aboutsummaryrefslogtreecommitdiff
path: root/sys/security/mac
diff options
context:
space:
mode:
Diffstat (limited to 'sys/security/mac')
-rw-r--r--sys/security/mac/mac_audit.c30
-rw-r--r--sys/security/mac/mac_framework.h385
-rw-r--r--sys/security/mac/mac_inet.c69
-rw-r--r--sys/security/mac/mac_internal.h34
-rw-r--r--sys/security/mac/mac_net.c100
-rw-r--r--sys/security/mac/mac_pipe.c56
-rw-r--r--sys/security/mac/mac_policy.h844
-rw-r--r--sys/security/mac/mac_posix_sem.c49
-rw-r--r--sys/security/mac/mac_process.c104
-rw-r--r--sys/security/mac/mac_socket.c124
-rw-r--r--sys/security/mac/mac_syscalls.c40
-rw-r--r--sys/security/mac/mac_system.c56
-rw-r--r--sys/security/mac/mac_sysv_msg.c66
-rw-r--r--sys/security/mac/mac_sysv_sem.c33
-rw-r--r--sys/security/mac/mac_sysv_shm.c36
-rw-r--r--sys/security/mac/mac_vfs.c317
16 files changed, 1193 insertions, 1150 deletions
diff --git a/sys/security/mac/mac_audit.c b/sys/security/mac/mac_audit.c
index 69731c7f7c81..d8cd8e604157 100644
--- a/sys/security/mac/mac_audit.c
+++ b/sys/security/mac/mac_audit.c
@@ -2,6 +2,7 @@
* Copyright (c) 1999-2002 Robert N. M. Watson
* Copyright (c) 2001 Ilmar S. Habibulin
* Copyright (c) 2001-2004 Networks Associates Technology, Inc.
+ * Copyright (c) 2006 SPARTA, Inc.
*
* This software was developed by Robert Watson and Ilmar Habibulin for the
* TrustedBSD Project.
@@ -11,6 +12,9 @@
* Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"),
* as part of the DARPA CHATS research program.
*
+ * This software was enhanced by SPARTA ISSO under SPAWAR contract
+ * N66001-04-C-6019 ("SEFOS").
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -46,66 +50,66 @@
#include <security/mac/mac_policy.h>
int
-mac_check_proc_setaudit(struct ucred *cred, struct auditinfo *ai)
+mac_proc_check_setaudit(struct ucred *cred, struct auditinfo *ai)
{
int error;
- MAC_CHECK(check_proc_setaudit, cred, ai);
+ MAC_CHECK(proc_check_setaudit, cred, ai);
return (error);
}
int
-mac_check_proc_setaudit_addr(struct ucred *cred, struct auditinfo_addr *aia)
+mac_proc_check_setaudit_addr(struct ucred *cred, struct auditinfo_addr *aia)
{
int error;
- MAC_CHECK(check_proc_setaudit_addr, cred, aia);
+ MAC_CHECK(proc_check_setaudit_addr, cred, aia);
return (error);
}
int
-mac_check_proc_setauid(struct ucred *cred, uid_t auid)
+mac_proc_check_setauid(struct ucred *cred, uid_t auid)
{
int error;
- MAC_CHECK(check_proc_setauid, cred, auid);
+ MAC_CHECK(proc_check_setauid, cred, auid);
return (error);
}
int
-mac_check_system_audit(struct ucred *cred, void *record, int length)
+mac_system_check_audit(struct ucred *cred, void *record, int length)
{
int error;
- MAC_CHECK(check_system_audit, cred, record, length);
+ MAC_CHECK(system_check_audit, cred, record, length);
return (error);
}
int
-mac_check_system_auditctl(struct ucred *cred, struct vnode *vp)
+mac_system_check_auditctl(struct ucred *cred, struct vnode *vp)
{
int error;
struct label *vl;
- ASSERT_VOP_LOCKED(vp, "mac_check_system_auditctl");
+ ASSERT_VOP_LOCKED(vp, "mac_system_check_auditctl");
vl = (vp != NULL) ? vp->v_label : NULL;
- MAC_CHECK(check_system_auditctl, cred, vp, vl);
+ MAC_CHECK(system_check_auditctl, cred, vp, vl);
return (error);
}
int
-mac_check_system_auditon(struct ucred *cred, int cmd)
+mac_system_check_auditon(struct ucred *cred, int cmd)
{
int error;
- MAC_CHECK(check_system_auditon, cred, cmd);
+ MAC_CHECK(system_check_auditon, cred, cmd);
return (error);
}
diff --git a/sys/security/mac/mac_framework.h b/sys/security/mac/mac_framework.h
index d9ede98351b3..a00b90f00413 100644
--- a/sys/security/mac/mac_framework.h
+++ b/sys/security/mac/mac_framework.h
@@ -90,44 +90,44 @@ struct vop_setlabel_args;
/*
* Kernel functions to manage and evaluate labels.
*/
-void mac_init_bpfdesc(struct bpf_d *);
-void mac_init_cred(struct ucred *);
-void mac_init_devfs(struct devfs_dirent *);
-void mac_init_ifnet(struct ifnet *);
-int mac_init_inpcb(struct inpcb *, int);
-void mac_init_sysv_msgmsg(struct msg *);
-void mac_init_sysv_msgqueue(struct msqid_kernel *);
-void mac_init_sysv_sem(struct semid_kernel *);
-void mac_init_sysv_shm(struct shmid_kernel *);
-int mac_init_ipq(struct ipq *, int);
-int mac_init_socket(struct socket *, int);
-void mac_init_pipe(struct pipepair *);
-void mac_init_posix_sem(struct ksem *);
-int mac_init_mbuf(struct mbuf *, int);
-int mac_init_mbuf_tag(struct m_tag *, int);
-void mac_init_mount(struct mount *);
-void mac_init_proc(struct proc *);
-void mac_init_vnode(struct vnode *);
-void mac_copy_mbuf(struct mbuf *, struct mbuf *);
-void mac_copy_mbuf_tag(struct m_tag *, struct m_tag *);
-void mac_copy_vnode_label(struct label *, struct label *);
-void mac_destroy_bpfdesc(struct bpf_d *);
-void mac_destroy_cred(struct ucred *);
-void mac_destroy_devfs(struct devfs_dirent *);
-void mac_destroy_ifnet(struct ifnet *);
-void mac_destroy_inpcb(struct inpcb *);
-void mac_destroy_sysv_msgmsg(struct msg *);
-void mac_destroy_sysv_msgqueue(struct msqid_kernel *);
-void mac_destroy_sysv_sem(struct semid_kernel *);
-void mac_destroy_sysv_shm(struct shmid_kernel *);
-void mac_destroy_ipq(struct ipq *);
-void mac_destroy_socket(struct socket *);
-void mac_destroy_pipe(struct pipepair *);
-void mac_destroy_posix_sem(struct ksem *);
-void mac_destroy_proc(struct proc *);
-void mac_destroy_mbuf_tag(struct m_tag *);
-void mac_destroy_mount(struct mount *);
-void mac_destroy_vnode(struct vnode *);
+void mac_bpfdesc_init(struct bpf_d *);
+void mac_cred_init(struct ucred *);
+void mac_devfs_init(struct devfs_dirent *);
+void mac_ifnet_init(struct ifnet *);
+int mac_inpcb_init(struct inpcb *, int);
+void mac_sysvmsg_init(struct msg *);
+void mac_sysvmsq_init(struct msqid_kernel *);
+void mac_sysvsem_init(struct semid_kernel *);
+void mac_sysvshm_init(struct shmid_kernel *);
+int mac_ipq_init(struct ipq *, int);
+int mac_socket_init(struct socket *, int);
+void mac_pipe_init(struct pipepair *);
+void mac_posixsem_init(struct ksem *);
+int mac_mbuf_init(struct mbuf *, int);
+int mac_mbuf_tag_init(struct m_tag *, int);
+void mac_mount_init(struct mount *);
+void mac_proc_init(struct proc *);
+void mac_vnode_init(struct vnode *);
+void mac_mbuf_copy(struct mbuf *, struct mbuf *);
+void mac_mbuf_tag_copy(struct m_tag *, struct m_tag *);
+void mac_vnode_copy_label(struct label *, struct label *);
+void mac_bpfdesc_destroy(struct bpf_d *);
+void mac_cred_destroy(struct ucred *);
+void mac_devfs_destroy(struct devfs_dirent *);
+void mac_ifnet_destroy(struct ifnet *);
+void mac_inpcb_destroy(struct inpcb *);
+void mac_sysvmsg_destroy(struct msg *);
+void mac_sysvmsq_destroy(struct msqid_kernel *);
+void mac_sysvsem_destroy(struct semid_kernel *);
+void mac_sysvshm_destroy(struct shmid_kernel *);
+void mac_ipq_destroy(struct ipq *);
+void mac_socket_destroy(struct socket *);
+void mac_pipe_destroy(struct pipepair *);
+void mac_posixsem_destroy(struct ksem *);
+void mac_proc_destroy(struct proc *);
+void mac_mbuf_tag_destroy(struct m_tag *);
+void mac_mount_destroy(struct mount *);
+void mac_vnode_destroy(struct vnode *);
struct label *mac_cred_label_alloc(void);
void mac_cred_label_free(struct label *);
@@ -138,75 +138,73 @@ void mac_vnode_label_free(struct label *);
* Labeling event operations: file system objects, and things that look a lot
* like file system objects.
*/
-void mac_associate_vnode_devfs(struct mount *mp, struct devfs_dirent *de,
+void mac_devfs_vnode_associate(struct mount *mp, struct devfs_dirent *de,
struct vnode *vp);
-int mac_associate_vnode_extattr(struct mount *mp, struct vnode *vp);
-void mac_associate_vnode_singlelabel(struct mount *mp, struct vnode *vp);
-void mac_create_devfs_device(struct ucred *cred, struct mount *mp,
+int mac_vnode_associate_extattr(struct mount *mp, struct vnode *vp);
+void mac_vnode_associate_singlelabel(struct mount *mp, struct vnode *vp);
+void mac_devfs_create_device(struct ucred *cred, struct mount *mp,
struct cdev *dev, struct devfs_dirent *de);
-void mac_create_devfs_directory(struct mount *mp, char *dirname,
+void mac_devfs_create_directory(struct mount *mp, char *dirname,
int dirnamelen, struct devfs_dirent *de);
-void mac_create_devfs_symlink(struct ucred *cred, struct mount *mp,
+void mac_devfs_create_symlink(struct ucred *cred, struct mount *mp,
struct devfs_dirent *dd, struct devfs_dirent *de);
-int mac_create_vnode_extattr(struct ucred *cred, struct mount *mp,
+int mac_vnode_create_extattr(struct ucred *cred, struct mount *mp,
struct vnode *dvp, struct vnode *vp, struct componentname *cnp);
-void mac_create_mount(struct ucred *cred, struct mount *mp);
-void mac_relabel_vnode(struct ucred *cred, struct vnode *vp,
+void mac_mount_create(struct ucred *cred, struct mount *mp);
+void mac_vnode_relabel(struct ucred *cred, struct vnode *vp,
struct label *newlabel);
-void mac_update_devfs(struct mount *mp, struct devfs_dirent *de,
+void mac_devfs_update(struct mount *mp, struct devfs_dirent *de,
struct vnode *vp);
/*
* Labeling event operations: IPC objects.
*/
-void mac_create_mbuf_from_socket(struct socket *so, struct mbuf *m);
-void mac_create_socket(struct ucred *cred, struct socket *so);
-void mac_create_socket_from_socket(struct socket *oldso,
+void mac_socket_create_mbuf(struct socket *so, struct mbuf *m);
+void mac_socket_create(struct ucred *cred, struct socket *so);
+void mac_socket_newconn(struct socket *oldso, struct socket *newso);
+void mac_socketpeer_set_from_mbuf(struct mbuf *m, struct socket *so);
+void mac_socketpeer_set_from_socket(struct socket *oldso,
struct socket *newso);
-void mac_set_socket_peer_from_mbuf(struct mbuf *m, struct socket *so);
-void mac_set_socket_peer_from_socket(struct socket *oldso,
- struct socket *newso);
-void mac_create_pipe(struct ucred *cred, struct pipepair *pp);
+void mac_pipe_create(struct ucred *cred, struct pipepair *pp);
/*
* Labeling event operations: System V IPC primitives
*/
-void mac_create_sysv_msgmsg(struct ucred *cred,
- struct msqid_kernel *msqkptr, struct msg *msgptr);
-void mac_create_sysv_msgqueue(struct ucred *cred,
- struct msqid_kernel *msqkptr);
-void mac_create_sysv_sem(struct ucred *cred,
+void mac_sysvmsg_create(struct ucred *cred, struct msqid_kernel *msqkptr,
+ struct msg *msgptr);
+void mac_sysvmsq_create(struct ucred *cred, struct msqid_kernel *msqkptr);
+void mac_sysvsem_create(struct ucred *cred,
struct semid_kernel *semakptr);
-void mac_create_sysv_shm(struct ucred *cred,
+void mac_sysvshm_create(struct ucred *cred,
struct shmid_kernel *shmsegptr);
/*
* Labeling event operations: POSIX (global/inter-process) semaphores.
*/
-void mac_create_posix_sem(struct ucred *cred, struct ksem *ks);
+void mac_posixsem_create(struct ucred *cred, struct ksem *ks);
/*
* Labeling event operations: network objects.
*/
-void mac_create_bpfdesc(struct ucred *cred, struct bpf_d *d);
-void mac_create_ifnet(struct ifnet *ifp);
-void mac_create_inpcb_from_socket(struct socket *so, struct inpcb *inp);
-void mac_create_ipq(struct mbuf *m, struct ipq *ipq);
-void mac_create_datagram_from_ipq(struct ipq *ipq, struct mbuf *m);
-void mac_create_fragment(struct mbuf *m, struct mbuf *frag);
-void mac_create_mbuf_from_inpcb(struct inpcb *inp, struct mbuf *m);
+void mac_bpfdesc_create(struct ucred *cred, struct bpf_d *d);
+void mac_ifnet_create(struct ifnet *ifp);
+void mac_inpcb_create(struct socket *so, struct inpcb *inp);
+void mac_ipq_create(struct mbuf *m, struct ipq *ipq);
+void mac_ipq_reassemble(struct ipq *ipq, struct mbuf *m);
+void mac_netinet_fragment(struct mbuf *m, struct mbuf *frag);
+void mac_inpcb_create_mbuf(struct inpcb *inp, struct mbuf *m);
void mac_create_mbuf_linklayer(struct ifnet *ifp, struct mbuf *m);
-void mac_create_mbuf_from_bpfdesc(struct bpf_d *d, struct mbuf *m);
-void mac_create_mbuf_from_ifnet(struct ifnet *ifp, struct mbuf *m);
-void mac_create_mbuf_multicast_encap(struct mbuf *m, struct ifnet *ifp,
+void mac_bpfdesc_create_mbuf(struct bpf_d *d, struct mbuf *m);
+void mac_ifnet_create_mbuf(struct ifnet *ifp, struct mbuf *m);
+void mac_mbuf_create_multicast_encap(struct mbuf *m, struct ifnet *ifp,
struct mbuf *mnew);
-void mac_create_mbuf_netlayer(struct mbuf *m, struct mbuf *mnew);
-int mac_fragment_match(struct mbuf *m, struct ipq *ipq);
-void mac_reflect_mbuf_icmp(struct mbuf *m);
-void mac_reflect_mbuf_tcp(struct mbuf *m);
-void mac_update_ipq(struct mbuf *m, struct ipq *ipq);
+void mac_mbuf_create_netlayer(struct mbuf *m, struct mbuf *mnew);
+int mac_ipq_match(struct mbuf *m, struct ipq *ipq);
+void mac_netinet_icmp_reply(struct mbuf *m);
+void mac_netinet_tcp_reply(struct mbuf *m);
+void mac_ipq_update(struct mbuf *m, struct ipq *ipq);
void mac_inpcb_sosetlabel(struct socket *so, struct inpcb *inp);
-void mac_create_mbuf_from_firewall(struct mbuf *m);
+void mac_mbuf_create_from_firewall(struct mbuf *m);
void mac_destroy_syncache(struct label **l);
int mac_init_syncache(struct label **l);
void mac_init_syncache_from_inpcb(struct label *l, struct inpcb *inp);
@@ -215,16 +213,17 @@ void mac_create_mbuf_from_syncache(struct label *l, struct mbuf *m);
/*
* Labeling event operations: processes.
*/
-void mac_copy_cred(struct ucred *cr1, struct ucred *cr2);
+void mac_cred_copy(struct ucred *cr1, struct ucred *cr2);
int mac_execve_enter(struct image_params *imgp, struct mac *mac_p);
void mac_execve_exit(struct image_params *imgp);
-void mac_execve_transition(struct ucred *oldcred, struct ucred *newcred,
+void mac_vnode_execve_transition(struct ucred *oldcred,
+ struct ucred *newcred, struct vnode *vp,
+ struct label *interpvnodelabel, struct image_params *imgp);
+int mac_vnode_execve_will_transition(struct ucred *cred,
struct vnode *vp, struct label *interpvnodelabel,
struct image_params *imgp);
-int mac_execve_will_transition(struct ucred *cred, struct vnode *vp,
- struct label *interpvnodelabel, struct image_params *imgp);
-void mac_create_proc0(struct ucred *cred);
-void mac_create_proc1(struct ucred *cred);
+void mac_proc_create_swapper(struct ucred *cred);
+void mac_proc_create_init(struct ucred *cred);
void mac_thread_userret(struct thread *td);
/*
@@ -238,177 +237,177 @@ void mac_thread_userret(struct thread *td);
* XXXRW: These object methods are inconsistent with the life cycles of other
* objects, and likely should be revised to be more consistent.
*/
-void mac_cleanup_sysv_msgmsg(struct msg *msgptr);
-void mac_cleanup_sysv_msgqueue(struct msqid_kernel *msqkptr);
-void mac_cleanup_sysv_sem(struct semid_kernel *semakptr);
-void mac_cleanup_sysv_shm(struct shmid_kernel *shmsegptr);
+void mac_sysvmsg_cleanup(struct msg *msgptr);
+void mac_sysvmsq_cleanup(struct msqid_kernel *msqkptr);
+void mac_sysvsem_cleanup(struct semid_kernel *semakptr);
+void mac_sysvshm_cleanup(struct shmid_kernel *shmsegptr);
/*
* Access control checks.
*/
-int mac_check_bpfdesc_receive(struct bpf_d *d, struct ifnet *ifp);
-int mac_check_cred_visible(struct ucred *cr1, struct ucred *cr2);
-int mac_check_ifnet_transmit(struct ifnet *ifp, struct mbuf *m);
-int mac_check_inpcb_deliver(struct inpcb *inp, struct mbuf *m);
-int mac_check_sysv_msgmsq(struct ucred *cred, struct msg *msgptr,
+int mac_bpfdesc_check_receive(struct bpf_d *d, struct ifnet *ifp);
+int mac_cred_check_visible(struct ucred *cr1, struct ucred *cr2);
+int mac_ifnet_check_transmit(struct ifnet *ifp, struct mbuf *m);
+int mac_inpcb_check_deliver(struct inpcb *inp, struct mbuf *m);
+int mac_sysvmsq_check_msgmsq(struct ucred *cred, struct msg *msgptr,
struct msqid_kernel *msqkptr);
-int mac_check_sysv_msgrcv(struct ucred *cred, struct msg *msgptr);
-int mac_check_sysv_msgrmid(struct ucred *cred, struct msg *msgptr);
-int mac_check_sysv_msqget(struct ucred *cred,
+int mac_sysvmsq_check_msgrcv(struct ucred *cred, struct msg *msgptr);
+int mac_sysvmsq_check_msgrmid(struct ucred *cred, struct msg *msgptr);
+int mac_sysvmsq_check_msqget(struct ucred *cred,
struct msqid_kernel *msqkptr);
-int mac_check_sysv_msqsnd(struct ucred *cred,
+int mac_sysvmsq_check_msqsnd(struct ucred *cred,
struct msqid_kernel *msqkptr);
-int mac_check_sysv_msqrcv(struct ucred *cred,
+int mac_sysvmsq_check_msqrcv(struct ucred *cred,
struct msqid_kernel *msqkptr);
-int mac_check_sysv_msqctl(struct ucred *cred,
+int mac_sysvmsq_check_msqctl(struct ucred *cred,
struct msqid_kernel *msqkptr, int cmd);
-int mac_check_sysv_semctl(struct ucred *cred,
+int mac_sysvsem_check_semctl(struct ucred *cred,
struct semid_kernel *semakptr, int cmd);
-int mac_check_sysv_semget(struct ucred *cred,
+int mac_sysvsem_check_semget(struct ucred *cred,
struct semid_kernel *semakptr);
-int mac_check_sysv_semop(struct ucred *cred,struct semid_kernel *semakptr,
- size_t accesstype);
-int mac_check_sysv_shmat(struct ucred *cred,
+int mac_sysvsem_check_semop(struct ucred *cred,
+ struct semid_kernel *semakptr, size_t accesstype);
+int mac_sysvshm_check_shmat(struct ucred *cred,
struct shmid_kernel *shmsegptr, int shmflg);
-int mac_check_sysv_shmctl(struct ucred *cred,
+int mac_sysvshm_check_shmctl(struct ucred *cred,
struct shmid_kernel *shmsegptr, int cmd);
-int mac_check_sysv_shmdt(struct ucred *cred,
+int mac_sysvshm_check_shmdt(struct ucred *cred,
struct shmid_kernel *shmsegptr);
-int mac_check_sysv_shmget(struct ucred *cred,
+int mac_sysvshm_check_shmget(struct ucred *cred,
struct shmid_kernel *shmsegptr, int shmflg);
-int mac_check_kenv_dump(struct ucred *cred);
-int mac_check_kenv_get(struct ucred *cred, char *name);
-int mac_check_kenv_set(struct ucred *cred, char *name, char *value);
-int mac_check_kenv_unset(struct ucred *cred, char *name);
-int mac_check_kld_load(struct ucred *cred, struct vnode *vp);
-int mac_check_kld_stat(struct ucred *cred);
-int mac_check_mount_stat(struct ucred *cred, struct mount *mp);
-int mac_check_pipe_ioctl(struct ucred *cred, struct pipepair *pp,
+int mac_kenv_check_dump(struct ucred *cred);
+int mac_kenv_check_get(struct ucred *cred, char *name);
+int mac_kenv_check_set(struct ucred *cred, char *name, char *value);
+int mac_kenv_check_unset(struct ucred *cred, char *name);
+int mac_kld_check_load(struct ucred *cred, struct vnode *vp);
+int mac_kld_check_stat(struct ucred *cred);
+int mac_mount_check_stat(struct ucred *cred, struct mount *mp);
+int mac_pipe_check_ioctl(struct ucred *cred, struct pipepair *pp,
unsigned long cmd, void *data);
-int mac_check_pipe_poll(struct ucred *cred, struct pipepair *pp);
-int mac_check_pipe_read(struct ucred *cred, struct pipepair *pp);
-int mac_check_pipe_stat(struct ucred *cred, struct pipepair *pp);
-int mac_check_pipe_write(struct ucred *cred, struct pipepair *pp);
-int mac_check_posix_sem_destroy(struct ucred *cred, struct ksem *ks);
-int mac_check_posix_sem_getvalue(struct ucred *cred,struct ksem *ks);
-int mac_check_posix_sem_open(struct ucred *cred, struct ksem *ks);
-int mac_check_posix_sem_post(struct ucred *cred, struct ksem *ks);
-int mac_check_posix_sem_unlink(struct ucred *cred, struct ksem *ks);
-int mac_check_posix_sem_wait(struct ucred *cred, struct ksem *ks);
-int mac_check_proc_debug(struct ucred *cred, struct proc *p);
-int mac_check_proc_sched(struct ucred *cred, struct proc *p);
-int mac_check_proc_setaudit(struct ucred *cred, struct auditinfo *ai);
-int mac_check_proc_setaudit_addr(struct ucred *cred,
+int mac_pipe_check_poll(struct ucred *cred, struct pipepair *pp);
+int mac_pipe_check_read(struct ucred *cred, struct pipepair *pp);
+int mac_pipe_check_stat(struct ucred *cred, struct pipepair *pp);
+int mac_pipe_check_write(struct ucred *cred, struct pipepair *pp);
+int mac_posixsem_check_destroy(struct ucred *cred, struct ksem *ks);
+int mac_posixsem_check_getvalue(struct ucred *cred,struct ksem *ks);
+int mac_posixsem_check_open(struct ucred *cred, struct ksem *ks);
+int mac_posixsem_check_post(struct ucred *cred, struct ksem *ks);
+int mac_posixsem_check_unlink(struct ucred *cred, struct ksem *ks);
+int mac_posixsem_check_wait(struct ucred *cred, struct ksem *ks);
+int mac_proc_check_debug(struct ucred *cred, struct proc *p);
+int mac_proc_check_sched(struct ucred *cred, struct proc *p);
+int mac_proc_check_setaudit(struct ucred *cred, struct auditinfo *ai);
+int mac_proc_check_setaudit_addr(struct ucred *cred,
struct auditinfo_addr *aia);
-int mac_check_proc_setauid(struct ucred *cred, uid_t auid);
-int mac_check_proc_setuid(struct proc *p, struct ucred *cred,
+int mac_proc_check_setauid(struct ucred *cred, uid_t auid);
+int mac_proc_check_setuid(struct proc *p, struct ucred *cred,
uid_t uid);
-int mac_check_proc_seteuid(struct proc *p, struct ucred *cred,
+int mac_proc_check_seteuid(struct proc *p, struct ucred *cred,
uid_t euid);
-int mac_check_proc_setgid(struct proc *p, struct ucred *cred,
+int mac_proc_check_setgid(struct proc *p, struct ucred *cred,
gid_t gid);
-int mac_check_proc_setegid(struct proc *p, struct ucred *cred,
+int mac_proc_check_setegid(struct proc *p, struct ucred *cred,
gid_t egid);
-int mac_check_proc_setgroups(struct proc *p, struct ucred *cred,
+int mac_proc_check_setgroups(struct proc *p, struct ucred *cred,
int ngroups, gid_t *gidset);
-int mac_check_proc_setreuid(struct proc *p, struct ucred *cred,
+int mac_proc_check_setreuid(struct proc *p, struct ucred *cred,
uid_t ruid, uid_t euid);
-int mac_check_proc_setregid(struct proc *p, struct ucred *cred,
+int mac_proc_check_setregid(struct proc *p, struct ucred *cred,
gid_t rgid, gid_t egid);
-int mac_check_proc_setresuid(struct proc *p, struct ucred *cred,
+int mac_proc_check_setresuid(struct proc *p, struct ucred *cred,
uid_t ruid, uid_t euid, uid_t suid);
-int mac_check_proc_setresgid(struct proc *p, struct ucred *cred,
+int mac_proc_check_setresgid(struct proc *p, struct ucred *cred,
gid_t rgid, gid_t egid, gid_t sgid);
-int mac_check_proc_signal(struct ucred *cred, struct proc *p,
+int mac_proc_check_signal(struct ucred *cred, struct proc *p,
int signum);
-int mac_check_proc_wait(struct ucred *cred, struct proc *p);
-int mac_check_socket_accept(struct ucred *cred, struct socket *so);
-int mac_check_socket_bind(struct ucred *cred, struct socket *so,
+int mac_proc_check_wait(struct ucred *cred, struct proc *p);
+int mac_socket_check_accept(struct ucred *cred, struct socket *so);
+int mac_socket_check_bind(struct ucred *cred, struct socket *so,
struct sockaddr *sa);
-int mac_check_socket_connect(struct ucred *cred, struct socket *so,
+int mac_socket_check_connect(struct ucred *cred, struct socket *so,
struct sockaddr *sa);
-int mac_check_socket_create(struct ucred *cred, int domain, int type,
+int mac_socket_check_create(struct ucred *cred, int domain, int type,
int proto);
-int mac_check_socket_deliver(struct socket *so, struct mbuf *m);
-int mac_check_socket_listen(struct ucred *cred, struct socket *so);
-int mac_check_socket_poll(struct ucred *cred, struct socket *so);
-int mac_check_socket_receive(struct ucred *cred, struct socket *so);
-int mac_check_socket_send(struct ucred *cred, struct socket *so);
-int mac_check_socket_stat(struct ucred *cred, struct socket *so);
-int mac_check_socket_visible(struct ucred *cred, struct socket *so);
-int mac_check_system_acct(struct ucred *cred, struct vnode *vp);
-int mac_check_system_audit(struct ucred *cred, void *record, int length);
-int mac_check_system_auditctl(struct ucred *cred, struct vnode *vp);
-int mac_check_system_auditon(struct ucred *cred, int cmd);
-int mac_check_system_reboot(struct ucred *cred, int howto);
-int mac_check_system_swapon(struct ucred *cred, struct vnode *vp);
-int mac_check_system_swapoff(struct ucred *cred, struct vnode *vp);
-int mac_check_system_sysctl(struct ucred *cred, struct sysctl_oid *oidp,
+int mac_socket_check_deliver(struct socket *so, struct mbuf *m);
+int mac_socket_check_listen(struct ucred *cred, struct socket *so);
+int mac_socket_check_poll(struct ucred *cred, struct socket *so);
+int mac_socket_check_receive(struct ucred *cred, struct socket *so);
+int mac_socket_check_send(struct ucred *cred, struct socket *so);
+int mac_socket_check_stat(struct ucred *cred, struct socket *so);
+int mac_socket_check_visible(struct ucred *cred, struct socket *so);
+int mac_system_check_acct(struct ucred *cred, struct vnode *vp);
+int mac_system_check_audit(struct ucred *cred, void *record, int length);
+int mac_system_check_auditctl(struct ucred *cred, struct vnode *vp);
+int mac_system_check_auditon(struct ucred *cred, int cmd);
+int mac_system_check_reboot(struct ucred *cred, int howto);
+int mac_system_check_swapon(struct ucred *cred, struct vnode *vp);
+int mac_system_check_swapoff(struct ucred *cred, struct vnode *vp);
+int mac_system_check_sysctl(struct ucred *cred, struct sysctl_oid *oidp,
void *arg1, int arg2, struct sysctl_req *req);
-int mac_check_vnode_access(struct ucred *cred, struct vnode *vp,
+int mac_vnode_check_access(struct ucred *cred, struct vnode *vp,
int acc_mode);
-int mac_check_vnode_chdir(struct ucred *cred, struct vnode *dvp);
-int mac_check_vnode_chroot(struct ucred *cred, struct vnode *dvp);
-int mac_check_vnode_create(struct ucred *cred, struct vnode *dvp,
+int mac_vnode_check_chdir(struct ucred *cred, struct vnode *dvp);
+int mac_vnode_check_chroot(struct ucred *cred, struct vnode *dvp);
+int mac_vnode_check_create(struct ucred *cred, struct vnode *dvp,
struct componentname *cnp, struct vattr *vap);
-int mac_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp,
+int mac_vnode_check_deleteacl(struct ucred *cred, struct vnode *vp,
acl_type_t type);
-int mac_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp,
+int mac_vnode_check_deleteextattr(struct ucred *cred, struct vnode *vp,
int attrnamespace, const char *name);
-int mac_check_vnode_exec(struct ucred *cred, struct vnode *vp,
+int mac_vnode_check_exec(struct ucred *cred, struct vnode *vp,
struct image_params *imgp);
-int mac_check_vnode_getacl(struct ucred *cred, struct vnode *vp,
+int mac_vnode_check_getacl(struct ucred *cred, struct vnode *vp,
acl_type_t type);
-int mac_check_vnode_getextattr(struct ucred *cred, struct vnode *vp,
+int mac_vnode_check_getextattr(struct ucred *cred, struct vnode *vp,
int attrnamespace, const char *name, struct uio *uio);
-int mac_check_vnode_link(struct ucred *cred, struct vnode *dvp,
+int mac_vnode_check_link(struct ucred *cred, struct vnode *dvp,
struct vnode *vp, struct componentname *cnp);
-int mac_check_vnode_listextattr(struct ucred *cred, struct vnode *vp,
+int mac_vnode_check_listextattr(struct ucred *cred, struct vnode *vp,
int attrnamespace);
-int mac_check_vnode_lookup(struct ucred *cred, struct vnode *dvp,
+int mac_vnode_check_lookup(struct ucred *cred, struct vnode *dvp,
struct componentname *cnp);
-int mac_check_vnode_mmap(struct ucred *cred, struct vnode *vp, int prot,
+int mac_vnode_check_mmap(struct ucred *cred, struct vnode *vp, int prot,
int flags);
-int mac_check_vnode_mprotect(struct ucred *cred, struct vnode *vp,
+int mac_vnode_check_mprotect(struct ucred *cred, struct vnode *vp,
int prot);
-int mac_check_vnode_open(struct ucred *cred, struct vnode *vp,
+int mac_vnode_check_open(struct ucred *cred, struct vnode *vp,
int acc_mode);
-int mac_check_vnode_poll(struct ucred *active_cred,
+int mac_vnode_check_poll(struct ucred *active_cred,
struct ucred *file_cred, struct vnode *vp);
-int mac_check_vnode_read(struct ucred *active_cred,
+int mac_vnode_check_read(struct ucred *active_cred,
struct ucred *file_cred, struct vnode *vp);
-int mac_check_vnode_readdir(struct ucred *cred, struct vnode *vp);
-int mac_check_vnode_readlink(struct ucred *cred, struct vnode *vp);
-int mac_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp,
+int mac_vnode_check_readdir(struct ucred *cred, struct vnode *vp);
+int mac_vnode_check_readlink(struct ucred *cred, struct vnode *vp);
+int mac_vnode_check_rename_from(struct ucred *cred, struct vnode *dvp,
struct vnode *vp, struct componentname *cnp);
-int mac_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp,
+int mac_vnode_check_rename_to(struct ucred *cred, struct vnode *dvp,
struct vnode *vp, int samedir, struct componentname *cnp);
-int mac_check_vnode_revoke(struct ucred *cred, struct vnode *vp);
-int mac_check_vnode_setacl(struct ucred *cred, struct vnode *vp,
+int mac_vnode_check_revoke(struct ucred *cred, struct vnode *vp);
+int mac_vnode_check_setacl(struct ucred *cred, struct vnode *vp,
acl_type_t type, struct acl *acl);
-int mac_check_vnode_setextattr(struct ucred *cred, struct vnode *vp,
+int mac_vnode_check_setextattr(struct ucred *cred, struct vnode *vp,
int attrnamespace, const char *name, struct uio *uio);
-int mac_check_vnode_setflags(struct ucred *cred, struct vnode *vp,
+int mac_vnode_check_setflags(struct ucred *cred, struct vnode *vp,
u_long flags);
-int mac_check_vnode_setmode(struct ucred *cred, struct vnode *vp,
+int mac_vnode_check_setmode(struct ucred *cred, struct vnode *vp,
mode_t mode);
-int mac_check_vnode_setowner(struct ucred *cred, struct vnode *vp,
+int mac_vnode_check_setowner(struct ucred *cred, struct vnode *vp,
uid_t uid, gid_t gid);
-int mac_check_vnode_setutimes(struct ucred *cred, struct vnode *vp,
+int mac_vnode_check_setutimes(struct ucred *cred, struct vnode *vp,
struct timespec atime, struct timespec mtime);
-int mac_check_vnode_stat(struct ucred *active_cred,
+int mac_vnode_check_stat(struct ucred *active_cred,
struct ucred *file_cred, struct vnode *vp);
-int mac_check_vnode_unlink(struct ucred *cred, struct vnode *dvp,
+int mac_vnode_check_unlink(struct ucred *cred, struct vnode *dvp,
struct vnode *vp, struct componentname *cnp);
-int mac_check_vnode_write(struct ucred *active_cred,
+int mac_vnode_check_write(struct ucred *active_cred,
struct ucred *file_cred, struct vnode *vp);
int mac_getsockopt_label(struct ucred *cred, struct socket *so,
struct mac *extmac);
int mac_getsockopt_peerlabel(struct ucred *cred, struct socket *so,
struct mac *extmac);
-int mac_ioctl_ifnet_get(struct ucred *cred, struct ifreq *ifr,
+int mac_ifnet_ioctl_get(struct ucred *cred, struct ifreq *ifr,
struct ifnet *ifp);
-int mac_ioctl_ifnet_set(struct ucred *cred, struct ifreq *ifr,
+int mac_ifnet_ioctl_set(struct ucred *cred, struct ifreq *ifr,
struct ifnet *ifp);
int mac_setsockopt_label(struct ucred *cred, struct socket *so,
struct mac *extmac);
diff --git a/sys/security/mac/mac_inet.c b/sys/security/mac/mac_inet.c
index 7704d730e175..001be116a873 100644
--- a/sys/security/mac/mac_inet.c
+++ b/sys/security/mac/mac_inet.c
@@ -2,6 +2,7 @@
* Copyright (c) 1999-2002 Robert N. M. Watson
* Copyright (c) 2001 Ilmar S. Habibulin
* Copyright (c) 2001-2004 Networks Associates Technology, Inc.
