1/*-
2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson
3 * Copyright (c) 2001 Ilmar S. Habibulin
4 * Copyright (c) 2001, 2002, 2003 Networks Associates Technology, Inc.
5 * All rights reserved.
6 *
7 * This software was developed by Robert Watson and Ilmar Habibulin for the
8 * TrustedBSD Project.
--- 26 unchanged lines hidden (view full) ---
35 */
36
37/*
38 * Framework for extensible kernel access control. Kernel and userland
39 * interface to the framework, policy registration and composition.
40 */
41
42#include <sys/cdefs.h>
43__FBSDID("$FreeBSD: head/sys/security/mac/mac_process.c 118308 2003-08-01 15:45:14Z rwatson $");
44
45#include "opt_mac.h"
46#include "opt_devfs.h"
47
48#include <sys/param.h>
49#include <sys/condvar.h>
50#include <sys/extattr.h>
51#include <sys/imgact.h>
--- 146 unchanged lines hidden (view full) ---
198
199SYSCTL_NODE(_security_mac_debug, OID_AUTO, counters, CTLFLAG_RW, 0,
200 "TrustedBSD MAC object counters");
201
202static unsigned int nmacmbufs, nmaccreds, nmacifnets, nmacbpfdescs,
203 nmacsockets, nmacmounts, nmactemp, nmacvnodes, nmacdevfsdirents,
204 nmacipqs, nmacpipes, nmacprocs;
205
206SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, mbufs, CTLFLAG_RD,
207 &nmacmbufs, 0, "number of mbufs in use");
208SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, creds, CTLFLAG_RD,
209 &nmaccreds, 0, "number of ucreds in use");
210SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, ifnets, CTLFLAG_RD,
211 &nmacifnets, 0, "number of ifnets in use");
212SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, ipqs, CTLFLAG_RD,
213 &nmacipqs, 0, "number of ipqs in use");
--- 8 unchanged lines hidden (view full) ---
222SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, mounts, CTLFLAG_RD,
223 &nmacmounts, 0, "number of mounts in use");
224SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, temp, CTLFLAG_RD,
225 &nmactemp, 0, "number of temporary labels in use");
226SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, vnodes, CTLFLAG_RD,
227 &nmacvnodes, 0, "number of vnodes in use");
228SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, devfsdirents, CTLFLAG_RD,
229 &nmacdevfsdirents, 0, "number of devfs dirents inuse");
230#endif
231
232static int error_select(int error1, int error2);
233static int mac_policy_register(struct mac_policy_conf *mpc);
234static int mac_policy_unregister(struct mac_policy_conf *mpc);
235
236static void mac_check_vnode_mmap_downgrade(struct ucred *cred,
237 struct vnode *vp, int *prot);
--- 530 unchanged lines hidden (view full) ---
768}
769
770void
771mac_init_bpfdesc(struct bpf_d *bpf_d)
772{
773
774 mac_init_label(&bpf_d->bd_label);
775 MAC_PERFORM(init_bpfdesc_label, &bpf_d->bd_label);
776#ifdef MAC_DEBUG
777 atomic_add_int(&nmacbpfdescs, 1);
778#endif
779}
780
781static void
782mac_init_cred_label(struct label *label)
783{
784
785 mac_init_label(label);
786 MAC_PERFORM(init_cred_label, label);
787#ifdef MAC_DEBUG
788 atomic_add_int(&nmaccreds, 1);
789#endif
790}
791
792void
793mac_init_cred(struct ucred *cred)
794{
795
796 mac_init_cred_label(&cred->cr_label);
797}
798
799void
800mac_init_devfsdirent(struct devfs_dirent *de)
801{
802
803 mac_init_label(&de->de_label);
804 MAC_PERFORM(init_devfsdirent_label, &de->de_label);
805#ifdef MAC_DEBUG
806 atomic_add_int(&nmacdevfsdirents, 1);
807#endif
808}
809
810static void
811mac_init_ifnet_label(struct label *label)
