Apply variable name normalization to MAC policies: adopt global conventions
for the naming of variables associated with specific data structures. Obtained from: TrustedBSD Project
This commit is contained in:
parent
8c804c7c98
commit
78007886c9
File diff suppressed because it is too large
Load Diff
@ -489,7 +489,7 @@ mac_bsdextended_check_vp(struct ucred *cred, struct vnode *vp, int acc_mode)
|
||||
|
||||
static int
|
||||
mac_bsdextended_check_system_acct(struct ucred *cred, struct vnode *vp,
|
||||
struct label *label)
|
||||
struct label *vplabel)
|
||||
{
|
||||
|
||||
return (mac_bsdextended_check_vp(cred, vp, MBI_WRITE));
|
||||
@ -497,7 +497,7 @@ mac_bsdextended_check_system_acct(struct ucred *cred, struct vnode *vp,
|
||||
|
||||
static int
|
||||
mac_bsdextended_check_system_auditctl(struct ucred *cred, struct vnode *vp,
|
||||
struct label *label)
|
||||
struct label *vplabel)
|
||||
{
|
||||
|
||||
return (mac_bsdextended_check_vp(cred, vp, MBI_WRITE));
|
||||
@ -505,7 +505,7 @@ mac_bsdextended_check_system_auditctl(struct ucred *cred, struct vnode *vp,
|
||||
|
||||
static int
|
||||
mac_bsdextended_check_system_swapoff(struct ucred *cred, struct vnode *vp,
|
||||
struct label *label)
|
||||
struct label *vplabel)
|
||||
{
|
||||
|
||||
return (mac_bsdextended_check_vp(cred, vp, MBI_WRITE));
|
||||
@ -513,7 +513,7 @@ mac_bsdextended_check_system_swapoff(struct ucred *cred, struct vnode *vp,
|
||||
|
||||
static int
|
||||
mac_bsdextended_check_system_swapon(struct ucred *cred, struct vnode *vp,
|
||||
struct label *label)
|
||||
struct label *vplabel)
|
||||
{
|
||||
|
||||
return (mac_bsdextended_check_vp(cred, vp, MBI_WRITE));
|
||||
@ -521,7 +521,7 @@ mac_bsdextended_check_system_swapon(struct ucred *cred, struct vnode *vp,
|
||||
|
||||
static int
|
||||
mac_bsdextended_check_vnode_access(struct ucred *cred, struct vnode *vp,
|
||||
struct label *label, int acc_mode)
|
||||
struct label *vplabel, int acc_mode)
|
||||
{
|
||||
|
||||
return (mac_bsdextended_check_vp(cred, vp, acc_mode));
|
||||
@ -529,7 +529,7 @@ mac_bsdextended_check_vnode_access(struct ucred *cred, struct vnode *vp,
|
||||
|
||||
static int
|
||||
mac_bsdextended_check_vnode_chdir(struct ucred *cred, struct vnode *dvp,
|
||||
struct label *dlabel)
|
||||
struct label *dvplabel)
|
||||
{
|
||||
|
||||
return (mac_bsdextended_check_vp(cred, dvp, MBI_EXEC));
|
||||
@ -537,7 +537,7 @@ mac_bsdextended_check_vnode_chdir(struct ucred *cred, struct vnode *dvp,
|
||||
|
||||
static int
|
||||
mac_bsdextended_check_vnode_chroot(struct ucred *cred, struct vnode *dvp,
|
||||
struct label *dlabel)
|
||||
struct label *dvplabel)
|
||||
{
|
||||
|
||||
return (mac_bsdextended_check_vp(cred, dvp, MBI_EXEC));
|
||||
@ -545,7 +545,7 @@ mac_bsdextended_check_vnode_chroot(struct ucred *cred, struct vnode *dvp,
|
||||
|
||||
static int
|
||||
mac_bsdextended_check_create_vnode(struct ucred *cred, struct vnode *dvp,
|
||||
struct label *dlabel, struct componentname *cnp, struct vattr *vap)
|
||||
struct label *dvplabel, struct componentname *cnp, struct vattr *vap)
|
||||
{
|
||||
|
||||
return (mac_bsdextended_check_vp(cred, dvp, MBI_WRITE));
|
||||
@ -553,7 +553,7 @@ mac_bsdextended_check_create_vnode(struct ucred *cred, struct vnode *dvp,
|
||||
|
||||
static int
|
||||
mac_bsdextended_check_vnode_delete(struct ucred *cred, struct vnode *dvp,
|
||||
struct label *dlabel, struct vnode *vp, struct label *label,
|
||||
struct label *dvplabel, struct vnode *vp, struct label *vplabel,
|
||||
struct componentname *cnp)
|
||||
{
|
||||
int error;
|
||||
@ -567,15 +567,16 @@ mac_bsdextended_check_vnode_delete(struct ucred *cred, struct vnode *dvp,
|
||||
|
||||
static int
|
||||
mac_bsdextended_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp,
|
||||
struct label *label, acl_type_t type)
|
||||
struct label *vplabel, acl_type_t type)
|
||||
{
|
||||
|
||||
return (mac_bsdextended_check_vp(cred, vp, MBI_ADMIN));
|
||||
}
|
||||
|
||||
static int
|
||||
mac_bsdextended_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp,
|
||||
struct label *label, int attrnamespace, const char *name)
|
||||
mac_bsdextended_check_vnode_deleteextattr(struct ucred *cred,
|
||||
struct vnode *vp, struct label *vplabel, int attrnamespace,
|
||||
const char *name)
|
||||
{
|
||||
|
||||
return (mac_bsdextended_check_vp(cred, vp, MBI_WRITE));
|
||||
@ -583,7 +584,7 @@ mac_bsdextended_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp,
|
||||
|
||||
static int
|
||||
mac_bsdextended_check_vnode_exec(struct ucred *cred, struct vnode *vp,
|
||||
struct label *label, struct image_params *imgp,
|
||||
struct label *vplabel, struct image_params *imgp,
|
||||
struct label *execlabel)
|
||||
{
|
||||
|
||||
@ -592,7 +593,7 @@ mac_bsdextended_check_vnode_exec(struct ucred *cred, struct vnode *vp,
|
||||
|
||||
static int
|
||||
mac_bsdextended_check_vnode_getacl(struct ucred *cred, struct vnode *vp,
|
||||
struct label *label, acl_type_t type)
|
||||
struct label *vplabel, acl_type_t type)
|
||||
{
|
||||
|
||||
return (mac_bsdextended_check_vp(cred, vp, MBI_STAT));
|
||||
@ -600,7 +601,8 @@ mac_bsdextended_check_vnode_getacl(struct ucred *cred, struct vnode *vp,
|
||||
|
||||
static int
|
||||
mac_bsdextended_check_vnode_getextattr(struct ucred *cred, struct vnode *vp,
|
||||
struct label *label, int attrnamespace, const char *name, struct uio *uio)
|
||||
struct label *vplabel, int attrnamespace, const char *name,
|
||||
struct uio *uio)
|
||||
{
|
||||
|
||||
return (mac_bsdextended_check_vp(cred, vp, MBI_READ));
|
||||
@ -608,7 +610,7 @@ mac_bsdextended_check_vnode_getextattr(struct ucred *cred, struct vnode *vp,
|
||||
|
||||
static int
|
||||
mac_bsdextended_check_vnode_link(struct ucred *cred, struct vnode *dvp,
|
||||
struct label *dlabel, struct vnode *vp, struct label *label,
|
||||
struct label *dvplabel, struct vnode *vp, struct label *label,
|
||||
struct componentname *cnp)
|
||||
{
|
||||
int error;
|
||||
@ -625,7 +627,7 @@ mac_bsdextended_check_vnode_link(struct ucred *cred, struct vnode *dvp,
|
||||
|
||||
static int
|
||||
mac_bsdextended_check_vnode_listextattr(struct ucred *cred, struct vnode *vp,
|
||||
struct label *label, int attrnamespace)
|
||||
struct label *vplabel, int attrnamespace)
|
||||
{
|
||||
|
||||
return (mac_bsdextended_check_vp(cred, vp, MBI_READ));
|
||||
@ -633,7 +635,7 @@ mac_bsdextended_check_vnode_listextattr(struct ucred *cred, struct vnode *vp,
|
||||
|
||||
static int
|
||||
mac_bsdextended_check_vnode_lookup(struct ucred *cred, struct vnode *dvp,
|
||||
struct label *dlabel, struct componentname *cnp)
|
||||
struct label *dvplabel, struct componentname *cnp)
|
||||
{
|
||||
|
||||
return (mac_bsdextended_check_vp(cred, dvp, MBI_EXEC));
|
||||
@ -641,7 +643,7 @@ mac_bsdextended_check_vnode_lookup(struct ucred *cred, struct vnode *dvp,
|
||||
|
||||
static int
|
||||
mac_bsdextended_check_vnode_open(struct ucred *cred, struct vnode *vp,
|
||||
struct label *filelabel, int acc_mode)
|
||||
struct label *vplabel, int acc_mode)
|
||||
{
|
||||
|
||||
return (mac_bsdextended_check_vp(cred, vp, acc_mode));
|
||||
@ -649,7 +651,7 @@ mac_bsdextended_check_vnode_open(struct ucred *cred, struct vnode *vp,
|
||||
|
||||
static int
|
||||
mac_bsdextended_check_vnode_readdir(struct ucred *cred, struct vnode *dvp,
|
||||
struct label *dlabel)
|
||||
struct label *dvplabel)
|
||||
{
|
||||
|
||||
return (mac_bsdextended_check_vp(cred, dvp, MBI_READ));
|
||||
@ -657,7 +659,7 @@ mac_bsdextended_check_vnode_readdir(struct ucred *cred, struct vnode *dvp,
|
||||
|
||||
static int
|
||||
mac_bsdextended_check_vnode_readdlink(struct ucred *cred, struct vnode *vp,
|
||||
struct label *label)
|
||||
struct label *vplabel)
|
||||
{
|
||||
|
||||
return (mac_bsdextended_check_vp(cred, vp, MBI_READ));
|
||||
@ -665,7 +667,7 @@ mac_bsdextended_check_vnode_readdlink(struct ucred *cred, struct vnode *vp,
|
||||
|
||||
static int
|
||||
mac_bsdextended_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp,
|
||||
struct label *dlabel, struct vnode *vp, struct label *label,
|
||||
struct label *dvplabel, struct vnode *vp, struct label *vplabel,
|
||||
struct componentname *cnp)
|
||||
{
|
||||
int error;
|
||||
@ -680,8 +682,8 @@ mac_bsdextended_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp,
|
||||
|
||||
static int
|
||||
mac_bsdextended_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp,
|
||||
struct label *dlabel, struct vnode *vp, struct label *label, int samedir,
|
||||
struct componentname *cnp)
|
||||
struct label *dvplabel, struct vnode *vp, struct label *vplabel,
|
||||
int samedir, struct componentname *cnp)
|
||||
{
|
||||
int error;
|
||||
|
||||
@ -697,7 +699,7 @@ mac_bsdextended_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp,
|
||||
|
||||
static int
|
||||
mac_bsdextended_check_vnode_revoke(struct ucred *cred, struct vnode *vp,
|
||||
struct label *label)
|
||||
struct label *vplabel)
|
||||
{
|
||||
|
||||
return (mac_bsdextended_check_vp(cred, vp, MBI_ADMIN));
|
||||
@ -705,7 +707,7 @@ mac_bsdextended_check_vnode_revoke(struct ucred *cred, struct vnode *vp,
|
||||
|
||||
static int
|
||||
mac_bsdextended_check_setacl_vnode(struct ucred *cred, struct vnode *vp,
|
||||
struct label *label, acl_type_t type, struct acl *acl)
|
||||
struct label *vplabel, acl_type_t type, struct acl *acl)
|
||||
{
|
||||
|
||||
return (mac_bsdextended_check_vp(cred, vp, MBI_ADMIN));
|
||||
@ -713,7 +715,8 @@ mac_bsdextended_check_setacl_vnode(struct ucred *cred, struct vnode *vp,
|
||||
|
||||
static int
|
||||
mac_bsdextended_check_vnode_setextattr(struct ucred *cred, struct vnode *vp,
|
||||
struct label *label, int attrnamespace, const char *name, struct uio *uio)
|
||||
struct label *vplabel, int attrnamespace, const char *name,
|
||||
struct uio *uio)
|
||||
{
|
||||
|
||||
return (mac_bsdextended_check_vp(cred, vp, MBI_WRITE));
|
||||
@ -721,7 +724,7 @@ mac_bsdextended_check_vnode_setextattr(struct ucred *cred, struct vnode *vp,
|
||||
|
||||
static int
|
||||
mac_bsdextended_check_vnode_setflags(struct ucred *cred, struct vnode *vp,
|
||||
struct label *label, u_long flags)
|
||||
struct label *vplabel, u_long flags)
|
||||
{
|
||||
|
||||
return (mac_bsdextended_check_vp(cred, vp, MBI_ADMIN));
|
||||
@ -729,7 +732,7 @@ mac_bsdextended_check_vnode_setflags(struct ucred *cred, struct vnode *vp,
|
||||
|
||||
static int
|
||||
mac_bsdextended_check_vnode_setmode(struct ucred *cred, struct vnode *vp,
|
||||
struct label *label, mode_t mode)
|
||||
struct label *vplabel, mode_t mode)
|
||||
{
|
||||
|
||||
return (mac_bsdextended_check_vp(cred, vp, MBI_ADMIN));
|
||||
