38c38
< * $FreeBSD: head/sys/security/mac_lomac/mac_lomac.c 172953 2007-10-25 07:49:47Z rwatson $
---
> * $FreeBSD: head/sys/security/mac_lomac/mac_lomac.c 172955 2007-10-25 11:31:11Z rwatson $
99c99
< static int mac_lomac_label_size = sizeof(struct mac_lomac);
---
> static int lomac_label_size = sizeof(struct mac_lomac);
101c101
< &mac_lomac_label_size, 0, "Size of struct mac_lomac");
---
> &lomac_label_size, 0, "Size of struct mac_lomac");
103c103
< static int mac_lomac_enabled = 1;
---
> static int lomac_enabled = 1;
105,106c105,106
< &mac_lomac_enabled, 0, "Enforce MAC/LOMAC policy");
< TUNABLE_INT("security.mac.lomac.enabled", &mac_lomac_enabled);
---
> &lomac_enabled, 0, "Enforce MAC/LOMAC policy");
> TUNABLE_INT("security.mac.lomac.enabled", &lomac_enabled);
133,135c133,135
< static int mac_lomac_slot;
< #define SLOT(l) ((struct mac_lomac *)mac_label_get((l), mac_lomac_slot))
< #define SLOT_SET(l, val) mac_label_set((l), mac_lomac_slot, (uintptr_t)(val))
---
> static int lomac_slot;
> #define SLOT(l) ((struct mac_lomac *)mac_label_get((l), lomac_slot))
> #define SLOT_SET(l, val) mac_label_set((l), lomac_slot, (uintptr_t)(val))
137,138c137,138
< mac_label_get((l), mac_lomac_slot))
< #define PSLOT_SET(l, val) mac_label_set((l), mac_lomac_slot, (uintptr_t)(val))
---
> mac_label_get((l), lomac_slot))
> #define PSLOT_SET(l, val) mac_label_set((l), lomac_slot, (uintptr_t)(val))
140c140
< MALLOC_DEFINE(M_MACLOMAC, "mac_lomac_label", "MAC/LOMAC labels");
---
> MALLOC_DEFINE(M_LOMAC, "mac_lomac_label", "MAC/LOMAC labels");
145c145
< struct mac_lomac *mac_lomac;
---
> struct mac_lomac *ml;
147c147
< mac_lomac = malloc(sizeof(struct mac_lomac), M_MACLOMAC, M_ZERO | flag);
---
> ml = malloc(sizeof(*ml), M_LOMAC, M_ZERO | flag);
149c149
< return (mac_lomac);
---
> return (ml);
153c153
< lomac_free(struct mac_lomac *mac_lomac)
---
> lomac_free(struct mac_lomac *ml)
156,157c156,157
< if (mac_lomac != NULL)
< free(mac_lomac, M_MACLOMAC);
---
> if (ml != NULL)
> free(ml, M_LOMAC);
163c163
< lomac_atmostflags(struct mac_lomac *mac_lomac, int flags)
---
> lomac_atmostflags(struct mac_lomac *ml, int flags)
166c166
< if ((mac_lomac->ml_flags & flags) != mac_lomac->ml_flags)
---
> if ((ml->ml_flags & flags) != ml->ml_flags)
172c172
< mac_lomac_dominate_element(struct mac_lomac_element *a,
---
> lomac_dominate_element(struct mac_lomac_element *a,
192c192
< panic("mac_lomac_dominate_element: b->mle_type invalid");
---
> panic("lomac_dominate_element: b->mle_type invalid");
208c208
< panic("mac_lomac_dominate_element: b->mle_type invalid");
---
> panic("lomac_dominate_element: b->mle_type invalid");
212c212
< panic("mac_lomac_dominate_element: a->mle_type invalid");
---
> panic("lomac_dominate_element: a->mle_type invalid");
217c217
< mac_lomac_range_in_range(struct mac_lomac *rangea, struct mac_lomac *rangeb)
---
> lomac_range_in_range(struct mac_lomac *rangea, struct mac_lomac *rangeb)
220c220
< return (mac_lomac_dominate_element(&rangeb->ml_rangehigh,
---
> return (lomac_dominate_element(&rangeb->ml_rangehigh,
222c222
< mac_lomac_dominate_element(&rangea->ml_rangelow,
---
> lomac_dominate_element(&rangea->ml_rangelow,
227c227
< mac_lomac_single_in_range(struct mac_lomac *single, struct mac_lomac *range)
---
> lomac_single_in_range(struct mac_lomac *single, struct mac_lomac *range)
231c231
< ("mac_lomac_single_in_range: a not single"));
---
> ("lomac_single_in_range: a not single"));
233c233
< ("mac_lomac_single_in_range: b not range"));
---
> ("lomac_single_in_range: b not range"));
235,237c235,236
< return (mac_lomac_dominate_element(&range->ml_rangehigh,
< &single->ml_single) &&
< mac_lomac_dominate_element(&single->ml_single,
---
> return (lomac_dominate_element(&range->ml_rangehigh,
> &single->ml_single) && lomac_dominate_element(&single->ml_single,
242c241
< mac_lomac_auxsingle_in_range(struct mac_lomac *single, struct mac_lomac *range)
---
> lomac_auxsingle_in_range(struct mac_lomac *single, struct mac_lomac *range)
246c245
< ("mac_lomac_single_in_range: a not auxsingle"));
---
> ("lomac_single_in_range: a not auxsingle"));
248c247
< ("mac_lomac_single_in_range: b not range"));
---
> ("lomac_single_in_range: b not range"));
250c249
< return (mac_lomac_dominate_element(&range->ml_rangehigh,
---
> return (lomac_dominate_element(&range->ml_rangehigh,
252c251
< mac_lomac_dominate_element(&single->ml_auxsingle,
---
> lomac_dominate_element(&single->ml_auxsingle,
257c256
< mac_lomac_dominate_single(struct mac_lomac *a, struct mac_lomac *b)
---
> lomac_dominate_single(struct mac_lomac *a, struct mac_lomac *b)
260c259
< ("mac_lomac_dominate_single: a not single"));
---
> ("lomac_dominate_single: a not single"));
262c261
< ("mac_lomac_dominate_single: b not single"));
---
> ("lomac_dominate_single: b not single"));
264c263
< return (mac_lomac_dominate_element(&a->ml_single, &b->ml_single));
---
> return (lomac_dominate_element(&a->ml_single, &b->ml_single));
268c267
< mac_lomac_subject_dominate(struct mac_lomac *a, struct mac_lomac *b)
---
> lomac_subject_dominate(struct mac_lomac *a, struct mac_lomac *b)
272c271
< ("mac_lomac_dominate_single: a not subject"));
---
> ("lomac_dominate_single: a not subject"));
274c273
< ("mac_lomac_dominate_single: b not single"));
---
> ("lomac_dominate_single: b not single"));
276,277c275
< return (mac_lomac_dominate_element(&a->ml_rangehigh,
< &b->ml_single));
---
> return (lomac_dominate_element(&a->ml_rangehigh, &b->ml_single));
281c279
< mac_lomac_equal_element(struct mac_lomac_element *a, struct mac_lomac_element *b)
---
> lomac_equal_element(struct mac_lomac_element *a, struct mac_lomac_element *b)
292c290
< mac_lomac_equal_single(struct mac_lomac *a, struct mac_lomac *b)
---
> lomac_equal_single(struct mac_lomac *a, struct mac_lomac *b)
296c294
< ("mac_lomac_equal_single: a not single"));
---
> ("lomac_equal_single: a not single"));
298c296
< ("mac_lomac_equal_single: b not single"));
---
> ("lomac_equal_single: b not single"));
300c298
< return (mac_lomac_equal_element(&a->ml_single, &b->ml_single));
---
> return (lomac_equal_element(&a->ml_single, &b->ml_single));
304c302
< mac_lomac_contains_equal(struct mac_lomac *mac_lomac)
---
> lomac_contains_equal(struct mac_lomac *ml)
307,308c305,306
< if (mac_lomac->ml_flags & MAC_LOMAC_FLAG_SINGLE)
< if (mac_lomac->ml_single.mle_type == MAC_LOMAC_TYPE_EQUAL)
---
> if (ml->ml_flags & MAC_LOMAC_FLAG_SINGLE)
> if (ml->ml_single.mle_type == MAC_LOMAC_TYPE_EQUAL)
310,311c308,309
< if (mac_lomac->ml_flags & MAC_LOMAC_FLAG_AUX)
< if (mac_lomac->ml_auxsingle.mle_type == MAC_LOMAC_TYPE_EQUAL)
---
> if (ml->ml_flags & MAC_LOMAC_FLAG_AUX)
> if (ml->ml_auxsingle.mle_type == MAC_LOMAC_TYPE_EQUAL)
314,315c312,313
< if (mac_lomac->ml_flags & MAC_LOMAC_FLAG_RANGE) {
< if (mac_lomac->ml_rangelow.mle_type == MAC_LOMAC_TYPE_EQUAL)
---
> if (ml->ml_flags & MAC_LOMAC_FLAG_RANGE) {
> if (ml->ml_rangelow.mle_type == MAC_LOMAC_TYPE_EQUAL)
317c315
< if (mac_lomac->ml_rangehigh.mle_type == MAC_LOMAC_TYPE_EQUAL)
---
> if (ml->ml_rangehigh.mle_type == MAC_LOMAC_TYPE_EQUAL)
325c323
< mac_lomac_subject_privileged(struct mac_lomac *mac_lomac)
---
> lomac_subject_privileged(struct mac_lomac *ml)
328c326
< KASSERT((mac_lomac->ml_flags & MAC_LOMAC_FLAGS_BOTH) ==
---
> KASSERT((ml->ml_flags & MAC_LOMAC_FLAGS_BOTH) ==
330c328
< ("mac_lomac_subject_privileged: subject doesn't have both labels"));
---
> ("lomac_subject_privileged: subject doesn't have both labels"));
333c331
< if (mac_lomac->ml_single.mle_type == MAC_LOMAC_TYPE_EQUAL)
---
> if (ml->ml_single.mle_type == MAC_LOMAC_TYPE_EQUAL)
337,338c335,336
< if (mac_lomac->ml_rangelow.mle_type == MAC_LOMAC_TYPE_EQUAL ||
< mac_lomac->ml_rangehigh.mle_type == MAC_LOMAC_TYPE_EQUAL)
---
> if (ml->ml_rangelow.mle_type == MAC_LOMAC_TYPE_EQUAL ||
> ml->ml_rangehigh.mle_type == MAC_LOMAC_TYPE_EQUAL)
342,343c340,341
< if (mac_lomac->ml_rangelow.mle_type == MAC_LOMAC_TYPE_LOW &&
< mac_lomac->ml_rangehigh.mle_type == MAC_LOMAC_TYPE_HIGH)
---
> if (ml->ml_rangelow.mle_type == MAC_LOMAC_TYPE_LOW &&
> ml->ml_rangehigh.mle_type == MAC_LOMAC_TYPE_HIGH)
351c349
< mac_lomac_high_single(struct mac_lomac *mac_lomac)
---
> lomac_high_single(struct mac_lomac *ml)
354,355c352,353
< KASSERT((mac_lomac->ml_flags & MAC_LOMAC_FLAG_SINGLE) != 0,
< ("mac_lomac_high_single: mac_lomac not single"));
---
> KASSERT((ml->ml_flags & MAC_LOMAC_FLAG_SINGLE) != 0,
> ("lomac_high_single: mac_lomac not single"));
357c355
< return (mac_lomac->ml_single.mle_type == MAC_LOMAC_TYPE_HIGH);
---
> return (ml->ml_single.mle_type == MAC_LOMAC_TYPE_HIGH);
361c359
< mac_lomac_valid(struct mac_lomac *mac_lomac)
---
> lomac_valid(struct mac_lomac *ml)
364,365c362,363
< if (mac_lomac->ml_flags & MAC_LOMAC_FLAG_SINGLE) {
< switch (mac_lomac->ml_single.mle_type) {
---
> if (ml->ml_flags & MAC_LOMAC_FLAG_SINGLE) {
> switch (ml->ml_single.mle_type) {
376c374
< if (mac_lomac->ml_single.mle_type != MAC_LOMAC_TYPE_UNDEF)
---
> if (ml->ml_single.mle_type != MAC_LOMAC_TYPE_UNDEF)
380,381c378,379
< if (mac_lomac->ml_flags & MAC_LOMAC_FLAG_AUX) {
< switch (mac_lomac->ml_auxsingle.mle_type) {
---
> if (ml->ml_flags & MAC_LOMAC_FLAG_AUX) {
> switch (ml->ml_auxsingle.mle_type) {
392c390
< if (mac_lomac->ml_auxsingle.mle_type != MAC_LOMAC_TYPE_UNDEF)
---
> if (ml->ml_auxsingle.mle_type != MAC_LOMAC_TYPE_UNDEF)
396,397c394,395
< if (mac_lomac->ml_flags & MAC_LOMAC_FLAG_RANGE) {
< switch (mac_lomac->ml_rangelow.mle_type) {
---
> if (ml->ml_flags & MAC_LOMAC_FLAG_RANGE) {
> switch (ml->ml_rangelow.mle_type) {
408c406
< switch (mac_lomac->ml_rangehigh.mle_type) {
---
> switch (ml->ml_rangehigh.mle_type) {
418,419c416,417
< if (!mac_lomac_dominate_element(&mac_lomac->ml_rangehigh,
< &mac_lomac->ml_rangelow))
---
> if (!lomac_dominate_element(&ml->ml_rangehigh,
> &ml->ml_rangelow))
422,423c420,421
< if (mac_lomac->ml_rangelow.mle_type != MAC_LOMAC_TYPE_UNDEF ||
< mac_lomac->ml_rangehigh.mle_type != MAC_LOMAC_TYPE_UNDEF)
---
> if (ml->ml_rangelow.mle_type != MAC_LOMAC_TYPE_UNDEF ||
> ml->ml_rangehigh.mle_type != MAC_LOMAC_TYPE_UNDEF)
431,432c429,430
< mac_lomac_set_range(struct mac_lomac *mac_lomac, u_short typelow,
< u_short gradelow, u_short typehigh, u_short gradehigh)
---
> lomac_set_range(struct mac_lomac *ml, u_short typelow, u_short gradelow,
> u_short typehigh, u_short gradehigh)
435,439c433,437
< mac_lomac->ml_rangelow.mle_type = typelow;
< mac_lomac->ml_rangelow.mle_grade = gradelow;
< mac_lomac->ml_rangehigh.mle_type = typehigh;
< mac_lomac->ml_rangehigh.mle_grade = gradehigh;
< mac_lomac->ml_flags |= MAC_LOMAC_FLAG_RANGE;
---
> ml->ml_rangelow.mle_type = typelow;
> ml->ml_rangelow.mle_grade = gradelow;
> ml->ml_rangehigh.mle_type = typehigh;
> ml->ml_rangehigh.mle_grade = gradehigh;
> ml->ml_flags |= MAC_LOMAC_FLAG_RANGE;
443c441
< mac_lomac_set_single(struct mac_lomac *mac_lomac, u_short type, u_short grade)
---
> lomac_set_single(struct mac_lomac *ml, u_short type, u_short grade)
446,448c444,446
< mac_lomac->ml_single.mle_type = type;
< mac_lomac->ml_single.mle_grade = grade;
< mac_lomac->ml_flags |= MAC_LOMAC_FLAG_SINGLE;
---
> ml->ml_single.mle_type = type;
> ml->ml_single.mle_grade = grade;
> ml->ml_flags |= MAC_LOMAC_FLAG_SINGLE;
452c450
< mac_lomac_copy_range(struct mac_lomac *labelfrom, struct mac_lomac *labelto)
---
> lomac_copy_range(struct mac_lomac *labelfrom, struct mac_lomac *labelto)
456c454
< ("mac_lomac_copy_range: labelfrom not range"));
---
> ("lomac_copy_range: labelfrom not range"));
464c462
< mac_lomac_copy_single(struct mac_lomac *labelfrom, struct mac_lomac *labelto)
---
> lomac_copy_single(struct mac_lomac *labelfrom, struct mac_lomac *labelto)
468c466
< ("mac_lomac_copy_single: labelfrom not single"));
---
> ("lomac_copy_single: labelfrom not single"));
475c473
< mac_lomac_copy_auxsingle(struct mac_lomac *labelfrom, struct mac_lomac *labelto)
---
> lomac_copy_auxsingle(struct mac_lomac *labelfrom, struct mac_lomac *labelto)
479c477
< ("mac_lomac_copy_auxsingle: labelfrom not auxsingle"));
---
> ("lomac_copy_auxsingle: labelfrom not auxsingle"));
486c484
< mac_lomac_copy(struct mac_lomac *source, struct mac_lomac *dest)
---
> lomac_copy(struct mac_lomac *source, struct mac_lomac *dest)
490c488
< mac_lomac_copy_single(source, dest);
---
> lomac_copy_single(source, dest);
492c490
< mac_lomac_copy_auxsingle(source, dest);
---
> lomac_copy_auxsingle(source, dest);
494c492
< mac_lomac_copy_range(source, dest);
---
> lomac_copy_range(source, dest);
497,498c495
< static int mac_lomac_to_string(struct sbuf *sb,
< struct mac_lomac *mac_lomac);
---
> static int lomac_to_string(struct sbuf *sb, struct mac_lomac *ml);
518,520c515,517
< * Check to see if the pending demotion would be more or
< * less severe than this one, and keep the more severe.
< * This can only happen for a multi-threaded application.
---
> * Check to see if the pending demotion would be more or less
> * severe than this one, and keep the more severe. This can
> * only happen for a multi-threaded application.
522c519
< if (mac_lomac_dominate_single(objlabel, &subj->mac_lomac)) {
---
> if (lomac_dominate_single(objlabel, &subj->mac_lomac)) {
531c528
< mac_lomac_copy_single(objlabel, &subj->mac_lomac);
---
> lomac_copy_single(objlabel, &subj->mac_lomac);
533,535c530,532
< * Start with the original range, then minimize each side of
< * the range to the point of not dominating the object. The
< * high side will always be demoted, of course.
---
> * Start with the original range, then minimize each side of the
> * range to the point of not dominating the object. The high side
> * will always be demoted, of course.
537,538c534,535
< mac_lomac_copy_range(subjlabel, &subj->mac_lomac);
< if (!mac_lomac_dominate_element(&objlabel->ml_single,
---
> lomac_copy_range(subjlabel, &subj->mac_lomac);
> if (!lomac_dominate_element(&objlabel->ml_single,
548,549c545
< * Avoid memory allocation while holding a mutex; cache the
< * label.
---
> * Avoid memory allocation while holding a mutex; cache the label.
551c547
< mac_lomac_copy_single(&subj->mac_lomac, &cached_subjlabel);
---
> lomac_copy_single(&subj->mac_lomac, &cached_subjlabel);
555c551
< mac_lomac_to_string(&subjlabel_sb, subjlabel);
---
> lomac_to_string(&subjlabel_sb, subjlabel);
560c556
< mac_lomac_to_string(&subjtext_sb, &subj->mac_lomac);
---
> lomac_to_string(&subjtext_sb, &subj->mac_lomac);
565c561
< mac_lomac_to_string(&objlabel_sb, objlabel);
---
> lomac_to_string(&objlabel_sb, objlabel);
593,595c589,591
< * Relabel "to" to "from" only if "from" is a valid label (contains
< * at least a single), as for a relabel operation which may or may
< * not involve a relevant label.
---
> * Relabel "to" to "from" only if "from" is a valid label (contains at least
> * a single), as for a relabel operation which may or may not involve a
> * relevant label.