812{
813
814 mac_init_label(label);
815 MAC_PERFORM(init_ifnet_label, label);
816#ifdef MAC_DEBUG
817 atomic_add_int(&nmacifnets, 1);
818#endif
819}
820
821void
822mac_init_ifnet(struct ifnet *ifp)
823{
824
825 mac_init_ifnet_label(&ifp->if_label);
826}
--- 4 unchanged lines hidden (view full) ---
831 int error;
832
833 mac_init_label(&ipq->ipq_label);
834
835 MAC_CHECK(init_ipq_label, &ipq->ipq_label, flag);
836 if (error) {
837 MAC_PERFORM(destroy_ipq_label, &ipq->ipq_label);
838 mac_destroy_label(&ipq->ipq_label);
839 }
840#ifdef MAC_DEBUG
841 if (error == 0)
842 atomic_add_int(&nmacipqs, 1);
843#endif
844 return (error);
845}
846
847int
848mac_init_mbuf_tag(struct m_tag *tag, int flag)
849{
850 struct label *label;
851 int error;
852
853 label = (struct label *) (tag + 1);
854 mac_init_label(label);
855
856 MAC_CHECK(init_mbuf_label, label, flag);
857 if (error) {
858 MAC_PERFORM(destroy_mbuf_label, label);
859 mac_destroy_label(label);
860 }
861#ifdef MAC_DEBUG
862 if (error == 0)
863 atomic_add_int(&nmacmbufs, 1);
864#endif
865 return (error);
866}
867
868int
869mac_init_mbuf(struct mbuf *m, int flag)
870{
871 struct m_tag *tag;
872 int error;
--- 24 unchanged lines hidden (view full) ---
897void
898mac_init_mount(struct mount *mp)
899{
900
901 mac_init_label(&mp->mnt_mntlabel);
902 mac_init_label(&mp->mnt_fslabel);
903 MAC_PERFORM(init_mount_label, &mp->mnt_mntlabel);
904 MAC_PERFORM(init_mount_fs_label, &mp->mnt_fslabel);
905#ifdef MAC_DEBUG
906 atomic_add_int(&nmacmounts, 1);
907#endif
908}
909
910static void
911mac_init_pipe_label(struct label *label)
912{
913
914 mac_init_label(label);
915 MAC_PERFORM(init_pipe_label, label);
916#ifdef MAC_DEBUG
917 atomic_add_int(&nmacpipes, 1);
918#endif
919}
920
921void
922mac_init_pipe(struct pipe *pipe)
923{
924 struct label *label;
925
926 label = malloc(sizeof(struct label), M_MACPIPELABEL, M_ZERO|M_WAITOK);
927 pipe->pipe_label = label;
928 pipe->pipe_peer->pipe_label = label;
929 mac_init_pipe_label(label);
930}
931
932void
933mac_init_proc(struct proc *p)
934{
935
936 mac_init_label(&p->p_label);
937 MAC_PERFORM(init_proc_label, &p->p_label);
938#ifdef MAC_DEBUG
939 atomic_add_int(&nmacprocs, 1);
940#endif
941}
942
943static int
944mac_init_socket_label(struct label *label, int flag)
945{
946 int error;
947
948 mac_init_label(label);
949
950 MAC_CHECK(init_socket_label, label, flag);
951 if (error) {
952 MAC_PERFORM(destroy_socket_label, label);
953 mac_destroy_label(label);
954 }
955
956#ifdef MAC_DEBUG
957 if (error == 0)
958 atomic_add_int(&nmacsockets, 1);
959#endif
960
961 return (error);
962}
963
964static int
965mac_init_socket_peer_label(struct label *label, int flag)
966{
967 int error;
968
--- 25 unchanged lines hidden (view full) ---
994}
995
996void
997mac_init_vnode_label(struct label *label)
998{
999
1000 mac_init_label(label);
1001 MAC_PERFORM(init_vnode_label, label);
1002#ifdef MAC_DEBUG
1003 atomic_add_int(&nmacvnodes, 1);
1004#endif
1005}
1006
1007void
1008mac_init_vnode(struct vnode *vp)
1009{
1010
1011 mac_init_vnode_label(&vp->v_label);
1012}
1013
1014void
1015mac_destroy_bpfdesc(struct bpf_d *bpf_d)
1016{
1017
1018 MAC_PERFORM(destroy_bpfdesc_label, &bpf_d->bd_label);
1019 mac_destroy_label(&bpf_d->bd_label);
1020#ifdef MAC_DEBUG
1021 atomic_subtract_int(&nmacbpfdescs, 1);
1022#endif
1023}
1024
1025static void
1026mac_destroy_cred_label(struct label *label)
1027{
1028
