Cross Reference: /freebsd-10.0-release/sys/security/mac/mac

Deleted Added

sdiff udiff text old ( 118308 ) new ( 119184 )

full compact

mac_syscalls.c (118308)	mac_syscalls.c (119184)
1/- 2 Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001 Ilmar S. Habibulin 4 * Copyright (c) 2001, 2002, 2003 Networks Associates Technology, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson and Ilmar Habibulin for the 8 * TrustedBSD Project. --- 26 unchanged lines hidden (view full) --- 35 / 36 37/ 38 * Framework for extensible kernel access control. Kernel and userland 39 * interface to the framework, policy registration and composition. 40 */ 41 42#include <sys/cdefs.h>	1/- 2 Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001 Ilmar S. Habibulin 4 * Copyright (c) 2001, 2002, 2003 Networks Associates Technology, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson and Ilmar Habibulin for the 8 * TrustedBSD Project. --- 26 unchanged lines hidden (view full) --- 35 / 36 37/ 38 * Framework for extensible kernel access control. Kernel and userland 39 * interface to the framework, policy registration and composition. 40 */ 41 42#include <sys/cdefs.h>
43__FBSDID("$FreeBSD: head/sys/security/mac/mac_syscalls.c 118308 2003-08-01 15:45:14Z rwatson $");	43__FBSDID("$FreeBSD: head/sys/security/mac/mac_syscalls.c 119184 2003-08-20 19:16:49Z rwatson $");
44 45#include "opt_mac.h" 46#include "opt_devfs.h" 47 48#include <sys/param.h> 49#include <sys/condvar.h> 50#include <sys/extattr.h> 51#include <sys/imgact.h> --- 146 unchanged lines hidden (view full) --- 198 199SYSCTL_NODE(_security_mac_debug, OID_AUTO, counters, CTLFLAG_RW, 0, 200 "TrustedBSD MAC object counters"); 201 202static unsigned int nmacmbufs, nmaccreds, nmacifnets, nmacbpfdescs, 203 nmacsockets, nmacmounts, nmactemp, nmacvnodes, nmacdevfsdirents, 204 nmacipqs, nmacpipes, nmacprocs; 205	44 45#include "opt_mac.h" 46#include "opt_devfs.h" 47 48#include <sys/param.h> 49#include <sys/condvar.h> 50#include <sys/extattr.h> 51#include <sys/imgact.h> --- 146 unchanged lines hidden (view full) --- 198 199SYSCTL_NODE(_security_mac_debug, OID_AUTO, counters, CTLFLAG_RW, 0, 200 "TrustedBSD MAC object counters"); 201 202static unsigned int nmacmbufs, nmaccreds, nmacifnets, nmacbpfdescs, 203 nmacsockets, nmacmounts, nmactemp, nmacvnodes, nmacdevfsdirents, 204 nmacipqs, nmacpipes, nmacprocs; 205
	206#define MAC_DEBUG_COUNTER_INC(x) atomic_add_int(x, 1); 207#define MAC_DEBUG_COUNTER_DEC(x) atomic_subtract_int(x, 1); 208
206SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, mbufs, CTLFLAG_RD, 207 &nmacmbufs, 0, "number of mbufs in use"); 208SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, creds, CTLFLAG_RD, 209 &nmaccreds, 0, "number of ucreds in use"); 210SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, ifnets, CTLFLAG_RD, 211 &nmacifnets, 0, "number of ifnets in use"); 212SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, ipqs, CTLFLAG_RD, 213 &nmacipqs, 0, "number of ipqs in use"); --- 8 unchanged lines hidden (view full) --- 222SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, mounts, CTLFLAG_RD, 223 &nmacmounts, 0, "number of mounts in use"); 224SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, temp, CTLFLAG_RD, 225 &nmactemp, 0, "number of temporary