From owner-p4-projects Sun Jul 28 18:47:51 2002 Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 6E17837B401; Sun, 28 Jul 2002 18:46:40 -0700 (PDT) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E53E237B400 for ; Sun, 28 Jul 2002 18:46:39 -0700 (PDT) Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2ABC343E5E for ; Sun, 28 Jul 2002 18:46:39 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from freefall.freebsd.org (perforce@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.4/8.12.4) with ESMTP id g6T1kdJU034813 for ; Sun, 28 Jul 2002 18:46:39 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by freefall.freebsd.org (8.12.4/8.12.4/Submit) id g6T1kcBq034810 for perforce@freebsd.org; Sun, 28 Jul 2002 18:46:38 -0700 (PDT) Date: Sun, 28 Jul 2002 18:46:38 -0700 (PDT) Message-Id: <200207290146.g6T1kcBq034810@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson Subject: PERFORCE change 15085 for review To: Perforce Change Reviews Sender: owner-p4-projects@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG http://people.freebsd.org/~peter/p4db/chv.cgi?CH=15085 Change 15085 by rwatson@rwatson_paprika on 2002/07/28 18:45:59 Generally rename "subject" to "cred" where we're specifically referring to credentials. Affected files ... .. //depot/projects/trustedbsd/mac/sys/fs/procfs/procfs_mac.c#5 edit .. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#205 edit .. //depot/projects/trustedbsd/mac/sys/kern/kern_prot.c#25 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#82 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#70 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#57 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_partition/mac_partition.c#10 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#62 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#27 edit .. //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#18 edit .. //depot/projects/trustedbsd/mac/sys/sys/mac.h#132 edit .. //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#98 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/fs/procfs/procfs_mac.c#5 (text+ko) ==== @@ -60,7 +60,7 @@ mac_update_vnode_from_mount(vp, vp->v_mount); else { PROC_LOCK(p); - mac_update_procfsvnode_from_subject(vp, p->p_ucred); + mac_update_procfsvnode_from_cred(vp, p->p_ucred); PROC_UNLOCK(p); } ==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#205 (text+ko) ==== @@ -531,8 +531,8 @@ mpc->mpc_ops->mpo_update_devfsdirent_from_vnode = mpe->mpe_function; break; - case MAC_UPDATE_PROCFSVNODE_FROM_SUBJECT: - mpc->mpc_ops->mpo_update_procfsvnode_from_subject = + case MAC_UPDATE_PROCFSVNODE_FROM_CRED: + mpc->mpc_ops->mpo_update_procfsvnode_from_cred = mpe->mpe_function; break; case MAC_UPDATE_VNODE_FROM_EXTATTR: @@ -630,8 +630,9 @@ mpc->mpc_ops->mpo_update_ipq_from_fragment = mpe->mpe_function; break; - case MAC_CREATE_SUBJECT: - mpc->mpc_ops->mpo_create_subject = mpe->mpe_function; + case MAC_CREATE_CRED: + mpc->mpc_ops->mpo_create_cred = + mpe->mpe_function; break; case MAC_EXECVE_TRANSITION: mpc->mpc_ops->mpo_execve_transition = mpe->mpe_function; @@ -646,8 +647,8 @@ case MAC_CREATE_PROC1: mpc->mpc_ops->mpo_create_proc1 = mpe->mpe_function; break; - case MAC_RELABEL_SUBJECT: - mpc->mpc_ops->mpo_relabel_subject = + case MAC_RELABEL_CRED: + mpc->mpc_ops->mpo_relabel_cred = mpe->mpe_function; break; case MAC_CHECK_BPFDESC_RECEIVE: @@ -830,6 +831,10 @@ mpc->mpc_ops->mpo_init_bpfdesc = mpe->mpe_function; break; + case MAC_INIT_CRED: + mpc->mpc_ops->mpo_init_cred = + mpe->mpe_function; + break; case