@ -737,7 +740,7 @@ mac_bsdextended_check_vnode_setmode(struct ucred *cred, struct vnode *vp,
|
||||
|
||||
static int
|
||||
mac_bsdextended_check_vnode_setowner(struct ucred *cred, struct vnode *vp,
|
||||
struct label *label, uid_t uid, gid_t gid)
|
||||
struct label *vplabel, uid_t uid, gid_t gid)
|
||||
{
|
||||
|
||||
return (mac_bsdextended_check_vp(cred, vp, MBI_ADMIN));
|
||||
@ -745,7 +748,7 @@ mac_bsdextended_check_vnode_setowner(struct ucred *cred, struct vnode *vp,
|
||||
|
||||
static int
|
||||
mac_bsdextended_check_vnode_setutimes(struct ucred *cred, struct vnode *vp,
|
||||
struct label *label, struct timespec atime, struct timespec utime)
|
||||
struct label *vplabel, struct timespec atime, struct timespec utime)
|
||||
{
|
||||
|
||||
return (mac_bsdextended_check_vp(cred, vp, MBI_ADMIN));
|
||||
@ -753,7 +756,7 @@ mac_bsdextended_check_vnode_setutimes(struct ucred *cred, struct vnode *vp,
|
||||
|
||||
static int
|
||||
mac_bsdextended_check_vnode_stat(struct ucred *active_cred,
|
||||
struct ucred *file_cred, struct vnode *vp, struct label *label)
|
||||
struct ucred *file_cred, struct vnode *vp, struct label *vplabel)
|
||||
{
|
||||
|
||||
return (mac_bsdextended_check_vp(active_cred, vp, MBI_STAT));
|
||||
|
@ -79,31 +79,31 @@ SYSCTL_INT(_security_mac_ifoff, OID_AUTO, bpfrecv_enabled, CTLFLAG_RW,
|
||||
TUNABLE_INT("security.mac.ifoff.bpfrecv.enabled", &mac_ifoff_bpfrecv_enabled);
|
||||
|
||||
static int
|
||||
check_ifnet_outgoing(struct ifnet *ifnet)
|
||||
check_ifnet_outgoing(struct ifnet *ifp)
|
||||
{
|
||||
|
||||
if (!mac_ifoff_enabled)
|
||||
return (0);
|
||||
|
||||
if (mac_ifoff_lo_enabled && ifnet->if_type == IFT_LOOP)
|
||||
if (mac_ifoff_lo_enabled && ifp->if_type == IFT_LOOP)
|
||||
return (0);
|
||||
|
||||
if (mac_ifoff_other_enabled && ifnet->if_type != IFT_LOOP)
|
||||
if (mac_ifoff_other_enabled && ifp->if_type != IFT_LOOP)
|
||||
return (0);
|
||||
|
||||
return (EPERM);
|
||||
}
|
||||
|
||||
static int
|
||||
check_ifnet_incoming(struct ifnet *ifnet, int viabpf)
|
||||
check_ifnet_incoming(struct ifnet *ifp, int viabpf)
|
||||
{
|
||||
if (!mac_ifoff_enabled)
|
||||
return (0);
|
||||
|
||||
if (mac_ifoff_lo_enabled && ifnet->if_type == IFT_LOOP)
|
||||
if (mac_ifoff_lo_enabled && ifp->if_type == IFT_LOOP)
|
||||
return (0);
|
||||
|
||||
if (mac_ifoff_other_enabled && ifnet->if_type != IFT_LOOP)
|
||||
if (mac_ifoff_other_enabled && ifp->if_type != IFT_LOOP)
|
||||
return (0);
|
||||
|
||||
if (viabpf && mac_ifoff_bpfrecv_enabled)
|
||||
@ -113,19 +113,19 @@ check_ifnet_incoming(struct ifnet *ifnet, int viabpf)
|
||||
}
|
||||
|
||||
static int
|
||||
mac_ifoff_check_bpfdesc_receive(struct bpf_d *bpf_d, struct label *bpflabel,
|
||||
struct ifnet *ifnet, struct label *ifnetlabel)
|
||||
mac_ifoff_check_bpfdesc_receive(struct bpf_d *d, struct label *dlabel,
|
||||
struct ifnet *ifp, struct label *ifplabel)
|
||||
{
|
||||
|
||||
return (check_ifnet_incoming(ifnet, 1));
|
||||
return (check_ifnet_incoming(ifp, 1));
|
||||
}
|
||||
|
||||
static int
|
||||
mac_ifoff_check_ifnet_transmit(struct ifnet *ifnet, struct label *ifnetlabel,
|
||||
struct mbuf *m, struct label *mbuflabel)
|
||||
mac_ifoff_check_ifnet_transmit(struct ifnet *ifp, struct label *ifplabel,
|
||||
struct mbuf *m, struct label *mlabel)
|
||||
{
|
||||
|
||||
return (check_ifnet_outgoing(ifnet));
|
||||
return (check_ifnet_outgoing(ifp));
|
||||
}
|
||||
|
||||
static int
|
||||
@ -141,8 +141,8 @@ mac_ifoff_check_inpcb_deliver(struct inpcb *inp, struct label *inplabel,
|
||||
}
|
||||
|
||||
static int
|
||||
mac_ifoff_check_socket_deliver(struct socket *so, struct label *socketlabel,
|
||||
struct mbuf *m, struct label *mbuflabel)
|
||||
mac_ifoff_check_socket_deliver(struct socket *so, struct label *solabel,
|
||||
struct mbuf *m, struct label *mlabel)
|
||||
{
|
||||
|
||||
M_ASSERTPKTHDR(m);
|
||||
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@ -174,60 +174,61 @@ mac_partition_check_cred_relabel(struct ucred *cred, struct label *newlabel)
|
||||
}
|
||||
|
||||
static int
|
||||
mac_partition_check_cred_visible(struct ucred *u1, struct ucred *u2)
|
||||
mac_partition_check_cred_visible(struct ucred *cr1, struct ucred *cr2)
|
||||
{
|
||||
int error;
|
||||
|
||||
error = label_on_label(u1->cr_label, u2->cr_label);
|
||||
error = label_on_label(cr1->cr_label, cr2->cr_label);
|
||||
|
||||
return (error == 0 ? 0 : ESRCH);
|
||||
}
|
||||
|
||||
static int
|
||||
mac_partition_check_proc_debug(struct ucred *cred, struct proc *proc)
|
||||
mac_partition_check_proc_debug(struct ucred *cred, struct proc *p)
|
||||
{
|
||||
int error;
|
||||
|
||||
error = label_on_label(cred->cr_label, proc->p_ucred->cr_label);
|
||||
error = label_on_label(cred->cr_label, p->p_ucred->cr_label);
|
||||
|
||||
return (error ? ESRCH : 0);
|
||||
}
|
||||
|
||||
static int
|
||||
mac_partition_check_proc_sched(struct ucred *cred, struct proc *proc)
|
||||
mac_partition_check_proc_sched(struct ucred *cred, struct proc *p)
|
||||
{
|
||||
int error;
|
||||
|
||||
error = label_on_label(cred->cr_label, proc->p_ucred->cr_label);
|
||||
error = label_on_label(cred->cr_label, p->p_ucred->cr_label);
|
||||
|
||||
return (error ? ESRCH : 0);
|
||||
}
|
||||
|
||||
static int
|
||||
mac_partition_check_proc_signal(struct ucred *cred, struct proc *proc,
|
||||
mac_partition_check_proc_signal(struct ucred *cred, struct proc *p,
|
||||
int signum)
|
||||
{
|
||||
int error;
|
||||
|
||||
error = label_on_label(cred->cr_label, proc->p_ucred->cr_label);
|
||||
error = label_on_label(cred->cr_label, p->p_ucred->cr_label);
|
||||
|
||||
return (error ? ESRCH : 0);
|
||||
}
|
||||
|
||||
static int
|
||||
mac_partition_check_socket_visible(struct ucred *cred, struct socket *socket,
|
||||
struct label *socketlabel)
|
||||
mac_partition_check_socket_visible(struct ucred *cred, struct socket *so,
|
||||
struct label *solabel)
|
||||
{
|
||||
int error;
|
||||
|
||||
error = label_on_label(cred->cr_label, socketlabel);
|
||||
error = label_on_label(cred->cr_label, solabel);
|
||||
|
||||
return (error ? ENOENT : 0);
|
||||
}
|
||||
|
||||
static int
|
||||
mac_partition_check_vnode_exec(struct ucred *cred, struct vnode *vp,
|
||||
struct label *label, struct image_params *imgp, struct label *execlabel)
|
||||
struct label *vplabel, struct image_params *imgp,
|
||||
struct label *execlabel)
|
||||
{
|
||||
|
||||
if (execlabel != NULL) {
|
||||
|
@ -432,7 +432,7 @@ rules_check(struct ucred *cred, int family, int type, u_int16_t port)
|
||||
*/
|
||||
static int
|
||||
check_socket_bind(struct ucred *cred, struct socket *so,
|
||||
struct label *socketlabel, struct sockaddr *sockaddr)
|
||||
struct label *solabel, struct sockaddr *sa)
|
||||
{
|
||||
struct sockaddr_in *sin;
|
||||
struct inpcb *inp;
|
||||
@ -454,13 +454,12 @@ check_socket_bind(struct ucred *cred, struct socket *so,
|
||||
return (0);
|
||||
|
||||
/* Reject addresses we don't understand; fail closed. */
|
||||
if (sockaddr->sa_family != AF_INET &&
|
||||
sockaddr->sa_family != AF_INET6)
|
||||
if (sa->sa_family != AF_INET && sa->sa_family != AF_INET6)
|
||||
return (EINVAL);
|
||||
|
||||
family = so->so_proto->pr_domain->dom_family;
|
||||
type = so->so_type;
|
||||
sin = (struct sockaddr_in *) sockaddr;
|
||||
sin = (struct sockaddr_in *) sa;
|
||||
port = ntohs(sin->sin_port);
|
||||
|
||||
/*
|
||||
|
@ -36,6 +36,7 @@
|
||||
|
||||
/*
|
||||
* Developed by the TrustedBSD Project.
|
||||
*
|
||||
* Prevent processes owned by a particular uid from seeing various transient
|
||||
* kernel objects associated with other uids.
|
||||
*/
|
||||
@ -92,27 +93,28 @@ SYSCTL_INT(_security_mac_seeotheruids, OID_AUTO, specificgid, CTLFLAG_RW,
|
||||
&specificgid, 0, "Specific gid to be exempt from seeotheruids policy");
|
||||
|
||||
static int
|
||||
mac_seeotheruids_check(struct ucred *u1, struct ucred *u2)
|
||||
mac_seeotheruids_check(struct ucred *cr1, struct ucred *cr2)
|
||||
{
|
||||
|
||||
if (!mac_seeotheruids_enabled)
|
||||
return (0);
|
||||
|
||||
if (primarygroup_enabled) {
|
||||
if (u1->cr_rgid == u2->cr_rgid)
|
||||
if (cr1->cr_rgid == cr2->cr_rgid)
|
||||
return (0);
|
||||
}
|
||||
|
||||
if (specificgid_enabled) {
|
||||
if (u1->cr_rgid == specificgid || groupmember(specificgid, u1))
|
||||
if (cr1->cr_rgid == specificgid ||
|
||||
groupmember(specificgid, cr1))
|
||||
return (0);
|
||||
}
|
||||
|
||||
if (u1->cr_ruid == u2->cr_ruid)
|
||||
if (cr1->cr_ruid == cr2->cr_ruid)
|
||||
return (0);
|
||||
|
||||
if (suser_privileged) {
|
||||
if (priv_check_cred(u1, PRIV_SEEOTHERUIDS, SUSER_ALLOWJAIL)
|
||||
if (priv_check_cred(cr1, PRIV_SEEOTHERUIDS, SUSER_ALLOWJAIL)
|
||||
== 0)
|
||||
return (0);
|
||||
}
|
||||
@ -121,40 +123,40 @@ mac_seeotheruids_check(struct ucred *u1, struct ucred *u2)
|
||||
}
|
||||
|
||||
static int
|
||||
mac_seeotheruids_check_cred_visible(struct ucred *u1, struct ucred *u2)
|
||||
mac_seeotheruids_check_cred_visible(struct ucred *cr1, struct ucred *cr2)
|
||||
{
|
||||
|
||||
return (mac_seeotheruids_check(u1, u2));
|
||||
return (mac_seeotheruids_check(cr1, cr2));
|
||||
}
|
||||
|
||||
static int
|
||||
mac_seeotheruids_check_proc_signal(struct ucred *cred, struct proc *proc,
|
||||
mac_seeotheruids_check_proc_signal(struct ucred *cred, struct proc *p,
|
||||
int signum)
|
||||
{
|
||||
|
||||
return (mac_seeotheruids_check(cred, proc->p_ucred));
|
||||
return (mac_seeotheruids_check(cred, p->p_ucred));
|
||||
}
|
||||
|
||||
static int
|
||||
mac_seeotheruids_check_proc_sched(struct ucred *cred, struct proc *proc)
|
||||
mac_seeotheruids_check_proc_sched(struct ucred *cred, struct proc *p)
|
||||
{
|
||||
|
||||
return (mac_seeotheruids_check(cred, proc->p_ucred));
|
||||
return (mac_seeotheruids_check(cred, p->p_ucred));
|
||||
}
|
||||
|
||||
static int
|
||||
mac_seeotheruids_check_proc_debug(struct ucred *cred, struct proc *proc)
|
||||
mac_seeotheruids_check_proc_debug(struct ucred *cred, struct proc *p)
|
||||
{
|
||||
|
||||
return (mac_seeotheruids_check(cred, proc->p_ucred));
|
||||
return (mac_seeotheruids_check(cred, p->p_ucred));
|
||||
}
|
||||
|
||||
static int
|
||||
mac_seeotheruids_check_socket_visible(struct ucred *cred, struct socket *socket,
|
||||
struct label *socketlabel)
|
||||
mac_seeotheruids_check_socket_visible(struct ucred *cred, struct socket *so,
|
||||
struct label *solabel)
|
||||
{
|
||||
|
||||
return (mac_seeotheruids_check(cred, socket->so_cred));
|
||||
return (mac_seeotheruids_check(cred, so->so_cred));
|
||||
}
|
||||
|
||||
static struct mac_policy_ops mac_seeotheruids_ops =
|
||||
|
@ -163,16 +163,16 @@ stub_internalize_label(struct label *label, char *element_name,
|
||||
* a lot like file system objects.