labels in use"); 226SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, vnodes, CTLFLAG_RD, 227 &nmacvnodes, 0, "number of vnodes in use"); 228SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, devfsdirents, CTLFLAG_RD, 229 &nmacdevfsdirents, 0, "number of devfs dirents inuse");	209SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, mbufs, CTLFLAG_RD, 210 &nmacmbufs, 0, "number of mbufs in use"); 211SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, creds, CTLFLAG_RD, 212 &nmaccreds, 0, "number of ucreds in use"); 213SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, ifnets, CTLFLAG_RD, 214 &nmacifnets, 0, "number of ifnets in use"); 215SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, ipqs, CTLFLAG_RD, 216 &nmacipqs, 0, "number of ipqs in use"); --- 8 unchanged lines hidden (view full) --- 225SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, mounts, CTLFLAG_RD, 226 &nmacmounts, 0, "number of mounts in use"); 227SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, temp, CTLFLAG_RD, 228 &nmactemp, 0, "number of temporary labels in use"); 229SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, vnodes, CTLFLAG_RD, 230 &nmacvnodes, 0, "number of vnodes in use"); 231SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, devfsdirents, CTLFLAG_RD, 232 &nmacdevfsdirents, 0, "number of devfs dirents inuse");
	233#else 234#define MAC_DEBUG_COUNTER_INC(x) 235#define MAC_DEBUG_COUNTER_DEC(x)
230#endif 231 232static int error_select(int error1, int error2); 233static int mac_policy_register(struct mac_policy_conf mpc); 234static int mac_policy_unregister(struct mac_policy_conf mpc); 235 236static void mac_check_vnode_mmap_downgrade(struct ucred cred, 237* struct vnode vp, int prot); --- 530 unchanged lines hidden (view full) --- 768} 769 770void 771mac_init_bpfdesc(struct bpf_d bpf_d) 772{ 773* 774 mac_init_label(&bpf_d->bd_label); 775 MAC_PERFORM(init_bpfdesc_label, &bpf_d->bd_label);	236#endif 237 238static int error_select(int error1, int error2); 239static int mac_policy_register(struct mac_policy_conf mpc); 240static int mac_policy_unregister(struct mac_policy_conf mpc); 241 242static void mac_check_vnode_mmap_downgrade(struct ucred cred, 243* struct vnode vp, int prot); --- 530 unchanged lines hidden (view full) --- 774} 775 776void 777mac_init_bpfdesc(struct bpf_d bpf_d) 778{ 779* 780 mac_init_label(&bpf_d->bd_label); 781 MAC_PERFORM(init_bpfdesc_label, &bpf_d->bd_label);
776#ifdef MAC_DEBUG 777 atomic_add_int(&nmacbpfdescs, 1); 778#endif	782 MAC_DEBUG_COUNTER_INC(&nmacbpfdescs);
779} 780 781static void 782mac_init_cred_label(struct label label) 783{ 784* 785 mac_init_label(label); 786 MAC_PERFORM(init_cred_label, label);	783} 784 785static void 786mac_init_cred_label(struct label label) 787{ 788* 789 mac_init_label(label); 790 MAC_PERFORM(init_cred_label, label);
787#ifdef MAC_DEBUG 788 atomic_add_int(&nmaccreds, 1); 789#endif	791 MAC_DEBUG_COUNTER_INC(&nmaccreds);
790} 791 792void 793mac_init_cred(struct ucred cred) 794{ 795* 796 mac_init_cred_label(&cred->cr_label); 797} 798 799void 800mac_init_devfsdirent(struct devfs_dirent de) 801{ 802* 803 mac_init_label(&de->de_label); 804 MAC_PERFORM(init_devfsdirent_label, &de->de_label);	792} 793 794void 795mac_init_cred(struct ucred cred) 796{ 797* 798 mac_init_cred_label(&cred->cr_label); 799} 800 801void 802mac_init_devfsdirent(struct devfs_dirent de) 803{ 804* 805 mac_init_label(&de->de_label); 806 MAC_PERFORM(init_devfsdirent_label, &de->de_label);
