d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

The TrustedBSD MAC Framework named struct ipq instances 'ipq', which is the

Browse Source 
same as the global variable defined in ip_input.c.  Instead, adopt the name
'q' as found in about 1/2 of uses in ip_input.c, preventing a collision on
the name.  This is non-harmful, but means that search and replace on the
global works less well (as in the virtualization work), as well as indexing
tools.

MFC after:	1 week
Reported by:	julian
This commit is contained in:
Robert Watson 2008-06-13 22:14:15 +00:00
parent cbb0775d1a
commit 37f44cb428
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=179781
8 changed files with 73 additions and 74 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
sys/security/mac/mac_framework.h
View File

@ -137,12 +137,12 @@ void mac_inpcb_destroy(struct inpcb *);
int mac_inpcb_init(struct inpcb *, int);
void mac_inpcb_sosetlabel(struct socket *so, struct inpcb *inp);
void mac_ipq_create(struct mbuf *m, struct ipq *ipq);
void mac_ipq_destroy(struct ipq *);
int mac_ipq_init(struct ipq *, int);
int mac_ipq_match(struct mbuf *m, struct ipq *ipq);
void mac_ipq_reassemble(struct ipq *ipq, struct mbuf *m);
void mac_ipq_update(struct mbuf *m, struct ipq *ipq);
void mac_ipq_create(struct mbuf *m, struct ipq *q);
void mac_ipq_destroy(struct ipq *q);
int mac_ipq_init(struct ipq *q, int);
int mac_ipq_match(struct mbuf *m, struct ipq *q);
void mac_ipq_reassemble(struct ipq *q, struct mbuf *m);
void mac_ipq_update(struct mbuf *m, struct ipq *q);
int mac_kenv_check_dump(struct ucred *cred);
int mac_kenv_check_get(struct ucred *cred, char *name);

28
sys/security/mac/mac_inet.c
View File

@ -117,11 +117,11 @@ mac_ipq_label_alloc(int flag)
}
int
mac_ipq_init(struct ipq *ipq, int flag)
mac_ipq_init(struct ipq *q, int flag)
{
ipq->ipq_label = mac_ipq_label_alloc(flag);
if (ipq->ipq_label == NULL)
q->ipq_label = mac_ipq_label_alloc(flag);
if (q->ipq_label == NULL)
return (ENOMEM);
return (0);
}
@ -151,11 +151,11 @@ mac_ipq_label_free(struct label *label)
}
void
mac_ipq_destroy(struct ipq *ipq)
mac_ipq_destroy(struct ipq *q)
{
mac_ipq_label_free(ipq->ipq_label);
ipq->ipq_label = NULL;
mac_ipq_label_free(q->ipq_label);
q->ipq_label = NULL;
}
void
@ -166,13 +166,13 @@ mac_inpcb_create(struct socket *so, struct inpcb *inp)
}
void
mac_ipq_reassemble(struct ipq *ipq, struct mbuf *m)
mac_ipq_reassemble(struct ipq *q, struct mbuf *m)
{
struct label *label;
label = mac_mbuf_to_label(m);
MAC_PERFORM(ipq_reassemble, ipq, ipq->ipq_label, m, label);
MAC_PERFORM(ipq_reassemble, q, q->ipq_label, m, label);
}
void
@ -187,13 +187,13 @@ mac_netinet_fragment(struct mbuf *m, struct mbuf *frag)
}
void
mac_ipq_create(struct mbuf *m, struct ipq *ipq)
mac_ipq_create(struct mbuf *m, struct ipq *q)
{
struct label *label;
label = mac_mbuf_to_label(m);
MAC_PERFORM(ipq_create, m, label, ipq, ipq->ipq_label);
MAC_PERFORM(ipq_create, m, label, q, q->ipq_label);
}
void
@ -208,7 +208,7 @@ mac_inpcb_create_mbuf(struct inpcb *inp, struct mbuf *m)
}
int
mac_ipq_match(struct mbuf *m, struct ipq *ipq)
mac_ipq_match(struct mbuf *m, struct ipq *q)
{
struct label *label;
int result;
@ -216,7 +216,7 @@ mac_ipq_match(struct mbuf *m, struct ipq *ipq)
label = mac_mbuf_to_label(m);
result = 1;
MAC_BOOLEAN(ipq_match, &&, m, label, ipq, ipq->ipq_label);
MAC_BOOLEAN(ipq_match, &&, m, label, q, q->ipq_label);
return (result);
}
@ -278,13 +278,13 @@ mac_netinet_tcp_reply(struct mbuf *m)
}
void
mac_ipq_update(struct mbuf *m, struct ipq *ipq)
mac_ipq_update(struct mbuf *m, struct ipq *q)
{
struct label *label;
label = mac_mbuf_to_label(m);
MAC_PERFORM(ipq_update, m, label, ipq, ipq->ipq_label);
MAC_PERFORM(ipq_update, m, label, q, q->ipq_label);
}
int