1029 MAC_PERFORM(destroy_cred_label, label);
1030 mac_destroy_label(label);
1031#ifdef MAC_DEBUG
1032 atomic_subtract_int(&nmaccreds, 1);
1033#endif
1034}
1035
1036void
1037mac_destroy_cred(struct ucred *cred)
1038{
1039
1040 mac_destroy_cred_label(&cred->cr_label);
1041}
1042
1043void
1044mac_destroy_devfsdirent(struct devfs_dirent *de)
1045{
1046
1047 MAC_PERFORM(destroy_devfsdirent_label, &de->de_label);
1048 mac_destroy_label(&de->de_label);
1049#ifdef MAC_DEBUG
1050 atomic_subtract_int(&nmacdevfsdirents, 1);
1051#endif
1052}
1053
1054static void
1055mac_destroy_ifnet_label(struct label *label)
1056{
1057
1058 MAC_PERFORM(destroy_ifnet_label, label);
1059 mac_destroy_label(label);
1060#ifdef MAC_DEBUG
1061 atomic_subtract_int(&nmacifnets, 1);
1062#endif
1063}
1064
1065void
1066mac_destroy_ifnet(struct ifnet *ifp)
1067{
1068
1069 mac_destroy_ifnet_label(&ifp->if_label);
1070}
1071
1072void
1073mac_destroy_ipq(struct ipq *ipq)
1074{
1075
1076 MAC_PERFORM(destroy_ipq_label, &ipq->ipq_label);
1077 mac_destroy_label(&ipq->ipq_label);
1078#ifdef MAC_DEBUG
1079 atomic_subtract_int(&nmacipqs, 1);
1080#endif
1081}
1082
1083void
1084mac_destroy_mbuf_tag(struct m_tag *tag)
1085{
1086 struct label *label;
1087
1088 label = (struct label *)(tag+1);
1089
1090 MAC_PERFORM(destroy_mbuf_label, label);
1091 mac_destroy_label(label);
1092#ifdef MAC_DEBUG
1093 atomic_subtract_int(&nmacmbufs, 1);
1094#endif
1095}
1096
1097void
1098mac_destroy_mount(struct mount *mp)
1099{
1100
1101 MAC_PERFORM(destroy_mount_label, &mp->mnt_mntlabel);
1102 MAC_PERFORM(destroy_mount_fs_label, &mp->mnt_fslabel);
1103 mac_destroy_label(&mp->mnt_fslabel);
1104 mac_destroy_label(&mp->mnt_mntlabel);
1105#ifdef MAC_DEBUG
1106 atomic_subtract_int(&nmacmounts, 1);
1107#endif
1108}
1109
1110static void
1111mac_destroy_pipe_label(struct label *label)
1112{
1113
1114 MAC_PERFORM(destroy_pipe_label, label);
1115 mac_destroy_label(label);
1116#ifdef MAC_DEBUG
1117 atomic_subtract_int(&nmacpipes, 1);
1118#endif
1119}
1120
1121void
1122mac_destroy_pipe(struct pipe *pipe)
1123{
1124
1125 mac_destroy_pipe_label(pipe->pipe_label);
1126 free(pipe->pipe_label, M_MACPIPELABEL);
1127}
1128
1129void
1130mac_destroy_proc(struct proc *p)
1131{
1132
1133 MAC_PERFORM(destroy_proc_label, &p->p_label);
1134 mac_destroy_label(&p->p_label);
1135#ifdef MAC_DEBUG
1136 atomic_subtract_int(&nmacprocs, 1);
1137#endif
1138}
1139
1140static void
1141mac_destroy_socket_label(struct label *label)
1142{
1143
1144 MAC_PERFORM(destroy_socket_label, label);
1145 mac_destroy_label(label);
1146#ifdef MAC_DEBUG
1147 atomic_subtract_int(&nmacsockets, 1);
1148#endif
1149}
1150
1151static void
1152mac_destroy_socket_peer_label(struct label *label)
1153{
1154
1155 MAC_PERFORM(destroy_socket_peer_label, label);
1156 mac_destroy_label(label);
--- 8 unchanged lines hidden (view full) ---
1165}
1166
1167void
1168mac_destroy_vnode_label(struct label *label)
1169{
1170
1171 MAC_PERFORM(destroy_vnode_label, label);
1172 mac_destroy_label(label);
1173#ifdef MAC_DEBUG
1174 atomic_subtract_int(&nmacvnodes, 1);
1175#endif
1176}
1177
1178void
1179mac_destroy_vnode(struct vnode *vp)
1180{
1181
1182 mac_destroy_vnode_label(&vp->v_label);
1183}
--- 2762 unchanged lines hidden ---
2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson
3 * Copyright (c) 2001 Ilmar S. Habibulin
4 * Copyright (c) 2001, 2002, 2003 Networks Associates Technology, Inc.