|
||||
*/
|
||||
static void
|
||||
stub_associate_vnode_devfs(struct mount *mp, struct label *mntlabel,
|
||||
stub_associate_vnode_devfs(struct mount *mp, struct label *mplabel,
|
||||
struct devfs_dirent *de, struct label *delabel, struct vnode *vp,
|
||||
struct label *vlabel)
|
||||
struct label *vplabel)
|
||||
{
|
||||
|
||||
}
|
||||
|
||||
static int
|
||||
stub_associate_vnode_extattr(struct mount *mp, struct label *mntlabel,
|
||||
struct vnode *vp, struct label *vlabel)
|
||||
stub_associate_vnode_extattr(struct mount *mp, struct label *mplabel,
|
||||
struct vnode *vp, struct label *vplabel)
|
||||
{
|
||||
|
||||
return (0);
|
||||
@ -180,7 +180,7 @@ stub_associate_vnode_extattr(struct mount *mp, struct label *mntlabel,
|
||||
|
||||
static void
|
||||
stub_associate_vnode_singlelabel(struct mount *mp,
|
||||
struct label *mntlabel, struct vnode *vp, struct label *vlabel)
|
||||
struct label *mplabel, struct vnode *vp, struct label *vplabel)
|
||||
{
|
||||
|
||||
}
|
||||
@ -193,14 +193,14 @@ stub_associate_nfsd_label(struct ucred *cred)
|
||||
|
||||
static void
|
||||
stub_create_devfs_device(struct ucred *cred, struct mount *mp,
|
||||
struct cdev *dev, struct devfs_dirent *devfs_dirent, struct label *label)
|
||||
struct cdev *dev, struct devfs_dirent *de, struct label *delabel)
|
||||
{
|
||||
|
||||
}
|
||||
|
||||
static void
|
||||
stub_create_devfs_directory(struct mount *mp, char *dirname,
|
||||
int dirnamelen, struct devfs_dirent *devfs_dirent, struct label *label)
|
||||
int dirnamelen, struct devfs_dirent *de, struct label *delabel)
|
||||
{
|
||||
|
||||
}
|
||||
@ -215,8 +215,8 @@ stub_create_devfs_symlink(struct ucred *cred, struct mount *mp,
|
||||
|
||||
static int
|
||||
stub_create_vnode_extattr(struct ucred *cred, struct mount *mp,
|
||||
struct label *mntlabel, struct vnode *dvp, struct label *dlabel,
|
||||
struct vnode *vp, struct label *vlabel, struct componentname *cnp)
|
||||
struct label *mntlabel, struct vnode *dvp, struct label *dvplabel,
|
||||
struct vnode *vp, struct label *vplabel, struct componentname *cnp)
|
||||
{
|
||||
|
||||
return (0);
|
||||
@ -224,30 +224,29 @@ stub_create_vnode_extattr(struct ucred *cred, struct mount *mp,
|
||||
|
||||
static void
|
||||
stub_create_mount(struct ucred *cred, struct mount *mp,
|
||||
struct label *mntlabel)
|
||||
struct label *mplabel)
|
||||
{
|
||||
|
||||
}
|
||||
|
||||
static void
|
||||
stub_relabel_vnode(struct ucred *cred, struct vnode *vp,
|
||||
struct label *vnodelabel, struct label *label)
|
||||
struct label *vplabel, struct label *label)
|
||||
{
|
||||
|
||||
}
|
||||
|
||||
static int
|
||||
stub_setlabel_vnode_extattr(struct ucred *cred, struct vnode *vp,
|
||||
struct label *vlabel, struct label *intlabel)
|
||||
struct label *vplabel, struct label *intlabel)
|
||||
{
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
||||
static void
|
||||
stub_update_devfsdirent(struct mount *mp,
|
||||
struct devfs_dirent *devfs_dirent, struct label *direntlabel,
|
||||
struct vnode *vp, struct label *vnodelabel)
|
||||
stub_update_devfsdirent(struct mount *mp, struct devfs_dirent *de,
|
||||
struct label *delabel, struct vnode *vp, struct label *vplabel)
|
||||
{
|
||||
|
||||
}
|
||||
@ -256,22 +255,22 @@ stub_update_devfsdirent(struct mount *mp,
|
||||
* Labeling event operations: IPC object.
|
||||
*/
|
||||
static void
|
||||
stub_create_mbuf_from_socket(struct socket *so, struct label *socketlabel,
|
||||
struct mbuf *m, struct label *mbuflabel)
|
||||
stub_create_mbuf_from_socket(struct socket *so, struct label *solabel,
|
||||
struct mbuf *m, struct label *mlabel)
|
||||
{
|
||||
|
||||
}
|
||||
|
||||
static void
|
||||
stub_create_socket(struct ucred *cred, struct socket *socket,
|
||||
struct label *socketlabel)
|
||||
stub_create_socket(struct ucred *cred, struct socket *so,
|
||||
struct label *solabel)
|
||||
{
|
||||
|
||||
}
|
||||
|
||||
static void
|
||||
stub_create_pipe(struct ucred *cred, struct pipepair *pp,
|
||||
struct label *pipelabel)
|
||||
struct label *pplabel)
|
||||
{
|
||||
|
||||
}
|
||||
@ -284,38 +283,37 @@ stub_create_posix_sem(struct ucred *cred, struct ksem *ksemptr,
|
||||
}
|
||||
|
||||
static void
|
||||
stub_create_socket_from_socket(struct socket *oldsocket,
|
||||
struct label *oldsocketlabel, struct socket *newsocket,
|
||||
struct label *newsocketlabel)
|
||||
stub_create_socket_from_socket(struct socket *oldso,
|
||||
struct label *oldsolabel, struct socket *newso, struct label *newsolabel)
|
||||
{
|
||||
|
||||
}
|
||||
|
||||
static void
|
||||
stub_relabel_socket(struct ucred *cred, struct socket *socket,
|
||||
struct label *socketlabel, struct label *newlabel)
|
||||
stub_relabel_socket(struct ucred *cred, struct socket *so,
|
||||
struct label *solabel, struct label *newlabel)
|
||||
{
|
||||
|
||||
}
|
||||
|
||||
static void
|
||||
stub_relabel_pipe(struct ucred *cred, struct pipepair *pp,
|
||||
struct label *pipelabel, struct label *newlabel)
|
||||
struct label *pplabel, struct label *newlabel)
|
||||
{
|
||||
|
||||
}
|
||||
|
||||
static void
|
||||
stub_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel,
|
||||
struct socket *socket, struct label *socketpeerlabel)
|
||||
stub_set_socket_peer_from_mbuf(struct mbuf *m, struct label *mlabel,
|
||||
struct socket *so, struct label *sopeerlabel)
|
||||
{
|
||||
|
||||
}
|
||||
|
||||
static void
|
||||
stub_set_socket_peer_from_socket(struct socket *oldsocket,
|
||||
struct label *oldsocketlabel, struct socket *newsocket,
|
||||
struct label *newsocketpeerlabel)
|
||||
stub_set_socket_peer_from_socket(struct socket *oldso,
|
||||
struct label *oldsolabel, struct socket *newso,
|
||||
struct label *newsopeerlabel)
|
||||
{
|
||||
|
||||
}
|
||||
@ -324,28 +322,28 @@ stub_set_socket_peer_from_socket(struct socket *oldsocket,
|
||||
* Labeling event operations: network objects.
|
||||
*/
|
||||
static void
|
||||
stub_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d,
|
||||
struct label *bpflabel)
|
||||
stub_create_bpfdesc(struct ucred *cred, struct bpf_d *d,
|
||||
struct label *dlabel)
|
||||
{
|
||||
|
||||
}
|
||||
|
||||
static void
|
||||
stub_create_datagram_from_ipq(struct ipq *ipq, struct label *ipqlabel,
|
||||
struct mbuf *datagram, struct label *datagramlabel)
|
||||
struct mbuf *m, struct label *mlabel)
|
||||
{
|
||||
|
||||
}
|
||||
|
||||
static void
|
||||
stub_create_fragment(struct mbuf *datagram, struct label *datagramlabel,
|
||||
struct mbuf *fragment, struct label *fragmentlabel)
|
||||
stub_create_fragment(struct mbuf *m, struct label *mlabel, struct mbuf *frag,
|
||||
struct label *fraglabel)
|
||||
{
|
||||
|
||||
}
|
||||
|
||||
static void
|
||||
stub_create_ifnet(struct ifnet *ifnet, struct label *ifnetlabel)
|
||||
stub_create_ifnet(struct ifnet *ifp, struct label *ifplabel)
|
||||
{
|
||||
|
||||
}
|
||||
@ -392,8 +390,8 @@ stub_create_sysv_shm(struct ucred *cred, struct shmid_kernel *shmsegptr,
|
||||
}
|
||||
|
||||
static void
|
||||
stub_create_ipq(struct mbuf *fragment, struct label *fragmentlabel,
|
||||
struct ipq *ipq, struct label *ipqlabel)
|
||||
stub_create_ipq(struct mbuf *m, struct label *mlabel, struct ipq *ipq,
|
||||
struct label *ipqlabel)
|
||||
{
|
||||
|
||||
}
|
||||
@ -407,57 +405,56 @@ stub_create_mbuf_from_inpcb(struct inpcb *inp, struct label *inplabel,
|
||||
|
||||
static void
|
||||
stub_create_mbuf_from_syncache(struct label *sc_label, struct mbuf *m,
|
||||
|
||||
struct label *mbuf_label)
|
||||
struct label *mlabel)
|
||||
{
|
||||
|
||||
}
|
||||
|
||||
static void
|
||||
stub_create_mbuf_linklayer(struct ifnet *ifnet, struct label *ifnetlabel,
|
||||
struct mbuf *mbuf, struct label *mbuflabel)
|
||||
struct mbuf *m, struct label *mlabel)
|
||||
{
|
||||
|
||||
}
|
||||
|
||||
static void
|
||||
stub_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct label *bpflabel,
|
||||
struct mbuf *mbuf, struct label *mbuflabel)
|
||||
stub_create_mbuf_from_bpfdesc(struct bpf_d *d, struct label *dlabel,
|
||||
struct mbuf *m, struct label *mlabel)
|
||||
{
|
||||
|
||||
}
|
||||
|
||||
static void
|
||||
stub_create_mbuf_from_ifnet(struct ifnet *ifnet, struct label *ifnetlabel,
|
||||
struct mbuf *m, struct label *mbuflabel)
|
||||
stub_create_mbuf_from_ifnet(struct ifnet *ifp, struct label *ifplabel,
|
||||
struct mbuf *m, struct label *mlabel)
|
||||
{
|
||||
|
||||
}
|
||||
|
||||
static void
|
||||
stub_create_mbuf_multicast_encap(struct mbuf *oldmbuf,
|
||||
struct label *oldmbuflabel, struct ifnet *ifnet, struct label *ifnetlabel,
|
||||
struct mbuf *newmbuf, struct label *newmbuflabel)
|
||||
stub_create_mbuf_multicast_encap(struct mbuf *m, struct label *mlabel,
|
||||
struct ifnet *ifp, struct label *ifplabel, struct mbuf *mnew,
|
||||
struct label *mnewlabel)
|
||||
{
|
||||
|
||||
}
|
||||
|
||||
static void
|
||||
stub_create_mbuf_netlayer(struct mbuf *oldmbuf,
|
||||
struct label *oldmbuflabel, struct mbuf *newmbuf, struct label *newmbuflabel)
|
||||
stub_create_mbuf_netlayer(struct mbuf *m, struct label *mlabel,
|
||||
struct mbuf *mnew, struct label *mnewlabel)
|
||||
{
|
||||
|
||||
}
|
||||
|
||||
static void
|
||||
stub_create_mbuf_from_firewall(struct mbuf *m, struct label *label)
|
||||
stub_create_mbuf_from_firewall(struct mbuf *m, struct label *mlabel)
|
||||
{
|
||||
|
||||
}
|
||||
|
||||
static int
|
||||
stub_fragment_match(struct mbuf *fragment, struct label *fragmentlabel,
|
||||
struct ipq *ipq, struct label *ipqlabel)
|
||||
stub_fragment_match(struct mbuf *m, struct label *mlabel, struct ipq *ipq,
|
||||
struct label *ipqlabel)
|
||||
{
|
||||
|
||||
return (1);
|
||||
@ -476,15 +473,15 @@ stub_reflect_mbuf_tcp(struct mbuf *m, struct label *mlabel)
|
||||
}
|
||||
|
||||
static void
|
||||
stub_relabel_ifnet(struct ucred *cred, struct ifnet *ifnet,
|
||||
struct label *ifnetlabel, struct label *newlabel)
|
||||
stub_relabel_ifnet(struct ucred *cred, struct ifnet *ifp,
|
||||
struct label *ifplabel, struct label *newlabel)
|
||||
{
|
||||
|
||||
}
|
||||
|
||||
static void
|
||||
stub_update_ipq(struct mbuf *fragment, struct label *fragmentlabel,
|
||||
struct ipq *ipq, struct label *ipqlabel)
|
||||
stub_update_ipq(struct mbuf *m, struct label *mlabel, struct ipq *ipq,
|
||||
struct label *ipqlabel)
|
||||
{
|
||||
|
||||
}
|
||||
@ -501,16 +498,15 @@ stub_inpcb_sosetlabel(struct socket *so, struct label *solabel,
|
||||
*/
|
||||
static void
|
||||
stub_execve_transition(struct ucred *old, struct ucred *new,
|
||||
struct vnode *vp, struct label *vnodelabel,
|
||||
struct label *interpvnodelabel, struct image_params *imgp,
|
||||
struct label *execlabel)
|
||||
struct vnode *vp, struct label *vplabel, struct label *interpvnodelabel,
|
||||
struct image_params *imgp, struct label *execlabel)
|
||||
{
|
||||
|
||||
}
|
||||
|
||||
static int
|
||||
stub_execve_will_transition(struct ucred *old, struct vnode *vp,
|
||||
struct label *vnodelabel, struct label *interpvnodelabel,
|
||||
struct label *vplabel, struct label *interpvnodelabel,
|
||||
struct image_params *imgp, struct label *execlabel)
|
||||
{
|
||||
|
||||
@ -572,8 +568,8 @@ stub_cleanup_sysv_shm(struct label *shmlabel)
|
||||
* Access control checks.