603c599
< mac_lomac_copy(from, to);
---
> lomac_copy(from, to);
611c607
< mac_lomac_init(struct mac_policy_conf *conf)
---
> lomac_init(struct mac_policy_conf *conf)
620c616
< mac_lomac_init_label(struct label *label)
---
> lomac_init_label(struct label *label)
627c623
< mac_lomac_init_label_waitcheck(struct label *label, int flag)
---
> lomac_init_label_waitcheck(struct label *label, int flag)
638c634
< mac_lomac_proc_init_label(struct label *label)
---
> lomac_proc_init_label(struct label *label)
641c637
< PSLOT_SET(label, malloc(sizeof(struct mac_lomac_proc), M_MACLOMAC,
---
> PSLOT_SET(label, malloc(sizeof(struct mac_lomac_proc), M_LOMAC,
647c643
< mac_lomac_destroy_label(struct label *label)
---
> lomac_destroy_label(struct label *label)
655c651
< mac_lomac_proc_destroy_label(struct label *label)
---
> lomac_proc_destroy_label(struct label *label)
659c655
< FREE(PSLOT(label), M_MACLOMAC);
---
> FREE(PSLOT(label), M_LOMAC);
664c660
< mac_lomac_element_to_string(struct sbuf *sb, struct mac_lomac_element *element)
---
> lomac_element_to_string(struct sbuf *sb, struct mac_lomac_element *element)
681c677
< panic("mac_lomac_element_to_string: invalid type (%d)",
---
> panic("lomac_element_to_string: invalid type (%d)",
687c683
< mac_lomac_to_string(struct sbuf *sb, struct mac_lomac *mac_lomac)
---
> lomac_to_string(struct sbuf *sb, struct mac_lomac *ml)
690,692c686,687
< if (mac_lomac->ml_flags & MAC_LOMAC_FLAG_SINGLE) {
< if (mac_lomac_element_to_string(sb, &mac_lomac->ml_single)
< == -1)
---
> if (ml->ml_flags & MAC_LOMAC_FLAG_SINGLE) {
> if (lomac_element_to_string(sb, &ml->ml_single) == -1)
696c691
< if (mac_lomac->ml_flags & MAC_LOMAC_FLAG_AUX) {
---
> if (ml->ml_flags & MAC_LOMAC_FLAG_AUX) {
700,701c695
< if (mac_lomac_element_to_string(sb, &mac_lomac->ml_auxsingle)
< == -1)
---
> if (lomac_element_to_string(sb, &ml->ml_auxsingle) == -1)
708c702
< if (mac_lomac->ml_flags & MAC_LOMAC_FLAG_RANGE) {
---
> if (ml->ml_flags & MAC_LOMAC_FLAG_RANGE) {
712,713c706
< if (mac_lomac_element_to_string(sb, &mac_lomac->ml_rangelow)
< == -1)
---
> if (lomac_element_to_string(sb, &ml->ml_rangelow) == -1)
719,720c712
< if (mac_lomac_element_to_string(sb, &mac_lomac->ml_rangehigh)
< == -1)
---
> if (lomac_element_to_string(sb, &ml->ml_rangehigh) == -1)
731c723
< mac_lomac_externalize_label(struct label *label, char *element_name,
---
> lomac_externalize_label(struct label *label, char *element_name,
734c726
< struct mac_lomac *mac_lomac;
---
> struct mac_lomac *ml;
741c733
< mac_lomac = SLOT(label);
---
> ml = SLOT(label);
743c735
< return (mac_lomac_to_string(sb, mac_lomac));
---
> return (lomac_to_string(sb, ml));
747c739
< mac_lomac_parse_element(struct mac_lomac_element *element, char *string)
---
> lomac_parse_element(struct mac_lomac_element *element, char *string)
750,751c742
< if (strcmp(string, "high") == 0 ||
< strcmp(string, "hi") == 0) {
---
> if (strcmp(string, "high") == 0 || strcmp(string, "hi") == 0) {
754,755c745
< } else if (strcmp(string, "low") == 0 ||
< strcmp(string, "lo") == 0) {
---
> } else if (strcmp(string, "low") == 0 || strcmp(string, "lo") == 0) {
758,759c748,749
< } else if (strcmp(string, "equal") == 0 ||
< strcmp(string, "eq") == 0) {
---
> } else if (strcmp(string, "equal") == 0 || strcmp(string, "eq") == 0)
> {
782,783c772,773
< * Note: destructively consumes the string, make a local copy before
< * calling if that's a problem.
---
> * Note: destructively consumes the string, make a local copy before calling
> * if that's a problem.
786c776
< mac_lomac_parse(struct mac_lomac *mac_lomac, char *string)
---
> lomac_parse(struct mac_lomac *ml, char *string)
825c815
< ("mac_lomac_internalize_label: range mismatch"));
---
> ("lomac_internalize_label: range mismatch"));
839c829
< bzero(mac_lomac, sizeof(*mac_lomac));
---
> bzero(ml, sizeof(*ml));
841c831
< error = mac_lomac_parse_element(&mac_lomac->ml_single, single);
---
> error = lomac_parse_element(&ml->ml_single, single);
844c834
< mac_lomac->ml_flags |= MAC_LOMAC_FLAG_SINGLE;
---
> ml->ml_flags |= MAC_LOMAC_FLAG_SINGLE;
848c838
< error = mac_lomac_parse_element(&mac_lomac->ml_auxsingle,
---
> error = lomac_parse_element(&ml->ml_auxsingle,
852c842
< mac_lomac->ml_flags |= MAC_LOMAC_FLAG_AUX;
---
> ml->ml_flags |= MAC_LOMAC_FLAG_AUX;
856,857c846
< error = mac_lomac_parse_element(&mac_lomac->ml_rangelow,
< rangelow);
---
> error = lomac_parse_element(&ml->ml_rangelow, rangelow);
860,861c849
< error = mac_lomac_parse_element(&mac_lomac->ml_rangehigh,
< rangehigh);
---
> error = lomac_parse_element(&ml->ml_rangehigh, rangehigh);
864c852
< mac_lomac->ml_flags |= MAC_LOMAC_FLAG_RANGE;
---
> ml->ml_flags |= MAC_LOMAC_FLAG_RANGE;
867c855
< error = mac_lomac_valid(mac_lomac);
---
> error = lomac_valid(ml);
875c863
< mac_lomac_internalize_label(struct label *label, char *element_name,
---
> lomac_internalize_label(struct label *label, char *element_name,
878c866
< struct mac_lomac *mac_lomac, mac_lomac_temp;
---
> struct mac_lomac *ml, ml_temp;
886c874
< error = mac_lomac_parse(&mac_lomac_temp, element_data);
---
> error = lomac_parse(&ml_temp, element_data);
890,891c878,879
< mac_lomac = SLOT(label);
< *mac_lomac = mac_lomac_temp;
---
> ml = SLOT(label);
> *ml = ml_temp;
897c885
< mac_lomac_copy_label(struct label *src, struct label *dest)
---
> lomac_copy_label(struct label *src, struct label *dest)
904,905c892,893
< * Labeling event operations: file system objects, and things that look
< * a lot like file system objects.
---
> * Labeling event operations: file system objects, and things that look a lot
> * like file system objects.
908c896
< mac_lomac_devfs_create_device(struct ucred *cred, struct mount *mp,
---
> lomac_devfs_create_device(struct ucred *cred, struct mount *mp,
911c899
< struct mac_lomac *mac_lomac;
---
> struct mac_lomac *ml;
914c902
< mac_lomac = SLOT(delabel);
---
> ml = SLOT(delabel);
927c915
< mac_lomac_set_single(mac_lomac, lomac_type, 0);
---
> lomac_set_single(ml, lomac_type, 0);
931,932c919,920
< mac_lomac_devfs_create_directory(struct mount *mp, char *dirname,
< int dirnamelen, struct devfs_dirent *de, struct label *delabel)
---
> lomac_devfs_create_directory(struct mount *mp, char *dirname, int dirnamelen,
> struct devfs_dirent *de, struct label *delabel)
934c922
< struct mac_lomac *mac_lomac;
---
> struct mac_lomac *ml;
936,937c924,925
< mac_lomac = SLOT(delabel);
< mac_lomac_set_single(mac_lomac, MAC_LOMAC_TYPE_HIGH, 0);
---
> ml = SLOT(delabel);
> lomac_set_single(ml, MAC_LOMAC_TYPE_HIGH, 0);
941c929
< mac_lomac_devfs_create_symlink(struct ucred *cred, struct mount *mp,
---
> lomac_devfs_create_symlink(struct ucred *cred, struct mount *mp,
950c938
< mac_lomac_copy_single(source, dest);
---
> lomac_copy_single(source, dest);
954c942
< mac_lomac_mount_create(struct ucred *cred, struct mount *mp,
---
> lomac_mount_create(struct ucred *cred, struct mount *mp,
961c949
< mac_lomac_copy_single(source, dest);
---
> lomac_copy_single(source, dest);
965c953
< mac_lomac_vnode_relabel(struct ucred *cred, struct vnode *vp,
---
> lomac_vnode_relabel(struct ucred *cred, struct vnode *vp,
977c965
< mac_lomac_devfs_update(struct mount *mp, struct devfs_dirent *de,
---
> lomac_devfs_update(struct mount *mp, struct devfs_dirent *de,
985c973
< mac_lomac_copy(source, dest);
---
> lomac_copy(source, dest);
989c977
< mac_lomac_devfs_vnode_associate(struct mount *mp, struct label *mplabel,
---
> lomac_devfs_vnode_associate(struct mount *mp, struct label *mplabel,
998c986
< mac_lomac_copy_single(source, dest);
---
> lomac_copy_single(source, dest);
1002c990
< mac_lomac_vnode_associate_extattr(struct mount *mp, struct label *mplabel,
---
> lomac_vnode_associate_extattr(struct mount *mp, struct label *mplabel,
1005c993
< struct mac_lomac temp, *source, *dest;
---
> struct mac_lomac ml_temp, *source, *dest;
1011,1012c999,1000
< buflen = sizeof(temp);
< bzero(&temp, buflen);
---
> buflen = sizeof(ml_temp);
> bzero(&ml_temp, buflen);
1015c1003
< MAC_LOMAC_EXTATTR_NAME, &buflen, (char *)&temp, curthread);
---
> MAC_LOMAC_EXTATTR_NAME, &buflen, (char *)&ml_temp, curthread);
1018c1006
< mac_lomac_copy_single(source, dest);
---
> lomac_copy_single(source, dest);
1023,1025c1011,1013
< if (buflen != sizeof(temp)) {
< if (buflen != sizeof(temp) - sizeof(temp.ml_auxsingle)) {
< printf("mac_lomac_vnode_associate_extattr: bad size %d\n",
---
> if (buflen != sizeof(ml_temp)) {
> if (buflen != sizeof(ml_temp) - sizeof(ml_temp.ml_auxsingle)) {
> printf("lomac_vnode_associate_extattr: bad size %d\n",
1029,1030c1017,1018
< bzero(&temp.ml_auxsingle, sizeof(temp.ml_auxsingle));
< buflen = sizeof(temp);
---
> bzero(&ml_temp.ml_auxsingle, sizeof(ml_temp.ml_auxsingle));
> buflen = sizeof(ml_temp);
1033c1021
< buflen, (char *)&temp, curthread);
---
> buflen, (char *)&ml_temp, curthread);
1035,1036c1023,1024
< if (mac_lomac_valid(&temp) != 0) {
< printf("mac_lomac_vnode_associate_extattr: invalid\n");
---
> if (lomac_valid(&ml_temp) != 0) {
> printf("lomac_vnode_associate_extattr: invalid\n");
1039,1040c1027,1029
< if ((temp.ml_flags & MAC_LOMAC_FLAGS_BOTH) != MAC_LOMAC_FLAG_SINGLE) {
< printf("mac_lomac_vnode_associate_extattr: not single\n");
---
> if ((ml_temp.ml_flags & MAC_LOMAC_FLAGS_BOTH) !=
> MAC_LOMAC_FLAG_SINGLE) {
> printf("lomac_vnode_associate_extattr: not single\n");
1044c1033
< mac_lomac_copy_single(&temp, dest);
---
> lomac_copy_single(&ml_temp, dest);
1049,1050c1038,1039
< mac_lomac_vnode_associate_singlelabel(struct mount *mp,
< struct label *mplabel, struct vnode *vp, struct label *vplabel)
---
> lomac_vnode_associate_singlelabel(struct mount *mp, struct label *mplabel,
> struct vnode *vp, struct label *vplabel)
1057c1046
< mac_lomac_copy_single(source, dest);
---
> lomac_copy_single(source, dest);
1061c1050
< mac_lomac_vnode_create_extattr(struct ucred *cred, struct mount *mp,
---
> lomac_vnode_create_extattr(struct ucred *cred, struct mount *mp,
1076,1077c1065,1066
< mac_lomac_copy_auxsingle(dir, &temp);
< mac_lomac_set_single(&temp, dir->ml_auxsingle.mle_type,
---
> lomac_copy_auxsingle(dir, &temp);
> lomac_set_single(&temp, dir->ml_auxsingle.mle_type,
1080c1069
< mac_lomac_copy_single(source, &temp);
---
> lomac_copy_single(source, &temp);
1086c1075
< mac_lomac_copy(&temp, dest);
---
> lomac_copy(&temp, dest);
1091c1080
< mac_lomac_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp,
---
> lomac_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp,
1105c1094
< mac_lomac_copy_single(source, &temp);
---
> lomac_copy_single(source, &temp);
1115c1104
< mac_lomac_inpcb_create(struct socket *so, struct label *solabel,
---
> lomac_inpcb_create(struct socket *so, struct label *solabel,
1123c1112
< mac_lomac_copy_single(source, dest);
---
> lomac_copy_single(source, dest);
1127c1116
< mac_lomac_socket_create_mbuf(struct socket *so, struct label *solabel,
---
> lomac_socket_create_mbuf(struct socket *so, struct label *solabel,
1135c1124
< mac_lomac_copy_single(source, dest);
---
> lomac_copy_single(source, dest);
1139c1128
< mac_lomac_socket_create(struct ucred *cred, struct socket *so,
---
> lomac_socket_create(struct ucred *cred, struct socket *so,
1147c1136
< mac_lomac_copy_single(source, dest);
---
> lomac_copy_single(source, dest);
1151c1140
< mac_lomac_pipe_create(struct ucred *cred, struct pipepair *pp,
---
> lomac_pipe_create(struct ucred *cred, struct pipepair *pp,
1159c1148
< mac_lomac_copy_single(source, dest);
---
> lomac_copy_single(source, dest);
1163c1152
< mac_lomac_socket_newconn(struct socket *oldso, struct label *oldsolabel,
---
> lomac_socket_newconn(struct socket *oldso, struct label *oldsolabel,
1171c1160
< mac_lomac_copy_single(source, dest);
---
> lomac_copy_single(source, dest);
1175c1164
< mac_lomac_socket_relabel(struct ucred *cred, struct socket *so,
---
> lomac_socket_relabel(struct ucred *cred, struct socket *so,
1187c1176
< mac_lomac_pipe_relabel(struct ucred *cred, struct pipepair *pp,
---
> lomac_pipe_relabel(struct ucred *cred, struct pipepair *pp,
1199c1188
< mac_lomac_socketpeer_set_from_mbuf(struct mbuf *m, struct label *mlabel,
---
> lomac_socketpeer_set_from_mbuf(struct mbuf *m, struct label *mlabel,
1207c1196
< mac_lomac_copy_single(source, dest);
---
> lomac_copy_single(source, dest);
1214c1203
< mac_lomac_socketpeer_set_from_socket(struct socket *oldso,
---
> lomac_socketpeer_set_from_socket(struct socket *oldso,
1223c1212
< mac_lomac_copy_single(source, dest);
---
> lomac_copy_single(source, dest);
1227c1216
< mac_lomac_bpfdesc_create(struct ucred *cred, struct bpf_d *d,
---
> lomac_bpfdesc_create(struct ucred *cred, struct bpf_d *d,
1235c1224
< mac_lomac_copy_single(source, dest);
---
> lomac_copy_single(source, dest);
1239c1228
< mac_lomac_ifnet_create(struct ifnet *ifp, struct label *ifplabel)
---
> lomac_ifnet_create(struct ifnet *ifp, struct label *ifplabel)
1292,1293c1281,1282
< mac_lomac_set_single(dest, grade, 0);
< mac_lomac_set_range(dest, grade, 0, grade, 0);
---
> lomac_set_single(dest, grade, 0);
> lomac_set_range(dest, grade, 0, grade, 0);
1297c1286
< mac_lomac_ipq_create(struct mbuf *m, struct label *mlabel, struct ipq *ipq,
---
> lomac_ipq_create(struct mbuf *m, struct label *mlabel, struct ipq *ipq,
1305c1294
< mac_lomac_copy_single(source, dest);
---
> lomac_copy_single(source, dest);
1309c1298
< mac_lomac_ipq_reassemble(struct ipq *ipq, struct label *ipqlabel,
---
> lomac_ipq_reassemble(struct ipq *ipq, struct label *ipqlabel,
1318c1307
< mac_lomac_copy_single(source, dest);
---
> lomac_copy_single(source, dest);
1322c1311
< mac_lomac_netinet_fragment(struct mbuf *m, struct label *mlabel,
---
> lomac_netinet_fragment(struct mbuf *m, struct label *mlabel,
1330c1319
< mac_lomac_copy_single(source, dest);
---
> lomac_copy_single(source, dest);
1334c1323
< mac_lomac_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel,
---
> lomac_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel,
1342c1331
< mac_lomac_copy_single(source, dest);
---
> lomac_copy_single(source, dest);
1346c1335
< mac_lomac_create_mbuf_linklayer(struct ifnet *ifp, struct label *ifplabel,
---
> lomac_create_mbuf_linklayer(struct ifnet *ifp, struct label *ifplabel,
1353c1342
< mac_lomac_set_single(dest, MAC_LOMAC_TYPE_EQUAL, 0);
---
> lomac_set_single(dest, MAC_LOMAC_TYPE_EQUAL, 0);
1357c1346
< mac_lomac_bpfdesc_create_mbuf(struct bpf_d *d, struct label *dlabel,
---
> lomac_bpfdesc_create_mbuf(struct bpf_d *d, struct label *dlabel,
1365c1354
< mac_lomac_copy_single(source, dest);
---
> lomac_copy_single(source, dest);
1369c1358
< mac_lomac_ifnet_create_mbuf(struct ifnet *ifp, struct label *ifplabel,
---
> lomac_ifnet_create_mbuf(struct ifnet *ifp, struct label *ifplabel,
1377c1366
< mac_lomac_copy_single(source, dest);
---
> lomac_copy_single(source, dest);
1381c1370
< mac_lomac_mbuf_create_multicast_encap(struct mbuf *m, struct label *mlabel,
---
> lomac_mbuf_create_multicast_encap(struct mbuf *m, struct label *mlabel,
1390c1379
< mac_lomac_copy_single(source, dest);
---
> lomac_copy_single(source, dest);
1394c1383
< mac_lomac_mbuf_create_netlayer(struct mbuf *m, struct label *mlabel,
---
> lomac_mbuf_create_netlayer(struct mbuf *m, struct label *mlabel,
1402c1391
< mac_lomac_copy_single(source, dest);
---
> lomac_copy_single(source, dest);
1406c1395
< mac_lomac_ipq_match(struct mbuf *m, struct label *mlabel, struct ipq *ipq,
---
> lomac_ipq_match(struct mbuf *m, struct label *mlabel, struct ipq *ipq,
1414c1403
< return (mac_lomac_equal_single(a, b));
---
> return (lomac_equal_single(a, b));
1418c1407
< mac_lomac_ifnet_relabel(struct ucred *cred, struct ifnet *ifp,
---
> lomac_ifnet_relabel(struct ucred *cred, struct ifnet *ifp,
1430c1419
< mac_lomac_ipq_update(struct mbuf *m, struct label *mlabel, struct ipq *ipq,
---
> lomac_ipq_update(struct mbuf *m, struct label *mlabel, struct ipq *ipq,
1438c1427
< mac_lomac_inpcb_sosetlabel(struct socket *so, struct label *solabel,
---
> lomac_inpcb_sosetlabel(struct socket *so, struct label *solabel,
1446c1435
< mac_lomac_copy_single(source, dest);
---
> lomac_copy_single(source, dest);
1450c1439
< mac_lomac_init_syncache_from_inpcb(struct label *label, struct inpcb *inp)
---
> lomac_init_syncache_from_inpcb(struct label *label, struct inpcb *inp)
1456c1445
< mac_lomac_copy(source, dest);
---
> lomac_copy(source, dest);
1460c1449
< mac_lomac_create_mbuf_from_syncache(struct label *sc_label, struct mbuf *m,
---
> lomac_create_mbuf_from_syncache(struct label *sc_label, struct mbuf *m,
1467c1456
< mac_lomac_copy(source, dest);
---
> lomac_copy(source, dest);
1471c1460
< mac_lomac_mbuf_create_from_firewall(struct mbuf *m, struct label *mlabel)
---
> lomac_mbuf_create_from_firewall(struct mbuf *m, struct label *mlabel)
1478c1467
< mac_lomac_set_single(dest, MAC_LOMAC_TYPE_EQUAL, 0);
---
> lomac_set_single(dest, MAC_LOMAC_TYPE_EQUAL, 0);
1485c1474
< mac_lomac_vnode_execve_transition(struct ucred *old, struct ucred *new,
---
> lomac_vnode_execve_transition(struct ucred *old, struct ucred *new,
1496c1485
< mac_lomac_copy(source, dest);
---
> lomac_copy(source, dest);
1498,1500c1487,1489
< * If there's an auxiliary label on the real object, respect it
< * and assume that this level should be assumed immediately if
< * a higher level is currently in place.
