Rename mac_check_socket_receive() to mac_check_socket_deliver() so that
we can use the names _receive() and _send() for the receive() and send() checks. Rename related constants, policy implementations, etc. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
This commit is contained in:
Robert Watson
parent
d61198e422
commit
fb95b5d3c3
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=101934
@ -159,7 +159,7 @@ rip_input(m, off)
|
||||
#endif /*IPSEC*/
|
||||
#ifdef MAC
|
||||
if (policyfail == 0 &&
|
||||
mac_check_socket_receive(last->inp_socket,
|
||||
mac_check_socket_deliver(last->inp_socket,
|
||||
n) != 0)
|
||||
policyfail = 1;
|
||||
#endif
|
||||
@ -196,7 +196,7 @@ rip_input(m, off)
|
||||
}
|
||||
#endif /*IPSEC*/
|
||||
#ifdef MAC
|
||||
if (mac_check_socket_receive(last->inp_socket, m) != 0) {
|
||||
if (mac_check_socket_deliver(last->inp_socket, m) != 0) {
|
||||
m_freem(m);
|
||||
ipstat.ips_delivered--;
|
||||
return;
|
||||
|
||||
@ -657,7 +657,7 @@ tcp_input(m, off0)
|
||||
|
||||
so = inp->inp_socket;
|
||||
#ifdef MAC
|
||||
error = mac_check_socket_receive(so, m);
|
||||
error = mac_check_socket_deliver(so, m);
|
||||
if (error)
|
||||
goto drop;
|
||||
#endif
|
||||
|
||||
@ -657,7 +657,7 @@ tcp_input(m, off0)
|
||||
|
||||
so = inp->inp_socket;
|
||||
#ifdef MAC
|
||||
error = mac_check_socket_receive(so, m);
|
||||
error = mac_check_socket_deliver(so, m);
|
||||
if (error)
|
||||
goto drop;
|
||||
#endif
|
||||
|
||||
@ -320,7 +320,7 @@ udp_input(m, off)
|
||||
}
|
||||
#endif /*IPSEC*/
|
||||
#ifdef MAC
|
||||
if (mac_check_socket_receive(last->inp_socket,
|
||||
if (mac_check_socket_deliver(last->inp_socket,
|
||||
m) != 0)
|
||||
policyfail = 1;
|
||||
#endif
|
||||
@ -406,7 +406,7 @@ udp_input(m, off)
|
||||
}
|
||||
#endif /*IPSEC*/
|
||||
#ifdef MAC
|
||||
error = mac_check_socket_receive(inp->inp_socket, m);
|
||||
error = mac_check_socket_deliver(inp->inp_socket, m);
|
||||
if (error)
|
||||
goto bad;
|
||||
#endif
|
||||
|
||||
@ -318,8 +318,8 @@ int mac_check_socket_bind(struct ucred *cred, struct socket *so,
|
||||
struct sockaddr *sockaddr);
|
||||
int mac_check_socket_connect(struct ucred *cred, struct socket *so,
|
||||
struct sockaddr *sockaddr);
|
||||
int mac_check_socket_deliver(struct socket *so, struct mbuf *m);
|
||||
int mac_check_socket_listen(struct ucred *cred, struct socket *so);
|
||||
int mac_check_socket_receive(struct socket *so, struct mbuf *m);
|
||||
int mac_check_socket_visible(struct ucred *cred, struct socket *so);
|
||||
int mac_check_vnode_access(struct ucred *cred, struct vnode *vp,
|
||||
int flags);
|
||||
|
||||
@ -250,11 +250,11 @@ struct mac_policy_ops {
|
||||
int (*mpo_check_socket_connect)(struct ucred *cred,
|
||||
struct socket *so, struct label *socketlabel,
|
||||
struct sockaddr *sockaddr);
|
||||
int (*mpo_check_socket_listen)(struct ucred *cred,
|
||||
struct socket *so, struct label *socketlabel);
|
||||
int (*mpo_check_socket_receive)(struct socket *so,
|
||||
int (*mpo_check_socket_deliver)(struct socket *so,
