Date: Thu, 21 Aug 2003 10:32:37 -0700 (PDT) From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 36602 for review Message-ID: <200308211732.h7LHWbjf010535@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=36602 Change 36602 by rwatson@rwatson_tislabs on 2003/08/21 10:31:49 Loop-back integration of mac_stub updates for new entry points and mac_test label life cycle assertion checks from FreeBSD vendor branch to TrustedBSD base branch. Affected files ... .. //depot/projects/trustedbsd/base/sys/security/mac_stub/mac_stub.c#3 integrate .. //depot/projects/trustedbsd/base/sys/security/mac_test/mac_test.c#22 integrate Differences ... ==== //depot/projects/trustedbsd/base/sys/security/mac_stub/mac_stub.c#3 (text+ko) ==== @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/sys/security/mac_stub/mac_stub.c,v 1.31 2003/08/21 16:22:52 rwatson Exp $ + * $FreeBSD: src/sys/security/mac_stub/mac_stub.c,v 1.32 2003/08/21 17:05:36 rwatson Exp $ */ /* @@ -389,6 +389,18 @@ } static void +stub_reflect_mbuf_icmp(struct mbuf *m, struct label *mlabel) +{ + +} + +static void +stub_reflect_mbuf_tcp(struct mbuf *m, struct label *mlabel) +{ + +} + +static void stub_relabel_ifnet(struct ucred *cred, struct ifnet *ifnet, struct label *ifnetlabel, struct label *newlabel) { @@ -772,6 +784,14 @@ } static int +stub_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp, + struct label *label, int attrnamespace, const char *name) +{ + + return (0); +} + +static int stub_check_vnode_exec(struct ucred *cred, struct vnode *vp, struct label *label, struct image_params *imgp, struct label *execlabel) @@ -806,6 +826,14 @@ } static int +stub_check_vnode_listextattr(struct ucred *cred, struct vnode *vp, + struct label *label, int attrnamespace) +{ + + return (0); +} + +static int stub_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, struct label *dlabel, struct componentname *cnp) { @@ -1040,6 +1068,8 @@ .mpo_create_mbuf_multicast_encap = stub_create_mbuf_multicast_encap, .mpo_create_mbuf_netlayer = stub_create_mbuf_netlayer, .mpo_fragment_match = stub_fragment_match, + .mpo_reflect_mbuf_icmp = stub_reflect_mbuf_icmp, + .mpo_reflect_mbuf_tcp = stub_reflect_mbuf_tcp, .mpo_relabel_ifnet = stub_relabel_ifnet, .mpo_update_ipq = stub_update_ipq, .mpo_create_cred = stub_create_cred, @@ -1090,10 +1120,12 @@ .mpo_check_vnode_create = stub_check_vnode_create, .mpo_check_vnode_delete = stub_check_vnode_delete, .mpo_check_vnode_deleteacl = stub_check_vnode_deleteacl, + .mpo_check_vnode_deleteextattr = stub_check_vnode_deleteextattr, .mpo_check_vnode_exec = stub_check_vnode_exec, .mpo_check_vnode_getacl = stub_check_vnode_getacl, .mpo_check_vnode_getextattr = stub_check_vnode_getextattr, .mpo_check_vnode_link = stub_check_vnode_link, + .mpo_check_vnode_listextattr = stub_check_vnode_listextattr, .mpo_check_vnode_lookup = stub_check_vnode_lookup, .mpo_check_vnode_mmap = stub_check_vnode_mmap, .mpo_check_vnode_mprotect = stub_check_vnode_mprotect, ==== //depot/projects/trustedbsd/base/sys/security/mac_test/mac_test.c#22 (text+ko) ==== @@ -1,6 +1,6 @@ /*- * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson - * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. + * Copyright (c) 2001, 2002, 2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed by Robert Watson for the TrustedBSD Project. @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/sys/security/mac_test/mac_test.c,v 1.29 2003/07/05 01:24:36 rwatson Exp $ + * $FreeBSD: src/sys/security/mac_test/mac_test.c,v 1.30 2003/08/21 17:28:45 rwatson Exp $ */ /* @@ -92,6 +92,30 @@ #define EXMAGIC 0x849ba1fd #define SLOT(x) LABEL_TO_SLOT((x), test_slot).l_long + +#define ASSERT_BPF_LABEL(x) KASSERT(SLOT(x) == BPFMAGIC || \ + SLOT(x) == 0, ("%s: Bad BPF label", __func__ )) +#define ASSERT_DEVFS_LABEL(x) KASSERT(SLOT(x) == DEVFSMAGIC || \ + SLOT(x) == 0, ("%s: Bad DEVFS label", __func__ )) +#define ASSERT_IFNET_LABEL(x) KASSERT(SLOT(x) == IFNETMAGIC || \ + SLOT(x) == 0, ("%s: Bad IFNET label", __func__ )) +#define ASSERT_IPQ_LABEL(x) KASSERT(SLOT(x) == IPQMAGIC || \ + SLOT(x) == 0, ("%s: Bad IPQ label", __func__ )) +#define ASSERT_MBUF_LABEL(x) KASSERT(SLOT(x) == MBUFMAGIC || \ + SLOT(x) == 0, ("%s: Bad MBUF label", __func__ )) +#define ASSERT_MOUNT_LABEL(x) KASSERT(SLOT(x) == MOUNTMAGIC || \ + SLOT(x) == 0, ("%s: Bad MOUNT label", __func__ )) +#define ASSERT_SOCKET_LABEL(x) KASSERT(SLOT(x) == SOCKETMAGIC || \ + SLOT(x) == 0, ("%s: Bad SOCKET label", __func__ )) +#define ASSERT_PIPE_LABEL(x) KASSERT(SLOT(x) == PIPEMAGIC || \ + SLOT(x) == 0, ("%s: Bad PIPE label", __func__ )) +#define ASSERT_PROC_LABEL(x) KASSERT(SLOT(x) == PROCMAGIC || \ + SLOT(x) == 0, ("%s: Bad PROC label", __func__ )) +#define ASSERT_CRED_LABEL(x) KASSERT(SLOT(x) == CREDMAGIC || \ + SLOT(x) == 0, ("%s: Bad CRED label", __func__ )) +#define ASSERT_VNODE_LABEL(x) KASSERT(SLOT(x) == VNODEMAGIC || \ + SLOT(x) == 0, ("%s: Bad VNODE label", __func__ )) + static int test_slot; SYSCTL_INT(_security_mac_test, OID_AUTO, slot, CTLFLAG_RD, &test_slot, 0, "Slot allocated by framework"); @@ -536,6 +560,9 @@ atomic_add_int(&externalize_count, 1); + KASSERT(SLOT(label) != EXMAGIC, + ("mac_test_externalize_label: destroyed label")); + return (0); } @@ -546,6 +573,9 @@ atomic_add_int(&internalize_count, 1); + KASSERT(SLOT(label) != EXMAGIC, + ("mac_test_internalize_label: destroyed label")); + return (0); } @@ -559,6 +589,9 @@ struct label *vlabel) { + ASSERT_MOUNT_LABEL(fslabel); + ASSERT_DEVFS_LABEL(delabel); + ASSERT_VNODE_LABEL(vlabel); } static int @@ -566,6 +599,8 @@ struct vnode *vp, struct label *vlabel) { + ASSERT_MOUNT_LABEL(fslabel); + ASSERT_VNODE_LABEL(vlabel); return (0); } @@ -574,6 +609,8 @@ struct label *fslabel, struct vnode *vp, struct label *vlabel) { + ASSERT_MOUNT_LABEL(fslabel); + ASSERT_VNODE_LABEL(vlabel); } static void @@ -581,6 +618,7 @@ struct devfs_dirent *devfs_dirent, struct label *label) { + ASSERT_DEVFS_LABEL(label); } static void @@ -588,6 +626,7 @@ int dirnamelen, struct devfs_dirent *devfs_dirent, struct label *label) { + ASSERT_DEVFS_LABEL(label); } static void @@ -596,6 +635,9 @@ struct label *delabel) { + ASSERT_CRED_LABEL(&cred->cr_label); + ASSERT_DEVFS_LABEL(ddlabel); + ASSERT_DEVFS_LABEL(delabel); } static int @@ -604,6 +646,10 @@ struct vnode *vp, struct label *vlabel, struct componentname *cnp) { + ASSERT_CRED_LABEL(&cred->cr_label); + ASSERT_MOUNT_LABEL(fslabel); + ASSERT_VNODE_LABEL(dlabel); + return (0); } @@ -612,6 +658,9 @@ struct label *mntlabel, struct label *fslabel) { + ASSERT_CRED_LABEL(&cred->cr_label); + ASSERT_MOUNT_LABEL(mntlabel); + ASSERT_MOUNT_LABEL(fslabel); } static void @@ -619,6 +668,9 @@ struct label *mntlabel, struct label *fslabel) { + ASSERT_CRED_LABEL(&cred->cr_label); + ASSERT_MOUNT_LABEL(mntlabel); + ASSERT_MOUNT_LABEL(fslabel); } static void @@ -626,6 +678,9 @@ struct label *vnodelabel, struct label *label) { + ASSERT_CRED_LABEL(&cred->cr_label); + ASSERT_VNODE_LABEL(vnodelabel); + ASSERT_VNODE_LABEL(label); } static int @@ -633,6 +688,9 @@ struct label *vlabel, struct label *intlabel) { + ASSERT_CRED_LABEL(&cred->cr_label); + ASSERT_VNODE_LABEL(vlabel); + ASSERT_VNODE_LABEL(intlabel); return (0); } @@ -642,6 +700,8 @@ struct vnode *vp, struct label *vnodelabel) { + ASSERT_DEVFS_LABEL(direntlabel); + ASSERT_VNODE_LABEL(vnodelabel); } /* @@ -652,6 +712,8 @@ struct mbuf *m, struct label *mbuflabel) { + ASSERT_SOCKET_LABEL(socketlabel); + ASSERT_MBUF_LABEL(mbuflabel); } static void @@ -659,6 +721,8 @@ struct label *socketlabel) { + ASSERT_CRED_LABEL(&cred->cr_label); + ASSERT_SOCKET_LABEL(socketlabel); } static void @@ -666,6 +730,8 @@ struct label *pipelabel) { + ASSERT_CRED_LABEL(&cred->cr_label); + ASSERT_PIPE_LABEL(pipelabel); } static void @@ -674,6 +740,8 @@ struct label *newsocketlabel) { + ASSERT_SOCKET_LABEL(oldsocketlabel); + ASSERT_SOCKET_LABEL(newsocketlabel); } static void @@ -681,6 +749,8 @@ struct label *socketlabel, struct label *newlabel) { + ASSERT_CRED_LABEL(&cred->cr_label); + ASSERT_SOCKET_LABEL(newlabel); } static void @@ -688,6 +758,9 @@ struct label *pipelabel, struct label *newlabel) { + ASSERT_CRED_LABEL(&cred->cr_label); + ASSERT_PIPE_LABEL(pipelabel); + ASSERT_PIPE_LABEL(newlabel); } static void @@ -695,6 +768,8 @@ struct socket *socket, struct label *socketpeerlabel) { + ASSERT_MBUF_LABEL(mbuflabel); + ASSERT_SOCKET_LABEL(socketpeerlabel); } /* @@ -706,6 +781,8 @@ struct label *newsocketpeerlabel) { + ASSERT_SOCKET_LABEL(oldsocketlabel); + ASSERT_SOCKET_LABEL(newsocketpeerlabel); } static void @@ -713,6 +790,8 @@ struct label *bpflabel) { + ASSERT_CRED_LABEL(&cred->cr_label); + ASSERT_BPF_LABEL(bpflabel); } static void @@ -720,6 +799,8 @@ struct mbuf *datagram, struct label *datagramlabel) { + ASSERT_IPQ_LABEL(ipqlabel); + ASSERT_MBUF_LABEL(datagramlabel); } static void @@ -727,12 +808,15 @@ struct mbuf *fragment, struct label *fragmentlabel) { + ASSERT_MBUF_LABEL(datagramlabel); + ASSERT_MBUF_LABEL(fragmentlabel); } static void mac_test_create_ifnet(struct ifnet *ifnet, struct label *ifnetlabel) { + ASSERT_IFNET_LABEL(ifnetlabel); } static void @@ -740,6 +824,8 @@ struct ipq *ipq, struct label *ipqlabel) { + ASSERT_MBUF_LABEL(fragmentlabel); + ASSERT_IPQ_LABEL(ipqlabel); } static void @@ -748,6 +834,8 @@ struct label *newmbuflabel) { + ASSERT_MBUF_LABEL(oldmbuflabel); + ASSERT_MBUF_LABEL(newmbuflabel); } static void @@ -755,6 +843,8 @@ struct mbuf *mbuf, struct label *mbuflabel) { + ASSERT_IFNET_LABEL(ifnetlabel); + ASSERT_MBUF_LABEL(mbuflabel); } static