805#ifdef MAC_DEBUG 806 atomic_add_int(&nmacdevfsdirents, 1); 807#endif	807 MAC_DEBUG_COUNTER_INC(&nmacdevfsdirents);
808} 809 810static void 811mac_init_ifnet_label(struct label label) 812{ 813* 814 mac_init_label(label); 815 MAC_PERFORM(init_ifnet_label, label);	808} 809 810static void 811mac_init_ifnet_label(struct label label) 812{ 813* 814 mac_init_label(label); 815 MAC_PERFORM(init_ifnet_label, label);
816#ifdef MAC_DEBUG 817 atomic_add_int(&nmacifnets, 1); 818#endif	816 MAC_DEBUG_COUNTER_INC(&nmacifnets);
819} 820 821void 822mac_init_ifnet(struct ifnet ifp) 823{ 824* 825 mac_init_ifnet_label(&ifp->if_label); 826} --- 4 unchanged lines hidden (view full) --- 831 int error; 832 833 mac_init_label(&ipq->ipq_label); 834 835 MAC_CHECK(init_ipq_label, &ipq->ipq_label, flag); 836 if (error) { 837 MAC_PERFORM(destroy_ipq_label, &ipq->ipq_label); 838 mac_destroy_label(&ipq->ipq_label);	817} 818 819void 820mac_init_ifnet(struct ifnet ifp) 821{ 822* 823 mac_init_ifnet_label(&ifp->if_label); 824} --- 4 unchanged lines hidden (view full) --- 829 int error; 830 831 mac_init_label(&ipq->ipq_label); 832 833 MAC_CHECK(init_ipq_label, &ipq->ipq_label, flag); 834 if (error) { 835 MAC_PERFORM(destroy_ipq_label, &ipq->ipq_label); 836 mac_destroy_label(&ipq->ipq_label);
	837 } else { 838 MAC_DEBUG_COUNTER_INC(&nmacipqs);
839 }	839 }
840#ifdef MAC_DEBUG 841 if (error == 0) 842 atomic_add_int(&nmacipqs, 1); 843#endif
844 return (error); 845} 846 847int 848mac_init_mbuf_tag(struct m_tag tag, int flag) 849{ 850* struct label label; 851* int error; 852 853 label = (struct label ) (tag + 1); 854* mac_init_label(label); 855 856 MAC_CHECK(init_mbuf_label, label, flag); 857 if (error) { 858 MAC_PERFORM(destroy_mbuf_label, label); 859 mac_destroy_label(label);	840 return (error); 841} 842 843int 844mac_init_mbuf_tag(struct m_tag tag, int flag) 845{ 846* struct label label; 847* int error; 848 849 label = (struct label ) (tag + 1); 850* mac_init_label(label); 851 852 MAC_CHECK(init_mbuf_label, label, flag); 853 if (error) { 854 MAC_PERFORM(destroy_mbuf_label, label); 855 mac_destroy_label(label);
	856 } else { 857 MAC_DEBUG_COUNTER_INC(&nmacmbufs);
860 }	858 }
861#ifdef MAC_DEBUG 862 if (error == 0) 863 atomic_add_int(&nmacmbufs, 1); 864#endif
865 return (error); 866} 867 868int 869mac_init_mbuf(struct mbuf m, int flag) 870{ 871* struct m_tag tag; 872* int error; --- 24 unchanged lines hidden (view full) --- 897void 898mac_init_mount(struct mount mp) 899{ 900* 901 mac_init_label(&mp->mnt_mntlabel); 902 mac_init_label(&mp->mnt_fslabel); 903 MAC_PERFORM(init_mount_label, &mp->mnt_mntlabel); 904 MAC_PERFORM(init_mount_fs_label, &mp->mnt_fslabel);	859 return (error); 860} 861 862int 863mac_init_mbuf(struct mbuf m, int flag) 864{ 865* struct m_tag tag; 866* int error; --- 24 unchanged lines hidden (view full) --- 891void 892mac_init_mount(struct mount mp) 893{ 894* 895 mac_init_label(&mp->mnt_mntlabel); 896 mac_init_label(&mp->mnt_fslabel); 897 MAC_PERFORM(init_mount_label, &mp->mnt_mntlabel); 898 MAC_PERFORM(init_mount_fs_label, &mp->mnt_fslabel);