+ * Copyright (c) 2006 SPARTA, Inc.
* All rights reserved.
*
* This software was developed by Robert Watson and Ilmar Habibulin for the
@@ -12,6 +13,9 @@
* Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"),
* as part of the DARPA CHATS research program.
*
+ * This software was enhanced by SPARTA ISSO under SPAWAR contract
+ * N66001-04-C-6019 ("SEFOS").
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -74,9 +78,9 @@ mac_inpcb_label_alloc(int flag)
label = mac_labelzone_alloc(flag);
if (label == NULL)
return (NULL);
- MAC_CHECK(init_inpcb_label, label, flag);
+ MAC_CHECK(inpcb_init_label, label, flag);
if (error) {
- MAC_PERFORM(destroy_inpcb_label, label);
+ MAC_PERFORM(inpcb_destroy_label, label);
mac_labelzone_free(label);
return (NULL);
}
@@ -84,7 +88,7 @@ mac_inpcb_label_alloc(int flag)
}
int
-mac_init_inpcb(struct inpcb *inp, int flag)
+mac_inpcb_init(struct inpcb *inp, int flag)
{
inp->inp_label = mac_inpcb_label_alloc(flag);
@@ -103,9 +107,9 @@ mac_ipq_label_alloc(int flag)
if (label == NULL)
return (NULL);
- MAC_CHECK(init_ipq_label, label, flag);
+ MAC_CHECK(ipq_init_label, label, flag);
if (error) {
- MAC_PERFORM(destroy_ipq_label, label);
+ MAC_PERFORM(ipq_destroy_label, label);
mac_labelzone_free(label);
return (NULL);
}
@@ -113,7 +117,7 @@ mac_ipq_label_alloc(int flag)
}
int
-mac_init_ipq(struct ipq *ipq, int flag)
+mac_ipq_init(struct ipq *ipq, int flag)
{
ipq->ipq_label = mac_ipq_label_alloc(flag);
@@ -126,12 +130,12 @@ static void
mac_inpcb_label_free(struct label *label)
{
- MAC_PERFORM(destroy_inpcb_label, label);
+ MAC_PERFORM(inpcb_destroy_label, label);
mac_labelzone_free(label);
}
void
-mac_destroy_inpcb(struct inpcb *inp)
+mac_inpcb_destroy(struct inpcb *inp)
{
mac_inpcb_label_free(inp->inp_label);
@@ -142,12 +146,12 @@ static void
mac_ipq_label_free(struct label *label)
{
- MAC_PERFORM(destroy_ipq_label, label);
+ MAC_PERFORM(ipq_destroy_label, label);
mac_labelzone_free(label);
}
void
-mac_destroy_ipq(struct ipq *ipq)
+mac_ipq_destroy(struct ipq *ipq)
{
mac_ipq_label_free(ipq->ipq_label);
@@ -155,57 +159,56 @@ mac_destroy_ipq(struct ipq *ipq)
}
void
-mac_create_inpcb_from_socket(struct socket *so, struct inpcb *inp)
+mac_inpcb_create(struct socket *so, struct inpcb *inp)
{
- MAC_PERFORM(create_inpcb_from_socket, so, so->so_label, inp,
- inp->inp_label);
+ MAC_PERFORM(inpcb_create, so, so->so_label, inp, inp->inp_label);
}
void
-mac_create_datagram_from_ipq(struct ipq *ipq, struct mbuf *m)
+mac_ipq_reassemble(struct ipq *ipq, struct mbuf *m)
{
struct label *label;
label = mac_mbuf_to_label(m);
- MAC_PERFORM(create_datagram_from_ipq, ipq, ipq->ipq_label, m, label);
+ MAC_PERFORM(ipq_reassemble, ipq, ipq->ipq_label, m, label);
}
void
-mac_create_fragment(struct mbuf *m, struct mbuf *frag)
+mac_netinet_fragment(struct mbuf *m, struct mbuf *frag)
{
struct label *mlabel, *fraglabel;
mlabel = mac_mbuf_to_label(m);
fraglabel = mac_mbuf_to_label(frag);
- MAC_PERFORM(create_fragment, m, mlabel, frag, fraglabel);
+ MAC_PERFORM(netinet_fragment, m, mlabel, frag, fraglabel);
}
void
-mac_create_ipq(struct mbuf *m, struct ipq *ipq)
+mac_ipq_create(struct mbuf *m, struct ipq *ipq)
{
struct label *label;
label = mac_mbuf_to_label(m);
- MAC_PERFORM(create_ipq, m, label, ipq, ipq->ipq_label);
+ MAC_PERFORM(ipq_create, m, label, ipq, ipq->ipq_label);
}
void
-mac_create_mbuf_from_inpcb(struct inpcb *inp, struct mbuf *m)
+mac_inpcb_create_mbuf(struct inpcb *inp, struct mbuf *m)
{
struct label *mlabel;
INP_LOCK_ASSERT(inp);
mlabel = mac_mbuf_to_label(m);
- MAC_PERFORM(create_mbuf_from_inpcb, inp, inp->inp_label, m, mlabel);
+ MAC_PERFORM(inpcb_create_mbuf, inp, inp->inp_label, m, mlabel);
}
int
-mac_fragment_match(struct mbuf *m, struct ipq *ipq)
+mac_ipq_match(struct mbuf *m, struct ipq *ipq)
{
struct label *label;
int result;
@@ -213,43 +216,43 @@ mac_fragment_match(struct mbuf *m, struct ipq *ipq)
label = mac_mbuf_to_label(m);
result = 1;
- MAC_BOOLEAN(fragment_match, &&, m, label, ipq, ipq->ipq_label);
+ MAC_BOOLEAN(ipq_match, &&, m, label, ipq, ipq->ipq_label);
return (result);
}
void
-mac_reflect_mbuf_icmp(struct mbuf *m)
+mac_netinet_icmp_reply(struct mbuf *m)
{
struct label *label;
label = mac_mbuf_to_label(m);
- MAC_PERFORM(reflect_mbuf_icmp, m, label);
+ MAC_PERFORM(netinet_icmp_reply, m, label);
}
void
-mac_reflect_mbuf_tcp(struct mbuf *m)
+mac_netinet_tcp_reply(struct mbuf *m)
{
struct label *label;
label = mac_mbuf_to_label(m);
- MAC_PERFORM(reflect_mbuf_tcp, m, label);
+ MAC_PERFORM(netinet_tcp_reply, m, label);
}
void
-mac_update_ipq(struct mbuf *m, struct ipq *ipq)
+mac_ipq_update(struct mbuf *m, struct ipq *ipq)
{
struct label *label;
label = mac_mbuf_to_label(m);
- MAC_PERFORM(update_ipq, m, label, ipq, ipq->ipq_label);
+ MAC_PERFORM(ipq_update, m, label, ipq, ipq->ipq_label);
}
int
-mac_check_inpcb_deliver(struct inpcb *inp, struct mbuf *m)
+mac_inpcb_check_deliver(struct inpcb *inp, struct mbuf *m)
{
struct label *label;
int error;
@@ -258,7 +261,7 @@ mac_check_inpcb_deliver(struct inpcb *inp, struct mbuf *m)
label = mac_mbuf_to_label(m);
- MAC_CHECK(check_inpcb_deliver, inp, inp->inp_label, m, label);
+ MAC_CHECK(inpcb_check_deliver, inp, inp->inp_label, m, label);
return (error);
}
@@ -273,13 +276,13 @@ mac_inpcb_sosetlabel(struct socket *so, struct inpcb *inp)
}
void
-mac_create_mbuf_from_firewall(struct mbuf *m)
+mac_mbuf_create_from_firewall(struct mbuf *m)
{
struct label *label;
M_ASSERTPKTHDR(m);
label = mac_mbuf_to_label(m);
- MAC_PERFORM(create_mbuf_from_firewall, m, label);
+ MAC_PERFORM(mbuf_create_from_firewall, m, label);
}
/*
diff --git a/sys/security/mac/mac_internal.h b/sys/security/mac/mac_internal.h
index fcf59aa4ecb7..2cdc006e6abe 100644
--- a/sys/security/mac/mac_internal.h
+++ b/sys/security/mac/mac_internal.h
@@ -3,6 +3,7 @@
* Copyright (c) 2001 Ilmar S. Habibulin
* Copyright (c) 2001-2004 Networks Associates Technology, Inc.
* Copyright (c) 2006 nCircle Network Security, Inc.
+ * Copyright (c) 2006 SPARTA, Inc.
* All rights reserved.
*
* This software was developed by Robert Watson and Ilmar Habibulin for the
@@ -16,6 +17,9 @@
* This software was developed by Robert N. M. Watson for the TrustedBSD
* Project under contract to nCircle Network Security, Inc.
*
+ * This software was enhanced by SPARTA ISSO under SPAWAR contract
+ * N66001-04-C-6019 ("SEFOS").
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -118,30 +122,30 @@ void mac_pipe_label_free(struct label *label);
struct label *mac_socket_label_alloc(int flag);
void mac_socket_label_free(struct label *label);
-int mac_check_cred_relabel(struct ucred *cred, struct label *newlabel);
-int mac_externalize_cred_label(struct label *label, char *elements,
+int mac_cred_check_relabel(struct ucred *cred, struct label *newlabel);
+int mac_cred_externalize_label(struct label *label, char *elements,
char *outbuf, size_t outbuflen);
-int mac_internalize_cred_label(struct label *label, char *string);
-void mac_relabel_cred(struct ucred *cred, struct label *newlabel);
+int mac_cred_internalize_label(struct label *label, char *string);
+void mac_cred_relabel(struct ucred *cred, struct label *newlabel);
struct label *mac_mbuf_to_label(struct mbuf *m);
-void mac_copy_pipe_label(struct label *src, struct label *dest);
-int mac_externalize_pipe_label(struct label *label, char *elements,
+void mac_pipe_copy_label(struct label *src, struct label *dest);
+int mac_pipe_externalize_label(struct label *label, char *elements,
char *outbuf, size_t outbuflen);
-int mac_internalize_pipe_label(struct label *label, char *string);
+int mac_pipe_internalize_label(struct label *label, char *string);
int mac_socket_label_set(struct ucred *cred, struct socket *so,
struct label *label);
-void mac_copy_socket_label(struct label *src, struct label *dest);
-int mac_externalize_socket_label(struct label *label, char *elements,
+void mac_socket_copy_label(struct label *src, struct label *dest);
+int mac_socket_externalize_label(struct label *label, char *elements,
char *outbuf, size_t outbuflen);
-int mac_internalize_socket_label(struct label *label, char *string);
+int mac_socket_internalize_label(struct label *label, char *string);
-int mac_externalize_vnode_label(struct label *label, char *elements,
+int mac_vnode_externalize_label(struct label *label, char *elements,
char *outbuf, size_t outbuflen);
-int mac_internalize_vnode_label(struct label *label, char *string);
-void mac_check_vnode_mmap_downgrade(struct ucred *cred, struct vnode *vp,
+int mac_vnode_internalize_label(struct label *label, char *string);
+void mac_vnode_check_mmap_downgrade(struct ucred *cred, struct vnode *vp,
int *prot);
int vn_setlabel(struct vnode *vp, struct label *intlabel,
struct ucred *cred);
@@ -263,7 +267,7 @@ int vn_setlabel(struct vnode *vp, struct label *intlabel,
break; \
} \
claimed = 0; \
- MAC_CHECK(externalize_ ## type ## _label, label, \
+ MAC_CHECK(type ## _externalize_label, label, \
element_name, &sb, &claimed); \
if (error) \
break; \
@@ -299,7 +303,7 @@ int vn_setlabel(struct vnode *vp, struct label *intlabel,
break; \
} \
claimed = 0; \
- MAC_CHECK(internalize_ ## type ## _label, label, \
+ MAC_CHECK(type ## _internalize_label, label, \
element_name, element_data, &claimed); \
if (error) \
break; \
diff --git a/sys/security/mac/mac_net.c b/sys/security/mac/mac_net.c
index 05a0073c20a3..406e1f829b7a 100644
--- a/sys/security/mac/mac_net.c
+++ b/sys/security/mac/mac_net.c
@@ -2,11 +2,15 @@
* Copyright (c) 1999-2002 Robert N. M. Watson
* Copyright (c) 2001 Ilmar S. Habibulin
* Copyright (c) 2001-2004 Networks Associates Technology, Inc.
+ * Copyright (c) 2006 SPARTA, Inc.
* All rights reserved.
*
* This software was developed by Robert Watson and Ilmar Habibulin for the
* TrustedBSD Project.
*
+ * This software was enhanced by SPARTA ISSO under SPAWAR contract
+ * N66001-04-C-6019 ("SEFOS").
+ *
* This software was developed for the FreeBSD Project in part by Network
* Associates Laboratories, the Security Research Division of Network
* Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"),
@@ -102,12 +106,12 @@ mac_bpfdesc_label_alloc(void)
struct label *label;
label = mac_labelzone_alloc(M_WAITOK);
- MAC_PERFORM(init_bpfdesc_label, label);
+ MAC_PERFORM(bpfdesc_init_label, label);
return (label);
}
void
-mac_init_bpfdesc(struct bpf_d *d)
+mac_bpfdesc_init(struct bpf_d *d)
{
d->bd_label = mac_bpfdesc_label_alloc();
@@ -119,19 +123,19 @@ mac_ifnet_label_alloc(void)
struct label *label;
label = mac_labelzone_alloc(M_WAITOK);
- MAC_PERFORM(init_ifnet_label, label);
+ MAC_PERFORM(ifnet_init_label, label);
return (label);
}
void
-mac_init_ifnet(struct ifnet *ifp)
+mac_ifnet_init(struct ifnet *ifp)
{
ifp->if_label = mac_ifnet_label_alloc();
}
int
-mac_init_mbuf_tag(struct m_tag *tag, int flag)
+mac_mbuf_tag_init(struct m_tag *tag, int flag)
{
struct label *label;
int error;
@@ -139,16 +143,16 @@ mac_init_mbuf_tag(struct m_tag *tag, int flag)
label = (struct label *) (tag + 1);
mac_init_label(label);
- MAC_CHECK(init_mbuf_label, label, flag);
+ MAC_CHECK(mbuf_init_label, label, flag);
if (error) {
- MAC_PERFORM(destroy_mbuf_label, label);
+ MAC_PERFORM(mbuf_destroy_label, label);
mac_destroy_label(label);
}
return (error);
}
int
-mac_init_mbuf(struct mbuf *m, int flag)
+mac_mbuf_init(struct mbuf *m, int flag)
{
struct m_tag *tag;
int error;
@@ -167,7 +171,7 @@ mac_init_mbuf(struct mbuf *m, int flag)
flag);
if (tag == NULL)
return (ENOMEM);
- error = mac_init_mbuf_tag(tag, flag);
+ error = mac_mbuf_tag_init(tag, flag);
if (error) {
m_tag_free(tag);
return (error);
@@ -180,12 +184,12 @@ static void
mac_bpfdesc_label_free(struct label *label)
{
- MAC_PERFORM(destroy_bpfdesc_label, label);
+ MAC_PERFORM(bpfdesc_destroy_label, label);
mac_labelzone_free(label);
}
void
-mac_destroy_bpfdesc(struct bpf_d *d)
+mac_bpfdesc_destroy(struct bpf_d *d)
{
mac_bpfdesc_label_free(d->bd_label);
@@ -196,12 +200,12 @@ static void
mac_ifnet_label_free(struct label *label)
{
- MAC_PERFORM(destroy_ifnet_label, label);
+ MAC_PERFORM(ifnet_destroy_label, label);
mac_labelzone_free(label);
}
void
-mac_destroy_ifnet(struct ifnet *ifp)
+mac_ifnet_destroy(struct ifnet *ifp)
{
mac_ifnet_label_free(ifp->if_label);
@@ -209,22 +213,22 @@ mac_destroy_ifnet(struct ifnet *ifp)
}
void
-mac_destroy_mbuf_tag(struct m_tag *tag)
+mac_mbuf_tag_destroy(struct m_tag *tag)
{
struct label *label;
label = (struct label *)(tag+1);
- MAC_PERFORM(destroy_mbuf_label, label);
+ MAC_PERFORM(mbuf_destroy_label, label);
mac_destroy_label(label);
}
/*
- * mac_copy_mbuf_tag is called when an mbuf header is duplicated, in which
+ * mac_mbuf_tag_copy is called when an mbuf header is duplicated, in which
* case the labels must also be duplicated.
*/
void
-mac_copy_mbuf_tag(struct m_tag *src, struct m_tag *dest)
+mac_mbuf_tag_copy(struct m_tag *src, struct m_tag *dest)
{
struct label *src_label, *dest_label;
@@ -232,32 +236,32 @@ mac_copy_mbuf_tag(struct m_tag *src, struct m_tag *dest)
dest_label = (struct label *)(dest+1);
/*
- * mac_init_mbuf_tag() is called on the target tag in m_tag_copy(),
+ * mac_mbuf_tag_init() is called on the target tag in m_tag_copy(),
* so we don't need to call it here.
*/
- MAC_PERFORM(copy_mbuf_label, src_label, dest_label);
+ MAC_PERFORM(mbuf_copy_label, src_label, dest_label);
}
void
-mac_copy_mbuf(struct mbuf *m_from, struct mbuf *m_to)
+mac_mbuf_copy(struct mbuf *m_from, struct mbuf *m_to)
{
struct label *src_label, *dest_label;
src_label = mac_mbuf_to_label(m_from);
dest_label = mac_mbuf_to_label(m_to);
- MAC_PERFORM(copy_mbuf_label, src_label, dest_label);
+ MAC_PERFORM(mbuf_copy_label, src_label, dest_label);
}
static void
-mac_copy_ifnet_label(struct label *src, struct label *dest)
+mac_ifnet_copy_label(struct label *src, struct label *dest)
{
- MAC_PERFORM(copy_ifnet_label, src, dest);
+ MAC_PERFORM(ifnet_copy_label, src, dest);
}
static int
-mac_externalize_ifnet_label(struct label *label, char *elements,
+mac_ifnet_externalize_label(struct label *label, char *elements,
char *outbuf, size_t outbuflen)
{
int error;
@@ -268,7 +272,7 @@ mac_externalize_ifnet_label(struct label *label, char *elements,
}
static int
-mac_internalize_ifnet_label(struct label *label, char *string)
+mac_ifnet_internalize_label(struct label *label, char *string)
{
int error;
@@ -278,23 +282,23 @@ mac_internalize_ifnet_label(struct label *label, char *string)
}
void
-mac_create_ifnet(struct ifnet *ifp)
+mac_ifnet_create(struct ifnet *ifp)
{
MAC_IFNET_LOCK(ifp);
- MAC_PERFORM(create_ifnet, ifp, ifp->if_label);
+ MAC_PERFORM(ifnet_create, ifp, ifp->if_label);
MAC_IFNET_UNLOCK(ifp);
}
void
-mac_create_bpfdesc(struct ucred *cred, struct bpf_d *d)
+mac_bpfdesc_create(struct ucred *cred, struct bpf_d *d)
{
- MAC_PERFORM(create_bpfdesc, cred, d, d->bd_label);
+ MAC_PERFORM(bpfdesc_create, cred, d, d->bd_label);
}
void
-mac_create_mbuf_from_bpfdesc(struct bpf_d *d, struct mbuf *m)
+mac_bpfdesc_create_mbuf(struct bpf_d *d, struct mbuf *m)
{
struct label *label;
@@ -302,7 +306,7 @@ mac_create_mbuf_from_bpfdesc(struct bpf_d *d, struct mbuf *m)
label = mac_mbuf_to_label(m);
- MAC_PERFORM(create_mbuf_from_bpfdesc, d, d->bd_label, m, label);
+ MAC_PERFORM(bpfdesc_create_mbuf, d, d->bd_label, m, label);
}
void
@@ -318,19 +322,19 @@ mac_create_mbuf_linklayer(struct ifnet *ifp, struct mbuf *m)
}
void
-mac_create_mbuf_from_ifnet(struct ifnet *ifp, struct mbuf *m)
+mac_ifnet_create_mbuf(struct ifnet *ifp, struct mbuf *m)
{
struct label *label;
label = mac_mbuf_to_label(m);
MAC_IFNET_LOCK(ifp);
- MAC_PERFORM(create_mbuf_from_ifnet, ifp, ifp->if_label, m, label);
+ MAC_PERFORM(ifnet_create_mbuf, ifp, ifp->if_label, m, label);
MAC_IFNET_UNLOCK(ifp);
}
void
-mac_create_mbuf_multicast_encap(struct mbuf *m, struct ifnet *ifp,
+mac_mbuf_create_multicast_encap(struct mbuf *m, struct ifnet *ifp,
struct mbuf *mnew)
{
struct label *mlabel, *mnewlabel;
@@ -339,38 +343,38 @@ mac_create_mbuf_multicast_encap(struct mbuf *m, struct ifnet *ifp,
mnewlabel = mac_mbuf_to_label(mnew);
MAC_IFNET_LOCK(ifp);
- MAC_PERFORM(create_mbuf_multicast_encap, m, mlabel, ifp,
+ MAC_PERFORM(mbuf_create_multicast_encap, m, mlabel, ifp,
ifp->if_label, mnew, mnewlabel);
MAC_IFNET_UNLOCK(ifp);
}
void
-mac_create_mbuf_netlayer(struct mbuf *m, struct mbuf *mnew)
+mac_mbuf_create_netlayer(struct mbuf *m, struct mbuf *mnew)
{
struct label *mlabel, *mnewlabel;
mlabel = mac_mbuf_to_label(m);
mnewlabel = mac_mbuf_to_label(mnew);
- MAC_PERFORM(create_mbuf_netlayer, m, mlabel, mnew, mnewlabel);
+ MAC_PERFORM(mbuf_create_netlayer, m, mlabel, mnew, mnewlabel);
}
int
-mac_check_bpfdesc_receive(struct bpf_d *d, struct ifnet *ifp)
+mac_bpfdesc_check_receive(struct bpf_d *d, struct ifnet *ifp)
{
int error;
BPFD_LOCK_ASSERT(d);
MAC_IFNET_LOCK(ifp);
- MAC_CHECK(check_bpfdesc_receive, d, d->bd_label, ifp, ifp->if_label);
+ MAC_CHECK(bpfdesc_check_receive, d, d->bd_label, ifp, ifp->if_label);
MAC_IFNET_UNLOCK(ifp);
return (error);
}
int
-mac_check_ifnet_transmit(struct ifnet *ifp, struct mbuf *m)
+mac_ifnet_check_transmit(struct ifnet *ifp, struct mbuf *m)
{
struct label *label;
int error;
@@ -380,14 +384,14 @@ mac_check_ifnet_transmit(struct ifnet *ifp, struct mbuf *m)
label = mac_mbuf_to_label(m);
MAC_IFNET_LOCK(ifp);
- MAC_CHECK(check_ifnet_transmit, ifp, ifp->if_label, m, label);
+ MAC_CHECK(ifnet_check_transmit, ifp, ifp->if_label, m, label);
MAC_IFNET_UNLOCK(ifp);
return (error);
}
int
-mac_ioctl_ifnet_get(struct ucred *cred, struct ifreq *ifr,
+mac_ifnet_ioctl_get(struct ucred *cred, struct ifreq *ifr,
struct ifnet *ifp)
{
char *elements, *buffer;
@@ -413,9 +417,9 @@ mac_ioctl_ifnet_get(struct ucred *cred, struct ifreq *ifr,
buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK | M_ZERO);
intlabel = mac_ifnet_label_alloc();
MAC_IFNET_LOCK(ifp);
- mac_copy_ifnet_label(ifp->if_label, intlabel);
+ mac_ifnet_copy_label(ifp->if_label, intlabel);
MAC_IFNET_UNLOCK(ifp);
- error = mac_externalize_ifnet_label(intlabel, elements, buffer,
+ error = mac_ifnet_externalize_label(intlabel, elements, buffer,
mac.m_buflen);
mac_ifnet_label_free(intlabel);
if (error == 0)
@@ -428,7 +432,7 @@ mac_ioctl_ifnet_get(struct ucred *cred, struct ifreq *ifr,
}
int
-mac_ioctl_ifnet_set(struct ucred *cred, struct ifreq *ifr, struct ifnet *ifp)
+mac_ifnet_ioctl_set(struct ucred *cred, struct ifreq *ifr, struct ifnet *ifp)
{
struct label *intlabel;
struct mac mac;
@@ -451,7 +455,7 @@ mac_ioctl_ifnet_set(struct ucred *cred, struct ifreq *ifr, struct ifnet *ifp)
}
intlabel = mac_ifnet_label_alloc();
- error = mac_internalize_ifnet_label(intlabel, buffer);
+ error = mac_ifnet_internalize_label(intlabel, buffer);
free(buffer, M_MACTEMP);
if (error) {
mac_ifnet_label_free(intlabel);
@@ -470,14 +474,14 @@ mac_ioctl_ifnet_set(struct ucred *cred, struct ifreq *ifr, struct ifnet *ifp)
}
MAC_IFNET_LOCK(ifp);
- MAC_CHECK(check_ifnet_relabel, cred, ifp, ifp->if_label, intlabel);
+ MAC_CHECK(ifnet_check_relabel, cred, ifp, ifp->if_label, intlabel);
if (error) {
MAC_IFNET_UNLOCK(ifp);
mac_ifnet_label_free(intlabel);
return (error);
}
- MAC_PERFORM(relabel_ifnet, cred, ifp, ifp->if_label, intlabel);
+ MAC_PERFORM(ifnet_relabel, cred, ifp, ifp->if_label, intlabel);
MAC_IFNET_UNLOCK(ifp);
mac_ifnet_label_free(intlabel);
diff --git a/sys/security/mac/mac_pipe.c b/sys/security/mac/mac_pipe.c
index 6578517681f2..0a352bbaf40a 100644
--- a/sys/security/mac/mac_pipe.c
+++ b/sys/security/mac/mac_pipe.c
@@ -1,5 +1,6 @@
/*-
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
+ * Copyright (c) 2006 SPARTA, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project in part by Network
@@ -7,6 +8,9 @@
* Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"),
* as part of the DARPA CHATS research program.