|
||||
struct label *socketlabel, struct mbuf *m,
|
||||
struct label *mbuflabel);
|
||||
int (*mpo_check_socket_listen)(struct ucred *cred,
|
||||
struct socket *so, struct label *socketlabel);
|
||||
int (*mpo_check_socket_relabel)(struct ucred *cred,
|
||||
struct socket *so, struct label *socketlabel,
|
||||
struct label *newlabel);
|
||||
@ -411,9 +411,9 @@ enum mac_op_constant {
|
||||
MAC_CHECK_PROC_SIGNAL,
|
||||
MAC_CHECK_SOCKET_BIND,
|
||||
MAC_CHECK_SOCKET_CONNECT,
|
||||
MAC_CHECK_SOCKET_DELIVER,
|
||||
MAC_CHECK_SOCKET_LISTEN,
|
||||
MAC_CHECK_SOCKET_RELABEL,
|
||||
MAC_CHECK_SOCKET_RECEIVE,
|
||||
MAC_CHECK_SOCKET_VISIBLE,
|
||||
MAC_CHECK_VNODE_ACCESS,
|
||||
MAC_CHECK_VNODE_CHDIR,
|
||||
|
||||
@ -1424,7 +1424,7 @@ mac_biba_check_proc_signal(struct ucred *cred, struct proc *proc, int signum)
|
||||
}
|
||||
|
||||
static int
|
||||
mac_biba_check_socket_receive(struct socket *so, struct label *socketlabel,
|
||||
mac_biba_check_socket_deliver(struct socket *so, struct label *socketlabel,
|
||||
struct mbuf *m, struct label *mbuflabel)
|
||||
{
|
||||
struct mac_biba *p, *s;
|
||||
@ -2161,8 +2161,8 @@ static struct mac_policy_op_entry mac_biba_ops[] =
|
||||
(macop_t)mac_biba_check_proc_sched },
|
||||
{ MAC_CHECK_PROC_SIGNAL,
|
||||
(macop_t)mac_biba_check_proc_signal },
|
||||
{ MAC_CHECK_SOCKET_RECEIVE,
|
||||
(macop_t)mac_biba_check_socket_receive },
|
||||
{ MAC_CHECK_SOCKET_DELIVER,
|
||||
(macop_t)mac_biba_check_socket_deliver },
|
||||
{ MAC_CHECK_SOCKET_RELABEL,
|
||||
(macop_t)mac_biba_check_socket_relabel },
|
||||
{ MAC_CHECK_SOCKET_VISIBLE,
|
||||
|
||||
@ -146,7 +146,7 @@ mac_ifoff_check_ifnet_transmit(struct ifnet *ifnet, struct label *ifnetlabel,
|
||||
}
|
||||
|
||||
static int
|
||||
mac_ifoff_check_socket_receive(struct socket *so, struct label *socketlabel,
|
||||
mac_ifoff_check_socket_deliver(struct socket *so, struct label *socketlabel,
|
||||
struct mbuf *m, struct label *mbuflabel)
|
||||
{
|
||||
|
||||
@ -164,8 +164,8 @@ static struct mac_policy_op_entry mac_ifoff_ops[] =
|
||||
(macop_t)mac_ifoff_check_bpfdesc_receive },
|
||||
{ MAC_CHECK_IFNET_TRANSMIT,
|
||||
(macop_t)mac_ifoff_check_ifnet_transmit },
|
||||
{ MAC_CHECK_SOCKET_RECEIVE,
|
||||
(macop_t)mac_ifoff_check_socket_receive },
|
||||
{ MAC_CHECK_SOCKET_DELIVER,
|
||||
(macop_t)mac_ifoff_check_socket_deliver },
|
||||
{ MAC_OP_LAST, NULL }
|
||||
};
|
||||
|
||||
|
||||
@ -1371,7 +1371,7 @@ mac_mls_check_proc_signal(struct ucred *cred, struct proc *proc, int signum)
|
||||
}
|
||||
|
||||
static int
|
||||
mac_mls_check_socket_receive(struct socket *so, struct label *socketlabel,
|
||||
mac_mls_check_socket_deliver(struct socket *so, struct label *socketlabel,
|
||||
struct mbuf *m, struct label *mbuflabel)
|
||||
{
|
||||
struct mac_mls *p, *s;
|
||||
@ -2112,8 +2112,8 @@ static struct mac_policy_op_entry mac_mls_ops[] =
|
||||
(macop_t)mac_mls_check_proc_sched },
|
||||
{ MAC_CHECK_PROC_SIGNAL,
|
||||
(macop_t)mac_mls_check_proc_signal },
|
||||
{ MAC_CHECK_SOCKET_RECEIVE,
|
