| mac_vfs.c (104338) | mac_vfs.c (104514) |
|---|---|
| 1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001 Ilmar S. Habibulin 4 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson and Ilmar Habibulin for the 8 * TrustedBSD Project. --- 22 unchanged lines hidden (view full) --- 31 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 32 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 33 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 34 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 35 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 36 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 37 * SUCH DAMAGE. 38 * | 1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001 Ilmar S. Habibulin 4 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson and Ilmar Habibulin for the 8 * TrustedBSD Project. --- 22 unchanged lines hidden (view full) --- 31 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 32 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 33 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 34 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 35 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 36 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 37 * SUCH DAMAGE. 38 * |
| 39 * $FreeBSD: head/sys/security/mac/mac_vfs.c 104338 2002-10-02 02:42:38Z rwatson $ | 39 * $FreeBSD: head/sys/security/mac/mac_vfs.c 104514 2002-10-05 15:10:00Z rwatson $ |
| 40 */ 41/* 42 * Developed by the TrustedBSD Project. 43 * 44 * Framework for extensible kernel access control. Kernel and userland 45 * interface to the framework, policy registration and composition. 46 */ 47 --- 341 unchanged lines hidden (view full) --- 389 case MAC_INIT: 390 mpc->mpc_ops->mpo_init = 391 mpe->mpe_function; 392 break; 393 case MAC_SYSCALL: 394 mpc->mpc_ops->mpo_syscall = 395 mpe->mpe_function; 396 break; | 40 */ 41/* 42 * Developed by the TrustedBSD Project. 43 * 44 * Framework for extensible kernel access control. Kernel and userland 45 * interface to the framework, policy registration and composition. 46 */ 47 --- 341 unchanged lines hidden (view full) --- 389 case MAC_INIT: 390 mpc->mpc_ops->mpo_init = 391 mpe->mpe_function; 392 break; 393 case MAC_SYSCALL: 394 mpc->mpc_ops->mpo_syscall = 395 mpe->mpe_function; 396 break; |
| 397 case MAC_INIT_BPFDESC: 398 mpc->mpc_ops->mpo_init_bpfdesc = | 397 case MAC_INIT_BPFDESC_LABEL: 398 mpc->mpc_ops->mpo_init_bpfdesc_label = |
| 399 mpe->mpe_function; 400 break; | 399 mpe->mpe_function; 400 break; |
| 401 case MAC_INIT_CRED: 402 mpc->mpc_ops->mpo_init_cred = | 401 case MAC_INIT_CRED_LABEL: 402 mpc->mpc_ops->mpo_init_cred_label = |
| 403 mpe->mpe_function; 404 break; | 403 mpe->mpe_function; 404 break; |
| 405 case MAC_INIT_DEVFSDIRENT: 406 mpc->mpc_ops->mpo_init_devfsdirent = | 405 case MAC_INIT_DEVFSDIRENT_LABEL: 406 mpc->mpc_ops->mpo_init_devfsdirent_label = |
