Further MAC Framework cleanup: normalize some local variable names and
clean up some comments. Obtained from: TrustedBSD Project
This commit is contained in:
rwatson
parent
7205d51f8d
commit
94fbc001c8
@ -218,9 +218,9 @@ int mac_execve_enter(struct image_params *imgp, struct mac *mac_p);
|
||||
void mac_execve_exit(struct image_params *imgp);
|
||||
void mac_vnode_execve_transition(struct ucred *oldcred,
|
||||
struct ucred *newcred, struct vnode *vp,
|
||||
struct label *interpvnodelabel, struct image_params *imgp);
|
||||
struct label *interpvplabel, struct image_params *imgp);
|
||||
int mac_vnode_execve_will_transition(struct ucred *cred,
|
||||
struct vnode *vp, struct label *interpvnodelabel,
|
||||
struct vnode *vp, struct label *interpvplabel,
|
||||
struct image_params *imgp);
|
||||
void mac_proc_create_swapper(struct ucred *cred);
|
||||
void mac_proc_create_init(struct ucred *cred);
|
||||
|
||||
@ -339,12 +339,12 @@ typedef void (*mpo_create_mbuf_from_syncache_t)(struct label *sc_label,
|
||||
*/
|
||||
typedef void (*mpo_vnode_execve_transition_t)(struct ucred *old,
|
||||
struct ucred *new, struct vnode *vp,
|
||||
struct label *vplabel, struct label *interpvnodelabel,
|
||||
struct label *vplabel, struct label *interpvplabel,
|
||||
struct image_params *imgp, struct label *execlabel);
|
||||
typedef int (*mpo_vnode_execve_will_transition_t)(struct ucred *old,
|
||||
struct vnode *vp, struct label *vplabel,
|
||||
struct label *interpvnodelabel,
|
||||
struct image_params *imgp, struct label *execlabel);
|
||||
struct label *interpvplabel, struct image_params *imgp,
|
||||
struct label *execlabel);
|
||||
typedef void (*mpo_proc_create_swapper_t)(struct ucred *cred);
|
||||
typedef void (*mpo_proc_create_init_t)(struct ucred *cred);
|
||||
typedef void (*mpo_cred_relabel_t)(struct ucred *cred,
|
||||
|
||||
@ -321,19 +321,18 @@ mac_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp,
|
||||
|
||||
void
|
||||
mac_vnode_execve_transition(struct ucred *old, struct ucred *new,
|
||||
struct vnode *vp, struct label *interpvnodelabel,
|
||||
struct image_params *imgp)
|
||||
struct vnode *vp, struct label *interpvplabel, struct image_params *imgp)
|
||||
{
|
||||
|
||||
ASSERT_VOP_LOCKED(vp, "mac_vnode_execve_transition");
|
||||
|
||||
MAC_PERFORM(vnode_execve_transition, old, new, vp, vp->v_label,
|
||||
interpvnodelabel, imgp, imgp->execlabel);
|
||||
interpvplabel, imgp, imgp->execlabel);
|
||||
}
|
||||
|
||||
int
|
||||
mac_vnode_execve_will_transition(struct ucred *old, struct vnode *vp,
|
||||
struct label *interpvnodelabel, struct image_params *imgp)
|
||||
struct label *interpvplabel, struct image_params *imgp)
|
||||
{
|
||||
int result;
|
||||
|
||||
@ -341,7 +340,7 @@ mac_vnode_execve_will_transition(struct ucred *old, struct vnode *vp,
|
||||
|
||||
result = 0;
|
||||
MAC_BOOLEAN(vnode_execve_will_transition, ||, old, vp, vp->v_label,
|
||||
interpvnodelabel, imgp, imgp->execlabel);
|
||||
interpvplabel, imgp, imgp->execlabel);
|
||||
|
||||
return (result);
|
||||
}
|
||||
@ -494,8 +493,8 @@ mac_vnode_check_lookup(struct ucred *cred, struct vnode *dvp,
|
||||
}
|
||||
|
||||
int
|
||||
mac_vnode_check_mmap(struct ucred *cred, struct vnode *vp,
|
||||
int prot, int flags)
|
||||
mac_vnode_check_mmap(struct ucred *cred, struct vnode *vp, int prot,
|
||||
int flags)
|
||||
{
|
||||
int error;
|
||||
|
||||
@ -506,7 +505,8 @@ mac_vnode_check_mmap(struct ucred *cred, struct vnode *vp,
|