---
> * If there's an auxiliary label on the real object, respect it and
> * assume that this level should be assumed immediately if a higher
> * level is currently in place.
1503,1505c1492,1494
< !mac_lomac_dominate_element(&robj->ml_auxsingle, &dest->ml_single)
< && mac_lomac_auxsingle_in_range(robj, dest))
< mac_lomac_set_single(dest, robj->ml_auxsingle.mle_type,
---
> !lomac_dominate_element(&robj->ml_auxsingle, &dest->ml_single)
> && lomac_auxsingle_in_range(robj, dest))
> lomac_set_single(dest, robj->ml_auxsingle.mle_type,
1508,1513c1497,1501
< * Restructuring to use the execve transitioning mechanism
< * instead of the normal demotion mechanism here would be
< * difficult, so just copy the label over and perform standard
< * demotion. This is also non-optimal because it will result
< * in the intermediate label "new" being created and immediately
< * recycled.
---
> * Restructuring to use the execve transitioning mechanism instead of
> * the normal demotion mechanism here would be difficult, so just
> * copy the label over and perform standard demotion. This is also
> * non-optimal because it will result in the intermediate label "new"
> * being created and immediately recycled.
1515,1516c1503,1504
< if (mac_lomac_enabled && revocation_enabled &&
< !mac_lomac_dominate_single(obj, source))
---
> if (lomac_enabled && revocation_enabled &&
> !lomac_dominate_single(obj, source))
1521c1509
< mac_lomac_vnode_execve_will_transition(struct ucred *old, struct vnode *vp,
---
> lomac_vnode_execve_will_transition(struct ucred *old, struct vnode *vp,
1527c1515
< if (!mac_lomac_enabled || !revocation_enabled)
---
> if (!lomac_enabled || !revocation_enabled)
1535,1537c1523,1525
< !mac_lomac_dominate_element(&robj->ml_auxsingle, &subj->ml_single)
< && mac_lomac_auxsingle_in_range(robj, subj)) ||
< !mac_lomac_dominate_single(obj, subj));
---
> !lomac_dominate_element(&robj->ml_auxsingle, &subj->ml_single)
> && lomac_auxsingle_in_range(robj, subj)) ||
> !lomac_dominate_single(obj, subj));
1541c1529
< mac_lomac_proc_create_swapper(struct ucred *cred)
---
> lomac_proc_create_swapper(struct ucred *cred)
1547,1549c1535,1536
< mac_lomac_set_single(dest, MAC_LOMAC_TYPE_EQUAL, 0);
< mac_lomac_set_range(dest, MAC_LOMAC_TYPE_LOW, 0, MAC_LOMAC_TYPE_HIGH,
< 0);
---
> lomac_set_single(dest, MAC_LOMAC_TYPE_EQUAL, 0);
> lomac_set_range(dest, MAC_LOMAC_TYPE_LOW, 0, MAC_LOMAC_TYPE_HIGH, 0);
1553c1540
< mac_lomac_proc_create_init(struct ucred *cred)
---
> lomac_proc_create_init(struct ucred *cred)
1559,1561c1546,1547
< mac_lomac_set_single(dest, MAC_LOMAC_TYPE_HIGH, 0);
< mac_lomac_set_range(dest, MAC_LOMAC_TYPE_LOW, 0, MAC_LOMAC_TYPE_HIGH,
< 0);
---
> lomac_set_single(dest, MAC_LOMAC_TYPE_HIGH, 0);
> lomac_set_range(dest, MAC_LOMAC_TYPE_LOW, 0, MAC_LOMAC_TYPE_HIGH, 0);
1565c1551
< mac_lomac_cred_relabel(struct ucred *cred, struct label *newlabel)
---
> lomac_cred_relabel(struct ucred *cred, struct label *newlabel)
1579c1565
< mac_lomac_bpfdesc_check_receive(struct bpf_d *d, struct label *dlabel,
---
> lomac_bpfdesc_check_receive(struct bpf_d *d, struct label *dlabel,
1584c1570
< if (!mac_lomac_enabled)
---
> if (!lomac_enabled)
1590c1576
< if (mac_lomac_equal_single(a, b))
---
> if (lomac_equal_single(a, b))
1596c1582
< mac_lomac_cred_check_relabel(struct ucred *cred, struct label *newlabel)
---
> lomac_cred_check_relabel(struct ucred *cred, struct label *newlabel)
1605,1606c1591,1592
< * If there is a LOMAC label update for the credential, it may
< * be an update of the single, range, or both.
---
> * If there is a LOMAC label update for the credential, it may be an
> * update of the single, range, or both.
1620c1606
< mac_lomac_copy_single(subj, new);
---
> lomac_copy_single(subj, new);
1622c1608
< mac_lomac_copy_range(subj, new);
---
> lomac_copy_range(subj, new);
1625,1626c1611,1612
< * To change the LOMAC range on a credential, the new
< * range label must be in the current range.
---
> * To change the LOMAC range on a credential, the new range
> * label must be in the current range.
1628c1614
< if (!mac_lomac_range_in_range(new, subj))
---
> if (!lomac_range_in_range(new, subj))
1632,1635c1618,1620
< * To change the LOMAC single label on a credential, the
< * new single label must be in the new range. Implicitly
< * from the previous check, the new single is in the old
< * range.
---
> * To change the LOMAC single label on a credential, the new
> * single label must be in the new range. Implicitly from
> * the previous check, the new single is in the old range.
1637c1622
< if (!mac_lomac_single_in_range(new, new))
---
> if (!lomac_single_in_range(new, new))
1641,1643c1626,1627
< * To have EQUAL in any component of the new credential
< * LOMAC label, the subject must already have EQUAL in
< * their label.
---
> * To have EQUAL in any component of the new credential LOMAC
> * label, the subject must already have EQUAL in their label.
1645,1646c1629,1630
< if (mac_lomac_contains_equal(new)) {
< error = mac_lomac_subject_privileged(subj);
---
> if (lomac_contains_equal(new)) {
> error = lomac_subject_privileged(subj);
1652,1654c1636,1637
< * XXXMAC: Additional consistency tests regarding the
< * single and range of the new label might be performed
< * here.
---
> * XXXMAC: Additional consistency tests regarding the single
> * and range of the new label might be performed here.
1662c1645
< mac_lomac_cred_check_visible(struct ucred *cr1, struct ucred *cr2)
---
> lomac_cred_check_visible(struct ucred *cr1, struct ucred *cr2)
1666c1649
< if (!mac_lomac_enabled)
---
> if (!lomac_enabled)
1673c1656
< if (!mac_lomac_dominate_single(obj, subj))
---
> if (!lomac_dominate_single(obj, subj))
1680c1663
< mac_lomac_ifnet_check_relabel(struct ucred *cred, struct ifnet *ifp,
---
> lomac_ifnet_check_relabel(struct ucred *cred, struct ifnet *ifp,
1690,1691c1673,1674
< * If there is a LOMAC label update for the interface, it may
< * be an update of the single, range, or both.
---
> * If there is a LOMAC label update for the interface, it may be an
> * update of the single, range, or both.
1700c1683
< error = mac_lomac_subject_privileged(subj);
---
> error = lomac_subject_privileged(subj);
1712c1695
< mac_lomac_copy_single(subj, new);
---
> lomac_copy_single(subj, new);
1714c1697
< mac_lomac_copy_range(subj, new);
---
> lomac_copy_range(subj, new);
1737c1720
< mac_lomac_ifnet_check_transmit(struct ifnet *ifp, struct label *ifplabel,
---
> lomac_ifnet_check_transmit(struct ifnet *ifp, struct label *ifplabel,
1742c1725
< if (!mac_lomac_enabled)
---
> if (!lomac_enabled)
1748c1731
< return (mac_lomac_single_in_range(p, i) ? 0 : EACCES);
---
> return (lomac_single_in_range(p, i) ? 0 : EACCES);
1752c1735
< mac_lomac_inpcb_check_deliver(struct inpcb *inp, struct label *inplabel,
---
> lomac_inpcb_check_deliver(struct inpcb *inp, struct label *inplabel,
1757c1740
< if (!mac_lomac_enabled)
---
> if (!lomac_enabled)
1763c1746
< return (mac_lomac_equal_single(p, i) ? 0 : EACCES);
---
> return (lomac_equal_single(p, i) ? 0 : EACCES);
1767c1750
< mac_lomac_kld_check_load(struct ucred *cred, struct vnode *vp,
---
> lomac_kld_check_load(struct ucred *cred, struct vnode *vp,
1772c1755
< if (!mac_lomac_enabled)
---
> if (!lomac_enabled)
1778c1761
< if (mac_lomac_subject_privileged(subj))
---
> if (lomac_subject_privileged(subj))
1781c1764
< if (!mac_lomac_high_single(obj))
---
> if (!lomac_high_single(obj))
1788c1771
< mac_lomac_pipe_check_ioctl(struct ucred *cred, struct pipepair *pp,
---
> lomac_pipe_check_ioctl(struct ucred *cred, struct pipepair *pp,
1792c1775
< if (!mac_lomac_enabled)
---
> if (!lomac_enabled)
1801c1784
< mac_lomac_pipe_check_read(struct ucred *cred, struct pipepair *pp,
---
> lomac_pipe_check_read(struct ucred *cred, struct pipepair *pp,
1806c1789
< if (!mac_lomac_enabled)
---
> if (!lomac_enabled)
1812c1795
< if (!mac_lomac_dominate_single(obj, subj))
---
> if (!lomac_dominate_single(obj, subj))
1819c1802
< mac_lomac_pipe_check_relabel(struct ucred *cred, struct pipepair *pp,
---
> lomac_pipe_check_relabel(struct ucred *cred, struct pipepair *pp,
1830,1831c1813,1814
< * If there is a LOMAC label update for a pipe, it must be a
< * single update.
---
> * If there is a LOMAC label update for a pipe, it must be a single
> * update.
1841c1824
< if (!mac_lomac_single_in_range(obj, subj))
---
> if (!lomac_single_in_range(obj, subj))
1852c1835
< if (!mac_lomac_single_in_range(new, subj))
---
> if (!lomac_single_in_range(new, subj))
1859,1860c1842,1843
< if (mac_lomac_contains_equal(new)) {
< error = mac_lomac_subject_privileged(subj);
---
> if (lomac_contains_equal(new)) {
> error = lomac_subject_privileged(subj);
1870c1853
< mac_lomac_pipe_check_write(struct ucred *cred, struct pipepair *pp,
---
> lomac_pipe_check_write(struct ucred *cred, struct pipepair *pp,
1875c1858
< if (!mac_lomac_enabled)
---
> if (!lomac_enabled)
1881c1864
< if (!mac_lomac_subject_dominate(subj, obj))
---
> if (!lomac_subject_dominate(subj, obj))
1888c1871
< mac_lomac_proc_check_debug(struct ucred *cred, struct proc *p)
---
> lomac_proc_check_debug(struct ucred *cred, struct proc *p)
1892c1875
< if (!mac_lomac_enabled)
---
> if (!lomac_enabled)
1899c1882
< if (!mac_lomac_dominate_single(obj, subj))
---
> if (!lomac_dominate_single(obj, subj))
1901c1884
< if (!mac_lomac_subject_dominate(subj, obj))
---
> if (!lomac_subject_dominate(subj, obj))
1908c1891
< mac_lomac_proc_check_sched(struct ucred *cred, struct proc *p)
---
> lomac_proc_check_sched(struct ucred *cred, struct proc *p)
1912c1895
< if (!mac_lomac_enabled)
---
> if (!lomac_enabled)
1919c1902
< if (!mac_lomac_dominate_single(obj, subj))
---
> if (!lomac_dominate_single(obj, subj))
1921c1904
< if (!mac_lomac_subject_dominate(subj, obj))
---
> if (!lomac_subject_dominate(subj, obj))
1928c1911
< mac_lomac_proc_check_signal(struct ucred *cred, struct proc *p, int signum)
---
> lomac_proc_check_signal(struct ucred *cred, struct proc *p, int signum)
1932c1915
< if (!mac_lomac_enabled)
---
> if (!lomac_enabled)
1939c1922
< if (!mac_lomac_dominate_single(obj, subj))
---
> if (!lomac_dominate_single(obj, subj))
1941c1924
< if (!mac_lomac_subject_dominate(subj, obj))
---
> if (!lomac_subject_dominate(subj, obj))
1948c1931
< mac_lomac_socket_check_deliver(struct socket *so, struct label *solabel,
---
> lomac_socket_check_deliver(struct socket *so, struct label *solabel,
1953c1936
< if (!mac_lomac_enabled)
---
> if (!lomac_enabled)
1959c1942
< return (mac_lomac_equal_single(p, s) ? 0 : EACCES);
---
> return (lomac_equal_single(p, s) ? 0 : EACCES);
1963c1946
< mac_lomac_socket_check_relabel(struct ucred *cred, struct socket *so,
---
> lomac_socket_check_relabel(struct ucred *cred, struct socket *so,
1974,1975c1957,1958
< * If there is a LOMAC label update for the socket, it may be
< * an update of single.
---
> * If there is a LOMAC label update for the socket, it may be an
> * update of single.
1985c1968
< if (!mac_lomac_single_in_range(obj, subj))
---
> if (!lomac_single_in_range(obj, subj))
1993,1994c1976,1977
< * To relabel a socket, the new socket single must be in
< * the subject range.
---
> * To relabel a socket, the new socket single must be in the
> * subject range.
1996c1979
< if (!mac_lomac_single_in_range(new, subj))
---
> if (!lomac_single_in_range(new, subj))
2003,2004c1986,1987
< if (mac_lomac_contains_equal(new)) {
< error = mac_lomac_subject_privileged(subj);
---
> if (lomac_contains_equal(new)) {
> error = lomac_subject_privileged(subj);
2014c1997
< mac_lomac_socket_check_visible(struct ucred *cred, struct socket *so,
---
> lomac_socket_check_visible(struct ucred *cred, struct socket *so,
2019c2002
< if (!mac_lomac_enabled)
---
> if (!lomac_enabled)
2025c2008
< if (!mac_lomac_dominate_single(obj, subj))
---
> if (!lomac_dominate_single(obj, subj))
2037c2020
< mac_lomac_priv_check(struct ucred *cred, int priv)
---
> lomac_priv_check(struct ucred *cred, int priv)
2042c2025
< if (!mac_lomac_enabled)
---
> if (!lomac_enabled)
2213c2196
< error = mac_lomac_subject_privileged(subj);
---
> error = lomac_subject_privileged(subj);
2222c2205
< mac_lomac_system_check_acct(struct ucred *cred, struct vnode *vp,
---
> lomac_system_check_acct(struct ucred *cred, struct vnode *vp,
2227c2210
< if (!mac_lomac_enabled)
---
> if (!lomac_enabled)
2233c2216
< if (mac_lomac_subject_privileged(subj))
---
> if (lomac_subject_privileged(subj))
2236c2219
< if (!mac_lomac_high_single(obj))
---
> if (!lomac_high_single(obj))
2243c2226
< mac_lomac_system_check_auditctl(struct ucred *cred, struct vnode *vp,
---
> lomac_system_check_auditctl(struct ucred *cred, struct vnode *vp,
2248c2231
< if (!mac_lomac_enabled)
---
> if (!lomac_enabled)
2254c2237
< if (mac_lomac_subject_privileged(subj))
---
> if (lomac_subject_privileged(subj))
2257c2240
< if (!mac_lomac_high_single(obj))
---
> if (!lomac_high_single(obj))
2264c2247
< mac_lomac_system_check_swapoff(struct ucred *cred, struct vnode *vp,
---
> lomac_system_check_swapoff(struct ucred *cred, struct vnode *vp,
2269c2252
< if (!mac_lomac_enabled)
---
> if (!lomac_enabled)
2274c2257
< if (mac_lomac_subject_privileged(subj))
---
> if (lomac_subject_privileged(subj))
2281c2264
< mac_lomac_system_check_swapon(struct ucred *cred, struct vnode *vp,
---
> lomac_system_check_swapon(struct ucred *cred, struct vnode *vp,
2286c2269
< if (!mac_lomac_enabled)
---
> if (!lomac_enabled)
2292c2275
< if (mac_lomac_subject_privileged(subj))
---
> if (lomac_subject_privileged(subj))
2295c2278
< if (!mac_lomac_high_single(obj))
---
> if (!lomac_high_single(obj))
2302c2285
< mac_lomac_system_check_sysctl(struct ucred *cred, struct sysctl_oid *oidp,
---
> lomac_system_check_sysctl(struct ucred *cred, struct sysctl_oid *oidp,
2307c2290
< if (!mac_lomac_enabled)
---
> if (!lomac_enabled)
2313,2314c2296,2297
< * Treat sysctl variables without CTLFLAG_ANYBODY flag as
< * lomac/high, but also require privilege to change them.
---
> * Treat sysctl variables without CTLFLAG_ANYBODY flag as lomac/high,
> * but also require privilege to change them.
2318c2301
< if (!mac_lomac_subject_dominate_high(subj))
---
> if (!lomac_subject_dominate_high(subj))
2322c2305
< if (mac_lomac_subject_privileged(subj))
---
> if (lomac_subject_privileged(subj))
2330c2313
< mac_lomac_vnode_check_create(struct ucred *cred, struct vnode *dvp,
---
> lomac_vnode_check_create(struct ucred *cred, struct vnode *dvp,
2335c2318
< if (!mac_lomac_enabled)
---
> if (!lomac_enabled)
2341c2324
< if (!mac_lomac_subject_dominate(subj, obj))
---
> if (!lomac_subject_dominate(subj, obj))
2344c2327
< !mac_lomac_dominate_element(&subj->ml_single, &obj->ml_auxsingle))
---
> !lomac_dominate_element(&subj->ml_single, &obj->ml_auxsingle))
2351c2334
< mac_lomac_vnode_check_deleteacl(struct ucred *cred, struct vnode *vp,
---
> lomac_vnode_check_deleteacl(struct ucred *cred, struct vnode *vp,
2356c2339
< if (!mac_lomac_enabled)
---
> if (!lomac_enabled)
2362c2345
< if (!mac_lomac_subject_dominate(subj, obj))
---
> if (!lomac_subject_dominate(subj, obj))
2369c2352
< mac_lomac_vnode_check_link(struct ucred *cred, struct vnode *dvp,
---
> lomac_vnode_check_link(struct ucred *cred, struct vnode *dvp,
2375c2358
< if (!mac_lomac_enabled)
---
> if (!lomac_enabled)
2381c2364
< if (!mac_lomac_subject_dominate(subj, obj))
---
> if (!lomac_subject_dominate(subj, obj))
2386c2369
< if (!mac_lomac_subject_dominate(subj, obj))
---
> if (!lomac_subject_dominate(subj, obj))
2393c2376
< mac_lomac_vnode_check_mmap(struct ucred *cred, struct vnode *vp,
---
> lomac_vnode_check_mmap(struct ucred *cred, struct vnode *vp,
2402c2385
< if (!mac_lomac_enabled)
---
> if (!lomac_enabled)
2409c2392
< if (!mac_lomac_subject_dominate(subj, obj))
---
> if (!lomac_subject_dominate(subj, obj))
2413c2396
< if (!mac_lomac_dominate_single(obj, subj))
---
> if (!lomac_dominate_single(obj, subj))
2421c2404
< mac_lomac_vnode_check_mmap_downgrade(struct ucred *cred, struct vnode *vp,
---
> lomac_vnode_check_mmap_downgrade(struct ucred *cred, struct vnode *vp,
2430c2413
< if (!mac_lomac_enabled || !revocation_enabled)
---
> if (!lomac_enabled || !revocation_enabled)
2436c2419
< if (!mac_lomac_subject_dominate(subj, obj))
---
> if (!lomac_subject_dominate(subj, obj))
2441c2424
< mac_lomac_vnode_check_open(struct ucred *cred, struct vnode *vp,
---
> lomac_vnode_check_open(struct ucred *cred, struct vnode *vp,
2446c2429
< if (!mac_lomac_enabled)
---
> if (!lomac_enabled)
2454c2437
< if (!mac_lomac_subject_dominate(subj, obj))
---
> if (!lomac_subject_dominate(subj, obj))
2462c2445
< mac_lomac_vnode_check_read(struct ucred *active_cred, struct ucred *file_cred,
---
> lomac_vnode_check_read(struct ucred *active_cred, struct ucred *file_cred,
2467c2450
< if (!mac_lomac_enabled || !revocation_enabled)
---
> if (!lomac_enabled || !revocation_enabled)
2473c2456
< if (!mac_lomac_dominate_single(obj, subj))
---
> if (!lomac_dominate_single(obj, subj))
2480c2463
< mac_lomac_vnode_check_relabel(struct ucred *cred, struct vnode *vp,
---
> lomac_vnode_check_relabel(struct ucred *cred, struct vnode *vp,
2503c2486
< if (!mac_lomac_single_in_range(old, subj))
---
> if (!lomac_single_in_range(old, subj))
2514c2497
< if (!mac_lomac_single_in_range(new, subj))
---
> if (!lomac_single_in_range(new, subj))
2518,2519c2501,2502
< * To change the LOMAC label on the vnode to be EQUAL,
< * the subject must have appropriate privilege.