MAC_INIT_DEVFSDIRENT: mpc->mpc_ops->mpo_init_devfsdirent = mpe->mpe_function; @@ -858,10 +863,6 @@ mpc->mpc_ops->mpo_init_socket = mpe->mpe_function; break; - case MAC_INIT_SUBJECT: - mpc->mpc_ops->mpo_init_subject = - mpe->mpe_function; - break; case MAC_INIT_TEMP: mpc->mpc_ops->mpo_init_temp = mpe->mpe_function; @@ -874,6 +875,10 @@ mpc->mpc_ops->mpo_destroy_bpfdesc = mpe->mpe_function; break; + case MAC_DESTROY_CRED: + mpc->mpc_ops->mpo_destroy_cred = + mpe->mpe_function; + break; case MAC_DESTROY_DEVFSDIRENT: mpc->mpc_ops->mpo_destroy_devfsdirent = mpe->mpe_function; @@ -902,10 +907,6 @@ mpc->mpc_ops->mpo_destroy_socket = mpe->mpe_function; break; - case MAC_DESTROY_SUBJECT: - mpc->mpc_ops->mpo_destroy_subject = - mpe->mpe_function; - break; case MAC_DESTROY_TEMP: mpc->mpc_ops->mpo_destroy_temp = mpe->mpe_function; @@ -1050,10 +1051,10 @@ } void -mac_update_procfsvnode_from_subject(struct vnode *vp, struct ucred *cred) +mac_update_procfsvnode_from_cred(struct vnode *vp, struct ucred *cred) { - MAC_PERFORM(update_procfsvnode_from_subject, vp, &vp->v_label, cred); + MAC_PERFORM(update_procfsvnode_from_cred, vp, &vp->v_label, cred); } /* @@ -1348,13 +1349,13 @@ /* label->l_flags &= ~MAC_FLAG_INITIALIZED; */ } -static unsigned int nmacmbufs, nmacsubjects, nmacifnets, nmacbpfdescs, +static unsigned int nmacmbufs, nmaccreds, nmacifnets, nmacbpfdescs, nmacsockets, nmacmounts, nmactemp, nmacvnodes, nmacdevfsdirents, nmacipqs, nmacpipes; SYSCTL_UINT(_security_mac_debug, OID_AUTO, mbufs, CTLFLAG_RD, &nmacmbufs, 0, "number of mbufs in use"); -SYSCTL_UINT(_security_mac_debug, OID_AUTO, subjects, CTLFLAG_RD, - &nmacsubjects, 0, "number of ucreds in use"); +SYSCTL_UINT(_security_mac_debug, OID_AUTO, creds, CTLFLAG_RD, + &nmaccreds, 0, "number of ucreds in use"); SYSCTL_UINT(_security_mac_debug, OID_AUTO, ifnets, CTLFLAG_RD, &nmacifnets, 0, "number of ifnets in use"); SYSCTL_UINT(_security_mac_debug, OID_AUTO, ipqs, CTLFLAG_RD, @@ -1396,21 +1397,21 @@ } void -mac_init_subject(struct ucred *cr) +mac_init_cred(struct ucred *cr) { mac_init_label(&cr->cr_label); - MAC_PERFORM(init_subject, cr, &cr->cr_label); - atomic_add_int(&nmacsubjects, 1); + MAC_PERFORM(init_cred, cr, &cr->cr_label); + atomic_add_int(&nmaccreds, 1); } void -mac_destroy_subject(struct ucred *cr) +mac_destroy_cred(struct ucred *cr) { - MAC_PERFORM(destroy_subject, cr, &cr->cr_label); + MAC_PERFORM(destroy_cred, cr, &cr->cr_label); mac_destroy_label(&cr->cr_label); - atomic_subtract_int(&nmacsubjects, 1); + atomic_subtract_int(&nmaccreds, 1); } void @@ -1661,10 +1662,10 @@ * deltas. This function allows that processing to take place. */ void -mac_create_subject(struct ucred *parent_cred, struct ucred *child_cred) +mac_create_cred(struct ucred *parent_cred, struct ucred *child_cred) { - MAC_PERFORM(create_subject, parent_cred, child_cred); + MAC_PERFORM(create_cred, parent_cred, child_cred); } int @@ -2146,10 +2147,10 @@ * buffer cache. */ static void -mac_relabel_subject(struct ucred *cred, struct label *newlabel) +mac_relabel_cred(struct ucred *cred, struct label *newlabel) { - MAC_PERFORM(relabel_subject, cred, newlabel); + MAC_PERFORM(relabel_cred, cred, newlabel); mac_subject_mmapped_drop_perms(curthread, cred); } @@ -2895,7 +2896,7 @@ setsugid(p); crcopy(newcred, oldcred); PROC_UNLOCK(p); - mac_relabel_subject(newcred, &intlabel); + mac_relabel_cred(newcred, &intlabel); PROC_LOCK(p); p->p_ucred = newcred; ==== //depot/projects/trustedbsd/mac/sys/kern/kern_prot.c#25 (text+ko) ==== @@ -1694,7 +1694,7 @@ cr->cr_ref = 1; cr->cr_mtxp = mtx_pool_find(cr); #ifdef MAC - mac_init_subject(cr); + mac_init_cred(cr); #endif /* MAC */ return (cr); } @@ -1741,7 +1741,7 @@ if (jailed(cr)) prison_free(cr->cr_prison); #ifdef MAC - mac_destroy_subject(cr); + mac_destroy_cred(cr); #endif /* MAC */ FREE(cr, M_CRED); mtx_unlock(&Giant); @@ -1780,7 +1780,7 @@ if (jailed(dest)) prison_hold(dest->cr_prison); #if MAC - mac_create_subject(src, dest); + mac_create_cred(src, dest); #endif } ==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#82 (text+ko) ==== @@ -410,6 +410,13 @@ } static void +mac_biba_init_cred(struct ucred *ucred, struct label *label) +{ + + SLOT(label) = biba_alloc(M_WAITOK); +} + +static void mac_biba_init_devfsdirent(struct devfs_dirent *devfs_dirent, struct label *label) { @@ -468,28 +475,29 @@ } static void -mac_biba_init_subject(struct ucred *ucred, struct label *label) +mac_biba_init_temp(struct label *label) { SLOT(label) = biba_alloc(M_WAITOK); } static void -mac_biba_init_temp(struct label *label) +mac_biba_init_vnode(struct vnode *vp, struct label *label) { SLOT(label) = biba_alloc(M_WAITOK); } static void -mac_biba_init_vnode(struct vnode *vp, struct label *label) +mac_biba_destroy_bpfdesc(struct bpf_d *bpf_d, struct label *label) { - SLOT(label) = biba_alloc(M_WAITOK); + biba_free(SLOT(label)); + SLOT(label) = NULL; } static void -mac_biba_destroy_bpfdesc(struct bpf_d *bpf_d, struct label *label) +mac_biba_destroy_cred(struct ucred *ucred, struct label *label) { biba_free(SLOT(label)); @@ -560,14 +568,6 @@ } static void -mac_biba_destroy_subject(struct ucred *ucred, struct label *label) -{ - - biba_free(SLOT(label)); - SLOT(label) = NULL; -} - -static void mac_biba_destroy_temp(struct label *label) { @@ -724,7 +724,7 @@ } static void -mac_biba_update_procfsvnode_from_subject(struct vnode *vp, +mac_biba_update_procfsvnode_from_cred(struct vnode *vp, struct label *vnodelabel, struct ucred *cred) { struct mac_biba *source, *dest; @@ -1094,7 +1094,7 @@ * Labeling event operations: processes. */ static void -mac_biba_create_subject(struct ucred *cred_parent, struct ucred *cred_child) +mac_biba_create_cred(struct ucred *cred_parent, struct ucred *cred_child) { struct mac_biba *source, *dest; @@ -1149,7 +1149,7 @@ } static void -mac_biba_relabel_subject(struct ucred *cred, struct label *newlabel) +mac_biba_relabel_cred(struct ucred *cred, struct label *newlabel) { struct mac_biba *source, *dest; @@ -2016,6 +2016,8 @@ (macop_t)mac_biba_init }, { MAC_INIT_BPFDESC, (macop_t)mac_biba_init_bpfdesc }, + { MAC_INIT_CRED, + (macop_t)mac_biba_init_cred }, { MAC_INIT_DEVFSDIRENT, (macop_t)mac_biba_init_devfsdirent }, { MAC_INIT_IFNET, @@ -2030,14 +2032,14 @@ (macop_t)mac_biba_init_pipe }, { MAC_INIT_SOCKET, (macop_t)mac_biba_init_socket }, - { MAC_INIT_SUBJECT, - (macop_t)mac_biba_init_subject }, { MAC_INIT_TEMP, (macop_t)mac_biba_init_temp }, { MAC_INIT_VNODE, (macop_t)mac_biba_init_vnode }, { MAC_DESTROY_BPFDESC, (macop_t)mac_biba_destroy_bpfdesc }, + { MAC_DESTROY_CRED, + (macop_t)mac_biba_destroy_cred }, { MAC_DESTROY_DEVFSDIRENT, (macop_t)mac_biba_destroy_devfsdirent }, { MAC_DESTROY_IFNET, @@ -2052,8 +2054,6 @@ (macop_t)mac_biba_destroy_pipe }, { MAC_DESTROY_SOCKET, (macop_t)mac_biba_destroy_socket }, - { MAC_DESTROY_SUBJECT, - (macop_t)mac_biba_destroy_subject }, { MAC_DESTROY_TEMP, (macop_t)mac_biba_destroy_temp }, { MAC_DESTROY_VNODE, @@ -2078,8 +2078,8 @@ (macop_t)mac_biba_relabel_vnode }, { MAC_UPDATE_DEVFSDIRENT_FROM_VNODE, (macop_t)mac_biba_update_devfsdirent_from_vnode }, - { MAC_UPDATE_PROCFSVNODE_FROM_SUBJECT, - (macop_t)mac_biba_update_procfsvnode_from_subject }, + { MAC_UPDATE_PROCFSVNODE_FROM_CRED, + (macop_t)mac_biba_update_procfsvnode_from_cred }, { MAC_UPDATE_VNODE_FROM_EXTERNALIZED, (macop_t)mac_biba_update_vnode_from_externalized }, { MAC_UPDATE_VNODE_FROM_MOUNT, @@ -2128,8 +2128,8 @@ (macop_t)mac_biba_relabel_ifnet }, { MAC_UPDATE_IPQ_FROM_FRAGMENT, (macop_t)mac_biba_update_ipq_from_fragment }, - { MAC_CREATE_SUBJECT, - (macop_t)mac_biba_create_subject }, + { MAC_CREATE_CRED, + (macop_t)mac_biba_create_cred }, { MAC_EXECVE_TRANSITION, (macop_t)mac_biba_execve_transition }, { MAC_EXECVE_WILL_TRANSITION, @@ -2138,8 +2138,8 @@ (macop_t)mac_biba_create_proc0 }, { MAC_CREATE_PROC1, (macop_t)mac_biba_create_proc1 }, - { MAC_RELABEL_SUBJECT, - (macop_t)mac_biba_relabel_subject }, + { MAC_RELABEL_CRED, + (macop_t)mac_biba_relabel_cred }, { MAC_CHECK_BPFDESC_RECEIVE, (macop_t)mac_biba_check_bpfdesc_receive }, { MAC_CHECK_CRED_RELABEL, ==== //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#70 (text+ko) ==== @@ -392,6 +392,13 @@ } static void +mac_mls_init_cred(struct ucred *ucred, struct label *label) +{ + + SLOT(label) = mls_alloc(M_WAITOK); +} + +static void mac_mls_init_devfsdirent(struct devfs_dirent *devfs_dirent, struct label *label) { @@ -450,28 +457,29 @@ } static void -mac_mls_init_subject(struct ucred *ucred, struct label *label) +mac_mls_init_temp(struct label *label) { SLOT(label) = mls_alloc(M_WAITOK); } static void -mac_mls_init_temp(struct label *label) +mac_mls_init_vnode(struct vnode *vp, struct label *label) { SLOT(label) = mls_alloc(M_WAITOK); } static void -mac_mls_init_vnode(struct vnode *vp, struct label *label) +mac_mls_destroy_bpfdesc(struct bpf_d *bpf_d, struct label *label) { - SLOT(label) = mls_alloc(M_WAITOK); + mls_free(SLOT(label)); + SLOT(label) = NULL; } static void -mac_mls_destroy_bpfdesc(struct bpf_d *bpf_d, struct label *label) +mac_mls_destroy_cred(struct ucred *ucred, struct label *label) { mls_free(SLOT(label)); @@ -542,14 +550,6 @@ } static void -mac_mls_destroy_subject(struct ucred *ucred, struct label *label) -{ - - mls_free(SLOT(label)); - SLOT(label) = NULL; -} - -static void mac_mls_destroy_temp(struct label *label) { @@ -709,7 +709,7 @@ } static void -mac_mls_update_procfsvnode_from_subject(struct vnode *vp, +mac_mls_update_procfsvnode_from_cred(struct vnode *vp, struct label *vnodelabel, struct ucred *cred) { struct mac_mls *source, *dest; @@ -1043,7 +1043,7 @@ * Labeling event operations: processes. */ static void -mac_mls_create_subject(struct ucred *cred_parent, struct ucred *cred_child) +mac_mls_create_cred(struct ucred *cred_parent, struct ucred *cred_child) { struct mac_mls *source, *dest; @@ -1098,7 +1098,7 @@ } static void -mac_mls_relabel_subject(struct ucred *cred, struct label *newlabel) +mac_mls_relabel_cred(struct ucred *cred, struct label *newlabel) { struct mac_mls *source, *dest; @@ -1967,6 +1967,8 @@ (macop_t)mac_mls_init }, { MAC_INIT_BPFDESC, (macop_t)mac_mls_init_bpfdesc }, + { MAC_INIT_CRED, + (macop_t)mac_mls_init_cred }, { MAC_INIT_DEVFSDIRENT, (macop_t)mac_mls_init_devfsdirent }, { MAC_INIT_IFNET, @@ -1981,14 +1983,14 @@ (macop_t)mac_mls_init_pipe }, { MAC_INIT_SOCKET, (macop_t)mac_mls_init_socket }, - { MAC_INIT_SUBJECT, - (macop_t)mac_mls_init_subject }, { MAC_INIT_TEMP, (macop_t)mac_mls_init_temp }, { MAC_INIT_VNODE, (macop_t)mac_mls_init_vnode }, { MAC_DESTROY_BPFDESC, (macop_t)mac_mls_destroy_bpfdesc }, + { MAC_DESTROY_CRED, + (macop_t)mac_mls_destroy_cred }, { MAC_DESTROY_DEVFSDIRENT, (macop_t)mac_mls_destroy_devfsdirent }, { MAC_DESTROY_IFNET, @@ -2003,8 +2005,6 @@ (macop_t)mac_mls_destroy_pipe }, { MAC_DESTROY_SOCKET, (macop_t)mac_mls_destroy_socket }, - { MAC_DESTROY_SUBJECT, - (macop_t)mac_mls_destroy_subject }, { MAC_DESTROY_TEMP, (macop_t)mac_mls_destroy_temp }, { MAC_DESTROY_VNODE, @@ -2029,8 +2029,8 @@ (macop_t)mac_mls_relabel_vnode }, { MAC_UPDATE_DEVFSDIRENT_FROM_VNODE, (macop_t)mac_mls_update_devfsdirent_from_vnode }, - { MAC_UPDATE_PROCFSVNODE_FROM_SUBJECT, - (macop_t)mac_mls_update_procfsvnode_from_subject }, + { MAC_UPDATE_PROCFSVNODE_FROM_CRED, + (macop_t)mac_mls_update_procfsvnode_from_cred }, { MAC_UPDATE_VNODE_FROM_EXTERNALIZED, (macop_t)mac_mls_update_vnode_from_externalized }, { MAC_UPDATE_VNODE_FROM_MOUNT, @@ -2079,8 +2079,8 @@ (macop_t)mac_mls_relabel_ifnet }, { MAC_UPDATE_IPQ_FROM_FRAGMENT, (macop_t)mac_mls_update_ipq_from_fragment }, - { MAC_CREATE_SUBJECT, - (macop_t)mac_mls_create_subject }, + { MAC_CREATE_CRED, + (macop_t)mac_mls_create_cred }, { MAC_EXECVE_TRANSITION, (macop_t)mac_mls_execve_transition }, { MAC_EXECVE_WILL_TRANSITION, @@ -2089,8 +2089,8 @@ (macop_t)mac_mls_create_proc0 }, { MAC_CREATE_PROC1, (macop_t)mac_mls_create_proc1 }, - { MAC_RELABEL_SUBJECT, - (macop_t)mac_mls_relabel_subject }, + { MAC_RELABEL_CRED, + (macop_t)mac_mls_relabel_cred }, { MAC_CHECK_BPFDESC_RECEIVE, (macop_t)mac_mls_check_bpfdesc_receive }, { MAC_CHECK_CRED_RELABEL, ==== //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#57 (text+ko) ==== @@ -108,6 +108,12 @@ } static void +mac_none_init_cred(struct ucred *ucred, struct label *label) +{ + +} + +static void mac_none_init_devfsdirent(struct devfs_dirent *devfs_dirent, struct label *label) { @@ -154,25 +160,25 @@ } static void -mac_none_init_subject(struct ucred *ucred, struct label *label) +mac_none_init_temp(struct label *label) { } static void -mac_none_init_temp(struct label *label) +mac_none_init_vnode(struct vnode *vp, struct label *label) { } static void -mac_none_init_vnode(struct vnode *vp, struct label *label) +mac_none_destroy_bpfdesc(struct bpf_d *bpf_d, struct label *label) { } static void -mac_none_destroy_bpfdesc(struct bpf_d *bpf_d, struct label *label) +mac_none_destroy_cred(struct ucred *ucred, struct label *label) { } @@ -223,12 +229,6 @@ } static void -mac_none_destroy_subject(struct ucred *ucred, struct label *label) -{ - -} - -static void mac_none_destroy_temp(struct label *label) { @@ -316,7 +316,7 @@ } static void -mac_none_update_procfsvnode_from_subject(struct vnode *vp, +mac_none_update_procfsvnode_from_cred(struct vnode *vp, struct label *vnodelabel, struct ucred *cred) { @@ -507,7 +507,7 @@ * Labeling event operations: processes. */ static void -mac_none_create_subject(struct ucred *cred_parent, struct ucred *cred_child) +mac_none_create_cred(struct ucred *cred_parent, struct ucred *cred_child) { } @@ -540,7 +540,7 @@ } static void -mac_none_relabel_subject(struct ucred *cred, struct label *newlabel) +mac_none_relabel_cred(struct ucred *cred, struct label *newlabel) { } @@ -890,6 +890,8 @@ (macop_t)mac_none_init }, { MAC_INIT_BPFDESC, (macop_t)mac_none_init_bpfdesc }, + { MAC_INIT_CRED, + (macop_t)mac_none_init_cred }, { MAC_INIT_DEVFSDIRENT, (macop_t)mac_none_init_devfsdirent }, { MAC_INIT_IFNET, @@ -904,14 +906,14 @@ (macop_t)mac_none_init_pipe }, { MAC_INIT_SOCKET, (macop_t)mac_none_init_socket }, - { MAC_INIT_SUBJECT, - (macop_t)mac_none_init_subject }, { MAC_INIT_TEMP, (macop_t)mac_none_init_temp }, { MAC_INIT_VNODE, (macop_t)mac_none_init_vnode }, { MAC_DESTROY_BPFDESC, (macop_t)mac_none_destroy_bpfdesc }, + { MAC_DESTROY_CRED, + (macop_t)mac_none_destroy_cred }, { MAC_DESTROY_DEVFSDIRENT, (macop_t)mac_none_destroy_devfsdirent }, { MAC_DESTROY_IFNET, @@ -926,8 +928,6 @@ (macop_t)mac_none_destroy_pipe }, { MAC_DESTROY_SOCKET, (macop_t)mac_none_destroy_socket }, - { MAC_DESTROY_SUBJECT, - (macop_t)mac_none_destroy_subject }, { MAC_DESTROY_TEMP, (macop_t)mac_none_destroy_temp }, { MAC_DESTROY_VNODE, @@ -952,8 +952,8 @@ (macop_t)mac_none_relabel_vnode }, { MAC_UPDATE_DEVFSDIRENT_FROM_VNODE, (macop_t)mac_none_update_devfsdirent_from_vnode }, - { MAC_UPDATE_PROCFSVNODE_FROM_SUBJECT, - (macop_t)mac_none_update_procfsvnode_from_subject }, + { MAC_UPDATE_PROCFSVNODE_FROM_CRED, + (macop_t)mac_none_update_procfsvnode_from_cred }, { MAC_UPDATE_VNODE_FROM_EXTERNALIZED, (macop_t)mac_none_update_vnode_from_externalized }, { MAC_UPDATE_VNODE_FROM_MOUNT, @@ -1004,8 +1004,8 @@ (macop_t)mac_none_relabel_ifnet }, { MAC_UPDATE_IPQ_FROM_FRAGMENT, (macop_t)mac_none_update_ipq_from_fragment }, - { MAC_CREATE_SUBJECT, - (macop_t)mac_none_create_subject }, + { MAC_CREATE_CRED, + (macop_t)mac_none_create_cred }, { MAC_EXECVE_TRANSITION, (macop_t)mac_none_execve_transition }, { MAC_EXECVE_WILL_TRANSITION, @@ -1014,8 +1014,8 @@ (macop_t)mac_none_create_proc0 }, { MAC_CREATE_PROC1, (macop_t)mac_none_create_proc1 }, - { MAC_RELABEL_SUBJECT, - (macop_t)mac_none_relabel_subject }, + { MAC_RELABEL_CRED, + (macop_t)mac_none_relabel_cred }, { MAC_CHECK_BPFDESC_RECEIVE, (macop_t)mac_none_check_bpfdesc_receive }, { MAC_CHECK_CRED_RELABEL, ==== //depot/projects/trustedbsd/mac/sys/security/mac_partition/mac_partition.c#10 (text+ko) ==== @@ -88,7 +88,7 @@ } static void -mac_partition_init_subject(struct ucred *ucred, struct label *label) +mac_partition_init_cred(struct ucred *ucred, struct label *label) { SLOT(label) = 0; @@ -102,7 +102,7 @@ } static void -mac_partition_destroy_subject(struct ucred *ucred, struct label *label) +mac_partition_destroy_cred(struct ucred *ucred, struct label *label) { SLOT(label) = 0; @@ -134,8 +134,7 @@ } static void -mac_partition_create_subject(struct ucred *cred_parent, - struct ucred *cred_child) +mac_partition_create_cred(struct ucred *cred_parent, struct ucred *cred_child) { SLOT(&cred_child->cr_label) = SLOT(&cred_parent->cr_label); @@ -146,7 +145,7 @@ struct vnode *vp, struct label *vnodelabel) { - mac_partition_create_subject(old, new); + mac_partition_create_cred(old, new); } static void @@ -164,7 +163,7 @@ } static void -mac_partition_relabel_subject(struct ucred *cred, struct label *newlabel) +mac_partition_relabel_cred(struct ucred *cred, struct label *newlabel) { if (SLOT(newlabel) != 0) @@ -255,28 +254,28 @@ { { MAC_INIT, (macop_t)mac_partition_init }, - { MAC_INIT_SUBJECT, - (macop_t)mac_partition_init_subject }, + { MAC_INIT_CRED, + (macop_t)mac_partition_init_cred }, { MAC_INIT_TEMP, (macop_t)mac_partition_init_temp }, - { MAC_DESTROY_SUBJECT, - (macop_t)mac_partition_destroy_subject }, + { MAC_DESTROY_CRED, + (macop_t)mac_partition_destroy_cred }, { MAC_DESTROY_TEMP, (macop_t)mac_partition_destroy_temp }, { MAC_EXTERNALIZE, (macop_t)mac_partition_externalize }, { MAC_INTERNALIZE, (macop_t)mac_partition_internalize }, - { MAC_CREATE_SUBJECT, - (macop_t)mac_partition_create_subject }, + { MAC_CREATE_CRED, + (macop_t)mac_partition_create_cred }, { MAC_EXECVE_TRANSITION, (macop_t)mac_partition_execve_transition }, { MAC_CREATE_PROC0, (macop_t)mac_partition_create_proc0 }, { MAC_CREATE_PROC1, (macop_t)mac_partition_create_proc1 }, - { MAC_RELABEL_SUBJECT, - (macop_t)mac_partition_relabel_subject }, + { MAC_RELABEL_CRED, + (macop_t)mac_partition_relabel_cred }, { MAC_CHECK_CRED_RELABEL, (macop_t)mac_partition_check_cred_relabel }, { MAC_CHECK_CRED_VISIBLE, ==== //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#62 (text+ko) ==== @@ -210,6 +210,13 @@ } static void +mac_te_init_cred(struct ucred *ucred, struct label *label) +{ + + SLOT(label) = te_alloc(M_WAITOK); +} + +static void mac_te_init_devfsdirent(struct devfs_dirent *devfs_dirent, struct label *label) { @@ -268,28 +275,29 @@ } static void -mac_te_init_subject(struct ucred *ucred, struct label *label) +mac_te_init_temp(struct label *label) { SLOT(label) = te_alloc(M_WAITOK); } static void -mac_te_init_temp(struct label *label) +mac_te_init_vnode(struct vnode *vp, struct label *label) { SLOT(label) = te_alloc(M_WAITOK); } static void -mac_te_init_vnode(struct vnode *vp, struct label *label) +mac_te_destroy_bpfdesc(struct bpf_d *bpf_d, struct label *label) { - SLOT(label) = te_alloc(M_WAITOK); + te_free(SLOT(label)); + SLOT(label) = NULL; } static void -mac_te_destroy_bpfdesc(struct bpf_d *bpf_d, struct label *label) +mac_te_destroy_cred(struct ucred *ucred, struct label *label) { te_free(SLOT(label)); @@ -360,14 +368,6 @@ } static void -mac_te_destroy_subject(struct ucred *ucred, struct label *label) -{ - - te_free(SLOT(label)); - SLOT(label) = NULL; -} - -static void mac_te_destroy_temp(struct label *label) { @@ -590,7 +590,7 @@ } static void -mac_te_create_subject(struct ucred *cred_parent, struct ucred *cred_child) +mac_te_create_cred(struct ucred *cred_parent, struct ucred *cred_child) { mac_te_copy_label(SLOT(&cred_parent->cr_label), @@ -598,7 +598,7 @@ } static void -mac_te_relabel_subject(struct ucred *cred, struct label *newlabel) +mac_te_relabel_cred(struct ucred *cred, struct label *newlabel) { mac_te_copy_label(SLOT(newlabel), SLOT(&cred->cr_label)); @@ -1639,8 +1639,8 @@ } static void -mac_te_update_procfsvnode_from_subject(struct vnode *vp, - struct label *vnodelabel, struct ucred *cred) +mac_te_update_procfsvnode_from_cred(struct vnode *vp, struct label *vnodelabel, + struct ucred *cred) { mac_te_copy_label(SLOT(&cred->cr_label), SLOT(vnodelabel)); @@ -1673,6 +1673,7 @@ static struct mac_policy_op_entry mac_te_ops[] = { { MAC_INIT_BPFDESC, (macop_t)mac_te_init_bpfdesc }, + { MAC_INIT_CRED, (macop_t)mac_te_init_cred }, { MAC_INIT_DEVFSDIRENT, (macop_t)mac_te_init_devfsdirent }, { MAC_INIT_IFNET, (macop_t)mac_te_init_ifnet }, { MAC_INIT_IPQ, (macop_t)mac_te_init_ipq }, @@ -1680,10 +1681,10 @@ { MAC_INIT_MOUNT, (macop_t)mac_te_init_mount }, { MAC_INIT_PIPE, (macop_t)mac_te_init_pipe }, { MAC_INIT_SOCKET, (macop_t)mac_te_init_socket }, - { MAC_INIT_SUBJECT, (macop_t)mac_te_init_subject }, { MAC_INIT_TEMP, (macop_t)mac_te_init_temp }, { MAC_INIT_VNODE, (macop_t)mac_te_init_vnode }, { MAC_DESTROY_BPFDESC, (macop_t)mac_te_destroy_bpfdesc }, + { MAC_DESTROY_CRED, (macop_t)mac_te_destroy_cred }, { MAC_DESTROY_DEVFSDIRENT, (macop_t)mac_te_destroy_devfsdirent }, { MAC_DESTROY_IFNET, (macop_t)mac_te_destroy_ifnet }, { MAC_DESTROY_IPQ, (macop_t)mac_te_destroy_ipq }, @@ -1691,7 +1692,6 @@ { MAC_DESTROY_MOUNT, (macop_t)mac_te_destroy_mount }, { MAC_DESTROY_PIPE, (macop_t)mac_te_destroy_pipe }, { MAC_DESTROY_SOCKET, (macop_t)mac_te_destroy_socket }, - { MAC_DESTROY_SUBJECT, (macop_t)mac_te_destroy_subject }, { MAC_DESTROY_TEMP, (macop_t)mac_te_destroy_temp }, { MAC_DESTROY_VNODE, (macop_t)mac_te_destroy_vnode }, { MAC_CREATE_DEVFS_DEVICE, (macop_t)mac_te_create_devfs_device }, @@ -1735,12 +1735,12 @@ (macop_t)mac_te_create_mbuf_netlayer_from_mbuf }, { MAC_FRAGMENT_MATCHES_IPQ, (macop_t)mac_te_fragment_matches_ipq }, { MAC_RELABEL_IFNET, (macop_t)mac_te_relabel_ifnet }, - { MAC_CREATE_SUBJECT, (macop_t)mac_te_create_subject }, + { MAC_CREATE_CRED, (macop_t)mac_te_create_cred }, { MAC_EXECVE_TRANSITION, (macop_t)mac_te_execve_transition }, { MAC_EXECVE_WILL_TRANSITION, (macop_t)mac_te_execve_will_transition }, { MAC_CREATE_PROC0, (macop_t)mac_te_create_proc0 }, { MAC_CREATE_PROC1, (macop_t)mac_te_create_proc1 }, - { MAC_RELABEL_SUBJECT, (macop_t)mac_te_relabel_subject }, + { MAC_RELABEL_CRED, (macop_t)mac_te_relabel_cred }, { MAC_RELABEL_VNODE, (macop_t)mac_te_relabel_vnode }, { MAC_CHECK_BPFDESC_RECEIVE, (macop_t)mac_te_check_bpfdesc_receive }, @@ -1833,8 +1833,8 @@ { MAC_INTERNALIZE, (macop_t)mac_te_internalize }, { MAC_UPDATE_DEVFSDIRENT_FROM_VNODE, (macop_t)mac_te_update_devfsdirent_from_vnode }, - { MAC_UPDATE_PROCFSVNODE_FROM_SUBJECT, - (macop_t)mac_te_update_procfsvnode_from_subject }, + { MAC_UPDATE_PROCFSVNODE_FROM_CRED, + (macop_t)mac_te_update_procfsvnode_from_cred }, { MAC_UPDATE_VNODE_FROM_EXTERNALIZED, (macop_t)mac_te_update_vnode_from_externalized }, { MAC_UPDATE_VNODE_FROM_MOUNT, ==== //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#27 (text+ko) ==== @@ -87,7 +87,7 @@ #define MOUNTMAGIC 0xc7c46e47 #define SOCKETMAGIC 0x9199c6cd #define PIPEMAGIC 0xdc6c9919 -#define SUBJECTMAGIC 0x9a5a4987 +#define CREDMAGIC 0x9a5a4987 #define TEMPMAGIC 0x70336678 #define VNODEMAGIC 0x1a67a45c #define EXMAGIC 0x849ba1fd @@ -100,6 +100,9 @@ static int init_count_bpfdesc; SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_bpfdesc, CTLFLAG_RD, &init_count_bpfdesc, 0, "bpfdesc init calls"); +static int init_count_cred; +SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_cred, CTLFLAG_RD, + &init_count_cred, 0, "cred init calls"); static int init_count_devfsdirent; SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_devfsdirent, CTLFLAG_RD, &init_count_devfsdirent, 0, "devfsdirent init calls"); @@ -121,9 +124,6 @@ static int init_count_pipe; SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_pipe, CTLFLAG_RD, &init_count_pipe, 0, "pipe init calls"); -static int init_count_subject; -SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_subject, CTLFLAG_RD, - &init_count_subject, 0, "subjec5 init calls"); static int init_count_temp; SYSCTL_INT(_security_mac_test, OID_AUTO, init_count_temp, CTLFLAG_RD, &init_count_temp, 0, "temp init calls"); @@ -134,6 +134,9 @@ static int destroy_count_bpfdesc; SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_bpfdesc, CTLFLAG_RD, &destroy_count_bpfdesc, 0, "bpfdesc destroy calls"); +static int destroy_count_cred; +SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_cred, CTLFLAG_RD, + &destroy_count_cred, 0, "cred destroy calls"); static int destroy_count_devfsdirent; SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_devfsdirent, CTLFLAG_RD, &destroy_count_devfsdirent, 0, "devfsdirent destroy calls"); @@ -155,9 +158,6 @@ static int destroy_count_pipe; SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_pipe, CTLFLAG_RD, &destroy_count_pipe, 0, "pipe destroy calls"); -static int destroy_count_subject; -SYSCTL_INT(_security_mac_test, OID_AUTO, destroy_count_subject, CTLFLAG_RD, - &destroy_count_subject, 0, "subjec5 destroy calls"); >>> TRUNCATED FOR MAIL (1000 lines) <<< To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message