mac_pipe.c (118308) | mac_pipe.c (119184) |
---|---|
1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001 Ilmar S. Habibulin 4 * Copyright (c) 2001, 2002, 2003 Networks Associates Technology, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson and Ilmar Habibulin for the 8 * TrustedBSD Project. --- 26 unchanged lines hidden (view full) --- 35 */ 36 37/* 38 * Framework for extensible kernel access control. Kernel and userland 39 * interface to the framework, policy registration and composition. 40 */ 41 42#include <sys/cdefs.h> | 1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001 Ilmar S. Habibulin 4 * Copyright (c) 2001, 2002, 2003 Networks Associates Technology, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson and Ilmar Habibulin for the 8 * TrustedBSD Project. --- 26 unchanged lines hidden (view full) --- 35 */ 36 37/* 38 * Framework for extensible kernel access control. Kernel and userland 39 * interface to the framework, policy registration and composition. 40 */ 41 42#include <sys/cdefs.h> |
43__FBSDID("$FreeBSD: head/sys/security/mac/mac_pipe.c 118308 2003-08-01 15:45:14Z rwatson $"); | 43__FBSDID("$FreeBSD: head/sys/security/mac/mac_pipe.c 119184 2003-08-20 19:16:49Z rwatson $"); |
44 45#include "opt_mac.h" 46#include "opt_devfs.h" 47 48#include <sys/param.h> 49#include <sys/condvar.h> 50#include <sys/extattr.h> 51#include <sys/imgact.h> --- 146 unchanged lines hidden (view full) --- 198 199SYSCTL_NODE(_security_mac_debug, OID_AUTO, counters, CTLFLAG_RW, 0, 200 "TrustedBSD MAC object counters"); 201 202static unsigned int nmacmbufs, nmaccreds, nmacifnets, nmacbpfdescs, 203 nmacsockets, nmacmounts, nmactemp, nmacvnodes, nmacdevfsdirents, 204 nmacipqs, nmacpipes, nmacprocs; 205 | 44 45#include "opt_mac.h" 46#include "opt_devfs.h" 47 48#include <sys/param.h> 49#include <sys/condvar.h> 50#include <sys/extattr.h> 51#include <sys/imgact.h> --- 146 unchanged lines hidden (view full) --- 198 199SYSCTL_NODE(_security_mac_debug, OID_AUTO, counters, CTLFLAG_RW, 0, 200 "TrustedBSD MAC object counters"); 201 202static unsigned int nmacmbufs, nmaccreds, nmacifnets, nmacbpfdescs, 203 nmacsockets, nmacmounts, nmactemp, nmacvnodes, nmacdevfsdirents, 204 nmacipqs, nmacpipes, nmacprocs; 205 |
206#define MAC_DEBUG_COUNTER_INC(x) atomic_add_int(x, 1); 207#define MAC_DEBUG_COUNTER_DEC(x) atomic_subtract_int(x, 1); 208 |
|
206SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, mbufs, CTLFLAG_RD, 207 &nmacmbufs, 0, "number of mbufs in use"); 208SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, creds, CTLFLAG_RD, 209 &nmaccreds, 0, "number of ucreds in use"); 210SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, ifnets, CTLFLAG_RD, 211 &nmacifnets, 0, "number of ifnets in use"); 212SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, ipqs, CTLFLAG_RD, 213 &nmacipqs, 0, "number of ipqs in use"); --- 8 unchanged lines hidden (view full) --- 222SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, mounts, CTLFLAG_RD, 223 &nmacmounts, 0, "number of mounts in use"); 224SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, temp, CTLFLAG_RD, 225 &nmactemp, 0, "number of temporary labels in use"); 226SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, vnodes, CTLFLAG_RD, 227 &nmacvnodes, 0, "number of vnodes in use"); 228SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, devfsdirents, CTLFLAG_RD, 229 &nmacdevfsdirents, 0, "number of devfs dirents inuse"); | 209SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, mbufs, CTLFLAG_RD, 210 &nmacmbufs, 0, "number of mbufs in use"); 211SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, creds, CTLFLAG_RD, 212 &nmaccreds, 0, "number of ucreds in use"); 213SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, ifnets, CTLFLAG_RD, 214 &nmacifnets, 0, "number of ifnets in use"); 215SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, ipqs, CTLFLAG_RD, 216 &nmacipqs, 0, "number of ipqs in use"); --- 8 unchanged lines hidden (view full) --- 225SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, mounts, CTLFLAG_RD, 226 &nmacmounts, 0, "number of mounts in use"); 227SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, temp, CTLFLAG_RD, 228 &nmactemp, 0, "number of temporary labels in use"); 229SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, vnodes, CTLFLAG_RD, 230 &nmacvnodes, 0, "number of vnodes in use"); 231SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, devfsdirents, CTLFLAG_RD, 232 &nmacdevfsdirents, 0, "number of devfs dirents inuse"); |
233#else 234#define MAC_DEBUG_COUNTER_INC(x) 235#define MAC_DEBUG_COUNTER_DEC(x) |
|
230#endif 231 232static int error_select(int error1, int error2); 233static int mac_policy_register(struct mac_policy_conf *mpc); 234static int mac_policy_unregister(struct mac_policy_conf *mpc); 235 236static void mac_check_vnode_mmap_downgrade(struct ucred *cred, 237 struct vnode *vp, int *prot); --- 530 unchanged lines hidden (view full) --- 768} 769 770void 771mac_init_bpfdesc(struct bpf_d *bpf_d) 772{ 773 774 mac_init_label(&bpf_d->bd_label); 775 MAC_PERFORM(init_bpfdesc_label, &bpf_d->bd_label); | 236#endif 237 238static int error_select(int error1, int error2); 239static int mac_policy_register(struct mac_policy_conf *mpc); 240static int mac_policy_unregister(struct mac_policy_conf *mpc); 241 242static void mac_check_vnode_mmap_downgrade(struct ucred *cred, 243 struct vnode *vp, int *prot); --- 530 unchanged lines hidden (view full) --- 774} 775 776void 777mac_init_bpfdesc(struct bpf_d *bpf_d) 778{ 779 780 mac_init_label(&bpf_d->bd_label); 781 MAC_PERFORM(init_bpfdesc_label, &bpf_d->bd_label); |
776#ifdef MAC_DEBUG 777 atomic_add_int(&nmacbpfdescs, 1); 778#endif | 782 MAC_DEBUG_COUNTER_INC(&nmacbpfdescs); |
779} 780 781static void 782mac_init_cred_label(struct label *label) 783{ 784 785 mac_init_label(label); 786 MAC_PERFORM(init_cred_label, label); | 783} 784 785static void 786mac_init_cred_label(struct label *label) 787{ 788 789 mac_init_label(label); 790 MAC_PERFORM(init_cred_label, label); |
787#ifdef MAC_DEBUG 788 atomic_add_int(&nmaccreds, 1); 789#endif | 791 MAC_DEBUG_COUNTER_INC(&nmaccreds); |
790} 791 792void 793mac_init_cred(struct ucred *cred) 794{ 795 796 mac_init_cred_label(&cred->cr_label); 797} 798 799void 800mac_init_devfsdirent(struct devfs_dirent *de) 801{ 802 803 mac_init_label(&de->de_label); 804 MAC_PERFORM(init_devfsdirent_label, &de->de_label); | 792} 793 794void 795mac_init_cred(struct ucred *cred) 796{ 797 798 mac_init_cred_label(&cred->cr_label); 799} 800 801void 802mac_init_devfsdirent(struct devfs_dirent *de) 803{ 804 805 mac_init_label(&de->de_label); 806 MAC_PERFORM(init_devfsdirent_label, &de->de_label); |
