From owner-p4-projects Mon Aug 12 15:41:15 2002 Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 35C5637B405; Mon, 12 Aug 2002 15:40:49 -0700 (PDT) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B114F37B400 for ; Mon, 12 Aug 2002 15:40:48 -0700 (PDT) Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id EF5AF43E70 for ; Mon, 12 Aug 2002 15:40:47 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from freefall.freebsd.org (perforce@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.4/8.12.4) with ESMTP id g7CMelJU031395 for ; Mon, 12 Aug 2002 15:40:47 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by freefall.freebsd.org (8.12.4/8.12.4/Submit) id g7CMelJc031392 for perforce@freebsd.org; Mon, 12 Aug 2002 15:40:47 -0700 (PDT) Date: Mon, 12 Aug 2002 15:40:47 -0700 (PDT) Message-Id: <200208122240.g7CMelJc031392@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson Subject: PERFORCE change 15883 for review To: Perforce Change Reviews Sender: owner-p4-projects@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG http://people.freebsd.org/~peter/p4db/chv.cgi?CH=15883 Change 15883 by rwatson@rwatson_curry on 2002/08/12 15:40:43 Generally rename mac_*_check_socket_receive() to mac_*_check_socket_deliver(), including MAC_CHECK_SOCKET_RECEIVE and mpo_check_socket_receive(). This allows us to introduce a socket receive check named intuitively. We may also want to rename the bpfdesc_receive() check. Affected files ... .. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#235 edit .. //depot/projects/trustedbsd/mac/sys/netatalk/ddp_input.c#8 edit .. //depot/projects/trustedbsd/mac/sys/netinet/raw_ip.c#17 edit .. //depot/projects/trustedbsd/mac/sys/netinet/tcp_input.c#20 edit .. //depot/projects/trustedbsd/mac/sys/netinet/udp_usrreq.c#17 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#97 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_ifoff/mac_ifoff.c#13 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#79 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#63 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#71 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#33 edit .. //depot/projects/trustedbsd/mac/sys/sys/mac.h#148 edit .. //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#113 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#235 (text+ko) ==== @@ -700,14 +700,14 @@ mpc->mpc_ops->mpo_check_socket_connect = mpe->mpe_function; break; + case MAC_CHECK_SOCKET_DELIVER: + mpc->mpc_ops->mpo_check_socket_deliver = + mpe->mpe_function; + break; case MAC_CHECK_SOCKET_LISTEN: mpc->mpc_ops->mpo_check_socket_listen = mpe->mpe_function; break; - case MAC_CHECK_SOCKET_RECEIVE: - mpc->mpc_ops->mpo_check_socket_receive = - mpe->mpe_function; - break; case MAC_CHECK_SOCKET_RELABEL: mpc->mpc_ops->mpo_check_socket_relabel = mpe->mpe_function; @@ -2592,28 +2592,28 @@ } int -mac_check_socket_listen(struct ucred *cred, struct socket *socket) +mac_check_socket_deliver(struct socket *socket, struct mbuf *mbuf) { int error; if (!mac_enforce_socket) return (0); - MAC_CHECK(check_socket_listen, cred, socket, &socket->so_label); + MAC_CHECK(check_socket_deliver, socket, &socket->so_label, mbuf, + &mbuf->m_pkthdr.label); + return (error); } int -mac_check_socket_receive(struct socket *socket, struct mbuf *mbuf) +mac_check_socket_listen(struct ucred *cred, struct socket *socket) { int error; if (!mac_enforce_socket) return (0); - MAC_CHECK(check_socket_receive, socket, &socket->so_label, mbuf, - &mbuf->m_pkthdr.label); - + MAC_CHECK(check_socket_listen, cred, socket, &socket->so_label); return (error); } ==== //depot/projects/trustedbsd/mac/sys/netatalk/ddp_input.c#8 (text+ko) ==== @@ -398,7 +398,7 @@ } #ifdef MAC - if (mac_check_socket_receive(ddp->ddp_socket, m) != 0) { + if (mac_check_socket_deliver(ddp->ddp_socket, m) != 0) { m_freem( m ); return; } ==== //depot/projects/trustedbsd/mac/sys/netinet/raw_ip.c#17 (text+ko) ==== @@ -158,7 +158,7 @@ #endif /*IPSEC*/ #ifdef MAC if (policyfail == 0 && - mac_check_socket_receive(last->inp_socket, + mac_check_socket_deliver(last->inp_socket, n) != 0) policyfail = 1; #endif @@ -195,7 +195,7 @@ } #endif /*IPSEC*/ #ifdef MAC - if (mac_check_socket_receive(last->inp_socket, m) != 0) { + if (mac_check_socket_deliver(last->inp_socket, m) != 0) { m_freem(m); ipstat.ips_delivered--; return; ==== //depot/projects/trustedbsd/mac/sys/netinet/tcp_input.c#20 (text+ko) ==== @@ -657,7 +657,7 @@ so = inp->inp_socket; #ifdef MAC - error = mac_check_socket_receive(so, m); + error = mac_check_socket_deliver(so, m); if (error) goto drop; #endif ==== //depot/projects/trustedbsd/mac/sys/netinet/udp_usrreq.c#17 (text+ko) ==== @@ -325,7 +325,7 @@ } #endif /*IPSEC*/ #ifdef MAC - if (mac_check_socket_receive(last->inp_socket, + if (mac_check_socket_deliver(last->inp_socket, m) != 0) policyfail = 1; #endif @@ -411,7 +411,7 @@ } #endif /*IPSEC*/ #ifdef MAC - error = mac_check_socket_receive(inp->inp_socket, m); + error = mac_check_socket_deliver(inp->inp_socket, m); if (error) goto bad; #endif ==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#97 (text+ko) ==== @@ -1538,7 +1538,7 @@ } static int -mac_biba_check_socket_receive(struct socket *so, struct label *socketlabel, +mac_biba_check_socket_deliver(struct socket *so, struct label *socketlabel, struct mbuf *m, struct label *mbuflabel) { struct mac_biba *p, *s; @@ -2352,8 +2352,8 @@ (macop_t)mac_biba_check_proc_sched }, { MAC_CHECK_PROC_SIGNAL, (macop_t)mac_biba_check_proc_signal }, - { MAC_CHECK_SOCKET_RECEIVE, - (macop_t)mac_biba_check_socket_receive }, + { MAC_CHECK_SOCKET_DELIVER, + (macop_t)mac_biba_check_socket_deliver }, { MAC_CHECK_SOCKET_RELABEL, (macop_t)mac_biba_check_socket_relabel }, { MAC_CHECK_SOCKET_VISIBLE, ==== //depot/projects/trustedbsd/mac/sys/security/mac_ifoff/mac_ifoff.c#13 (text+ko) ==== @@ -146,7 +146,7 @@ } static int -mac_ifoff_check_socket_receive(struct socket *so, struct label *socketlabel, +mac_ifoff_check_socket_deliver(struct socket *so, struct label *socketlabel, struct mbuf *m, struct label *mbuflabel) { @@ -164,8 +164,8 @@ (macop_t)mac_ifoff_check_bpfdesc_receive }, { MAC_CHECK_IFNET_TRANSMIT, (macop_t)mac_ifoff_check_ifnet_transmit }, - { MAC_CHECK_SOCKET_RECEIVE, - (macop_t)mac_ifoff_check_socket_receive }, + { MAC_CHECK_SOCKET_DELIVER, + (macop_t)mac_ifoff_check_socket_deliver }, { MAC_OP_LAST, NULL } }; ==== //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#79 (text+ko) ==== @@ -1490,7 +1490,7 @@ } static int -mac_mls_check_socket_receive(struct socket *so, struct label *socketlabel, +mac_mls_check_socket_deliver(struct socket *so, struct label *socketlabel, struct mbuf *m, struct label *mbuflabel) { struct mac_mls *p, *s; @@ -2307,8 +2307,8 @@ (macop_t)mac_mls_check_proc_sched }, { MAC_CHECK_PROC_SIGNAL, (macop_t)mac_mls_check_proc_signal }, - { MAC_CHECK_SOCKET_RECEIVE, - (macop_t)mac_mls_check_socket_receive }, + { MAC_CHECK_SOCKET_DELIVER, + (macop_t)mac_mls_check_socket_deliver }, { MAC_CHECK_SOCKET_RELABEL, (macop_t)mac_mls_check_socket_relabel }, { MAC_CHECK_SOCKET_VISIBLE, ==== //depot/projects/trustedbsd/mac/sys/security/mac_none/mac_none.c#63 (text+ko) ==== @@ -654,16 +654,16 @@ } static int -mac_none_check_socket_listen(struct ucred *cred, struct vnode *vp, - struct label *socketlabel) +mac_none_check_socket_deliver(struct socket *so, struct label *socketlabel, + struct mbuf *m, struct label *mbuflabel) { return (0); } static int -mac_none_check_socket_receive(struct socket *so, struct label *socketlabel, - struct mbuf *m, struct label *mbuflabel) +mac_none_check_socket_listen(struct ucred *cred, struct vnode *vp, + struct label *socketlabel) { return (0); @@ -1066,10 +1066,10 @@ (macop_t)mac_none_check_socket_bind }, { MAC_CHECK_SOCKET_CONNECT, (macop_t)mac_none_check_socket_connect }, + { MAC_CHECK_SOCKET_DELIVER, + (macop_t)mac_none_check_socket_deliver }, { MAC_CHECK_SOCKET_LISTEN, (macop_t)mac_none_check_socket_listen }, - { MAC_CHECK_SOCKET_RECEIVE, - (macop_t)mac_none_check_socket_receive }, { MAC_CHECK_SOCKET_RELABEL, (macop_t)mac_none_check_socket_relabel }, { MAC_CHECK_SOCKET_VISIBLE, ==== //depot/projects/trustedbsd/mac/sys/security/mac_te/mac_te.c#71 (text+ko) ==== @@ -780,6 +780,15 @@ } static int +mac_te_check_socket_deliver(struct socket *so, struct label *socketlabel, + struct mbuf *m, struct label *mbuflabel) +{ + + return (mac_te_check(socketlabel, mbuflabel, MAC_TE_CLASS_MBUF, + MAC_TE_OPERATION_MBUF_RECEIVE)); +} + +static int mac_te_check_socket_listen(struct ucred *cred, struct socket *socket, struct label *socketlabel) { @@ -792,15 +801,6 @@ } static int -mac_te_check_socket_receive(struct socket *so, struct label *socketlabel, - struct mbuf *m, struct label *mbuflabel) -{ - - return (mac_te_check(socketlabel, mbuflabel, MAC_TE_CLASS_MBUF, - MAC_TE_OPERATION_MBUF_RECEIVE)); -} - -static int mac_te_check_socket_relabel(struct ucred *cred, struct socket *socket, struct label *socketlabel, struct label *newlabel) { @@ -1781,10 +1781,10 @@ (macop_t)mac_te_check_socket_bind }, { MAC_CHECK_SOCKET_CONNECT, (macop_t)mac_te_check_socket_connect }, + { MAC_CHECK_SOCKET_DELIVER, + (macop_t)mac_te_check_socket_deliver }, { MAC_CHECK_SOCKET_LISTEN, (macop_t)mac_te_check_socket_listen }, - { MAC_CHECK_SOCKET_RECEIVE, - (macop_t)mac_te_check_socket_receive }, { MAC_CHECK_SOCKET_RELABEL, (macop_t)mac_te_check_socket_relabel }, { MAC_CHECK_SOCKET_VISIBLE, ==== //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#33 (text+ko) ==== @@ -862,16 +862,16 @@ } static int -mac_test_check_socket_listen(struct ucred *cred, struct socket *socket, - struct label *socketlabel, struct sockaddr *sockaddr) +mac_test_check_socket_deliver(struct socket *socket, struct label *socketlabel, + struct mbuf *m, struct label *mbuflabel) { return (0); } static int -mac_test_check_socket_receive(struct socket *socket, struct label *socketlabel, - struct mbuf *m, struct label *mbuflabel) +mac_test_check_socket_listen(struct ucred *cred, struct socket *socket, + struct label *socketlabel, struct sockaddr *sockaddr) { return (0); @@ -1272,10 +1272,10 @@ (macop_t)mac_test_check_socket_bind }, { MAC_CHECK_SOCKET_CONNECT, (macop_t)mac_test_check_socket_connect }, + { MAC_CHECK_SOCKET_DELIVER, + (macop_t)mac_test_check_socket_deliver }, { MAC_CHECK_SOCKET_LISTEN, (macop_t)mac_test_check_socket_listen }, - { MAC_CHECK_SOCKET_RECEIVE, - (macop_t)mac_test_check_socket_receive }, { MAC_CHECK_SOCKET_RELABEL, (macop_t)mac_test_check_socket_relabel }, { MAC_CHECK_SOCKET_VISIBLE, ==== //depot/projects/trustedbsd/mac/sys/sys/mac.h#148 (text+ko) ==== @@ -341,8 +341,8 @@ struct sockaddr *sockaddr); int mac_check_socket_connect(struct ucred *cred, struct socket *so, struct sockaddr *sockaddr); +int mac_check_socket_deliver(struct socket *so, struct mbuf *m); int mac_check_socket_listen(struct ucred *cred, struct socket *so); -int mac_check_socket_receive(struct socket *so, struct mbuf *m); int mac_check_socket_visible(struct ucred *cred, struct socket *so); int mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int flags); ==== //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#113 (text+ko) ==== @@ -257,11 +257,11 @@ int (*mpo_check_socket_connect)(struct ucred *cred, struct socket *so, struct label *socketlabel, struct sockaddr *sockaddr); + int (*mpo_check_socket_deliver)(struct socket *so, + struct label *socketlabel, struct mbuf *m, + struct label *mbuflabel); int (*mpo_check_socket_listen)(struct ucred *cred, struct socket *so, struct label *socketlabel); - int (*mpo_check_socket_receive)(struct socket *so, - struct label *socketlabel, struct mbuf *m, - struct label *mbuflabel); int (*mpo_check_socket_relabel)(struct ucred *cred, struct socket *so, struct label *socketlabel, struct label *newlabel); @@ -428,9 +428,9 @@ MAC_CHECK_PROC_SIGNAL, MAC_CHECK_SOCKET_BIND, MAC_CHECK_SOCKET_CONNECT, + MAC_CHECK_SOCKET_DELIVER, MAC_CHECK_SOCKET_LISTEN, MAC_CHECK_SOCKET_RELABEL, - MAC_CHECK_SOCKET_RECEIVE, MAC_CHECK_SOCKET_VISIBLE, MAC_CHECK_VNODE_ACCESS, MAC_CHECK_VNODE_CHDIR, To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message