11
sys/security/mac/mac_policy.h
View File

@ -199,16 +199,15 @@ typedef void (*mpo_inpcb_sosetlabel_t)(struct socket *so,
struct label *inplabel);
typedef void (*mpo_ipq_create_t)(struct mbuf *m, struct label *mlabel,
struct ipq *ipq, struct label *ipqlabel);
struct ipq *q, struct label *qlabel);
typedef void (*mpo_ipq_destroy_label_t)(struct label *label);
typedef int (*mpo_ipq_init_label_t)(struct label *label, int flag);
typedef int (*mpo_ipq_match_t)(struct mbuf *m, struct label *mlabel,
struct ipq *ipq, struct label *ipqlabel);
typedef void (*mpo_ipq_reassemble)(struct ipq *ipq,
struct label *ipqlabel, struct mbuf *m,
struct label *mlabel);
struct ipq *q, struct label *qlabel);
typedef void (*mpo_ipq_reassemble)(struct ipq *q, struct label *qlabel,
struct mbuf *m, struct label *mlabel);
typedef void (*mpo_ipq_update_t)(struct mbuf *m, struct label *mlabel,
struct ipq *ipq, struct label *ipqlabel);
struct ipq *q, struct label *qlabel);
typedef int (*mpo_kenv_check_dump_t)(struct ucred *cred);
typedef int (*mpo_kenv_check_get_t)(struct ucred *cred, char *name);

20
sys/security/mac_biba/mac_biba.c
View File

@ -1155,36 +1155,36 @@ biba_inpcb_sosetlabel(struct socket *so, struct label *solabel,
}
static void
biba_ipq_create(struct mbuf *m, struct label *mlabel, struct ipq *ipq,
struct label *ipqlabel)
biba_ipq_create(struct mbuf *m, struct label *mlabel, struct ipq *q,
struct label *qlabel)
{
struct mac_biba *source, *dest;
source = SLOT(mlabel);
dest = SLOT(ipqlabel);
dest = SLOT(qlabel);
biba_copy_effective(source, dest);
}
static int
biba_ipq_match(struct mbuf *m, struct label *mlabel, struct ipq *ipq,
struct label *ipqlabel)
biba_ipq_match(struct mbuf *m, struct label *mlabel, struct ipq *q,
struct label *qlabel)
{
struct mac_biba *a, *b;
a = SLOT(ipqlabel);
a = SLOT(qlabel);
b = SLOT(mlabel);
return (biba_equal_effective(a, b));
}
static void
biba_ipq_reassemble(struct ipq *ipq, struct label *ipqlabel, struct mbuf *m,
biba_ipq_reassemble(struct ipq *q, struct label *qlabel, struct mbuf *m,
struct label *mlabel)
{
struct mac_biba *source, *dest;
source = SLOT(ipqlabel);
source = SLOT(qlabel);
dest = SLOT(mlabel);
/* Just use the head, since we require them all to match. */
@ -1192,8 +1192,8 @@ biba_ipq_reassemble(struct ipq *ipq, struct label *ipqlabel, struct mbuf *m,
}
static void
biba_ipq_update(struct mbuf *m, struct label *mlabel, struct ipq *ipq,
struct label *ipqlabel)
biba_ipq_update(struct mbuf *m, struct label *mlabel, struct ipq *q,
struct label *qlabel)
{
/* NOOP: we only accept matching labels, so no need to update */