---
> * To change the LOMAC label on the vnode to be EQUAL, the
> * subject must have appropriate privilege.
2521,2522c2504,2505
< if (mac_lomac_contains_equal(new)) {
< error = mac_lomac_subject_privileged(subj);
---
> if (lomac_contains_equal(new)) {
> error = lomac_subject_privileged(subj);
2532c2515
< mac_lomac_copy_single(subj, new);
---
> lomac_copy_single(subj, new);
2538c2521
< if (!mac_lomac_auxsingle_in_range(new, subj))
---
> if (!lomac_auxsingle_in_range(new, subj))
2545,2546c2528,2529
< if (mac_lomac_contains_equal(new)) {
< error = mac_lomac_subject_privileged(subj);
---
> if (lomac_contains_equal(new)) {
> error = lomac_subject_privileged(subj);
2556c2539
< mac_lomac_vnode_check_rename_from(struct ucred *cred, struct vnode *dvp,
---
> lomac_vnode_check_rename_from(struct ucred *cred, struct vnode *dvp,
2562c2545
< if (!mac_lomac_enabled)
---
> if (!lomac_enabled)
2568c2551
< if (!mac_lomac_subject_dominate(subj, obj))
---
> if (!lomac_subject_dominate(subj, obj))
2573c2556
< if (!mac_lomac_subject_dominate(subj, obj))
---
> if (!lomac_subject_dominate(subj, obj))
2580c2563
< mac_lomac_vnode_check_rename_to(struct ucred *cred, struct vnode *dvp,
---
> lomac_vnode_check_rename_to(struct ucred *cred, struct vnode *dvp,
2586c2569
< if (!mac_lomac_enabled)
---
> if (!lomac_enabled)
2592c2575
< if (!mac_lomac_subject_dominate(subj, obj))
---
> if (!lomac_subject_dominate(subj, obj))
2598c2581
< if (!mac_lomac_subject_dominate(subj, obj))
---
> if (!lomac_subject_dominate(subj, obj))
2606c2589
< mac_lomac_vnode_check_revoke(struct ucred *cred, struct vnode *vp,
---
> lomac_vnode_check_revoke(struct ucred *cred, struct vnode *vp,
2611c2594
< if (!mac_lomac_enabled)
---
> if (!lomac_enabled)
2617c2600
< if (!mac_lomac_subject_dominate(subj, obj))
---
> if (!lomac_subject_dominate(subj, obj))
2624c2607
< mac_lomac_vnode_check_setacl(struct ucred *cred, struct vnode *vp,
---
> lomac_vnode_check_setacl(struct ucred *cred, struct vnode *vp,
2629c2612
< if (!mac_lomac_enabled)
---
> if (!lomac_enabled)
2635c2618
< if (!mac_lomac_subject_dominate(subj, obj))
---
> if (!lomac_subject_dominate(subj, obj))
2642c2625
< mac_lomac_vnode_check_setextattr(struct ucred *cred, struct vnode *vp,
---
> lomac_vnode_check_setextattr(struct ucred *cred, struct vnode *vp,
2648c2631
< if (!mac_lomac_enabled)
---
> if (!lomac_enabled)
2654c2637
< if (!mac_lomac_subject_dominate(subj, obj))
---
> if (!lomac_subject_dominate(subj, obj))
2663c2646
< mac_lomac_vnode_check_setflags(struct ucred *cred, struct vnode *vp,
---
> lomac_vnode_check_setflags(struct ucred *cred, struct vnode *vp,
2668c2651
< if (!mac_lomac_enabled)
---
> if (!lomac_enabled)
2674c2657
< if (!mac_lomac_subject_dominate(subj, obj))
---
> if (!lomac_subject_dominate(subj, obj))
2681c2664
< mac_lomac_vnode_check_setmode(struct ucred *cred, struct vnode *vp,
---
> lomac_vnode_check_setmode(struct ucred *cred, struct vnode *vp,
2686c2669
< if (!mac_lomac_enabled)
---
> if (!lomac_enabled)
2692c2675
< if (!mac_lomac_subject_dominate(subj, obj))
---
> if (!lomac_subject_dominate(subj, obj))
2699c2682
< mac_lomac_vnode_check_setowner(struct ucred *cred, struct vnode *vp,
---
> lomac_vnode_check_setowner(struct ucred *cred, struct vnode *vp,
2704c2687
< if (!mac_lomac_enabled)
---
> if (!lomac_enabled)
2710c2693
< if (!mac_lomac_subject_dominate(subj, obj))
---
> if (!lomac_subject_dominate(subj, obj))
2717c2700
< mac_lomac_vnode_check_setutimes(struct ucred *cred, struct vnode *vp,
---
> lomac_vnode_check_setutimes(struct ucred *cred, struct vnode *vp,
2722c2705
< if (!mac_lomac_enabled)
---
> if (!lomac_enabled)
2728c2711
< if (!mac_lomac_subject_dominate(subj, obj))
---
> if (!lomac_subject_dominate(subj, obj))
2735c2718
< mac_lomac_vnode_check_unlink(struct ucred *cred, struct vnode *dvp,
---
> lomac_vnode_check_unlink(struct ucred *cred, struct vnode *dvp,
2741c2724
< if (!mac_lomac_enabled)
---
> if (!lomac_enabled)
2747c2730
< if (!mac_lomac_subject_dominate(subj, obj))
---
> if (!lomac_subject_dominate(subj, obj))
2752c2735
< if (!mac_lomac_subject_dominate(subj, obj))
---
> if (!lomac_subject_dominate(subj, obj))
2759c2742
< mac_lomac_vnode_check_write(struct ucred *active_cred,
---
> lomac_vnode_check_write(struct ucred *active_cred,
2764c2747
< if (!mac_lomac_enabled || !revocation_enabled)
---
> if (!lomac_enabled || !revocation_enabled)
2770c2753
< if (!mac_lomac_subject_dominate(subj, obj))
---
> if (!lomac_subject_dominate(subj, obj))
2777c2760
< mac_lomac_thread_userret(struct thread *td)
---
> lomac_thread_userret(struct thread *td)
2791,2792c2774,2775
< * mac_cred_mmapped_drop_perms; ideally, the other
< * user of subj->mtx wouldn't be holding Giant.
---
> * mac_cred_mmapped_drop_perms; ideally, the other user of
> * subj->mtx wouldn't be holding Giant.
2807c2790
< mac_lomac_copy(&subj->mac_lomac, SLOT(newcred->cr_label));
---
> lomac_copy(&subj->mac_lomac, SLOT(newcred->cr_label));
2822c2805
< static struct mac_policy_ops mac_lomac_ops =
---
> static struct mac_policy_ops lomac_ops =
2824,2910c2807,2890
< .mpo_init = mac_lomac_init,
< .mpo_bpfdesc_init_label = mac_lomac_init_label,
< .mpo_cred_init_label = mac_lomac_init_label,
< .mpo_devfs_init_label = mac_lomac_init_label,
< .mpo_ifnet_init_label = mac_lomac_init_label,
< .mpo_init_syncache_label = mac_lomac_init_label_waitcheck,
< .mpo_inpcb_init_label = mac_lomac_init_label_waitcheck,
< .mpo_ipq_init_label = mac_lomac_init_label_waitcheck,
< .mpo_mbuf_init_label = mac_lomac_init_label_waitcheck,
< .mpo_mount_init_label = mac_lomac_init_label,
< .mpo_pipe_init_label = mac_lomac_init_label,
< .mpo_proc_init_label = mac_lomac_proc_init_label,
< .mpo_socket_init_label = mac_lomac_init_label_waitcheck,
< .mpo_socketpeer_init_label = mac_lomac_init_label_waitcheck,
< .mpo_vnode_init_label = mac_lomac_init_label,
< .mpo_init_syncache_from_inpcb = mac_lomac_init_syncache_from_inpcb,
< .mpo_bpfdesc_destroy_label = mac_lomac_destroy_label,
< .mpo_cred_destroy_label = mac_lomac_destroy_label,
< .mpo_devfs_destroy_label = mac_lomac_destroy_label,
< .mpo_ifnet_destroy_label = mac_lomac_destroy_label,
< .mpo_inpcb_destroy_label = mac_lomac_destroy_label,
< .mpo_ipq_destroy_label = mac_lomac_destroy_label,
< .mpo_mbuf_destroy_label = mac_lomac_destroy_label,
< .mpo_mount_destroy_label = mac_lomac_destroy_label,
< .mpo_pipe_destroy_label = mac_lomac_destroy_label,
< .mpo_proc_destroy_label = mac_lomac_proc_destroy_label,
< .mpo_destroy_syncache_label = mac_lomac_destroy_label,
< .mpo_socket_destroy_label = mac_lomac_destroy_label,
< .mpo_socketpeer_destroy_label = mac_lomac_destroy_label,
< .mpo_vnode_destroy_label = mac_lomac_destroy_label,
< .mpo_cred_copy_label = mac_lomac_copy_label,
< .mpo_ifnet_copy_label = mac_lomac_copy_label,
< .mpo_mbuf_copy_label = mac_lomac_copy_label,
< .mpo_pipe_copy_label = mac_lomac_copy_label,
< .mpo_socket_copy_label = mac_lomac_copy_label,
< .mpo_vnode_copy_label = mac_lomac_copy_label,
< .mpo_cred_externalize_label = mac_lomac_externalize_label,
< .mpo_ifnet_externalize_label = mac_lomac_externalize_label,
< .mpo_pipe_externalize_label = mac_lomac_externalize_label,
< .mpo_socket_externalize_label = mac_lomac_externalize_label,
< .mpo_socketpeer_externalize_label = mac_lomac_externalize_label,
< .mpo_vnode_externalize_label = mac_lomac_externalize_label,
< .mpo_cred_internalize_label = mac_lomac_internalize_label,
< .mpo_ifnet_internalize_label = mac_lomac_internalize_label,
< .mpo_pipe_internalize_label = mac_lomac_internalize_label,
< .mpo_socket_internalize_label = mac_lomac_internalize_label,
< .mpo_vnode_internalize_label = mac_lomac_internalize_label,
< .mpo_devfs_create_device = mac_lomac_devfs_create_device,
< .mpo_devfs_create_directory = mac_lomac_devfs_create_directory,
< .mpo_devfs_create_symlink = mac_lomac_devfs_create_symlink,
< .mpo_mount_create = mac_lomac_mount_create,
< .mpo_vnode_relabel = mac_lomac_vnode_relabel,
< .mpo_devfs_update = mac_lomac_devfs_update,
< .mpo_devfs_vnode_associate = mac_lomac_devfs_vnode_associate,
< .mpo_vnode_associate_extattr = mac_lomac_vnode_associate_extattr,
< .mpo_vnode_associate_singlelabel =
< mac_lomac_vnode_associate_singlelabel,
< .mpo_vnode_create_extattr = mac_lomac_vnode_create_extattr,
< .mpo_vnode_setlabel_extattr = mac_lomac_vnode_setlabel_extattr,
< .mpo_socket_create_mbuf = mac_lomac_socket_create_mbuf,
< .mpo_create_mbuf_from_syncache = mac_lomac_create_mbuf_from_syncache,
< .mpo_pipe_create = mac_lomac_pipe_create,
< .mpo_socket_create = mac_lomac_socket_create,
< .mpo_socket_newconn = mac_lomac_socket_newconn,
< .mpo_pipe_relabel = mac_lomac_pipe_relabel,
< .mpo_socket_relabel = mac_lomac_socket_relabel,
< .mpo_socketpeer_set_from_mbuf = mac_lomac_socketpeer_set_from_mbuf,
< .mpo_socketpeer_set_from_socket =
< mac_lomac_socketpeer_set_from_socket,
< .mpo_bpfdesc_create = mac_lomac_bpfdesc_create,
< .mpo_ipq_reassemble = mac_lomac_ipq_reassemble,
< .mpo_netinet_fragment = mac_lomac_netinet_fragment,
< .mpo_ifnet_create = mac_lomac_ifnet_create,
< .mpo_inpcb_create = mac_lomac_inpcb_create,
< .mpo_ipq_create = mac_lomac_ipq_create,
< .mpo_inpcb_create_mbuf = mac_lomac_inpcb_create_mbuf,
< .mpo_create_mbuf_linklayer = mac_lomac_create_mbuf_linklayer,
< .mpo_bpfdesc_create_mbuf = mac_lomac_bpfdesc_create_mbuf,
< .mpo_ifnet_create_mbuf = mac_lomac_ifnet_create_mbuf,
< .mpo_mbuf_create_multicast_encap =
< mac_lomac_mbuf_create_multicast_encap,
< .mpo_mbuf_create_netlayer = mac_lomac_mbuf_create_netlayer,
< .mpo_ipq_match = mac_lomac_ipq_match,
< .mpo_ifnet_relabel = mac_lomac_ifnet_relabel,
< .mpo_ipq_update = mac_lomac_ipq_update,
< .mpo_inpcb_sosetlabel = mac_lomac_inpcb_sosetlabel,
< .mpo_vnode_execve_transition = mac_lomac_vnode_execve_transition,
---
> .mpo_init = lomac_init,
> .mpo_bpfdesc_init_label = lomac_init_label,
> .mpo_cred_init_label = lomac_init_label,
> .mpo_devfs_init_label = lomac_init_label,
> .mpo_ifnet_init_label = lomac_init_label,
> .mpo_init_syncache_label = lomac_init_label_waitcheck,
> .mpo_inpcb_init_label = lomac_init_label_waitcheck,
> .mpo_ipq_init_label = lomac_init_label_waitcheck,
> .mpo_mbuf_init_label = lomac_init_label_waitcheck,
> .mpo_mount_init_label = lomac_init_label,
> .mpo_pipe_init_label = lomac_init_label,
> .mpo_proc_init_label = lomac_proc_init_label,
> .mpo_socket_init_label = lomac_init_label_waitcheck,
> .mpo_socketpeer_init_label = lomac_init_label_waitcheck,
> .mpo_vnode_init_label = lomac_init_label,
> .mpo_init_syncache_from_inpcb = lomac_init_syncache_from_inpcb,
> .mpo_bpfdesc_destroy_label = lomac_destroy_label,
> .mpo_cred_destroy_label = lomac_destroy_label,
> .mpo_devfs_destroy_label = lomac_destroy_label,
> .mpo_ifnet_destroy_label = lomac_destroy_label,
> .mpo_inpcb_destroy_label = lomac_destroy_label,
> .mpo_ipq_destroy_label = lomac_destroy_label,
> .mpo_mbuf_destroy_label = lomac_destroy_label,
> .mpo_mount_destroy_label = lomac_destroy_label,
> .mpo_pipe_destroy_label = lomac_destroy_label,
> .mpo_proc_destroy_label = lomac_proc_destroy_label,
> .mpo_destroy_syncache_label = lomac_destroy_label,
> .mpo_socket_destroy_label = lomac_destroy_label,
> .mpo_socketpeer_destroy_label = lomac_destroy_label,
> .mpo_vnode_destroy_label = lomac_destroy_label,
> .mpo_cred_copy_label = lomac_copy_label,
> .mpo_ifnet_copy_label = lomac_copy_label,
> .mpo_mbuf_copy_label = lomac_copy_label,
> .mpo_pipe_copy_label = lomac_copy_label,
> .mpo_socket_copy_label = lomac_copy_label,
> .mpo_vnode_copy_label = lomac_copy_label,
> .mpo_cred_externalize_label = lomac_externalize_label,
> .mpo_ifnet_externalize_label = lomac_externalize_label,
> .mpo_pipe_externalize_label = lomac_externalize_label,
> .mpo_socket_externalize_label = lomac_externalize_label,
> .mpo_socketpeer_externalize_label = lomac_externalize_label,
> .mpo_vnode_externalize_label = lomac_externalize_label,
> .mpo_cred_internalize_label = lomac_internalize_label,
> .mpo_ifnet_internalize_label = lomac_internalize_label,
> .mpo_pipe_internalize_label = lomac_internalize_label,
> .mpo_socket_internalize_label = lomac_internalize_label,
> .mpo_vnode_internalize_label = lomac_internalize_label,
> .mpo_devfs_create_device = lomac_devfs_create_device,
> .mpo_devfs_create_directory = lomac_devfs_create_directory,
> .mpo_devfs_create_symlink = lomac_devfs_create_symlink,
> .mpo_mount_create = lomac_mount_create,
> .mpo_vnode_relabel = lomac_vnode_relabel,
> .mpo_devfs_update = lomac_devfs_update,
> .mpo_devfs_vnode_associate = lomac_devfs_vnode_associate,
> .mpo_vnode_associate_extattr = lomac_vnode_associate_extattr,
> .mpo_vnode_associate_singlelabel = lomac_vnode_associate_singlelabel,
> .mpo_vnode_create_extattr = lomac_vnode_create_extattr,
> .mpo_vnode_setlabel_extattr = lomac_vnode_setlabel_extattr,
> .mpo_socket_create_mbuf = lomac_socket_create_mbuf,
> .mpo_create_mbuf_from_syncache = lomac_create_mbuf_from_syncache,
> .mpo_pipe_create = lomac_pipe_create,
> .mpo_socket_create = lomac_socket_create,
> .mpo_socket_newconn = lomac_socket_newconn,
> .mpo_pipe_relabel = lomac_pipe_relabel,
> .mpo_socket_relabel = lomac_socket_relabel,
> .mpo_socketpeer_set_from_mbuf = lomac_socketpeer_set_from_mbuf,
> .mpo_socketpeer_set_from_socket = lomac_socketpeer_set_from_socket,
> .mpo_bpfdesc_create = lomac_bpfdesc_create,
> .mpo_ipq_reassemble = lomac_ipq_reassemble,
> .mpo_netinet_fragment = lomac_netinet_fragment,
> .mpo_ifnet_create = lomac_ifnet_create,
> .mpo_inpcb_create = lomac_inpcb_create,
> .mpo_ipq_create = lomac_ipq_create,
> .mpo_inpcb_create_mbuf = lomac_inpcb_create_mbuf,
> .mpo_create_mbuf_linklayer = lomac_create_mbuf_linklayer,
> .mpo_bpfdesc_create_mbuf = lomac_bpfdesc_create_mbuf,
> .mpo_ifnet_create_mbuf = lomac_ifnet_create_mbuf,
> .mpo_mbuf_create_multicast_encap = lomac_mbuf_create_multicast_encap,
> .mpo_mbuf_create_netlayer = lomac_mbuf_create_netlayer,
> .mpo_ipq_match = lomac_ipq_match,
> .mpo_ifnet_relabel = lomac_ifnet_relabel,
> .mpo_ipq_update = lomac_ipq_update,
> .mpo_inpcb_sosetlabel = lomac_inpcb_sosetlabel,
> .mpo_vnode_execve_transition = lomac_vnode_execve_transition,
2912,2960c2892,2940
< mac_lomac_vnode_execve_will_transition,
< .mpo_proc_create_swapper = mac_lomac_proc_create_swapper,
< .mpo_proc_create_init = mac_lomac_proc_create_init,
< .mpo_cred_relabel = mac_lomac_cred_relabel,
< .mpo_bpfdesc_check_receive = mac_lomac_bpfdesc_check_receive,
< .mpo_cred_check_relabel = mac_lomac_cred_check_relabel,
< .mpo_cred_check_visible = mac_lomac_cred_check_visible,
< .mpo_ifnet_check_relabel = mac_lomac_ifnet_check_relabel,
< .mpo_ifnet_check_transmit = mac_lomac_ifnet_check_transmit,
< .mpo_inpcb_check_deliver = mac_lomac_inpcb_check_deliver,
< .mpo_kld_check_load = mac_lomac_kld_check_load,
< .mpo_pipe_check_ioctl = mac_lomac_pipe_check_ioctl,
< .mpo_pipe_check_read = mac_lomac_pipe_check_read,
< .mpo_pipe_check_relabel = mac_lomac_pipe_check_relabel,
< .mpo_pipe_check_write = mac_lomac_pipe_check_write,
< .mpo_proc_check_debug = mac_lomac_proc_check_debug,
< .mpo_proc_check_sched = mac_lomac_proc_check_sched,
< .mpo_proc_check_signal = mac_lomac_proc_check_signal,
< .mpo_socket_check_deliver = mac_lomac_socket_check_deliver,
< .mpo_socket_check_relabel = mac_lomac_socket_check_relabel,
< .mpo_socket_check_visible = mac_lomac_socket_check_visible,
< .mpo_system_check_acct = mac_lomac_system_check_acct,
< .mpo_system_check_auditctl = mac_lomac_system_check_auditctl,
< .mpo_system_check_swapoff = mac_lomac_system_check_swapoff,
< .mpo_system_check_swapon = mac_lomac_system_check_swapon,
< .mpo_system_check_sysctl = mac_lomac_system_check_sysctl,
< .mpo_vnode_check_access = mac_lomac_vnode_check_open,
< .mpo_vnode_check_create = mac_lomac_vnode_check_create,
< .mpo_vnode_check_deleteacl = mac_lomac_vnode_check_deleteacl,
< .mpo_vnode_check_link = mac_lomac_vnode_check_link,
< .mpo_vnode_check_mmap = mac_lomac_vnode_check_mmap,
< .mpo_vnode_check_mmap_downgrade = mac_lomac_vnode_check_mmap_downgrade,
< .mpo_vnode_check_open = mac_lomac_vnode_check_open,
< .mpo_vnode_check_read = mac_lomac_vnode_check_read,
< .mpo_vnode_check_relabel = mac_lomac_vnode_check_relabel,
< .mpo_vnode_check_rename_from = mac_lomac_vnode_check_rename_from,
< .mpo_vnode_check_rename_to = mac_lomac_vnode_check_rename_to,