||||
(macop_t)mac_mls_check_socket_receive },
|
||||
{ MAC_CHECK_SOCKET_DELIVER,
|
||||
(macop_t)mac_mls_check_socket_deliver },
|
||||
{ MAC_CHECK_SOCKET_RELABEL,
|
||||
(macop_t)mac_mls_check_socket_relabel },
|
||||
{ MAC_CHECK_SOCKET_VISIBLE,
|
||||
|
||||
@ -654,16 +654,16 @@ mac_none_check_socket_connect(struct ucred *cred, struct socket *socket,
|
||||
}
|
||||
|
||||
static int
|
||||
mac_none_check_socket_listen(struct ucred *cred, struct vnode *vp,
|
||||
struct label *socketlabel)
|
||||
mac_none_check_socket_deliver(struct socket *so, struct label *socketlabel,
|
||||
struct mbuf *m, struct label *mbuflabel)
|
||||
{
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
||||
static int
|
||||
mac_none_check_socket_receive(struct socket *so, struct label *socketlabel,
|
||||
struct mbuf *m, struct label *mbuflabel)
|
||||
mac_none_check_socket_listen(struct ucred *cred, struct vnode *vp,
|
||||
struct label *socketlabel)
|
||||
{
|
||||
|
||||
return (0);
|
||||
@ -1042,10 +1042,10 @@ static struct mac_policy_op_entry mac_none_ops[] =
|
||||
(macop_t)mac_none_check_socket_bind },
|
||||
{ MAC_CHECK_SOCKET_CONNECT,
|
||||
(macop_t)mac_none_check_socket_connect },
|
||||
{ MAC_CHECK_SOCKET_DELIVER,
|
||||
(macop_t)mac_none_check_socket_deliver },
|
||||
{ MAC_CHECK_SOCKET_LISTEN,
|
||||
(macop_t)mac_none_check_socket_listen },
|
||||
{ MAC_CHECK_SOCKET_RECEIVE,
|
||||
(macop_t)mac_none_check_socket_receive },
|
||||
{ MAC_CHECK_SOCKET_RELABEL,
|
||||
(macop_t)mac_none_check_socket_relabel },
|
||||
{ MAC_CHECK_SOCKET_VISIBLE,
|
||||
|
||||
@ -654,16 +654,16 @@ mac_none_check_socket_connect(struct ucred *cred, struct socket *socket,
|
||||
}
|
||||
|
||||
static int
|
||||
mac_none_check_socket_listen(struct ucred *cred, struct vnode *vp,
|
||||
struct label *socketlabel)
|
||||
mac_none_check_socket_deliver(struct socket *so, struct label *socketlabel,
|
||||
struct mbuf *m, struct label *mbuflabel)
|
||||
{
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
||||
static int
|
||||
mac_none_check_socket_receive(struct socket *so, struct label *socketlabel,
|
||||
struct mbuf *m, struct label *mbuflabel)
|
||||
mac_none_check_socket_listen(struct ucred *cred, struct vnode *vp,
|
||||
struct label *socketlabel)
|
||||
{
|
||||
|
||||
return (0);
|
||||
@ -1042,10 +1042,10 @@ static struct mac_policy_op_entry mac_none_ops[] =
|
||||
(macop_t)mac_none_check_socket_bind },
|
||||
{ MAC_CHECK_SOCKET_CONNECT,
|
||||
(macop_t)mac_none_check_socket_connect },
|
||||
{ MAC_CHECK_SOCKET_DELIVER,
|
||||
(macop_t)mac_none_check_socket_deliver },
|
||||
{ MAC_CHECK_SOCKET_LISTEN,
|
||||
(macop_t)mac_none_check_socket_listen },
|
||||
{ MAC_CHECK_SOCKET_RECEIVE,
|
||||
(macop_t)mac_none_check_socket_receive },
|
||||
{ MAC_CHECK_SOCKET_RELABEL,
|
||||
(macop_t)mac_none_check_socket_relabel },
|
||||
{ MAC_CHECK_SOCKET_VISIBLE,
|
||||
|
||||
@ -862,16 +862,16 @@ mac_test_check_socket_connect(struct ucred *cred, struct socket *socket,
|
||||
}
|
||||
|
||||
static int
|
||||