||||
}
|
||||
|
||||
void
|
||||
mac_vnode_check_mmap_downgrade(struct ucred *cred, struct vnode *vp, int *prot)
|
||||
mac_vnode_check_mmap_downgrade(struct ucred *cred, struct vnode *vp,
|
||||
int *prot)
|
||||
{
|
||||
int result = *prot;
|
||||
|
||||
@ -728,8 +728,8 @@ mac_vnode_check_stat(struct ucred *active_cred, struct ucred *file_cred,
|
||||
}
|
||||
|
||||
int
|
||||
mac_vnode_check_unlink(struct ucred *cred, struct vnode *dvp, struct vnode *vp,
|
||||
struct componentname *cnp)
|
||||
mac_vnode_check_unlink(struct ucred *cred, struct vnode *dvp,
|
||||
struct vnode *vp, struct componentname *cnp)
|
||||
{
|
||||
int error;
|
||||
|
||||
@ -756,7 +756,8 @@ mac_vnode_check_write(struct ucred *active_cred, struct ucred *file_cred,
|
||||
}
|
||||
|
||||
void
|
||||
mac_vnode_relabel(struct ucred *cred, struct vnode *vp, struct label *newlabel)
|
||||
mac_vnode_relabel(struct ucred *cred, struct vnode *vp,
|
||||
struct label *newlabel)
|
||||
{
|
||||
|
||||
MAC_PERFORM(vnode_relabel, cred, vp, vp->v_label, newlabel);
|
||||
@ -806,9 +807,9 @@ mac_devfs_create_directory(struct mount *mp, char *dirname, int dirnamelen,
|
||||
}
|
||||
|
||||
/*
|
||||
* Implementation of VOP_SETLABEL() that relies on extended attributes
|
||||
* to store label data. Can be referenced by filesystems supporting
|
||||
* extended attributes.
|
||||
* Implementation of VOP_SETLABEL() that relies on extended attributes to
|
||||
* store label data. Can be referenced by filesystems supporting extended
|
||||
* attributes.
|
||||
*/
|
||||
int
|
||||
vop_stdsetlabel_ea(struct vop_setlabel_args *ap)
|
||||
@ -862,8 +863,8 @@ vn_setlabel(struct vnode *vp, struct label *intlabel, struct ucred *cred)
|
||||
* VADMIN provides the opportunity for the filesystem to make
|
||||
* decisions about who is and is not able to modify labels and
|
||||
* protections on files. This might not be right. We can't assume
|
||||
* VOP_SETLABEL() will do it, because we might implement that as
|
||||
* part of vop_stdsetlabel_ea().
|
||||
* VOP_SETLABEL() will do it, because we might implement that as part
|
||||
* of vop_stdsetlabel_ea().
|
||||
*/
|
||||
error = VOP_ACCESS(vp, VADMIN, cred, curthread);
|
||||
if (error)
|
||||
|
||||
@ -1483,7 +1483,7 @@ mac_lomac_mbuf_create_from_firewall(struct mbuf *m, struct label *mlabel)
|
||||
*/
|
||||
static void
|
||||
mac_lomac_vnode_execve_transition(struct ucred *old, struct ucred *new,
|
||||
struct vnode *vp, struct label *vplabel, struct label *interpvnodelabel,
|
||||
struct vnode *vp, struct label *vplabel, struct label *interpvplabel,
|
||||
struct image_params *imgp, struct label *execlabel)
|
||||
{
|
||||
struct mac_lomac *source, *dest, *obj, *robj;
|
||||
@ -1491,7 +1491,7 @@ mac_lomac_vnode_execve_transition(struct ucred *old, struct ucred *new,
|
||||
source = SLOT(old->cr_label);
|
||||
dest = SLOT(new->cr_label);
|
||||
obj = SLOT(vplabel);
|
||||
robj = interpvnodelabel != NULL ? SLOT(interpvnodelabel) : obj;
|
||||
robj = interpvplabel != NULL ? SLOT(interpvplabel) : obj;
|
||||
|
||||
mac_lomac_copy(source, dest);
|
||||
/*
|
||||
@ -1519,7 +1519,7 @@ mac_lomac_vnode_execve_transition(struct ucred *old, struct ucred *new,
|
||||
|
||||
static int
|
||||
mac_lomac_vnode_execve_will_transition(struct ucred *old, struct vnode *vp,
|
||||
struct label *vplabel, struct label *interpvnodelabel,
|
||||
struct label *vplabel, struct label *interpvplabel,
|
||||
struct image_params *imgp, struct label *execlabel)