< .mpo_vnode_check_revoke = mac_lomac_vnode_check_revoke,
< .mpo_vnode_check_setacl = mac_lomac_vnode_check_setacl,
< .mpo_vnode_check_setextattr = mac_lomac_vnode_check_setextattr,
< .mpo_vnode_check_setflags = mac_lomac_vnode_check_setflags,
< .mpo_vnode_check_setmode = mac_lomac_vnode_check_setmode,
< .mpo_vnode_check_setowner = mac_lomac_vnode_check_setowner,
< .mpo_vnode_check_setutimes = mac_lomac_vnode_check_setutimes,
< .mpo_vnode_check_unlink = mac_lomac_vnode_check_unlink,
< .mpo_vnode_check_write = mac_lomac_vnode_check_write,
< .mpo_thread_userret = mac_lomac_thread_userret,
< .mpo_mbuf_create_from_firewall = mac_lomac_mbuf_create_from_firewall,
< .mpo_priv_check = mac_lomac_priv_check,
---
> lomac_vnode_execve_will_transition,
> .mpo_proc_create_swapper = lomac_proc_create_swapper,
> .mpo_proc_create_init = lomac_proc_create_init,
> .mpo_cred_relabel = lomac_cred_relabel,
> .mpo_bpfdesc_check_receive = lomac_bpfdesc_check_receive,
> .mpo_cred_check_relabel = lomac_cred_check_relabel,
> .mpo_cred_check_visible = lomac_cred_check_visible,
> .mpo_ifnet_check_relabel = lomac_ifnet_check_relabel,
> .mpo_ifnet_check_transmit = lomac_ifnet_check_transmit,
> .mpo_inpcb_check_deliver = lomac_inpcb_check_deliver,
> .mpo_kld_check_load = lomac_kld_check_load,
> .mpo_pipe_check_ioctl = lomac_pipe_check_ioctl,
> .mpo_pipe_check_read = lomac_pipe_check_read,
> .mpo_pipe_check_relabel = lomac_pipe_check_relabel,
> .mpo_pipe_check_write = lomac_pipe_check_write,
> .mpo_proc_check_debug = lomac_proc_check_debug,
> .mpo_proc_check_sched = lomac_proc_check_sched,
> .mpo_proc_check_signal = lomac_proc_check_signal,
> .mpo_socket_check_deliver = lomac_socket_check_deliver,
> .mpo_socket_check_relabel = lomac_socket_check_relabel,
> .mpo_socket_check_visible = lomac_socket_check_visible,
> .mpo_system_check_acct = lomac_system_check_acct,
> .mpo_system_check_auditctl = lomac_system_check_auditctl,
> .mpo_system_check_swapoff = lomac_system_check_swapoff,
> .mpo_system_check_swapon = lomac_system_check_swapon,
> .mpo_system_check_sysctl = lomac_system_check_sysctl,
> .mpo_vnode_check_access = lomac_vnode_check_open,
> .mpo_vnode_check_create = lomac_vnode_check_create,
> .mpo_vnode_check_deleteacl = lomac_vnode_check_deleteacl,
> .mpo_vnode_check_link = lomac_vnode_check_link,
> .mpo_vnode_check_mmap = lomac_vnode_check_mmap,
> .mpo_vnode_check_mmap_downgrade = lomac_vnode_check_mmap_downgrade,
> .mpo_vnode_check_open = lomac_vnode_check_open,
> .mpo_vnode_check_read = lomac_vnode_check_read,
> .mpo_vnode_check_relabel = lomac_vnode_check_relabel,
> .mpo_vnode_check_rename_from = lomac_vnode_check_rename_from,
> .mpo_vnode_check_rename_to = lomac_vnode_check_rename_to,
> .mpo_vnode_check_revoke = lomac_vnode_check_revoke,
> .mpo_vnode_check_setacl = lomac_vnode_check_setacl,
> .mpo_vnode_check_setextattr = lomac_vnode_check_setextattr,
> .mpo_vnode_check_setflags = lomac_vnode_check_setflags,
> .mpo_vnode_check_setmode = lomac_vnode_check_setmode,
> .mpo_vnode_check_setowner = lomac_vnode_check_setowner,
> .mpo_vnode_check_setutimes = lomac_vnode_check_setutimes,
> .mpo_vnode_check_unlink = lomac_vnode_check_unlink,
> .mpo_vnode_check_write = lomac_vnode_check_write,
> .mpo_thread_userret = lomac_thread_userret,
> .mpo_mbuf_create_from_firewall = lomac_mbuf_create_from_firewall,
> .mpo_priv_check = lomac_priv_check,
2963c2943
< MAC_POLICY_SET(&mac_lomac_ops, mac_lomac, "TrustedBSD MAC/LOMAC",
---
> MAC_POLICY_SET(&lomac_ops, mac_lomac, "TrustedBSD MAC/LOMAC",
2965c2945
< &mac_lomac_slot);
---
> &lomac_slot);
< * $FreeBSD: head/sys/security/mac_lomac/mac_lomac.c 172953 2007-10-25 07:49:47Z rwatson $
---
> * $FreeBSD: head/sys/security/mac_lomac/mac_lomac.c 172955 2007-10-25 11:31:11Z rwatson $
99c99
< static int mac_lomac_label_size = sizeof(struct mac_lomac);
---
> static int lomac_label_size = sizeof(struct mac_lomac);
101c101
< &mac_lomac_label_size, 0, "Size of struct mac_lomac");
---
> &lomac_label_size, 0, "Size of struct mac_lomac");
103c103
< static int mac_lomac_enabled = 1;
---
> static int lomac_enabled = 1;
105,106c105,106
< &mac_lomac_enabled, 0, "Enforce MAC/LOMAC policy");
< TUNABLE_INT("security.mac.lomac.enabled", &mac_lomac_enabled);
---
> &lomac_enabled, 0, "Enforce MAC/LOMAC policy");
> TUNABLE_INT("security.mac.lomac.enabled", &lomac_enabled);
133,135c133,135
< static int mac_lomac_slot;
< #define SLOT(l) ((struct mac_lomac *)mac_label_get((l), mac_lomac_slot))
< #define SLOT_SET(l, val) mac_label_set((l), mac_lomac_slot, (uintptr_t)(val))
---
> static int lomac_slot;
> #define SLOT(l) ((struct mac_lomac *)mac_label_get((l), lomac_slot))
> #define SLOT_SET(l, val) mac_label_set((l), lomac_slot, (uintptr_t)(val))
137,138c137,138
< mac_label_get((l), mac_lomac_slot))
< #define PSLOT_SET(l, val) mac_label_set((l), mac_lomac_slot, (uintptr_t)(val))
---
> mac_label_get((l), lomac_slot))
> #define PSLOT_SET(l, val) mac_label_set((l), lomac_slot, (uintptr_t)(val))
140c140
< MALLOC_DEFINE(M_MACLOMAC, "mac_lomac_label", "MAC/LOMAC labels");
---
> MALLOC_DEFINE(M_LOMAC, "mac_lomac_label", "MAC/LOMAC labels");
145c145
< struct mac_lomac *mac_lomac;
---
> struct mac_lomac *ml;
147c147
< mac_lomac = malloc(sizeof(struct mac_lomac), M_MACLOMAC, M_ZERO | flag);
---
> ml = malloc(sizeof(*ml), M_LOMAC, M_ZERO | flag);
149c149
< return (mac_lomac);
---
> return (ml);
153c153
< lomac_free(struct mac_lomac *mac_lomac)
---
> lomac_free(struct mac_lomac *ml)
156,157c156,157
< if (mac_lomac != NULL)
< free(mac_lomac, M_MACLOMAC);
---
> if (ml != NULL)
> free(ml, M_LOMAC);
163c163
< lomac_atmostflags(struct mac_lomac *mac_lomac, int flags)
---
> lomac_atmostflags(struct mac_lomac *ml, int flags)
166c166
< if ((mac_lomac->ml_flags & flags) != mac_lomac->ml_flags)
---
> if ((ml->ml_flags & flags) != ml->ml_flags)
172c172
< mac_lomac_dominate_element(struct mac_lomac_element *a,
---
> lomac_dominate_element(struct mac_lomac_element *a,
192c192
< panic("mac_lomac_dominate_element: b->mle_type invalid");
---
> panic("lomac_dominate_element: b->mle_type invalid");
208c208
< panic("mac_lomac_dominate_element: b->mle_type invalid");
---
> panic("lomac_dominate_element: b->mle_type invalid");
212c212
< panic("mac_lomac_dominate_element: a->mle_type invalid");
---
> panic("lomac_dominate_element: a->mle_type invalid");
217c217
< mac_lomac_range_in_range(struct mac_lomac *rangea, struct mac_lomac *rangeb)
---
> lomac_range_in_range(struct mac_lomac *rangea, struct mac_lomac *rangeb)
220c220
< return (mac_lomac_dominate_element(&rangeb->ml_rangehigh,
---
> return (lomac_dominate_element(&rangeb->ml_rangehigh,
222c222
< mac_lomac_dominate_element(&rangea->ml_rangelow,
---
> lomac_dominate_element(&rangea->ml_rangelow,
227c227
< mac_lomac_single_in_range(struct mac_lomac *single, struct mac_lomac *range)
---
> lomac_single_in_range(struct mac_lomac *single, struct mac_lomac *range)
231c231
< ("mac_lomac_single_in_range: a not single"));
---
> ("lomac_single_in_range: a not single"));
233c233
< ("mac_lomac_single_in_range: b not range"));
---
> ("lomac_single_in_range: b not range"));
235,237c235,236
< return (mac_lomac_dominate_element(&range->ml_rangehigh,
< &single->ml_single) &&
< mac_lomac_dominate_element(&single->ml_single,
---
> return (lomac_dominate_element(&range->ml_rangehigh,
> &single->ml_single) && lomac_dominate_element(&single->ml_single,
242c241
< mac_lomac_auxsingle_in_range(struct mac_lomac *single, struct mac_lomac *range)
---
> lomac_auxsingle_in_range(struct mac_lomac *single, struct mac_lomac *range)
246c245
< ("mac_lomac_single_in_range: a not auxsingle"));
---
> ("lomac_single_in_range: a not auxsingle"));
248c247
< ("mac_lomac_single_in_range: b not range"));
---
> ("lomac_single_in_range: b not range"));
250c249
< return (mac_lomac_dominate_element(&range->ml_rangehigh,
---
> return (lomac_dominate_element(&range->ml_rangehigh,
252c251
< mac_lomac_dominate_element(&single->ml_auxsingle,
---
> lomac_dominate_element(&single->ml_auxsingle,
257c256
< mac_lomac_dominate_single(struct mac_lomac *a, struct mac_lomac *b)
---
> lomac_dominate_single(struct mac_lomac *a, struct mac_lomac *b)
260c259
< ("mac_lomac_dominate_single: a not single"));
---
> ("lomac_dominate_single: a not single"));
262c261
< ("mac_lomac_dominate_single: b not single"));
---
> ("lomac_dominate_single: b not single"));
264c263
< return (mac_lomac_dominate_element(&a->ml_single, &b->ml_single));
---
> return (lomac_dominate_element(&a->ml_single, &b->ml_single));
268c267
< mac_lomac_subject_dominate(struct mac_lomac *a, struct mac_lomac *b)
---
> lomac_subject_dominate(struct mac_lomac *a, struct mac_lomac *b)
272c271
< ("mac_lomac_dominate_single: a not subject"));
---
> ("lomac_dominate_single: a not subject"));
274c273
< ("mac_lomac_dominate_single: b not single"));
---
> ("lomac_dominate_single: b not single"));
276,277c275
< return (mac_lomac_dominate_element(&a->ml_rangehigh,
< &b->ml_single));
---
> return (lomac_dominate_element(&a->ml_rangehigh, &b->ml_single));
281c279
< mac_lomac_equal_element(struct mac_lomac_element *a, struct mac_lomac_element *b)
---
> lomac_equal_element(struct mac_lomac_element *a, struct mac_lomac_element *b)
292c290
< mac_lomac_equal_single(struct mac_lomac *a, struct mac_lomac *b)
---
> lomac_equal_single(struct mac_lomac *a, struct mac_lomac *b)
296c294
< ("mac_lomac_equal_single: a not single"));
---
> ("lomac_equal_single: a not single"));
298c296
< ("mac_lomac_equal_single: b not single"));
---
> ("lomac_equal_single: b not single"));
300c298
< return (mac_lomac_equal_element(&a->ml_single, &b->ml_single));
---
> return (lomac_equal_element(&a->ml_single, &b->ml_single));
304c302
< mac_lomac_contains_equal(struct mac_lomac *mac_lomac)
---
> lomac_contains_equal(struct mac_lomac *ml)
307,308c305,306
< if (mac_lomac->ml_flags & MAC_LOMAC_FLAG_SINGLE)
< if (mac_lomac->ml_single.mle_type == MAC_LOMAC_TYPE_EQUAL)
---
> if (ml->ml_flags & MAC_LOMAC_FLAG_SINGLE)
> if (ml->ml_single.mle_type == MAC_LOMAC_TYPE_EQUAL)
310,311c308,309
< if (mac_lomac->ml_flags & MAC_LOMAC_FLAG_AUX)
< if (mac_lomac->ml_auxsingle.mle_type == MAC_LOMAC_TYPE_EQUAL)
---
> if (ml->ml_flags & MAC_LOMAC_FLAG_AUX)
> if (ml->ml_auxsingle.mle_type == MAC_LOMAC_TYPE_EQUAL)
314,315c312,313
< if (mac_lomac->ml_flags & MAC_LOMAC_FLAG_RANGE) {
< if (mac_lomac->ml_rangelow.mle_type == MAC_LOMAC_TYPE_EQUAL)
---
> if (ml->ml_flags & MAC_LOMAC_FLAG_RANGE) {
> if (ml->ml_rangelow.mle_type == MAC_LOMAC_TYPE_EQUAL)
317c315
< if (mac_lomac->ml_rangehigh.mle_type == MAC_LOMAC_TYPE_EQUAL)
---
> if (ml->ml_rangehigh.mle_type == MAC_LOMAC_TYPE_EQUAL)
325c323
< mac_lomac_subject_privileged(struct mac_lomac *mac_lomac)
---
> lomac_subject_privileged(struct mac_lomac *ml)
328c326
< KASSERT((mac_lomac->ml_flags & MAC_LOMAC_FLAGS_BOTH) ==
---
> KASSERT((ml->ml_flags & MAC_LOMAC_FLAGS_BOTH) ==
330c328
< ("mac_lomac_subject_privileged: subject doesn't have both labels"));
---
> ("lomac_subject_privileged: subject doesn't have both labels"));
333c331
< if (mac_lomac->ml_single.mle_type == MAC_LOMAC_TYPE_EQUAL)
---
> if (ml->ml_single.mle_type == MAC_LOMAC_TYPE_EQUAL)
337,338c335,336
< if (mac_lomac->ml_rangelow.mle_type == MAC_LOMAC_TYPE_EQUAL ||
< mac_lomac->ml_rangehigh.mle_type == MAC_LOMAC_TYPE_EQUAL)
---
> if (ml->ml_rangelow.mle_type == MAC_LOMAC_TYPE_EQUAL ||
> ml->ml_rangehigh.mle_type == MAC_LOMAC_TYPE_EQUAL)
342,343c340,341
< if (mac_lomac->ml_rangelow.mle_type == MAC_LOMAC_TYPE_LOW &&
< mac_lomac->ml_rangehigh.mle_type == MAC_LOMAC_TYPE_HIGH)
---
> if (ml->ml_rangelow.mle_type == MAC_LOMAC_TYPE_LOW &&
> ml->ml_rangehigh.mle_type == MAC_LOMAC_TYPE_HIGH)
351c349
< mac_lomac_high_single(struct mac_lomac *mac_lomac)
---
> lomac_high_single(struct mac_lomac *ml)
354,355c352,353
< KASSERT((mac_lomac->ml_flags & MAC_LOMAC_FLAG_SINGLE) != 0,
< ("mac_lomac_high_single: mac_lomac not single"));
---
> KASSERT((ml->ml_flags & MAC_LOMAC_FLAG_SINGLE) != 0,
> ("lomac_high_single: mac_lomac not single"));
357c355
< return (mac_lomac->ml_single.mle_type == MAC_LOMAC_TYPE_HIGH);
---
> return (ml->ml_single.mle_type == MAC_LOMAC_TYPE_HIGH);
361c359
< mac_lomac_valid(struct mac_lomac *mac_lomac)
---
> lomac_valid(struct mac_lomac *ml)
364,365c362,363
< if (mac_lomac->ml_flags & MAC_LOMAC_FLAG_SINGLE) {
< switch (mac_lomac->ml_single.mle_type) {
---
> if (ml->ml_flags & MAC_LOMAC_FLAG_SINGLE) {
> switch (ml->ml_single.mle_type) {
376c374
< if (mac_lomac->ml_single.mle_type != MAC_LOMAC_TYPE_UNDEF)
---
> if (ml->ml_single.mle_type != MAC_LOMAC_TYPE_UNDEF)
380,381c378,379
< if (mac_lomac->ml_flags & MAC_LOMAC_FLAG_AUX) {
< switch (mac_lomac->ml_auxsingle.mle_type) {
---
> if (ml->ml_flags & MAC_LOMAC_FLAG_AUX) {
> switch (ml->ml_auxsingle.mle_type) {
392c390
< if (mac_lomac->ml_auxsingle.mle_type != MAC_LOMAC_TYPE_UNDEF)
---
> if (ml->ml_auxsingle.mle_type != MAC_LOMAC_TYPE_UNDEF)
396,397c394,395
< if (mac_lomac->ml_flags & MAC_LOMAC_FLAG_RANGE) {
< switch (mac_lomac->ml_rangelow.mle_type) {
---
> if (ml->ml_flags & MAC_LOMAC_FLAG_RANGE) {
> switch (ml->ml_rangelow.mle_type) {
408c406
< switch (mac_lomac->ml_rangehigh.mle_type) {
---
> switch (ml->ml_rangehigh.mle_type) {
418,419c416,417
< if (!mac_lomac_dominate_element(&mac_lomac->ml_rangehigh,
< &mac_lomac->ml_rangelow))
---
> if (!lomac_dominate_element(&ml->ml_rangehigh,
> &ml->ml_rangelow))
422,423c420,421
< if (mac_lomac->ml_rangelow.mle_type != MAC_LOMAC_TYPE_UNDEF ||
< mac_lomac->ml_rangehigh.mle_type != MAC_LOMAC_TYPE_UNDEF)
---
> if (ml->ml_rangelow.mle_type != MAC_LOMAC_TYPE_UNDEF ||
> ml->ml_rangehigh.mle_type != MAC_LOMAC_TYPE_UNDEF)
431,432c429,430
< mac_lomac_set_range(struct mac_lomac *mac_lomac, u_short typelow,
< u_short gradelow, u_short typehigh, u_short gradehigh)
---
> lomac_set_range(struct mac_lomac *ml, u_short typelow, u_short gradelow,
> u_short typehigh, u_short gradehigh)
435,439c433,437
< mac_lomac->ml_rangelow.mle_type = typelow;
< mac_lomac->ml_rangelow.mle_grade = gradelow;
< mac_lomac->ml_rangehigh.mle_type = typehigh;
< mac_lomac->ml_rangehigh.mle_grade = gradehigh;
< mac_lomac->ml_flags |= MAC_LOMAC_FLAG_RANGE;
---
> ml->ml_rangelow.mle_type = typelow;
> ml->ml_rangelow.mle_grade = gradelow;
> ml->ml_rangehigh.mle_type = typehigh;
> ml->ml_rangehigh.mle_grade = gradehigh;
> ml->ml_flags |= MAC_LOMAC_FLAG_RANGE;
443c441
< mac_lomac_set_single(struct mac_lomac *mac_lomac, u_short type, u_short grade)
---
> lomac_set_single(struct mac_lomac *ml, u_short type, u_short grade)
446,448c444,446
< mac_lomac->ml_single.mle_type = type;
< mac_lomac->ml_single.mle_grade = grade;
< mac_lomac->ml_flags |= MAC_LOMAC_FLAG_SINGLE;
---
> ml->ml_single.mle_type = type;
> ml->ml_single.mle_grade = grade;
> ml->ml_flags |= MAC_LOMAC_FLAG_SINGLE;
452c450
< mac_lomac_copy_range(struct mac_lomac *labelfrom, struct mac_lomac *labelto)
---
> lomac_copy_range(struct mac_lomac *labelfrom, struct mac_lomac *labelto)
456c454
< ("mac_lomac_copy_range: labelfrom not range"));
---
> ("lomac_copy_range: labelfrom not range"));
464c462
< mac_lomac_copy_single(struct mac_lomac *labelfrom, struct mac_lomac *labelto)
---
> lomac_copy_single(struct mac_lomac *labelfrom, struct mac_lomac *labelto)
468c466
< ("mac_lomac_copy_single: labelfrom not single"));
---
> ("lomac_copy_single: labelfrom not single"));
475c473
< mac_lomac_copy_auxsingle(struct mac_lomac *labelfrom, struct mac_lomac *labelto)
---
> lomac_copy_auxsingle(struct mac_lomac *labelfrom, struct mac_lomac *labelto)
479c477
< ("mac_lomac_copy_auxsingle: labelfrom not auxsingle"));
---
> ("lomac_copy_auxsingle: labelfrom not auxsingle"));
486c484
< mac_lomac_copy(struct mac_lomac *source, struct mac_lomac *dest)
---
> lomac_copy(struct mac_lomac *source, struct mac_lomac *dest)
490c488
< mac_lomac_copy_single(source, dest);
---
> lomac_copy_single(source, dest);
492c490
< mac_lomac_copy_auxsingle(source, dest);
---
> lomac_copy_auxsingle(source, dest);
494c492
< mac_lomac_copy_range(source, dest);
---
> lomac_copy_range(source, dest);
497,498c495
< static int mac_lomac_to_string(struct sbuf *sb,
< struct mac_lomac *mac_lomac);
---
> static int lomac_to_string(struct sbuf *sb, struct mac_lomac *ml);
518,520c515,517
< * Check to see if the pending demotion would be more or
< * less severe than this one, and keep the more severe.