|
||||
*/
|
||||
static int
|
||||
stub_check_bpfdesc_receive(struct bpf_d *bpf_d, struct label *bpflabel,
|
||||
struct ifnet *ifnet, struct label *ifnet_label)
|
||||
stub_check_bpfdesc_receive(struct bpf_d *d, struct label *dlabel,
|
||||
struct ifnet *ifp, struct label *ifplabel)
|
||||
{
|
||||
|
||||
return (0);
|
||||
@ -587,23 +583,23 @@ stub_check_cred_relabel(struct ucred *cred, struct label *newlabel)
|
||||
}
|
||||
|
||||
static int
|
||||
stub_check_cred_visible(struct ucred *u1, struct ucred *u2)
|
||||
stub_check_cred_visible(struct ucred *cr1, struct ucred *cr2)
|
||||
{
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
||||
static int
|
||||
stub_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifnet,
|
||||
struct label *ifnetlabel, struct label *newlabel)
|
||||
stub_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifp,
|
||||
struct label *ifplabel, struct label *newlabel)
|
||||
{
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
||||
static int
|
||||
stub_check_ifnet_transmit(struct ifnet *ifnet, struct label *ifnetlabel,
|
||||
struct mbuf *m, struct label *mbuflabel)
|
||||
stub_check_ifnet_transmit(struct ifnet *ifp, struct label *ifplabel,
|
||||
struct mbuf *m, struct label *mlabel)
|
||||
{
|
||||
|
||||
return (0);
|
||||
@ -767,7 +763,7 @@ stub_check_kenv_unset(struct ucred *cred, char *name)
|
||||
|
||||
static int
|
||||
stub_check_kld_load(struct ucred *cred, struct vnode *vp,
|
||||
struct label *vlabel)
|
||||
struct label *vplabel)
|
||||
{
|
||||
|
||||
return (0);
|
||||
@ -782,7 +778,7 @@ stub_check_kld_stat(struct ucred *cred)
|
||||
|
||||
static int
|
||||
stub_check_mount_stat(struct ucred *cred, struct mount *mp,
|
||||
struct label *mntlabel)
|
||||
struct label *mplabel)
|
||||
{
|
||||
|
||||
return (0);
|
||||
@ -790,7 +786,7 @@ stub_check_mount_stat(struct ucred *cred, struct mount *mp,
|
||||
|
||||
static int
|
||||
stub_check_pipe_ioctl(struct ucred *cred, struct pipepair *pp,
|
||||
struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data)
|
||||
struct label *pplabel, unsigned long cmd, void /* caddr_t */ *data)
|
||||
{
|
||||
|
||||
return (0);
|
||||
@ -798,7 +794,7 @@ stub_check_pipe_ioctl(struct ucred *cred, struct pipepair *pp,
|
||||
|
||||
static int
|
||||
stub_check_pipe_poll(struct ucred *cred, struct pipepair *pp,
|
||||
struct label *pipelabel)
|
||||
struct label *pplabel)
|
||||
{
|
||||
|
||||
return (0);
|
||||
@ -806,7 +802,7 @@ stub_check_pipe_poll(struct ucred *cred, struct pipepair *pp,
|
||||
|
||||
static int
|
||||
stub_check_pipe_read(struct ucred *cred, struct pipepair *pp,
|
||||
struct label *pipelabel)
|
||||
struct label *pplabel)
|
||||
{
|
||||
|
||||
return (0);
|
||||
@ -814,7 +810,7 @@ stub_check_pipe_read(struct ucred *cred, struct pipepair *pp,
|
||||
|
||||
static int
|
||||
stub_check_pipe_relabel(struct ucred *cred, struct pipepair *pp,
|
||||
struct label *pipelabel, struct label *newlabel)
|
||||
struct label *pplabel, struct label *newlabel)
|
||||
{
|
||||
|
||||
return (0);
|
||||
@ -822,7 +818,7 @@ stub_check_pipe_relabel(struct ucred *cred, struct pipepair *pp,
|
||||
|
||||
static int
|
||||
stub_check_pipe_stat(struct ucred *cred, struct pipepair *pp,
|
||||
struct label *pipelabel)
|
||||
struct label *pplabel)
|
||||
{
|
||||
|
||||
return (0);
|
||||
@ -830,7 +826,7 @@ stub_check_pipe_stat(struct ucred *cred, struct pipepair *pp,
|
||||
|
||||
static int
|
||||
stub_check_pipe_write(struct ucred *cred, struct pipepair *pp,
|
||||
struct label *pipelabel)
|
||||
struct label *pplabel)
|
||||
{
|
||||
|
||||
return (0);
|
||||
@ -885,28 +881,28 @@ stub_check_posix_sem_wait(struct ucred *cred, struct ksem *ksemptr,
|
||||
}
|
||||
|
||||
static int
|
||||
stub_check_proc_debug(struct ucred *cred, struct proc *proc)
|
||||
stub_check_proc_debug(struct ucred *cred, struct proc *p)
|
||||
{
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
||||
static int
|
||||
stub_check_proc_sched(struct ucred *cred, struct proc *proc)
|
||||
stub_check_proc_sched(struct ucred *cred, struct proc *p)
|
||||
{
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
||||
static int
|
||||
stub_check_proc_signal(struct ucred *cred, struct proc *proc, int signum)
|
||||
stub_check_proc_signal(struct ucred *cred, struct proc *p, int signum)
|
||||
{
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
||||
static int
|
||||
stub_check_proc_wait(struct ucred *cred, struct proc *proc)
|
||||
stub_check_proc_wait(struct ucred *cred, struct proc *p)
|
||||
{
|
||||
|
||||
return (0);
|
||||
@ -993,40 +989,39 @@ stub_check_proc_setresgid(struct ucred *cred, gid_t rgid, gid_t egid,
|
||||
}
|
||||
|
||||
static int
|
||||
stub_check_socket_accept(struct ucred *cred, struct socket *socket,
|
||||
struct label *socketlabel)
|
||||
stub_check_socket_accept(struct ucred *cred, struct socket *so,
|
||||
struct label *solabel)
|
||||
{
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
||||
static int
|
||||
stub_check_socket_bind(struct ucred *cred, struct socket *socket,
|
||||
struct label *socketlabel, struct sockaddr *sockaddr)
|
||||
stub_check_socket_bind(struct ucred *cred, struct socket *so,
|
||||
struct label *solabel, struct sockaddr *sa)
|
||||
{
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
||||
static int
|
||||
stub_check_socket_connect(struct ucred *cred, struct socket *socket,
|
||||
struct label *socketlabel, struct sockaddr *sockaddr)
|
||||
stub_check_socket_connect(struct ucred *cred, struct socket *so,
|
||||
struct label *solabel, struct sockaddr *sa)
|
||||
{
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
||||
static int
|
||||
stub_check_socket_create(struct ucred *cred, int domain, int type,
|
||||
int protocol)
|
||||
stub_check_socket_create(struct ucred *cred, int domain, int type, int proto)
|
||||
{
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
||||
static int
|
||||
stub_check_socket_deliver(struct socket *so, struct label *socketlabel,
|
||||
struct mbuf *m, struct label *mbuflabel)
|
||||
stub_check_socket_deliver(struct socket *so, struct label *solabel,
|
||||
struct mbuf *m, struct label *mlabel)
|
||||
{
|
||||
|
||||
return (0);
|
||||
@ -1034,7 +1029,7 @@ stub_check_socket_deliver(struct socket *so, struct label *socketlabel,
|
||||
|
||||
static int
|
||||
stub_check_socket_listen(struct ucred *cred, struct socket *so,
|
||||
struct label *socketlabel)
|
||||
struct label *solabel)
|
||||
{
|
||||
|
||||
return (0);
|
||||
@ -1042,7 +1037,7 @@ stub_check_socket_listen(struct ucred *cred, struct socket *so,
|
||||
|
||||
static int
|
||||
stub_check_socket_poll(struct ucred *cred, struct socket *so,
|
||||
struct label *socketlabel)
|
||||
struct label *solabel)
|
||||
{
|
||||
|
||||
return (0);
|
||||
@ -1050,22 +1045,22 @@ stub_check_socket_poll(struct ucred *cred, struct socket *so,
|
||||
|
||||
static int
|
||||
stub_check_socket_receive(struct ucred *cred, struct socket *so,
|
||||
struct label *socketlabel)
|
||||
struct label *solabel)
|
||||
{
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
||||
static int
|
||||
stub_check_socket_relabel(struct ucred *cred, struct socket *socket,
|
||||
struct label *socketlabel, struct label *newlabel)
|
||||
stub_check_socket_relabel(struct ucred *cred, struct socket *so,
|
||||
struct label *solabel, struct label *newlabel)
|
||||
{
|
||||
|
||||
return (0);
|
||||
}
|
||||
static int
|
||||
stub_check_socket_send(struct ucred *cred, struct socket *so,
|
||||
struct label *socketlabel)
|
||||
struct label *solabel)
|
||||
{
|
||||
|
||||
return (0);
|
||||
@ -1073,15 +1068,15 @@ stub_check_socket_send(struct ucred *cred, struct socket *so,
|
||||
|
||||
static int
|
||||
stub_check_socket_stat(struct ucred *cred, struct socket *so,
|
||||
struct label *socketlabel)
|
||||
struct label *solabel)
|
||||
{
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
||||
static int
|
||||
stub_check_socket_visible(struct ucred *cred, struct socket *socket,
|
||||
struct label *socketlabel)
|
||||
stub_check_socket_visible(struct ucred *cred, struct socket *so,
|
||||
struct label *solabel)
|
||||
{
|
||||
|
||||
return (0);
|
||||
@ -1089,7 +1084,7 @@ stub_check_socket_visible(struct ucred *cred, struct socket *socket,
|
||||
|
||||
static int
|
||||
stub_check_system_acct(struct ucred *cred, struct vnode *vp,
|
||||
struct label *vlabel)
|
||||
struct label *vplabel)
|
||||
{
|
||||
|
||||
return (0);
|
||||
@ -1104,7 +1099,7 @@ stub_check_system_audit(struct ucred *cred, void *record, int length)
|
||||
|
||||
static int
|
||||
stub_check_system_auditctl(struct ucred *cred, struct vnode *vp,
|
||||
struct label *vlabel)
|
||||
struct label *vplabel)
|
||||
{
|
||||
|
||||
return (0);
|
||||
@ -1126,7 +1121,7 @@ stub_check_system_reboot(struct ucred *cred, int how)
|
||||
|
||||
static int
|
||||
stub_check_system_swapoff(struct ucred *cred, struct vnode *vp,
|
||||
struct label *label)
|
||||
struct label *vplabel)
|
||||
{
|
||||
|
||||
return (0);
|
||||
@ -1134,7 +1129,7 @@ stub_check_system_swapoff(struct ucred *cred, struct vnode *vp,
|
||||
|
||||
static int
|
||||
stub_check_system_swapon(struct ucred *cred, struct vnode *vp,
|
||||
struct label *label)
|
||||
struct label *vplabel)
|
||||
{
|
||||
|
||||
return (0);
|
||||
@ -1150,7 +1145,7 @@ stub_check_system_sysctl(struct ucred *cred, struct sysctl_oid *oidp,
|
||||
|
||||
static int
|
||||
stub_check_vnode_access(struct ucred *cred, struct vnode *vp,
|
||||
struct label *label, int acc_mode)
|
||||
struct label *vplabel, int acc_mode)
|
||||
{
|
||||
|
||||
return (0);
|
||||
@ -1158,7 +1153,7 @@ stub_check_vnode_access(struct ucred *cred, struct vnode *vp,
|
||||
|
||||
static int
|
||||
stub_check_vnode_chdir(struct ucred *cred, struct vnode *dvp,
|
||||
struct label *dlabel)
|
||||
struct label *dvplabel)
|
||||
{
|
||||
|
||||
return (0);
|
||||
@ -1166,7 +1161,7 @@ stub_check_vnode_chdir(struct ucred *cred, struct vnode *dvp,
|
||||
|
||||
static int
|
||||
stub_check_vnode_chroot(struct ucred *cred, struct vnode *dvp,
|
||||
struct label *dlabel)
|
||||
struct label *dvplabel)
|
||||
{
|
||||
|
||||
return (0);
|
||||
@ -1174,7 +1169,7 @@ stub_check_vnode_chroot(struct ucred *cred, struct vnode *dvp,
|
||||
|
||||
static int
|
||||
stub_check_vnode_create(struct ucred *cred, struct vnode *dvp,
|
||||
struct label *dlabel, struct componentname *cnp, struct vattr *vap)
|
||||
struct label *dvplabel, struct componentname *cnp, struct vattr *vap)
|
||||
{
|
||||
|
||||
return (0);
|
||||
@ -1182,7 +1177,7 @@ stub_check_vnode_create(struct ucred *cred, struct vnode *dvp,
|
||||
|
||||
static int
|
||||
stub_check_vnode_delete(struct ucred *cred, struct vnode *dvp,
|
||||
struct label *dlabel, struct vnode *vp, struct label *label,
|
||||
struct label *dvplabel, struct vnode *vp, struct label *vplabel,
|
||||
struct componentname *cnp)
|
||||
{
|
||||
|
||||
@ -1191,7 +1186,7 @@ stub_check_vnode_delete(struct ucred *cred, struct vnode *dvp,
|
||||
|
||||
static int
|
||||
stub_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp,
|
||||
struct label *label, acl_type_t type)
|
||||
struct label *vplabel, acl_type_t type)
|
||||
{
|
||||
|
||||
return (0);
|
||||
@ -1199,7 +1194,7 @@ stub_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp,
|
||||
|
||||
static int
|
||||
stub_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp,
|
||||
struct label *label, int attrnamespace, const char *name)
|
||||
struct label *vplabel, int attrnamespace, const char *name)
|
||||