5 * All rights reserved.
6 *
7 * This software was developed by Robert Watson and Ilmar Habibulin for the
8 * TrustedBSD Project.
--- 26 unchanged lines hidden (view full) ---
35 */
36
37/*
38 * Framework for extensible kernel access control. Kernel and userland
39 * interface to the framework, policy registration and composition.
40 */
41
42#include <sys/cdefs.h>
43__FBSDID("$FreeBSD: head/sys/security/mac/mac_process.c 118308 2003-08-01 15:45:14Z rwatson $");
44
45#include "opt_mac.h"
46#include "opt_devfs.h"
47
48#include <sys/param.h>
49#include <sys/condvar.h>
50#include <sys/extattr.h>
51#include <sys/imgact.h>
--- 146 unchanged lines hidden (view full) ---
198
199SYSCTL_NODE(_security_mac_debug, OID_AUTO, counters, CTLFLAG_RW, 0,
200 "TrustedBSD MAC object counters");
201
202static unsigned int nmacmbufs, nmaccreds, nmacifnets, nmacbpfdescs,
203 nmacsockets, nmacmounts, nmactemp, nmacvnodes, nmacdevfsdirents,
204 nmacipqs, nmacpipes, nmacprocs;
205
206SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, mbufs, CTLFLAG_RD,
207 &nmacmbufs, 0, "number of mbufs in use");
208SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, creds, CTLFLAG_RD,
209 &nmaccreds, 0, "number of ucreds in use");
210SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, ifnets, CTLFLAG_RD,
211 &nmacifnets, 0, "number of ifnets in use");
212SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, ipqs, CTLFLAG_RD,
213 &nmacipqs, 0, "number of ipqs in use");
--- 8 unchanged lines hidden (view full) ---
222SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, mounts, CTLFLAG_RD,
223 &nmacmounts, 0, "number of mounts in use");
224SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, temp, CTLFLAG_RD,
225 &nmactemp, 0, "number of temporary labels in use");
226SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, vnodes, CTLFLAG_RD,
227 &nmacvnodes, 0, "number of vnodes in use");
228SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, devfsdirents, CTLFLAG_RD,
229 &nmacdevfsdirents, 0, "number of devfs dirents inuse");
230#endif
231
232static int error_select(int error1, int error2);
233static int mac_policy_register(struct mac_policy_conf *mpc);
234static int mac_policy_unregister(struct mac_policy_conf *mpc);
235
236static void mac_check_vnode_mmap_downgrade(struct ucred *cred,
237 struct vnode *vp, int *prot);
--- 530 unchanged lines hidden (view full) ---
768}
769
770void
771mac_init_bpfdesc(struct bpf_d *bpf_d)
772{
773
774 mac_init_label(&bpf_d->bd_label);
775 MAC_PERFORM(init_bpfdesc_label, &bpf_d->bd_label);
776#ifdef MAC_DEBUG
777 atomic_add_int(&nmacbpfdescs, 1);
778#endif
779}
780
781static void
782mac_init_cred_label(struct label *label)
783{
784
785 mac_init_label(label);
786 MAC_PERFORM(init_cred_label, label);
787#ifdef MAC_DEBUG
788 atomic_add_int(&nmaccreds, 1);
789#endif
790}
791
792void
793mac_init_cred(struct ucred *cred)
794{
795
796 mac_init_cred_label(&cred->cr_label);
797}
798
799void
800mac_init_devfsdirent(struct devfs_dirent *de)
801{
802
803 mac_init_label(&de->de_label);
804 MAC_PERFORM(init_devfsdirent_label, &de->de_label);
805#ifdef MAC_DEBUG
806 atomic_add_int(&nmacdevfsdirents, 1);
807#endif
808}
809
810static void
811mac_init_ifnet_label(struct label *label)
812{
813
814 mac_init_label(label);