905#ifdef MAC_DEBUG 906 atomic_add_int(&nmacmounts, 1); 907#endif	899 MAC_DEBUG_COUNTER_INC(&nmacmounts);
908} 909 910static void 911mac_init_pipe_label(struct label label) 912{ 913* 914 mac_init_label(label); 915 MAC_PERFORM(init_pipe_label, label);	900} 901 902static void 903mac_init_pipe_label(struct label label) 904{ 905* 906 mac_init_label(label); 907 MAC_PERFORM(init_pipe_label, label);
916#ifdef MAC_DEBUG 917 atomic_add_int(&nmacpipes, 1); 918#endif	908 MAC_DEBUG_COUNTER_INC(&nmacpipes);
919} 920 921void 922mac_init_pipe(struct pipe pipe) 923{ 924* struct label label; 925* 926 label = malloc(sizeof(struct label), M_MACPIPELABEL, M_ZERO\|M_WAITOK); 927 pipe->pipe_label = label; 928 pipe->pipe_peer->pipe_label = label; 929 mac_init_pipe_label(label); 930} 931 932void 933mac_init_proc(struct proc p) 934{ 935* 936 mac_init_label(&p->p_label); 937 MAC_PERFORM(init_proc_label, &p->p_label);	909} 910 911void 912mac_init_pipe(struct pipe pipe) 913{ 914* struct label label; 915* 916 label = malloc(sizeof(struct label), M_MACPIPELABEL, M_ZERO\|M_WAITOK); 917 pipe->pipe_label = label; 918 pipe->pipe_peer->pipe_label = label; 919 mac_init_pipe_label(label); 920} 921 922void 923mac_init_proc(struct proc p) 924{ 925* 926 mac_init_label(&p->p_label); 927 MAC_PERFORM(init_proc_label, &p->p_label);
938#ifdef MAC_DEBUG 939 atomic_add_int(&nmacprocs, 1); 940#endif	928 MAC_DEBUG_COUNTER_INC(&nmacprocs);
941} 942 943static int 944mac_init_socket_label(struct label label, int flag) 945{ 946* int error; 947 948 mac_init_label(label); 949 950 MAC_CHECK(init_socket_label, label, flag); 951 if (error) { 952 MAC_PERFORM(destroy_socket_label, label); 953 mac_destroy_label(label);	929} 930 931static int 932mac_init_socket_label(struct label label, int flag) 933{ 934* int error; 935 936 mac_init_label(label); 937 938 MAC_CHECK(init_socket_label, label, flag); 939 if (error) { 940 MAC_PERFORM(destroy_socket_label, label); 941 mac_destroy_label(label);
	942 } else { 943 MAC_DEBUG_COUNTER_INC(&nmacsockets);
954 } 955	944 } 945
956#ifdef MAC_DEBUG 957 if (error == 0) 958 atomic_add_int(&nmacsockets, 1); 959#endif 960
961 return (error); 962} 963 964static int 965mac_init_socket_peer_label(struct label label, int flag) 966{ 967* int error; 968 --- 25 unchanged lines hidden (view full) --- 994} 995 996void 997mac_init_vnode_label(struct label label) 998{ 999* 1000 mac_init_label(label); 1001 MAC_PERFORM(init_vnode_label, label);	946 return (error); 947} 948 949static int 950mac_init_socket_peer_label(struct label label, int flag) 951{ 952* int error; 953 --- 25 unchanged lines hidden (view full) --- 979} 980 981void 982mac_init_vnode_label(struct label label) 983{ 984* 985 mac_init_label(label); 986 MAC_PERFORM(init_vnode_label, label);
1002#ifdef MAC_DEBUG 1003 atomic_add_int(&nmacvnodes, 1); 1004#endif	987 MAC_DEBUG_COUNTER_INC(&nmacvnodes);
1005} 1006 1007void 1008mac_init_vnode(struct vnode vp) 1009{ 1010* 1011 mac_init_vnode_label(&vp->v_label); 1012} 1013 1014void 1015mac_destroy_bpfdesc(struct bpf_d bpf_d) 1016{ 1017* 1018 MAC_PERFORM(destroy_bpfdesc_label, &bpf_d->bd_label); 1019 mac_destroy_label(&bpf_d->bd_label);	988} 989 990void 991mac_init_vnode(struct vnode vp) 992{ 993* 994 mac_init_vnode_label(&vp->v_label); 995} 996 997void 998mac_destroy_bpfdesc(struct bpf_d bpf_d) 999{ 1000* 1001 MAC_PERFORM(destroy_bpfdesc_label, &bpf_d->bd_label); 1002 mac_destroy_label(&bpf_d->bd_label);
