnet_label) { - return (0); + return (0); } static int @@ -1016,10 +1016,10 @@ (macop_t)mac_none_create_proc1 }, { MAC_RELABEL_SUBJECT, (macop_t)mac_none_relabel_subject }, - { MAC_BPFDESC_CHECK_RECEIVE_FROM_IFNET, - (macop_t)mac_none_bpfdesc_check_receive_from_ifnet }, { MAC_CHECK_BIND_SOCKET, (macop_t)mac_none_check_bind_socket }, + { MAC_CHECK_BPFDESC_RECEIVE, + (macop_t)mac_none_check_bpfdesc_receive }, { MAC_CHECK_CONNECT_SOCKET, (macop_t)mac_none_check_connect_socket }, { MAC_CHECK_SEE_CRED, ==== //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#53 (text+ko) ==== @@ -674,27 +674,27 @@ } static int -mac_te_bpfdesc_check_receive_from_ifnet(struct bpf_d *bpf_d, - struct label *bpflabel, struct ifnet *ifnet, struct label *ifnetlabel) +mac_te_check_bind_socket(struct ucred *cred, struct socket *socket, + struct label *socketlabel, struct sockaddr *sockaddr) { if (!mac_te_enabled) return (0); - return (mac_te_check(SLOT(bpflabel), SLOT(ifnetlabel), - MAC_TE_CLASS_BPF, MAC_TE_OPERATION_BPF_RECEIVE)); + return (mac_te_check(SLOT(&cred->cr_label), SLOT(socketlabel), + MAC_TE_CLASS_SOCKET, MAC_TE_OPERATION_SOCKET_BIND)); } static int -mac_te_check_bind_socket(struct ucred *cred, struct socket *socket, - struct label *socketlabel, struct sockaddr *sockaddr) +mac_te_check_bpfdesc_receive(struct bpf_d *bpf_d, struct label *bpflabel, + struct ifnet *ifnet, struct label *ifnetlabel) { if (!mac_te_enabled) return (0); - return (mac_te_check(SLOT(&cred->cr_label), SLOT(socketlabel), - MAC_TE_CLASS_SOCKET, MAC_TE_OPERATION_SOCKET_BIND)); + return (mac_te_check(SLOT(bpflabel), SLOT(ifnetlabel), + MAC_TE_CLASS_BPF, MAC_TE_OPERATION_BPF_RECEIVE)); } static int @@ -1747,11 +1747,10 @@ { MAC_CREATE_PROC1, (macop_t)mac_te_create_proc1 }, { MAC_RELABEL_SUBJECT, (macop_t)mac_te_relabel_subject }, { MAC_RELABEL_VNODE, (macop_t)mac_te_relabel_vnode }, - { MAC_BPFDESC_CHECK_RECEIVE_FROM_IFNET, - (macop_t)mac_te_bpfdesc_check_receive_from_ifnet }, { MAC_CHECK_SEE_CRED, (macop_t)mac_te_check_see_cred }, { MAC_CHECK_SEE_SOCKET, (macop_t)mac_te_check_see_socket }, { MAC_CHECK_BIND_SOCKET, (macop_t)mac_te_check_bind_socket }, + { MAC_CHECK_BPFDESC_RECEIVE, (macop_t)mac_te_check_bpfdesc_receive }, { MAC_CHECK_CONNECT_SOCKET, (macop_t)mac_te_check_connect_socket }, { MAC_CHECK_LISTEN_SOCKET, ==== //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#18 (text+ko) ==== @@ -757,16 +757,16 @@ * Access control checks. */ static int -mac_test_bpfdesc_check_receive_from_ifnet(struct bpf_d *bpf_d, - struct label *bpflabel, struct ifnet *ifnet, struct label *ifnetlabel) +mac_test_check_bind_socket(struct ucred *cred, struct socket *socket, + struct label *socketlabel, struct sockaddr *sockaddr) { return (0); } static int -mac_test_check_bind_socket(struct ucred *cred, struct socket *socket, - struct label *socketlabel, struct sockaddr *sockaddr) +mac_test_check_bpfdesc_receive(struct bpf_d *bpf_d, struct label *bpflabel, + struct ifnet *ifnet, struct label *ifnetlabel) { return (0); @@ -1222,10 +1222,10 @@ (macop_t)mac_test_create_proc1 }, { MAC_RELABEL_SUBJECT, (macop_t)mac_test_relabel_subject }, - { MAC_BPFDESC_CHECK_RECEIVE_FROM_IFNET, - (macop_t)mac_test_bpfdesc_check_receive_from_ifnet }, { MAC_CHECK_BIND_SOCKET, (macop_t)mac_test_check_bind_socket }, + { MAC_CHECK_BPFDESC_RECEIVE, + (macop_t)mac_test_check_bpfdesc_receive }, { MAC_CHECK_CONNECT_SOCKET, (macop_t)mac_test_check_connect_socket }, { MAC_CHECK_SEE_CRED, ==== //depot/projects/trustedbsd/mac/sys/sys/mac.h#124 (text+ko) ==== @@ -257,12 +257,11 @@ int mac_execve_will_transition(struct ucred *old, struct vnode *vp); /* Authorizational event hooks. */ -int mac_bpfdesc_check_receive_from_ifnet(struct bpf_d *bpf_d, - struct ifnet *ifnet); int mac_check_access_vnode(struct ucred *cred, struct vnode *vp, int flags); int mac_check_bind_socket(struct ucred *cred, struct socket *so, struct sockaddr *sa); +int mac_check_bpfdesc_receive(struct bpf_d *bpf_d, struct ifnet *ifnet); int mac_check_chdir_vnode(struct ucred *cred, struct vnode *dvp); int mac_check_chroot_vnode(struct ucred *cred, struct vnode *dvp); int mac_check_connect_socket(struct ucred *cred, struct socket *so, ==== //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#89 (text+ko) ==== @@ -228,12 +228,12 @@ /* * Access control checks. */ - int (*mpo_bpfdesc_check_receive_from_ifnet)(struct bpf_d *bpf_d, - struct label *bpflabel, struct ifnet *ifnet, - struct label *ifnetlabel); int (*mpo_check_bind_socket)(struct ucred *cred, struct socket *socket, struct label *socketlabel, struct sockaddr *sockaddr); + int (*mpo_check_bpfdesc_receive)(struct bpf_d *bpf_d, + struct label *bpflabel, struct ifnet *ifnet, + struct label *ifnetlabel); int (*mpo_check_connect_socket)(struct ucred *cred, struct socket *socket, struct label *socketlabel, struct sockaddr *sockaddr); @@ -411,8 +411,8 @@ MAC_CREATE_PROC0, MAC_CREATE_PROC1, MAC_RELABEL_SUBJECT, - MAC_BPFDESC_CHECK_RECEIVE_FROM_IFNET, MAC_CHECK_BIND_SOCKET, + MAC_CHECK_BPFDESC_RECEIVE, MAC_CHECK_SEE_CRED, MAC_CHECK_SEE_SOCKET, MAC_CHECK_RELABEL_IFNET, To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message