*
+ * This software was enhanced by SPARTA ISSO under SPAWAR contract
+ * N66001-04-C-6019 ("SEFOS").
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -56,12 +60,12 @@ mac_pipe_label_alloc(void)
struct label *label;
label = mac_labelzone_alloc(M_WAITOK);
- MAC_PERFORM(init_pipe_label, label);
+ MAC_PERFORM(pipe_init_label, label);
return (label);
}
void
-mac_init_pipe(struct pipepair *pp)
+mac_pipe_init(struct pipepair *pp)
{
pp->pp_label = mac_pipe_label_alloc();
@@ -71,12 +75,12 @@ void
mac_pipe_label_free(struct label *label)
{
- MAC_PERFORM(destroy_pipe_label, label);
+ MAC_PERFORM(pipe_destroy_label, label);
mac_labelzone_free(label);
}
void
-mac_destroy_pipe(struct pipepair *pp)
+mac_pipe_destroy(struct pipepair *pp)
{
mac_pipe_label_free(pp->pp_label);
@@ -84,14 +88,14 @@ mac_destroy_pipe(struct pipepair *pp)
}
void
-mac_copy_pipe_label(struct label *src, struct label *dest)
+mac_pipe_copy_label(struct label *src, struct label *dest)
{
- MAC_PERFORM(copy_pipe_label, src, dest);
+ MAC_PERFORM(pipe_copy_label, src, dest);
}
int
-mac_externalize_pipe_label(struct label *label, char *elements,
+mac_pipe_externalize_label(struct label *label, char *elements,
char *outbuf, size_t outbuflen)
{
int error;
@@ -102,7 +106,7 @@ mac_externalize_pipe_label(struct label *label, char *elements,
}
int
-mac_internalize_pipe_label(struct label *label, char *string)
+mac_pipe_internalize_label(struct label *label, char *string)
{
int error;
@@ -112,90 +116,90 @@ mac_internalize_pipe_label(struct label *label, char *string)
}
void
-mac_create_pipe(struct ucred *cred, struct pipepair *pp)
+mac_pipe_create(struct ucred *cred, struct pipepair *pp)
{
- MAC_PERFORM(create_pipe, cred, pp, pp->pp_label);
+ MAC_PERFORM(pipe_create, cred, pp, pp->pp_label);
}
static void
-mac_relabel_pipe(struct ucred *cred, struct pipepair *pp,
+mac_pipe_relabel(struct ucred *cred, struct pipepair *pp,
struct label *newlabel)
{
- MAC_PERFORM(relabel_pipe, cred, pp, pp->pp_label, newlabel);
+ MAC_PERFORM(pipe_relabel, cred, pp, pp->pp_label, newlabel);
}
int
-mac_check_pipe_ioctl(struct ucred *cred, struct pipepair *pp,
+mac_pipe_check_ioctl(struct ucred *cred, struct pipepair *pp,
unsigned long cmd, void *data)
{
int error;
mtx_assert(&pp->pp_mtx, MA_OWNED);
- MAC_CHECK(check_pipe_ioctl, cred, pp, pp->pp_label, cmd, data);
+ MAC_CHECK(pipe_check_ioctl, cred, pp, pp->pp_label, cmd, data);
return (error);
}
int
-mac_check_pipe_poll(struct ucred *cred, struct pipepair *pp)
+mac_pipe_check_poll(struct ucred *cred, struct pipepair *pp)
{
int error;
mtx_assert(&pp->pp_mtx, MA_OWNED);
- MAC_CHECK(check_pipe_poll, cred, pp, pp->pp_label);
+ MAC_CHECK(pipe_check_poll, cred, pp, pp->pp_label);
return (error);
}
int
-mac_check_pipe_read(struct ucred *cred, struct pipepair *pp)
+mac_pipe_check_read(struct ucred *cred, struct pipepair *pp)
{
int error;
mtx_assert(&pp->pp_mtx, MA_OWNED);
- MAC_CHECK(check_pipe_read, cred, pp, pp->pp_label);
+ MAC_CHECK(pipe_check_read, cred, pp, pp->pp_label);
return (error);
}
static int
-mac_check_pipe_relabel(struct ucred *cred, struct pipepair *pp,
+mac_pipe_check_relabel(struct ucred *cred, struct pipepair *pp,
struct label *newlabel)
{
int error;
mtx_assert(&pp->pp_mtx, MA_OWNED);
- MAC_CHECK(check_pipe_relabel, cred, pp, pp->pp_label, newlabel);
+ MAC_CHECK(pipe_check_relabel, cred, pp, pp->pp_label, newlabel);
return (error);
}
int
-mac_check_pipe_stat(struct ucred *cred, struct pipepair *pp)
+mac_pipe_check_stat(struct ucred *cred, struct pipepair *pp)
{
int error;
mtx_assert(&pp->pp_mtx, MA_OWNED);
- MAC_CHECK(check_pipe_stat, cred, pp, pp->pp_label);
+ MAC_CHECK(pipe_check_stat, cred, pp, pp->pp_label);
return (error);
}
int
-mac_check_pipe_write(struct ucred *cred, struct pipepair *pp)
+mac_pipe_check_write(struct ucred *cred, struct pipepair *pp)
{
int error;
mtx_assert(&pp->pp_mtx, MA_OWNED);
- MAC_CHECK(check_pipe_write, cred, pp, pp->pp_label);
+ MAC_CHECK(pipe_check_write, cred, pp, pp->pp_label);
return (error);
}
@@ -208,11 +212,11 @@ mac_pipe_label_set(struct ucred *cred, struct pipepair *pp,
mtx_assert(&pp->pp_mtx, MA_OWNED);
- error = mac_check_pipe_relabel(cred, pp, label);
+ error = mac_pipe_check_relabel(cred, pp, label);
if (error)
return (error);
- mac_relabel_pipe(cred, pp, label);
+ mac_pipe_relabel(cred, pp, label);
return (0);
}
diff --git a/sys/security/mac/mac_policy.h b/sys/security/mac/mac_policy.h
index c061e2e43a1b..5106d94c7da9 100644
--- a/sys/security/mac/mac_policy.h
+++ b/sys/security/mac/mac_policy.h
@@ -116,217 +116,217 @@ typedef void (*mpo_placeholder_t)(void);
* recycle for re-use without init/destroy, copy a label to initialized
* storage, and externalize/internalize from/to initialized storage.
*/
-typedef void (*mpo_init_bpfdesc_label_t)(struct label *label);
-typedef void (*mpo_init_cred_label_t)(struct label *label);
-typedef void (*mpo_init_devfs_label_t)(struct label *label);
-typedef void (*mpo_init_ifnet_label_t)(struct label *label);
-typedef int (*mpo_init_inpcb_label_t)(struct label *label, int flag);
-typedef void (*mpo_init_sysv_msgmsg_label_t)(struct label *label);
-typedef void (*mpo_init_sysv_msgqueue_label_t)(struct label *label);
-typedef void (*mpo_init_sysv_sem_label_t)(struct label *label);
-typedef void (*mpo_init_sysv_shm_label_t)(struct label *label);
-typedef int (*mpo_init_ipq_label_t)(struct label *label, int flag);
-typedef int (*mpo_init_mbuf_label_t)(struct label *label, int flag);
-typedef void (*mpo_init_mount_label_t)(struct label *label);
-typedef int (*mpo_init_socket_label_t)(struct label *label, int flag);
-typedef int (*mpo_init_socket_peer_label_t)(struct label *label,
+typedef void (*mpo_bpfdesc_init_label_t)(struct label *label);
+typedef void (*mpo_cred_init_label_t)(struct label *label);
+typedef void (*mpo_devfs_init_label_t)(struct label *label);
+typedef void (*mpo_ifnet_init_label_t)(struct label *label);
+typedef int (*mpo_inpcb_init_label_t)(struct label *label, int flag);
+typedef void (*mpo_sysvmsg_init_label_t)(struct label *label);
+typedef void (*mpo_sysvmsq_init_label_t)(struct label *label);
+typedef void (*mpo_sysvsem_init_label_t)(struct label *label);
+typedef void (*mpo_sysvshm_init_label_t)(struct label *label);
+typedef int (*mpo_ipq_init_label_t)(struct label *label, int flag);
+typedef int (*mpo_mbuf_init_label_t)(struct label *label, int flag);
+typedef void (*mpo_mount_init_label_t)(struct label *label);
+typedef int (*mpo_socket_init_label_t)(struct label *label, int flag);
+typedef int (*mpo_socketpeer_init_label_t)(struct label *label,
int flag);
-typedef void (*mpo_init_pipe_label_t)(struct label *label);
-typedef void (*mpo_init_posix_sem_label_t)(struct label *label);
-typedef void (*mpo_init_proc_label_t)(struct label *label);
-typedef void (*mpo_init_vnode_label_t)(struct label *label);
-typedef void (*mpo_destroy_bpfdesc_label_t)(struct label *label);
-typedef void (*mpo_destroy_cred_label_t)(struct label *label);
-typedef void (*mpo_destroy_devfs_label_t)(struct label *label);
-typedef void (*mpo_destroy_ifnet_label_t)(struct label *label);
-typedef void (*mpo_destroy_inpcb_label_t)(struct label *label);
-typedef void (*mpo_destroy_sysv_msgmsg_label_t)(struct label *label);
-typedef void (*mpo_destroy_sysv_msgqueue_label_t)(struct label *label);
-typedef void (*mpo_destroy_sysv_sem_label_t)(struct label *label);
-typedef void (*mpo_destroy_sysv_shm_label_t)(struct label *label);
-typedef void (*mpo_destroy_ipq_label_t)(struct label *label);
-typedef void (*mpo_destroy_mbuf_label_t)(struct label *label);
-typedef void (*mpo_destroy_mount_label_t)(struct label *label);
-typedef void (*mpo_destroy_socket_label_t)(struct label *label);
-typedef void (*mpo_destroy_socket_peer_label_t)(struct label *label);
-typedef void (*mpo_destroy_pipe_label_t)(struct label *label);
-typedef void (*mpo_destroy_posix_sem_label_t)(struct label *label);
-typedef void (*mpo_destroy_proc_label_t)(struct label *label);
-typedef void (*mpo_destroy_vnode_label_t)(struct label *label);
-typedef void (*mpo_cleanup_sysv_msgmsg_t)(struct label *msglabel);
-typedef void (*mpo_cleanup_sysv_msgqueue_t)(struct label *msqlabel);
-typedef void (*mpo_cleanup_sysv_sem_t)(struct label *semalabel);
-typedef void (*mpo_cleanup_sysv_shm_t)(struct label *shmlabel);
-typedef void (*mpo_copy_cred_label_t)(struct label *src,
+typedef void (*mpo_pipe_init_label_t)(struct label *label);
+typedef void (*mpo_posixsem_init_label_t)(struct label *label);
+typedef void (*mpo_proc_init_label_t)(struct label *label);
+typedef void (*mpo_vnode_init_label_t)(struct label *label);
+typedef void (*mpo_bpfdesc_destroy_label_t)(struct label *label);
+typedef void (*mpo_cred_destroy_label_t)(struct label *label);
+typedef void (*mpo_devfs_destroy_label_t)(struct label *label);
+typedef void (*mpo_ifnet_destroy_label_t)(struct label *label);
+typedef void (*mpo_inpcb_destroy_label_t)(struct label *label);
+typedef void (*mpo_sysvmsg_destroy_label_t)(struct label *label);
+typedef void (*mpo_sysvmsq_destroy_label_t)(struct label *label);
+typedef void (*mpo_sysvsem_destroy_label_t)(struct label *label);
+typedef void (*mpo_sysvshm_destroy_label_t)(struct label *label);
+typedef void (*mpo_ipq_destroy_label_t)(struct label *label);
+typedef void (*mpo_mbuf_destroy_label_t)(struct label *label);
+typedef void (*mpo_mount_destroy_label_t)(struct label *label);
+typedef void (*mpo_socket_destroy_label_t)(struct label *label);
+typedef void (*mpo_socketpeer_destroy_label_t)(struct label *label);
+typedef void (*mpo_pipe_destroy_label_t)(struct label *label);
+typedef void (*mpo_posixsem_destroy_label_t)(struct label *label);
+typedef void (*mpo_proc_destroy_label_t)(struct label *label);
+typedef void (*mpo_vnode_destroy_label_t)(struct label *label);
+typedef void (*mpo_sysvmsg_cleanup_t)(struct label *msglabel);
+typedef void (*mpo_sysvmsq_cleanup_t)(struct label *msqlabel);
+typedef void (*mpo_sysvsem_cleanup_t)(struct label *semalabel);
+typedef void (*mpo_sysvshm_cleanup_t)(struct label *shmlabel);
+typedef void (*mpo_cred_copy_label_t)(struct label *src,
struct label *dest);
-typedef void (*mpo_copy_ifnet_label_t)(struct label *src,
+typedef void (*mpo_ifnet_copy_label_t)(struct label *src,
struct label *dest);
-typedef void (*mpo_copy_mbuf_label_t)(struct label *src,
+typedef void (*mpo_mbuf_copy_label_t)(struct label *src,
struct label *dest);
-typedef void (*mpo_copy_pipe_label_t)(struct label *src,
+typedef void (*mpo_pipe_copy_label_t)(struct label *src,
struct label *dest);
-typedef void (*mpo_copy_socket_label_t)(struct label *src,
+typedef void (*mpo_socket_copy_label_t)(struct label *src,
struct label *dest);
-typedef void (*mpo_copy_vnode_label_t)(struct label *src,
+typedef void (*mpo_vnode_copy_label_t)(struct label *src,
struct label *dest);
-typedef int (*mpo_externalize_cred_label_t)(struct label *label,
+typedef int (*mpo_cred_externalize_label_t)(struct label *label,
char *element_name, struct sbuf *sb, int *claimed);
-typedef int (*mpo_externalize_ifnet_label_t)(struct label *label,
+typedef int (*mpo_ifnet_externalize_label_t)(struct label *label,
char *element_name, struct sbuf *sb, int *claimed);
-typedef int (*mpo_externalize_pipe_label_t)(struct label *label,
+typedef int (*mpo_pipe_externalize_label_t)(struct label *label,
char *element_name, struct sbuf *sb, int *claimed);
-typedef int (*mpo_externalize_socket_label_t)(struct label *label,
+typedef int (*mpo_socket_externalize_label_t)(struct label *label,
char *element_name, struct sbuf *sb, int *claimed);
-typedef int (*mpo_externalize_socket_peer_label_t)(struct label *label,
+typedef int (*mpo_socketpeer_externalize_label_t)(struct label *label,
char *element_name, struct sbuf *sb, int *claimed);
-typedef int (*mpo_externalize_vnode_label_t)(struct label *label,
+typedef int (*mpo_vnode_externalize_label_t)(struct label *label,
char *element_name, struct sbuf *sb, int *claimed);
-typedef int (*mpo_internalize_cred_label_t)(struct label *label,
+typedef int (*mpo_cred_internalize_label_t)(struct label *label,
char *element_name, char *element_data, int *claimed);
-typedef int (*mpo_internalize_ifnet_label_t)(struct label *label,
+typedef int (*mpo_ifnet_internalize_label_t)(struct label *label,
char *element_name, char *element_data, int *claimed);
-typedef int (*mpo_internalize_pipe_label_t)(struct label *label,
+typedef int (*mpo_pipe_internalize_label_t)(struct label *label,
char *element_name, char *element_data, int *claimed);
-typedef int (*mpo_internalize_socket_label_t)(struct label *label,
+typedef int (*mpo_socket_internalize_label_t)(struct label *label,
char *element_name, char *element_data, int *claimed);
-typedef int (*mpo_internalize_vnode_label_t)(struct label *label,
+typedef int (*mpo_vnode_internalize_label_t)(struct label *label,
char *element_name, char *element_data, int *claimed);
/*
* Labeling event operations: file system objects, and things that look a lot
* like file system objects.
*/
-typedef void (*mpo_associate_vnode_devfs_t)(struct mount *mp,
+typedef void (*mpo_devfs_vnode_associate_t)(struct mount *mp,
struct label *mplabel, struct devfs_dirent *de,
struct label *delabel, struct vnode *vp,
struct label *vplabel);
-typedef int (*mpo_associate_vnode_extattr_t)(struct mount *mp,
+typedef int (*mpo_vnode_associate_extattr_t)(struct mount *mp,
struct label *mplabel, struct vnode *vp,
struct label *vplabel);
-typedef void (*mpo_associate_vnode_singlelabel_t)(struct mount *mp,
+typedef void (*mpo_vnode_associate_singlelabel_t)(struct mount *mp,
struct label *mplabel, struct vnode *vp,
struct label *vplabel);
-typedef void (*mpo_create_devfs_device_t)(struct ucred *cred,
+typedef void (*mpo_devfs_create_device_t)(struct ucred *cred,
struct mount *mp, struct cdev *dev,
struct devfs_dirent *de, struct label *delabel);
-typedef void (*mpo_create_devfs_directory_t)(struct mount *mp,
+typedef void (*mpo_devfs_create_directory_t)(struct mount *mp,
char *dirname, int dirnamelen, struct devfs_dirent *de,
struct label *delabel);
-typedef void (*mpo_create_devfs_symlink_t)(struct ucred *cred,
+typedef void (*mpo_devfs_create_symlink_t)(struct ucred *cred,
struct mount *mp, struct devfs_dirent *dd,
struct label *ddlabel, struct devfs_dirent *de,
struct label *delabel);
-typedef int (*mpo_create_vnode_extattr_t)(struct ucred *cred,
+typedef int (*mpo_vnode_create_extattr_t)(struct ucred *cred,
struct mount *mp, struct label *mplabel,
struct vnode *dvp, struct label *dvplabel,
struct vnode *vp, struct label *vplabel,
struct componentname *cnp);
-typedef void (*mpo_create_mount_t)(struct ucred *cred, struct mount *mp,
+typedef void (*mpo_mount_create_t)(struct ucred *cred, struct mount *mp,
struct label *mplabel);
-typedef void (*mpo_relabel_vnode_t)(struct ucred *cred, struct vnode *vp,
+typedef void (*mpo_vnode_relabel_t)(struct ucred *cred, struct vnode *vp,
struct label *vplabel, struct label *label);
-typedef int (*mpo_setlabel_vnode_extattr_t)(struct ucred *cred,
+typedef int (*mpo_vnode_setlabel_extattr_t)(struct ucred *cred,
struct vnode *vp, struct label *vplabel,
struct label *intlabel);
-typedef void (*mpo_update_devfs_t)(struct mount *mp,
+typedef void (*mpo_devfs_update_t)(struct mount *mp,
struct devfs_dirent *de, struct label *delabel,
struct vnode *vp, struct label *vplabel);
/*
* Labeling event operations: IPC objects.
*/
-typedef void (*mpo_create_mbuf_from_socket_t)(struct socket *so,
+typedef void (*mpo_socket_create_mbuf_t)(struct socket *so,
struct label *solabel, struct mbuf *m,
struct label *mlabel);
-typedef void (*mpo_create_socket_t)(struct ucred *cred, struct socket *so,
+typedef void (*mpo_socket_create_t)(struct ucred *cred, struct socket *so,
struct label *solabel);
-typedef void (*mpo_create_socket_from_socket_t)(struct socket *oldso,
+typedef void (*mpo_socket_newconn_t)(struct socket *oldso,
struct label *oldsolabel, struct socket *newso,
struct label *newsolabel);
-typedef void (*mpo_relabel_socket_t)(struct ucred *cred, struct socket *so,
+typedef void (*mpo_socket_relabel_t)(struct ucred *cred, struct socket *so,
struct label *oldlabel, struct label *newlabel);
-typedef void (*mpo_relabel_pipe_t)(struct ucred *cred, struct pipepair *pp,
+typedef void (*mpo_pipe_relabel_t)(struct ucred *cred, struct pipepair *pp,
struct label *oldlabel, struct label *newlabel);
-typedef void (*mpo_set_socket_peer_from_mbuf_t)(struct mbuf *m,
+typedef void (*mpo_socketpeer_set_from_mbuf_t)(struct mbuf *m,
struct label *mlabel, struct socket *so,
struct label *sopeerlabel);
-typedef void (*mpo_set_socket_peer_from_socket_t)(struct socket *oldso,
+typedef void (*mpo_socketpeer_set_from_socket_t)(struct socket *oldso,
struct label *oldsolabel, struct socket *newso,
struct label *newsopeerlabel);
-typedef void (*mpo_create_pipe_t)(struct ucred *cred, struct pipepair *pp,
+typedef void (*mpo_pipe_create_t)(struct ucred *cred, struct pipepair *pp,
struct label *pplabel);
/*
* Labeling event operations: System V IPC primitives.
*/
-typedef void (*mpo_create_sysv_msgmsg_t)(struct ucred *cred,
+typedef void (*mpo_sysvmsg_create_t)(struct ucred *cred,
struct msqid_kernel *msqkptr, struct label *msqlabel,
struct msg *msgptr, struct label *msglabel);
-typedef void (*mpo_create_sysv_msgqueue_t)(struct ucred *cred,
+typedef void (*mpo_sysvmsq_create_t)(struct ucred *cred,
struct msqid_kernel *msqkptr, struct label *msqlabel);
-typedef void (*mpo_create_sysv_sem_t)(struct ucred *cred,
+typedef void (*mpo_sysvsem_create_t)(struct ucred *cred,
struct semid_kernel *semakptr, struct label *semalabel);
-typedef void (*mpo_create_sysv_shm_t)(struct ucred *cred,
+typedef void (*mpo_sysvshm_create_t)(struct ucred *cred,
struct shmid_kernel *shmsegptr, struct label *shmlabel);
/*
* Labeling event operations: POSIX (global/inter-process) semaphores.
*/
-typedef void (*mpo_create_posix_sem_t)(struct ucred *cred,
+typedef void (*mpo_posixsem_create_t)(struct ucred *cred,
struct ksem *ks, struct label *kslabel);
/*
* Labeling event operations: network objects.
*/
-typedef void (*mpo_create_bpfdesc_t)(struct ucred *cred,
+typedef void (*mpo_bpfdesc_create_t)(struct ucred *cred,
struct bpf_d *d, struct label *dlabel);
-typedef void (*mpo_create_ifnet_t)(struct ifnet *ifp,
+typedef void (*mpo_ifnet_create_t)(struct ifnet *ifp,
struct label *ifplabel);
-typedef void (*mpo_create_inpcb_from_socket_t)(struct socket *so,
+typedef void (*mpo_inpcb_create_t)(struct socket *so,
struct label *solabel, struct inpcb *inp,
struct label *inplabel);
-typedef void (*mpo_create_ipq_t)(struct mbuf *m, struct label *mlabel,
+typedef void (*mpo_ipq_create_t)(struct mbuf *m, struct label *mlabel,
struct ipq *ipq, struct label *ipqlabel);
-typedef void (*mpo_create_datagram_from_ipq)
+typedef void (*mpo_ipq_reassemble)
(struct ipq *ipq, struct label *ipqlabel, struct mbuf *m,
struct label *mlabel);
-typedef void (*mpo_create_fragment_t)(struct mbuf *m,
+typedef void (*mpo_netinet_fragment_t)(struct mbuf *m,
struct label *mlabel, struct mbuf *frag,
struct label *fraglabel);
-typedef void (*mpo_create_mbuf_from_inpcb_t)(struct inpcb *inp,
+typedef void (*mpo_inpcb_create_mbuf_t)(struct inpcb *inp,
struct label *inplabel, struct mbuf *m,
struct label *mlabel);
typedef void (*mpo_create_mbuf_linklayer_t)(struct ifnet *ifp,
struct label *ifplabel, struct mbuf *m,
struct label *mlabel);
-typedef void (*mpo_create_mbuf_from_bpfdesc_t)(struct bpf_d *d,
+typedef void (*mpo_bpfdesc_create_mbuf_t)(struct bpf_d *d,
struct label *dlabel, struct mbuf *m,
struct label *mlabel);
-typedef void (*mpo_create_mbuf_from_ifnet_t)(struct ifnet *ifp,
+typedef void (*mpo_ifnet_create_mbuf_t)(struct ifnet *ifp,
struct label *ifplabel, struct mbuf *m,
struct label *mlabel);
-typedef void (*mpo_create_mbuf_multicast_encap_t)(struct mbuf *m,
+typedef void (*mpo_mbuf_create_multicast_encap_t)(struct mbuf *m,
struct label *mlabel, struct ifnet *ifp,
struct label *ifplabel, struct mbuf *mnew,
struct label *mnewlabel);
-typedef void (*mpo_create_mbuf_netlayer_t)(struct mbuf *m,
+typedef void (*mpo_mbuf_create_netlayer_t)(struct mbuf *m,
struct label *mlabel, struct mbuf *mnew,
struct label *mnewlabel);
-typedef int (*mpo_fragment_match_t)(struct mbuf *m, struct label *mlabel,
+typedef int (*mpo_ipq_match_t)(struct mbuf *m, struct label *mlabel,
struct ipq *ipq, struct label *ipqlabel);
-typedef void (*mpo_reflect_mbuf_icmp_t)(struct mbuf *m,
+typedef void (*mpo_netinet_icmp_reply_t)(struct mbuf *m,
struct label *mlabel);
-typedef void (*mpo_reflect_mbuf_tcp_t)(struct mbuf *m,
+typedef void (*mpo_netinet_tcp_reply_t)(struct mbuf *m,
struct label *mlabel);
-typedef void (*mpo_relabel_ifnet_t)(struct ucred *cred, struct ifnet *ifp,
+typedef void (*mpo_ifnet_relabel_t)(struct ucred *cred, struct ifnet *ifp,
struct label *ifplabel, struct label *newlabel);
-typedef void (*mpo_update_ipq_t)(struct mbuf *m, struct label *mlabel,
+typedef void (*mpo_ipq_update_t)(struct mbuf *m, struct label *mlabel,
struct ipq *ipq, struct label *ipqlabel);
typedef void (*mpo_inpcb_sosetlabel_t)(struct socket *so,
struct label *label, struct inpcb *inp,
struct label *inplabel);
-typedef void (*mpo_create_mbuf_from_firewall_t)(struct mbuf *m,
+typedef void (*mpo_mbuf_create_from_firewall_t)(struct mbuf *m,
struct label *label);
typedef void (*mpo_destroy_syncache_label_t)(struct label *label);
typedef int (*mpo_init_syncache_label_t)(struct label *label, int flag);
@@ -337,274 +337,274 @@ typedef void (*mpo_create_mbuf_from_syncache_t)(struct label *sc_label,
/*
* Labeling event operations: processes.
*/
-typedef void (*mpo_execve_transition_t)(struct ucred *old,
+typedef void (*mpo_vnode_execve_transition_t)(struct ucred *old,
struct ucred *new, struct vnode *vp,
struct label *vplabel, struct label *interpvnodelabel,
struct image_params *imgp, struct label *execlabel);
-typedef int (*mpo_execve_will_transition_t)(struct ucred *old,
+typedef int (*mpo_vnode_execve_will_transition_t)(struct ucred *old,
struct vnode *vp, struct label *vplabel,
struct label *interpvnodelabel,
struct image_params *imgp, struct label *execlabel);
-typedef void (*mpo_create_proc0_t)(struct ucred *cred);
-typedef void (*mpo_create_proc1_t)(struct ucred *cred);
-typedef void (*mpo_relabel_cred_t)(struct ucred *cred,
+typedef void (*mpo_proc_create_swapper_t)(struct ucred *cred);
+typedef void (*mpo_proc_create_init_t)(struct ucred *cred);
+typedef void (*mpo_cred_relabel_t)(struct ucred *cred,
struct label *newlabel);
typedef void (*mpo_thread_userret_t)(struct thread *thread);
/*
* Access control checks.