1020#ifdef MAC_DEBUG 1021 atomic_subtract_int(&nmacbpfdescs, 1); 1022#endif	1003 MAC_DEBUG_COUNTER_DEC(&nmacbpfdescs);
1023} 1024 1025static void 1026mac_destroy_cred_label(struct label label) 1027{ 1028* 1029 MAC_PERFORM(destroy_cred_label, label); 1030 mac_destroy_label(label);	1004} 1005 1006static void 1007mac_destroy_cred_label(struct label label) 1008{ 1009* 1010 MAC_PERFORM(destroy_cred_label, label); 1011 mac_destroy_label(label);
1031#ifdef MAC_DEBUG 1032 atomic_subtract_int(&nmaccreds, 1); 1033#endif	1012 MAC_DEBUG_COUNTER_DEC(&nmaccreds);
1034} 1035 1036void 1037mac_destroy_cred(struct ucred cred) 1038{ 1039* 1040 mac_destroy_cred_label(&cred->cr_label); 1041} 1042 1043void 1044mac_destroy_devfsdirent(struct devfs_dirent de) 1045{ 1046* 1047 MAC_PERFORM(destroy_devfsdirent_label, &de->de_label); 1048 mac_destroy_label(&de->de_label);	1013} 1014 1015void 1016mac_destroy_cred(struct ucred cred) 1017{ 1018* 1019 mac_destroy_cred_label(&cred->cr_label); 1020} 1021 1022void 1023mac_destroy_devfsdirent(struct devfs_dirent de) 1024{ 1025* 1026 MAC_PERFORM(destroy_devfsdirent_label, &de->de_label); 1027 mac_destroy_label(&de->de_label);
1049#ifdef MAC_DEBUG 1050 atomic_subtract_int(&nmacdevfsdirents, 1); 1051#endif	1028 MAC_DEBUG_COUNTER_DEC(&nmacdevfsdirents);
1052} 1053 1054static void 1055mac_destroy_ifnet_label(struct label label) 1056{ 1057* 1058 MAC_PERFORM(destroy_ifnet_label, label); 1059 mac_destroy_label(label);	1029} 1030 1031static void 1032mac_destroy_ifnet_label(struct label label) 1033{ 1034* 1035 MAC_PERFORM(destroy_ifnet_label, label); 1036 mac_destroy_label(label);
1060#ifdef MAC_DEBUG 1061 atomic_subtract_int(&nmacifnets, 1); 1062#endif	1037 MAC_DEBUG_COUNTER_DEC(&nmacifnets);
1063} 1064 1065void 1066mac_destroy_ifnet(struct ifnet ifp) 1067{ 1068* 1069 mac_destroy_ifnet_label(&ifp->if_label); 1070} 1071 1072void 1073mac_destroy_ipq(struct ipq ipq) 1074{ 1075* 1076 MAC_PERFORM(destroy_ipq_label, &ipq->ipq_label); 1077 mac_destroy_label(&ipq->ipq_label);	1038} 1039 1040void 1041mac_destroy_ifnet(struct ifnet ifp) 1042{ 1043* 1044 mac_destroy_ifnet_label(&ifp->if_label); 1045} 1046 1047void 1048mac_destroy_ipq(struct ipq ipq) 1049{ 1050* 1051 MAC_PERFORM(destroy_ipq_label, &ipq->ipq_label); 1052 mac_destroy_label(&ipq->ipq_label);
1078#ifdef MAC_DEBUG 1079 atomic_subtract_int(&nmacipqs, 1); 1080#endif	1053 MAC_DEBUG_COUNTER_DEC(&nmacipqs);
1081} 1082 1083void 1084mac_destroy_mbuf_tag(struct m_tag tag) 1085{ 1086* struct label label; 1087* 1088 label = (struct label )(tag+1); 1089* 1090 MAC_PERFORM(destroy_mbuf_label, label); 1091 mac_destroy_label(label);	1054} 1055 1056void 1057mac_destroy_mbuf_tag(struct m_tag tag) 1058{ 1059* struct label label; 1060* 1061 label = (struct label )(tag+1); 1062* 1063 MAC_PERFORM(destroy_mbuf_label, label); 1064 mac_destroy_label(label);
1092#ifdef MAC_DEBUG 1093 atomic_subtract_int(&nmacmbufs, 1); 1094#endif	1065 MAC_DEBUG_COUNTER_DEC(&nmacmbufs);