815 MAC_PERFORM(init_ifnet_label, label);
816#ifdef MAC_DEBUG
817 atomic_add_int(&nmacifnets, 1);
818#endif
819}
820
821void
822mac_init_ifnet(struct ifnet *ifp)
823{
824
825 mac_init_ifnet_label(&ifp->if_label);
826}
--- 4 unchanged lines hidden (view full) ---
831 int error;
832
833 mac_init_label(&ipq->ipq_label);
834
835 MAC_CHECK(init_ipq_label, &ipq->ipq_label, flag);
836 if (error) {
837 MAC_PERFORM(destroy_ipq_label, &ipq->ipq_label);
838 mac_destroy_label(&ipq->ipq_label);
839 }
840#ifdef MAC_DEBUG
841 if (error == 0)
842 atomic_add_int(&nmacipqs, 1);
843#endif
844 return (error);
845}
846
847int
848mac_init_mbuf_tag(struct m_tag *tag, int flag)
849{
850 struct label *label;
851 int error;
852
853 label = (struct label *) (tag + 1);
854 mac_init_label(label);
855
856 MAC_CHECK(init_mbuf_label, label, flag);
857 if (error) {
858 MAC_PERFORM(destroy_mbuf_label, label);
859 mac_destroy_label(label);
860 }
861#ifdef MAC_DEBUG
862 if (error == 0)
863 atomic_add_int(&nmacmbufs, 1);
864#endif
865 return (error);
866}
867
868int
869mac_init_mbuf(struct mbuf *m, int flag)
870{
871 struct m_tag *tag;
872 int error;
--- 24 unchanged lines hidden (view full) ---
897void
898mac_init_mount(struct mount *mp)
899{
900
901 mac_init_label(&mp->mnt_mntlabel);
902 mac_init_label(&mp->mnt_fslabel);
903 MAC_PERFORM(init_mount_label, &mp->mnt_mntlabel);
904 MAC_PERFORM(init_mount_fs_label, &mp->mnt_fslabel);
905#ifdef MAC_DEBUG
906 atomic_add_int(&nmacmounts, 1);
907#endif
908}
909
910static void
911mac_init_pipe_label(struct label *label)
912{
913
914 mac_init_label(label);
915 MAC_PERFORM(init_pipe_label, label);
916#ifdef MAC_DEBUG
917 atomic_add_int(&nmacpipes, 1);
918#endif
919}
920
921void
922mac_init_pipe(struct pipe *pipe)
923{
924 struct label *label;
925
926 label = malloc(sizeof(struct label), M_MACPIPELABEL, M_ZERO|M_WAITOK);
927 pipe->pipe_label = label;
928 pipe->pipe_peer->pipe_label = label;
929 mac_init_pipe_label(label);
930}
931
932void
933mac_init_proc(struct proc *p)
934{
935
936 mac_init_label(&p->p_label);
937 MAC_PERFORM(init_proc_label, &p->p_label);
938#ifdef MAC_DEBUG
939 atomic_add_int(&nmacprocs, 1);
940#endif
941}
942
943static int
944mac_init_socket_label(struct label *label, int flag)
945{
946 int error;
947
948 mac_init_label(label);
949
950 MAC_CHECK(init_socket_label, label, flag);
951 if (error) {
952 MAC_PERFORM(destroy_socket_label, label);
953 mac_destroy_label(label);
954 }
955
956#ifdef MAC_DEBUG
957 if (error == 0)
958 atomic_add_int(&nmacsockets, 1);
959#endif
960
961 return (error);
962}
963
964static int
965mac_init_socket_peer_label(struct label *label, int flag)
966{
967 int error;
968
--- 25 unchanged lines hidden (view full) ---
994}
995
996void
997mac_init_vnode_label(struct label *label)
998{
999
1000 mac_init_label(label);
1001 MAC_PERFORM(init_vnode_label, label);
1002#ifdef MAC_DEBUG
1003 atomic_add_int(&nmacvnodes, 1);
1004#endif
1005}
1006
1007void
1008mac_init_vnode(struct vnode *vp)
1009{
1010
1011 mac_init_vnode_label(&vp->v_label);
1012}
1013
1014void
1015mac_destroy_bpfdesc(struct bpf_d *bpf_d)
1016{
1017
1018 MAC_PERFORM(destroy_bpfdesc_label, &bpf_d->bd_label);
1019 mac_destroy_label(&bpf_d->bd_label);
1020#ifdef MAC_DEBUG
1021 atomic_subtract_int(&nmacbpfdescs, 1);
1022#endif
1023}
1024
1025static void