| 407 mpe->mpe_function; 408 break; | 407 mpe->mpe_function; 408 break; |
| 409 case MAC_INIT_IFNET: 410 mpc->mpc_ops->mpo_init_ifnet = | 409 case MAC_INIT_IFNET_LABEL: 410 mpc->mpc_ops->mpo_init_ifnet_label = |
| 411 mpe->mpe_function; 412 break; | 411 mpe->mpe_function; 412 break; |
| 413 case MAC_INIT_IPQ: 414 mpc->mpc_ops->mpo_init_ipq = | 413 case MAC_INIT_IPQ_LABEL: 414 mpc->mpc_ops->mpo_init_ipq_label = |
| 415 mpe->mpe_function; 416 break; | 415 mpe->mpe_function; 416 break; |
| 417 case MAC_INIT_MBUF: 418 mpc->mpc_ops->mpo_init_mbuf = | 417 case MAC_INIT_MBUF_LABEL: 418 mpc->mpc_ops->mpo_init_mbuf_label = |
| 419 mpe->mpe_function; 420 break; | 419 mpe->mpe_function; 420 break; |
| 421 case MAC_INIT_MOUNT: 422 mpc->mpc_ops->mpo_init_mount = | 421 case MAC_INIT_MOUNT_LABEL: 422 mpc->mpc_ops->mpo_init_mount_label = |
| 423 mpe->mpe_function; 424 break; | 423 mpe->mpe_function; 424 break; |
| 425 case MAC_INIT_PIPE: 426 mpc->mpc_ops->mpo_init_pipe = | 425 case MAC_INIT_MOUNT_FS_LABEL: 426 mpc->mpc_ops->mpo_init_mount_fs_label = |
| 427 mpe->mpe_function; 428 break; | 427 mpe->mpe_function; 428 break; |
| 429 case MAC_INIT_SOCKET: 430 mpc->mpc_ops->mpo_init_socket = | 429 case MAC_INIT_PIPE_LABEL: 430 mpc->mpc_ops->mpo_init_pipe_label = |
| 431 mpe->mpe_function; 432 break; | 431 mpe->mpe_function; 432 break; |
| 433 case MAC_INIT_TEMP: 434 mpc->mpc_ops->mpo_init_temp = | 433 case MAC_INIT_SOCKET_LABEL: 434 mpc->mpc_ops->mpo_init_socket_label = |
| 435 mpe->mpe_function; 436 break; | 435 mpe->mpe_function; 436 break; |
| 437 case MAC_INIT_VNODE: 438 mpc->mpc_ops->mpo_init_vnode = | 437 case MAC_INIT_SOCKET_PEER_LABEL: 438 mpc->mpc_ops->mpo_init_socket_peer_label = |
| 439 mpe->mpe_function; 440 break; | 439 mpe->mpe_function; 440 break; |
| 441 case MAC_DESTROY_BPFDESC: 442 mpc->mpc_ops->mpo_destroy_bpfdesc = | 441 case MAC_INIT_TEMP_LABEL: 442 mpc->mpc_ops->mpo_init_temp_label = |
| 443 mpe->mpe_function; 444 break; | 443 mpe->mpe_function; 444 break; |
| 445 case MAC_DESTROY_CRED: 446 mpc->mpc_ops->mpo_destroy_cred = | 445 case MAC_INIT_VNODE_LABEL: 446 mpc->mpc_ops->mpo_init_vnode_label = |
| 447 mpe->mpe_function; 448 break; | 447 mpe->mpe_function; 448 break; |
| 449 case MAC_DESTROY_DEVFSDIRENT: 450 mpc->mpc_ops->mpo_destroy_devfsdirent = | 449 case MAC_DESTROY_BPFDESC_LABEL: 450 mpc->mpc_ops->mpo_destroy_bpfdesc_label = |
| 451 mpe->mpe_function; 452 break; | 451 mpe->mpe_function; 452 break; |
| 453 case MAC_DESTROY_IFNET: 454 mpc->mpc_ops->mpo_destroy_ifnet = | 453 case MAC_DESTROY_CRED_LABEL: 454 mpc->mpc_ops->mpo_destroy_cred_label = |
| 455 mpe->mpe_function; 456 break; | 455 mpe->mpe_function; 456 break; |
| 457 case MAC_DESTROY_IPQ: 458 mpc->mpc_ops->mpo_destroy_ipq = | 457 case MAC_DESTROY_DEVFSDIRENT_LABEL: 458 mpc->mpc_ops->mpo_destroy_devfsdirent_label = |
| 459 mpe->mpe_function; 460 break; | 459 mpe->mpe_function; 460 break; |