1095} 1096 1097void 1098mac_destroy_mount(struct mount mp) 1099{ 1100* 1101 MAC_PERFORM(destroy_mount_label, &mp->mnt_mntlabel); 1102 MAC_PERFORM(destroy_mount_fs_label, &mp->mnt_fslabel); 1103 mac_destroy_label(&mp->mnt_fslabel); 1104 mac_destroy_label(&mp->mnt_mntlabel);	1066} 1067 1068void 1069mac_destroy_mount(struct mount mp) 1070{ 1071* 1072 MAC_PERFORM(destroy_mount_label, &mp->mnt_mntlabel); 1073 MAC_PERFORM(destroy_mount_fs_label, &mp->mnt_fslabel); 1074 mac_destroy_label(&mp->mnt_fslabel); 1075 mac_destroy_label(&mp->mnt_mntlabel);
1105#ifdef MAC_DEBUG 1106 atomic_subtract_int(&nmacmounts, 1); 1107#endif	1076 MAC_DEBUG_COUNTER_DEC(&nmacmounts);
1108} 1109 1110static void 1111mac_destroy_pipe_label(struct label label) 1112{ 1113* 1114 MAC_PERFORM(destroy_pipe_label, label); 1115 mac_destroy_label(label);	1077} 1078 1079static void 1080mac_destroy_pipe_label(struct label label) 1081{ 1082* 1083 MAC_PERFORM(destroy_pipe_label, label); 1084 mac_destroy_label(label);
1116#ifdef MAC_DEBUG 1117 atomic_subtract_int(&nmacpipes, 1); 1118#endif	1085 MAC_DEBUG_COUNTER_DEC(&nmacpipes);
1119} 1120 1121void 1122mac_destroy_pipe(struct pipe pipe) 1123{ 1124* 1125 mac_destroy_pipe_label(pipe->pipe_label); 1126 free(pipe->pipe_label, M_MACPIPELABEL); 1127} 1128 1129void 1130mac_destroy_proc(struct proc p) 1131{ 1132* 1133 MAC_PERFORM(destroy_proc_label, &p->p_label); 1134 mac_destroy_label(&p->p_label);	1086} 1087 1088void 1089mac_destroy_pipe(struct pipe pipe) 1090{ 1091* 1092 mac_destroy_pipe_label(pipe->pipe_label); 1093 free(pipe->pipe_label, M_MACPIPELABEL); 1094} 1095 1096void 1097mac_destroy_proc(struct proc p) 1098{ 1099* 1100 MAC_PERFORM(destroy_proc_label, &p->p_label); 1101 mac_destroy_label(&p->p_label);
1135#ifdef MAC_DEBUG 1136 atomic_subtract_int(&nmacprocs, 1); 1137#endif	1102 MAC_DEBUG_COUNTER_DEC(&nmacprocs);
1138} 1139 1140static void 1141mac_destroy_socket_label(struct label label) 1142{ 1143* 1144 MAC_PERFORM(destroy_socket_label, label); 1145 mac_destroy_label(label);	1103} 1104 1105static void 1106mac_destroy_socket_label(struct label label) 1107{ 1108* 1109 MAC_PERFORM(destroy_socket_label, label); 1110 mac_destroy_label(label);
1146#ifdef MAC_DEBUG 1147 atomic_subtract_int(&nmacsockets, 1); 1148#endif	1111 MAC_DEBUG_COUNTER_DEC(&nmacsockets);
1149} 1150 1151static void 1152mac_destroy_socket_peer_label(struct label label) 1153{ 1154* 1155 MAC_PERFORM(destroy_socket_peer_label, label); 1156 mac_destroy_label(label); --- 8 unchanged lines hidden (view full) --- 1165} 1166 1167void 1168mac_destroy_vnode_label(struct label label) 1169{ 1170* 1171 MAC_PERFORM(destroy_vnode_label, label); 1172 mac_destroy_label(label);	1112} 1113 1114static void 1115mac_destroy_socket_peer_label(struct label label) 1116{ 1117* 1118 MAC_PERFORM(destroy_socket_peer_label, label); 1119 mac_destroy_label(label); --- 8 unchanged lines hidden (view full) --- 1128} 1129 1130void 1131mac_destroy_vnode_label(struct label label) 1132{ 1133* 1134 MAC_PERFORM(destroy_vnode_label, label); 1135 mac_destroy_label(label);
1173#ifdef MAC_DEBUG 1174 atomic_subtract_int(&nmacvnodes, 1); 1175#endif	1136 MAC_DEBUG_COUNTER_DEC(&nmacvnodes);
1176} 1177 1178void 1179mac_destroy_vnode(struct vnode vp) 1180{ 1181* 1182 mac_destroy_vnode_label(&vp->v_label); 1183} --- 2762 unchanged lines hidden ---	1137} 1138 1139void 1140mac_destroy_vnode(struct vnode vp) 1141{ 1142* 1143 mac_destroy_vnode_label(&vp->v_label); 1144} --- 2762 unchanged lines hidden ---