*/
-typedef int (*mpo_check_bpfdesc_receive_t)(struct bpf_d *d,
+typedef int (*mpo_bpfdesc_check_receive_t)(struct bpf_d *d,
struct label *dlabel, struct ifnet *ifp,
struct label *ifplabel);
-typedef int (*mpo_check_cred_relabel_t)(struct ucred *cred,
+typedef int (*mpo_cred_check_relabel_t)(struct ucred *cred,
struct label *newlabel);
-typedef int (*mpo_check_cred_visible_t)(struct ucred *cr1,
+typedef int (*mpo_cred_check_visible_t)(struct ucred *cr1,
struct ucred *cr2);
-typedef int (*mpo_check_ifnet_relabel_t)(struct ucred *cred,
+typedef int (*mpo_ifnet_check_relabel_t)(struct ucred *cred,
struct ifnet *ifp, struct label *ifplabel,
struct label *newlabel);
-typedef int (*mpo_check_ifnet_transmit_t)(struct ifnet *ifp,
+typedef int (*mpo_ifnet_check_transmit_t)(struct ifnet *ifp,
struct label *ifplabel, struct mbuf *m,
struct label *mlabel);
-typedef int (*mpo_check_inpcb_deliver_t)(struct inpcb *inp,
+typedef int (*mpo_inpcb_check_deliver_t)(struct inpcb *inp,
struct label *inplabel, struct mbuf *m,
struct label *mlabel);
-typedef int (*mpo_check_sysv_msgmsq_t)(struct ucred *cred,
+typedef int (*mpo_sysvmsq_check_msgmsq_t)(struct ucred *cred,
struct msg *msgptr, struct label *msglabel,
struct msqid_kernel *msqkptr, struct label *msqklabel);
-typedef int (*mpo_check_sysv_msgrcv_t)(struct ucred *cred,
+typedef int (*mpo_sysvmsq_check_msgrcv_t)(struct ucred *cred,
struct msg *msgptr, struct label *msglabel);
-typedef int (*mpo_check_sysv_msgrmid_t)(struct ucred *cred,
+typedef int (*mpo_sysvmsq_check_msgrmid_t)(struct ucred *cred,
struct msg *msgptr, struct label *msglabel);
-typedef int (*mpo_check_sysv_msqget_t)(struct ucred *cred,
+typedef int (*mpo_sysvmsq_check_msqget_t)(struct ucred *cred,
struct msqid_kernel *msqkptr, struct label *msqklabel);
-typedef int (*mpo_check_sysv_msqsnd_t)(struct ucred *cred,
+typedef int (*mpo_sysvmsq_check_msqsnd_t)(struct ucred *cred,
struct msqid_kernel *msqkptr, struct label *msqklabel);
-typedef int (*mpo_check_sysv_msqrcv_t)(struct ucred *cred,
+typedef int (*mpo_sysvmsq_check_msqrcv_t)(struct ucred *cred,
struct msqid_kernel *msqkptr, struct label *msqklabel);
-typedef int (*mpo_check_sysv_msqctl_t)(struct ucred *cred,
+typedef int (*mpo_sysvmsq_check_msqctl_t)(struct ucred *cred,
struct msqid_kernel *msqkptr, struct label *msqklabel,
int cmd);
-typedef int (*mpo_check_sysv_semctl_t)(struct ucred *cred,
+typedef int (*mpo_sysvsem_check_semctl_t)(struct ucred *cred,
struct semid_kernel *semakptr, struct label *semaklabel,
int cmd);
-typedef int (*mpo_check_sysv_semget_t)(struct ucred *cred,
+typedef int (*mpo_sysvsem_check_semget_t)(struct ucred *cred,
struct semid_kernel *semakptr, struct label *semaklabel);
-typedef int (*mpo_check_sysv_semop_t)(struct ucred *cred,
+typedef int (*mpo_sysvsem_check_semop_t)(struct ucred *cred,
struct semid_kernel *semakptr, struct label *semaklabel,
size_t accesstype);
-typedef int (*mpo_check_sysv_shmat_t)(struct ucred *cred,
+typedef int (*mpo_sysvshm_check_shmat_t)(struct ucred *cred,
struct shmid_kernel *shmsegptr,
struct label *shmseglabel, int shmflg);
-typedef int (*mpo_check_sysv_shmctl_t)(struct ucred *cred,
+typedef int (*mpo_sysvshm_check_shmctl_t)(struct ucred *cred,
struct shmid_kernel *shmsegptr,
struct label *shmseglabel, int cmd);
-typedef int (*mpo_check_sysv_shmdt_t)(struct ucred *cred,
+typedef int (*mpo_sysvshm_check_shmdt_t)(struct ucred *cred,
struct shmid_kernel *shmsegptr,
struct label *shmseglabel);
-typedef int (*mpo_check_sysv_shmget_t)(struct ucred *cred,
+typedef int (*mpo_sysvshm_check_shmget_t)(struct ucred *cred,
struct shmid_kernel *shmsegptr,
struct label *shmseglabel, int shmflg);
-typedef int (*mpo_check_kenv_dump_t)(struct ucred *cred);
-typedef int (*mpo_check_kenv_get_t)(struct ucred *cred, char *name);
-typedef int (*mpo_check_kenv_set_t)(struct ucred *cred, char *name,
+typedef int (*mpo_kenv_check_dump_t)(struct ucred *cred);
+typedef int (*mpo_kenv_check_get_t)(struct ucred *cred, char *name);
+typedef int (*mpo_kenv_check_set_t)(struct ucred *cred, char *name,
char *value);
-typedef int (*mpo_check_kenv_unset_t)(struct ucred *cred, char *name);
-typedef int (*mpo_check_kld_load_t)(struct ucred *cred, struct vnode *vp,
+typedef int (*mpo_kenv_check_unset_t)(struct ucred *cred, char *name);
+typedef int (*mpo_kld_check_load_t)(struct ucred *cred, struct vnode *vp,
struct label *vplabel);
-typedef int (*mpo_check_kld_stat_t)(struct ucred *cred);
+typedef int (*mpo_kld_check_stat_t)(struct ucred *cred);
typedef int (*mpo_mpo_placeholder19_t)(void);
typedef int (*mpo_mpo_placeholder20_t)(void);
-typedef int (*mpo_check_mount_stat_t)(struct ucred *cred,
+typedef int (*mpo_mount_check_stat_t)(struct ucred *cred,
struct mount *mp, struct label *mplabel);
typedef int (*mpo_mpo_placeholder21_t)(void);
-typedef int (*mpo_check_pipe_ioctl_t)(struct ucred *cred,
+typedef int (*mpo_pipe_check_ioctl_t)(struct ucred *cred,
struct pipepair *pp, struct label *pplabel,
unsigned long cmd, void *data);
-typedef int (*mpo_check_pipe_poll_t)(struct ucred *cred,
+typedef int (*mpo_pipe_check_poll_t)(struct ucred *cred,
struct pipepair *pp, struct label *pplabel);
-typedef int (*mpo_check_pipe_read_t)(struct ucred *cred,
+typedef int (*mpo_pipe_check_read_t)(struct ucred *cred,
struct pipepair *pp, struct label *pplabel);
-typedef int (*mpo_check_pipe_relabel_t)(struct ucred *cred,
+typedef int (*mpo_pipe_check_relabel_t)(struct ucred *cred,
struct pipepair *pp, struct label *pplabel,
struct label *newlabel);
-typedef int (*mpo_check_pipe_stat_t)(struct ucred *cred,
+typedef int (*mpo_pipe_check_stat_t)(struct ucred *cred,
struct pipepair *pp, struct label *pplabel);
-typedef int (*mpo_check_pipe_write_t)(struct ucred *cred,
+typedef int (*mpo_pipe_check_write_t)(struct ucred *cred,
struct pipepair *pp, struct label *pplabel);
-typedef int (*mpo_check_posix_sem_destroy_t)(struct ucred *cred,
+typedef int (*mpo_posixsem_check_destroy_t)(struct ucred *cred,
struct ksem *ks, struct label *kslabel);
-typedef int (*mpo_check_posix_sem_getvalue_t)(struct ucred *cred,
+typedef int (*mpo_posixsem_check_getvalue_t)(struct ucred *cred,
struct ksem *ks, struct label *kslabel);
-typedef int (*mpo_check_posix_sem_open_t)(struct ucred *cred,
+typedef int (*mpo_posixsem_check_open_t)(struct ucred *cred,
struct ksem *ks, struct label *kslabel);
-typedef int (*mpo_check_posix_sem_post_t)(struct ucred *cred,
+typedef int (*mpo_posixsem_check_post_t)(struct ucred *cred,
struct ksem *ks, struct label *kslabel);
-typedef int (*mpo_check_posix_sem_unlink_t)(struct ucred *cred,
+typedef int (*mpo_posixsem_check_unlink_t)(struct ucred *cred,
struct ksem *ks, struct label *kslabel);
-typedef int (*mpo_check_posix_sem_wait_t)(struct ucred *cred,
+typedef int (*mpo_posixsem_check_wait_t)(struct ucred *cred,
struct ksem *ks, struct label *kslabel);
-typedef int (*mpo_check_proc_debug_t)(struct ucred *cred,
+typedef int (*mpo_proc_check_debug_t)(struct ucred *cred,
struct proc *p);
-typedef int (*mpo_check_proc_sched_t)(struct ucred *cred,
+typedef int (*mpo_proc_check_sched_t)(struct ucred *cred,
struct proc *p);
-typedef int (*mpo_check_proc_setaudit_t)(struct ucred *cred,
+typedef int (*mpo_proc_check_setaudit_t)(struct ucred *cred,
struct auditinfo *ai);
-typedef int (*mpo_check_proc_setaudit_addr_t)(struct ucred *cred,
+typedef int (*mpo_proc_check_setaudit_addr_t)(struct ucred *cred,
struct auditinfo_addr *aia);
-typedef int (*mpo_check_proc_setauid_t)(struct ucred *cred, uid_t auid);
-typedef int (*mpo_check_proc_setuid_t)(struct ucred *cred, uid_t uid);
-typedef int (*mpo_check_proc_seteuid_t)(struct ucred *cred, uid_t euid);
-typedef int (*mpo_check_proc_setgid_t)(struct ucred *cred, gid_t gid);
-typedef int (*mpo_check_proc_setegid_t)(struct ucred *cred, gid_t egid);
-typedef int (*mpo_check_proc_setgroups_t)(struct ucred *cred, int ngroups,
+typedef int (*mpo_proc_check_setauid_t)(struct ucred *cred, uid_t auid);
+typedef int (*mpo_proc_check_setuid_t)(struct ucred *cred, uid_t uid);
+typedef int (*mpo_proc_check_seteuid_t)(struct ucred *cred, uid_t euid);
+typedef int (*mpo_proc_check_setgid_t)(struct ucred *cred, gid_t gid);
+typedef int (*mpo_proc_check_setegid_t)(struct ucred *cred, gid_t egid);
+typedef int (*mpo_proc_check_setgroups_t)(struct ucred *cred, int ngroups,
gid_t *gidset);
-typedef int (*mpo_check_proc_setreuid_t)(struct ucred *cred, uid_t ruid,
+typedef int (*mpo_proc_check_setreuid_t)(struct ucred *cred, uid_t ruid,
uid_t euid);
-typedef int (*mpo_check_proc_setregid_t)(struct ucred *cred, gid_t rgid,
+typedef int (*mpo_proc_check_setregid_t)(struct ucred *cred, gid_t rgid,
gid_t egid);
-typedef int (*mpo_check_proc_setresuid_t)(struct ucred *cred, uid_t ruid,
+typedef int (*mpo_proc_check_setresuid_t)(struct ucred *cred, uid_t ruid,
uid_t euid, uid_t suid);
-typedef int (*mpo_check_proc_setresgid_t)(struct ucred *cred, gid_t rgid,
+typedef int (*mpo_proc_check_setresgid_t)(struct ucred *cred, gid_t rgid,
gid_t egid, gid_t sgid);
-typedef int (*mpo_check_proc_signal_t)(struct ucred *cred,
+typedef int (*mpo_proc_check_signal_t)(struct ucred *cred,
struct proc *proc, int signum);
-typedef int (*mpo_check_proc_wait_t)(struct ucred *cred,
+typedef int (*mpo_proc_check_wait_t)(struct ucred *cred,
struct proc *proc);
-typedef int (*mpo_check_socket_accept_t)(struct ucred *cred,
+typedef int (*mpo_socket_check_accept_t)(struct ucred *cred,
struct socket *so, struct label *solabel);
-typedef int (*mpo_check_socket_bind_t)(struct ucred *cred,
+typedef int (*mpo_socket_check_bind_t)(struct ucred *cred,
struct socket *so, struct label *solabel,
struct sockaddr *sa);
-typedef int (*mpo_check_socket_connect_t)(struct ucred *cred,
+typedef int (*mpo_socket_check_connect_t)(struct ucred *cred,
struct socket *so, struct label *solabel,
struct sockaddr *sa);
-typedef int (*mpo_check_socket_create_t)(struct ucred *cred, int domain,
+typedef int (*mpo_socket_check_create_t)(struct ucred *cred, int domain,
int type, int protocol);
-typedef int (*mpo_check_socket_deliver_t)(struct socket *so,
+typedef int (*mpo_socket_check_deliver_t)(struct socket *so,
struct label *solabel, struct mbuf *m,
struct label *mlabel);
-typedef int (*mpo_check_socket_listen_t)(struct ucred *cred,
+typedef int (*mpo_socket_check_listen_t)(struct ucred *cred,
struct socket *so, struct label *solabel);
-typedef int (*mpo_check_socket_poll_t)(struct ucred *cred,
+typedef int (*mpo_socket_check_poll_t)(struct ucred *cred,
struct socket *so, struct label *solabel);
-typedef int (*mpo_check_socket_receive_t)(struct ucred *cred,
+typedef int (*mpo_socket_check_receive_t)(struct ucred *cred,
struct socket *so, struct label *solabel);
-typedef int (*mpo_check_socket_relabel_t)(struct ucred *cred,
+typedef int (*mpo_socket_check_relabel_t)(struct ucred *cred,
struct socket *so, struct label *solabel,
struct label *newlabel);
-typedef int (*mpo_check_socket_send_t)(struct ucred *cred,
+typedef int (*mpo_socket_check_send_t)(struct ucred *cred,
struct socket *so, struct label *solabel);
-typedef int (*mpo_check_socket_stat_t)(struct ucred *cred,
+typedef int (*mpo_socket_check_stat_t)(struct ucred *cred,
struct socket *so, struct label *solabel);
-typedef int (*mpo_check_socket_visible_t)(struct ucred *cred,
+typedef int (*mpo_socket_check_visible_t)(struct ucred *cred,
struct socket *so, struct label *solabel);
-typedef int (*mpo_check_system_acct_t)(struct ucred *cred,
+typedef int (*mpo_system_check_acct_t)(struct ucred *cred,
struct vnode *vp, struct label *vplabel);
-typedef int (*mpo_check_system_audit_t)(struct ucred *cred, void *record,
+typedef int (*mpo_system_check_audit_t)(struct ucred *cred, void *record,
int length);
-typedef int (*mpo_check_system_auditctl_t)(struct ucred *cred,
+typedef int (*mpo_system_check_auditctl_t)(struct ucred *cred,
struct vnode *vp, struct label *vplabel);
-typedef int (*mpo_check_system_auditon_t)(struct ucred *cred, int cmd);
-typedef int (*mpo_check_system_reboot_t)(struct ucred *cred, int howto);
-typedef int (*mpo_check_system_swapon_t)(struct ucred *cred,
+typedef int (*mpo_system_check_auditon_t)(struct ucred *cred, int cmd);
+typedef int (*mpo_system_check_reboot_t)(struct ucred *cred, int howto);
+typedef int (*mpo_system_check_swapon_t)(struct ucred *cred,
struct vnode *vp, struct label *vplabel);
-typedef int (*mpo_check_system_swapoff_t)(struct ucred *cred,
+typedef int (*mpo_system_check_swapoff_t)(struct ucred *cred,
struct vnode *vp, struct label *vplabel);
-typedef int (*mpo_check_system_sysctl_t)(struct ucred *cred,
+typedef int (*mpo_system_check_sysctl_t)(struct ucred *cred,
struct sysctl_oid *oidp, void *arg1, int arg2,
struct sysctl_req *req);
-typedef int (*mpo_check_vnode_access_t)(struct ucred *cred,
+typedef int (*mpo_vnode_check_access_t)(struct ucred *cred,
struct vnode *vp, struct label *vplabel, int acc_mode);
-typedef int (*mpo_check_vnode_chdir_t)(struct ucred *cred,
+typedef int (*mpo_vnode_check_chdir_t)(struct ucred *cred,
struct vnode *dvp, struct label *dvplabel);
-typedef int (*mpo_check_vnode_chroot_t)(struct ucred *cred,
+typedef int (*mpo_vnode_check_chroot_t)(struct ucred *cred,
struct vnode *dvp, struct label *dvplabel);
-typedef int (*mpo_check_vnode_create_t)(struct ucred *cred,
+typedef int (*mpo_vnode_check_create_t)(struct ucred *cred,
struct vnode *dvp, struct label *dvplabel,
struct componentname *cnp, struct vattr *vap);
-typedef int (*mpo_check_vnode_deleteacl_t)(struct ucred *cred,
+typedef int (*mpo_vnode_check_deleteacl_t)(struct ucred *cred,
struct vnode *vp, struct label *vplabel,
acl_type_t type);
-typedef int (*mpo_check_vnode_deleteextattr_t)(struct ucred *cred,
+typedef int (*mpo_vnode_check_deleteextattr_t)(struct ucred *cred,
struct vnode *vp, struct label *vplabel,
int attrnamespace, const char *name);
-typedef int (*mpo_check_vnode_exec_t)(struct ucred *cred,
+typedef int (*mpo_vnode_check_exec_t)(struct ucred *cred,
struct vnode *vp, struct label *vplabel,
struct image_params *imgp, struct label *execlabel);
-typedef int (*mpo_check_vnode_getacl_t)(struct ucred *cred,
+typedef int (*mpo_vnode_check_getacl_t)(struct ucred *cred,
struct vnode *vp, struct label *vplabel,
acl_type_t type);
-typedef int (*mpo_check_vnode_getextattr_t)(struct ucred *cred,
+typedef int (*mpo_vnode_check_getextattr_t)(struct ucred *cred,
struct vnode *vp, struct label *vplabel,
int attrnamespace, const char *name, struct uio *uio);
-typedef int (*mpo_check_vnode_link_t)(struct ucred *cred,
+typedef int (*mpo_vnode_check_link_t)(struct ucred *cred,
struct vnode *dvp, struct label *dvplabel,
struct vnode *vp, struct label *vplabel,
struct componentname *cnp);
-typedef int (*mpo_check_vnode_listextattr_t)(struct ucred *cred,
+typedef int (*mpo_vnode_check_listextattr_t)(struct ucred *cred,
struct vnode *vp, struct label *vplabel,
int attrnamespace);
-typedef int (*mpo_check_vnode_lookup_t)(struct ucred *cred,
+typedef int (*mpo_vnode_check_lookup_t)(struct ucred *cred,
struct vnode *dvp, struct label *dvplabel,
struct componentname *cnp);
-typedef int (*mpo_check_vnode_mmap_t)(struct ucred *cred,
+typedef int (*mpo_vnode_check_mmap_t)(struct ucred *cred,
struct vnode *vp, struct label *label, int prot,
int flags);
-typedef void (*mpo_check_vnode_mmap_downgrade_t)(struct ucred *cred,
+typedef void (*mpo_vnode_check_mmap_downgrade_t)(struct ucred *cred,
struct vnode *vp, struct label *vplabel, int *prot);
-typedef int (*mpo_check_vnode_mprotect_t)(struct ucred *cred,
+typedef int (*mpo_vnode_check_mprotect_t)(struct ucred *cred,
struct vnode *vp, struct label *vplabel, int prot);
-typedef int (*mpo_check_vnode_open_t)(struct ucred *cred,
+typedef int (*mpo_vnode_check_open_t)(struct ucred *cred,
struct vnode *vp, struct label *vplabel, int acc_mode);
-typedef int (*mpo_check_vnode_poll_t)(struct ucred *active_cred,
+typedef int (*mpo_vnode_check_poll_t)(struct ucred *active_cred,
struct ucred *file_cred, struct vnode *vp,
struct label *vplabel);
-typedef int (*mpo_check_vnode_read_t)(struct ucred *active_cred,
+typedef int (*mpo_vnode_check_read_t)(struct ucred *active_cred,
struct ucred *file_cred, struct vnode *vp,
struct label *vplabel);
-typedef int (*mpo_check_vnode_readdir_t)(struct ucred *cred,
+typedef int (*mpo_vnode_check_readdir_t)(struct ucred *cred,
struct vnode *dvp, struct label *dvplabel);
-typedef int (*mpo_check_vnode_readlink_t)(struct ucred *cred,
+typedef int (*mpo_vnode_check_readlink_t)(struct ucred *cred,
struct vnode *vp, struct label *vplabel);
-typedef int (*mpo_check_vnode_relabel_t)(struct ucred *cred,
+typedef int (*mpo_vnode_check_relabel_t)(struct ucred *cred,
struct vnode *vp, struct label *vplabel,
struct label *newlabel);
-typedef int (*mpo_check_vnode_rename_from_t)(struct ucred *cred,
+typedef int (*mpo_vnode_check_rename_from_t)(struct ucred *cred,
struct vnode *dvp, struct label *dvplabel,
struct vnode *vp, struct label *vplabel,
struct componentname *cnp);
-typedef int (*mpo_check_vnode_rename_to_t)(struct ucred *cred,
+typedef int (*mpo_vnode_check_rename_to_t)(struct ucred *cred,
struct vnode *dvp, struct label *dvplabel,
struct vnode *vp, struct label *vplabel, int samedir,
struct componentname *cnp);
-typedef int (*mpo_check_vnode_revoke_t)(struct ucred *cred,
+typedef int (*mpo_vnode_check_revoke_t)(struct ucred *cred,
struct vnode *vp, struct label *vplabel);
-typedef int (*mpo_check_vnode_setacl_t)(struct ucred *cred,
+typedef int (*mpo_vnode_check_setacl_t)(struct ucred *cred,
struct vnode *vp, struct label *vplabel, acl_type_t type,
struct acl *acl);
-typedef int (*mpo_check_vnode_setextattr_t)(struct ucred *cred,
+typedef int (*mpo_vnode_check_setextattr_t)(struct ucred *cred,
struct vnode *vp, struct label *vplabel,
int attrnamespace, const char *name, struct uio *uio);
-typedef int (*mpo_check_vnode_setflags_t)(struct ucred *cred,
+typedef int (*mpo_vnode_check_setflags_t)(struct ucred *cred,
struct vnode *vp, struct label *vplabel, u_long flags);
-typedef int (*mpo_check_vnode_setmode_t)(struct ucred *cred,
+typedef int (*mpo_vnode_check_setmode_t)(struct ucred *cred,
struct vnode *vp, struct label *vplabel, mode_t mode);
-typedef int (*mpo_check_vnode_setowner_t)(struct ucred *cred,
+typedef int (*mpo_vnode_check_setowner_t)(struct ucred *cred,
struct vnode *vp, struct label *vplabel, uid_t uid,
gid_t gid);
-typedef int (*mpo_check_vnode_setutimes_t)(struct ucred *cred,
+typedef int (*mpo_vnode_check_setutimes_t)(struct ucred *cred,
struct vnode *vp, struct label *vplabel,
struct timespec atime, struct timespec mtime);
-typedef int (*mpo_check_vnode_stat_t)(struct ucred *active_cred,
+typedef int (*mpo_vnode_check_stat_t)(struct ucred *active_cred,
struct ucred *file_cred, struct vnode *vp,
struct label *vplabel);
-typedef int (*mpo_check_vnode_unlink_t)(struct ucred *cred,
+typedef int (*mpo_vnode_check_unlink_t)(struct ucred *cred,
struct vnode *dvp, struct label *dvplabel,
struct vnode *vp, struct label *vplabel,
struct componentname *cnp);
-typedef int (*mpo_check_vnode_write_t)(struct ucred *active_cred,
+typedef int (*mpo_vnode_check_write_t)(struct ucred *active_cred,
struct ucred *file_cred, struct vnode *vp,
struct label *vplabel);
typedef void (*mpo_associate_nfsd_label_t)(struct ucred *cred);
@@ -631,151 +631,151 @@ struct mac_policy_ops {
* initialized storage, and externalize/internalize from/to
* initialized storage.
*/
- mpo_init_bpfdesc_label_t mpo_init_bpfdesc_label;
- mpo_init_cred_label_t mpo_init_cred_label;
- mpo_init_devfs_label_t mpo_init_devfs_label;
+ mpo_bpfdesc_init_label_t mpo_bpfdesc_init_label;
+ mpo_cred_init_label_t mpo_cred_init_label;
+ mpo_devfs_init_label_t mpo_devfs_init_label;
mpo_placeholder_t _mpo_placeholder0;
- mpo_init_ifnet_label_t mpo_init_ifnet_label;
- mpo_init_inpcb_label_t mpo_init_inpcb_label;
- mpo_init_sysv_msgmsg_label_t mpo_init_sysv_msgmsg_label;
- mpo_init_sysv_msgqueue_label_t mpo_init_sysv_msgqueue_label;
- mpo_init_sysv_sem_label_t mpo_init_sysv_sem_label;
- mpo_init_sysv_shm_label_t mpo_init_sysv_shm_label;
- mpo_init_ipq_label_t mpo_init_ipq_label;
- mpo_init_mbuf_label_t mpo_init_mbuf_label;
- mpo_init_mount_label_t mpo_init_mount_label;
- mpo_init_socket_label_t mpo_init_socket_label;
- mpo_init_socket_peer_label_t mpo_init_socket_peer_label;
- mpo_init_pipe_label_t mpo_init_pipe_label;
- mpo_init_posix_sem_label_t mpo_init_posix_sem_label;
- mpo_init_proc_label_t mpo_init_proc_label;
- mpo_init_vnode_label_t mpo_init_vnode_label;
- mpo_destroy_bpfdesc_label_t mpo_destroy_bpfdesc_label;
- mpo_destroy_cred_label_t mpo_destroy_cred_label;
- mpo_destroy_devfs_label_t mpo_destroy_devfs_label;
+ mpo_ifnet_init_label_t mpo_ifnet_init_label;
+ mpo_inpcb_init_label_t mpo_inpcb_init_label;
+ mpo_sysvmsg_init_label_t mpo_sysvmsg_init_label;
+ mpo_sysvmsq_init_label_t mpo_sysvmsq_init_label;
+ mpo_sysvsem_init_label_t mpo_sysvsem_init_label;
+ mpo_sysvshm_init_label_t mpo_sysvshm_init_label;
+ mpo_ipq_init_label_t mpo_ipq_init_label;
+ mpo_mbuf_init_label_t mpo_mbuf_init_label;
+ mpo_mount_init_label_t mpo_mount_init_label;
+ mpo_socket_init_label_t mpo_socket_init_label;
+ mpo_socketpeer_init_label_t mpo_socketpeer_init_label;
+ mpo_pipe_init_label_t mpo_pipe_init_label;
+ mpo_posixsem_init_label_t mpo_posixsem_init_label;
+ mpo_proc_init_label_t mpo_proc_init_label;
+ mpo_vnode_init_label_t mpo_vnode_init_label;
+ mpo_bpfdesc_destroy_label_t mpo_bpfdesc_destroy_label;
+ mpo_cred_destroy_label_t mpo_cred_destroy_label;
+ mpo_devfs_destroy_label_t mpo_devfs_destroy_label;
mpo_placeholder_t _mpo_placeholder1;
- mpo_destroy_ifnet_label_t mpo_destroy_ifnet_label;
- mpo_destroy_inpcb_label_t mpo_destroy_inpcb_label;
- mpo_destroy_sysv_msgmsg_label_t mpo_destroy_sysv_msgmsg_label;
- mpo_destroy_sysv_msgqueue_label_t mpo_destroy_sysv_msgqueue_label;
- mpo_destroy_sysv_sem_label_t mpo_destroy_sysv_sem_label;
- mpo_destroy_sysv_shm_label_t mpo_destroy_sysv_shm_label;
- mpo_destroy_ipq_label_t mpo_destroy_ipq_label;
- mpo_destroy_mbuf_label_t mpo_destroy_mbuf_label;
- mpo_destroy_mount_label_t mpo_destroy_mount_label;
- mpo_destroy_socket_label_t mpo_destroy_socket_label;
- mpo_destroy_socket_peer_label_t mpo_destroy_socket_peer_label;
- mpo_destroy_pipe_label_t mpo_destroy_pipe_label;
- mpo_destroy_posix_sem_label_t mpo_destroy_posix_sem_label;
- mpo_destroy_proc_label_t mpo_destroy_proc_label;
- mpo_destroy_vnode_label_t mpo_destroy_vnode_label;
- mpo_cleanup_sysv_msgmsg_t mpo_cleanup_sysv_msgmsg;
- mpo_cleanup_sysv_msgqueue_t mpo_cleanup_sysv_msgqueue;
- mpo_cleanup_sysv_sem_t mpo_cleanup_sysv_sem;
- mpo_cleanup_sysv_shm_t mpo_cleanup_sysv_shm;
- mpo_copy_cred_label_t mpo_copy_cred_label;
- mpo_copy_ifnet_label_t mpo_copy_ifnet_label;
- mpo_copy_mbuf_label_t mpo_copy_mbuf_label;
+ mpo_ifnet_destroy_label_t mpo_ifnet_destroy_label;
+ mpo_inpcb_destroy_label_t mpo_inpcb_destroy_label;
+ mpo_sysvmsg_destroy_label_t mpo_sysvmsg_destroy_label;
+ mpo_sysvmsq_destroy_label_t mpo_sysvmsq_destroy_label;
+ mpo_sysvsem_destroy_label_t mpo_sysvsem_destroy_label;
+ mpo_sysvshm_destroy_label_t mpo_sysvshm_destroy_label;
+ mpo_ipq_destroy_label_t mpo_ipq_destroy_label;
+ mpo_mbuf_destroy_label_t mpo_mbuf_destroy_label;
+ mpo_mount_destroy_label_t mpo_mount_destroy_label;
+ mpo_socket_destroy_label_t mpo_socket_destroy_label;
+ mpo_socketpeer_destroy_label_t mpo_socketpeer_destroy_label;
+ mpo_pipe_destroy_label_t mpo_pipe_destroy_label;
+ mpo_posixsem_destroy_label_t mpo_posixsem_destroy_label;
+ mpo_proc_destroy_label_t mpo_proc_destroy_label;
+ mpo_vnode_destroy_label_t mpo_vnode_destroy_label;
+ mpo_sysvmsg_cleanup_t mpo_sysvmsg_cleanup;
+ mpo_sysvmsq_cleanup_t mpo_sysvmsq_cleanup;
+ mpo_sysvsem_cleanup_t mpo_sysvsem_cleanup;
+ mpo_sysvshm_cleanup_t mpo_sysvshm_cleanup;
+ mpo_cred_copy_label_t mpo_cred_copy_label;
+ mpo_ifnet_copy_label_t mpo_ifnet_copy_label;
+ mpo_mbuf_copy_label_t mpo_mbuf_copy_label;
mpo_placeholder_t _mpo_placeholder2;
- mpo_copy_pipe_label_t mpo_copy_pipe_label;
- mpo_copy_socket_label_t mpo_copy_socket_label;
- mpo_copy_vnode_label_t mpo_copy_vnode_label;
- mpo_externalize_cred_label_t mpo_externalize_cred_label;
- mpo_externalize_ifnet_label_t mpo_externalize_ifnet_label;
+ mpo_pipe_copy_label_t mpo_pipe_copy_label;
+ mpo_socket_copy_label_t mpo_socket_copy_label;
+ mpo_vnode_copy_label_t mpo_vnode_copy_label;
+ mpo_cred_externalize_label_t mpo_cred_externalize_label;
+ mpo_ifnet_externalize_label_t mpo_ifnet_externalize_label;
mpo_placeholder_t _mpo_placeholder3;
- mpo_externalize_pipe_label_t mpo_externalize_pipe_label;
- mpo_externalize_socket_label_t mpo_externalize_socket_label;
- mpo_externalize_socket_peer_label_t mpo_externalize_socket_peer_label;
- mpo_externalize_vnode_label_t mpo_externalize_vnode_label;
- mpo_internalize_cred_label_t mpo_internalize_cred_label;
- mpo_internalize_ifnet_label_t mpo_internalize_ifnet_label;
+ mpo_pipe_externalize_label_t mpo_pipe_externalize_label;
+ mpo_socket_externalize_label_t mpo_socket_externalize_label;
+ mpo_socketpeer_externalize_label_t mpo_socketpeer_externalize_label;
+ mpo_vnode_externalize_label_t mpo_vnode_externalize_label;
+ mpo_cred_internalize_label_t mpo_cred_internalize_label;
+ mpo_ifnet_internalize_label_t mpo_ifnet_internalize_label;
mpo_placeholder_t _mpo_placeholder4;
- mpo_internalize_pipe_label_t mpo_internalize_pipe_label;
- mpo_internalize_socket_label_t mpo_internalize_socket_label;
- mpo_internalize_vnode_label_t mpo_internalize_vnode_label;
+ mpo_pipe_internalize_label_t mpo_pipe_internalize_label;
+ mpo_socket_internalize_label_t mpo_socket_internalize_label;
+ mpo_vnode_internalize_label_t mpo_vnode_internalize_label;
/*
* Labeling event operations: file system objects, and things that
* look a lot like file system objects.