| 461 case MAC_DESTROY_MBUF: 462 mpc->mpc_ops->mpo_destroy_mbuf = | 461 case MAC_DESTROY_IFNET_LABEL: 462 mpc->mpc_ops->mpo_destroy_ifnet_label = |
| 463 mpe->mpe_function; 464 break; | 463 mpe->mpe_function; 464 break; |
| 465 case MAC_DESTROY_MOUNT: 466 mpc->mpc_ops->mpo_destroy_mount = | 465 case MAC_DESTROY_IPQ_LABEL: 466 mpc->mpc_ops->mpo_destroy_ipq_label = |
| 467 mpe->mpe_function; 468 break; | 467 mpe->mpe_function; 468 break; |
| 469 case MAC_DESTROY_PIPE: 470 mpc->mpc_ops->mpo_destroy_pipe = | 469 case MAC_DESTROY_MBUF_LABEL: 470 mpc->mpc_ops->mpo_destroy_mbuf_label = |
| 471 mpe->mpe_function; 472 break; | 471 mpe->mpe_function; 472 break; |
| 473 case MAC_DESTROY_SOCKET: 474 mpc->mpc_ops->mpo_destroy_socket = | 473 case MAC_DESTROY_MOUNT_LABEL: 474 mpc->mpc_ops->mpo_destroy_mount_label = |
| 475 mpe->mpe_function; 476 break; | 475 mpe->mpe_function; 476 break; |
| 477 case MAC_DESTROY_TEMP: 478 mpc->mpc_ops->mpo_destroy_temp = | 477 case MAC_DESTROY_MOUNT_FS_LABEL: 478 mpc->mpc_ops->mpo_destroy_mount_fs_label = |
| 479 mpe->mpe_function; 480 break; | 479 mpe->mpe_function; 480 break; |
| 481 case MAC_DESTROY_VNODE: 482 mpc->mpc_ops->mpo_destroy_vnode = | 481 case MAC_DESTROY_PIPE_LABEL: 482 mpc->mpc_ops->mpo_destroy_pipe_label = |
| 483 mpe->mpe_function; 484 break; | 483 mpe->mpe_function; 484 break; |
| 485 case MAC_DESTROY_SOCKET_LABEL: 486 mpc->mpc_ops->mpo_destroy_socket_label = 487 mpe->mpe_function; 488 break; 489 case MAC_DESTROY_SOCKET_PEER_LABEL: 490 mpc->mpc_ops->mpo_destroy_socket_peer_label = 491 mpe->mpe_function; 492 break; 493 case MAC_DESTROY_TEMP_LABEL: 494 mpc->mpc_ops->mpo_destroy_temp_label = 495 mpe->mpe_function; 496 break; 497 case MAC_DESTROY_VNODE_LABEL: 498 mpc->mpc_ops->mpo_destroy_vnode_label = 499 mpe->mpe_function; 500 break; |
|
| 485 case MAC_EXTERNALIZE: 486 mpc->mpc_ops->mpo_externalize = 487 mpe->mpe_function; 488 break; 489 case MAC_INTERNALIZE: 490 mpc->mpc_ops->mpo_internalize = 491 mpe->mpe_function; 492 break; --- 792 unchanged lines hidden (view full) --- 1285 1286int 1287mac_init_mbuf(struct mbuf *m, int how) 1288{ 1289 KASSERT(m->m_flags & M_PKTHDR, ("mac_init_mbuf on non-header mbuf")); 1290 1291 /* "how" is one of M_(TRY|DONT)WAIT */ 1292 mac_init_label(&m->m_pkthdr.label); | 501 case MAC_EXTERNALIZE: 502 mpc->mpc_ops->mpo_externalize = 503 mpe->mpe_function; 504 break; 505 case MAC_INTERNALIZE: 506 mpc->mpc_ops->mpo_internalize = 507 mpe->mpe_function; 508 break; --- 792 unchanged lines hidden (view full) --- 1301 1302int 1303mac_init_mbuf(struct mbuf *m, int how) 1304{ 1305 KASSERT(m->m_flags & M_PKTHDR, ("mac_init_mbuf on non-header mbuf")); 1306 1307 /* "how" is one of M_(TRY|DONT)WAIT */ 1308 mac_init_label(&m->m_pkthdr.label); |
| 1293 MAC_PERFORM(init_mbuf, m, how, &m->m_pkthdr.label); | 1309 MAC_PERFORM(init_mbuf_label, &m->m_pkthdr.label, how); |