< * This can only happen for a multi-threaded application.
---
> * Check to see if the pending demotion would be more or less
> * severe than this one, and keep the more severe. This can
> * only happen for a multi-threaded application.
522c519
< if (mac_lomac_dominate_single(objlabel, &subj->mac_lomac)) {
---
> if (lomac_dominate_single(objlabel, &subj->mac_lomac)) {
531c528
< mac_lomac_copy_single(objlabel, &subj->mac_lomac);
---
> lomac_copy_single(objlabel, &subj->mac_lomac);
533,535c530,532
< * Start with the original range, then minimize each side of
< * the range to the point of not dominating the object. The
< * high side will always be demoted, of course.
---
> * Start with the original range, then minimize each side of the
> * range to the point of not dominating the object. The high side
> * will always be demoted, of course.
537,538c534,535
< mac_lomac_copy_range(subjlabel, &subj->mac_lomac);
< if (!mac_lomac_dominate_element(&objlabel->ml_single,
---
> lomac_copy_range(subjlabel, &subj->mac_lomac);
> if (!lomac_dominate_element(&objlabel->ml_single,
548,549c545
< * Avoid memory allocation while holding a mutex; cache the
< * label.
---
> * Avoid memory allocation while holding a mutex; cache the label.
551c547
< mac_lomac_copy_single(&subj->mac_lomac, &cached_subjlabel);
---
> lomac_copy_single(&subj->mac_lomac, &cached_subjlabel);
555c551
< mac_lomac_to_string(&subjlabel_sb, subjlabel);
---
> lomac_to_string(&subjlabel_sb, subjlabel);
560c556
< mac_lomac_to_string(&subjtext_sb, &subj->mac_lomac);
---
> lomac_to_string(&subjtext_sb, &subj->mac_lomac);
565c561
< mac_lomac_to_string(&objlabel_sb, objlabel);
---
> lomac_to_string(&objlabel_sb, objlabel);
593,595c589,591
< * Relabel "to" to "from" only if "from" is a valid label (contains
< * at least a single), as for a relabel operation which may or may
< * not involve a relevant label.
---
> * Relabel "to" to "from" only if "from" is a valid label (contains at least
> * a single), as for a relabel operation which may or may not involve a
> * relevant label.
603c599
< mac_lomac_copy(from, to);
---
> lomac_copy(from, to);
611c607
< mac_lomac_init(struct mac_policy_conf *conf)
---
> lomac_init(struct mac_policy_conf *conf)
620c616
< mac_lomac_init_label(struct label *label)
---
> lomac_init_label(struct label *label)
627c623
< mac_lomac_init_label_waitcheck(struct label *label, int flag)
---
> lomac_init_label_waitcheck(struct label *label, int flag)
638c634
< mac_lomac_proc_init_label(struct label *label)
---
> lomac_proc_init_label(struct label *label)
641c637
< PSLOT_SET(label, malloc(sizeof(struct mac_lomac_proc), M_MACLOMAC,
---
> PSLOT_SET(label, malloc(sizeof(struct mac_lomac_proc), M_LOMAC,
647c643
< mac_lomac_destroy_label(struct label *label)
---
> lomac_destroy_label(struct label *label)
655c651
< mac_lomac_proc_destroy_label(struct label *label)
---
> lomac_proc_destroy_label(struct label *label)
659c655
< FREE(PSLOT(label), M_MACLOMAC);
---
> FREE(PSLOT(label), M_LOMAC);
664c660
< mac_lomac_element_to_string(struct sbuf *sb, struct mac_lomac_element *element)
---
> lomac_element_to_string(struct sbuf *sb, struct mac_lomac_element *element)
681c677
< panic("mac_lomac_element_to_string: invalid type (%d)",
---
> panic("lomac_element_to_string: invalid type (%d)",
687c683
< mac_lomac_to_string(struct sbuf *sb, struct mac_lomac *mac_lomac)
---
> lomac_to_string(struct sbuf *sb, struct mac_lomac *ml)
690,692c686,687
< if (mac_lomac->ml_flags & MAC_LOMAC_FLAG_SINGLE) {
< if (mac_lomac_element_to_string(sb, &mac_lomac->ml_single)
< == -1)
---
> if (ml->ml_flags & MAC_LOMAC_FLAG_SINGLE) {
> if (lomac_element_to_string(sb, &ml->ml_single) == -1)
696c691
< if (mac_lomac->ml_flags & MAC_LOMAC_FLAG_AUX) {
---
> if (ml->ml_flags & MAC_LOMAC_FLAG_AUX) {
700,701c695
< if (mac_lomac_element_to_string(sb, &mac_lomac->ml_auxsingle)
< == -1)
---
> if (lomac_element_to_string(sb, &ml->ml_auxsingle) == -1)
708c702
< if (mac_lomac->ml_flags & MAC_LOMAC_FLAG_RANGE) {
---
> if (ml->ml_flags & MAC_LOMAC_FLAG_RANGE) {
712,713c706
< if (mac_lomac_element_to_string(sb, &mac_lomac->ml_rangelow)
< == -1)
---
> if (lomac_element_to_string(sb, &ml->ml_rangelow) == -1)
719,720c712
< if (mac_lomac_element_to_string(sb, &mac_lomac->ml_rangehigh)
< == -1)
---
> if (lomac_element_to_string(sb, &ml->ml_rangehigh) == -1)
731c723
< mac_lomac_externalize_label(struct label *label, char *element_name,
---
> lomac_externalize_label(struct label *label, char *element_name,
734c726
< struct mac_lomac *mac_lomac;
---
> struct mac_lomac *ml;
741c733
< mac_lomac = SLOT(label);
---
> ml = SLOT(label);
743c735
< return (mac_lomac_to_string(sb, mac_lomac));
---
> return (lomac_to_string(sb, ml));
747c739
< mac_lomac_parse_element(struct mac_lomac_element *element, char *string)
---
> lomac_parse_element(struct mac_lomac_element *element, char *string)
750,751c742
< if (strcmp(string, "high") == 0 ||
< strcmp(string, "hi") == 0) {
---
> if (strcmp(string, "high") == 0 || strcmp(string, "hi") == 0) {
754,755c745
< } else if (strcmp(string, "low") == 0 ||
< strcmp(string, "lo") == 0) {
---
> } else if (strcmp(string, "low") == 0 || strcmp(string, "lo") == 0) {
758,759c748,749
< } else if (strcmp(string, "equal") == 0 ||
< strcmp(string, "eq") == 0) {
---
> } else if (strcmp(string, "equal") == 0 || strcmp(string, "eq") == 0)
> {
782,783c772,773
< * Note: destructively consumes the string, make a local copy before
< * calling if that's a problem.
---
> * Note: destructively consumes the string, make a local copy before calling
> * if that's a problem.
786c776
< mac_lomac_parse(struct mac_lomac *mac_lomac, char *string)
---
> lomac_parse(struct mac_lomac *ml, char *string)
825c815
< ("mac_lomac_internalize_label: range mismatch"));
---
> ("lomac_internalize_label: range mismatch"));
839c829
< bzero(mac_lomac, sizeof(*mac_lomac));
---
> bzero(ml, sizeof(*ml));
841c831
< error = mac_lomac_parse_element(&mac_lomac->ml_single, single);
---
> error = lomac_parse_element(&ml->ml_single, single);
844c834
< mac_lomac->ml_flags |= MAC_LOMAC_FLAG_SINGLE;
---
> ml->ml_flags |= MAC_LOMAC_FLAG_SINGLE;
848c838
< error = mac_lomac_parse_element(&mac_lomac->ml_auxsingle,
---
> error = lomac_parse_element(&ml->ml_auxsingle,
852c842
< mac_lomac->ml_flags |= MAC_LOMAC_FLAG_AUX;
---
> ml->ml_flags |= MAC_LOMAC_FLAG_AUX;
856,857c846
< error = mac_lomac_parse_element(&mac_lomac->ml_rangelow,
< rangelow);
---
> error = lomac_parse_element(&ml->ml_rangelow, rangelow);
860,861c849
< error = mac_lomac_parse_element(&mac_lomac->ml_rangehigh,
< rangehigh);
---
> error = lomac_parse_element(&ml->ml_rangehigh, rangehigh);
864c852
< mac_lomac->ml_flags |= MAC_LOMAC_FLAG_RANGE;
---
> ml->ml_flags |= MAC_LOMAC_FLAG_RANGE;
867c855
< error = mac_lomac_valid(mac_lomac);
---
> error = lomac_valid(ml);
875c863
< mac_lomac_internalize_label(struct label *label, char *element_name,
---
> lomac_internalize_label(struct label *label, char *element_name,
878c866
< struct mac_lomac *mac_lomac, mac_lomac_temp;
---
> struct mac_lomac *ml, ml_temp;
886c874
< error = mac_lomac_parse(&mac_lomac_temp, element_data);
---
> error = lomac_parse(&ml_temp, element_data);
890,891c878,879
< mac_lomac = SLOT(label);
< *mac_lomac = mac_lomac_temp;
---
> ml = SLOT(label);
> *ml = ml_temp;
897c885
< mac_lomac_copy_label(struct label *src, struct label *dest)
---
> lomac_copy_label(struct label *src, struct label *dest)
904,905c892,893
< * Labeling event operations: file system objects, and things that look
< * a lot like file system objects.
---
> * Labeling event operations: file system objects, and things that look a lot
> * like file system objects.