void @@ -762,6 +852,8 @@ struct mbuf *mbuf, struct label *mbuflabel) { + ASSERT_BPF_LABEL(bpflabel); + ASSERT_MBUF_LABEL(mbuflabel); } static void @@ -769,6 +861,8 @@ struct mbuf *m, struct label *mbuflabel) { + ASSERT_IFNET_LABEL(ifnetlabel); + ASSERT_MBUF_LABEL(mbuflabel); } static void @@ -777,6 +871,9 @@ struct mbuf *newmbuf, struct label *newmbuflabel) { + ASSERT_MBUF_LABEL(oldmbuflabel); + ASSERT_IFNET_LABEL(ifnetlabel); + ASSERT_MBUF_LABEL(newmbuflabel); } static void @@ -785,6 +882,8 @@ struct label *newmbuflabel) { + ASSERT_MBUF_LABEL(oldmbuflabel); + ASSERT_MBUF_LABEL(newmbuflabel); } static int @@ -792,14 +891,34 @@ struct ipq *ipq, struct label *ipqlabel) { + ASSERT_MBUF_LABEL(fragmentlabel); + ASSERT_IPQ_LABEL(ipqlabel); + return (1); } static void +mac_test_reflect_mbuf_icmp(struct mbuf *m, struct label *mlabel) +{ + + ASSERT_MBUF_LABEL(mlabel); +} + +static void +mac_test_reflect_mbuf_tcp(struct mbuf *m, struct label *mlabel) +{ + + ASSERT_MBUF_LABEL(mlabel); +} + +static void mac_test_relabel_ifnet(struct ucred *cred, struct ifnet *ifnet, struct label *ifnetlabel, struct label *newlabel) { + ASSERT_CRED_LABEL(&cred->cr_label); + ASSERT_IFNET_LABEL(ifnetlabel); + ASSERT_IFNET_LABEL(newlabel); } static void @@ -807,6 +926,8 @@ struct ipq *ipq, struct label *ipqlabel) { + ASSERT_MBUF_LABEL(fragmentlabel); + ASSERT_IPQ_LABEL(ipqlabel); } /* @@ -816,6 +937,8 @@ mac_test_create_cred(struct ucred *cred_parent, struct ucred *cred_child) { + ASSERT_CRED_LABEL(&cred_parent->cr_label); + ASSERT_CRED_LABEL(&cred_child->cr_label); } static void @@ -825,6 +948,13 @@ struct label *execlabel) { + ASSERT_CRED_LABEL(&old->cr_label); + ASSERT_CRED_LABEL(&new->cr_label); + ASSERT_VNODE_LABEL(filelabel); + ASSERT_VNODE_LABEL(interpvnodelabel); + if (execlabel != NULL) { + ASSERT_CRED_LABEL(execlabel); + } } static int @@ -833,6 +963,15 @@ struct image_params *imgp, struct label *execlabel) { + ASSERT_CRED_LABEL(&old->cr_label); + ASSERT_VNODE_LABEL(filelabel); + if (interpvnodelabel != NULL) { + ASSERT_VNODE_LABEL(interpvnodelabel); + } + if (execlabel != NULL) { + ASSERT_CRED_LABEL(execlabel); + } + return (0); } @@ -840,24 +979,30 @@ mac_test_create_proc0(struct ucred *cred) { + ASSERT_CRED_LABEL(&cred->cr_label); } static void mac_test_create_proc1(struct ucred *cred) { + ASSERT_CRED_LABEL(&cred->cr_label); } static void mac_test_relabel_cred(struct ucred *cred, struct label *newlabel) { + ASSERT_CRED_LABEL(&cred->cr_label); + ASSERT_VNODE_LABEL(newlabel); } static void mac_test_thread_userret(struct thread *td) { + printf("mac_test_thread_userret(process = %d)\n", + curthread->td_proc->p_pid); } /* @@ -868,6 +1013,9 @@ struct ifnet *ifnet, struct label *ifnetlabel) { + ASSERT_BPF_LABEL(bpflabel); + ASSERT_IFNET_LABEL(ifnetlabel); + return (0); } @@ -875,6 +1023,9 @@ mac_test_check_cred_relabel(struct ucred *cred, struct label *newlabel) { + ASSERT_CRED_LABEL(&cred->cr_label); + ASSERT_CRED_LABEL(newlabel); + return (0); } @@ -882,6 +1033,9 @@ mac_test_check_cred_visible(struct ucred *u1, struct ucred *u2) { + ASSERT_CRED_LABEL(&u1->cr_label); + ASSERT_CRED_LABEL(&u2->cr_label); + return (0); } @@ -890,6 +1044,9 @@ struct label *ifnetlabel, struct label *newlabel) { + ASSERT_CRED_LABEL(&cred->cr_label); + ASSERT_IFNET_LABEL(ifnetlabel); + ASSERT_IFNET_LABEL(newlabel); return (0); } @@ -898,6 +1055,9 @@ struct mbuf *m, struct label *mbuflabel) { + ASSERT_IFNET_LABEL(ifnetlabel); + ASSERT_MBUF_LABEL(mbuflabel); + return (0); } @@ -905,6 +1065,8 @@ mac_test_check_kenv_dump(struct ucred *cred) { + ASSERT_CRED_LABEL(&cred->cr_label); + return (0); } @@ -912,6 +1074,8 @@ mac_test_check_kenv_get(struct ucred *cred, char *name) { + ASSERT_CRED_LABEL(&cred->cr_label); + return (0); } @@ -919,6 +1083,8 @@ mac_test_check_kenv_set(struct ucred *cred, char *name, char *value) { + ASSERT_CRED_LABEL(&cred->cr_label); + return (0); } @@ -926,6 +1092,8 @@ mac_test_check_kenv_unset(struct ucred *cred, char *name) { + ASSERT_CRED_LABEL(&cred->cr_label); + return (0); } @@ -934,6 +1102,9 @@ struct label *label) { + ASSERT_CRED_LABEL(&cred->cr_label); + ASSERT_VNODE_LABEL(label); + return (0); } @@ -941,6 +1112,8 @@ mac_test_check_kld_stat(struct ucred *cred) { + ASSERT_CRED_LABEL(&cred->cr_label); + return (0); } @@ -948,6 +1121,8 @@ mac_test_check_kld_unload(struct ucred *cred) { + ASSERT_CRED_LABEL(&cred->cr_label); + return (0); } @@ -956,6 +1131,9 @@ struct label *mntlabel) { + ASSERT_CRED_LABEL(&cred->cr_label); + ASSERT_MOUNT_LABEL(mntlabel); + return (0); } @@ -964,6 +1142,9 @@ struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data) { + ASSERT_CRED_LABEL(&cred->cr_label); + ASSERT_PIPE_LABEL(pipelabel); + return (0); } @@ -972,6 +1153,9 @@ struct label *pipelabel) { + ASSERT_CRED_LABEL(&cred->cr_label); + ASSERT_PIPE_LABEL(pipelabel); + return (0); } @@ -980,6 +1164,9 @@ struct label *pipelabel) { + ASSERT_CRED_LABEL(&cred->cr_label); + ASSERT_PIPE_LABEL(pipelabel); + return (0); } @@ -988,6 +1175,10 @@ struct label *pipelabel, struct label *newlabel) { + ASSERT_CRED_LABEL(&cred->cr_label); + ASSERT_PIPE_LABEL(pipelabel); + ASSERT_PIPE_LABEL(newlabel); + return (0); } @@ -996,6 +1187,9 @@ struct label *pipelabel) { + ASSERT_CRED_LABEL(&cred->cr_label); + ASSERT_PIPE_LABEL(pipelabel); + return (0); } @@ -1004,6 +1198,9 @@ struct label *pipelabel) { + ASSERT_CRED_LABEL(&cred->cr_label); + ASSERT_PIPE_LABEL(pipelabel); + return (0); } @@ -1011,6 +1208,9 @@ mac_test_check_proc_debug(struct ucred *cred, struct proc *proc) { + ASSERT_CRED_LABEL(&cred->cr_label); + ASSERT_CRED_LABEL(&proc->p_ucred->cr_label); + return (0); } @@ -1018,6 +1218,9 @@ mac_test_check_proc_sched(struct ucred *cred, struct proc *proc) { + ASSERT_CRED_LABEL(&cred->cr_label); + ASSERT_CRED_LABEL(&proc->p_ucred->cr_label); + return (0); } @@ -1025,6 +1228,9 @@ mac_test_check_proc_signal(struct ucred *cred, struct proc *proc, int signum) { + ASSERT_CRED_LABEL(&cred->cr_label); + ASSERT_CRED_LABEL(&proc->p_ucred->cr_label); + return (0); } @@ -1033,6 +1239,9 @@ struct label *socketlabel, struct sockaddr *sockaddr) { + ASSERT_CRED_LABEL(&cred->cr_label); + ASSERT_SOCKET_LABEL(socketlabel); + return (0); } @@ -1041,6 +1250,9 @@ struct label *socketlabel, struct sockaddr *sockaddr) { + ASSERT_CRED_LABEL(&cred->cr_label); + ASSERT_SOCKET_LABEL(socketlabel); + return (0); } @@ -1049,6 +1261,9 @@ struct mbuf *m, struct label *mbuflabel) { + ASSERT_SOCKET_LABEL(socketlabel); + ASSERT_MBUF_LABEL(mbuflabel); + return (0); } @@ -1057,6 +1272,9 @@ struct label *socketlabel) { + ASSERT_CRED_LABEL(&cred->cr_label); + ASSERT_SOCKET_LABEL(socketlabel); + return (0); } @@ -1065,6 +1283,9 @@ struct label *socketlabel) { + ASSERT_CRED_LABEL(&cred->cr_label); + ASSERT_SOCKET_LABEL(socketlabel); + return (0); } @@ -1073,6 +1294,10 @@ struct label *socketlabel, struct label *newlabel) { + ASSERT_CRED_LABEL(&cred->cr_label); + ASSERT_SOCKET_LABEL(socketlabel); + ASSERT_SOCKET_LABEL(newlabel); + return (0); } @@ -1080,6 +1305,8 @@ mac_test_check_sysarch_ioperm(struct ucred *cred) { + ASSERT_CRED_LABEL(&cred->cr_label); + return (0); } @@ -1088,6 +1315,8 @@ struct label *label) { + ASSERT_CRED_LABEL(&cred->cr_label); + return (0); } @@ -1095,6 +1324,8 @@ mac_test_check_system_reboot(struct ucred *cred, int how) { + ASSERT_CRED_LABEL(&cred->cr_label); + return (0); } @@ -1102,6 +1333,8 @@ mac_test_check_system_settime(struct ucred *cred) { + ASSERT_CRED_LABEL(&cred->cr_label); + return (0); } @@ -1110,6 +1343,9 @@ struct label *label) { + ASSERT_CRED_LABEL(&cred->cr_label); + ASSERT_VNODE_LABEL(label); + return (0); } @@ -1118,6 +1354,9 @@ struct label *label) { + ASSERT_CRED_LABEL(&cred->cr_label); + ASSERT_VNODE_LABEL(label); + return (0); } @@ -1126,6 +1365,8 @@ void *old, size_t *oldlenp, int inkernel, void *new, size_t newlen) { + ASSERT_CRED_LABEL(&cred->cr_label); + return (0); } @@ -1134,6 +1375,9 @@ struct label *label, int acc_mode) { + ASSERT_CRED_LABEL(&cred->cr_label); + ASSERT_VNODE_LABEL(label); + return (0); } @@ -1142,6 +1386,9 @@ struct label *dlabel) { + ASSERT_CRED_LABEL(&cred->cr_label); + ASSERT_VNODE_LABEL(dlabel); + return (0); } @@ -1150,6 +1397,9 @@ struct label *dlabel) { + ASSERT_CRED_LABEL(&cred->cr_label); + ASSERT_VNODE_LABEL(dlabel); + return (0); } @@ -1158,6 +1408,9 @@ struct label *dlabel, struct componentname *cnp, struct vattr *vap) { + ASSERT_CRED_LABEL(&cred->cr_label); + ASSERT_VNODE_LABEL(dlabel); + return (0); } @@ -1167,6 +1420,10 @@ struct componentname *cnp) { + ASSERT_CRED_LABEL(&cred->cr_label); + ASSERT_VNODE_LABEL(dlabel); + ASSERT_VNODE_LABEL(label); + return (0); } @@ -1175,6 +1432,20 @@ struct label *label, acl_type_t type) { + ASSERT_CRED_LABEL(&cred->cr_label); + ASSERT_VNODE_LABEL(label); + + return (0); +} + +static int +mac_test_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp, + struct label *label, int attrnamespace, const char *name) +{ + + ASSERT_CRED_LABEL(&cred->cr_label); + ASSERT_VNODE_LABEL(label); + return (0); } @@ -1184,6 +1455,12 @@ struct label *execlabel) { + ASSERT_CRED_LABEL(&cred->cr_label); + ASSERT_VNODE_LABEL(label); + if (execlabel != NULL) { + ASSERT_CRED_LABEL(execlabel); + } + return (0); } @@ -1192,6 +1469,9 @@ struct label *label, acl_type_t type) { + ASSERT_CRED_LABEL(&cred->cr_label); + ASSERT_VNODE_LABEL(label); + return (0); } >>> TRUNCATED FOR MAIL (1000 lines) <<<
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200308211732.h7LHWbjf010535>