| 1294#ifdef MAC_DEBUG 1295 atomic_add_int(&nmacmbufs, 1); 1296#endif 1297 return (0); 1298} 1299 1300void 1301mac_destroy_mbuf(struct mbuf *m) 1302{ 1303 | 1310#ifdef MAC_DEBUG 1311 atomic_add_int(&nmacmbufs, 1); 1312#endif 1313 return (0); 1314} 1315 1316void 1317mac_destroy_mbuf(struct mbuf *m) 1318{ 1319 |
| 1304 MAC_PERFORM(destroy_mbuf, m, &m->m_pkthdr.label); | 1320 MAC_PERFORM(destroy_mbuf_label, &m->m_pkthdr.label); |
| 1305 mac_destroy_label(&m->m_pkthdr.label); 1306#ifdef MAC_DEBUG 1307 atomic_subtract_int(&nmacmbufs, 1); 1308#endif 1309} 1310 1311void 1312mac_init_cred(struct ucred *cr) 1313{ 1314 1315 mac_init_label(&cr->cr_label); | 1321 mac_destroy_label(&m->m_pkthdr.label); 1322#ifdef MAC_DEBUG 1323 atomic_subtract_int(&nmacmbufs, 1); 1324#endif 1325} 1326 1327void 1328mac_init_cred(struct ucred *cr) 1329{ 1330 1331 mac_init_label(&cr->cr_label); |
| 1316 MAC_PERFORM(init_cred, cr, &cr->cr_label); | 1332 MAC_PERFORM(init_cred_label, &cr->cr_label); |
| 1317#ifdef MAC_DEBUG 1318 atomic_add_int(&nmaccreds, 1); 1319#endif 1320} 1321 1322void 1323mac_destroy_cred(struct ucred *cr) 1324{ 1325 | 1333#ifdef MAC_DEBUG 1334 atomic_add_int(&nmaccreds, 1); 1335#endif 1336} 1337 1338void 1339mac_destroy_cred(struct ucred *cr) 1340{ 1341 |
| 1326 MAC_PERFORM(destroy_cred, cr, &cr->cr_label); | 1342 MAC_PERFORM(destroy_cred_label, &cr->cr_label); |
| 1327 mac_destroy_label(&cr->cr_label); 1328#ifdef MAC_DEBUG 1329 atomic_subtract_int(&nmaccreds, 1); 1330#endif 1331} 1332 1333void 1334mac_init_ifnet(struct ifnet *ifp) 1335{ 1336 1337 mac_init_label(&ifp->if_label); | 1343 mac_destroy_label(&cr->cr_label); 1344#ifdef MAC_DEBUG 1345 atomic_subtract_int(&nmaccreds, 1); 1346#endif 1347} 1348 1349void 1350mac_init_ifnet(struct ifnet *ifp) 1351{ 1352 1353 mac_init_label(&ifp->if_label); |
| 1338 MAC_PERFORM(init_ifnet, ifp, &ifp->if_label); | 1354 MAC_PERFORM(init_ifnet_label, &ifp->if_label); |
| 1339#ifdef MAC_DEBUG 1340 atomic_add_int(&nmacifnets, 1); 1341#endif 1342} 1343 1344void 1345mac_destroy_ifnet(struct ifnet *ifp) 1346{ 1347 | 1355#ifdef MAC_DEBUG 1356 atomic_add_int(&nmacifnets, 1); 1357#endif 1358} 1359 1360void 1361mac_destroy_ifnet(struct ifnet *ifp) 1362{ 1363 |
| 1348 MAC_PERFORM(destroy_ifnet, ifp, &ifp->if_label); | 1364 MAC_PERFORM(destroy_ifnet_label, &ifp->if_label); |
| 1349 mac_destroy_label(&ifp->if_label); 1350#ifdef MAC_DEBUG 1351 atomic_subtract_int(&nmacifnets, 1); 1352#endif 1353} 1354 1355void 1356mac_init_ipq(struct ipq *ipq) 1357{ 1358 1359 mac_init_label(&ipq->ipq_label); | 1365 mac_destroy_label(&ifp->if_label); 1366#ifdef MAC_DEBUG 1367 atomic_subtract_int(&nmacifnets, 1); 1368#endif 1369} 1370 1371void 1372mac_init_ipq(struct ipq *ipq) 1373{ 1374 1375 mac_init_label(&ipq->ipq_label); |
| 1360 MAC_PERFORM(init_ipq, ipq, &ipq->ipq_label); | 1376 MAC_PERFORM(init_ipq_label, &ipq->ipq_label); |