{
|
||||
|
||||
return (0);
|
||||
@ -1207,7 +1202,7 @@ stub_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp,
|
||||
|
||||
static int
|
||||
stub_check_vnode_exec(struct ucred *cred, struct vnode *vp,
|
||||
struct label *label, struct image_params *imgp,
|
||||
struct label *vplabel, struct image_params *imgp,
|
||||
struct label *execlabel)
|
||||
{
|
||||
|
||||
@ -1216,7 +1211,7 @@ stub_check_vnode_exec(struct ucred *cred, struct vnode *vp,
|
||||
|
||||
static int
|
||||
stub_check_vnode_getacl(struct ucred *cred, struct vnode *vp,
|
||||
struct label *label, acl_type_t type)
|
||||
struct label *vplabel, acl_type_t type)
|
||||
{
|
||||
|
||||
return (0);
|
||||
@ -1224,7 +1219,8 @@ stub_check_vnode_getacl(struct ucred *cred, struct vnode *vp,
|
||||
|
||||
static int
|
||||
stub_check_vnode_getextattr(struct ucred *cred, struct vnode *vp,
|
||||
struct label *label, int attrnamespace, const char *name, struct uio *uio)
|
||||
struct label *vplabel, int attrnamespace, const char *name,
|
||||
struct uio *uio)
|
||||
{
|
||||
|
||||
return (0);
|
||||
@ -1232,7 +1228,7 @@ stub_check_vnode_getextattr(struct ucred *cred, struct vnode *vp,
|
||||
|
||||
static int
|
||||
stub_check_vnode_link(struct ucred *cred, struct vnode *dvp,
|
||||
struct label *dlabel, struct vnode *vp, struct label *label,
|
||||
struct label *dvplabel, struct vnode *vp, struct label *vplabel,
|
||||
struct componentname *cnp)
|
||||
{
|
||||
|
||||
@ -1241,7 +1237,7 @@ stub_check_vnode_link(struct ucred *cred, struct vnode *dvp,
|
||||
|
||||
static int
|
||||
stub_check_vnode_listextattr(struct ucred *cred, struct vnode *vp,
|
||||
struct label *label, int attrnamespace)
|
||||
struct label *vplabel, int attrnamespace)
|
||||
{
|
||||
|
||||
return (0);
|
||||
@ -1249,7 +1245,7 @@ stub_check_vnode_listextattr(struct ucred *cred, struct vnode *vp,
|
||||
|
||||
static int
|
||||
stub_check_vnode_lookup(struct ucred *cred, struct vnode *dvp,
|
||||
struct label *dlabel, struct componentname *cnp)
|
||||
struct label *dvplabel, struct componentname *cnp)
|
||||
{
|
||||
|
||||
return (0);
|
||||
@ -1257,22 +1253,22 @@ stub_check_vnode_lookup(struct ucred *cred, struct vnode *dvp,
|
||||
|
||||
static int
|
||||
stub_check_vnode_mmap(struct ucred *cred, struct vnode *vp,
|
||||
struct label *label, int prot, int flags)
|
||||
struct label *vplabel, int prot, int flags)
|
||||
{
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
||||
static void
|
||||
stub_check_vnode_mmap_downgrade(struct ucred *cred,
|
||||
struct vnode *vp, struct label *label, int *prot)
|
||||
stub_check_vnode_mmap_downgrade(struct ucred *cred, struct vnode *vp,
|
||||
struct label *vplabel, int *prot)
|
||||
{
|
||||
|
||||
}
|
||||
|
||||
static int
|
||||
stub_check_vnode_mprotect(struct ucred *cred,
|
||||
struct vnode *vp, struct label *label, int prot)
|
||||
stub_check_vnode_mprotect(struct ucred *cred, struct vnode *vp,
|
||||
struct label *vplabel, int prot)
|
||||
{
|
||||
|
||||
return (0);
|
||||
@ -1280,7 +1276,7 @@ stub_check_vnode_mprotect(struct ucred *cred,
|
||||
|
||||
static int
|
||||
stub_check_vnode_open(struct ucred *cred, struct vnode *vp,
|
||||
struct label *filelabel, int acc_mode)
|
||||
struct label *vplabel, int acc_mode)
|
||||
{
|
||||
|
||||
return (0);
|
||||
@ -1288,7 +1284,7 @@ stub_check_vnode_open(struct ucred *cred, struct vnode *vp,
|
||||
|
||||
static int
|
||||
stub_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred,
|
||||
struct vnode *vp, struct label *label)
|
||||
struct vnode *vp, struct label *vplabel)
|
||||
{
|
||||
|
||||
return (0);
|
||||
@ -1296,7 +1292,7 @@ stub_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred,
|
||||
|
||||
static int
|
||||
stub_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred,
|
||||
struct vnode *vp, struct label *label)
|
||||
struct vnode *vp, struct label *vplabel)
|
||||
{
|
||||
|
||||
return (0);
|
||||
@ -1304,7 +1300,7 @@ stub_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred,
|
||||
|
||||
static int
|
||||
stub_check_vnode_readdir(struct ucred *cred, struct vnode *vp,
|
||||
struct label *dlabel)
|
||||
struct label *dvplabel)
|
||||
{
|
||||
|
||||
return (0);
|
||||
@ -1312,7 +1308,7 @@ stub_check_vnode_readdir(struct ucred *cred, struct vnode *vp,
|
||||
|
||||
static int
|
||||
stub_check_vnode_readlink(struct ucred *cred, struct vnode *vp,
|
||||
struct label *vnodelabel)
|
||||
struct label *vplabel)
|
||||
{
|
||||
|
||||
return (0);
|
||||
@ -1320,7 +1316,7 @@ stub_check_vnode_readlink(struct ucred *cred, struct vnode *vp,
|
||||
|
||||
static int
|
||||
stub_check_vnode_relabel(struct ucred *cred, struct vnode *vp,
|
||||
struct label *vnodelabel, struct label *newlabel)
|
||||
struct label *vplabel, struct label *newlabel)
|
||||
{
|
||||
|
||||
return (0);
|
||||
@ -1328,7 +1324,7 @@ stub_check_vnode_relabel(struct ucred *cred, struct vnode *vp,
|
||||
|
||||
static int
|
||||
stub_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp,
|
||||
struct label *dlabel, struct vnode *vp, struct label *label,
|
||||
struct label *dvplabel, struct vnode *vp, struct label *vplabel,
|
||||
struct componentname *cnp)
|
||||
{
|
||||
|
||||
@ -1337,8 +1333,8 @@ stub_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp,
|
||||
|
||||
static int
|
||||
stub_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp,
|
||||
struct label *dlabel, struct vnode *vp, struct label *label, int samedir,
|
||||
struct componentname *cnp)
|
||||
struct label *dvplabel, struct vnode *vp, struct label *vplabel,
|
||||
int samedir, struct componentname *cnp)
|
||||
{
|
||||
|
||||
return (0);
|
||||
@ -1346,7 +1342,7 @@ stub_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp,
|
||||
|
||||
static int
|
||||
stub_check_vnode_revoke(struct ucred *cred, struct vnode *vp,
|
||||
struct label *label)
|
||||
struct label *vplabel)
|
||||
{
|
||||
|
||||
return (0);
|
||||
@ -1354,7 +1350,7 @@ stub_check_vnode_revoke(struct ucred *cred, struct vnode *vp,
|
||||
|
||||
static int
|
||||
stub_check_vnode_setacl(struct ucred *cred, struct vnode *vp,
|
||||
struct label *label, acl_type_t type, struct acl *acl)
|
||||
struct label *vplabel, acl_type_t type, struct acl *acl)
|
||||
{
|
||||
|
||||
return (0);
|
||||
@ -1362,7 +1358,8 @@ stub_check_vnode_setacl(struct ucred *cred, struct vnode *vp,
|
||||
|
||||
static int
|
||||
stub_check_vnode_setextattr(struct ucred *cred, struct vnode *vp,
|
||||
struct label *label, int attrnamespace, const char *name, struct uio *uio)
|
||||
struct label *vplabel, int attrnamespace, const char *name,
|
||||
struct uio *uio)
|
||||
{
|
||||
|
||||
return (0);
|
||||
@ -1370,7 +1367,7 @@ stub_check_vnode_setextattr(struct ucred *cred, struct vnode *vp,
|
||||
|
||||
static int
|
||||
stub_check_vnode_setflags(struct ucred *cred, struct vnode *vp,
|
||||
struct label *label, u_long flags)
|
||||
struct label *vplabel, u_long flags)
|
||||
{
|
||||
|
||||
return (0);
|
||||
@ -1378,7 +1375,7 @@ stub_check_vnode_setflags(struct ucred *cred, struct vnode *vp,
|
||||
|
||||
static int
|
||||
stub_check_vnode_setmode(struct ucred *cred, struct vnode *vp,
|
||||
struct label *label, mode_t mode)
|
||||
struct label *vplabel, mode_t mode)
|
||||
{
|
||||
|
||||
return (0);
|
||||
@ -1386,7 +1383,7 @@ stub_check_vnode_setmode(struct ucred *cred, struct vnode *vp,
|
||||
|
||||
static int
|
||||
stub_check_vnode_setowner(struct ucred *cred, struct vnode *vp,
|
||||
struct label *label, uid_t uid, gid_t gid)
|
||||
struct label *vplabel, uid_t uid, gid_t gid)
|
||||
{
|
||||
|
||||
return (0);
|
||||
@ -1394,7 +1391,7 @@ stub_check_vnode_setowner(struct ucred *cred, struct vnode *vp,
|
||||
|
||||
static int
|
||||
stub_check_vnode_setutimes(struct ucred *cred, struct vnode *vp,
|
||||
struct label *label, struct timespec atime, struct timespec mtime)
|
||||
struct label *vplabel, struct timespec atime, struct timespec mtime)
|
||||
{
|
||||
|
||||
return (0);
|
||||
@ -1402,15 +1399,15 @@ stub_check_vnode_setutimes(struct ucred *cred, struct vnode *vp,
|
||||
|
||||
static int
|
||||
stub_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred,
|
||||
struct vnode *vp, struct label *label)
|
||||
struct vnode *vp, struct label *vplabel)
|
||||
{
|
||||
|
||||
return (0);
|
||||
}
|
||||
|
||||
static int
|
||||
stub_check_vnode_write(struct ucred *active_cred,
|
||||
struct ucred *file_cred, struct vnode *vp, struct label *label)
|
||||
stub_check_vnode_write(struct ucred *active_cred, struct ucred *file_cred,
|
||||
struct vnode *vp, struct label *vplabel)
|
||||
{
|
||||
|
||||
return (0);
|
||||
|
@ -594,25 +594,25 @@ mac_test_internalize_label(struct label *label, char *element_name,
|
||||
*/
|
||||
COUNTER_DECL(associate_vnode_devfs);
|
||||
static void
|
||||
mac_test_associate_vnode_devfs(struct mount *mp, struct label *mntlabel,
|
||||
mac_test_associate_vnode_devfs(struct mount *mp, struct label *mplabel,
|
||||
struct devfs_dirent *de, struct label *delabel, struct vnode *vp,
|
||||
struct label *vlabel)
|
||||
struct label *vplabel)
|
||||
{
|
||||
|
||||
LABEL_CHECK(mntlabel, MAGIC_MOUNT);
|
||||
LABEL_CHECK(mplabel, MAGIC_MOUNT);
|
||||
LABEL_CHECK(delabel, MAGIC_DEVFS);
|
||||
LABEL_CHECK(vlabel, MAGIC_VNODE);
|
||||
LABEL_CHECK(vplabel, MAGIC_VNODE);
|
||||
COUNTER_INC(associate_vnode_devfs);
|
||||
}
|
||||
|
||||
COUNTER_DECL(associate_vnode_extattr);
|
||||
static int
|
||||
mac_test_associate_vnode_extattr(struct mount *mp, struct label *mntlabel,
|
||||
struct vnode *vp, struct label *vlabel)
|
||||
mac_test_associate_vnode_extattr(struct mount *mp, struct label *mplabel,
|
||||
struct vnode *vp, struct label *vplabel)
|
||||
{
|
||||
|
||||
LABEL_CHECK(mntlabel, MAGIC_MOUNT);
|
||||
LABEL_CHECK(vlabel, MAGIC_VNODE);
|
||||
LABEL_CHECK(mplabel, MAGIC_MOUNT);
|
||||
LABEL_CHECK(vplabel, MAGIC_VNODE);
|
||||
COUNTER_INC(associate_vnode_extattr);
|
||||
|
||||
return (0);
|
||||
@ -620,34 +620,34 @@ mac_test_associate_vnode_extattr(struct mount *mp, struct label *mntlabel,
|
||||
|
||||
COUNTER_DECL(associate_vnode_singlelabel);
|
||||
static void
|
||||
mac_test_associate_vnode_singlelabel(struct mount *mp,
|
||||
struct label *mntlabel, struct vnode *vp, struct label *vlabel)
|
||||
mac_test_associate_vnode_singlelabel(struct mount *mp, struct label *mplabel,
|
||||
struct vnode *vp, struct label *vplabel)
|
||||
{
|
||||
|
||||
LABEL_CHECK(mntlabel, MAGIC_MOUNT);
|
||||
LABEL_CHECK(vlabel, MAGIC_VNODE);
|
||||
LABEL_CHECK(mplabel, MAGIC_MOUNT);
|
||||
LABEL_CHECK(vplabel, MAGIC_VNODE);
|
||||
COUNTER_INC(associate_vnode_singlelabel);
|
||||
}
|
||||
|
||||
COUNTER_DECL(create_devfs_device);
|
||||
static void
|
||||
mac_test_create_devfs_device(struct ucred *cred, struct mount *mp,
|
||||
struct cdev *dev, struct devfs_dirent *devfs_dirent, struct label *label)
|
||||
struct cdev *dev, struct devfs_dirent *de, struct label *delabel)
|
||||
{
|
||||
|
||||
if (cred != NULL)
|
||||
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
||||
LABEL_CHECK(label, MAGIC_DEVFS);
|
||||
LABEL_CHECK(delabel, MAGIC_DEVFS);
|
||||
COUNTER_INC(create_devfs_device);
|
||||
}
|
||||
|
||||
COUNTER_DECL(create_devfs_directory);
|
||||
static void
|
||||
mac_test_create_devfs_directory(struct mount *mp, char *dirname,
|
||||
int dirnamelen, struct devfs_dirent *devfs_dirent, struct label *label)
|
||||
int dirnamelen, struct devfs_dirent *de, struct label *delabel)
|
||||
{
|
||||
|
||||
LABEL_CHECK(label, MAGIC_DEVFS);
|
||||
LABEL_CHECK(delabel, MAGIC_DEVFS);