805#ifdef MAC_DEBUG 806 atomic_add_int(&nmacdevfsdirents, 1); 807#endif | 807 MAC_DEBUG_COUNTER_INC(&nmacdevfsdirents); |
808} 809 810static void 811mac_init_ifnet_label(struct label *label) 812{ 813 814 mac_init_label(label); 815 MAC_PERFORM(init_ifnet_label, label); | 808} 809 810static void 811mac_init_ifnet_label(struct label *label) 812{ 813 814 mac_init_label(label); 815 MAC_PERFORM(init_ifnet_label, label); |
816#ifdef MAC_DEBUG 817 atomic_add_int(&nmacifnets, 1); 818#endif | 816 MAC_DEBUG_COUNTER_INC(&nmacifnets); |
819} 820 821void 822mac_init_ifnet(struct ifnet *ifp) 823{ 824 825 mac_init_ifnet_label(&ifp->if_label); 826} --- 4 unchanged lines hidden (view full) --- 831 int error; 832 833 mac_init_label(&ipq->ipq_label); 834 835 MAC_CHECK(init_ipq_label, &ipq->ipq_label, flag); 836 if (error) { 837 MAC_PERFORM(destroy_ipq_label, &ipq->ipq_label); 838 mac_destroy_label(&ipq->ipq_label); | 817} 818 819void 820mac_init_ifnet(struct ifnet *ifp) 821{ 822 823 mac_init_ifnet_label(&ifp->if_label); 824} --- 4 unchanged lines hidden (view full) --- 829 int error; 830 831 mac_init_label(&ipq->ipq_label); 832 833 MAC_CHECK(init_ipq_label, &ipq->ipq_label, flag); 834 if (error) { 835 MAC_PERFORM(destroy_ipq_label, &ipq->ipq_label); 836 mac_destroy_label(&ipq->ipq_label); |
837 } else { 838 MAC_DEBUG_COUNTER_INC(&nmacipqs); |
|
839 } | 839 } |
840#ifdef MAC_DEBUG 841 if (error == 0) 842 atomic_add_int(&nmacipqs, 1); 843#endif | |
844 return (error); 845} 846 847int 848mac_init_mbuf_tag(struct m_tag *tag, int flag) 849{ 850 struct label *label; 851 int error; 852 853 label = (struct label *) (tag + 1); 854 mac_init_label(label); 855 856 MAC_CHECK(init_mbuf_label, label, flag); 857 if (error) { 858 MAC_PERFORM(destroy_mbuf_label, label); 859 mac_destroy_label(label); | 840 return (error); 841} 842 843int 844mac_init_mbuf_tag(struct m_tag *tag, int flag) 845{ 846 struct label *label; 847 int error; 848 849 label = (struct label *) (tag + 1); 850 mac_init_label(label); 851 852 MAC_CHECK(init_mbuf_label, label, flag); 853 if (error) { 854 MAC_PERFORM(destroy_mbuf_label, label); 855 mac_destroy_label(label); |
856 } else { 857 MAC_DEBUG_COUNTER_INC(&nmacmbufs); |
|
860 } | 858 } |
861#ifdef MAC_DEBUG 862 if (error == 0) 863 atomic_add_int(&nmacmbufs, 1); 864#endif | |
865 return (error); 866} 867 868int 869mac_init_mbuf(struct mbuf *m, int flag) 870{ 871 struct m_tag *tag; 872 int error; --- 24 unchanged lines hidden (view full) --- 897void 898mac_init_mount(struct mount *mp) 899{ 900 901 mac_init_label(&mp->mnt_mntlabel); 902 mac_init_label(&mp->mnt_fslabel); 903 MAC_PERFORM(init_mount_label, &mp->mnt_mntlabel); 904 MAC_PERFORM(init_mount_fs_label, &mp->mnt_fslabel); | 859 return (error); 860} 861 862int 863mac_init_mbuf(struct mbuf *m, int flag) 864{ 865 struct m_tag *tag; 866 int error; --- 24 unchanged lines hidden (view full) --- 891void 892mac_init_mount(struct mount *mp) 893{ 894 895 mac_init_label(&mp->mnt_mntlabel); 896 mac_init_label(&mp->mnt_fslabel); 897 MAC_PERFORM(init_mount_label, &mp->mnt_mntlabel); 898 MAC_PERFORM(init_mount_fs_label, &mp->mnt_fslabel); |
905#ifdef MAC_DEBUG 906 atomic_add_int(&nmacmounts, 1); 907#endif | 899 MAC_DEBUG_COUNTER_INC(&nmacmounts); |