22
sys/security/mac_lomac/mac_lomac.c
View File

@ -1283,36 +1283,36 @@ lomac_inpcb_sosetlabel(struct socket *so, struct label *solabel,
}
static void
lomac_ipq_create(struct mbuf *m, struct label *mlabel, struct ipq *ipq,
struct label *ipqlabel)
lomac_ipq_create(struct mbuf *m, struct label *mlabel, struct ipq *q,
struct label *qlabel)
{
struct mac_lomac *source, *dest;
source = SLOT(mlabel);
dest = SLOT(ipqlabel);
dest = SLOT(qlabel);
lomac_copy_single(source, dest);
}
static int
lomac_ipq_match(struct mbuf *m, struct label *mlabel, struct ipq *ipq,
struct label *ipqlabel)
lomac_ipq_match(struct mbuf *m, struct label *mlabel, struct ipq *q,
struct label *qlabel)
{
struct mac_lomac *a, *b;
a = SLOT(ipqlabel);
a = SLOT(qlabel);
b = SLOT(mlabel);
return (lomac_equal_single(a, b));
}
static void
lomac_ipq_reassemble(struct ipq *ipq, struct label *ipqlabel,
struct mbuf *m, struct label *mlabel)
lomac_ipq_reassemble(struct ipq *q, struct label *qlabel, struct mbuf *m,
struct label *mlabel)
{
struct mac_lomac *source, *dest;
source = SLOT(ipqlabel);
source = SLOT(qlabel);
dest = SLOT(mlabel);
/* Just use the head, since we require them all to match. */
@ -1320,8 +1320,8 @@ lomac_ipq_reassemble(struct ipq *ipq, struct label *ipqlabel,
}
static void
lomac_ipq_update(struct mbuf *m, struct label *mlabel, struct ipq *ipq,
struct label *ipqlabel)
lomac_ipq_update(struct mbuf *m, struct label *mlabel, struct ipq *q,
struct label *qlabel)
{
/* NOOP: we only accept matching labels, so no need to update */

20
sys/security/mac_mls/mac_mls.c
View File

@ -1075,36 +1075,36 @@ mls_inpcb_sosetlabel(struct socket *so, struct label *solabel,
}
static void
mls_ipq_create(struct mbuf *m, struct label *mlabel, struct ipq *ipq,
struct label *ipqlabel)
mls_ipq_create(struct mbuf *m, struct label *mlabel, struct ipq *q,
struct label *qlabel)
{
struct mac_mls *source, *dest;
source = SLOT(mlabel);
dest = SLOT(ipqlabel);
dest = SLOT(qlabel);
mls_copy_effective(source, dest);
}
static int
mls_ipq_match(struct mbuf *m, struct label *mlabel, struct ipq *ipq,
struct label *ipqlabel)
mls_ipq_match(struct mbuf *m, struct label *mlabel, struct ipq *q,
struct label *qlabel)
{
struct mac_mls *a, *b;
a = SLOT(ipqlabel);
a = SLOT(qlabel);
b = SLOT(mlabel);
return (mls_equal_effective(a, b));
}
static void
mls_ipq_reassemble(struct ipq *ipq, struct label *ipqlabel, struct mbuf *m,
mls_ipq_reassemble(struct ipq *q, struct label *qlabel, struct mbuf *m,
struct label *mlabel)
{
struct mac_mls *source, *dest;
source = SLOT(ipqlabel);
source = SLOT(qlabel);
dest = SLOT(mlabel);
/* Just use the head, since we require them all to match. */
@ -1112,8 +1112,8 @@ mls_ipq_reassemble(struct ipq *ipq, struct label *ipqlabel, struct mbuf *m,
}
static void
mls_ipq_update(struct mbuf *m, struct label *mlabel, struct ipq *ipq,
struct label *ipqlabel)
mls_ipq_update(struct mbuf *m, struct label *mlabel, struct ipq *q,
struct label *qlabel)
{
/* NOOP: we only accept matching labels, so no need to update */