|
||||
COUNTER_INC(create_devfs_directory);
|
||||
}
|
||||
|
||||
@ -667,13 +667,13 @@ mac_test_create_devfs_symlink(struct ucred *cred, struct mount *mp,
|
||||
COUNTER_DECL(create_vnode_extattr);
|
||||
static int
|
||||
mac_test_create_vnode_extattr(struct ucred *cred, struct mount *mp,
|
||||
struct label *mntlabel, struct vnode *dvp, struct label *dlabel,
|
||||
struct vnode *vp, struct label *vlabel, struct componentname *cnp)
|
||||
struct label *mplabel, struct vnode *dvp, struct label *dvplabel,
|
||||
struct vnode *vp, struct label *vplabel, struct componentname *cnp)
|
||||
{
|
||||
|
||||
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
||||
LABEL_CHECK(mntlabel, MAGIC_MOUNT);
|
||||
LABEL_CHECK(dlabel, MAGIC_VNODE);
|
||||
LABEL_CHECK(mplabel, MAGIC_MOUNT);
|
||||
LABEL_CHECK(dvplabel, MAGIC_VNODE);
|
||||
COUNTER_INC(create_vnode_extattr);
|
||||
|
||||
return (0);
|
||||
@ -682,22 +682,22 @@ mac_test_create_vnode_extattr(struct ucred *cred, struct mount *mp,
|
||||
COUNTER_DECL(create_mount);
|
||||
static void
|
||||
mac_test_create_mount(struct ucred *cred, struct mount *mp,
|
||||
struct label *mntlabel)
|
||||
struct label *mplabel)
|
||||
{
|
||||
|
||||
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
||||
LABEL_CHECK(mntlabel, MAGIC_MOUNT);
|
||||
LABEL_CHECK(mplabel, MAGIC_MOUNT);
|
||||
COUNTER_INC(create_mount);
|
||||
}
|
||||
|
||||
COUNTER_DECL(relabel_vnode);
|
||||
static void
|
||||
mac_test_relabel_vnode(struct ucred *cred, struct vnode *vp,
|
||||
struct label *vnodelabel, struct label *label)
|
||||
struct label *vplabel, struct label *label)
|
||||
{
|
||||
|
||||
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
||||
LABEL_CHECK(vnodelabel, MAGIC_VNODE);
|
||||
LABEL_CHECK(vplabel, MAGIC_VNODE);
|
||||
LABEL_CHECK(label, MAGIC_VNODE);
|
||||
COUNTER_INC(relabel_vnode);
|
||||
}
|
||||
@ -705,11 +705,11 @@ mac_test_relabel_vnode(struct ucred *cred, struct vnode *vp,
|
||||
COUNTER_DECL(setlabel_vnode_extattr);
|
||||
static int
|
||||
mac_test_setlabel_vnode_extattr(struct ucred *cred, struct vnode *vp,
|
||||
struct label *vlabel, struct label *intlabel)
|
||||
struct label *vplabel, struct label *intlabel)
|
||||
{
|
||||
|
||||
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
||||
LABEL_CHECK(vlabel, MAGIC_VNODE);
|
||||
LABEL_CHECK(vplabel, MAGIC_VNODE);
|
||||
LABEL_CHECK(intlabel, MAGIC_VNODE);
|
||||
COUNTER_INC(setlabel_vnode_extattr);
|
||||
|
||||
@ -720,11 +720,11 @@ COUNTER_DECL(update_devfsdirent);
|
||||
static void
|
||||
mac_test_update_devfsdirent(struct mount *mp,
|
||||
struct devfs_dirent *devfs_dirent, struct label *direntlabel,
|
||||
struct vnode *vp, struct label *vnodelabel)
|
||||
struct vnode *vp, struct label *vplabel)
|
||||
{
|
||||
|
||||
LABEL_CHECK(direntlabel, MAGIC_DEVFS);
|
||||
LABEL_CHECK(vnodelabel, MAGIC_VNODE);
|
||||
LABEL_CHECK(vplabel, MAGIC_VNODE);
|
||||
COUNTER_INC(update_devfsdirent);
|
||||
}
|
||||
|
||||
@ -1082,14 +1082,14 @@ COUNTER_DECL(execve_transition);
|
||||
static void
|
||||
mac_test_execve_transition(struct ucred *old, struct ucred *new,
|
||||
struct vnode *vp, struct label *filelabel,
|
||||
struct label *interpvnodelabel, struct image_params *imgp,
|
||||
struct label *interpvplabel, struct image_params *imgp,
|
||||
struct label *execlabel)
|
||||
{
|
||||
|
||||
LABEL_CHECK(old->cr_label, MAGIC_CRED);
|
||||
LABEL_CHECK(new->cr_label, MAGIC_CRED);
|
||||
LABEL_CHECK(filelabel, MAGIC_VNODE);
|
||||
LABEL_CHECK(interpvnodelabel, MAGIC_VNODE);
|
||||
LABEL_CHECK(interpvplabel, MAGIC_VNODE);
|
||||
LABEL_CHECK(execlabel, MAGIC_CRED);
|
||||
COUNTER_INC(execve_transition);
|
||||
}
|
||||
@ -1097,13 +1097,13 @@ mac_test_execve_transition(struct ucred *old, struct ucred *new,
|
||||
COUNTER_DECL(execve_will_transition);
|
||||
static int
|
||||
mac_test_execve_will_transition(struct ucred *old, struct vnode *vp,
|
||||
struct label *filelabel, struct label *interpvnodelabel,
|
||||
struct label *filelabel, struct label *interpvplabel,
|
||||
struct image_params *imgp, struct label *execlabel)
|
||||
{
|
||||
|
||||
LABEL_CHECK(old->cr_label, MAGIC_CRED);
|
||||
LABEL_CHECK(filelabel, MAGIC_VNODE);
|
||||
LABEL_CHECK(interpvnodelabel, MAGIC_VNODE);
|
||||
LABEL_CHECK(interpvplabel, MAGIC_VNODE);
|
||||
LABEL_CHECK(execlabel, MAGIC_CRED);
|
||||
COUNTER_INC(execve_will_transition);
|
||||
|
||||
@ -1520,11 +1520,11 @@ mac_test_check_kld_stat(struct ucred *cred)
|
||||
COUNTER_DECL(check_mount_stat);
|
||||
static int
|
||||
mac_test_check_mount_stat(struct ucred *cred, struct mount *mp,
|
||||
struct label *mntlabel)
|
||||
struct label *mplabel)
|
||||
{
|
||||
|
||||
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
||||
LABEL_CHECK(mntlabel, MAGIC_MOUNT);
|
||||
LABEL_CHECK(mplabel, MAGIC_MOUNT);
|
||||
COUNTER_INC(check_mount_stat);
|
||||
|
||||
return (0);
|
||||
@ -1624,11 +1624,11 @@ mac_test_check_posix_sem(struct ucred *cred, struct ksem *ksemptr,
|
||||
|
||||
COUNTER_DECL(check_proc_debug);
|
||||
static int
|
||||
mac_test_check_proc_debug(struct ucred *cred, struct proc *proc)
|
||||
mac_test_check_proc_debug(struct ucred *cred, struct proc *p)
|
||||
{
|
||||
|
||||
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
||||
LABEL_CHECK(proc->p_ucred->cr_label, MAGIC_CRED);
|
||||
LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED);
|
||||
COUNTER_INC(check_proc_debug);
|
||||
|
||||
return (0);
|
||||
@ -1636,11 +1636,11 @@ mac_test_check_proc_debug(struct ucred *cred, struct proc *proc)
|
||||
|
||||
COUNTER_DECL(check_proc_sched);
|
||||
static int
|
||||
mac_test_check_proc_sched(struct ucred *cred, struct proc *proc)
|
||||
mac_test_check_proc_sched(struct ucred *cred, struct proc *p)
|
||||
{
|
||||
|
||||
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
||||
LABEL_CHECK(proc->p_ucred->cr_label, MAGIC_CRED);
|
||||
LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED);
|
||||
COUNTER_INC(check_proc_sched);
|
||||
|
||||
return (0);
|
||||
@ -1648,11 +1648,11 @@ mac_test_check_proc_sched(struct ucred *cred, struct proc *proc)
|
||||
|
||||
COUNTER_DECL(check_proc_signal);
|
||||
static int
|
||||
mac_test_check_proc_signal(struct ucred *cred, struct proc *proc, int signum)
|
||||
mac_test_check_proc_signal(struct ucred *cred, struct proc *p, int signum)
|
||||
{
|
||||
|
||||
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
||||
LABEL_CHECK(proc->p_ucred->cr_label, MAGIC_CRED);
|
||||
LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED);
|
||||
COUNTER_INC(check_proc_signal);
|
||||
|
||||
return (0);
|
||||
@ -1784,11 +1784,11 @@ mac_test_check_proc_setresgid(struct ucred *cred, gid_t rgid, gid_t egid,
|
||||
|
||||
COUNTER_DECL(check_proc_wait);
|
||||
static int
|
||||
mac_test_check_proc_wait(struct ucred *cred, struct proc *proc)
|
||||
mac_test_check_proc_wait(struct ucred *cred, struct proc *p)
|
||||
{
|
||||
|
||||
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
||||
LABEL_CHECK(proc->p_ucred->cr_label, MAGIC_CRED);
|
||||
LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED);
|
||||
COUNTER_INC(check_proc_wait);
|
||||
|
||||
return (0);
|
||||
@ -1796,12 +1796,12 @@ mac_test_check_proc_wait(struct ucred *cred, struct proc *proc)
|
||||
|
||||
COUNTER_DECL(check_socket_accept);
|
||||
static int
|
||||
mac_test_check_socket_accept(struct ucred *cred, struct socket *socket,
|
||||
struct label *socketlabel)
|
||||
mac_test_check_socket_accept(struct ucred *cred, struct socket *so,
|
||||
struct label *solabel)
|
||||
{
|
||||
|
||||
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
||||
LABEL_CHECK(socketlabel, MAGIC_SOCKET);
|
||||
LABEL_CHECK(solabel, MAGIC_SOCKET);
|
||||
COUNTER_INC(check_socket_accept);
|
||||
|
||||
return (0);
|
||||
@ -1809,12 +1809,12 @@ mac_test_check_socket_accept(struct ucred *cred, struct socket *socket,
|
||||
|
||||
COUNTER_DECL(check_socket_bind);
|
||||
static int
|
||||
mac_test_check_socket_bind(struct ucred *cred, struct socket *socket,
|
||||
struct label *socketlabel, struct sockaddr *sockaddr)
|
||||
mac_test_check_socket_bind(struct ucred *cred, struct socket *so,
|
||||
struct label *solabel, struct sockaddr *sa)
|
||||
{
|
||||
|
||||
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
||||
LABEL_CHECK(socketlabel, MAGIC_SOCKET);
|
||||
LABEL_CHECK(solabel, MAGIC_SOCKET);
|
||||
COUNTER_INC(check_socket_bind);
|
||||
|
||||
return (0);
|
||||
@ -1822,12 +1822,12 @@ mac_test_check_socket_bind(struct ucred *cred, struct socket *socket,
|
||||
|
||||
COUNTER_DECL(check_socket_connect);
|
||||
static int
|
||||
mac_test_check_socket_connect(struct ucred *cred, struct socket *socket,
|
||||
struct label *socketlabel, struct sockaddr *sockaddr)
|
||||
mac_test_check_socket_connect(struct ucred *cred, struct socket *so,
|
||||
struct label *solabel, struct sockaddr *sa)
|
||||
{
|
||||
|
||||
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
||||
LABEL_CHECK(socketlabel, MAGIC_SOCKET);
|
||||
LABEL_CHECK(solabel, MAGIC_SOCKET);
|
||||
COUNTER_INC(check_socket_connect);
|
||||
|
||||
return (0);
|
||||
@ -1835,12 +1835,12 @@ mac_test_check_socket_connect(struct ucred *cred, struct socket *socket,
|
||||
|
||||
COUNTER_DECL(check_socket_deliver);
|
||||
static int
|
||||
mac_test_check_socket_deliver(struct socket *socket, struct label *socketlabel,
|
||||
struct mbuf *m, struct label *mbuflabel)
|
||||
mac_test_check_socket_deliver(struct socket *so, struct label *solabel,
|
||||
struct mbuf *m, struct label *mlabel)
|
||||
{
|
||||
|
||||
LABEL_CHECK(socketlabel, MAGIC_SOCKET);
|
||||
LABEL_CHECK(mbuflabel, MAGIC_MBUF);
|
||||
LABEL_CHECK(solabel, MAGIC_SOCKET);
|
||||
LABEL_CHECK(mlabel, MAGIC_MBUF);
|
||||
COUNTER_INC(check_socket_deliver);
|
||||
|
||||
return (0);
|
||||
@ -1848,12 +1848,12 @@ mac_test_check_socket_deliver(struct socket *socket, struct label *socketlabel,
|
||||
|
||||
COUNTER_DECL(check_socket_listen);
|
||||
static int
|
||||
mac_test_check_socket_listen(struct ucred *cred, struct socket *socket,
|
||||
struct label *socketlabel)
|
||||
mac_test_check_socket_listen(struct ucred *cred, struct socket *so,
|
||||
struct label *solabel)
|
||||
{
|
||||
|
||||
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
||||
LABEL_CHECK(socketlabel, MAGIC_SOCKET);
|
||||
LABEL_CHECK(solabel, MAGIC_SOCKET);
|
||||
COUNTER_INC(check_socket_listen);
|
||||
|
||||
return (0);
|
||||
@ -1861,12 +1861,12 @@ mac_test_check_socket_listen(struct ucred *cred, struct socket *socket,
|
||||
|
||||
COUNTER_DECL(check_socket_poll);
|
||||
static int
|
||||
mac_test_check_socket_poll(struct ucred *cred, struct socket *socket,
|
||||
struct label *socketlabel)
|
||||
mac_test_check_socket_poll(struct ucred *cred, struct socket *so,
|
||||
struct label *solabel)
|
||||
{
|
||||
|
||||
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
||||
LABEL_CHECK(socketlabel, MAGIC_SOCKET);
|
||||
LABEL_CHECK(solabel, MAGIC_SOCKET);
|
||||
COUNTER_INC(check_socket_poll);
|
||||
|
||||
return (0);
|
||||
@ -1874,12 +1874,12 @@ mac_test_check_socket_poll(struct ucred *cred, struct socket *socket,
|
||||
|
||||
COUNTER_DECL(check_socket_receive);
|
||||
static int
|
||||
mac_test_check_socket_receive(struct ucred *cred, struct socket *socket,
|
||||
struct label *socketlabel)
|
||||
mac_test_check_socket_receive(struct ucred *cred, struct socket *so,
|
||||
struct label *solabel)
|
||||
{
|
||||
|
||||
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
||||
LABEL_CHECK(socketlabel, MAGIC_SOCKET);
|
||||
LABEL_CHECK(solabel, MAGIC_SOCKET);