908c896
< mac_lomac_devfs_create_device(struct ucred *cred, struct mount *mp,
---
> lomac_devfs_create_device(struct ucred *cred, struct mount *mp,
911c899
< struct mac_lomac *mac_lomac;
---
> struct mac_lomac *ml;
914c902
< mac_lomac = SLOT(delabel);
---
> ml = SLOT(delabel);
927c915
< mac_lomac_set_single(mac_lomac, lomac_type, 0);
---
> lomac_set_single(ml, lomac_type, 0);
931,932c919,920
< mac_lomac_devfs_create_directory(struct mount *mp, char *dirname,
< int dirnamelen, struct devfs_dirent *de, struct label *delabel)
---
> lomac_devfs_create_directory(struct mount *mp, char *dirname, int dirnamelen,
> struct devfs_dirent *de, struct label *delabel)
934c922
< struct mac_lomac *mac_lomac;
---
> struct mac_lomac *ml;
936,937c924,925
< mac_lomac = SLOT(delabel);
< mac_lomac_set_single(mac_lomac, MAC_LOMAC_TYPE_HIGH, 0);
---
> ml = SLOT(delabel);
> lomac_set_single(ml, MAC_LOMAC_TYPE_HIGH, 0);
941c929
< mac_lomac_devfs_create_symlink(struct ucred *cred, struct mount *mp,
---
> lomac_devfs_create_symlink(struct ucred *cred, struct mount *mp,
950c938
< mac_lomac_copy_single(source, dest);
---
> lomac_copy_single(source, dest);
954c942
< mac_lomac_mount_create(struct ucred *cred, struct mount *mp,
---
> lomac_mount_create(struct ucred *cred, struct mount *mp,
961c949
< mac_lomac_copy_single(source, dest);
---
> lomac_copy_single(source, dest);
965c953
< mac_lomac_vnode_relabel(struct ucred *cred, struct vnode *vp,
---
> lomac_vnode_relabel(struct ucred *cred, struct vnode *vp,
977c965
< mac_lomac_devfs_update(struct mount *mp, struct devfs_dirent *de,
---
> lomac_devfs_update(struct mount *mp, struct devfs_dirent *de,
985c973
< mac_lomac_copy(source, dest);
---
> lomac_copy(source, dest);
989c977
< mac_lomac_devfs_vnode_associate(struct mount *mp, struct label *mplabel,
---
> lomac_devfs_vnode_associate(struct mount *mp, struct label *mplabel,
998c986
< mac_lomac_copy_single(source, dest);
---
> lomac_copy_single(source, dest);
1002c990
< mac_lomac_vnode_associate_extattr(struct mount *mp, struct label *mplabel,
---
> lomac_vnode_associate_extattr(struct mount *mp, struct label *mplabel,
1005c993
< struct mac_lomac temp, *source, *dest;
---
> struct mac_lomac ml_temp, *source, *dest;
1011,1012c999,1000
< buflen = sizeof(temp);
< bzero(&temp, buflen);
---
> buflen = sizeof(ml_temp);
> bzero(&ml_temp, buflen);
1015c1003
< MAC_LOMAC_EXTATTR_NAME, &buflen, (char *)&temp, curthread);
---
> MAC_LOMAC_EXTATTR_NAME, &buflen, (char *)&ml_temp, curthread);
1018c1006
< mac_lomac_copy_single(source, dest);
---
> lomac_copy_single(source, dest);
1023,1025c1011,1013
< if (buflen != sizeof(temp)) {
< if (buflen != sizeof(temp) - sizeof(temp.ml_auxsingle)) {
< printf("mac_lomac_vnode_associate_extattr: bad size %d\n",
---
> if (buflen != sizeof(ml_temp)) {
> if (buflen != sizeof(ml_temp) - sizeof(ml_temp.ml_auxsingle)) {
> printf("lomac_vnode_associate_extattr: bad size %d\n",
1029,1030c1017,1018
< bzero(&temp.ml_auxsingle, sizeof(temp.ml_auxsingle));
< buflen = sizeof(temp);
---
> bzero(&ml_temp.ml_auxsingle, sizeof(ml_temp.ml_auxsingle));
> buflen = sizeof(ml_temp);
1033c1021
< buflen, (char *)&temp, curthread);
---
> buflen, (char *)&ml_temp, curthread);
1035,1036c1023,1024
< if (mac_lomac_valid(&temp) != 0) {
< printf("mac_lomac_vnode_associate_extattr: invalid\n");
---
> if (lomac_valid(&ml_temp) != 0) {
> printf("lomac_vnode_associate_extattr: invalid\n");
1039,1040c1027,1029
< if ((temp.ml_flags & MAC_LOMAC_FLAGS_BOTH) != MAC_LOMAC_FLAG_SINGLE) {
< printf("mac_lomac_vnode_associate_extattr: not single\n");
---
> if ((ml_temp.ml_flags & MAC_LOMAC_FLAGS_BOTH) !=
> MAC_LOMAC_FLAG_SINGLE) {
> printf("lomac_vnode_associate_extattr: not single\n");
1044c1033
< mac_lomac_copy_single(&temp, dest);
---
> lomac_copy_single(&ml_temp, dest);
1049,1050c1038,1039
< mac_lomac_vnode_associate_singlelabel(struct mount *mp,
< struct label *mplabel, struct vnode *vp, struct label *vplabel)
---
> lomac_vnode_associate_singlelabel(struct mount *mp, struct label *mplabel,
> struct vnode *vp, struct label *vplabel)
1057c1046
< mac_lomac_copy_single(source, dest);
---
> lomac_copy_single(source, dest);
1061c1050
< mac_lomac_vnode_create_extattr(struct ucred *cred, struct mount *mp,
---
> lomac_vnode_create_extattr(struct ucred *cred, struct mount *mp,
1076,1077c1065,1066
< mac_lomac_copy_auxsingle(dir, &temp);
< mac_lomac_set_single(&temp, dir->ml_auxsingle.mle_type,
---
> lomac_copy_auxsingle(dir, &temp);
> lomac_set_single(&temp, dir->ml_auxsingle.mle_type,
1080c1069
< mac_lomac_copy_single(source, &temp);
---
> lomac_copy_single(source, &temp);
1086c1075
< mac_lomac_copy(&temp, dest);
---
> lomac_copy(&temp, dest);
1091c1080
< mac_lomac_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp,
---
> lomac_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp,
1105c1094
< mac_lomac_copy_single(source, &temp);
---
> lomac_copy_single(source, &temp);
1115c1104
< mac_lomac_inpcb_create(struct socket *so, struct label *solabel,
---
> lomac_inpcb_create(struct socket *so, struct label *solabel,
1123c1112
< mac_lomac_copy_single(source, dest);
---
> lomac_copy_single(source, dest);
1127c1116
< mac_lomac_socket_create_mbuf(struct socket *so, struct label *solabel,
---
> lomac_socket_create_mbuf(struct socket *so, struct label *solabel,
1135c1124
< mac_lomac_copy_single(source, dest);
---
> lomac_copy_single(source, dest);
1139c1128
< mac_lomac_socket_create(struct ucred *cred, struct socket *so,
---
> lomac_socket_create(struct ucred *cred, struct socket *so,
1147c1136
< mac_lomac_copy_single(source, dest);
---
> lomac_copy_single(source, dest);
1151c1140
< mac_lomac_pipe_create(struct ucred *cred, struct pipepair *pp,
---
> lomac_pipe_create(struct ucred *cred, struct pipepair *pp,
1159c1148
< mac_lomac_copy_single(source, dest);
---
> lomac_copy_single(source, dest);
1163c1152
< mac_lomac_socket_newconn(struct socket *oldso, struct label *oldsolabel,
---
> lomac_socket_newconn(struct socket *oldso, struct label *oldsolabel,
1171c1160
< mac_lomac_copy_single(source, dest);
---
> lomac_copy_single(source, dest);
1175c1164
< mac_lomac_socket_relabel(struct ucred *cred, struct socket *so,
---
> lomac_socket_relabel(struct ucred *cred, struct socket *so,
1187c1176
< mac_lomac_pipe_relabel(struct ucred *cred, struct pipepair *pp,
---
> lomac_pipe_relabel(struct ucred *cred, struct pipepair *pp,
1199c1188
< mac_lomac_socketpeer_set_from_mbuf(struct mbuf *m, struct label *mlabel,
---
> lomac_socketpeer_set_from_mbuf(struct mbuf *m, struct label *mlabel,
1207c1196
< mac_lomac_copy_single(source, dest);
---
> lomac_copy_single(source, dest);
1214c1203
< mac_lomac_socketpeer_set_from_socket(struct socket *oldso,
---
> lomac_socketpeer_set_from_socket(struct socket *oldso,
1223c1212
< mac_lomac_copy_single(source, dest);
---
> lomac_copy_single(source, dest);
1227c1216
< mac_lomac_bpfdesc_create(struct ucred *cred, struct bpf_d *d,
---
> lomac_bpfdesc_create(struct ucred *cred, struct bpf_d *d,
1235c1224
< mac_lomac_copy_single(source, dest);
---
> lomac_copy_single(source, dest);
1239c1228
< mac_lomac_ifnet_create(struct ifnet *ifp, struct label *ifplabel)
---
> lomac_ifnet_create(struct ifnet *ifp, struct label *ifplabel)
1292,1293c1281,1282
< mac_lomac_set_single(dest, grade, 0);
< mac_lomac_set_range(dest, grade, 0, grade, 0);
---
> lomac_set_single(dest, grade, 0);
> lomac_set_range(dest, grade, 0, grade, 0);
1297c1286
< mac_lomac_ipq_create(struct mbuf *m, struct label *mlabel, struct ipq *ipq,
---
> lomac_ipq_create(struct mbuf *m, struct label *mlabel, struct ipq *ipq,
1305c1294
< mac_lomac_copy_single(source, dest);
---
> lomac_copy_single(source, dest);
1309c1298
< mac_lomac_ipq_reassemble(struct ipq *ipq, struct label *ipqlabel,
---
> lomac_ipq_reassemble(struct ipq *ipq, struct label *ipqlabel,
1318c1307
< mac_lomac_copy_single(source, dest);
---
> lomac_copy_single(source, dest);
1322c1311
< mac_lomac_netinet_fragment(struct mbuf *m, struct label *mlabel,
---
> lomac_netinet_fragment(struct mbuf *m, struct label *mlabel,
1330c1319
< mac_lomac_copy_single(source, dest);
---
> lomac_copy_single(source, dest);
1334c1323
< mac_lomac_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel,
---
> lomac_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel,
1342c1331
< mac_lomac_copy_single(source, dest);
---
> lomac_copy_single(source, dest);
1346c1335
< mac_lomac_create_mbuf_linklayer(struct ifnet *ifp, struct label *ifplabel,
---
> lomac_create_mbuf_linklayer(struct ifnet *ifp, struct label *ifplabel,
1353c1342
< mac_lomac_set_single(dest, MAC_LOMAC_TYPE_EQUAL, 0);
---
> lomac_set_single(dest, MAC_LOMAC_TYPE_EQUAL, 0);
1357c1346
< mac_lomac_bpfdesc_create_mbuf(struct bpf_d *d, struct label *dlabel,
---
> lomac_bpfdesc_create_mbuf(struct bpf_d *d, struct label *dlabel,
1365c1354
< mac_lomac_copy_single(source, dest);
---
> lomac_copy_single(source, dest);
1369c1358
< mac_lomac_ifnet_create_mbuf(struct ifnet *ifp, struct label *ifplabel,
---
> lomac_ifnet_create_mbuf(struct ifnet *ifp, struct label *ifplabel,
1377c1366
< mac_lomac_copy_single(source, dest);
---
> lomac_copy_single(source, dest);
1381c1370
< mac_lomac_mbuf_create_multicast_encap(struct mbuf *m, struct label *mlabel,
---
> lomac_mbuf_create_multicast_encap(struct mbuf *m, struct label *mlabel,
1390c1379
< mac_lomac_copy_single(source, dest);
---
> lomac_copy_single(source, dest);
1394c1383
< mac_lomac_mbuf_create_netlayer(struct mbuf *m, struct label *mlabel,
---
> lomac_mbuf_create_netlayer(struct mbuf *m, struct label *mlabel,
1402c1391
< mac_lomac_copy_single(source, dest);
---
> lomac_copy_single(source, dest);
1406c1395
< mac_lomac_ipq_match(struct mbuf *m, struct label *mlabel, struct ipq *ipq,
---
> lomac_ipq_match(struct mbuf *m, struct label *mlabel, struct ipq *ipq,
1414c1403
< return (mac_lomac_equal_single(a, b));
---
> return (lomac_equal_single(a, b));
1418c1407
< mac_lomac_ifnet_relabel(struct ucred *cred, struct ifnet *ifp,
---
> lomac_ifnet_relabel(struct ucred *cred, struct ifnet *ifp,
1430c1419
< mac_lomac_ipq_update(struct mbuf *m, struct label *mlabel, struct ipq *ipq,
---
> lomac_ipq_update(struct mbuf *m, struct label *mlabel, struct ipq *ipq,
1438c1427
< mac_lomac_inpcb_sosetlabel(struct socket *so, struct label *solabel,
---
> lomac_inpcb_sosetlabel(struct socket *so, struct label *solabel,
1446c1435
< mac_lomac_copy_single(source, dest);
---
> lomac_copy_single(source, dest);
1450c1439
< mac_lomac_init_syncache_from_inpcb(struct label *label, struct inpcb *inp)
---
> lomac_init_syncache_from_inpcb(struct label *label, struct inpcb *inp)
1456c1445
< mac_lomac_copy(source, dest);
---
> lomac_copy(source, dest);
1460c1449
< mac_lomac_create_mbuf_from_syncache(struct label *sc_label, struct mbuf *m,
---
> lomac_create_mbuf_from_syncache(struct label *sc_label, struct mbuf *m,
1467c1456
< mac_lomac_copy(source, dest);
---
> lomac_copy(source, dest);
1471c1460
< mac_lomac_mbuf_create_from_firewall(struct mbuf *m, struct label *mlabel)
---
> lomac_mbuf_create_from_firewall(struct mbuf *m, struct label *mlabel)
1478c1467
< mac_lomac_set_single(dest, MAC_LOMAC_TYPE_EQUAL, 0);
---
> lomac_set_single(dest, MAC_LOMAC_TYPE_EQUAL, 0);
1485c1474
< mac_lomac_vnode_execve_transition(struct ucred *old, struct ucred *new,
---
> lomac_vnode_execve_transition(struct ucred *old, struct ucred *new,
1496c1485
< mac_lomac_copy(source, dest);
---
> lomac_copy(source, dest);
1498,1500c1487,1489
< * If there's an auxiliary label on the real object, respect it
< * and assume that this level should be assumed immediately if
< * a higher level is currently in place.
---
> * If there's an auxiliary label on the real object, respect it and
> * assume that this level should be assumed immediately if a higher
> * level is currently in place.
1503,1505c1492,1494
< !mac_lomac_dominate_element(&robj->ml_auxsingle, &dest->ml_single)
< && mac_lomac_auxsingle_in_range(robj, dest))
< mac_lomac_set_single(dest, robj->ml_auxsingle.mle_type,
---
> !lomac_dominate_element(&robj->ml_auxsingle, &dest->ml_single)
> && lomac_auxsingle_in_range(robj, dest))
> lomac_set_single(dest, robj->ml_auxsingle.mle_type,
1508,1513c1497,1501
< * Restructuring to use the execve transitioning mechanism
< * instead of the normal demotion mechanism here would be
< * difficult, so just copy the label over and perform standard
< * demotion. This is also non-optimal because it will result
< * in the intermediate label "new" being created and immediately
< * recycled.
---
> * Restructuring to use the execve transitioning mechanism instead of
> * the normal demotion mechanism here would be difficult, so just
> * copy the label over and perform standard demotion. This is also
> * non-optimal because it will result in the intermediate label "new"
> * being created and immediately recycled.
1515,1516c1503,1504
< if (mac_lomac_enabled && revocation_enabled &&
< !mac_lomac_dominate_single(obj, source))
---
> if (lomac_enabled && revocation_enabled &&
> !lomac_dominate_single(obj, source))
1521c1509
< mac_lomac_vnode_execve_will_transition(struct ucred *old, struct vnode *vp,
---
> lomac_vnode_execve_will_transition(struct ucred *old, struct vnode *vp,
1527c1515
< if (!mac_lomac_enabled || !revocation_enabled)
---
> if (!lomac_enabled || !revocation_enabled)
1535,1537c1523,1525
< !mac_lomac_dominate_element(&robj->ml_auxsingle, &subj->ml_single)
< && mac_lomac_auxsingle_in_range(robj, subj)) ||
< !mac_lomac_dominate_single(obj, subj));
---
> !lomac_dominate_element(&robj->ml_auxsingle, &subj->ml_single)
> && lomac_auxsingle_in_range(robj, subj)) ||
> !lomac_dominate_single(obj, subj));
1541c1529
< mac_lomac_proc_create_swapper(struct ucred *cred)
---
> lomac_proc_create_swapper(struct ucred *cred)
1547,1549c1535,1536
< mac_lomac_set_single(dest, MAC_LOMAC_TYPE_EQUAL, 0);
< mac_lomac_set_range(dest, MAC_LOMAC_TYPE_LOW, 0, MAC_LOMAC_TYPE_HIGH,
< 0);
---
> lomac_set_single(dest, MAC_LOMAC_TYPE_EQUAL, 0);
> lomac_set_range(dest, MAC_LOMAC_TYPE_LOW, 0, MAC_LOMAC_TYPE_HIGH, 0);
1553c1540
< mac_lomac_proc_create_init(struct ucred *cred)
---
> lomac_proc_create_init(struct ucred *cred)
1559,1561c1546,1547
< mac_lomac_set_single(dest, MAC_LOMAC_TYPE_HIGH, 0);
< mac_lomac_set_range(dest, MAC_LOMAC_TYPE_LOW, 0, MAC_LOMAC_TYPE_HIGH,
< 0);
---
> lomac_set_single(dest, MAC_LOMAC_TYPE_HIGH, 0);
> lomac_set_range(dest, MAC_LOMAC_TYPE_LOW, 0, MAC_LOMAC_TYPE_HIGH, 0);
1565c1551
< mac_lomac_cred_relabel(struct ucred *cred, struct label *newlabel)
---
> lomac_cred_relabel(struct ucred *cred, struct label *newlabel)
1579c1565
< mac_lomac_bpfdesc_check_receive(struct bpf_d *d, struct label *dlabel,
---
> lomac_bpfdesc_check_receive(struct bpf_d *d, struct label *dlabel,
1584c1570
< if (!mac_lomac_enabled)
---
> if (!lomac_enabled)
1590c1576
< if (mac_lomac_equal_single(a, b))
---
> if (lomac_equal_single(a, b))
1596c1582
< mac_lomac_cred_check_relabel(struct ucred *cred, struct label *newlabel)
---
> lomac_cred_check_relabel(struct ucred *cred, struct label *newlabel)
1605,1606c1591,1592
< * If there is a LOMAC label update for the credential, it may
< * be an update of the single, range, or both.
---
> * If there is a LOMAC label update for the credential, it may be an
> * update of the single, range, or both.
1620c1606
< mac_lomac_copy_single(subj, new);
---
> lomac_copy_single(subj, new);
1622c1608
< mac_lomac_copy_range(subj, new);
---
> lomac_copy_range(subj, new);
1625,1626c1611,1612
< * To change the LOMAC range on a credential, the new
< * range label must be in the current range.
---
> * To change the LOMAC range on a credential, the new range
> * label must be in the current range.
1628c1614
< if (!mac_lomac_range_in_range(new, subj))
---
> if (!lomac_range_in_range(new, subj))
1632,1635c1618,1620
< * To change the LOMAC single label on a credential, the
< * new single label must be in the new range. Implicitly
< * from the previous check, the new single is in the old
< * range.
---
> * To change the LOMAC single label on a credential, the new
> * single label must be in the new range. Implicitly from
> * the previous check, the new single is in the old range.
1637c1622
< if (!mac_lomac_single_in_range(new, new))
---
> if (!lomac_single_in_range(new, new))
1641,1643c1626,1627
< * To have EQUAL in any component of the new credential
< * LOMAC label, the subject must already have EQUAL in
< * their label.
---
> * To have EQUAL in any component of the new credential LOMAC
> * label, the subject must already have EQUAL in their label.
1645,1646c1629,1630
< if (mac_lomac_contains_equal(new)) {
< error = mac_lomac_subject_privileged(subj);
---
> if (lomac_contains_equal(new)) {
> error = lomac_subject_privileged(subj);
1652,1654c1636,1637
< * XXXMAC: Additional consistency tests regarding the
< * single and range of the new label might be performed
< * here.
---
> * XXXMAC: Additional consistency tests regarding the single
> * and range of the new label might be performed here.
1662c1645
< mac_lomac_cred_check_visible(struct ucred *cr1, struct ucred *cr2)
---
> lomac_cred_check_visible(struct ucred *cr1, struct ucred *cr2)
1666c1649
< if (!mac_lomac_enabled)
---
> if (!lomac_enabled)
1673c1656
< if (!mac_lomac_dominate_single(obj, subj))
---
> if (!lomac_dominate_single(obj, subj))
1680c1663
< mac_lomac_ifnet_check_relabel(struct ucred *cred, struct ifnet *ifp,
---
> lomac_ifnet_check_relabel(struct ucred *cred, struct ifnet *ifp,
1690,1691c1673,1674
< * If there is a LOMAC label update for the interface, it may
< * be an update of the single, range, or both.
---
> * If there is a LOMAC label update for the interface, it may be an
> * update of the single, range, or both.
1700c1683
< error = mac_lomac_subject_privileged(subj);
---
> error = lomac_subject_privileged(subj);
1712c1695
< mac_lomac_copy_single(subj, new);
---
> lomac_copy_single(subj, new);
1714c1697
< mac_lomac_copy_range(subj, new);
---
> lomac_copy_range(subj, new);
1737c1720
< mac_lomac_ifnet_check_transmit(struct ifnet *ifp, struct label *ifplabel,
---
> lomac_ifnet_check_transmit(struct ifnet *ifp, struct label *ifplabel,
1742c1725
< if (!mac_lomac_enabled)
---
> if (!lomac_enabled)
1748c1731
< return (mac_lomac_single_in_range(p, i) ? 0 : EACCES);
---
> return (lomac_single_in_range(p, i) ? 0 : EACCES);
1752c1735
< mac_lomac_inpcb_check_deliver(struct inpcb *inp, struct label *inplabel,
---
> lomac_inpcb_check_deliver(struct inpcb *inp, struct label *inplabel,
1757c1740
< if (!mac_lomac_enabled)
---
> if (!lomac_enabled)
1763c1746
< return (mac_lomac_equal_single(p, i) ? 0 : EACCES);
---
> return (lomac_equal_single(p, i) ? 0 : EACCES);
1767c1750
< mac_lomac_kld_check_load(struct ucred *cred, struct vnode *vp,
---
> lomac_kld_check_load(struct ucred *cred, struct vnode *vp,
1772c1755
< if (!mac_lomac_enabled)
---
> if (!lomac_enabled)
1778c1761
< if (mac_lomac_subject_privileged(subj))
---
> if (lomac_subject_privileged(subj))
1781c1764
< if (!mac_lomac_high_single(obj))
---
> if (!lomac_high_single(obj))
1788c1771
< mac_lomac_pipe_check_ioctl(struct ucred *cred, struct pipepair *pp,
---
> lomac_pipe_check_ioctl(struct ucred *cred, struct pipepair *pp,
1792c1775
< if (!mac_lomac_enabled)
---
> if (!lomac_enabled)
1801c1784
< mac_lomac_pipe_check_read(struct ucred *cred, struct pipepair *pp,
---
> lomac_pipe_check_read(struct ucred *cred, struct pipepair *pp,
1806c1789
< if (!mac_lomac_enabled)
---
> if (!lomac_enabled)
1812c1795
< if (!mac_lomac_dominate_single(obj, subj))
---
> if (!lomac_dominate_single(obj, subj))
1819c1802
< mac_lomac_pipe_check_relabel(struct ucred *cred, struct pipepair *pp,
---
> lomac_pipe_check_relabel(struct ucred *cred, struct pipepair *pp,
1830,1831c1813,1814
< * If there is a LOMAC label update for a pipe, it must be a
< * single update.
---
> * If there is a LOMAC label update for a pipe, it must be a single
> * update.