908} 909 910static void 911mac_init_pipe_label(struct label *label) 912{ 913 914 mac_init_label(label); 915 MAC_PERFORM(init_pipe_label, label); | 900} 901 902static void 903mac_init_pipe_label(struct label *label) 904{ 905 906 mac_init_label(label); 907 MAC_PERFORM(init_pipe_label, label); |
916#ifdef MAC_DEBUG 917 atomic_add_int(&nmacpipes, 1); 918#endif | 908 MAC_DEBUG_COUNTER_INC(&nmacpipes); |
919} 920 921void 922mac_init_pipe(struct pipe *pipe) 923{ 924 struct label *label; 925 926 label = malloc(sizeof(struct label), M_MACPIPELABEL, M_ZERO|M_WAITOK); 927 pipe->pipe_label = label; 928 pipe->pipe_peer->pipe_label = label; 929 mac_init_pipe_label(label); 930} 931 932void 933mac_init_proc(struct proc *p) 934{ 935 936 mac_init_label(&p->p_label); 937 MAC_PERFORM(init_proc_label, &p->p_label); | 909} 910 911void 912mac_init_pipe(struct pipe *pipe) 913{ 914 struct label *label; 915 916 label = malloc(sizeof(struct label), M_MACPIPELABEL, M_ZERO|M_WAITOK); 917 pipe->pipe_label = label; 918 pipe->pipe_peer->pipe_label = label; 919 mac_init_pipe_label(label); 920} 921 922void 923mac_init_proc(struct proc *p) 924{ 925 926 mac_init_label(&p->p_label); 927 MAC_PERFORM(init_proc_label, &p->p_label); |
938#ifdef MAC_DEBUG 939 atomic_add_int(&nmacprocs, 1); 940#endif | 928 MAC_DEBUG_COUNTER_INC(&nmacprocs); |
941} 942 943static int 944mac_init_socket_label(struct label *label, int flag) 945{ 946 int error; 947 948 mac_init_label(label); 949 950 MAC_CHECK(init_socket_label, label, flag); 951 if (error) { 952 MAC_PERFORM(destroy_socket_label, label); 953 mac_destroy_label(label); | 929} 930 931static int 932mac_init_socket_label(struct label *label, int flag) 933{ 934 int error; 935 936 mac_init_label(label); 937 938 MAC_CHECK(init_socket_label, label, flag); 939 if (error) { 940 MAC_PERFORM(destroy_socket_label, label); 941 mac_destroy_label(label); |
942 } else { 943 MAC_DEBUG_COUNTER_INC(&nmacsockets); |
|
954 } 955 | 944 } 945 |
956#ifdef MAC_DEBUG 957 if (error == 0) 958 atomic_add_int(&nmacsockets, 1); 959#endif 960 | |
961 return (error); 962} 963 964static int 965mac_init_socket_peer_label(struct label *label, int flag) 966{ 967 int error; 968 --- 25 unchanged lines hidden (view full) --- 994} 995 996void 997mac_init_vnode_label(struct label *label) 998{ 999 1000 mac_init_label(label); 1001 MAC_PERFORM(init_vnode_label, label); | 946 return (error); 947} 948 949static int 950mac_init_socket_peer_label(struct label *label, int flag) 951{ 952 int error; 953 --- 25 unchanged lines hidden (view full) --- 979} 980 981void 982mac_init_vnode_label(struct label *label) 983{ 984 985 mac_init_label(label); 986 MAC_PERFORM(init_vnode_label, label); |
1002#ifdef MAC_DEBUG 1003 atomic_add_int(&nmacvnodes, 1); 1004#endif | 987 MAC_DEBUG_COUNTER_INC(&nmacvnodes); |
1005} 1006 1007void 1008mac_init_vnode(struct vnode *vp) 1009{ 1010 1011 mac_init_vnode_label(&vp->v_label); 1012} 1013 1014void 1015mac_destroy_bpfdesc(struct bpf_d *bpf_d) 1016{ 1017 1018 MAC_PERFORM(destroy_bpfdesc_label, &bpf_d->bd_label); 1019 mac_destroy_label(&bpf_d->bd_label); | 988} 989 990void 991mac_init_vnode(struct vnode *vp) 992{ 993 994 mac_init_vnode_label(&vp->v_label); 995} 996 997void 998mac_destroy_bpfdesc(struct bpf_d *bpf_d) 999{ 1000 1001 MAC_PERFORM(destroy_bpfdesc_label, &bpf_d->bd_label); 1002 mac_destroy_label(&bpf_d->bd_label); |