| 1361#ifdef MAC_DEBUG 1362 atomic_add_int(&nmacipqs, 1); 1363#endif 1364} 1365 1366void 1367mac_destroy_ipq(struct ipq *ipq) 1368{ 1369 | 1377#ifdef MAC_DEBUG 1378 atomic_add_int(&nmacipqs, 1); 1379#endif 1380} 1381 1382void 1383mac_destroy_ipq(struct ipq *ipq) 1384{ 1385 |
| 1370 MAC_PERFORM(destroy_ipq, ipq, &ipq->ipq_label); | 1386 MAC_PERFORM(destroy_ipq_label, &ipq->ipq_label); |
| 1371 mac_destroy_label(&ipq->ipq_label); 1372#ifdef MAC_DEBUG 1373 atomic_subtract_int(&nmacipqs, 1); 1374#endif 1375} 1376 1377void 1378mac_init_socket(struct socket *socket) 1379{ 1380 1381 mac_init_label(&socket->so_label); 1382 mac_init_label(&socket->so_peerlabel); | 1387 mac_destroy_label(&ipq->ipq_label); 1388#ifdef MAC_DEBUG 1389 atomic_subtract_int(&nmacipqs, 1); 1390#endif 1391} 1392 1393void 1394mac_init_socket(struct socket *socket) 1395{ 1396 1397 mac_init_label(&socket->so_label); 1398 mac_init_label(&socket->so_peerlabel); |
| 1383 MAC_PERFORM(init_socket, socket, &socket->so_label, 1384 &socket->so_peerlabel); | 1399 MAC_PERFORM(init_socket_label, &socket->so_label); 1400 MAC_PERFORM(init_socket_peer_label, &socket->so_peerlabel); |
| 1385#ifdef MAC_DEBUG 1386 atomic_add_int(&nmacsockets, 1); 1387#endif 1388} 1389 1390void 1391mac_destroy_socket(struct socket *socket) 1392{ 1393 | 1401#ifdef MAC_DEBUG 1402 atomic_add_int(&nmacsockets, 1); 1403#endif 1404} 1405 1406void 1407mac_destroy_socket(struct socket *socket) 1408{ 1409 |
| 1394 MAC_PERFORM(destroy_socket, socket, &socket->so_label, 1395 &socket->so_peerlabel); | 1410 MAC_PERFORM(destroy_socket_label, &socket->so_label); 1411 MAC_PERFORM(destroy_socket_peer_label, &socket->so_peerlabel); |
| 1396 mac_destroy_label(&socket->so_label); 1397 mac_destroy_label(&socket->so_peerlabel); 1398#ifdef MAC_DEBUG 1399 atomic_subtract_int(&nmacsockets, 1); 1400#endif 1401} 1402 1403void 1404mac_init_pipe(struct pipe *pipe) 1405{ 1406 struct label *label; 1407 1408 label = malloc(sizeof(struct label), M_MACPIPELABEL, M_ZERO|M_WAITOK); 1409 mac_init_label(label); 1410 pipe->pipe_label = label; 1411 pipe->pipe_peer->pipe_label = label; | 1412 mac_destroy_label(&socket->so_label); 1413 mac_destroy_label(&socket->so_peerlabel); 1414#ifdef MAC_DEBUG 1415 atomic_subtract_int(&nmacsockets, 1); 1416#endif 1417} 1418 1419void 1420mac_init_pipe(struct pipe *pipe) 1421{ 1422 struct label *label; 1423 1424 label = malloc(sizeof(struct label), M_MACPIPELABEL, M_ZERO|M_WAITOK); 1425 mac_init_label(label); 1426 pipe->pipe_label = label; 1427 pipe->pipe_peer->pipe_label = label; |
| 1412 MAC_PERFORM(init_pipe, pipe, pipe->pipe_label); | 1428 MAC_PERFORM(init_pipe_label, pipe->pipe_label); |
| 1413#ifdef MAC_DEBUG 1414 atomic_add_int(&nmacpipes, 1); 1415#endif 1416} 1417 1418void 1419mac_destroy_pipe(struct pipe *pipe) 1420{ 1421 | 1429#ifdef MAC_DEBUG 1430 atomic_add_int(&nmacpipes, 1); 1431#endif 1432} 1433 1434void 1435mac_destroy_pipe(struct pipe *pipe) 1436{ 1437 |
