From owner-p4-projects Tue Nov 5 9:19:17 2002 Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id BB0CF37B406; Tue, 5 Nov 2002 09:19:08 -0800 (PST) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 379AB37B401 for ; Tue, 5 Nov 2002 09:19:08 -0800 (PST) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id B417743E3B for ; Tue, 5 Nov 2002 09:19:07 -0800 (PST) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.12.6/8.12.6) with ESMTP id gA5HHLmV039012 for ; Tue, 5 Nov 2002 09:17:21 -0800 (PST) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.12.6/8.12.6/Submit) id gA5HHKTn039009 for perforce@freebsd.org; Tue, 5 Nov 2002 09:17:20 -0800 (PST) Date: Tue, 5 Nov 2002 09:17:20 -0800 (PST) Message-Id: <200211051717.gA5HHKTn039009@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson Subject: PERFORCE change 20698 for review To: Perforce Change Reviews Sender: owner-p4-projects@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG http://perforce.freebsd.org/chv.cgi?CH=20698 Change 20698 by rwatson@rwatson_tislabs on 2002/11/05 09:16:21 Attempt to consistently refer to the interpreter label as "interpvnodelabel" as opposed to "shelllabel", "interpfilelabel" and various other variations in various files. While I'm here, remove the transition implementations from Biba and MLS, as they don't implement transitioning. Affected files ... .. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#350 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#178 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#34 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#141 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#101 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#77 edit .. //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#56 edit .. //depot/projects/trustedbsd/mac/sys/sys/mac.h#213 edit .. //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#165 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#350 (text+ko) ==== @@ -1321,7 +1321,7 @@ void mac_execve_transition(struct ucred *old, struct ucred *new, struct vnode *vp, - struct label *shelllabel, struct image_params *imgp) + struct label *interpvnodelabel, struct image_params *imgp) { ASSERT_VOP_LOCKED(vp, "mac_execve_transition"); @@ -1330,12 +1330,12 @@ return; MAC_PERFORM(execve_transition, old, new, vp, &vp->v_label, - shelllabel, imgp); + interpvnodelabel, imgp); } int mac_execve_will_transition(struct ucred *old, struct vnode *vp, - struct label *shelllabel, struct image_params *imgp) + struct label *interpvnodelabel, struct image_params *imgp) { int result; @@ -1346,7 +1346,7 @@ result = 0; MAC_BOOLEAN(execve_will_transition, ||, old, vp, &vp->v_label, - shelllabel, imgp); + interpvnodelabel, imgp); return (result); } ==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#178 (text+ko) ==== @@ -1355,29 +1355,6 @@ } static void -mac_biba_execve_transition(struct ucred *old, struct ucred *new, - struct vnode *vp, struct label *vnodelabel, struct label *shellvnodelabel, - struct image_params *imgp) -{ - struct mac_biba *source, *dest; - - source = SLOT(&old->cr_label); - dest = SLOT(&new->cr_label); - - mac_biba_copy_single(source, dest); - mac_biba_copy_range(source, dest); -} - -static int -mac_biba_execve_will_transition(struct ucred *old, struct vnode *vp, - struct label *vnodelabel, struct label *shellvnodelabel, - struct image_params *imgp) -{ - - return (0); -} - -static void mac_biba_create_proc0(struct ucred *cred) { struct mac_biba *dest; @@ -2629,8 +2606,6 @@ .mpo_relabel_ifnet = mac_biba_relabel_ifnet, .mpo_update_ipq = mac_biba_update_ipq, .mpo_create_cred = mac_biba_create_cred, - .mpo_execve_transition = mac_biba_execve_transition, - .mpo_execve_will_transition = mac_biba_execve_will_transition, .mpo_create_proc0 = mac_biba_create_proc0, .mpo_create_proc1 = mac_biba_create_proc1, .mpo_relabel_cred = mac_biba_relabel_cred, ==== //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#34 (text+ko) ==== @@ -1507,15 +1507,15 @@ static void mac_lomac_execve_transition(struct ucred *old, struct ucred *new, - struct vnode *vp, struct label *vnodelabel, struct label *shellvnodelabel, - struct image_params *imgp) + struct vnode *vp, struct label *vnodelabel, + struct label *interpvnodelabel, struct image_params *imgp) { struct mac_lomac *source, *dest, *obj, *robj; source = SLOT(&old->cr_label); dest = SLOT(&new->cr_label); obj = SLOT(vnodelabel); - robj = shellvnodelabel != NULL ? SLOT(shellvnodelabel) : obj; + robj = interpvnodelabel != NULL ? SLOT(interpvnodelabel) : obj; mac_lomac_copy(source, dest); /* @@ -1543,7 +1543,7 @@ static int mac_lomac_execve_will_transition(struct ucred *old, struct vnode *vp, - struct label *vnodelabel, struct label *shellvnodelabel, + struct label *vnodelabel, struct label *interpvnodelabel, struct image_params *imgp) { struct mac_lomac *subj, *obj, *robj; @@ -1553,7 +1553,7 @@ subj = SLOT(&old->cr_label); obj = SLOT(vnodelabel); - robj = shellvnodelabel != NULL ? SLOT(shellvnodelabel) : obj; + robj = interpvnodelabel != NULL ? SLOT(interpvnodelabel) : obj; return ((robj->ml_flags & MAC_LOMAC_FLAG_AUX && !mac_lomac_dominate_element(&robj->ml_auxsingle, &subj->ml_single) ==== //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#141 (text+ko) ==== @@ -1282,29 +1282,6 @@ } static void -mac_mls_execve_transition(struct ucred *old, struct ucred *new, - struct vnode *vp, struct label *vnodelabel, struct label *shellvnodelabel, - struct image_params *imgp) -{ - struct mac_mls *source, *dest; - - source = SLOT(&old->cr_label); - dest = SLOT(&new->cr_label); - - mac_mls_copy_single(source, dest); - mac_mls_copy_range(source, dest); -} - -static int -mac_mls_execve_will_transition(struct ucred *old, struct vnode *vp, - struct label *vnodelabel, struct label *shellvnodelabel, - struct image_params *imgp) -{ - - return (0); -} - -static void mac_mls_create_proc0(struct ucred *cred) { struct mac_mls *dest; @@ -2466,8 +2443,6 @@ .mpo_relabel_ifnet = mac_mls_relabel_ifnet, .mpo_update_ipq = mac_mls_update_ipq, .mpo_create_cred = mac_mls_create_cred, - .mpo_execve_transition = mac_mls_execve_transition, - .mpo_execve_will_transition = mac_mls_execve_will_transition, .mpo_create_proc0 = mac_mls_create_proc0, .mpo_create_proc1 = mac_mls_create_proc1, .mpo_relabel_cred = mac_mls_relabel_cred, ==== //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#101 (text+ko) ==== @@ -416,15 +416,15 @@ static void mac_none_execve_transition(struct ucred *old, struct ucred *new, - struct vnode *vp, struct label *vnodelabel, struct label *shellvnodelabel, - struct image_params *imgp) + struct vnode *vp, struct label *vnodelabel, + struct label *interpvnodelabel, struct image_params *imgp) { } static int mac_none_execve_will_transition(struct ucred *old, struct vnode *vp, - struct label *vnodelabel, struct label *shellvnodelabel, + struct label *vnodelabel, struct label *interpvnodelabel, struct image_params *imgp) { ==== //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#77 (text+ko) ==== @@ -795,15 +795,15 @@ static void mac_test_execve_transition(struct ucred *old, struct ucred *new, - struct vnode *vp, struct label *filelabel, struct label *shellfilelabel, - struct image_params *imgp) + struct vnode *vp, struct label *filelabel, + struct label *interpvnodelabel, struct image_params *imgp) { } static int mac_test_execve_will_transition(struct ucred *old, struct vnode *vp, - struct label *filelabel, struct label *shellfilelabel, + struct label *filelabel, struct label *interpvnodelabel, struct image_params *imgp) { ==== //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#56 (text+ko) ==== @@ -310,7 +310,7 @@ static void sebsd_execve_transition(struct ucred *old, struct ucred *new, struct vnode *vp, struct label *vnodelabel, - struct label *shellvnodelabel, + struct label *interpvnodelabel, struct image_params *imgp) { struct task_security_struct *otask, *ntask; @@ -318,8 +318,8 @@ otask = SLOT(&old->cr_label); ntask = SLOT(&new->cr_label); - if (shellvnodelabel != NULL) - file = SLOT(shellvnodelabel); + if (interpvnodelabel != NULL) + file = SLOT(interpvnodelabel); else file = SLOT(vnodelabel); @@ -351,7 +351,7 @@ static int sebsd_execve_will_transition(struct ucred *old, struct vnode *vp, struct label *vnodelabel, - struct label *shellvnodelabel, + struct label *interpvnodelabel, struct image_params *imgp) { struct task_security_struct *task; @@ -359,8 +359,8 @@ security_id_t newsid; task = SLOT(&old->cr_label); - if (shellvnodelabel != NULL) - file = SLOT(shellvnodelabel); + if (interpvnodelabel != NULL) + file = SLOT(interpvnodelabel); else file = SLOT(vnodelabel); ==== //depot/projects/trustedbsd/mac/sys/sys/mac.h#213 (text+ko) ==== @@ -224,10 +224,10 @@ struct label *execlabel); void mac_execve_exit(struct image_params *imgp); void mac_execve_transition(struct ucred *old, struct ucred *new, - struct vnode *vp, struct label *shelllabel, + struct vnode *vp, struct label *interpvnodelabel, struct image_params *imgp); int mac_execve_will_transition(struct ucred *old, struct vnode *vp, - struct label *shelllabel, struct image_params *imgp); + struct label *interpvnodelabel, struct image_params *imgp); void mac_create_proc0(struct ucred *cred); void mac_create_proc1(struct ucred *cred); void mac_thread_userret(struct thread *td); ==== //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#165 (text+ko) ==== @@ -245,11 +245,11 @@ struct ucred *child_cred); void (*mpo_execve_transition)(struct ucred *old, struct ucred *new, struct vnode *vp, struct label *vnodelabel, - struct label *shellvnodelabel, + struct label *interpvnodelabel, struct image_params *imgp); int (*mpo_execve_will_transition)(struct ucred *old, struct vnode *vp, struct label *vnodelabel, - struct label *shellvnodelabel, + struct label *interpvnodelabel, struct image_params *imgp); void (*mpo_create_proc0)(struct ucred *cred); void (*mpo_create_proc1)(struct ucred *cred); To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message