src - FreeBSD source tree

diff options


context:
space:
mode:

author	Robert Watson <rwatson@FreeBSD.org>	2007-10-25 11:31:11 +0000
committer	Robert Watson <rwatson@FreeBSD.org>	2007-10-25 11:31:11 +0000
commit	3f1a7a9086a59e93615bb9e5f6163372cee4d669 (patch)
tree	61b4f64bfe3a4b94291e8d7bf90db127671545c7 /sys/security/mac_partition
parent	ededffc06bbdd4352d3e959e7b99d59ba2410c9c (diff)

Consistently name functions for mac_<policy> as <policy>_whatever rather

than mac_<policy>_whatever, as this shortens the names and makes the code a bit easier to read. When dealing with label structures, name variables 'mb', 'ml', 'mm rather than the longer 'mac_biba', 'mac_lomac', and 'mac_mls', likewise making the code a little easier to read. Obtained from: TrustedBSD Project

Notes

Notes: svn path=/head/; revision=172955

Diffstat (limited to 'sys/security/mac_partition')

-rw-r--r--

sys/security/mac_partition/mac_partition.c

1 files changed, 36 insertions, 35 deletions

diff --git a/sys/security/mac_partition/mac_partition.c b/sys/security/mac_partition/mac_partition.c
index 986406a794c9..a3bfbe419ad0 100644
--- a/sys/security/mac_partition/mac_partition.c
+++ b/sys/security/mac_partition/mac_partition.c

@@ -40,6 +40,7 @@

* Developed by the TrustedBSD Project.

+ *

* Experiment with a partition-like model.

@@ -69,28 +70,28 @@ static int partition_slot;

#define SLOT_SET(l, v) mac_label_set((l), partition_slot, (v))

static void

-mac_partition_init_label(struct label *label)

+partition_init_label(struct label *label)

{

SLOT_SET(label, 0);

}

static void

-mac_partition_destroy_label(struct label *label)

+partition_destroy_label(struct label *label)

{

SLOT_SET(label, 0);

}

static void

-mac_partition_copy_label(struct label *src, struct label *dest)

+partition_copy_label(struct label *src, struct label *dest)

{

SLOT_SET(dest, SLOT(src));

}

static int

-mac_partition_externalize_label(struct label *label, char *element_name,

+partition_externalize_label(struct label *label, char *element_name,

struct sbuf *sb, int *claimed)

{

@@ -106,7 +107,7 @@ mac_partition_externalize_label(struct label *label, char *element_name,

}

static int

-mac_partition_internalize_label(struct label *label, char *element_name,

+partition_internalize_label(struct label *label, char *element_name,

char *element_data, int *claimed)

{

@@ -119,21 +120,21 @@ mac_partition_internalize_label(struct label *label, char *element_name,

}

static void

-mac_partition_proc_create_swapper(struct ucred *cred)

+partition_proc_create_swapper(struct ucred *cred)

{

SLOT_SET(cred->cr_label, 0);

}

static void

-mac_partition_proc_create_init(struct ucred *cred)

+partition_proc_create_init(struct ucred *cred)

{

SLOT_SET(cred->cr_label, 0);

}

static void

-mac_partition_cred_relabel(struct ucred *cred, struct label *newlabel)

+partition_cred_relabel(struct ucred *cred, struct label *newlabel)

{

if (SLOT(newlabel) != 0)

@@ -157,7 +158,7 @@ label_on_label(struct label *subject, struct label *object)

}

static int

-mac_partition_cred_check_relabel(struct ucred *cred, struct label *newlabel)

+partition_cred_check_relabel(struct ucred *cred, struct label *newlabel)

{

int error;

@@ -167,9 +168,9 @@ mac_partition_cred_check_relabel(struct ucred *cred, struct label *newlabel)

if (SLOT(newlabel) != 0) {

* Require BSD privilege in order to change the partition.

- * Originally we also required that the process not be

- * in a partition in the first place, but this didn't

- * interact well with sendmail.