|
||||
{
|
||||
struct mac_lomac *subj, *obj, *robj;
|
||||
@ -1529,7 +1529,7 @@ mac_lomac_vnode_execve_will_transition(struct ucred *old, struct vnode *vp,
|
||||
|
||||
subj = SLOT(old->cr_label);
|
||||
obj = SLOT(vplabel);
|
||||
robj = interpvnodelabel != NULL ? SLOT(interpvnodelabel) : obj;
|
||||
robj = interpvplabel != NULL ? SLOT(interpvplabel) : obj;
|
||||
|
||||
return ((robj->ml_flags & MAC_LOMAC_FLAG_AUX &&
|
||||
!mac_lomac_dominate_element(&robj->ml_auxsingle, &subj->ml_single)
|
||||
|
||||
@ -179,8 +179,8 @@ stub_vnode_associate_extattr(struct mount *mp, struct label *mplabel,
|
||||
}
|
||||
|
||||
static void
|
||||
stub_vnode_associate_singlelabel(struct mount *mp,
|
||||
struct label *mplabel, struct vnode *vp, struct label *vplabel)
|
||||
stub_vnode_associate_singlelabel(struct mount *mp, struct label *mplabel,
|
||||
struct vnode *vp, struct label *vplabel)
|
||||
{
|
||||
|
||||
}
|
||||
@ -411,7 +411,7 @@ stub_create_mbuf_from_syncache(struct label *sc_label, struct mbuf *m,
|
||||
}
|
||||
|
||||
static void
|
||||
stub_create_mbuf_linklayer(struct ifnet *ifnet, struct label *ifnetlabel,
|
||||
stub_create_mbuf_linklayer(struct ifnet *ifp, struct label *iflpabel,
|
||||
struct mbuf *m, struct label *mlabel)
|
||||
{
|
||||
|
||||
@ -498,7 +498,7 @@ stub_inpcb_sosetlabel(struct socket *so, struct label *solabel,
|
||||
*/
|
||||
static void
|
||||
stub_vnode_execve_transition(struct ucred *old, struct ucred *new,
|
||||
struct vnode *vp, struct label *vplabel, struct label *interpvnodelabel,
|
||||
struct vnode *vp, struct label *vplabel, struct label *interpvplabel,
|
||||
struct image_params *imgp, struct label *execlabel)
|
||||
{
|
||||
|
||||
@ -506,7 +506,7 @@ stub_vnode_execve_transition(struct ucred *old, struct ucred *new,
|
||||
|
||||
static int
|
||||
stub_vnode_execve_will_transition(struct ucred *old, struct vnode *vp,
|
||||
struct label *vplabel, struct label *interpvnodelabel,
|
||||
struct label *vplabel, struct label *interpvplabel,
|
||||
struct image_params *imgp, struct label *execlabel)
|
||||
{
|
||||
|
||||
|
||||
@ -874,10 +874,10 @@ mac_test_netinet_fragment(struct mbuf *datagram, struct label *datagramlabel,
|
||||
|
||||
COUNTER_DECL(ifnet_create);
|
||||
static void
|
||||
mac_test_ifnet_create(struct ifnet *ifnet, struct label *ifnetlabel)
|
||||
mac_test_ifnet_create(struct ifnet *ifp, struct label *ifplabel)
|
||||
{
|
||||
|
||||
LABEL_CHECK(ifnetlabel, MAGIC_IFNET);
|
||||
LABEL_CHECK(ifplabel, MAGIC_IFNET);
|
||||
COUNTER_INC(ifnet_create);
|
||||
}
|
||||
|
||||
@ -957,11 +957,11 @@ mac_test_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel,
|
||||
|
||||
COUNTER_DECL(create_mbuf_linklayer);
|
||||
static void
|
||||
mac_test_create_mbuf_linklayer(struct ifnet *ifnet, struct label *ifnetlabel,
|
||||
mac_test_create_mbuf_linklayer(struct ifnet *ifp, struct label *ifplabel,
|
||||
struct mbuf *mbuf, struct label *mbuflabel)
|
||||
{
|
||||
|
||||
LABEL_CHECK(ifnetlabel, MAGIC_IFNET);
|
||||
LABEL_CHECK(ifplabel, MAGIC_IFNET);
|
||||
LABEL_CHECK(mbuflabel, MAGIC_MBUF);
|
||||
COUNTER_INC(create_mbuf_linklayer);
|
||||
}
|
||||
@ -979,11 +979,11 @@ mac_test_bpfdesc_create_mbuf(struct bpf_d *bpf_d, struct label *bpflabel,
|
||||
|
||||
COUNTER_DECL(ifnet_create_mbuf);
|
||||
static void
|
||||
mac_test_ifnet_create_mbuf(struct ifnet *ifnet, struct label *ifnetlabel,
|
||||
mac_test_ifnet_create_mbuf(struct ifnet *ifp, struct label *ifplabel,