1026mac_destroy_cred_label(struct label *label)
1027{
1028
1029 MAC_PERFORM(destroy_cred_label, label);
1030 mac_destroy_label(label);
1031#ifdef MAC_DEBUG
1032 atomic_subtract_int(&nmaccreds, 1);
1033#endif
1034}
1035
1036void
1037mac_destroy_cred(struct ucred *cred)
1038{
1039
1040 mac_destroy_cred_label(&cred->cr_label);
1041}
1042
1043void
1044mac_destroy_devfsdirent(struct devfs_dirent *de)
1045{
1046
1047 MAC_PERFORM(destroy_devfsdirent_label, &de->de_label);
1048 mac_destroy_label(&de->de_label);
1049#ifdef MAC_DEBUG
1050 atomic_subtract_int(&nmacdevfsdirents, 1);
1051#endif
1052}
1053
1054static void
1055mac_destroy_ifnet_label(struct label *label)
1056{
1057
1058 MAC_PERFORM(destroy_ifnet_label, label);
1059 mac_destroy_label(label);
1060#ifdef MAC_DEBUG
1061 atomic_subtract_int(&nmacifnets, 1);
1062#endif
1063}
1064
1065void
1066mac_destroy_ifnet(struct ifnet *ifp)
1067{
1068
1069 mac_destroy_ifnet_label(&ifp->if_label);
1070}
1071
1072void
1073mac_destroy_ipq(struct ipq *ipq)
1074{
1075
1076 MAC_PERFORM(destroy_ipq_label, &ipq->ipq_label);
1077 mac_destroy_label(&ipq->ipq_label);
1078#ifdef MAC_DEBUG
1079 atomic_subtract_int(&nmacipqs, 1);
1080#endif
1081}
1082
1083void
1084mac_destroy_mbuf_tag(struct m_tag *tag)
1085{
1086 struct label *label;
1087
1088 label = (struct label *)(tag+1);
1089
1090 MAC_PERFORM(destroy_mbuf_label, label);
1091 mac_destroy_label(label);
1092#ifdef MAC_DEBUG
1093 atomic_subtract_int(&nmacmbufs, 1);
1094#endif
1095}
1096
1097void
1098mac_destroy_mount(struct mount *mp)
1099{
1100
1101 MAC_PERFORM(destroy_mount_label, &mp->mnt_mntlabel);
1102 MAC_PERFORM(destroy_mount_fs_label, &mp->mnt_fslabel);
1103 mac_destroy_label(&mp->mnt_fslabel);
1104 mac_destroy_label(&mp->mnt_mntlabel);
1105#ifdef MAC_DEBUG
1106 atomic_subtract_int(&nmacmounts, 1);
1107#endif
1108}
1109
1110static void
1111mac_destroy_pipe_label(struct label *label)
1112{
1113
1114 MAC_PERFORM(destroy_pipe_label, label);
1115 mac_destroy_label(label);
1116#ifdef MAC_DEBUG
1117 atomic_subtract_int(&nmacpipes, 1);
1118#endif
1119}
1120
1121void
1122mac_destroy_pipe(struct pipe *pipe)
1123{
1124
1125 mac_destroy_pipe_label(pipe->pipe_label);
1126 free(pipe->pipe_label, M_MACPIPELABEL);
1127}
1128
1129void
1130mac_destroy_proc(struct proc *p)
1131{
1132
1133 MAC_PERFORM(destroy_proc_label, &p->p_label);
1134 mac_destroy_label(&p->p_label);
1135#ifdef MAC_DEBUG
1136 atomic_subtract_int(&nmacprocs, 1);
1137#endif
1138}
1139
1140static void
1141mac_destroy_socket_label(struct label *label)
1142{
1143
1144 MAC_PERFORM(destroy_socket_label, label);
1145 mac_destroy_label(label);
1146#ifdef MAC_DEBUG
1147 atomic_subtract_int(&nmacsockets, 1);
1148#endif
1149}
1150
1151static void
1152mac_destroy_socket_peer_label(struct label *label)
1153{
1154
1155 MAC_PERFORM(destroy_socket_peer_label, label);
1156 mac_destroy_label(label);
--- 8 unchanged lines hidden (view full) ---
1165}
1166
1167void
1168mac_destroy_vnode_label(struct label *label)
1169{
1170
1171 MAC_PERFORM(destroy_vnode_label, label);
1172 mac_destroy_label(label);
1173#ifdef MAC_DEBUG
1174 atomic_subtract_int(&nmacvnodes, 1);
1175#endif
1176}
1177
1178void
1179mac_destroy_vnode(struct vnode *vp)
1180{
1181
1182 mac_destroy_vnode_label(&vp->v_label);
1183}
--- 2762 unchanged lines hidden ---