*/
- mpo_associate_vnode_devfs_t mpo_associate_vnode_devfs;
- mpo_associate_vnode_extattr_t mpo_associate_vnode_extattr;
- mpo_associate_vnode_singlelabel_t mpo_associate_vnode_singlelabel;
- mpo_create_devfs_device_t mpo_create_devfs_device;
- mpo_create_devfs_directory_t mpo_create_devfs_directory;
- mpo_create_devfs_symlink_t mpo_create_devfs_symlink;
+ mpo_devfs_vnode_associate_t mpo_devfs_vnode_associate;
+ mpo_vnode_associate_extattr_t mpo_vnode_associate_extattr;
+ mpo_vnode_associate_singlelabel_t mpo_vnode_associate_singlelabel;
+ mpo_devfs_create_device_t mpo_devfs_create_device;
+ mpo_devfs_create_directory_t mpo_devfs_create_directory;
+ mpo_devfs_create_symlink_t mpo_devfs_create_symlink;
mpo_placeholder_t _mpo_placeholder5;
- mpo_create_vnode_extattr_t mpo_create_vnode_extattr;
- mpo_create_mount_t mpo_create_mount;
- mpo_relabel_vnode_t mpo_relabel_vnode;
- mpo_setlabel_vnode_extattr_t mpo_setlabel_vnode_extattr;
- mpo_update_devfs_t mpo_update_devfs;
+ mpo_vnode_create_extattr_t mpo_vnode_create_extattr;
+ mpo_mount_create_t mpo_mount_create;
+ mpo_vnode_relabel_t mpo_vnode_relabel;
+ mpo_vnode_setlabel_extattr_t mpo_vnode_setlabel_extattr;
+ mpo_devfs_update_t mpo_devfs_update;
/*
* Labeling event operations: IPC objects.
*/
- mpo_create_mbuf_from_socket_t mpo_create_mbuf_from_socket;
- mpo_create_socket_t mpo_create_socket;
- mpo_create_socket_from_socket_t mpo_create_socket_from_socket;
- mpo_relabel_socket_t mpo_relabel_socket;
- mpo_relabel_pipe_t mpo_relabel_pipe;
- mpo_set_socket_peer_from_mbuf_t mpo_set_socket_peer_from_mbuf;
- mpo_set_socket_peer_from_socket_t mpo_set_socket_peer_from_socket;
- mpo_create_pipe_t mpo_create_pipe;
+ mpo_socket_create_mbuf_t mpo_socket_create_mbuf;
+ mpo_socket_create_t mpo_socket_create;
+ mpo_socket_newconn_t mpo_socket_newconn;
+ mpo_socket_relabel_t mpo_socket_relabel;
+ mpo_pipe_relabel_t mpo_pipe_relabel;
+ mpo_socketpeer_set_from_mbuf_t mpo_socketpeer_set_from_mbuf;
+ mpo_socketpeer_set_from_socket_t mpo_socketpeer_set_from_socket;
+ mpo_pipe_create_t mpo_pipe_create;
/*
* Labeling event operations: System V IPC primitives.
*/
- mpo_create_sysv_msgmsg_t mpo_create_sysv_msgmsg;
- mpo_create_sysv_msgqueue_t mpo_create_sysv_msgqueue;
- mpo_create_sysv_sem_t mpo_create_sysv_sem;
- mpo_create_sysv_shm_t mpo_create_sysv_shm;
+ mpo_sysvmsg_create_t mpo_sysvmsg_create;
+ mpo_sysvmsq_create_t mpo_sysvmsq_create;
+ mpo_sysvsem_create_t mpo_sysvsem_create;
+ mpo_sysvshm_create_t mpo_sysvshm_create;
/*
* Labeling event operations: POSIX (global/inter-process) semaphores.
*/
- mpo_create_posix_sem_t mpo_create_posix_sem;
+ mpo_posixsem_create_t mpo_posixsem_create;
/*
* Labeling event operations: network objects.
*/
- mpo_create_bpfdesc_t mpo_create_bpfdesc;
- mpo_create_ifnet_t mpo_create_ifnet;
- mpo_create_inpcb_from_socket_t mpo_create_inpcb_from_socket;
- mpo_create_ipq_t mpo_create_ipq;
- mpo_create_datagram_from_ipq mpo_create_datagram_from_ipq;
- mpo_create_fragment_t mpo_create_fragment;
- mpo_create_mbuf_from_inpcb_t mpo_create_mbuf_from_inpcb;
+ mpo_bpfdesc_create_t mpo_bpfdesc_create;
+ mpo_ifnet_create_t mpo_ifnet_create;
+ mpo_inpcb_create_t mpo_inpcb_create;
+ mpo_ipq_create_t mpo_ipq_create;
+ mpo_ipq_reassemble mpo_ipq_reassemble;
+ mpo_netinet_fragment_t mpo_netinet_fragment;
+ mpo_inpcb_create_mbuf_t mpo_inpcb_create_mbuf;
mpo_create_mbuf_linklayer_t mpo_create_mbuf_linklayer;
- mpo_create_mbuf_from_bpfdesc_t mpo_create_mbuf_from_bpfdesc;
- mpo_create_mbuf_from_ifnet_t mpo_create_mbuf_from_ifnet;
- mpo_create_mbuf_multicast_encap_t mpo_create_mbuf_multicast_encap;
- mpo_create_mbuf_netlayer_t mpo_create_mbuf_netlayer;
- mpo_fragment_match_t mpo_fragment_match;
- mpo_reflect_mbuf_icmp_t mpo_reflect_mbuf_icmp;
- mpo_reflect_mbuf_tcp_t mpo_reflect_mbuf_tcp;
- mpo_relabel_ifnet_t mpo_relabel_ifnet;
- mpo_update_ipq_t mpo_update_ipq;
+ mpo_bpfdesc_create_mbuf_t mpo_bpfdesc_create_mbuf;
+ mpo_ifnet_create_mbuf_t mpo_ifnet_create_mbuf;
+ mpo_mbuf_create_multicast_encap_t mpo_mbuf_create_multicast_encap;
+ mpo_mbuf_create_netlayer_t mpo_mbuf_create_netlayer;
+ mpo_ipq_match_t mpo_ipq_match;
+ mpo_netinet_icmp_reply_t mpo_netinet_icmp_reply;
+ mpo_netinet_tcp_reply_t mpo_netinet_tcp_reply;
+ mpo_ifnet_relabel_t mpo_ifnet_relabel;
+ mpo_ipq_update_t mpo_ipq_update;
mpo_inpcb_sosetlabel_t mpo_inpcb_sosetlabel;
/*
* Labeling event operations: processes.
*/
- mpo_execve_transition_t mpo_execve_transition;
- mpo_execve_will_transition_t mpo_execve_will_transition;
- mpo_create_proc0_t mpo_create_proc0;
- mpo_create_proc1_t mpo_create_proc1;
- mpo_relabel_cred_t mpo_relabel_cred;
+ mpo_vnode_execve_transition_t mpo_vnode_execve_transition;
+ mpo_vnode_execve_will_transition_t mpo_vnode_execve_will_transition;
+ mpo_proc_create_swapper_t mpo_proc_create_swapper;
+ mpo_proc_create_init_t mpo_proc_create_init;
+ mpo_cred_relabel_t mpo_cred_relabel;
mpo_placeholder_t _mpo_placeholder6;
mpo_thread_userret_t mpo_thread_userret;
/*
* Access control checks.
*/
- mpo_check_bpfdesc_receive_t mpo_check_bpfdesc_receive;
+ mpo_bpfdesc_check_receive_t mpo_bpfdesc_check_receive;
mpo_placeholder_t _mpo_placeholder7;
- mpo_check_cred_relabel_t mpo_check_cred_relabel;
- mpo_check_cred_visible_t mpo_check_cred_visible;
+ mpo_cred_check_relabel_t mpo_cred_check_relabel;
+ mpo_cred_check_visible_t mpo_cred_check_visible;
mpo_placeholder_t _mpo_placeholder8;
mpo_placeholder_t _mpo_placeholder9;
mpo_placeholder_t _mpo_placeholder10;
@@ -787,119 +787,119 @@ struct mac_policy_ops {
mpo_placeholder_t _mpo_placeholder16;
mpo_placeholder_t _mpo_placeholder17;
mpo_placeholder_t _mpo_placeholder18;
- mpo_check_ifnet_relabel_t mpo_check_ifnet_relabel;
- mpo_check_ifnet_transmit_t mpo_check_ifnet_transmit;
- mpo_check_inpcb_deliver_t mpo_check_inpcb_deliver;
- mpo_check_sysv_msgmsq_t mpo_check_sysv_msgmsq;
- mpo_check_sysv_msgrcv_t mpo_check_sysv_msgrcv;
- mpo_check_sysv_msgrmid_t mpo_check_sysv_msgrmid;
- mpo_check_sysv_msqget_t mpo_check_sysv_msqget;
- mpo_check_sysv_msqsnd_t mpo_check_sysv_msqsnd;
- mpo_check_sysv_msqrcv_t mpo_check_sysv_msqrcv;
- mpo_check_sysv_msqctl_t mpo_check_sysv_msqctl;
- mpo_check_sysv_semctl_t mpo_check_sysv_semctl;
- mpo_check_sysv_semget_t mpo_check_sysv_semget;
- mpo_check_sysv_semop_t mpo_check_sysv_semop;
- mpo_check_sysv_shmat_t mpo_check_sysv_shmat;
- mpo_check_sysv_shmctl_t mpo_check_sysv_shmctl;
- mpo_check_sysv_shmdt_t mpo_check_sysv_shmdt;
- mpo_check_sysv_shmget_t mpo_check_sysv_shmget;
- mpo_check_kenv_dump_t mpo_check_kenv_dump;
- mpo_check_kenv_get_t mpo_check_kenv_get;
- mpo_check_kenv_set_t mpo_check_kenv_set;
- mpo_check_kenv_unset_t mpo_check_kenv_unset;
- mpo_check_kld_load_t mpo_check_kld_load;
- mpo_check_kld_stat_t mpo_check_kld_stat;
+ mpo_ifnet_check_relabel_t mpo_ifnet_check_relabel;
+ mpo_ifnet_check_transmit_t mpo_ifnet_check_transmit;
+ mpo_inpcb_check_deliver_t mpo_inpcb_check_deliver;
+ mpo_sysvmsq_check_msgmsq_t mpo_sysvmsq_check_msgmsq;
+ mpo_sysvmsq_check_msgrcv_t mpo_sysvmsq_check_msgrcv;
+ mpo_sysvmsq_check_msgrmid_t mpo_sysvmsq_check_msgrmid;
+ mpo_sysvmsq_check_msqget_t mpo_sysvmsq_check_msqget;
+ mpo_sysvmsq_check_msqsnd_t mpo_sysvmsq_check_msqsnd;
+ mpo_sysvmsq_check_msqrcv_t mpo_sysvmsq_check_msqrcv;
+ mpo_sysvmsq_check_msqctl_t mpo_sysvmsq_check_msqctl;
+ mpo_sysvsem_check_semctl_t mpo_sysvsem_check_semctl;
+ mpo_sysvsem_check_semget_t mpo_sysvsem_check_semget;
+ mpo_sysvsem_check_semop_t mpo_sysvsem_check_semop;
+ mpo_sysvshm_check_shmat_t mpo_sysvshm_check_shmat;
+ mpo_sysvshm_check_shmctl_t mpo_sysvshm_check_shmctl;
+ mpo_sysvshm_check_shmdt_t mpo_sysvshm_check_shmdt;
+ mpo_sysvshm_check_shmget_t mpo_sysvshm_check_shmget;
+ mpo_kenv_check_dump_t mpo_kenv_check_dump;
+ mpo_kenv_check_get_t mpo_kenv_check_get;
+ mpo_kenv_check_set_t mpo_kenv_check_set;
+ mpo_kenv_check_unset_t mpo_kenv_check_unset;
+ mpo_kld_check_load_t mpo_kld_check_load;
+ mpo_kld_check_stat_t mpo_kld_check_stat;
mpo_placeholder_t _mpo_placeholder19;
mpo_placeholder_t _mpo_placeholder20;
- mpo_check_mount_stat_t mpo_check_mount_stat;
+ mpo_mount_check_stat_t mpo_mount_check_stat;
mpo_placeholder_t _mpo_placeholder_21;
- mpo_check_pipe_ioctl_t mpo_check_pipe_ioctl;
- mpo_check_pipe_poll_t mpo_check_pipe_poll;
- mpo_check_pipe_read_t mpo_check_pipe_read;
- mpo_check_pipe_relabel_t mpo_check_pipe_relabel;
- mpo_check_pipe_stat_t mpo_check_pipe_stat;
- mpo_check_pipe_write_t mpo_check_pipe_write;
- mpo_check_posix_sem_destroy_t mpo_check_posix_sem_destroy;
- mpo_check_posix_sem_getvalue_t mpo_check_posix_sem_getvalue;
- mpo_check_posix_sem_open_t mpo_check_posix_sem_open;
- mpo_check_posix_sem_post_t mpo_check_posix_sem_post;
- mpo_check_posix_sem_unlink_t mpo_check_posix_sem_unlink;
- mpo_check_posix_sem_wait_t mpo_check_posix_sem_wait;
- mpo_check_proc_debug_t mpo_check_proc_debug;
- mpo_check_proc_sched_t mpo_check_proc_sched;
- mpo_check_proc_setaudit_t mpo_check_proc_setaudit;
- mpo_check_proc_setaudit_addr_t mpo_check_proc_setaudit_addr;
- mpo_check_proc_setauid_t mpo_check_proc_setauid;
- mpo_check_proc_setuid_t mpo_check_proc_setuid;
- mpo_check_proc_seteuid_t mpo_check_proc_seteuid;
- mpo_check_proc_setgid_t mpo_check_proc_setgid;
- mpo_check_proc_setegid_t mpo_check_proc_setegid;
- mpo_check_proc_setgroups_t mpo_check_proc_setgroups;
- mpo_check_proc_setreuid_t mpo_check_proc_setreuid;
- mpo_check_proc_setregid_t mpo_check_proc_setregid;
- mpo_check_proc_setresuid_t mpo_check_proc_setresuid;
- mpo_check_proc_setresgid_t mpo_check_proc_setresgid;
- mpo_check_proc_signal_t mpo_check_proc_signal;
- mpo_check_proc_wait_t mpo_check_proc_wait;
- mpo_check_socket_accept_t mpo_check_socket_accept;
- mpo_check_socket_bind_t mpo_check_socket_bind;
- mpo_check_socket_connect_t mpo_check_socket_connect;
- mpo_check_socket_create_t mpo_check_socket_create;
- mpo_check_socket_deliver_t mpo_check_socket_deliver;
+ mpo_pipe_check_ioctl_t mpo_pipe_check_ioctl;
+ mpo_pipe_check_poll_t mpo_pipe_check_poll;
+ mpo_pipe_check_read_t mpo_pipe_check_read;
+ mpo_pipe_check_relabel_t mpo_pipe_check_relabel;
+ mpo_pipe_check_stat_t mpo_pipe_check_stat;
+ mpo_pipe_check_write_t mpo_pipe_check_write;
+ mpo_posixsem_check_destroy_t mpo_posixsem_check_destroy;
+ mpo_posixsem_check_getvalue_t mpo_posixsem_check_getvalue;
+ mpo_posixsem_check_open_t mpo_posixsem_check_open;
+ mpo_posixsem_check_post_t mpo_posixsem_check_post;
+ mpo_posixsem_check_unlink_t mpo_posixsem_check_unlink;
+ mpo_posixsem_check_wait_t mpo_posixsem_check_wait;
+ mpo_proc_check_debug_t mpo_proc_check_debug;
+ mpo_proc_check_sched_t mpo_proc_check_sched;
+ mpo_proc_check_setaudit_t mpo_proc_check_setaudit;
+ mpo_proc_check_setaudit_addr_t mpo_proc_check_setaudit_addr;
+ mpo_proc_check_setauid_t mpo_proc_check_setauid;
+ mpo_proc_check_setuid_t mpo_proc_check_setuid;
+ mpo_proc_check_seteuid_t mpo_proc_check_seteuid;
+ mpo_proc_check_setgid_t mpo_proc_check_setgid;
+ mpo_proc_check_setegid_t mpo_proc_check_setegid;
+ mpo_proc_check_setgroups_t mpo_proc_check_setgroups;
+ mpo_proc_check_setreuid_t mpo_proc_check_setreuid;
+ mpo_proc_check_setregid_t mpo_proc_check_setregid;
+ mpo_proc_check_setresuid_t mpo_proc_check_setresuid;
+ mpo_proc_check_setresgid_t mpo_proc_check_setresgid;
+ mpo_proc_check_signal_t mpo_proc_check_signal;
+ mpo_proc_check_wait_t mpo_proc_check_wait;
+ mpo_socket_check_accept_t mpo_socket_check_accept;
+ mpo_socket_check_bind_t mpo_socket_check_bind;
+ mpo_socket_check_connect_t mpo_socket_check_connect;
+ mpo_socket_check_create_t mpo_socket_check_create;
+ mpo_socket_check_deliver_t mpo_socket_check_deliver;
mpo_placeholder_t _mpo_placeholder22;
- mpo_check_socket_listen_t mpo_check_socket_listen;
- mpo_check_socket_poll_t mpo_check_socket_poll;
- mpo_check_socket_receive_t mpo_check_socket_receive;
- mpo_check_socket_relabel_t mpo_check_socket_relabel;
- mpo_check_socket_send_t mpo_check_socket_send;
- mpo_check_socket_stat_t mpo_check_socket_stat;
- mpo_check_socket_visible_t mpo_check_socket_visible;
- mpo_check_system_acct_t mpo_check_system_acct;
- mpo_check_system_audit_t mpo_check_system_audit;
- mpo_check_system_auditctl_t mpo_check_system_auditctl;
- mpo_check_system_auditon_t mpo_check_system_auditon;
- mpo_check_system_reboot_t mpo_check_system_reboot;
- mpo_check_system_swapon_t mpo_check_system_swapon;
- mpo_check_system_swapoff_t mpo_check_system_swapoff;
- mpo_check_system_sysctl_t mpo_check_system_sysctl;
+ mpo_socket_check_listen_t mpo_socket_check_listen;
+ mpo_socket_check_poll_t mpo_socket_check_poll;
+ mpo_socket_check_receive_t mpo_socket_check_receive;
+ mpo_socket_check_relabel_t mpo_socket_check_relabel;
+ mpo_socket_check_send_t mpo_socket_check_send;
+ mpo_socket_check_stat_t mpo_socket_check_stat;
+ mpo_socket_check_visible_t mpo_socket_check_visible;
+ mpo_system_check_acct_t mpo_system_check_acct;
+ mpo_system_check_audit_t mpo_system_check_audit;
+ mpo_system_check_auditctl_t mpo_system_check_auditctl;
+ mpo_system_check_auditon_t mpo_system_check_auditon;
+ mpo_system_check_reboot_t mpo_system_check_reboot;
+ mpo_system_check_swapon_t mpo_system_check_swapon;
+ mpo_system_check_swapoff_t mpo_system_check_swapoff;
+ mpo_system_check_sysctl_t mpo_system_check_sysctl;
mpo_placeholder_t _mpo_placeholder23;
- mpo_check_vnode_access_t mpo_check_vnode_access;
- mpo_check_vnode_chdir_t mpo_check_vnode_chdir;
- mpo_check_vnode_chroot_t mpo_check_vnode_chroot;
- mpo_check_vnode_create_t mpo_check_vnode_create;
- mpo_check_vnode_deleteacl_t mpo_check_vnode_deleteacl;
- mpo_check_vnode_deleteextattr_t mpo_check_vnode_deleteextattr;
- mpo_check_vnode_exec_t mpo_check_vnode_exec;
- mpo_check_vnode_getacl_t mpo_check_vnode_getacl;
- mpo_check_vnode_getextattr_t mpo_check_vnode_getextattr;
+ mpo_vnode_check_access_t mpo_vnode_check_access;
+ mpo_vnode_check_chdir_t mpo_vnode_check_chdir;
+ mpo_vnode_check_chroot_t mpo_vnode_check_chroot;
+ mpo_vnode_check_create_t mpo_vnode_check_create;
+ mpo_vnode_check_deleteacl_t mpo_vnode_check_deleteacl;
+ mpo_vnode_check_deleteextattr_t mpo_vnode_check_deleteextattr;
+ mpo_vnode_check_exec_t mpo_vnode_check_exec;
+ mpo_vnode_check_getacl_t mpo_vnode_check_getacl;
+ mpo_vnode_check_getextattr_t mpo_vnode_check_getextattr;
mpo_placeholder_t _mpo_placeholder24;
- mpo_check_vnode_link_t mpo_check_vnode_link;
- mpo_check_vnode_listextattr_t mpo_check_vnode_listextattr;
- mpo_check_vnode_lookup_t mpo_check_vnode_lookup;
- mpo_check_vnode_mmap_t mpo_check_vnode_mmap;
- mpo_check_vnode_mmap_downgrade_t mpo_check_vnode_mmap_downgrade;
- mpo_check_vnode_mprotect_t mpo_check_vnode_mprotect;
- mpo_check_vnode_open_t mpo_check_vnode_open;
- mpo_check_vnode_poll_t mpo_check_vnode_poll;
- mpo_check_vnode_read_t mpo_check_vnode_read;
- mpo_check_vnode_readdir_t mpo_check_vnode_readdir;
- mpo_check_vnode_readlink_t mpo_check_vnode_readlink;
- mpo_check_vnode_relabel_t mpo_check_vnode_relabel;
- mpo_check_vnode_rename_from_t mpo_check_vnode_rename_from;
- mpo_check_vnode_rename_to_t mpo_check_vnode_rename_to;
- mpo_check_vnode_revoke_t mpo_check_vnode_revoke;
- mpo_check_vnode_setacl_t mpo_check_vnode_setacl;
- mpo_check_vnode_setextattr_t mpo_check_vnode_setextattr;
- mpo_check_vnode_setflags_t mpo_check_vnode_setflags;
- mpo_check_vnode_setmode_t mpo_check_vnode_setmode;
- mpo_check_vnode_setowner_t mpo_check_vnode_setowner;
- mpo_check_vnode_setutimes_t mpo_check_vnode_setutimes;
- mpo_check_vnode_stat_t mpo_check_vnode_stat;
- mpo_check_vnode_unlink_t mpo_check_vnode_unlink;
- mpo_check_vnode_write_t mpo_check_vnode_write;
+ mpo_vnode_check_link_t mpo_vnode_check_link;
+ mpo_vnode_check_listextattr_t mpo_vnode_check_listextattr;
+ mpo_vnode_check_lookup_t mpo_vnode_check_lookup;
+ mpo_vnode_check_mmap_t mpo_vnode_check_mmap;
+ mpo_vnode_check_mmap_downgrade_t mpo_vnode_check_mmap_downgrade;
+ mpo_vnode_check_mprotect_t mpo_vnode_check_mprotect;
+ mpo_vnode_check_open_t mpo_vnode_check_open;
+ mpo_vnode_check_poll_t mpo_vnode_check_poll;
+ mpo_vnode_check_read_t mpo_vnode_check_read;
+ mpo_vnode_check_readdir_t mpo_vnode_check_readdir;
+ mpo_vnode_check_readlink_t mpo_vnode_check_readlink;
+ mpo_vnode_check_relabel_t mpo_vnode_check_relabel;
+ mpo_vnode_check_rename_from_t mpo_vnode_check_rename_from;
+ mpo_vnode_check_rename_to_t mpo_vnode_check_rename_to;
+ mpo_vnode_check_revoke_t mpo_vnode_check_revoke;
+ mpo_vnode_check_setacl_t mpo_vnode_check_setacl;
+ mpo_vnode_check_setextattr_t mpo_vnode_check_setextattr;
+ mpo_vnode_check_setflags_t mpo_vnode_check_setflags;
+ mpo_vnode_check_setmode_t mpo_vnode_check_setmode;
+ mpo_vnode_check_setowner_t mpo_vnode_check_setowner;
+ mpo_vnode_check_setutimes_t mpo_vnode_check_setutimes;
+ mpo_vnode_check_stat_t mpo_vnode_check_stat;
+ mpo_vnode_check_unlink_t mpo_vnode_check_unlink;
+ mpo_vnode_check_write_t mpo_vnode_check_write;
mpo_associate_nfsd_label_t mpo_associate_nfsd_label;
- mpo_create_mbuf_from_firewall_t mpo_create_mbuf_from_firewall;
+ mpo_mbuf_create_from_firewall_t mpo_mbuf_create_from_firewall;
mpo_init_syncache_label_t mpo_init_syncache_label;
mpo_destroy_syncache_label_t mpo_destroy_syncache_label;
mpo_init_syncache_from_inpcb_t mpo_init_syncache_from_inpcb;
diff --git a/sys/security/mac/mac_posix_sem.c b/sys/security/mac/mac_posix_sem.c
index 103eab27c2f9..2ea3c7215f96 100644
--- a/sys/security/mac/mac_posix_sem.c
+++ b/sys/security/mac/mac_posix_sem.c
@@ -1,5 +1,5 @@
/*-
- * Copyright (c) 2003-2005 SPARTA, Inc.
+ * Copyright (c) 2003-2006 SPARTA, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project in part by Network
@@ -7,6 +7,9 @@
* Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"),
* as part of the DARPA CHATS research program.
*
+ * This software was enhanced by SPARTA ISSO under SPAWAR contract
+ * N66001-04-C-6019 ("SEFOS").