|
||||
COUNTER_INC(check_socket_receive);
|
||||
|
||||
return (0);
|
||||
@ -1887,12 +1887,12 @@ mac_test_check_socket_receive(struct ucred *cred, struct socket *socket,
|
||||
|
||||
COUNTER_DECL(check_socket_relabel);
|
||||
static int
|
||||
mac_test_check_socket_relabel(struct ucred *cred, struct socket *socket,
|
||||
struct label *socketlabel, struct label *newlabel)
|
||||
mac_test_check_socket_relabel(struct ucred *cred, struct socket *so,
|
||||
struct label *solabel, struct label *newlabel)
|
||||
{
|
||||
|
||||
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
||||
LABEL_CHECK(socketlabel, MAGIC_SOCKET);
|
||||
LABEL_CHECK(solabel, MAGIC_SOCKET);
|
||||
LABEL_CHECK(newlabel, MAGIC_SOCKET);
|
||||
COUNTER_INC(check_socket_relabel);
|
||||
|
||||
@ -1901,12 +1901,12 @@ mac_test_check_socket_relabel(struct ucred *cred, struct socket *socket,
|
||||
|
||||
COUNTER_DECL(check_socket_send);
|
||||
static int
|
||||
mac_test_check_socket_send(struct ucred *cred, struct socket *socket,
|
||||
struct label *socketlabel)
|
||||
mac_test_check_socket_send(struct ucred *cred, struct socket *so,
|
||||
struct label *solabel)
|
||||
{
|
||||
|
||||
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
||||
LABEL_CHECK(socketlabel, MAGIC_SOCKET);
|
||||
LABEL_CHECK(solabel, MAGIC_SOCKET);
|
||||
COUNTER_INC(check_socket_send);
|
||||
|
||||
return (0);
|
||||
@ -1914,12 +1914,12 @@ mac_test_check_socket_send(struct ucred *cred, struct socket *socket,
|
||||
|
||||
COUNTER_DECL(check_socket_stat);
|
||||
static int
|
||||
mac_test_check_socket_stat(struct ucred *cred, struct socket *socket,
|
||||
struct label *socketlabel)
|
||||
mac_test_check_socket_stat(struct ucred *cred, struct socket *so,
|
||||
struct label *solabel)
|
||||
{
|
||||
|
||||
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
||||
LABEL_CHECK(socketlabel, MAGIC_SOCKET);
|
||||
LABEL_CHECK(solabel, MAGIC_SOCKET);
|
||||
COUNTER_INC(check_socket_stat);
|
||||
|
||||
return (0);
|
||||
@ -1927,12 +1927,12 @@ mac_test_check_socket_stat(struct ucred *cred, struct socket *socket,
|
||||
|
||||
COUNTER_DECL(check_socket_visible);
|
||||
static int
|
||||
mac_test_check_socket_visible(struct ucred *cred, struct socket *socket,
|
||||
struct label *socketlabel)
|
||||
mac_test_check_socket_visible(struct ucred *cred, struct socket *so,
|
||||
struct label *solabel)
|
||||
{
|
||||
|
||||
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
||||
LABEL_CHECK(socketlabel, MAGIC_SOCKET);
|
||||
LABEL_CHECK(solabel, MAGIC_SOCKET);
|
||||
COUNTER_INC(check_socket_visible);
|
||||
|
||||
return (0);
|
||||
@ -1941,11 +1941,11 @@ mac_test_check_socket_visible(struct ucred *cred, struct socket *socket,
|
||||
COUNTER_DECL(check_system_acct);
|
||||
static int
|
||||
mac_test_check_system_acct(struct ucred *cred, struct vnode *vp,
|
||||
struct label *label)
|
||||
struct label *vplabel)
|
||||
{
|
||||
|
||||
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
||||
LABEL_CHECK(label, MAGIC_VNODE);
|
||||
LABEL_CHECK(vplabel, MAGIC_VNODE);
|
||||
COUNTER_INC(check_system_acct);
|
||||
|
||||
return (0);
|
||||
@ -1965,11 +1965,11 @@ mac_test_check_system_audit(struct ucred *cred, void *record, int length)
|
||||
COUNTER_DECL(check_system_auditctl);
|
||||
static int
|
||||
mac_test_check_system_auditctl(struct ucred *cred, struct vnode *vp,
|
||||
struct label *label)
|
||||
struct label *vplabel)
|
||||
{
|
||||
|
||||
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
||||
LABEL_CHECK(label, MAGIC_VNODE);
|
||||
LABEL_CHECK(vplabel, MAGIC_VNODE);
|
||||
COUNTER_INC(check_system_auditctl);
|
||||
|
||||
return (0);
|
||||
@ -2000,11 +2000,11 @@ mac_test_check_system_reboot(struct ucred *cred, int how)
|
||||
COUNTER_DECL(check_system_swapoff);
|
||||
static int
|
||||
mac_test_check_system_swapoff(struct ucred *cred, struct vnode *vp,
|
||||
struct label *label)
|
||||
struct label *vplabel)
|
||||
{
|
||||
|
||||
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
||||
LABEL_CHECK(label, MAGIC_VNODE);
|
||||
LABEL_CHECK(vplabel, MAGIC_VNODE);
|
||||
COUNTER_INC(check_system_swapoff);
|
||||
|
||||
return (0);
|
||||
@ -2013,11 +2013,11 @@ mac_test_check_system_swapoff(struct ucred *cred, struct vnode *vp,
|
||||
COUNTER_DECL(check_system_swapon);
|
||||
static int
|
||||
mac_test_check_system_swapon(struct ucred *cred, struct vnode *vp,
|
||||
struct label *label)
|
||||
struct label *vplabel)
|
||||
{
|
||||
|
||||
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
||||
LABEL_CHECK(label, MAGIC_VNODE);
|
||||
LABEL_CHECK(vplabel, MAGIC_VNODE);
|
||||
COUNTER_INC(check_system_swapon);
|
||||
|
||||
return (0);
|
||||
@ -2038,11 +2038,11 @@ mac_test_check_system_sysctl(struct ucred *cred, struct sysctl_oid *oidp,
|
||||
COUNTER_DECL(check_vnode_access);
|
||||
static int
|
||||
mac_test_check_vnode_access(struct ucred *cred, struct vnode *vp,
|
||||
struct label *label, int acc_mode)
|
||||
struct label *vplabel, int acc_mode)
|
||||
{
|
||||
|
||||
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
||||
LABEL_CHECK(label, MAGIC_VNODE);
|
||||
LABEL_CHECK(vplabel, MAGIC_VNODE);
|
||||
COUNTER_INC(check_vnode_access);
|
||||
|
||||
return (0);
|
||||
@ -2051,11 +2051,11 @@ mac_test_check_vnode_access(struct ucred *cred, struct vnode *vp,
|
||||
COUNTER_DECL(check_vnode_chdir);
|
||||
static int
|
||||
mac_test_check_vnode_chdir(struct ucred *cred, struct vnode *dvp,
|
||||
struct label *dlabel)
|
||||
struct label *dvplabel)
|
||||
{
|
||||
|
||||
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
||||
LABEL_CHECK(dlabel, MAGIC_VNODE);
|
||||
LABEL_CHECK(dvplabel, MAGIC_VNODE);
|
||||
COUNTER_INC(check_vnode_chdir);
|
||||
|
||||
return (0);
|
||||
@ -2064,11 +2064,11 @@ mac_test_check_vnode_chdir(struct ucred *cred, struct vnode *dvp,
|
||||
COUNTER_DECL(check_vnode_chroot);
|
||||
static int
|
||||
mac_test_check_vnode_chroot(struct ucred *cred, struct vnode *dvp,
|
||||
struct label *dlabel)
|
||||
struct label *dvplabel)
|
||||
{
|
||||
|
||||
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
||||
LABEL_CHECK(dlabel, MAGIC_VNODE);
|
||||
LABEL_CHECK(dvplabel, MAGIC_VNODE);
|
||||
COUNTER_INC(check_vnode_chroot);
|
||||
|
||||
return (0);
|
||||
@ -2077,11 +2077,11 @@ mac_test_check_vnode_chroot(struct ucred *cred, struct vnode *dvp,
|
||||
COUNTER_DECL(check_vnode_create);
|
||||
static int
|
||||
mac_test_check_vnode_create(struct ucred *cred, struct vnode *dvp,
|
||||
struct label *dlabel, struct componentname *cnp, struct vattr *vap)
|
||||
struct label *dvplabel, struct componentname *cnp, struct vattr *vap)
|
||||
{
|
||||
|
||||
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
||||
LABEL_CHECK(dlabel, MAGIC_VNODE);
|
||||
LABEL_CHECK(dvplabel, MAGIC_VNODE);
|
||||
COUNTER_INC(check_vnode_create);
|
||||
|
||||
return (0);
|
||||
@ -2090,13 +2090,13 @@ mac_test_check_vnode_create(struct ucred *cred, struct vnode *dvp,
|
||||
COUNTER_DECL(check_vnode_delete);
|
||||
static int
|
||||
mac_test_check_vnode_delete(struct ucred *cred, struct vnode *dvp,
|
||||
struct label *dlabel, struct vnode *vp, struct label *label,
|
||||
struct label *dvplabel, struct vnode *vp, struct label *vplabel,
|
||||
struct componentname *cnp)
|
||||
{
|
||||
|
||||
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
||||
LABEL_CHECK(dlabel, MAGIC_VNODE);
|
||||
LABEL_CHECK(label, MAGIC_VNODE);
|
||||
LABEL_CHECK(dvplabel, MAGIC_VNODE);
|
||||
LABEL_CHECK(vplabel, MAGIC_VNODE);
|
||||
COUNTER_INC(check_vnode_delete);
|
||||
|
||||
return (0);
|
||||
@ -2105,11 +2105,11 @@ mac_test_check_vnode_delete(struct ucred *cred, struct vnode *dvp,
|
||||
COUNTER_DECL(check_vnode_deleteacl);
|
||||
static int
|
||||
mac_test_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp,
|
||||
struct label *label, acl_type_t type)
|
||||
struct label *vplabel, acl_type_t type)
|
||||
{
|
||||
|
||||
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
||||
LABEL_CHECK(label, MAGIC_VNODE);
|
||||
LABEL_CHECK(vplabel, MAGIC_VNODE);
|
||||
COUNTER_INC(check_vnode_deleteacl);
|
||||
|
||||
return (0);
|
||||
@ -2118,11 +2118,11 @@ mac_test_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp,
|
||||
COUNTER_DECL(check_vnode_deleteextattr);
|
||||
static int
|
||||
mac_test_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp,
|
||||
struct label *label, int attrnamespace, const char *name)
|
||||
struct label *vplabel, int attrnamespace, const char *name)
|
||||
{
|
||||
|
||||
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
||||
LABEL_CHECK(label, MAGIC_VNODE);
|
||||
LABEL_CHECK(vplabel, MAGIC_VNODE);
|
||||
COUNTER_INC(check_vnode_deleteextattr);
|
||||
|
||||
return (0);
|
||||
@ -2131,12 +2131,12 @@ mac_test_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp,
|
||||
COUNTER_DECL(check_vnode_exec);
|
||||
static int
|
||||
mac_test_check_vnode_exec(struct ucred *cred, struct vnode *vp,
|
||||
struct label *label, struct image_params *imgp,
|
||||
struct label *vplabel, struct image_params *imgp,
|
||||
struct label *execlabel)
|
||||
{
|
||||
|
||||
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
||||
LABEL_CHECK(label, MAGIC_VNODE);
|
||||
LABEL_CHECK(vplabel, MAGIC_VNODE);
|
||||
LABEL_CHECK(execlabel, MAGIC_CRED);
|
||||
COUNTER_INC(check_vnode_exec);
|
||||
|
||||
@ -2146,11 +2146,11 @@ mac_test_check_vnode_exec(struct ucred *cred, struct vnode *vp,
|
||||
COUNTER_DECL(check_vnode_getacl);
|
||||
static int
|
||||
mac_test_check_vnode_getacl(struct ucred *cred, struct vnode *vp,
|
||||
struct label *label, acl_type_t type)
|
||||
struct label *vplabel, acl_type_t type)
|
||||
{
|
||||
|
||||
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
||||
LABEL_CHECK(label, MAGIC_VNODE);
|
||||
LABEL_CHECK(vplabel, MAGIC_VNODE);
|
||||
COUNTER_INC(check_vnode_getacl);
|
||||
|
||||
return (0);
|
||||
@ -2159,11 +2159,12 @@ mac_test_check_vnode_getacl(struct ucred *cred, struct vnode *vp,
|
||||
COUNTER_DECL(check_vnode_getextattr);
|
||||
static int
|
||||
mac_test_check_vnode_getextattr(struct ucred *cred, struct vnode *vp,
|
||||
struct label *label, int attrnamespace, const char *name, struct uio *uio)
|
||||
struct label *vplabel, int attrnamespace, const char *name,
|
||||
struct uio *uio)
|
||||
{
|
||||
|
||||
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
||||
LABEL_CHECK(label, MAGIC_VNODE);
|
||||
LABEL_CHECK(vplabel, MAGIC_VNODE);
|
||||
COUNTER_INC(check_vnode_getextattr);
|
||||
|
||||
return (0);
|
||||
@ -2172,13 +2173,13 @@ mac_test_check_vnode_getextattr(struct ucred *cred, struct vnode *vp,
|
||||
COUNTER_DECL(check_vnode_link);
|
||||
static int
|
||||
mac_test_check_vnode_link(struct ucred *cred, struct vnode *dvp,
|
||||
struct label *dlabel, struct vnode *vp, struct label *label,
|
||||
struct label *dvplabel, struct vnode *vp, struct label *vplabel,
|
||||
struct componentname *cnp)
|
||||
{
|
||||
|
||||
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
||||
LABEL_CHECK(dlabel, MAGIC_VNODE);
|
||||
LABEL_CHECK(label, MAGIC_VNODE);
|
||||
LABEL_CHECK(dvplabel, MAGIC_VNODE);
|
||||
LABEL_CHECK(vplabel, MAGIC_VNODE);
|
||||
COUNTER_INC(check_vnode_link);
|
||||
|
||||
return (0);
|
||||
@ -2187,11 +2188,11 @@ mac_test_check_vnode_link(struct ucred *cred, struct vnode *dvp,
|
||||
COUNTER_DECL(check_vnode_listextattr);
|
||||
static int
|
||||
mac_test_check_vnode_listextattr(struct ucred *cred, struct vnode *vp,
|
||||
struct label *label, int attrnamespace)
|
||||
struct label *vplabel, int attrnamespace)
|
||||
{
|
||||
|