16
sys/security/mac_stub/mac_stub.c
View File

@ -307,30 +307,30 @@ stub_inpcb_sosetlabel(struct socket *so, struct label *solabel,
}
static void
stub_ipq_create(struct mbuf *m, struct label *mlabel, struct ipq *ipq,
struct label *ipqlabel)
stub_ipq_create(struct mbuf *m, struct label *mlabel, struct ipq *q,
struct label *qlabel)
{
}
static int
stub_ipq_match(struct mbuf *m, struct label *mlabel, struct ipq *ipq,
struct label *ipqlabel)
stub_ipq_match(struct mbuf *m, struct label *mlabel, struct ipq *q,
struct label *qlabel)
{
return (1);
}
static void
stub_ipq_reassemble(struct ipq *ipq, struct label *ipqlabel,
struct mbuf *m, struct label *mlabel)
stub_ipq_reassemble(struct ipq *q, struct label *qlabel, struct mbuf *m,
struct label *mlabel)
{
}
static void
stub_ipq_update(struct mbuf *m, struct label *mlabel, struct ipq *ipq,
struct label *ipqlabel)
stub_ipq_update(struct mbuf *m, struct label *mlabel, struct ipq *q,
struct label *qlabel)
{
}

18
sys/security/mac_test/mac_test.c
View File

@ -553,11 +553,11 @@ test_inpcb_sosetlabel(struct socket *so, struct label *solabel,
COUNTER_DECL(ipq_create);
static void
test_ipq_create(struct mbuf *fragment, struct label *fragmentlabel,
struct ipq *ipq, struct label *ipqlabel)
struct ipq *q, struct label *qlabel)
{
LABEL_CHECK(fragmentlabel, MAGIC_MBUF);
LABEL_CHECK(ipqlabel, MAGIC_IPQ);
LABEL_CHECK(qlabel, MAGIC_IPQ);
COUNTER_INC(ipq_create);
}
@ -588,11 +588,11 @@ test_ipq_init_label(struct label *label, int flag)
COUNTER_DECL(ipq_match);
static int
test_ipq_match(struct mbuf *fragment, struct label *fragmentlabel,
struct ipq *ipq, struct label *ipqlabel)
struct ipq *q, struct label *qlabel)
{
LABEL_CHECK(fragmentlabel, MAGIC_MBUF);
LABEL_CHECK(ipqlabel, MAGIC_IPQ);
LABEL_CHECK(qlabel, MAGIC_IPQ);
COUNTER_INC(ipq_match);
return (1);
@ -600,23 +600,23 @@ test_ipq_match(struct mbuf *fragment, struct label *fragmentlabel,
COUNTER_DECL(ipq_reassemble);
static void
test_ipq_reassemble(struct ipq *ipq, struct label *ipqlabel, struct mbuf *m,
test_ipq_reassemble(struct ipq *q, struct label *qlabel, struct mbuf *m,
struct label *mlabel)
{
LABEL_CHECK(ipqlabel, MAGIC_IPQ);
LABEL_CHECK(qlabel, MAGIC_IPQ);
LABEL_CHECK(mlabel, MAGIC_MBUF);
COUNTER_INC(ipq_reassemble);
}
COUNTER_DECL(ipq_update);
static void
test_ipq_update(struct mbuf *m, struct label *mlabel, struct ipq *ipq,
struct label *ipqlabel)
test_ipq_update(struct mbuf *m, struct label *mlabel, struct ipq *q,
struct label *qlabel)
{
LABEL_CHECK(mlabel, MAGIC_MBUF);
LABEL_CHECK(ipqlabel, MAGIC_IPQ);
LABEL_CHECK(qlabel, MAGIC_IPQ);
COUNTER_INC(ipq_update);
}