mac_test_check_socket_listen(struct ucred *cred, struct socket *socket,
|
||||
struct label *socketlabel, struct sockaddr *sockaddr)
|
||||
mac_test_check_socket_deliver(struct socket *socket, struct label *socketlabel,
|
||||
struct mbuf *m, struct label *mbuflabel)
|
||||
{
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
||||
static int
|
||||
mac_test_check_socket_receive(struct socket *socket, struct label *socketlabel,
|
||||
struct mbuf *m, struct label *mbuflabel)
|
||||
mac_test_check_socket_listen(struct ucred *cred, struct socket *socket,
|
||||
struct label *socketlabel, struct sockaddr *sockaddr)
|
||||
{
|
||||
|
||||
return (0);
|
||||
@ -1248,10 +1248,10 @@ static struct mac_policy_op_entry mac_test_ops[] =
|
||||
(macop_t)mac_test_check_socket_bind },
|
||||
{ MAC_CHECK_SOCKET_CONNECT,
|
||||
(macop_t)mac_test_check_socket_connect },
|
||||
{ MAC_CHECK_SOCKET_DELIVER,
|
||||
(macop_t)mac_test_check_socket_deliver },
|
||||
{ MAC_CHECK_SOCKET_LISTEN,
|
||||
(macop_t)mac_test_check_socket_listen },
|
||||
{ MAC_CHECK_SOCKET_RECEIVE,
|
||||
(macop_t)mac_test_check_socket_receive },
|
||||
{ MAC_CHECK_SOCKET_RELABEL,
|
||||
(macop_t)mac_test_check_socket_relabel },
|
||||
{ MAC_CHECK_SOCKET_VISIBLE,
|
||||
|
||||
@ -318,8 +318,8 @@ int mac_check_socket_bind(struct ucred *cred, struct socket *so,
|
||||
struct sockaddr *sockaddr);
|
||||
int mac_check_socket_connect(struct ucred *cred, struct socket *so,
|
||||
struct sockaddr *sockaddr);
|
||||
int mac_check_socket_deliver(struct socket *so, struct mbuf *m);
|
||||
int mac_check_socket_listen(struct ucred *cred, struct socket *so);
|
||||
int mac_check_socket_receive(struct socket *so, struct mbuf *m);
|
||||
int mac_check_socket_visible(struct ucred *cred, struct socket *so);
|
||||
int mac_check_vnode_access(struct ucred *cred, struct vnode *vp,
|
||||
int flags);
|
||||
|
||||
@ -250,11 +250,11 @@ struct mac_policy_ops {
|
||||
int (*mpo_check_socket_connect)(struct ucred *cred,
|
||||
struct socket *so, struct label *socketlabel,
|
||||
struct sockaddr *sockaddr);
|
||||
int (*mpo_check_socket_listen)(struct ucred *cred,
|
||||
struct socket *so, struct label *socketlabel);
|
||||
int (*mpo_check_socket_receive)(struct socket *so,
|
||||
int (*mpo_check_socket_deliver)(struct socket *so,
|
||||
struct label *socketlabel, struct mbuf *m,
|
||||
struct label *mbuflabel);
|
||||
int (*mpo_check_socket_listen)(struct ucred *cred,
|
||||
struct socket *so, struct label *socketlabel);
|
||||
int (*mpo_check_socket_relabel)(struct ucred *cred,
|
||||
struct socket *so, struct label *socketlabel,
|
||||
struct label *newlabel);
|
||||
@ -411,9 +411,9 @@ enum mac_op_constant {
|
||||
MAC_CHECK_PROC_SIGNAL,
|
||||
MAC_CHECK_SOCKET_BIND,
|
||||
MAC_CHECK_SOCKET_CONNECT,
|
||||
MAC_CHECK_SOCKET_DELIVER,
|
||||
MAC_CHECK_SOCKET_LISTEN,
|
||||
MAC_CHECK_SOCKET_RELABEL,
|
||||
MAC_CHECK_SOCKET_RECEIVE,
|
||||
MAC_CHECK_SOCKET_VISIBLE,
|
||||
MAC_CHECK_VNODE_ACCESS,
|
||||
MAC_CHECK_VNODE_CHDIR,
|
||||
|
||||
Loading…
Reference in New Issue
Block a user