1020#ifdef MAC_DEBUG 1021 atomic_subtract_int(&nmacbpfdescs, 1); 1022#endif | 1003 MAC_DEBUG_COUNTER_DEC(&nmacbpfdescs); |
1023} 1024 1025static void 1026mac_destroy_cred_label(struct label *label) 1027{ 1028 1029 MAC_PERFORM(destroy_cred_label, label); 1030 mac_destroy_label(label); | 1004} 1005 1006static void 1007mac_destroy_cred_label(struct label *label) 1008{ 1009 1010 MAC_PERFORM(destroy_cred_label, label); 1011 mac_destroy_label(label); |
1031#ifdef MAC_DEBUG 1032 atomic_subtract_int(&nmaccreds, 1); 1033#endif | 1012 MAC_DEBUG_COUNTER_DEC(&nmaccreds); |
1034} 1035 1036void 1037mac_destroy_cred(struct ucred *cred) 1038{ 1039 1040 mac_destroy_cred_label(&cred->cr_label); 1041} 1042 1043void 1044mac_destroy_devfsdirent(struct devfs_dirent *de) 1045{ 1046 1047 MAC_PERFORM(destroy_devfsdirent_label, &de->de_label); 1048 mac_destroy_label(&de->de_label); | 1013} 1014 1015void 1016mac_destroy_cred(struct ucred *cred) 1017{ 1018 1019 mac_destroy_cred_label(&cred->cr_label); 1020} 1021 1022void 1023mac_destroy_devfsdirent(struct devfs_dirent *de) 1024{ 1025 1026 MAC_PERFORM(destroy_devfsdirent_label, &de->de_label); 1027 mac_destroy_label(&de->de_label); |
1049#ifdef MAC_DEBUG 1050 atomic_subtract_int(&nmacdevfsdirents, 1); 1051#endif | 1028 MAC_DEBUG_COUNTER_DEC(&nmacdevfsdirents); |
1052} 1053 1054static void 1055mac_destroy_ifnet_label(struct label *label) 1056{ 1057 1058 MAC_PERFORM(destroy_ifnet_label, label); 1059 mac_destroy_label(label); | 1029} 1030 1031static void 1032mac_destroy_ifnet_label(struct label *label) 1033{ 1034 1035 MAC_PERFORM(destroy_ifnet_label, label); 1036 mac_destroy_label(label); |
1060#ifdef MAC_DEBUG 1061 atomic_subtract_int(&nmacifnets, 1); 1062#endif | 1037 MAC_DEBUG_COUNTER_DEC(&nmacifnets); |
1063} 1064 1065void 1066mac_destroy_ifnet(struct ifnet *ifp) 1067{ 1068 1069 mac_destroy_ifnet_label(&ifp->if_label); 1070} 1071 1072void 1073mac_destroy_ipq(struct ipq *ipq) 1074{ 1075 1076 MAC_PERFORM(destroy_ipq_label, &ipq->ipq_label); 1077 mac_destroy_label(&ipq->ipq_label); | 1038} 1039 1040void 1041mac_destroy_ifnet(struct ifnet *ifp) 1042{ 1043 1044 mac_destroy_ifnet_label(&ifp->if_label); 1045} 1046 1047void 1048mac_destroy_ipq(struct ipq *ipq) 1049{ 1050 1051 MAC_PERFORM(destroy_ipq_label, &ipq->ipq_label); 1052 mac_destroy_label(&ipq->ipq_label); |
1078#ifdef MAC_DEBUG 1079 atomic_subtract_int(&nmacipqs, 1); 1080#endif | 1053 MAC_DEBUG_COUNTER_DEC(&nmacipqs); |
1081} 1082 1083void 1084mac_destroy_mbuf_tag(struct m_tag *tag) 1085{ 1086 struct label *label; 1087 1088 label = (struct label *)(tag+1); 1089 1090 MAC_PERFORM(destroy_mbuf_label, label); 1091 mac_destroy_label(label); | 1054} 1055 1056void 1057mac_destroy_mbuf_tag(struct m_tag *tag) 1058{ 1059 struct label *label; 1060 1061 label = (struct label *)(tag+1); 1062 1063 MAC_PERFORM(destroy_mbuf_label, label); 1064 mac_destroy_label(label); |
1092#ifdef MAC_DEBUG 1093 atomic_subtract_int(&nmacmbufs, 1); 1094#endif | 1065 MAC_DEBUG_COUNTER_DEC(&nmacmbufs); |