+ * Originally we also required that the process not be in a

+ * partition in the first place, but this didn't interact

+ * well with sendmail.

error = priv_check_cred(cred, PRIV_MAC_PARTITION, 0);

}

@@ -178,7 +179,7 @@ mac_partition_cred_check_relabel(struct ucred *cred, struct label *newlabel)

}

static int

-mac_partition_cred_check_visible(struct ucred *cr1, struct ucred *cr2)

+partition_cred_check_visible(struct ucred *cr1, struct ucred *cr2)

{

int error;

@@ -188,7 +189,7 @@ mac_partition_cred_check_visible(struct ucred *cr1, struct ucred *cr2)

}

static int

-mac_partition_proc_check_debug(struct ucred *cred, struct proc *p)

+partition_proc_check_debug(struct ucred *cred, struct proc *p)

{

int error;

@@ -198,7 +199,7 @@ mac_partition_proc_check_debug(struct ucred *cred, struct proc *p)

}

static int

-mac_partition_proc_check_sched(struct ucred *cred, struct proc *p)

+partition_proc_check_sched(struct ucred *cred, struct proc *p)

{

int error;

@@ -208,7 +209,7 @@ mac_partition_proc_check_sched(struct ucred *cred, struct proc *p)

}

static int

-mac_partition_proc_check_signal(struct ucred *cred, struct proc *p,

+partition_proc_check_signal(struct ucred *cred, struct proc *p,

int signum)

{

int error;

@@ -219,7 +220,7 @@ mac_partition_proc_check_signal(struct ucred *cred, struct proc *p,

}

static int

-mac_partition_socket_check_visible(struct ucred *cred, struct socket *so,

+partition_socket_check_visible(struct ucred *cred, struct socket *so,

struct label *solabel)

{

int error;

@@ -230,7 +231,7 @@ mac_partition_socket_check_visible(struct ucred *cred, struct socket *so,

}

static int

-mac_partition_vnode_check_exec(struct ucred *cred, struct vnode *vp,

+partition_vnode_check_exec(struct ucred *cred, struct vnode *vp,

struct label *vplabel, struct image_params *imgp,

struct label *execlabel)

{

@@ -248,24 +249,24 @@ mac_partition_vnode_check_exec(struct ucred *cred, struct vnode *vp,

return (0);

}

-static struct mac_policy_ops mac_partition_ops =

+static struct mac_policy_ops partition_ops =

{

- .mpo_cred_init_label = mac_partition_init_label,

- .mpo_cred_destroy_label = mac_partition_destroy_label,

- .mpo_cred_copy_label = mac_partition_copy_label,

- .mpo_cred_externalize_label = mac_partition_externalize_label,

- .mpo_cred_internalize_label = mac_partition_internalize_label,

- .mpo_proc_create_swapper = mac_partition_proc_create_swapper,

- .mpo_proc_create_init = mac_partition_proc_create_init,

- .mpo_cred_relabel = mac_partition_cred_relabel,

- .mpo_cred_check_relabel = mac_partition_cred_check_relabel,

- .mpo_cred_check_visible = mac_partition_cred_check_visible,

- .mpo_proc_check_debug = mac_partition_proc_check_debug,

- .mpo_proc_check_sched = mac_partition_proc_check_sched,

- .mpo_proc_check_signal = mac_partition_proc_check_signal,

- .mpo_socket_check_visible = mac_partition_socket_check_visible,

- .mpo_vnode_check_exec = mac_partition_vnode_check_exec,

+ .mpo_cred_init_label = partition_init_label,

+ .mpo_cred_destroy_label = partition_destroy_label,

+ .mpo_cred_copy_label = partition_copy_label,

+ .mpo_cred_externalize_label = partition_externalize_label,

+ .mpo_cred_internalize_label = partition_internalize_label,

+ .mpo_proc_create_swapper = partition_proc_create_swapper,

+ .mpo_proc_create_init = partition_proc_create_init,

+ .mpo_cred_relabel = partition_cred_relabel,

+ .mpo_cred_check_relabel = partition_cred_check_relabel,

+ .mpo_cred_check_visible = partition_cred_check_visible,

+ .mpo_proc_check_debug = partition_proc_check_debug,

+ .mpo_proc_check_sched = partition_proc_check_sched,

+ .mpo_proc_check_signal = partition_proc_check_signal,

+ .mpo_socket_check_visible = partition_socket_check_visible,

+ .mpo_vnode_check_exec = partition_vnode_check_exec,

};

-MAC_POLICY_SET(&mac_partition_ops, mac_partition, "TrustedBSD MAC/Partition",

+MAC_POLICY_SET(&partition_ops, mac_partition, "TrustedBSD MAC/Partition",

MPC_LOADTIME_FLAG_UNLOADOK, &partition_slot);