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -48,100 +51,100 @@ __FBSDID("$FreeBSD$");
#include <security/mac/mac_policy.h>
static struct label *
-mac_posix_sem_label_alloc(void)
+mac_posixsem_label_alloc(void)
{
struct label *label;
label = mac_labelzone_alloc(M_WAITOK);
- MAC_PERFORM(init_posix_sem_label, label);
+ MAC_PERFORM(posixsem_init_label, label);
return (label);
}
void
-mac_init_posix_sem(struct ksem *ks)
+mac_posixsem_init(struct ksem *ks)
{
- ks->ks_label = mac_posix_sem_label_alloc();
+ ks->ks_label = mac_posixsem_label_alloc();
}
static void
-mac_posix_sem_label_free(struct label *label)
+mac_posixsem_label_free(struct label *label)
{
- MAC_PERFORM(destroy_posix_sem_label, label);
+ MAC_PERFORM(posixsem_destroy_label, label);
}
void
-mac_destroy_posix_sem(struct ksem *ks)
+mac_posixsem_destroy(struct ksem *ks)
{
- mac_posix_sem_label_free(ks->ks_label);
+ mac_posixsem_label_free(ks->ks_label);
ks->ks_label = NULL;
}
void
-mac_create_posix_sem(struct ucred *cred, struct ksem *ks)
+mac_posixsem_create(struct ucred *cred, struct ksem *ks)
{
- MAC_PERFORM(create_posix_sem, cred, ks, ks->ks_label);
+ MAC_PERFORM(posixsem_create, cred, ks, ks->ks_label);
}
int
-mac_check_posix_sem_destroy(struct ucred *cred, struct ksem *ks)
+mac_posixsem_check_destroy(struct ucred *cred, struct ksem *ks)
{
int error;
- MAC_CHECK(check_posix_sem_destroy, cred, ks, ks->ks_label);
+ MAC_CHECK(posixsem_check_destroy, cred, ks, ks->ks_label);
return (error);
}
int
-mac_check_posix_sem_open(struct ucred *cred, struct ksem *ks)
+mac_posixsem_check_open(struct ucred *cred, struct ksem *ks)
{
int error;
- MAC_CHECK(check_posix_sem_open, cred, ks, ks->ks_label);
+ MAC_CHECK(posixsem_check_open, cred, ks, ks->ks_label);
return (error);
}
int
-mac_check_posix_sem_getvalue(struct ucred *cred, struct ksem *ks)
+mac_posixsem_check_getvalue(struct ucred *cred, struct ksem *ks)
{
int error;
- MAC_CHECK(check_posix_sem_getvalue, cred, ks, ks->ks_label);
+ MAC_CHECK(posixsem_check_getvalue, cred, ks, ks->ks_label);
return (error);
}
int
-mac_check_posix_sem_post(struct ucred *cred, struct ksem *ks)
+mac_posixsem_check_post(struct ucred *cred, struct ksem *ks)
{
int error;
- MAC_CHECK(check_posix_sem_post, cred, ks, ks->ks_label);
+ MAC_CHECK(posixsem_check_post, cred, ks, ks->ks_label);
return (error);
}
int
-mac_check_posix_sem_unlink(struct ucred *cred, struct ksem *ks)
+mac_posixsem_check_unlink(struct ucred *cred, struct ksem *ks)
{
int error;
- MAC_CHECK(check_posix_sem_unlink, cred, ks, ks->ks_label);
+ MAC_CHECK(posixsem_check_unlink, cred, ks, ks->ks_label);
return (error);
}
int
-mac_check_posix_sem_wait(struct ucred *cred, struct ksem *ks)
+mac_posixsem_check_wait(struct ucred *cred, struct ksem *ks)
{
int error;
- MAC_CHECK(check_posix_sem_wait, cred, ks, ks->ks_label);
+ MAC_CHECK(posixsem_check_wait, cred, ks, ks->ks_label);
return (error);
}
diff --git a/sys/security/mac/mac_process.c b/sys/security/mac/mac_process.c
index abba4a9b9848..c6c5cd8b5304 100644
--- a/sys/security/mac/mac_process.c
+++ b/sys/security/mac/mac_process.c
@@ -3,6 +3,7 @@
* Copyright (c) 2001 Ilmar S. Habibulin
* Copyright (c) 2001-2003 Networks Associates Technology, Inc.
* Copyright (c) 2005 Samy Al Bahra
+ * Copyright (c) 2006 SPARTA, Inc.
* All rights reserved.
*
* This software was developed by Robert Watson and Ilmar Habibulin for the
@@ -13,6 +14,9 @@
* Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"),
* as part of the DARPA CHATS research program.
*
+ * This software was enhanced by SPARTA ISSO under SPAWAR contract
+ * N66001-04-C-6019 ("SEFOS").
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -85,12 +89,12 @@ mac_cred_label_alloc(void)
struct label *label;
label = mac_labelzone_alloc(M_WAITOK);
- MAC_PERFORM(init_cred_label, label);
+ MAC_PERFORM(cred_init_label, label);
return (label);
}
void
-mac_init_cred(struct ucred *cred)
+mac_cred_init(struct ucred *cred)
{
cred->cr_label = mac_cred_label_alloc();
@@ -102,12 +106,12 @@ mac_proc_label_alloc(void)
struct label *label;
label = mac_labelzone_alloc(M_WAITOK);
- MAC_PERFORM(init_proc_label, label);
+ MAC_PERFORM(proc_init_label, label);
return (label);
}
void
-mac_init_proc(struct proc *p)
+mac_proc_init(struct proc *p)
{
p->p_label = mac_proc_label_alloc();
@@ -117,12 +121,12 @@ void
mac_cred_label_free(struct label *label)
{
- MAC_PERFORM(destroy_cred_label, label);
+ MAC_PERFORM(cred_destroy_label, label);
mac_labelzone_free(label);
}
void
-mac_destroy_cred(struct ucred *cred)
+mac_cred_destroy(struct ucred *cred)
{
mac_cred_label_free(cred->cr_label);
@@ -133,12 +137,12 @@ static void
mac_proc_label_free(struct label *label)
{
- MAC_PERFORM(destroy_proc_label, label);
+ MAC_PERFORM(proc_destroy_label, label);
mac_labelzone_free(label);
}
void
-mac_destroy_proc(struct proc *p)
+mac_proc_destroy(struct proc *p)
{
mac_proc_label_free(p->p_label);
@@ -146,7 +150,7 @@ mac_destroy_proc(struct proc *p)
}
int
-mac_externalize_cred_label(struct label *label, char *elements,
+mac_cred_externalize_label(struct label *label, char *elements,
char *outbuf, size_t outbuflen)
{
int error;
@@ -157,7 +161,7 @@ mac_externalize_cred_label(struct label *label, char *elements,
}
int
-mac_internalize_cred_label(struct label *label, char *string)
+mac_cred_internalize_label(struct label *label, char *string)
{
int error;
@@ -171,10 +175,10 @@ mac_internalize_cred_label(struct label *label, char *string)
* processes and threads are spawned.
*/
void
-mac_create_proc0(struct ucred *cred)
+mac_proc_create_swapper(struct ucred *cred)
{
- MAC_PERFORM(create_proc0, cred);
+ MAC_PERFORM(proc_create_swapper, cred);
}
/*
@@ -182,10 +186,10 @@ mac_create_proc0(struct ucred *cred)
* userland processes and threads are spawned.
*/
void
-mac_create_proc1(struct ucred *cred)
+mac_proc_create_init(struct ucred *cred)
{
- MAC_PERFORM(create_proc1, cred);
+ MAC_PERFORM(proc_create_init, cred);
}
void
@@ -201,10 +205,10 @@ mac_thread_userret(struct thread *td)
* This function allows that processing to take place.
*/
void
-mac_copy_cred(struct ucred *src, struct ucred *dest)
+mac_cred_copy(struct ucred *src, struct ucred *dest)
{
- MAC_PERFORM(copy_cred_label, src->cr_label, dest->cr_label);
+ MAC_PERFORM(cred_copy_label, src->cr_label, dest->cr_label);
}
int
@@ -234,7 +238,7 @@ mac_execve_enter(struct image_params *imgp, struct mac *mac_p)
}
label = mac_cred_label_alloc();
- error = mac_internalize_cred_label(label, buffer);
+ error = mac_cred_internalize_label(label, buffer);
free(buffer, M_MACTEMP);
if (error) {
mac_cred_label_free(label);
@@ -347,7 +351,7 @@ mac_cred_mmapped_drop_perms_recurse(struct thread *td, struct ucred *cred,
vfslocked = VFS_LOCK_GIANT(vp->v_mount);
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
result = vme->max_protection;
- mac_check_vnode_mmap_downgrade(cred, vp, &result);
+ mac_vnode_check_mmap_downgrade(cred, vp, &result);
VOP_UNLOCK(vp, 0, td);
/*
* Find out what maximum protection we may be allowing now
@@ -429,185 +433,185 @@ mac_cred_mmapped_drop_perms_recurse(struct thread *td, struct ucred *cred,
* buffer cache.
*/
void
-mac_relabel_cred(struct ucred *cred, struct label *newlabel)
+mac_cred_relabel(struct ucred *cred, struct label *newlabel)
{
- MAC_PERFORM(relabel_cred, cred, newlabel);
+ MAC_PERFORM(cred_relabel, cred, newlabel);
}
int
-mac_check_cred_relabel(struct ucred *cred, struct label *newlabel)
+mac_cred_check_relabel(struct ucred *cred, struct label *newlabel)
{
int error;
- MAC_CHECK(check_cred_relabel, cred, newlabel);
+ MAC_CHECK(cred_check_relabel, cred, newlabel);
return (error);
}
int
-mac_check_cred_visible(struct ucred *cr1, struct ucred *cr2)
+mac_cred_check_visible(struct ucred *cr1, struct ucred *cr2)
{
int error;
- MAC_CHECK(check_cred_visible, cr1, cr2);
+ MAC_CHECK(cred_check_visible, cr1, cr2);
return (error);
}
int
-mac_check_proc_debug(struct ucred *cred, struct proc *p)
+mac_proc_check_debug(struct ucred *cred, struct proc *p)
{
int error;
PROC_LOCK_ASSERT(p, MA_OWNED);
- MAC_CHECK(check_proc_debug, cred, p);
+ MAC_CHECK(proc_check_debug, cred, p);
return (error);
}
int
-mac_check_proc_sched(struct ucred *cred, struct proc *p)
+mac_proc_check_sched(struct ucred *cred, struct proc *p)
{
int error;
PROC_LOCK_ASSERT(p, MA_OWNED);
- MAC_CHECK(check_proc_sched, cred, p);
+ MAC_CHECK(proc_check_sched, cred, p);
return (error);
}
int
-mac_check_proc_signal(struct ucred *cred, struct proc *p, int signum)
+mac_proc_check_signal(struct ucred *cred, struct proc *p, int signum)
{
int error;
PROC_LOCK_ASSERT(p, MA_OWNED);
- MAC_CHECK(check_proc_signal, cred, p, signum);
+ MAC_CHECK(proc_check_signal, cred, p, signum);
return (error);
}
int
-mac_check_proc_setuid(struct proc *p, struct ucred *cred, uid_t uid)
+mac_proc_check_setuid(struct proc *p, struct ucred *cred, uid_t uid)
{
int error;
PROC_LOCK_ASSERT(p, MA_OWNED);
- MAC_CHECK(check_proc_setuid, cred, uid);
+ MAC_CHECK(proc_check_setuid, cred, uid);
return (error);
}
int
-mac_check_proc_seteuid(struct proc *p, struct ucred *cred, uid_t euid)
+mac_proc_check_seteuid(struct proc *p, struct ucred *cred, uid_t euid)
{
int error;
PROC_LOCK_ASSERT(p, MA_OWNED);
- MAC_CHECK(check_proc_seteuid, cred, euid);
+ MAC_CHECK(proc_check_seteuid, cred, euid);
return (error);
}
int
-mac_check_proc_setgid(struct proc *p, struct ucred *cred, gid_t gid)
+mac_proc_check_setgid(struct proc *p, struct ucred *cred, gid_t gid)
{
int error;
PROC_LOCK_ASSERT(p, MA_OWNED);
- MAC_CHECK(check_proc_setgid, cred, gid);
+ MAC_CHECK(proc_check_setgid, cred, gid);
return (error);
}
int
-mac_check_proc_setegid(struct proc *p, struct ucred *cred, gid_t egid)
+mac_proc_check_setegid(struct proc *p, struct ucred *cred, gid_t egid)
{
int error;
PROC_LOCK_ASSERT(p, MA_OWNED);
- MAC_CHECK(check_proc_setegid, cred, egid);
+ MAC_CHECK(proc_check_setegid, cred, egid);
return (error);
}
int
-mac_check_proc_setgroups(struct proc *p, struct ucred *cred, int ngroups,
+mac_proc_check_setgroups(struct proc *p, struct ucred *cred, int ngroups,
gid_t *gidset)
{
int error;
PROC_LOCK_ASSERT(p, MA_OWNED);
- MAC_CHECK(check_proc_setgroups, cred, ngroups, gidset);
+ MAC_CHECK(proc_check_setgroups, cred, ngroups, gidset);
return (error);
}
int
-mac_check_proc_setreuid(struct proc *p, struct ucred *cred, uid_t ruid,
+mac_proc_check_setreuid(struct proc *p, struct ucred *cred, uid_t ruid,
uid_t euid)
{
int error;
PROC_LOCK_ASSERT(p, MA_OWNED);
- MAC_CHECK(check_proc_setreuid, cred, ruid, euid);
+ MAC_CHECK(proc_check_setreuid, cred, ruid, euid);
return (error);
}
int
-mac_check_proc_setregid(struct proc *proc, struct ucred *cred, gid_t rgid,
+mac_proc_check_setregid(struct proc *proc, struct ucred *cred, gid_t rgid,
gid_t egid)
{
int error;
PROC_LOCK_ASSERT(proc, MA_OWNED);
- MAC_CHECK(check_proc_setregid, cred, rgid, egid);
+ MAC_CHECK(proc_check_setregid, cred, rgid, egid);
return (error);
}
int
-mac_check_proc_setresuid(struct proc *p, struct ucred *cred, uid_t ruid,
+mac_proc_check_setresuid(struct proc *p, struct ucred *cred, uid_t ruid,
uid_t euid, uid_t suid)
{
int error;
PROC_LOCK_ASSERT(p, MA_OWNED);
- MAC_CHECK(check_proc_setresuid, cred, ruid, euid, suid);
+ MAC_CHECK(proc_check_setresuid, cred, ruid, euid, suid);
return (error);
}
int
-mac_check_proc_setresgid(struct proc *p, struct ucred *cred, gid_t rgid,
+mac_proc_check_setresgid(struct proc *p, struct ucred *cred, gid_t rgid,
gid_t egid, gid_t sgid)
{
int error;
PROC_LOCK_ASSERT(p, MA_OWNED);
- MAC_CHECK(check_proc_setresgid, cred, rgid, egid, sgid);
+ MAC_CHECK(proc_check_setresgid, cred, rgid, egid, sgid);
return (error);
}
int
-mac_check_proc_wait(struct ucred *cred, struct proc *p)
+mac_proc_check_wait(struct ucred *cred, struct proc *p)
{
int error;
PROC_LOCK_ASSERT(p, MA_OWNED);
- MAC_CHECK(check_proc_wait, cred, p);
+ MAC_CHECK(proc_check_wait, cred, p);
return (error);
}
diff --git a/sys/security/mac/mac_socket.c b/sys/security/mac/mac_socket.c
index 07722ad602a3..37dfa3f3c05f 100644
--- a/sys/security/mac/mac_socket.c
+++ b/sys/security/mac/mac_socket.c
@@ -2,7 +2,7 @@
* Copyright (c) 1999-2002 Robert N. M. Watson
* Copyright (c) 2001 Ilmar S. Habibulin
* Copyright (c) 2001-2005 Networks Associates Technology, Inc.
- * Copyright (c) 2005 SPARTA, Inc.
+ * Copyright (c) 2005-2006 SPARTA, Inc.
* All rights reserved.
*
* This software was developed by Robert Watson and Ilmar Habibulin for the
@@ -94,9 +94,9 @@ mac_socket_label_alloc(int flag)
if (label == NULL)
return (NULL);
- MAC_CHECK(init_socket_label, label, flag);
+ MAC_CHECK(socket_init_label, label, flag);
if (error) {
- MAC_PERFORM(destroy_socket_label, label);
+ MAC_PERFORM(socket_destroy_label, label);
mac_labelzone_free(label);
return (NULL);
}
@@ -104,7 +104,7 @@ mac_socket_label_alloc(int flag)
}
static struct label *
-mac_socket_peer_label_alloc(int flag)
+mac_socketpeer_label_alloc(int flag)
{
struct label *label;
int error;
@@ -113,9 +113,9 @@ mac_socket_peer_label_alloc(int flag)
if (label == NULL)
return (NULL);
- MAC_CHECK(init_socket_peer_label, label, flag);
+ MAC_CHECK(socketpeer_init_label, label, flag);
if (error) {
- MAC_PERFORM(destroy_socket_peer_label, label);
+ MAC_PERFORM(socketpeer_destroy_label, label);
mac_labelzone_free(label);
return (NULL);
}
@@ -123,13 +123,13 @@ mac_socket_peer_label_alloc(int flag)
}
int
-mac_init_socket(struct socket *so, int flag)
+mac_socket_init(struct socket *so, int flag)
{
so->so_label = mac_socket_label_alloc(flag);
if (so->so_label == NULL)
return (ENOMEM);
- so->so_peerlabel = mac_socket_peer_label_alloc(flag);
+ so->so_peerlabel = mac_socketpeer_label_alloc(flag);
if (so->so_peerlabel == NULL) {
mac_socket_label_free(so->so_label);
so->so_label = NULL;
@@ -142,37 +142,37 @@ void
mac_socket_label_free(struct label *label)
{
- MAC_PERFORM(destroy_socket_label, label);
+ MAC_PERFORM(socket_destroy_label, label);
mac_labelzone_free(label);
}
static void
-mac_socket_peer_label_free(struct label *label)
+mac_socketpeer_label_free(struct label *label)
{
- MAC_PERFORM(destroy_socket_peer_label, label);
+ MAC_PERFORM(socketpeer_destroy_label, label);
mac_labelzone_free(label);
}
void
-mac_destroy_socket(struct socket *so)
+mac_socket_destroy(struct socket *so)
{
mac_socket_label_free(so->so_label);
so->so_label = NULL;
- mac_socket_peer_label_free(so->so_peerlabel);
+ mac_socketpeer_label_free(so->so_peerlabel);
so->so_peerlabel = NULL;
}
void
-mac_copy_socket_label(struct label *src, struct label *dest)
+mac_socket_copy_label(struct label *src, struct label *dest)
{
- MAC_PERFORM(copy_socket_label, src, dest);
+ MAC_PERFORM(socket_copy_label, src, dest);
}
int
-mac_externalize_socket_label(struct label *label, char *elements,
+mac_socket_externalize_label(struct label *label, char *elements,
char *outbuf, size_t outbuflen)
{
int error;
@@ -183,18 +183,18 @@ mac_externalize_socket_label(struct label *label, char *elements,
}
static int
-mac_externalize_socket_peer_label(struct label *label, char *elements,
+mac_socketpeer_externalize_label(struct label *label, char *elements,
char *outbuf, size_t outbuflen)
{
int error;
- MAC_EXTERNALIZE(socket_peer, label, elements, outbuf, outbuflen);
+ MAC_EXTERNALIZE(socketpeer, label, elements, outbuf, outbuflen);
return (error);
}
int
-mac_internalize_socket_label(struct label *label, char *string)
+mac_socket_internalize_label(struct label *label, char *string)
{
int error;
@@ -204,34 +204,34 @@ mac_internalize_socket_label(struct label *label, char *string)
}
void
-mac_create_socket(struct ucred *cred, struct socket *so)
+mac_socket_create(struct ucred *cred, struct socket *so)
{
- MAC_PERFORM(create_socket, cred, so, so->so_label);
+ MAC_PERFORM(socket_create, cred, so, so->so_label);
}
void
-mac_create_socket_from_socket(struct socket *oldso, struct socket *newso)
+mac_socket_newconn(struct socket *oldso, struct socket *newso)
{
SOCK_LOCK_ASSERT(oldso);
- MAC_PERFORM(create_socket_from_socket, oldso, oldso->so_label, newso,
+ MAC_PERFORM(socket_newconn, oldso, oldso->so_label, newso,
newso->so_label);
}
static void
-mac_relabel_socket(struct ucred *cred, struct socket *so,
+mac_socket_relabel(struct ucred *cred, struct socket *so,
struct label *newlabel)
{
SOCK_LOCK_ASSERT(so);
- MAC_PERFORM(relabel_socket, cred, so, so->so_label, newlabel);
+ MAC_PERFORM(socket_relabel, cred, so, so->so_label, newlabel);
}
void
-mac_set_socket_peer_from_mbuf(struct mbuf *m, struct socket *so)
+mac_socketpeer_set_from_mbuf(struct mbuf *m, struct socket *so)
{
struct label *label;
@@ -239,12 +239,12 @@ mac_set_socket_peer_from_mbuf(struct mbuf *m, struct socket *so)
label = mac_mbuf_to_label(m);
- MAC_PERFORM(set_socket_peer_from_mbuf, m, label, so,
+ MAC_PERFORM(socketpeer_set_from_mbuf, m, label, so,
so->so_peerlabel);
}
void
-mac_set_socket_peer_from_socket(struct socket *oldso, struct socket *newso)
+mac_socketpeer_set_from_socket(struct socket *oldso, struct socket *newso)
{
/*
@@ -252,12 +252,12 @@ mac_set_socket_peer_from_socket(struct socket *oldso, struct socket *newso)
* is the original, and one is the new. However, it's called in both
* directions, so we can't assert the lock here currently.
*/
- MAC_PERFORM(set_socket_peer_from_socket, oldso, oldso->so_label,
+ MAC_PERFORM(socketpeer_set_from_socket, oldso, oldso->so_label,
newso, newso->so_peerlabel);
}
void
-mac_create_mbuf_from_socket(struct socket *so, struct mbuf *m)
+mac_socket_create_mbuf(struct socket *so, struct mbuf *m)
{
struct label *label;
@@ -265,59 +265,59 @@ mac_create_mbuf_from_socket(struct socket *so, struct mbuf *m)
label = mac_mbuf_to_label(m);
- MAC_PERFORM(create_mbuf_from_socket, so, so->so_label, m, label);
+ MAC_PERFORM(socket_create_mbuf, so, so->so_label, m, label);
}
int
-mac_check_socket_accept(struct ucred *cred, struct socket *so)
+mac_socket_check_accept(struct ucred *cred, struct socket *so)
{
int error;
SOCK_LOCK_ASSERT(so);
- MAC_CHECK(check_socket_accept, cred, so, so->so_label);
+ MAC_CHECK(socket_check_accept, cred, so, so->so_label);
return (error);
}
int
-mac_check_socket_bind(struct ucred *ucred, struct socket *so,
+mac_socket_check_bind(struct ucred *ucred, struct socket *so,
struct sockaddr *sa)
{
int error;
SOCK_LOCK_ASSERT(so);
- MAC_CHECK(check_socket_bind, ucred, so, so->so_label, sa);
+ MAC_CHECK(socket_check_bind, ucred, so, so->so_label, sa);
return (error);
}
int
-mac_check_socket_connect(struct ucred *cred, struct socket *so,
+mac_socket_check_connect(struct ucred *cred, struct socket *so,
struct sockaddr *sa)
{
int error;
SOCK_LOCK_ASSERT(so);
- MAC_CHECK(check_socket_connect, cred, so, so->so_label, sa);
+ MAC_CHECK(socket_check_connect, cred, so, so->so_label, sa);
return (error);
}
int
-mac_check_socket_create(struct ucred *cred, int domain, int type, int proto)
+mac_socket_check_create(struct ucred *cred, int domain, int type, int proto)
{
int error;
- MAC_CHECK(check_socket_create, cred, domain, type, proto);
+ MAC_CHECK(socket_check_create, cred, domain, type, proto);
return (error);
}
int
-mac_check_socket_deliver(struct socket *so, struct mbuf *m)
+mac_socket_check_deliver(struct socket *so, struct mbuf *m)
{
struct label *label;
int error;
@@ -326,92 +326,92 @@ mac_check_socket_deliver(struct socket *so, struct mbuf *m)
label = mac_mbuf_to_label(m);
- MAC_CHECK(check_socket_deliver, so, so->so_label, m, label);
+ MAC_CHECK(socket_check_deliver, so, so->so_label, m, label);
return (error);
}
int
-mac_check_socket_listen(struct ucred *cred, struct socket *so)
+mac_socket_check_listen(struct ucred *cred, struct socket *so)
{
int error;
SOCK_LOCK_ASSERT(so);
- MAC_CHECK(check_socket_listen, cred, so, so->so_label);
+ MAC_CHECK(socket_check_listen, cred, so, so->so_label);
return (error);
}
int
-mac_check_socket_poll(struct ucred *cred, struct socket *so)
+mac_socket_check_poll(struct ucred *cred, struct socket *so)
{
int error;
SOCK_LOCK_ASSERT(so);
- MAC_CHECK(check_socket_poll, cred, so, so->so_label);
+ MAC_CHECK(socket_check_poll, cred, so, so->so_label);
return (error);
}
int
-mac_check_socket_receive(struct ucred *cred, struct socket *so)
+mac_socket_check_receive(struct ucred *cred, struct socket *so)
{
int error;
SOCK_LOCK_ASSERT(so);
- MAC_CHECK(check_socket_receive, cred, so, so->so_label);
+ MAC_CHECK(socket_check_receive, cred, so, so->so_label);
return (error);
}
static int
-mac_check_socket_relabel(struct ucred *cred, struct socket *so,
+mac_socket_check_relabel(struct ucred *cred, struct socket *so,
struct label *newlabel)
{
int error;
SOCK_LOCK_ASSERT(so);
- MAC_CHECK(check_socket_relabel, cred, so, so->so_label, newlabel);
+ MAC_CHECK(socket_check_relabel, cred, so, so->so_label, newlabel);
return (error);
}
int
-mac_check_socket_send(struct ucred *cred, struct socket *so)
+mac_socket_check_send(struct ucred *cred, struct socket *so)
{
int error;
SOCK_LOCK_ASSERT(so);
- MAC_CHECK(check_socket_send, cred, so, so->so_label);
+ MAC_CHECK(socket_check_send, cred, so, so->so_label);
return (error);
}
int
-mac_check_socket_stat(struct ucred *cred, struct socket *so)
+mac_socket_check_stat(struct ucred *cred, struct socket *so)
{
int error;
SOCK_LOCK_ASSERT(so);
- MAC_CHECK(check_socket_stat, cred, so, so->so_label);
+ MAC_CHECK(socket_check_stat, cred, so, so->so_label);
return (error);
}
int
-mac_check_socket_visible(struct ucred *cred, struct socket *so)
+mac_socket_check_visible(struct ucred *cred, struct socket *so)
{
int error;
SOCK_LOCK_ASSERT(so);
- MAC_CHECK(check_socket_visible, cred, so, so->so_label);
+ MAC_CHECK(socket_check_visible, cred, so, so->so_label);
return (error);
}
@@ -431,13 +431,13 @@ mac_socket_label_set(struct ucred *cred, struct socket *so,
* acquire the socket lock before refreshing, holding both locks.