| 1422 MAC_PERFORM(destroy_pipe, pipe, pipe->pipe_label); | 1438 MAC_PERFORM(destroy_pipe_label, pipe->pipe_label); |
| 1423 mac_destroy_label(pipe->pipe_label); 1424 free(pipe->pipe_label, M_MACPIPELABEL); 1425#ifdef MAC_DEBUG 1426 atomic_subtract_int(&nmacpipes, 1); 1427#endif 1428} 1429 1430void 1431mac_init_bpfdesc(struct bpf_d *bpf_d) 1432{ 1433 1434 mac_init_label(&bpf_d->bd_label); | 1439 mac_destroy_label(pipe->pipe_label); 1440 free(pipe->pipe_label, M_MACPIPELABEL); 1441#ifdef MAC_DEBUG 1442 atomic_subtract_int(&nmacpipes, 1); 1443#endif 1444} 1445 1446void 1447mac_init_bpfdesc(struct bpf_d *bpf_d) 1448{ 1449 1450 mac_init_label(&bpf_d->bd_label); |
| 1435 MAC_PERFORM(init_bpfdesc, bpf_d, &bpf_d->bd_label); | 1451 MAC_PERFORM(init_bpfdesc_label, &bpf_d->bd_label); |
| 1436#ifdef MAC_DEBUG 1437 atomic_add_int(&nmacbpfdescs, 1); 1438#endif 1439} 1440 1441void 1442mac_destroy_bpfdesc(struct bpf_d *bpf_d) 1443{ 1444 | 1452#ifdef MAC_DEBUG 1453 atomic_add_int(&nmacbpfdescs, 1); 1454#endif 1455} 1456 1457void 1458mac_destroy_bpfdesc(struct bpf_d *bpf_d) 1459{ 1460 |
| 1445 MAC_PERFORM(destroy_bpfdesc, bpf_d, &bpf_d->bd_label); | 1461 MAC_PERFORM(destroy_bpfdesc_label, &bpf_d->bd_label); |
| 1446 mac_destroy_label(&bpf_d->bd_label); 1447#ifdef MAC_DEBUG 1448 atomic_subtract_int(&nmacbpfdescs, 1); 1449#endif 1450} 1451 1452void 1453mac_init_mount(struct mount *mp) 1454{ 1455 1456 mac_init_label(&mp->mnt_mntlabel); 1457 mac_init_label(&mp->mnt_fslabel); | 1462 mac_destroy_label(&bpf_d->bd_label); 1463#ifdef MAC_DEBUG 1464 atomic_subtract_int(&nmacbpfdescs, 1); 1465#endif 1466} 1467 1468void 1469mac_init_mount(struct mount *mp) 1470{ 1471 1472 mac_init_label(&mp->mnt_mntlabel); 1473 mac_init_label(&mp->mnt_fslabel); |
| 1458 MAC_PERFORM(init_mount, mp, &mp->mnt_mntlabel, &mp->mnt_fslabel); | 1474 MAC_PERFORM(init_mount_label, &mp->mnt_mntlabel); 1475 MAC_PERFORM(init_mount_fs_label, &mp->mnt_fslabel); |
| 1459#ifdef MAC_DEBUG 1460 atomic_add_int(&nmacmounts, 1); 1461#endif 1462} 1463 1464void 1465mac_destroy_mount(struct mount *mp) 1466{ 1467 | 1476#ifdef MAC_DEBUG 1477 atomic_add_int(&nmacmounts, 1); 1478#endif 1479} 1480 1481void 1482mac_destroy_mount(struct mount *mp) 1483{ 1484 |
| 1468 MAC_PERFORM(destroy_mount, mp, &mp->mnt_mntlabel, &mp->mnt_fslabel); | 1485 MAC_PERFORM(destroy_mount_label, &mp->mnt_mntlabel); 1486 MAC_PERFORM(destroy_mount_fs_label, &mp->mnt_fslabel); |
| 1469 mac_destroy_label(&mp->mnt_fslabel); 1470 mac_destroy_label(&mp->mnt_mntlabel); 1471#ifdef MAC_DEBUG 1472 atomic_subtract_int(&nmacmounts, 1); 1473#endif 1474} 1475 1476static void 1477mac_init_temp(struct label *label) 1478{ 1479 1480 mac_init_label(label); | 1487 mac_destroy_label(&mp->mnt_fslabel); 1488 mac_destroy_label(&mp->mnt_mntlabel); 1489#ifdef MAC_DEBUG 1490 atomic_subtract_int(&nmacmounts, 1); 1491#endif 1492} 1493 1494static void 1495mac_init_temp(struct label *label) 1496{ 1497 1498 mac_init_label(label); |