1095} 1096 1097void 1098mac_destroy_mount(struct mount *mp) 1099{ 1100 1101 MAC_PERFORM(destroy_mount_label, &mp->mnt_mntlabel); 1102 MAC_PERFORM(destroy_mount_fs_label, &mp->mnt_fslabel); 1103 mac_destroy_label(&mp->mnt_fslabel); 1104 mac_destroy_label(&mp->mnt_mntlabel); | 1066} 1067 1068void 1069mac_destroy_mount(struct mount *mp) 1070{ 1071 1072 MAC_PERFORM(destroy_mount_label, &mp->mnt_mntlabel); 1073 MAC_PERFORM(destroy_mount_fs_label, &mp->mnt_fslabel); 1074 mac_destroy_label(&mp->mnt_fslabel); 1075 mac_destroy_label(&mp->mnt_mntlabel); |
1105#ifdef MAC_DEBUG 1106 atomic_subtract_int(&nmacmounts, 1); 1107#endif | 1076 MAC_DEBUG_COUNTER_DEC(&nmacmounts); |
1108} 1109 1110static void 1111mac_destroy_pipe_label(struct label *label) 1112{ 1113 1114 MAC_PERFORM(destroy_pipe_label, label); 1115 mac_destroy_label(label); | 1077} 1078 1079static void 1080mac_destroy_pipe_label(struct label *label) 1081{ 1082 1083 MAC_PERFORM(destroy_pipe_label, label); 1084 mac_destroy_label(label); |
1116#ifdef MAC_DEBUG 1117 atomic_subtract_int(&nmacpipes, 1); 1118#endif | 1085 MAC_DEBUG_COUNTER_DEC(&nmacpipes); |
1119} 1120 1121void 1122mac_destroy_pipe(struct pipe *pipe) 1123{ 1124 1125 mac_destroy_pipe_label(pipe->pipe_label); 1126 free(pipe->pipe_label, M_MACPIPELABEL); 1127} 1128 1129void 1130mac_destroy_proc(struct proc *p) 1131{ 1132 1133 MAC_PERFORM(destroy_proc_label, &p->p_label); 1134 mac_destroy_label(&p->p_label); | 1086} 1087 1088void 1089mac_destroy_pipe(struct pipe *pipe) 1090{ 1091 1092 mac_destroy_pipe_label(pipe->pipe_label); 1093 free(pipe->pipe_label, M_MACPIPELABEL); 1094} 1095 1096void 1097mac_destroy_proc(struct proc *p) 1098{ 1099 1100 MAC_PERFORM(destroy_proc_label, &p->p_label); 1101 mac_destroy_label(&p->p_label); |
1135#ifdef MAC_DEBUG 1136 atomic_subtract_int(&nmacprocs, 1); 1137#endif | 1102 MAC_DEBUG_COUNTER_DEC(&nmacprocs); |
1138} 1139 1140static void 1141mac_destroy_socket_label(struct label *label) 1142{ 1143 1144 MAC_PERFORM(destroy_socket_label, label); 1145 mac_destroy_label(label); | 1103} 1104 1105static void 1106mac_destroy_socket_label(struct label *label) 1107{ 1108 1109 MAC_PERFORM(destroy_socket_label, label); 1110 mac_destroy_label(label); |
1146#ifdef MAC_DEBUG 1147 atomic_subtract_int(&nmacsockets, 1); 1148#endif | 1111 MAC_DEBUG_COUNTER_DEC(&nmacsockets); |
1149} 1150 1151static void 1152mac_destroy_socket_peer_label(struct label *label) 1153{ 1154 1155 MAC_PERFORM(destroy_socket_peer_label, label); 1156 mac_destroy_label(label); --- 8 unchanged lines hidden (view full) --- 1165} 1166 1167void 1168mac_destroy_vnode_label(struct label *label) 1169{ 1170 1171 MAC_PERFORM(destroy_vnode_label, label); 1172 mac_destroy_label(label); | 1112} 1113 1114static void 1115mac_destroy_socket_peer_label(struct label *label) 1116{ 1117 1118 MAC_PERFORM(destroy_socket_peer_label, label); 1119 mac_destroy_label(label); --- 8 unchanged lines hidden (view full) --- 1128} 1129 1130void 1131mac_destroy_vnode_label(struct label *label) 1132{ 1133 1134 MAC_PERFORM(destroy_vnode_label, label); 1135 mac_destroy_label(label); |
1173#ifdef MAC_DEBUG 1174 atomic_subtract_int(&nmacvnodes, 1); 1175#endif | 1136 MAC_DEBUG_COUNTER_DEC(&nmacvnodes); |
1176} 1177 1178void 1179mac_destroy_vnode(struct vnode *vp) 1180{ 1181 1182 mac_destroy_vnode_label(&vp->v_label); 1183} --- 2762 unchanged lines hidden --- | 1137} 1138 1139void 1140mac_destroy_vnode(struct vnode *vp) 1141{ 1142 1143 mac_destroy_vnode_label(&vp->v_label); 1144} --- 2762 unchanged lines hidden --- |