*/
SOCK_LOCK(so);
- error = mac_check_socket_relabel(cred, so, label);
+ error = mac_socket_check_relabel(cred, so, label);
if (error) {
SOCK_UNLOCK(so);
return (error);
}
- mac_relabel_socket(cred, so, label);
+ mac_socket_relabel(cred, so, label);
SOCK_UNLOCK(so);
/*
@@ -471,7 +471,7 @@ mac_setsockopt_label(struct ucred *cred, struct socket *so, struct mac *mac)
}
intlabel = mac_socket_label_alloc(M_WAITOK);
- error = mac_internalize_socket_label(intlabel, buffer);
+ error = mac_socket_internalize_label(intlabel, buffer);
free(buffer, M_MACTEMP);
if (error)
goto out;
@@ -503,9 +503,9 @@ mac_getsockopt_label(struct ucred *cred, struct socket *so, struct mac *mac)
buffer = malloc(mac->m_buflen, M_MACTEMP, M_WAITOK | M_ZERO);
intlabel = mac_socket_label_alloc(M_WAITOK);
SOCK_LOCK(so);
- mac_copy_socket_label(so->so_label, intlabel);
+ mac_socket_copy_label(so->so_label, intlabel);
SOCK_UNLOCK(so);
- error = mac_externalize_socket_label(intlabel, elements, buffer,
+ error = mac_socket_externalize_label(intlabel, elements, buffer,
mac->m_buflen);
mac_socket_label_free(intlabel);
if (error == 0)
@@ -539,9 +539,9 @@ mac_getsockopt_peerlabel(struct ucred *cred, struct socket *so,
buffer = malloc(mac->m_buflen, M_MACTEMP, M_WAITOK | M_ZERO);
intlabel = mac_socket_label_alloc(M_WAITOK);
SOCK_LOCK(so);
- mac_copy_socket_label(so->so_peerlabel, intlabel);
+ mac_socket_copy_label(so->so_peerlabel, intlabel);
SOCK_UNLOCK(so);
- error = mac_externalize_socket_peer_label(intlabel, elements, buffer,
+ error = mac_socketpeer_externalize_label(intlabel, elements, buffer,
mac->m_buflen);
mac_socket_label_free(intlabel);
if (error == 0)
diff --git a/sys/security/mac/mac_syscalls.c b/sys/security/mac/mac_syscalls.c
index cda98c2e2506..0c41c789ca13 100644
--- a/sys/security/mac/mac_syscalls.c
+++ b/sys/security/mac/mac_syscalls.c
@@ -105,7 +105,7 @@ __mac_get_pid(struct thread *td, struct __mac_get_pid_args *uap)
}
buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK | M_ZERO);
- error = mac_externalize_cred_label(tcred->cr_label, elements,
+ error = mac_cred_externalize_label(tcred->cr_label, elements,
buffer, mac.m_buflen);
if (error == 0)
error = copyout(buffer, mac.m_string, strlen(buffer)+1);
@@ -139,7 +139,7 @@ __mac_get_proc(struct thread *td, struct __mac_get_proc_args *uap)
}
buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK | M_ZERO);
- error = mac_externalize_cred_label(td->td_ucred->cr_label,
+ error = mac_cred_externalize_label(td->td_ucred->cr_label,
elements, buffer, mac.m_buflen);
if (error == 0)
error = copyout(buffer, mac.m_string, strlen(buffer)+1);
@@ -175,7 +175,7 @@ __mac_set_proc(struct thread *td, struct __mac_set_proc_args *uap)
}
intlabel = mac_cred_label_alloc();
- error = mac_internalize_cred_label(intlabel, buffer);
+ error = mac_cred_internalize_label(intlabel, buffer);
free(buffer, M_MACTEMP);
if (error)
goto out;
@@ -186,7 +186,7 @@ __mac_set_proc(struct thread *td, struct __mac_set_proc_args *uap)
PROC_LOCK(p);
oldcred = p->p_ucred;
- error = mac_check_cred_relabel(oldcred, intlabel);
+ error = mac_cred_check_relabel(oldcred, intlabel);
if (error) {
PROC_UNLOCK(p);
crfree(newcred);
@@ -195,7 +195,7 @@ __mac_set_proc(struct thread *td, struct __mac_set_proc_args *uap)
setsugid(p);
crcopy(newcred, oldcred);
- mac_relabel_cred(newcred, intlabel);
+ mac_cred_relabel(newcred, intlabel);
p->p_ucred = newcred;
/*
@@ -256,10 +256,10 @@ __mac_get_fd(struct thread *td, struct __mac_get_fd_args *uap)
intlabel = mac_vnode_label_alloc();
vfslocked = VFS_LOCK_GIANT(vp->v_mount);
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
- mac_copy_vnode_label(vp->v_label, intlabel);
+ mac_vnode_copy_label(vp->v_label, intlabel);
VOP_UNLOCK(vp, 0, td);
VFS_UNLOCK_GIANT(vfslocked);
- error = mac_externalize_vnode_label(intlabel, elements,
+ error = mac_vnode_externalize_label(intlabel, elements,
buffer, mac.m_buflen);
mac_vnode_label_free(intlabel);
break;
@@ -268,9 +268,9 @@ __mac_get_fd(struct thread *td, struct __mac_get_fd_args *uap)
pipe = fp->f_data;
intlabel = mac_pipe_label_alloc();
PIPE_LOCK(pipe);
- mac_copy_pipe_label(pipe->pipe_pair->pp_label, intlabel);
+ mac_pipe_copy_label(pipe->pipe_pair->pp_label, intlabel);
PIPE_UNLOCK(pipe);
- error = mac_externalize_pipe_label(intlabel, elements,
+ error = mac_pipe_externalize_label(intlabel, elements,
buffer, mac.m_buflen);
mac_pipe_label_free(intlabel);
break;
@@ -279,9 +279,9 @@ __mac_get_fd(struct thread *td, struct __mac_get_fd_args *uap)
so = fp->f_data;
intlabel = mac_socket_label_alloc(M_WAITOK);
SOCK_LOCK(so);
- mac_copy_socket_label(so->so_label, intlabel);
+ mac_socket_copy_label(so->so_label, intlabel);
SOCK_UNLOCK(so);
- error = mac_externalize_socket_label(intlabel, elements,
+ error = mac_socket_externalize_label(intlabel, elements,
buffer, mac.m_buflen);
mac_socket_label_free(intlabel);
break;
@@ -332,8 +332,8 @@ __mac_get_file(struct thread *td, struct __mac_get_file_args *uap)
intlabel = mac_vnode_label_alloc();
vfslocked = NDHASGIANT(&nd);
- mac_copy_vnode_label(nd.ni_vp->v_label, intlabel);
- error = mac_externalize_vnode_label(intlabel, elements, buffer,
+ mac_vnode_copy_label(nd.ni_vp->v_label, intlabel);
+ error = mac_vnode_externalize_label(intlabel, elements, buffer,
mac.m_buflen);
NDFREE(&nd, 0);
@@ -382,8 +382,8 @@ __mac_get_link(struct thread *td, struct __mac_get_link_args *uap)
intlabel = mac_vnode_label_alloc();
vfslocked = NDHASGIANT(&nd);
- mac_copy_vnode_label(nd.ni_vp->v_label, intlabel);
- error = mac_externalize_vnode_label(intlabel, elements, buffer,
+ mac_vnode_copy_label(nd.ni_vp->v_label, intlabel);
+ error = mac_vnode_externalize_label(intlabel, elements, buffer,
mac.m_buflen);
NDFREE(&nd, 0);
VFS_UNLOCK_GIANT(vfslocked);
@@ -435,7 +435,7 @@ __mac_set_fd(struct thread *td, struct __mac_set_fd_args *uap)
case DTYPE_FIFO:
case DTYPE_VNODE:
intlabel = mac_vnode_label_alloc();
- error = mac_internalize_vnode_label(intlabel, buffer);
+ error = mac_vnode_internalize_label(intlabel, buffer);
if (error) {
mac_vnode_label_free(intlabel);
break;
@@ -458,7 +458,7 @@ __mac_set_fd(struct thread *td, struct __mac_set_fd_args *uap)
case DTYPE_PIPE:
intlabel = mac_pipe_label_alloc();
- error = mac_internalize_pipe_label(intlabel, buffer);
+ error = mac_pipe_internalize_label(intlabel, buffer);
if (error == 0) {
pipe = fp->f_data;
PIPE_LOCK(pipe);
@@ -471,7 +471,7 @@ __mac_set_fd(struct thread *td, struct __mac_set_fd_args *uap)
case DTYPE_SOCKET:
intlabel = mac_socket_label_alloc(M_WAITOK);
- error = mac_internalize_socket_label(intlabel, buffer);
+ error = mac_socket_internalize_label(intlabel, buffer);
if (error == 0) {
so = fp->f_data;
error = mac_socket_label_set(td->td_ucred, so,
@@ -515,7 +515,7 @@ __mac_set_file(struct thread *td, struct __mac_set_file_args *uap)
}
intlabel = mac_vnode_label_alloc();
- error = mac_internalize_vnode_label(intlabel, buffer);
+ error = mac_vnode_internalize_label(intlabel, buffer);
free(buffer, M_MACTEMP);
if (error)
goto out;
@@ -566,7 +566,7 @@ __mac_set_link(struct thread *td, struct __mac_set_link_args *uap)
}
intlabel = mac_vnode_label_alloc();
- error = mac_internalize_vnode_label(intlabel, buffer);
+ error = mac_vnode_internalize_label(intlabel, buffer);
free(buffer, M_MACTEMP);
if (error)
goto out;
diff --git a/sys/security/mac/mac_system.c b/sys/security/mac/mac_system.c
index 380466e7a111..588e0191c027 100644
--- a/sys/security/mac/mac_system.c
+++ b/sys/security/mac/mac_system.c
@@ -1,5 +1,6 @@
/*-
* Copyright (c) 2002-2003 Networks Associates Technology, Inc.
+ * Copyright (c) 2006 SPARTA, Inc.
* Copyright (c) 2007 Robert N. M. Watson
* All rights reserved.
*
@@ -11,6 +12,9 @@
* Portions of this software were developed by Robert Watson for the
* TrustedBSD Project.
*
+ * This software was enhanced by SPARTA ISSO under SPAWAR contract
+ * N66001-04-C-6019 ("SEFOS").
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -63,116 +67,116 @@ __FBSDID("$FreeBSD$");
#include <security/mac/mac_policy.h>
int
-mac_check_kenv_dump(struct ucred *cred)
+mac_kenv_check_dump(struct ucred *cred)
{
int error;
- MAC_CHECK(check_kenv_dump, cred);
+ MAC_CHECK(kenv_check_dump, cred);
return (error);
}
int
-mac_check_kenv_get(struct ucred *cred, char *name)
+mac_kenv_check_get(struct ucred *cred, char *name)
{
int error;
- MAC_CHECK(check_kenv_get, cred, name);
+ MAC_CHECK(kenv_check_get, cred, name);
return (error);
}
int
-mac_check_kenv_set(struct ucred *cred, char *name, char *value)
+mac_kenv_check_set(struct ucred *cred, char *name, char *value)
{
int error;
- MAC_CHECK(check_kenv_set, cred, name, value);
+ MAC_CHECK(kenv_check_set, cred, name, value);
return (error);
}
int
-mac_check_kenv_unset(struct ucred *cred, char *name)
+mac_kenv_check_unset(struct ucred *cred, char *name)
{
int error;
- MAC_CHECK(check_kenv_unset, cred, name);
+ MAC_CHECK(kenv_check_unset, cred, name);
return (error);
}
int
-mac_check_kld_load(struct ucred *cred, struct vnode *vp)
+mac_kld_check_load(struct ucred *cred, struct vnode *vp)
{
int error;
- ASSERT_VOP_LOCKED(vp, "mac_check_kld_load");
+ ASSERT_VOP_LOCKED(vp, "mac_kld_check_load");
- MAC_CHECK(check_kld_load, cred, vp, vp->v_label);
+ MAC_CHECK(kld_check_load, cred, vp, vp->v_label);
return (error);
}
int
-mac_check_kld_stat(struct ucred *cred)
+mac_kld_check_stat(struct ucred *cred)
{
int error;
- MAC_CHECK(check_kld_stat, cred);
+ MAC_CHECK(kld_check_stat, cred);
return (error);
}
int
-mac_check_system_acct(struct ucred *cred, struct vnode *vp)
+mac_system_check_acct(struct ucred *cred, struct vnode *vp)
{
int error;
if (vp != NULL) {
- ASSERT_VOP_LOCKED(vp, "mac_check_system_acct");
+ ASSERT_VOP_LOCKED(vp, "mac_system_check_acct");
}
- MAC_CHECK(check_system_acct, cred, vp,
+ MAC_CHECK(system_check_acct, cred, vp,
vp != NULL ? vp->v_label : NULL);
return (error);
}
int
-mac_check_system_reboot(struct ucred *cred, int howto)
+mac_system_check_reboot(struct ucred *cred, int howto)
{
int error;
- MAC_CHECK(check_system_reboot, cred, howto);
+ MAC_CHECK(system_check_reboot, cred, howto);
return (error);
}
int
-mac_check_system_swapon(struct ucred *cred, struct vnode *vp)
+mac_system_check_swapon(struct ucred *cred, struct vnode *vp)
{
int error;
- ASSERT_VOP_LOCKED(vp, "mac_check_system_swapon");
+ ASSERT_VOP_LOCKED(vp, "mac_system_check_swapon");
- MAC_CHECK(check_system_swapon, cred, vp, vp->v_label);
+ MAC_CHECK(system_check_swapon, cred, vp, vp->v_label);
return (error);
}
int
-mac_check_system_swapoff(struct ucred *cred, struct vnode *vp)
+mac_system_check_swapoff(struct ucred *cred, struct vnode *vp)
{
int error;
- ASSERT_VOP_LOCKED(vp, "mac_check_system_swapoff");
+ ASSERT_VOP_LOCKED(vp, "mac_system_check_swapoff");
- MAC_CHECK(check_system_swapoff, cred, vp, vp->v_label);
+ MAC_CHECK(system_check_swapoff, cred, vp, vp->v_label);
return (error);
}
int
-mac_check_system_sysctl(struct ucred *cred, struct sysctl_oid *oidp,
+mac_system_check_sysctl(struct ucred *cred, struct sysctl_oid *oidp,
void *arg1, int arg2, struct sysctl_req *req)
{
int error;
@@ -181,7 +185,7 @@ mac_check_system_sysctl(struct ucred *cred, struct sysctl_oid *oidp,
* XXXMAC: We would very much like to assert the SYSCTL_LOCK here,
* but since it's not exported from kern_sysctl.c, we can't.
*/
- MAC_CHECK(check_system_sysctl, cred, oidp, arg1, arg2, req);
+ MAC_CHECK(system_check_sysctl, cred, oidp, arg1, arg2, req);
return (error);
}
diff --git a/sys/security/mac/mac_sysv_msg.c b/sys/security/mac/mac_sysv_msg.c
index 054614b1b48b..5db6270e2748 100644
--- a/sys/security/mac/mac_sysv_msg.c
+++ b/sys/security/mac/mac_sysv_msg.c
@@ -1,5 +1,6 @@
/*-
* Copyright (c) 2003-2004 Networks Associates Technology, Inc.
+ * Copyright (c) 2006 SPARTA, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project in part by Network
@@ -7,6 +8,9 @@
* Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"),
* as part of the DARPA CHATS research program.
*
+ * This software was enhanced by SPARTA ISSO under SPAWAR contract
+ * N66001-04-C-6019 ("SEFOS").
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -58,12 +62,12 @@ mac_sysv_msgmsg_label_alloc(void)
struct label *label;
label = mac_labelzone_alloc(M_WAITOK);
- MAC_PERFORM(init_sysv_msgmsg_label, label);
+ MAC_PERFORM(sysvmsg_init_label, label);
return (label);
}
void
-mac_init_sysv_msgmsg(struct msg *msgptr)
+mac_sysvmsg_init(struct msg *msgptr)
{
msgptr->label = mac_sysv_msgmsg_label_alloc();
@@ -75,12 +79,12 @@ mac_sysv_msgqueue_label_alloc(void)
struct label *label;
label = mac_labelzone_alloc(M_WAITOK);
- MAC_PERFORM(init_sysv_msgqueue_label, label);
+ MAC_PERFORM(sysvmsq_init_label, label);
return (label);
}
void
-mac_init_sysv_msgqueue(struct msqid_kernel *msqkptr)
+mac_sysvmsq_init(struct msqid_kernel *msqkptr)
{
msqkptr->label = mac_sysv_msgqueue_label_alloc();
@@ -90,12 +94,12 @@ static void
mac_sysv_msgmsg_label_free(struct label *label)
{
- MAC_PERFORM(destroy_sysv_msgmsg_label, label);
+ MAC_PERFORM(sysvmsg_destroy_label, label);
mac_labelzone_free(label);
}
void
-mac_destroy_sysv_msgmsg(struct msg *msgptr)
+mac_sysvmsg_destroy(struct msg *msgptr)
{
mac_sysv_msgmsg_label_free(msgptr->label);
@@ -106,12 +110,12 @@ static void
mac_sysv_msgqueue_label_free(struct label *label)
{
- MAC_PERFORM(destroy_sysv_msgqueue_label, label);
+ MAC_PERFORM(sysvmsq_destroy_label, label);
mac_labelzone_free(label);
}
void
-mac_destroy_sysv_msgqueue(struct msqid_kernel *msqkptr)
+mac_sysvmsq_destroy(struct msqid_kernel *msqkptr)
{
mac_sysv_msgqueue_label_free(msqkptr->label);
@@ -119,104 +123,104 @@ mac_destroy_sysv_msgqueue(struct msqid_kernel *msqkptr)
}
void
-mac_create_sysv_msgmsg(struct ucred *cred, struct msqid_kernel *msqkptr,
+mac_sysvmsg_create(struct ucred *cred, struct msqid_kernel *msqkptr,
struct msg *msgptr)
{
- MAC_PERFORM(create_sysv_msgmsg, cred, msqkptr, msqkptr->label,
+ MAC_PERFORM(sysvmsg_create, cred, msqkptr, msqkptr->label,
msgptr, msgptr->label);
}
void
-mac_create_sysv_msgqueue(struct ucred *cred, struct msqid_kernel *msqkptr)
+mac_sysvmsq_create(struct ucred *cred, struct msqid_kernel *msqkptr)
{
- MAC_PERFORM(create_sysv_msgqueue, cred, msqkptr, msqkptr->label);
+ MAC_PERFORM(sysvmsq_create, cred, msqkptr, msqkptr->label);
}
void
-mac_cleanup_sysv_msgmsg(struct msg *msgptr)
+mac_sysvmsg_cleanup(struct msg *msgptr)
{
- MAC_PERFORM(cleanup_sysv_msgmsg, msgptr->label);
+ MAC_PERFORM(sysvmsg_cleanup, msgptr->label);
}
void
-mac_cleanup_sysv_msgqueue(struct msqid_kernel *msqkptr)
+mac_sysvmsq_cleanup(struct msqid_kernel *msqkptr)
{
- MAC_PERFORM(cleanup_sysv_msgqueue, msqkptr->label);
+ MAC_PERFORM(sysvmsq_cleanup, msqkptr->label);
}
int
-mac_check_sysv_msgmsq(struct ucred *cred, struct msg *msgptr,
+mac_sysvmsq_check_msgmsq(struct ucred *cred, struct msg *msgptr,
struct msqid_kernel *msqkptr)
{
int error;
- MAC_CHECK(check_sysv_msgmsq, cred, msgptr, msgptr->label, msqkptr,
- msqkptr->label);
+ MAC_CHECK(sysvmsq_check_msgmsq, cred, msgptr, msgptr->label,
+ msqkptr, msqkptr->label);
return (error);
}
int
-mac_check_sysv_msgrcv(struct ucred *cred, struct msg *msgptr)
+mac_sysvmsq_check_msgrcv(struct ucred *cred, struct msg *msgptr)
{
int error;
- MAC_CHECK(check_sysv_msgrcv, cred, msgptr, msgptr->label);
+ MAC_CHECK(sysvmsq_check_msgrcv, cred, msgptr, msgptr->label);
return (error);
}
int
-mac_check_sysv_msgrmid(struct ucred *cred, struct msg *msgptr)
+mac_sysvmsq_check_msgrmid(struct ucred *cred, struct msg *msgptr)
{
int error;
- MAC_CHECK(check_sysv_msgrmid, cred, msgptr, msgptr->label);
+ MAC_CHECK(sysvmsq_check_msgrmid, cred, msgptr, msgptr->label);
return (error);
}
int
-mac_check_sysv_msqget(struct ucred *cred, struct msqid_kernel *msqkptr)
+mac_sysvmsq_check_msqget(struct ucred *cred, struct msqid_kernel *msqkptr)
{
int error;
- MAC_CHECK(check_sysv_msqget, cred, msqkptr, msqkptr->label);
+ MAC_CHECK(sysvmsq_check_msqget, cred, msqkptr, msqkptr->label);
return (error);
}
int
-mac_check_sysv_msqsnd(struct ucred *cred, struct msqid_kernel *msqkptr)
+mac_sysvmsq_check_msqsnd(struct ucred *cred, struct msqid_kernel *msqkptr)
{
int error;
- MAC_CHECK(check_sysv_msqsnd, cred, msqkptr, msqkptr->label);
+ MAC_CHECK(sysvmsq_check_msqsnd, cred, msqkptr, msqkptr->label);
return (error);
}
int
-mac_check_sysv_msqrcv(struct ucred *cred, struct msqid_kernel *msqkptr)
+mac_sysvmsq_check_msqrcv(struct ucred *cred, struct msqid_kernel *msqkptr)
{
int error;
- MAC_CHECK(check_sysv_msqrcv, cred, msqkptr, msqkptr->label);
+ MAC_CHECK(sysvmsq_check_msqrcv, cred, msqkptr, msqkptr->label);
return (error);
}
int
-mac_check_sysv_msqctl(struct ucred *cred, struct msqid_kernel *msqkptr,
+mac_sysvmsq_check_msqctl(struct ucred *cred, struct msqid_kernel *msqkptr,
int cmd)
{
int error;
- MAC_CHECK(check_sysv_msqctl, cred, msqkptr, msqkptr->label, cmd);
+ MAC_CHECK(sysvmsq_check_msqctl, cred, msqkptr, msqkptr->label, cmd);
return (error);
}
diff --git a/sys/security/mac/mac_sysv_sem.c b/sys/security/mac/mac_sysv_sem.c
index e77331e8f4d3..5f7c4f9d158c 100644
--- a/sys/security/mac/mac_sysv_sem.c
+++ b/sys/security/mac/mac_sysv_sem.c
@@ -1,5 +1,6 @@
/*-
* Copyright (c) 2003-2004 Networks Associates Technology, Inc.
+ * Copyright (c) 2006 SPARTA, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project in part by Network
@@ -7,6 +8,9 @@
* Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"),
* as part of the DARPA CHATS research program.
*
+ * This software was enhanced by SPARTA ISSO under SPAWAR contract
+ * N66001-04-C-6019 ("SEFOS").
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -58,12 +62,12 @@ mac_sysv_sem_label_alloc(void)
struct label *label;
label = mac_labelzone_alloc(M_WAITOK);
- MAC_PERFORM(init_sysv_sem_label, label);
+ MAC_PERFORM(sysvsem_init_label, label);
return (label);
}
void
-mac_init_sysv_sem(struct semid_kernel *semakptr)
+mac_sysvsem_init(struct semid_kernel *semakptr)
{
semakptr->label = mac_sysv_sem_label_alloc();
@@ -73,12 +77,12 @@ static void
mac_sysv_sem_label_free(struct label *label)
{
- MAC_PERFORM(destroy_sysv_sem_label, label);
+ MAC_PERFORM(sysvsem_destroy_label, label);
mac_labelzone_free(label);
}
void
-mac_destroy_sysv_sem(struct semid_kernel *semakptr)
+mac_sysvsem_destroy(struct semid_kernel *semakptr)
{
mac_sysv_sem_label_free(semakptr->label);
@@ -86,47 +90,48 @@ mac_destroy_sysv_sem(struct semid_kernel *semakptr)
}
void
-mac_create_sysv_sem(struct ucred *cred, struct semid_kernel *semakptr)
+mac_sysvsem_create(struct ucred *cred, struct semid_kernel *semakptr)
{
- MAC_PERFORM(create_sysv_sem, cred, semakptr, semakptr->label);
+ MAC_PERFORM(sysvsem_create, cred, semakptr, semakptr->label);
}
void
-mac_cleanup_sysv_sem(struct semid_kernel *semakptr)
+mac_sysvsem_cleanup(struct semid_kernel *semakptr)
{
- MAC_PERFORM(cleanup_sysv_sem, semakptr->label);
+ MAC_PERFORM(sysvsem_cleanup, semakptr->label);
}
int
-mac_check_sysv_semctl(struct ucred *cred, struct semid_kernel *semakptr,
+mac_sysvsem_check_semctl(struct ucred *cred, struct semid_kernel *semakptr,
int cmd)
{
int error;
- MAC_CHECK(check_sysv_semctl, cred, semakptr, semakptr->label, cmd);
+ MAC_CHECK(sysvsem_check_semctl, cred, semakptr, semakptr->label,
+ cmd);
return (error);
}
int
-mac_check_sysv_semget(struct ucred *cred, struct semid_kernel *semakptr)
+mac_sysvsem_check_semget(struct ucred *cred, struct semid_kernel *semakptr)
{
int error;
- MAC_CHECK(check_sysv_semget, cred, semakptr, semakptr->label);
+ MAC_CHECK(sysvsem_check_semget, cred, semakptr, semakptr->label);
return (error);
}
int
-mac_check_sysv_semop(struct ucred *cred, struct semid_kernel *semakptr,
+mac_sysvsem_check_semop(struct ucred *cred, struct semid_kernel *semakptr,
size_t accesstype)
{
int error;
- MAC_CHECK(check_sysv_semop, cred, semakptr, semakptr->label,
+ MAC_CHECK(sysvsem_check_semop, cred, semakptr, semakptr->label,
accesstype);
return (error);
diff --git a/sys/security/mac/mac_sysv_shm.c b/sys/security/mac/mac_sysv_shm.c
index 6cabeb42397e..05ec1e1a3260 100644
--- a/sys/security/mac/mac_sysv_shm.c
+++ b/sys/security/mac/mac_sysv_shm.c
@@ -1,5 +1,6 @@
/*-
* Copyright (c) 2003-2004 Networks Associates Technology, Inc.
+ * Copyright (c) 2006 SPARTA, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project in part by Network
@@ -7,6 +8,9 @@
* Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"),
* as part of the DARPA CHATS research program.
*
+ * This software was enhanced by SPARTA ISSO under SPAWAR contract
+ * N66001-04-C-6019 ("SEFOS").
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
@@ -58,12 +62,12 @@ mac_sysv_shm_label_alloc(void)
struct label *label;
label = mac_labelzone_alloc(M_WAITOK);
- MAC_PERFORM(init_sysv_shm_label, label);
+ MAC_PERFORM(sysvshm_init_label, label);
return (label);
}
void
-mac_init_sysv_shm(struct shmid_kernel *shmsegptr)
+mac_sysvshm_init(struct shmid_kernel *shmsegptr)
{
shmsegptr->label = mac_sysv_shm_label_alloc();
@@ -73,12 +77,12 @@ static void
mac_sysv_shm_label_free(struct label *label)
{
- MAC_PERFORM(destroy_sysv_shm_label, label);
+ MAC_PERFORM(sysvshm_destroy_label, label);
mac_labelzone_free(label);
}
void
-mac_destroy_sysv_shm(struct shmid_kernel *shmsegptr)
+mac_sysvshm_destroy(struct shmid_kernel *shmsegptr)
{
mac_sysv_shm_label_free(shmsegptr->label);
@@ -86,60 +90,60 @@ mac_destroy_sysv_shm(struct shmid_kernel *shmsegptr)
}
void
-mac_create_sysv_shm(struct ucred *cred, struct shmid_kernel *shmsegptr)
+mac_sysvshm_create(struct ucred *cred, struct shmid_kernel *shmsegptr)
{
- MAC_PERFORM(create_sysv_shm, cred, shmsegptr, shmsegptr->label);
+ MAC_PERFORM(sysvshm_create, cred, shmsegptr, shmsegptr->label);
}
void
-mac_cleanup_sysv_shm(struct shmid_kernel *shmsegptr)
+mac_sysvshm_cleanup(struct shmid_kernel *shmsegptr)
{
- MAC_PERFORM(cleanup_sysv_shm, shmsegptr->label);
+ MAC_PERFORM(sysvshm_cleanup, shmsegptr->label);
}
int
-mac_check_sysv_shmat(struct ucred *cred, struct shmid_kernel *shmsegptr,
+mac_sysvshm_check_shmat(struct ucred *cred, struct shmid_kernel *shmsegptr,
int shmflg)
{
int error;
- MAC_CHECK(check_sysv_shmat, cred, shmsegptr, shmsegptr->label,
+ MAC_CHECK(sysvshm_check_shmat, cred, shmsegptr, shmsegptr->label,
shmflg);
return (error);
}
int
-mac_check_sysv_shmctl(struct ucred *cred, struct shmid_kernel *shmsegptr,
+mac_sysvshm_check_shmctl(struct ucred *cred, struct shmid_kernel *shmsegptr,
int cmd)
{
int error;
- MAC_CHECK(check_sysv_shmctl, cred, shmsegptr, shmsegptr->label,
+ MAC_CHECK(sysvshm_check_shmctl, cred, shmsegptr, shmsegptr->label,
cmd);
return (error);
}
int
-mac_check_sysv_shmdt(struct ucred *cred, struct shmid_kernel *shmsegptr)
+mac_sysvshm_check_shmdt(struct ucred *cred, struct shmid_kernel *shmsegptr)
{
int error;
- MAC_CHECK(check_sysv_shmdt, cred, shmsegptr, shmsegptr->label);
+ MAC_CHECK(sysvshm_check_shmdt, cred, shmsegptr, shmsegptr->label);
return (error);
}
int
-mac_check_sysv_shmget(struct ucred *cred, struct shmid_kernel *shmsegptr,
+mac_sysvshm_check_shmget(struct ucred *cred, struct shmid_kernel *shmsegptr,
int shmflg)
{
int error;
- MAC_CHECK(check_sysv_shmget, cred, shmsegptr, shmsegptr->label,
+ MAC_CHECK(sysvshm_check_shmget, cred, shmsegptr, shmsegptr->label,
shmflg);
return (error);
diff --git a/sys/security/mac/mac_vfs.c b/sys/security/mac/mac_vfs.c
index ad6a0e6dc630..d6546f668824 100644
--- a/sys/security/mac/mac_vfs.c
+++ b/sys/security/mac/mac_vfs.c
@@ -77,7 +77,7 @@ __FBSDID("$FreeBSD$");
*/
static int ea_warn_once = 0;
-static int mac_setlabel_vnode_extattr(struct ucred *cred,
+static int mac_vnode_setlabel_extattr(struct ucred *cred,
struct vnode *vp, struct label *intlabel);
static struct label *
@@ -86,12 +86,12 @@ mac_devfs_label_alloc(void)
struct label *label;
label = mac_labelzone_alloc(M_WAITOK);
- MAC_PERFORM(init_devfs_label, label);
+ MAC_PERFORM(devfs_init_label, label);
return (label);
}
void
-mac_init_devfs(struct devfs_dirent *de)
+mac_devfs_init(struct devfs_dirent *de)
{
de->de_label = mac_devfs_label_alloc();
@@ -103,12 +103,12 @@ mac_mount_label_alloc(void)
struct label *label;
label = mac_labelzone_alloc(M_WAITOK);
- MAC_PERFORM(init_mount_label, label);
+ MAC_PERFORM(mount_init_label, label);
return (label);
}
void
-mac_init_mount(struct mount *mp)
+mac_mount_init(struct mount *mp)
{
mp->mnt_label = mac_mount_label_alloc();
@@ -120,12 +120,12 @@ mac_vnode_label_alloc(void)
struct label *label;
label = mac_labelzone_alloc(M_WAITOK);
- MAC_PERFORM(init_vnode_label, label);
+ MAC_PERFORM(vnode_init_label, label);
return (label);
}
void
-mac_init_vnode(struct vnode *vp)
+mac_vnode_init(struct vnode *vp)
{
vp->v_label = mac_vnode_label_alloc();
@@ -135,12 +135,12 @@ static void
mac_devfs_label_free(struct label *label)
{
- MAC_PERFORM(destroy_devfs_label, label);
+ MAC_PERFORM(devfs_destroy_label, label);
mac_labelzone_free(label);
}
void
-mac_destroy_devfs(struct devfs_dirent *de)
+mac_devfs_destroy(struct devfs_dirent *de)
{
mac_devfs_label_free(de->de_label);
@@ -151,12 +151,12 @@ static void
mac_mount_label_free(struct label *label)
{
- MAC_PERFORM(destroy_mount_label, label);
+ MAC_PERFORM(mount_destroy_label, label);
mac_labelzone_free(label);
}
void
-mac_destroy_mount(struct mount *mp)
+mac_mount_destroy(struct mount *mp)
{
mac_mount_label_free(mp->mnt_label);
@@ -167,12 +167,12 @@ void
mac_vnode_label_free(struct label *label)
{
- MAC_PERFORM(destroy_vnode_label, label);
+ MAC_PERFORM(vnode_destroy_label, label);
mac_labelzone_free(label);
}
void
-mac_destroy_vnode(struct vnode *vp)
+mac_vnode_destroy(struct vnode *vp)
{
mac_vnode_label_free(vp->v_label);
@@ -180,14 +180,14 @@ mac_destroy_vnode(struct vnode *vp)
}
void
-mac_copy_vnode_label(struct label *src, struct label *dest)
+mac_vnode_copy_label(struct label *src, struct label *dest)
{
- MAC_PERFORM(copy_vnode_label, src, dest);
+ MAC_PERFORM(vnode_copy_label, src, dest);
}
int
-mac_externalize_vnode_label(struct label *label, char *elements,
+mac_vnode_externalize_label(struct label *label, char *elements,
char *outbuf, size_t outbuflen)
{
int error;
@@ -198,7 +198,7 @@ mac_externalize_vnode_label(struct label *label, char *elements,
}
int
-mac_internalize_vnode_label(struct label *label, char *string)
+mac_vnode_internalize_label(struct label *label, char *string)
{
int error;
@@ -208,39 +208,39 @@ mac_internalize_vnode_label(struct label *label, char *string)
}
void
-mac_update_devfs(struct mount *mp, struct devfs_dirent *de, struct vnode *vp)
+mac_devfs_update(struct mount *mp, struct devfs_dirent *de, struct vnode *vp)
{
- MAC_PERFORM(update_devfs, mp, de, de->de_label, vp, vp->v_label);
+ MAC_PERFORM(devfs_update, mp, de, de->de_label, vp, vp->v_label);
}
void
-mac_associate_vnode_devfs(struct mount *mp, struct devfs_dirent *de,
+mac_devfs_vnode_associate(struct mount *mp, struct devfs_dirent *de,
struct vnode *vp)
{
- MAC_PERFORM(associate_vnode_devfs, mp, mp->mnt_label, de,
+ MAC_PERFORM(devfs_vnode_associate, mp, mp->mnt_label, de,
de->de_label, vp, vp->v_label);
}
int
-mac_associate_vnode_extattr(struct mount *mp, struct vnode *vp)
+mac_vnode_associate_extattr(struct mount *mp, struct vnode *vp)
{
int error;
- ASSERT_VOP_LOCKED(vp, "mac_associate_vnode_extattr");
+ ASSERT_VOP_LOCKED(vp, "mac_vnode_associate_extattr");
- MAC_CHECK(associate_vnode_extattr, mp, mp->mnt_label, vp,
+ MAC_CHECK(vnode_associate_extattr, mp, mp->mnt_label, vp,
vp->v_label);
return (error);
}
void
-mac_associate_vnode_singlelabel(struct mount *mp, struct vnode *vp)
+mac_vnode_associate_singlelabel(struct mount *mp, struct vnode *vp)
{
- MAC_PERFORM(associate_vnode_singlelabel, mp, mp->mnt_label, vp,
+ MAC_PERFORM(vnode_associate_singlelabel, mp, mp->mnt_label, vp,
vp->v_label);
}
@@ -254,13 +254,13 @@ mac_associate_vnode_singlelabel(struct mount *mp, struct vnode *vp)
* printf warning.