| 1481 MAC_PERFORM(init_temp, label); | 1499 MAC_PERFORM(init_temp_label, label); |
| 1482#ifdef MAC_DEBUG 1483 atomic_add_int(&nmactemp, 1); 1484#endif 1485} 1486 1487static void 1488mac_destroy_temp(struct label *label) 1489{ 1490 | 1500#ifdef MAC_DEBUG 1501 atomic_add_int(&nmactemp, 1); 1502#endif 1503} 1504 1505static void 1506mac_destroy_temp(struct label *label) 1507{ 1508 |
| 1491 MAC_PERFORM(destroy_temp, label); | 1509 MAC_PERFORM(destroy_temp_label, label); |
| 1492 mac_destroy_label(label); 1493#ifdef MAC_DEBUG 1494 atomic_subtract_int(&nmactemp, 1); 1495#endif 1496} 1497 1498void 1499mac_init_vnode(struct vnode *vp) 1500{ 1501 1502 mac_init_label(&vp->v_label); | 1510 mac_destroy_label(label); 1511#ifdef MAC_DEBUG 1512 atomic_subtract_int(&nmactemp, 1); 1513#endif 1514} 1515 1516void 1517mac_init_vnode(struct vnode *vp) 1518{ 1519 1520 mac_init_label(&vp->v_label); |
| 1503 MAC_PERFORM(init_vnode, vp, &vp->v_label); | 1521 MAC_PERFORM(init_vnode_label, &vp->v_label); |
| 1504#ifdef MAC_DEBUG 1505 atomic_add_int(&nmacvnodes, 1); 1506#endif 1507} 1508 1509void 1510mac_destroy_vnode(struct vnode *vp) 1511{ 1512 | 1522#ifdef MAC_DEBUG 1523 atomic_add_int(&nmacvnodes, 1); 1524#endif 1525} 1526 1527void 1528mac_destroy_vnode(struct vnode *vp) 1529{ 1530 |
| 1513 MAC_PERFORM(destroy_vnode, vp, &vp->v_label); | 1531 MAC_PERFORM(destroy_vnode_label, &vp->v_label); |
| 1514 mac_destroy_label(&vp->v_label); 1515#ifdef MAC_DEBUG 1516 atomic_subtract_int(&nmacvnodes, 1); 1517#endif 1518} 1519 1520void 1521mac_init_devfsdirent(struct devfs_dirent *de) 1522{ 1523 1524 mac_init_label(&de->de_label); | 1532 mac_destroy_label(&vp->v_label); 1533#ifdef MAC_DEBUG 1534 atomic_subtract_int(&nmacvnodes, 1); 1535#endif 1536} 1537 1538void 1539mac_init_devfsdirent(struct devfs_dirent *de) 1540{ 1541 1542 mac_init_label(&de->de_label); |
| 1525 MAC_PERFORM(init_devfsdirent, de, &de->de_label); | 1543 MAC_PERFORM(init_devfsdirent_label, &de->de_label); |
| 1526#ifdef MAC_DEBUG 1527 atomic_add_int(&nmacdevfsdirents, 1); 1528#endif 1529} 1530 1531void 1532mac_destroy_devfsdirent(struct devfs_dirent *de) 1533{ 1534 | 1544#ifdef MAC_DEBUG 1545 atomic_add_int(&nmacdevfsdirents, 1); 1546#endif 1547} 1548 1549void 1550mac_destroy_devfsdirent(struct devfs_dirent *de) 1551{ 1552 |
| 1535 MAC_PERFORM(destroy_devfsdirent, de, &de->de_label); | 1553 MAC_PERFORM(destroy_devfsdirent_label, &de->de_label); |
| 1536 mac_destroy_label(&de->de_label); 1537#ifdef MAC_DEBUG 1538 atomic_subtract_int(&nmacdevfsdirents, 1); 1539#endif 1540} 1541 1542static int 1543mac_externalize(struct label *label, struct mac *mac) --- 1834 unchanged lines hidden --- | 1554 mac_destroy_label(&de->de_label); 1555#ifdef MAC_DEBUG 1556 atomic_subtract_int(&nmacdevfsdirents, 1); 1557#endif 1558} 1559 1560static int 1561mac_externalize(struct label *label, struct mac *mac) --- 1834 unchanged lines hidden --- |