||||
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
||||
LABEL_CHECK(label, MAGIC_VNODE);
|
||||
LABEL_CHECK(vplabel, MAGIC_VNODE);
|
||||
COUNTER_INC(check_vnode_listextattr);
|
||||
|
||||
return (0);
|
||||
@ -2200,11 +2201,11 @@ mac_test_check_vnode_listextattr(struct ucred *cred, struct vnode *vp,
|
||||
COUNTER_DECL(check_vnode_lookup);
|
||||
static int
|
||||
mac_test_check_vnode_lookup(struct ucred *cred, struct vnode *dvp,
|
||||
struct label *dlabel, struct componentname *cnp)
|
||||
struct label *dvplabel, struct componentname *cnp)
|
||||
{
|
||||
|
||||
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
||||
LABEL_CHECK(dlabel, MAGIC_VNODE);
|
||||
LABEL_CHECK(dvplabel, MAGIC_VNODE);
|
||||
COUNTER_INC(check_vnode_lookup);
|
||||
|
||||
return (0);
|
||||
@ -2213,11 +2214,11 @@ mac_test_check_vnode_lookup(struct ucred *cred, struct vnode *dvp,
|
||||
COUNTER_DECL(check_vnode_mmap);
|
||||
static int
|
||||
mac_test_check_vnode_mmap(struct ucred *cred, struct vnode *vp,
|
||||
struct label *label, int prot, int flags)
|
||||
struct label *vplabel, int prot, int flags)
|
||||
{
|
||||
|
||||
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
||||
LABEL_CHECK(label, MAGIC_VNODE);
|
||||
LABEL_CHECK(vplabel, MAGIC_VNODE);
|
||||
COUNTER_INC(check_vnode_mmap);
|
||||
|
||||
return (0);
|
||||
@ -2226,11 +2227,11 @@ mac_test_check_vnode_mmap(struct ucred *cred, struct vnode *vp,
|
||||
COUNTER_DECL(check_vnode_open);
|
||||
static int
|
||||
mac_test_check_vnode_open(struct ucred *cred, struct vnode *vp,
|
||||
struct label *filelabel, int acc_mode)
|
||||
struct label *vplabel, int acc_mode)
|
||||
{
|
||||
|
||||
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
||||
LABEL_CHECK(filelabel, MAGIC_VNODE);
|
||||
LABEL_CHECK(vplabel, MAGIC_VNODE);
|
||||
COUNTER_INC(check_vnode_open);
|
||||
|
||||
return (0);
|
||||
@ -2239,13 +2240,13 @@ mac_test_check_vnode_open(struct ucred *cred, struct vnode *vp,
|
||||
COUNTER_DECL(check_vnode_poll);
|
||||
static int
|
||||
mac_test_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred,
|
||||
struct vnode *vp, struct label *label)
|
||||
struct vnode *vp, struct label *vplabel)
|
||||
{
|
||||
|
||||
LABEL_CHECK(active_cred->cr_label, MAGIC_CRED);
|
||||
if (file_cred != NULL)
|
||||
LABEL_CHECK(file_cred->cr_label, MAGIC_CRED);
|
||||
LABEL_CHECK(label, MAGIC_VNODE);
|
||||
LABEL_CHECK(vplabel, MAGIC_VNODE);
|
||||
COUNTER_INC(check_vnode_poll);
|
||||
|
||||
return (0);
|
||||
@ -2254,13 +2255,13 @@ mac_test_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred,
|
||||
COUNTER_DECL(check_vnode_read);
|
||||
static int
|
||||
mac_test_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred,
|
||||
struct vnode *vp, struct label *label)
|
||||
struct vnode *vp, struct label *vplabel)
|
||||
{
|
||||
|
||||
LABEL_CHECK(active_cred->cr_label, MAGIC_CRED);
|
||||
if (file_cred != NULL)
|
||||
LABEL_CHECK(file_cred->cr_label, MAGIC_CRED);
|
||||
LABEL_CHECK(label, MAGIC_VNODE);
|
||||
LABEL_CHECK(vplabel, MAGIC_VNODE);
|
||||
COUNTER_INC(check_vnode_read);
|
||||
|
||||
return (0);
|
||||
@ -2269,11 +2270,11 @@ mac_test_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred,
|
||||
COUNTER_DECL(check_vnode_readdir);
|
||||
static int
|
||||
mac_test_check_vnode_readdir(struct ucred *cred, struct vnode *dvp,
|
||||
struct label *dlabel)
|
||||
struct label *dvplabel)
|
||||
{
|
||||
|
||||
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
||||
LABEL_CHECK(dlabel, MAGIC_VNODE);
|
||||
LABEL_CHECK(dvplabel, MAGIC_VNODE);
|
||||
COUNTER_INC(check_vnode_readdir);
|
||||
|
||||
return (0);
|
||||
@ -2282,11 +2283,11 @@ mac_test_check_vnode_readdir(struct ucred *cred, struct vnode *dvp,
|
||||
COUNTER_DECL(check_vnode_readlink);
|
||||
static int
|
||||
mac_test_check_vnode_readlink(struct ucred *cred, struct vnode *vp,
|
||||
struct label *vnodelabel)
|
||||
struct label *vplabel)
|
||||
{
|
||||
|
||||
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
||||
LABEL_CHECK(vnodelabel, MAGIC_VNODE);
|
||||
LABEL_CHECK(vplabel, MAGIC_VNODE);
|
||||
COUNTER_INC(check_vnode_readlink);
|
||||
|
||||
return (0);
|
||||
@ -2295,11 +2296,11 @@ mac_test_check_vnode_readlink(struct ucred *cred, struct vnode *vp,
|
||||
COUNTER_DECL(check_vnode_relabel);
|
||||
static int
|
||||
mac_test_check_vnode_relabel(struct ucred *cred, struct vnode *vp,
|
||||
struct label *vnodelabel, struct label *newlabel)
|
||||
struct label *vplabel, struct label *newlabel)
|
||||
{
|
||||
|
||||
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
||||
LABEL_CHECK(vnodelabel, MAGIC_VNODE);
|
||||
LABEL_CHECK(vplabel, MAGIC_VNODE);
|
||||
LABEL_CHECK(newlabel, MAGIC_VNODE);
|
||||
COUNTER_INC(check_vnode_relabel);
|
||||
|
||||
@ -2309,13 +2310,13 @@ mac_test_check_vnode_relabel(struct ucred *cred, struct vnode *vp,
|
||||
COUNTER_DECL(check_vnode_rename_from);
|
||||
static int
|
||||
mac_test_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp,
|
||||
struct label *dlabel, struct vnode *vp, struct label *label,
|
||||
struct label *dvplabel, struct vnode *vp, struct label *vplabel,
|
||||
struct componentname *cnp)
|
||||
{
|
||||
|
||||
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
||||
LABEL_CHECK(dlabel, MAGIC_VNODE);
|
||||
LABEL_CHECK(label, MAGIC_VNODE);
|
||||
LABEL_CHECK(dvplabel, MAGIC_VNODE);
|
||||
LABEL_CHECK(vplabel, MAGIC_VNODE);
|
||||
COUNTER_INC(check_vnode_rename_from);
|
||||
|
||||
return (0);
|
||||
@ -2324,13 +2325,13 @@ mac_test_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp,
|
||||
COUNTER_DECL(check_vnode_rename_to);
|
||||
static int
|
||||
mac_test_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp,
|
||||
struct label *dlabel, struct vnode *vp, struct label *label, int samedir,
|
||||
struct componentname *cnp)
|
||||
struct label *dvplabel, struct vnode *vp, struct label *vplabel,
|
||||
int samedir, struct componentname *cnp)
|
||||
{
|
||||
|
||||
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
||||
LABEL_CHECK(dlabel, MAGIC_VNODE);
|
||||
LABEL_CHECK(label, MAGIC_VNODE);
|
||||
LABEL_CHECK(dvplabel, MAGIC_VNODE);
|
||||
LABEL_CHECK(vplabel, MAGIC_VNODE);
|
||||
COUNTER_INC(check_vnode_rename_to);
|
||||
|
||||
return (0);
|
||||
@ -2339,11 +2340,11 @@ mac_test_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp,
|
||||
COUNTER_DECL(check_vnode_revoke);
|
||||
static int
|
||||
mac_test_check_vnode_revoke(struct ucred *cred, struct vnode *vp,
|
||||
struct label *label)
|
||||
struct label *vplabel)
|
||||
{
|
||||
|
||||
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
||||
LABEL_CHECK(label, MAGIC_VNODE);
|
||||
LABEL_CHECK(vplabel, MAGIC_VNODE);
|
||||
COUNTER_INC(check_vnode_revoke);
|
||||
|
||||
return (0);
|
||||
@ -2352,11 +2353,11 @@ mac_test_check_vnode_revoke(struct ucred *cred, struct vnode *vp,
|
||||
COUNTER_DECL(check_vnode_setacl);
|
||||
static int
|
||||
mac_test_check_vnode_setacl(struct ucred *cred, struct vnode *vp,
|
||||
struct label *label, acl_type_t type, struct acl *acl)
|
||||
struct label *vplabel, acl_type_t type, struct acl *acl)
|
||||
{
|
||||
|
||||
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
||||
LABEL_CHECK(label, MAGIC_VNODE);
|
||||
LABEL_CHECK(vplabel, MAGIC_VNODE);
|
||||
COUNTER_INC(check_vnode_setacl);
|
||||
|
||||
return (0);
|
||||
@ -2365,11 +2366,12 @@ mac_test_check_vnode_setacl(struct ucred *cred, struct vnode *vp,
|
||||
COUNTER_DECL(check_vnode_setextattr);
|
||||
static int
|
||||
mac_test_check_vnode_setextattr(struct ucred *cred, struct vnode *vp,
|
||||
struct label *label, int attrnamespace, const char *name, struct uio *uio)
|
||||
struct label *vplabel, int attrnamespace, const char *name,
|
||||
struct uio *uio)
|
||||
{
|
||||
|
||||
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
||||
LABEL_CHECK(label, MAGIC_VNODE);
|
||||
LABEL_CHECK(vplabel, MAGIC_VNODE);
|
||||
COUNTER_INC(check_vnode_setextattr);
|
||||
|
||||
return (0);
|
||||
@ -2378,11 +2380,11 @@ mac_test_check_vnode_setextattr(struct ucred *cred, struct vnode *vp,
|
||||
COUNTER_DECL(check_vnode_setflags);
|
||||
static int
|
||||
mac_test_check_vnode_setflags(struct ucred *cred, struct vnode *vp,
|
||||
struct label *label, u_long flags)
|
||||
struct label *vplabel, u_long flags)
|
||||
{
|
||||
|
||||
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
||||
LABEL_CHECK(label, MAGIC_VNODE);
|
||||
LABEL_CHECK(vplabel, MAGIC_VNODE);
|
||||
COUNTER_INC(check_vnode_setflags);
|
||||
|
||||
return (0);
|
||||
@ -2391,11 +2393,11 @@ mac_test_check_vnode_setflags(struct ucred *cred, struct vnode *vp,
|
||||
COUNTER_DECL(check_vnode_setmode);
|
||||
static int
|
||||
mac_test_check_vnode_setmode(struct ucred *cred, struct vnode *vp,
|
||||
struct label *label, mode_t mode)
|
||||
struct label *vplabel, mode_t mode)
|
||||
{
|
||||
|
||||
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
||||
LABEL_CHECK(label, MAGIC_VNODE);
|
||||
LABEL_CHECK(vplabel, MAGIC_VNODE);
|
||||
COUNTER_INC(check_vnode_setmode);
|
||||
|
||||
return (0);
|
||||
@ -2404,11 +2406,11 @@ mac_test_check_vnode_setmode(struct ucred *cred, struct vnode *vp,
|
||||
COUNTER_DECL(check_vnode_setowner);
|
||||
static int
|
||||
mac_test_check_vnode_setowner(struct ucred *cred, struct vnode *vp,
|
||||
struct label *label, uid_t uid, gid_t gid)
|
||||
struct label *vplabel, uid_t uid, gid_t gid)
|
||||
{
|
||||
|
||||
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
||||
LABEL_CHECK(label, MAGIC_VNODE);
|
||||
LABEL_CHECK(vplabel, MAGIC_VNODE);
|
||||
COUNTER_INC(check_vnode_setowner);
|
||||
|
||||
return (0);
|
||||
@ -2417,11 +2419,11 @@ mac_test_check_vnode_setowner(struct ucred *cred, struct vnode *vp,
|
||||
COUNTER_DECL(check_vnode_setutimes);
|
||||
static int
|
||||
mac_test_check_vnode_setutimes(struct ucred *cred, struct vnode *vp,
|
||||
struct label *label, struct timespec atime, struct timespec mtime)
|
||||
struct label *vplabel, struct timespec atime, struct timespec mtime)
|
||||
{
|
||||
|
||||
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
||||
LABEL_CHECK(label, MAGIC_VNODE);
|
||||
LABEL_CHECK(vplabel, MAGIC_VNODE);
|
||||
COUNTER_INC(check_vnode_setutimes);
|
||||
|
||||
return (0);
|
||||
@ -2430,13 +2432,13 @@ mac_test_check_vnode_setutimes(struct ucred *cred, struct vnode *vp,
|
||||
COUNTER_DECL(check_vnode_stat);
|
||||
static int
|
||||
mac_test_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred,
|
||||
struct vnode *vp, struct label *label)
|
||||
struct vnode *vp, struct label *vplabel)
|
||||
{
|
||||
|
||||
LABEL_CHECK(active_cred->cr_label, MAGIC_CRED);
|
||||
if (file_cred != NULL)
|
||||
LABEL_CHECK(file_cred->cr_label, MAGIC_CRED);
|
||||
LABEL_CHECK(label, MAGIC_VNODE);
|
||||
LABEL_CHECK(vplabel, MAGIC_VNODE);
|
||||
COUNTER_INC(check_vnode_stat);
|
||||
|
||||
return (0);
|
||||
@ -2445,13 +2447,13 @@ mac_test_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred,
|
||||
COUNTER_DECL(check_vnode_write);
|
||||
static int
|
||||
mac_test_check_vnode_write(struct ucred *active_cred,
|
||||
struct ucred *file_cred, struct vnode *vp, struct label *label)
|
||||
struct ucred *file_cred, struct vnode *vp, struct label *vplabel)
|
||||
{
|
||||
|
||||
LABEL_CHECK(active_cred->cr_label, MAGIC_CRED);
|
||||
if (file_cred != NULL)
|
||||
LABEL_CHECK(file_cred->cr_label, MAGIC_CRED);
|
||||
LABEL_CHECK(label, MAGIC_VNODE);
|
||||
LABEL_CHECK(vplabel, MAGIC_VNODE);
|
||||
COUNTER_INC(check_vnode_write);
|
||||
|
||||
return (0);
|
||||
|
Loading…
x
Reference in New Issue
Block a user