*/
int
-mac_create_vnode_extattr(struct ucred *cred, struct mount *mp,
+mac_vnode_create_extattr(struct ucred *cred, struct mount *mp,
struct vnode *dvp, struct vnode *vp, struct componentname *cnp)
{
int error;
- ASSERT_VOP_LOCKED(dvp, "mac_create_vnode_extattr");
- ASSERT_VOP_LOCKED(vp, "mac_create_vnode_extattr");
+ ASSERT_VOP_LOCKED(dvp, "mac_vnode_create_extattr");
+ ASSERT_VOP_LOCKED(vp, "mac_vnode_create_extattr");
error = VOP_OPENEXTATTR(vp, cred, curthread);
if (error == EOPNOTSUPP) {
@@ -272,7 +272,7 @@ mac_create_vnode_extattr(struct ucred *cred, struct mount *mp,
} else if (error)
return (error);
- MAC_CHECK(create_vnode_extattr, cred, mp, mp->mnt_label, dvp,
+ MAC_CHECK(vnode_create_extattr, cred, mp, mp->mnt_label, dvp,
dvp->v_label, vp, vp->v_label, cnp);
if (error) {
@@ -288,12 +288,12 @@ mac_create_vnode_extattr(struct ucred *cred, struct mount *mp,
}
static int
-mac_setlabel_vnode_extattr(struct ucred *cred, struct vnode *vp,
+mac_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp,
struct label *intlabel)
{
int error;
- ASSERT_VOP_LOCKED(vp, "mac_setlabel_vnode_extattr");
+ ASSERT_VOP_LOCKED(vp, "mac_vnode_setlabel_extattr");
error = VOP_OPENEXTATTR(vp, cred, curthread);
if (error == EOPNOTSUPP) {
@@ -305,7 +305,7 @@ mac_setlabel_vnode_extattr(struct ucred *cred, struct vnode *vp,
} else if (error)
return (error);
- MAC_CHECK(setlabel_vnode_extattr, cred, vp, vp->v_label, intlabel);
+ MAC_CHECK(vnode_setlabel_extattr, cred, vp, vp->v_label, intlabel);
if (error) {
VOP_CLOSEEXTATTR(vp, 0, NOCRED, curthread);
@@ -320,487 +320,488 @@ mac_setlabel_vnode_extattr(struct ucred *cred, struct vnode *vp,
}
void
-mac_execve_transition(struct ucred *old, struct ucred *new, struct vnode *vp,
- struct label *interpvnodelabel, struct image_params *imgp)
+mac_vnode_execve_transition(struct ucred *old, struct ucred *new,
+ struct vnode *vp, struct label *interpvnodelabel,
+ struct image_params *imgp)
{
- ASSERT_VOP_LOCKED(vp, "mac_execve_transition");
+ ASSERT_VOP_LOCKED(vp, "mac_vnode_execve_transition");
- MAC_PERFORM(execve_transition, old, new, vp, vp->v_label,
+ MAC_PERFORM(vnode_execve_transition, old, new, vp, vp->v_label,
interpvnodelabel, imgp, imgp->execlabel);
}
int
-mac_execve_will_transition(struct ucred *old, struct vnode *vp,
+mac_vnode_execve_will_transition(struct ucred *old, struct vnode *vp,
struct label *interpvnodelabel, struct image_params *imgp)
{
int result;
- ASSERT_VOP_LOCKED(vp, "mac_execve_will_transition");
+ ASSERT_VOP_LOCKED(vp, "mac_vnode_execve_will_transition");
result = 0;
- MAC_BOOLEAN(execve_will_transition, ||, old, vp, vp->v_label,
+ MAC_BOOLEAN(vnode_execve_will_transition, ||, old, vp, vp->v_label,
interpvnodelabel, imgp, imgp->execlabel);
return (result);
}
int
-mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int acc_mode)
+mac_vnode_check_access(struct ucred *cred, struct vnode *vp, int acc_mode)
{
int error;
- ASSERT_VOP_LOCKED(vp, "mac_check_vnode_access");
+ ASSERT_VOP_LOCKED(vp, "mac_vnode_check_access");
- MAC_CHECK(check_vnode_access, cred, vp, vp->v_label, acc_mode);
+ MAC_CHECK(vnode_check_access, cred, vp, vp->v_label, acc_mode);
return (error);
}
int
-mac_check_vnode_chdir(struct ucred *cred, struct vnode *dvp)
+mac_vnode_check_chdir(struct ucred *cred, struct vnode *dvp)
{
int error;
- ASSERT_VOP_LOCKED(dvp, "mac_check_vnode_chdir");
+ ASSERT_VOP_LOCKED(dvp, "mac_vnode_check_chdir");
- MAC_CHECK(check_vnode_chdir, cred, dvp, dvp->v_label);
+ MAC_CHECK(vnode_check_chdir, cred, dvp, dvp->v_label);
return (error);
}
int
-mac_check_vnode_chroot(struct ucred *cred, struct vnode *dvp)
+mac_vnode_check_chroot(struct ucred *cred, struct vnode *dvp)
{
int error;
- ASSERT_VOP_LOCKED(dvp, "mac_check_vnode_chroot");
+ ASSERT_VOP_LOCKED(dvp, "mac_vnode_check_chroot");
- MAC_CHECK(check_vnode_chroot, cred, dvp, dvp->v_label);
+ MAC_CHECK(vnode_check_chroot, cred, dvp, dvp->v_label);
return (error);
}
int
-mac_check_vnode_create(struct ucred *cred, struct vnode *dvp,
+mac_vnode_check_create(struct ucred *cred, struct vnode *dvp,
struct componentname *cnp, struct vattr *vap)
{
int error;
- ASSERT_VOP_LOCKED(dvp, "mac_check_vnode_create");
+ ASSERT_VOP_LOCKED(dvp, "mac_vnode_check_create");
- MAC_CHECK(check_vnode_create, cred, dvp, dvp->v_label, cnp, vap);
+ MAC_CHECK(vnode_check_create, cred, dvp, dvp->v_label, cnp, vap);
return (error);
}
int
-mac_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp,
+mac_vnode_check_deleteacl(struct ucred *cred, struct vnode *vp,
acl_type_t type)
{
int error;
- ASSERT_VOP_LOCKED(vp, "mac_check_vnode_deleteacl");
+ ASSERT_VOP_LOCKED(vp, "mac_vnode_check_deleteacl");
- MAC_CHECK(check_vnode_deleteacl, cred, vp, vp->v_label, type);
+ MAC_CHECK(vnode_check_deleteacl, cred, vp, vp->v_label, type);
return (error);
}
int
-mac_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp,
+mac_vnode_check_deleteextattr(struct ucred *cred, struct vnode *vp,
int attrnamespace, const char *name)
{
int error;
- ASSERT_VOP_LOCKED(vp, "mac_check_vnode_deleteextattr");
+ ASSERT_VOP_LOCKED(vp, "mac_vnode_check_deleteextattr");
- MAC_CHECK(check_vnode_deleteextattr, cred, vp, vp->v_label,
+ MAC_CHECK(vnode_check_deleteextattr, cred, vp, vp->v_label,
attrnamespace, name);
return (error);
}
int
-mac_check_vnode_exec(struct ucred *cred, struct vnode *vp,
+mac_vnode_check_exec(struct ucred *cred, struct vnode *vp,
struct image_params *imgp)
{
int error;
- ASSERT_VOP_LOCKED(vp, "mac_check_vnode_exec");
+ ASSERT_VOP_LOCKED(vp, "mac_vnode_check_exec");
- MAC_CHECK(check_vnode_exec, cred, vp, vp->v_label, imgp,
+ MAC_CHECK(vnode_check_exec, cred, vp, vp->v_label, imgp,
imgp->execlabel);
return (error);
}
int
-mac_check_vnode_getacl(struct ucred *cred, struct vnode *vp, acl_type_t type)
+mac_vnode_check_getacl(struct ucred *cred, struct vnode *vp, acl_type_t type)
{
int error;
- ASSERT_VOP_LOCKED(vp, "mac_check_vnode_getacl");
+ ASSERT_VOP_LOCKED(vp, "mac_vnode_check_getacl");
- MAC_CHECK(check_vnode_getacl, cred, vp, vp->v_label, type);
+ MAC_CHECK(vnode_check_getacl, cred, vp, vp->v_label, type);
return (error);
}
int
-mac_check_vnode_getextattr(struct ucred *cred, struct vnode *vp,
+mac_vnode_check_getextattr(struct ucred *cred, struct vnode *vp,
int attrnamespace, const char *name, struct uio *uio)
{
int error;
- ASSERT_VOP_LOCKED(vp, "mac_check_vnode_getextattr");
+ ASSERT_VOP_LOCKED(vp, "mac_vnode_check_getextattr");
- MAC_CHECK(check_vnode_getextattr, cred, vp, vp->v_label,
+ MAC_CHECK(vnode_check_getextattr, cred, vp, vp->v_label,
attrnamespace, name, uio);
return (error);
}
int
-mac_check_vnode_link(struct ucred *cred, struct vnode *dvp,
+mac_vnode_check_link(struct ucred *cred, struct vnode *dvp,
struct vnode *vp, struct componentname *cnp)
{
int error;
- ASSERT_VOP_LOCKED(dvp, "mac_check_vnode_link");
- ASSERT_VOP_LOCKED(vp, "mac_check_vnode_link");
+ ASSERT_VOP_LOCKED(dvp, "mac_vnode_check_link");
+ ASSERT_VOP_LOCKED(vp, "mac_vnode_check_link");
- MAC_CHECK(check_vnode_link, cred, dvp, dvp->v_label, vp,
+ MAC_CHECK(vnode_check_link, cred, dvp, dvp->v_label, vp,
vp->v_label, cnp);
return (error);
}
int
-mac_check_vnode_listextattr(struct ucred *cred, struct vnode *vp,
+mac_vnode_check_listextattr(struct ucred *cred, struct vnode *vp,
int attrnamespace)
{
int error;
- ASSERT_VOP_LOCKED(vp, "mac_check_vnode_listextattr");
+ ASSERT_VOP_LOCKED(vp, "mac_vnode_check_listextattr");
- MAC_CHECK(check_vnode_listextattr, cred, vp, vp->v_label,
+ MAC_CHECK(vnode_check_listextattr, cred, vp, vp->v_label,
attrnamespace);
return (error);
}
int
-mac_check_vnode_lookup(struct ucred *cred, struct vnode *dvp,
+mac_vnode_check_lookup(struct ucred *cred, struct vnode *dvp,
struct componentname *cnp)
{
int error;
- ASSERT_VOP_LOCKED(dvp, "mac_check_vnode_lookup");
+ ASSERT_VOP_LOCKED(dvp, "mac_vnode_check_lookup");
- MAC_CHECK(check_vnode_lookup, cred, dvp, dvp->v_label, cnp);
+ MAC_CHECK(vnode_check_lookup, cred, dvp, dvp->v_label, cnp);
return (error);
}
int
-mac_check_vnode_mmap(struct ucred *cred, struct vnode *vp,
+mac_vnode_check_mmap(struct ucred *cred, struct vnode *vp,
int prot, int flags)
{
int error;
- ASSERT_VOP_LOCKED(vp, "mac_check_vnode_mmap");
+ ASSERT_VOP_LOCKED(vp, "mac_vnode_check_mmap");
- MAC_CHECK(check_vnode_mmap, cred, vp, vp->v_label, prot, flags);
+ MAC_CHECK(vnode_check_mmap, cred, vp, vp->v_label, prot, flags);
return (error);
}
void
-mac_check_vnode_mmap_downgrade(struct ucred *cred, struct vnode *vp, int *prot)
+mac_vnode_check_mmap_downgrade(struct ucred *cred, struct vnode *vp, int *prot)
{
int result = *prot;
- ASSERT_VOP_LOCKED(vp, "mac_check_vnode_mmap_downgrade");
+ ASSERT_VOP_LOCKED(vp, "mac_vnode_check_mmap_downgrade");
- MAC_PERFORM(check_vnode_mmap_downgrade, cred, vp, vp->v_label,
+ MAC_PERFORM(vnode_check_mmap_downgrade, cred, vp, vp->v_label,
&result);
*prot = result;
}
int
-mac_check_vnode_mprotect(struct ucred *cred, struct vnode *vp, int prot)
+mac_vnode_check_mprotect(struct ucred *cred, struct vnode *vp, int prot)
{
int error;
- ASSERT_VOP_LOCKED(vp, "mac_check_vnode_mprotect");
+ ASSERT_VOP_LOCKED(vp, "mac_vnode_check_mprotect");
- MAC_CHECK(check_vnode_mprotect, cred, vp, vp->v_label, prot);
+ MAC_CHECK(vnode_check_mprotect, cred, vp, vp->v_label, prot);
return (error);
}
int
-mac_check_vnode_open(struct ucred *cred, struct vnode *vp, int acc_mode)
+mac_vnode_check_open(struct ucred *cred, struct vnode *vp, int acc_mode)
{
int error;
- ASSERT_VOP_LOCKED(vp, "mac_check_vnode_open");
+ ASSERT_VOP_LOCKED(vp, "mac_vnode_check_open");
- MAC_CHECK(check_vnode_open, cred, vp, vp->v_label, acc_mode);
+ MAC_CHECK(vnode_check_open, cred, vp, vp->v_label, acc_mode);
return (error);
}
int
-mac_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred,
+mac_vnode_check_poll(struct ucred *active_cred, struct ucred *file_cred,
struct vnode *vp)
{
int error;
- ASSERT_VOP_LOCKED(vp, "mac_check_vnode_poll");
+ ASSERT_VOP_LOCKED(vp, "mac_vnode_check_poll");
- MAC_CHECK(check_vnode_poll, active_cred, file_cred, vp,
+ MAC_CHECK(vnode_check_poll, active_cred, file_cred, vp,
vp->v_label);
return (error);
}
int
-mac_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred,
+mac_vnode_check_read(struct ucred *active_cred, struct ucred *file_cred,
struct vnode *vp)
{
int error;
- ASSERT_VOP_LOCKED(vp, "mac_check_vnode_read");
+ ASSERT_VOP_LOCKED(vp, "mac_vnode_check_read");
- MAC_CHECK(check_vnode_read, active_cred, file_cred, vp,
+ MAC_CHECK(vnode_check_read, active_cred, file_cred, vp,
vp->v_label);
return (error);
}
int
-mac_check_vnode_readdir(struct ucred *cred, struct vnode *dvp)
+mac_vnode_check_readdir(struct ucred *cred, struct vnode *dvp)
{
int error;
- ASSERT_VOP_LOCKED(dvp, "mac_check_vnode_readdir");
+ ASSERT_VOP_LOCKED(dvp, "mac_vnode_check_readdir");
- MAC_CHECK(check_vnode_readdir, cred, dvp, dvp->v_label);
+ MAC_CHECK(vnode_check_readdir, cred, dvp, dvp->v_label);
return (error);
}
int
-mac_check_vnode_readlink(struct ucred *cred, struct vnode *vp)
+mac_vnode_check_readlink(struct ucred *cred, struct vnode *vp)
{
int error;
- ASSERT_VOP_LOCKED(vp, "mac_check_vnode_readlink");
+ ASSERT_VOP_LOCKED(vp, "mac_vnode_check_readlink");
- MAC_CHECK(check_vnode_readlink, cred, vp, vp->v_label);
+ MAC_CHECK(vnode_check_readlink, cred, vp, vp->v_label);
return (error);
}
static int
-mac_check_vnode_relabel(struct ucred *cred, struct vnode *vp,
+mac_vnode_check_relabel(struct ucred *cred, struct vnode *vp,
struct label *newlabel)
{
int error;
- ASSERT_VOP_LOCKED(vp, "mac_check_vnode_relabel");
+ ASSERT_VOP_LOCKED(vp, "mac_vnode_check_relabel");
- MAC_CHECK(check_vnode_relabel, cred, vp, vp->v_label, newlabel);
+ MAC_CHECK(vnode_check_relabel, cred, vp, vp->v_label, newlabel);
return (error);
}
int
-mac_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp,
+mac_vnode_check_rename_from(struct ucred *cred, struct vnode *dvp,
struct vnode *vp, struct componentname *cnp)
{
int error;
- ASSERT_VOP_LOCKED(dvp, "mac_check_vnode_rename_from");
- ASSERT_VOP_LOCKED(vp, "mac_check_vnode_rename_from");
+ ASSERT_VOP_LOCKED(dvp, "mac_vnode_check_rename_from");
+ ASSERT_VOP_LOCKED(vp, "mac_vnode_check_rename_from");
- MAC_CHECK(check_vnode_rename_from, cred, dvp, dvp->v_label, vp,
+ MAC_CHECK(vnode_check_rename_from, cred, dvp, dvp->v_label, vp,
vp->v_label, cnp);
return (error);
}
int
-mac_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp,
+mac_vnode_check_rename_to(struct ucred *cred, struct vnode *dvp,
struct vnode *vp, int samedir, struct componentname *cnp)
{
int error;
- ASSERT_VOP_LOCKED(dvp, "mac_check_vnode_rename_to");
- ASSERT_VOP_LOCKED(vp, "mac_check_vnode_rename_to");
+ ASSERT_VOP_LOCKED(dvp, "mac_vnode_check_rename_to");
+ ASSERT_VOP_LOCKED(vp, "mac_vnode_check_rename_to");
- MAC_CHECK(check_vnode_rename_to, cred, dvp, dvp->v_label, vp,
+ MAC_CHECK(vnode_check_rename_to, cred, dvp, dvp->v_label, vp,
vp != NULL ? vp->v_label : NULL, samedir, cnp);
return (error);
}
int
-mac_check_vnode_revoke(struct ucred *cred, struct vnode *vp)
+mac_vnode_check_revoke(struct ucred *cred, struct vnode *vp)
{
int error;
- ASSERT_VOP_LOCKED(vp, "mac_check_vnode_revoke");
+ ASSERT_VOP_LOCKED(vp, "mac_vnode_check_revoke");
- MAC_CHECK(check_vnode_revoke, cred, vp, vp->v_label);
+ MAC_CHECK(vnode_check_revoke, cred, vp, vp->v_label);
return (error);
}
int
-mac_check_vnode_setacl(struct ucred *cred, struct vnode *vp, acl_type_t type,
+mac_vnode_check_setacl(struct ucred *cred, struct vnode *vp, acl_type_t type,
struct acl *acl)
{
int error;
- ASSERT_VOP_LOCKED(vp, "mac_check_vnode_setacl");
+ ASSERT_VOP_LOCKED(vp, "mac_vnode_check_setacl");
- MAC_CHECK(check_vnode_setacl, cred, vp, vp->v_label, type, acl);
+ MAC_CHECK(vnode_check_setacl, cred, vp, vp->v_label, type, acl);
return (error);
}
int
-mac_check_vnode_setextattr(struct ucred *cred, struct vnode *vp,
+mac_vnode_check_setextattr(struct ucred *cred, struct vnode *vp,
int attrnamespace, const char *name, struct uio *uio)
{
int error;
- ASSERT_VOP_LOCKED(vp, "mac_check_vnode_setextattr");
+ ASSERT_VOP_LOCKED(vp, "mac_vnode_check_setextattr");
- MAC_CHECK(check_vnode_setextattr, cred, vp, vp->v_label,
+ MAC_CHECK(vnode_check_setextattr, cred, vp, vp->v_label,
attrnamespace, name, uio);
return (error);
}
int
-mac_check_vnode_setflags(struct ucred *cred, struct vnode *vp, u_long flags)
+mac_vnode_check_setflags(struct ucred *cred, struct vnode *vp, u_long flags)
{
int error;
- ASSERT_VOP_LOCKED(vp, "mac_check_vnode_setflags");
+ ASSERT_VOP_LOCKED(vp, "mac_vnode_check_setflags");
- MAC_CHECK(check_vnode_setflags, cred, vp, vp->v_label, flags);
+ MAC_CHECK(vnode_check_setflags, cred, vp, vp->v_label, flags);
return (error);
}
int
-mac_check_vnode_setmode(struct ucred *cred, struct vnode *vp, mode_t mode)
+mac_vnode_check_setmode(struct ucred *cred, struct vnode *vp, mode_t mode)
{
int error;
- ASSERT_VOP_LOCKED(vp, "mac_check_vnode_setmode");
+ ASSERT_VOP_LOCKED(vp, "mac_vnode_check_setmode");
- MAC_CHECK(check_vnode_setmode, cred, vp, vp->v_label, mode);
+ MAC_CHECK(vnode_check_setmode, cred, vp, vp->v_label, mode);
return (error);
}
int
-mac_check_vnode_setowner(struct ucred *cred, struct vnode *vp, uid_t uid,
+mac_vnode_check_setowner(struct ucred *cred, struct vnode *vp, uid_t uid,
gid_t gid)
{
int error;
- ASSERT_VOP_LOCKED(vp, "mac_check_vnode_setowner");
+ ASSERT_VOP_LOCKED(vp, "mac_vnode_check_setowner");
- MAC_CHECK(check_vnode_setowner, cred, vp, vp->v_label, uid, gid);
+ MAC_CHECK(vnode_check_setowner, cred, vp, vp->v_label, uid, gid);
return (error);
}
int
-mac_check_vnode_setutimes(struct ucred *cred, struct vnode *vp,
+mac_vnode_check_setutimes(struct ucred *cred, struct vnode *vp,
struct timespec atime, struct timespec mtime)
{
int error;
- ASSERT_VOP_LOCKED(vp, "mac_check_vnode_setutimes");
+ ASSERT_VOP_LOCKED(vp, "mac_vnode_check_setutimes");
- MAC_CHECK(check_vnode_setutimes, cred, vp, vp->v_label, atime,
+ MAC_CHECK(vnode_check_setutimes, cred, vp, vp->v_label, atime,
mtime);
return (error);
}
int
-mac_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred,
+mac_vnode_check_stat(struct ucred *active_cred, struct ucred *file_cred,
struct vnode *vp)
{
int error;
- ASSERT_VOP_LOCKED(vp, "mac_check_vnode_stat");
+ ASSERT_VOP_LOCKED(vp, "mac_vnode_check_stat");
- MAC_CHECK(check_vnode_stat, active_cred, file_cred, vp,
+ MAC_CHECK(vnode_check_stat, active_cred, file_cred, vp,
vp->v_label);
return (error);
}
int
-mac_check_vnode_unlink(struct ucred *cred, struct vnode *dvp, struct vnode *vp,
+mac_vnode_check_unlink(struct ucred *cred, struct vnode *dvp, struct vnode *vp,
struct componentname *cnp)
{
int error;
- ASSERT_VOP_LOCKED(dvp, "mac_check_vnode_unlink");
- ASSERT_VOP_LOCKED(vp, "mac_check_vnode_unlink");
+ ASSERT_VOP_LOCKED(dvp, "mac_vnode_check_unlink");
+ ASSERT_VOP_LOCKED(vp, "mac_vnode_check_unlink");
- MAC_CHECK(check_vnode_unlink, cred, dvp, dvp->v_label, vp,
+ MAC_CHECK(vnode_check_unlink, cred, dvp, dvp->v_label, vp,
vp->v_label, cnp);
return (error);
}
int
-mac_check_vnode_write(struct ucred *active_cred, struct ucred *file_cred,
+mac_vnode_check_write(struct ucred *active_cred, struct ucred *file_cred,
struct vnode *vp)
{
int error;
- ASSERT_VOP_LOCKED(vp, "mac_check_vnode_write");
+ ASSERT_VOP_LOCKED(vp, "mac_vnode_check_write");
- MAC_CHECK(check_vnode_write, active_cred, file_cred, vp,
+ MAC_CHECK(vnode_check_write, active_cred, file_cred, vp,
vp->v_label);
return (error);
}
void
-mac_relabel_vnode(struct ucred *cred, struct vnode *vp, struct label *newlabel)
+mac_vnode_relabel(struct ucred *cred, struct vnode *vp, struct label *newlabel)
{
- MAC_PERFORM(relabel_vnode, cred, vp, vp->v_label, newlabel);
+ MAC_PERFORM(vnode_relabel, cred, vp, vp->v_label, newlabel);
}
void
-mac_create_mount(struct ucred *cred, struct mount *mp)
+mac_mount_create(struct ucred *cred, struct mount *mp)
{
- MAC_PERFORM(create_mount, cred, mp, mp->mnt_label);
+ MAC_PERFORM(mount_create, cred, mp, mp->mnt_label);
}
int
-mac_check_mount_stat(struct ucred *cred, struct mount *mount)
+mac_mount_check_stat(struct ucred *cred, struct mount *mount)
{
int error;
- MAC_CHECK(check_mount_stat, cred, mount, mount->mnt_label);
+ MAC_CHECK(mount_check_stat, cred, mount, mount->mnt_label);
return (error);
}
void
-mac_create_devfs_device(struct ucred *cred, struct mount *mp,
+mac_devfs_create_device(struct ucred *cred, struct mount *mp,
struct cdev *dev, struct devfs_dirent *de)
{
- MAC_PERFORM(create_devfs_device, cred, mp, dev, de, de->de_label);
+ MAC_PERFORM(devfs_create_device, cred, mp, dev, de, de->de_label);
}
void
-mac_create_devfs_symlink(struct ucred *cred, struct mount *mp,
+mac_devfs_create_symlink(struct ucred *cred, struct mount *mp,
struct devfs_dirent *dd, struct devfs_dirent *de)
{
- MAC_PERFORM(create_devfs_symlink, cred, mp, dd, dd->de_label, de,
+ MAC_PERFORM(devfs_create_symlink, cred, mp, dd, dd->de_label, de,
de->de_label);
}
void
-mac_create_devfs_directory(struct mount *mp, char *dirname, int dirnamelen,
+mac_devfs_create_directory(struct mount *mp, char *dirname, int dirnamelen,
struct devfs_dirent *de)
{
- MAC_PERFORM(create_devfs_directory, mp, dirname, dirnamelen, de,
+ MAC_PERFORM(devfs_create_directory, mp, dirname, dirnamelen, de,
de->de_label);
}
@@ -821,11 +822,11 @@ vop_stdsetlabel_ea(struct vop_setlabel_args *ap)
if ((vp->v_mount->mnt_flag & MNT_MULTILABEL) == 0)
return (EOPNOTSUPP);
- error = mac_setlabel_vnode_extattr(ap->a_cred, vp, intlabel);
+ error = mac_vnode_setlabel_extattr(ap->a_cred, vp, intlabel);
if (error)
return (error);
- mac_relabel_vnode(ap->a_cred, vp, intlabel);
+ mac_vnode_relabel(ap->a_cred, vp, intlabel);
return (0);
}
@@ -853,7 +854,7 @@ vn_setlabel(struct vnode *vp, struct label *intlabel, struct ucred *cred)
* Question: maybe the filesystem should update the vnode at the end
* as part of VOP_SETLABEL()?
*/
- error = mac_check_vnode_relabel(cred, vp, intlabel);
+ error = mac_vnode_check_relabel(cred, vp, intlabel);
if (error)
return (error);
generated by cgit v1.2.3 (git 2.25.1) at 2025-03-17 03:41:53 +0000