|
||||
struct mbuf *m, struct label *mbuflabel)
|
||||
{
|
||||
|
||||
LABEL_CHECK(ifnetlabel, MAGIC_IFNET);
|
||||
LABEL_CHECK(ifplabel, MAGIC_IFNET);
|
||||
LABEL_CHECK(mbuflabel, MAGIC_MBUF);
|
||||
COUNTER_INC(ifnet_create_mbuf);
|
||||
}
|
||||
@ -991,12 +991,12 @@ mac_test_ifnet_create_mbuf(struct ifnet *ifnet, struct label *ifnetlabel,
|
||||
COUNTER_DECL(mbuf_create_multicast_encap);
|
||||
static void
|
||||
mac_test_mbuf_create_multicast_encap(struct mbuf *oldmbuf,
|
||||
struct label *oldmbuflabel, struct ifnet *ifnet, struct label *ifnetlabel,
|
||||
struct label *oldmbuflabel, struct ifnet *ifp, struct label *ifplabel,
|
||||
struct mbuf *newmbuf, struct label *newmbuflabel)
|
||||
{
|
||||
|
||||
LABEL_CHECK(oldmbuflabel, MAGIC_MBUF);
|
||||
LABEL_CHECK(ifnetlabel, MAGIC_IFNET);
|
||||
LABEL_CHECK(ifplabel, MAGIC_IFNET);
|
||||
LABEL_CHECK(newmbuflabel, MAGIC_MBUF);
|
||||
COUNTER_INC(mbuf_create_multicast_encap);
|
||||
}
|
||||
@ -1046,12 +1046,12 @@ mac_test_netinet_tcp_reply(struct mbuf *m, struct label *mlabel)
|
||||
|
||||
COUNTER_DECL(ifnet_relabel);
|
||||
static void
|
||||
mac_test_ifnet_relabel(struct ucred *cred, struct ifnet *ifnet,
|
||||
struct label *ifnetlabel, struct label *newlabel)
|
||||
mac_test_ifnet_relabel(struct ucred *cred, struct ifnet *ifp,
|
||||
struct label *ifplabel, struct label *newlabel)
|
||||
{
|
||||
|
||||
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
||||
LABEL_CHECK(ifnetlabel, MAGIC_IFNET);
|
||||
LABEL_CHECK(ifplabel, MAGIC_IFNET);
|
||||
LABEL_CHECK(newlabel, MAGIC_IFNET);
|
||||
COUNTER_INC(ifnet_relabel);
|
||||
}
|
||||
@ -1194,11 +1194,11 @@ mac_test_sysvshm_cleanup(struct label *shmlabel)
|
||||
COUNTER_DECL(bpfdesc_check_receive);
|
||||
static int
|
||||
mac_test_bpfdesc_check_receive(struct bpf_d *bpf_d, struct label *bpflabel,
|
||||
struct ifnet *ifnet, struct label *ifnetlabel)
|
||||
struct ifnet *ifp, struct label *ifplabel)
|
||||
{
|
||||
|
||||
LABEL_CHECK(bpflabel, MAGIC_BPF);
|
||||
LABEL_CHECK(ifnetlabel, MAGIC_IFNET);
|
||||
LABEL_CHECK(ifplabel, MAGIC_IFNET);
|
||||
COUNTER_INC(bpfdesc_check_receive);
|
||||
|
||||
return (0);
|
||||
@ -1230,12 +1230,12 @@ mac_test_cred_check_visible(struct ucred *u1, struct ucred *u2)
|
||||
|
||||
COUNTER_DECL(ifnet_check_relabel);
|
||||
static int
|
||||
mac_test_ifnet_check_relabel(struct ucred *cred, struct ifnet *ifnet,
|
||||
struct label *ifnetlabel, struct label *newlabel)
|
||||
mac_test_ifnet_check_relabel(struct ucred *cred, struct ifnet *ifp,
|
||||
struct label *ifplabel, struct label *newlabel)
|
||||
{
|
||||
|
||||
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
|
||||
LABEL_CHECK(ifnetlabel, MAGIC_IFNET);
|
||||
LABEL_CHECK(ifplabel, MAGIC_IFNET);
|
||||
LABEL_CHECK(newlabel, MAGIC_IFNET);
|
||||
COUNTER_INC(ifnet_check_relabel);
|
||||
|
||||
@ -1244,11 +1244,11 @@ mac_test_ifnet_check_relabel(struct ucred *cred, struct ifnet *ifnet,
|
||||
|
||||
COUNTER_DECL(ifnet_check_transmit);
|
||||
static int
|
||||
mac_test_ifnet_check_transmit(struct ifnet *ifnet, struct label *ifnetlabel,
|
||||
mac_test_ifnet_check_transmit(struct ifnet *ifp, struct label *ifplabel,
|
||||
struct mbuf *m, struct label *mbuflabel)
|
||||
{
|
||||
|
||||
LABEL_CHECK(ifnetlabel, MAGIC_IFNET);
|
||||
LABEL_CHECK(ifplabel, MAGIC_IFNET);
|
||||
LABEL_CHECK(mbuflabel, MAGIC_MBUF);
|
||||
COUNTER_INC(ifnet_check_transmit);
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user