1841c1824
< if (!mac_lomac_single_in_range(obj, subj))
---
> if (!lomac_single_in_range(obj, subj))
1852c1835
< if (!mac_lomac_single_in_range(new, subj))
---
> if (!lomac_single_in_range(new, subj))
1859,1860c1842,1843
< if (mac_lomac_contains_equal(new)) {
< error = mac_lomac_subject_privileged(subj);
---
> if (lomac_contains_equal(new)) {
> error = lomac_subject_privileged(subj);
1870c1853
< mac_lomac_pipe_check_write(struct ucred *cred, struct pipepair *pp,
---
> lomac_pipe_check_write(struct ucred *cred, struct pipepair *pp,
1875c1858
< if (!mac_lomac_enabled)
---
> if (!lomac_enabled)
1881c1864
< if (!mac_lomac_subject_dominate(subj, obj))
---
> if (!lomac_subject_dominate(subj, obj))
1888c1871
< mac_lomac_proc_check_debug(struct ucred *cred, struct proc *p)
---
> lomac_proc_check_debug(struct ucred *cred, struct proc *p)
1892c1875
< if (!mac_lomac_enabled)
---
> if (!lomac_enabled)
1899c1882
< if (!mac_lomac_dominate_single(obj, subj))
---
> if (!lomac_dominate_single(obj, subj))
1901c1884
< if (!mac_lomac_subject_dominate(subj, obj))
---
> if (!lomac_subject_dominate(subj, obj))
1908c1891
< mac_lomac_proc_check_sched(struct ucred *cred, struct proc *p)
---
> lomac_proc_check_sched(struct ucred *cred, struct proc *p)
1912c1895
< if (!mac_lomac_enabled)
---
> if (!lomac_enabled)
1919c1902
< if (!mac_lomac_dominate_single(obj, subj))
---
> if (!lomac_dominate_single(obj, subj))
1921c1904
< if (!mac_lomac_subject_dominate(subj, obj))
---
> if (!lomac_subject_dominate(subj, obj))
1928c1911
< mac_lomac_proc_check_signal(struct ucred *cred, struct proc *p, int signum)
---
> lomac_proc_check_signal(struct ucred *cred, struct proc *p, int signum)
1932c1915
< if (!mac_lomac_enabled)
---
> if (!lomac_enabled)
1939c1922
< if (!mac_lomac_dominate_single(obj, subj))
---
> if (!lomac_dominate_single(obj, subj))
1941c1924
< if (!mac_lomac_subject_dominate(subj, obj))
---
> if (!lomac_subject_dominate(subj, obj))
1948c1931
< mac_lomac_socket_check_deliver(struct socket *so, struct label *solabel,
---
> lomac_socket_check_deliver(struct socket *so, struct label *solabel,
1953c1936
< if (!mac_lomac_enabled)
---
> if (!lomac_enabled)
1959c1942
< return (mac_lomac_equal_single(p, s) ? 0 : EACCES);
---
> return (lomac_equal_single(p, s) ? 0 : EACCES);
1963c1946
< mac_lomac_socket_check_relabel(struct ucred *cred, struct socket *so,
---
> lomac_socket_check_relabel(struct ucred *cred, struct socket *so,
1974,1975c1957,1958
< * If there is a LOMAC label update for the socket, it may be
< * an update of single.
---
> * If there is a LOMAC label update for the socket, it may be an
> * update of single.
1985c1968
< if (!mac_lomac_single_in_range(obj, subj))
---
> if (!lomac_single_in_range(obj, subj))
1993,1994c1976,1977
< * To relabel a socket, the new socket single must be in
< * the subject range.
---
> * To relabel a socket, the new socket single must be in the
> * subject range.
1996c1979
< if (!mac_lomac_single_in_range(new, subj))
---
> if (!lomac_single_in_range(new, subj))
2003,2004c1986,1987
< if (mac_lomac_contains_equal(new)) {
< error = mac_lomac_subject_privileged(subj);
---
> if (lomac_contains_equal(new)) {
> error = lomac_subject_privileged(subj);
2014c1997
< mac_lomac_socket_check_visible(struct ucred *cred, struct socket *so,
---
> lomac_socket_check_visible(struct ucred *cred, struct socket *so,
2019c2002
< if (!mac_lomac_enabled)
---
> if (!lomac_enabled)
2025c2008
< if (!mac_lomac_dominate_single(obj, subj))
---
> if (!lomac_dominate_single(obj, subj))
2037c2020
< mac_lomac_priv_check(struct ucred *cred, int priv)
---
> lomac_priv_check(struct ucred *cred, int priv)
2042c2025
< if (!mac_lomac_enabled)
---
> if (!lomac_enabled)
2213c2196
< error = mac_lomac_subject_privileged(subj);
---
> error = lomac_subject_privileged(subj);
2222c2205
< mac_lomac_system_check_acct(struct ucred *cred, struct vnode *vp,
---
> lomac_system_check_acct(struct ucred *cred, struct vnode *vp,
2227c2210
< if (!mac_lomac_enabled)
---
> if (!lomac_enabled)
2233c2216
< if (mac_lomac_subject_privileged(subj))
---
> if (lomac_subject_privileged(subj))
2236c2219
< if (!mac_lomac_high_single(obj))
---
> if (!lomac_high_single(obj))
2243c2226
< mac_lomac_system_check_auditctl(struct ucred *cred, struct vnode *vp,
---
> lomac_system_check_auditctl(struct ucred *cred, struct vnode *vp,
2248c2231
< if (!mac_lomac_enabled)
---
> if (!lomac_enabled)
2254c2237
< if (mac_lomac_subject_privileged(subj))
---
> if (lomac_subject_privileged(subj))
2257c2240
< if (!mac_lomac_high_single(obj))
---
> if (!lomac_high_single(obj))
2264c2247
< mac_lomac_system_check_swapoff(struct ucred *cred, struct vnode *vp,
---
> lomac_system_check_swapoff(struct ucred *cred, struct vnode *vp,
2269c2252
< if (!mac_lomac_enabled)
---
> if (!lomac_enabled)
2274c2257
< if (mac_lomac_subject_privileged(subj))
---
> if (lomac_subject_privileged(subj))
2281c2264
< mac_lomac_system_check_swapon(struct ucred *cred, struct vnode *vp,
---
> lomac_system_check_swapon(struct ucred *cred, struct vnode *vp,
2286c2269
< if (!mac_lomac_enabled)
---
> if (!lomac_enabled)
2292c2275
< if (mac_lomac_subject_privileged(subj))
---
> if (lomac_subject_privileged(subj))
2295c2278
< if (!mac_lomac_high_single(obj))
---
> if (!lomac_high_single(obj))
2302c2285
< mac_lomac_system_check_sysctl(struct ucred *cred, struct sysctl_oid *oidp,
---
> lomac_system_check_sysctl(struct ucred *cred, struct sysctl_oid *oidp,
2307c2290
< if (!mac_lomac_enabled)
---
> if (!lomac_enabled)
2313,2314c2296,2297
< * Treat sysctl variables without CTLFLAG_ANYBODY flag as
< * lomac/high, but also require privilege to change them.
---
> * Treat sysctl variables without CTLFLAG_ANYBODY flag as lomac/high,
> * but also require privilege to change them.
2318c2301
< if (!mac_lomac_subject_dominate_high(subj))
---
> if (!lomac_subject_dominate_high(subj))
2322c2305
< if (mac_lomac_subject_privileged(subj))
---
> if (lomac_subject_privileged(subj))
2330c2313
< mac_lomac_vnode_check_create(struct ucred *cred, struct vnode *dvp,
---
> lomac_vnode_check_create(struct ucred *cred, struct vnode *dvp,
2335c2318
< if (!mac_lomac_enabled)
---
> if (!lomac_enabled)
2341c2324
< if (!mac_lomac_subject_dominate(subj, obj))
---
> if (!lomac_subject_dominate(subj, obj))
2344c2327
< !mac_lomac_dominate_element(&subj->ml_single, &obj->ml_auxsingle))
---
> !lomac_dominate_element(&subj->ml_single, &obj->ml_auxsingle))
2351c2334
< mac_lomac_vnode_check_deleteacl(struct ucred *cred, struct vnode *vp,
---
> lomac_vnode_check_deleteacl(struct ucred *cred, struct vnode *vp,
2356c2339
< if (!mac_lomac_enabled)
---
> if (!lomac_enabled)
2362c2345
< if (!mac_lomac_subject_dominate(subj, obj))
---
> if (!lomac_subject_dominate(subj, obj))
2369c2352
< mac_lomac_vnode_check_link(struct ucred *cred, struct vnode *dvp,
---
> lomac_vnode_check_link(struct ucred *cred, struct vnode *dvp,
2375c2358
< if (!mac_lomac_enabled)
---
> if (!lomac_enabled)
2381c2364
< if (!mac_lomac_subject_dominate(subj, obj))
---
> if (!lomac_subject_dominate(subj, obj))
2386c2369
< if (!mac_lomac_subject_dominate(subj, obj))
---
> if (!lomac_subject_dominate(subj, obj))
2393c2376
< mac_lomac_vnode_check_mmap(struct ucred *cred, struct vnode *vp,
---
> lomac_vnode_check_mmap(struct ucred *cred, struct vnode *vp,
2402c2385
< if (!mac_lomac_enabled)
---
> if (!lomac_enabled)
2409c2392
< if (!mac_lomac_subject_dominate(subj, obj))
---
> if (!lomac_subject_dominate(subj, obj))
2413c2396
< if (!mac_lomac_dominate_single(obj, subj))
---
> if (!lomac_dominate_single(obj, subj))
2421c2404
< mac_lomac_vnode_check_mmap_downgrade(struct ucred *cred, struct vnode *vp,
---
> lomac_vnode_check_mmap_downgrade(struct ucred *cred, struct vnode *vp,
2430c2413
< if (!mac_lomac_enabled || !revocation_enabled)
---
> if (!lomac_enabled || !revocation_enabled)
2436c2419
< if (!mac_lomac_subject_dominate(subj, obj))
---
> if (!lomac_subject_dominate(subj, obj))
2441c2424
< mac_lomac_vnode_check_open(struct ucred *cred, struct vnode *vp,
---
> lomac_vnode_check_open(struct ucred *cred, struct vnode *vp,
2446c2429
< if (!mac_lomac_enabled)
---
> if (!lomac_enabled)
2454c2437
< if (!mac_lomac_subject_dominate(subj, obj))
---
> if (!lomac_subject_dominate(subj, obj))
2462c2445
< mac_lomac_vnode_check_read(struct ucred *active_cred, struct ucred *file_cred,
---
> lomac_vnode_check_read(struct ucred *active_cred, struct ucred *file_cred,
2467c2450
< if (!mac_lomac_enabled || !revocation_enabled)
---
> if (!lomac_enabled || !revocation_enabled)
2473c2456
< if (!mac_lomac_dominate_single(obj, subj))
---
> if (!lomac_dominate_single(obj, subj))
2480c2463
< mac_lomac_vnode_check_relabel(struct ucred *cred, struct vnode *vp,
---
> lomac_vnode_check_relabel(struct ucred *cred, struct vnode *vp,
2503c2486
< if (!mac_lomac_single_in_range(old, subj))
---
> if (!lomac_single_in_range(old, subj))
2514c2497
< if (!mac_lomac_single_in_range(new, subj))
---
> if (!lomac_single_in_range(new, subj))
2518,2519c2501,2502
< * To change the LOMAC label on the vnode to be EQUAL,
< * the subject must have appropriate privilege.
---
> * To change the LOMAC label on the vnode to be EQUAL, the
> * subject must have appropriate privilege.
2521,2522c2504,2505
< if (mac_lomac_contains_equal(new)) {
< error = mac_lomac_subject_privileged(subj);
---
> if (lomac_contains_equal(new)) {
> error = lomac_subject_privileged(subj);
2532c2515
< mac_lomac_copy_single(subj, new);
---
> lomac_copy_single(subj, new);
2538c2521
< if (!mac_lomac_auxsingle_in_range(new, subj))
---
> if (!lomac_auxsingle_in_range(new, subj))
2545,2546c2528,2529
< if (mac_lomac_contains_equal(new)) {
< error = mac_lomac_subject_privileged(subj);
---
> if (lomac_contains_equal(new)) {
> error = lomac_subject_privileged(subj);
2556c2539
< mac_lomac_vnode_check_rename_from(struct ucred *cred, struct vnode *dvp,
---
> lomac_vnode_check_rename_from(struct ucred *cred, struct vnode *dvp,
2562c2545
< if (!mac_lomac_enabled)
---
> if (!lomac_enabled)
2568c2551
< if (!mac_lomac_subject_dominate(subj, obj))
---
> if (!lomac_subject_dominate(subj, obj))
2573c2556
< if (!mac_lomac_subject_dominate(subj, obj))
---
> if (!lomac_subject_dominate(subj, obj))
2580c2563
< mac_lomac_vnode_check_rename_to(struct ucred *cred, struct vnode *dvp,
---
> lomac_vnode_check_rename_to(struct ucred *cred, struct vnode *dvp,
2586c2569
< if (!mac_lomac_enabled)
---
> if (!lomac_enabled)
2592c2575
< if (!mac_lomac_subject_dominate(subj, obj))
---
> if (!lomac_subject_dominate(subj, obj))
2598c2581
< if (!mac_lomac_subject_dominate(subj, obj))
---
> if (!lomac_subject_dominate(subj, obj))
2606c2589
< mac_lomac_vnode_check_revoke(struct ucred *cred, struct vnode *vp,
---
> lomac_vnode_check_revoke(struct ucred *cred, struct vnode *vp,
2611c2594
< if (!mac_lomac_enabled)
---
> if (!lomac_enabled)
2617c2600
< if (!mac_lomac_subject_dominate(subj, obj))
---
> if (!lomac_subject_dominate(subj, obj))
2624c2607
< mac_lomac_vnode_check_setacl(struct ucred *cred, struct vnode *vp,
---
> lomac_vnode_check_setacl(struct ucred *cred, struct vnode *vp,
2629c2612
< if (!mac_lomac_enabled)
---
> if (!lomac_enabled)
2635c2618
< if (!mac_lomac_subject_dominate(subj, obj))
---
> if (!lomac_subject_dominate(subj, obj))
2642c2625
< mac_lomac_vnode_check_setextattr(struct ucred *cred, struct vnode *vp,
---
> lomac_vnode_check_setextattr(struct ucred *cred, struct vnode *vp,
2648c2631
< if (!mac_lomac_enabled)
---
> if (!lomac_enabled)
2654c2637
< if (!mac_lomac_subject_dominate(subj, obj))
---
> if (!lomac_subject_dominate(subj, obj))
2663c2646
< mac_lomac_vnode_check_setflags(struct ucred *cred, struct vnode *vp,
---
> lomac_vnode_check_setflags(struct ucred *cred, struct vnode *vp,
2668c2651
< if (!mac_lomac_enabled)
---
> if (!lomac_enabled)
2674c2657
< if (!mac_lomac_subject_dominate(subj, obj))
---
> if (!lomac_subject_dominate(subj, obj))
2681c2664
< mac_lomac_vnode_check_setmode(struct ucred *cred, struct vnode *vp,
---
> lomac_vnode_check_setmode(struct ucred *cred, struct vnode *vp,
2686c2669
< if (!mac_lomac_enabled)
---
> if (!lomac_enabled)
2692c2675
< if (!mac_lomac_subject_dominate(subj, obj))
---
> if (!lomac_subject_dominate(subj, obj))
2699c2682
< mac_lomac_vnode_check_setowner(struct ucred *cred, struct vnode *vp,
---
> lomac_vnode_check_setowner(struct ucred *cred, struct vnode *vp,
2704c2687
< if (!mac_lomac_enabled)
---
> if (!lomac_enabled)
2710c2693
< if (!mac_lomac_subject_dominate(subj, obj))
---
> if (!lomac_subject_dominate(subj, obj))
2717c2700
< mac_lomac_vnode_check_setutimes(struct ucred *cred, struct vnode *vp,
---
> lomac_vnode_check_setutimes(struct ucred *cred, struct vnode *vp,
2722c2705
< if (!mac_lomac_enabled)
---
> if (!lomac_enabled)
2728c2711
< if (!mac_lomac_subject_dominate(subj, obj))
---
> if (!lomac_subject_dominate(subj, obj))
2735c2718
< mac_lomac_vnode_check_unlink(struct ucred *cred, struct vnode *dvp,
---
> lomac_vnode_check_unlink(struct ucred *cred, struct vnode *dvp,
2741c2724
< if (!mac_lomac_enabled)
---
> if (!lomac_enabled)
2747c2730
< if (!mac_lomac_subject_dominate(subj, obj))
---
> if (!lomac_subject_dominate(subj, obj))
2752c2735
< if (!mac_lomac_subject_dominate(subj, obj))
---
> if (!lomac_subject_dominate(subj, obj))
2759c2742
< mac_lomac_vnode_check_write(struct ucred *active_cred,
---
> lomac_vnode_check_write(struct ucred *active_cred,
2764c2747
< if (!mac_lomac_enabled || !revocation_enabled)
---
> if (!lomac_enabled || !revocation_enabled)
2770c2753
< if (!mac_lomac_subject_dominate(subj, obj))
---
> if (!lomac_subject_dominate(subj, obj))
2777c2760
< mac_lomac_thread_userret(struct thread *td)
---
> lomac_thread_userret(struct thread *td)
2791,2792c2774,2775
< * mac_cred_mmapped_drop_perms; ideally, the other
< * user of subj->mtx wouldn't be holding Giant.
---
> * mac_cred_mmapped_drop_perms; ideally, the other user of
> * subj->mtx wouldn't be holding Giant.
2807c2790
< mac_lomac_copy(&subj->mac_lomac, SLOT(newcred->cr_label));
---
> lomac_copy(&subj->mac_lomac, SLOT(newcred->cr_label));
2822c2805
< static struct mac_policy_ops mac_lomac_ops =
---
> static struct mac_policy_ops lomac_ops =
2824,2910c2807,2890
< .mpo_init = mac_lomac_init,
< .mpo_bpfdesc_init_label = mac_lomac_init_label,
< .mpo_cred_init_label = mac_lomac_init_label,
< .mpo_devfs_init_label = mac_lomac_init_label,
< .mpo_ifnet_init_label = mac_lomac_init_label,
< .mpo_init_syncache_label = mac_lomac_init_label_waitcheck,
< .mpo_inpcb_init_label = mac_lomac_init_label_waitcheck,
< .mpo_ipq_init_label = mac_lomac_init_label_waitcheck,
< .mpo_mbuf_init_label = mac_lomac_init_label_waitcheck,
< .mpo_mount_init_label = mac_lomac_init_label,
< .mpo_pipe_init_label = mac_lomac_init_label,
< .mpo_proc_init_label = mac_lomac_proc_init_label,
< .mpo_socket_init_label = mac_lomac_init_label_waitcheck,
< .mpo_socketpeer_init_label = mac_lomac_init_label_waitcheck,
< .mpo_vnode_init_label = mac_lomac_init_label,
< .mpo_init_syncache_from_inpcb = mac_lomac_init_syncache_from_inpcb,
< .mpo_bpfdesc_destroy_label = mac_lomac_destroy_label,
< .mpo_cred_destroy_label = mac_lomac_destroy_label,
< .mpo_devfs_destroy_label = mac_lomac_destroy_label,
< .mpo_ifnet_destroy_label = mac_lomac_destroy_label,
< .mpo_inpcb_destroy_label = mac_lomac_destroy_label,
< .mpo_ipq_destroy_label = mac_lomac_destroy_label,
< .mpo_mbuf_destroy_label = mac_lomac_destroy_label,
< .mpo_mount_destroy_label = mac_lomac_destroy_label,
< .mpo_pipe_destroy_label = mac_lomac_destroy_label,
< .mpo_proc_destroy_label = mac_lomac_proc_destroy_label,
< .mpo_destroy_syncache_label = mac_lomac_destroy_label,
< .mpo_socket_destroy_label = mac_lomac_destroy_label,
< .mpo_socketpeer_destroy_label = mac_lomac_destroy_label,
< .mpo_vnode_destroy_label = mac_lomac_destroy_label,
< .mpo_cred_copy_label = mac_lomac_copy_label,
< .mpo_ifnet_copy_label = mac_lomac_copy_label,
< .mpo_mbuf_copy_label = mac_lomac_copy_label,
< .mpo_pipe_copy_label = mac_lomac_copy_label,
< .mpo_socket_copy_label = mac_lomac_copy_label,
< .mpo_vnode_copy_label = mac_lomac_copy_label,
< .mpo_cred_externalize_label = mac_lomac_externalize_label,
< .mpo_ifnet_externalize_label = mac_lomac_externalize_label,
< .mpo_pipe_externalize_label = mac_lomac_externalize_label,
< .mpo_socket_externalize_label = mac_lomac_externalize_label,
< .mpo_socketpeer_externalize_label = mac_lomac_externalize_label,
< .mpo_vnode_externalize_label = mac_lomac_externalize_label,
< .mpo_cred_internalize_label = mac_lomac_internalize_label,
< .mpo_ifnet_internalize_label = mac_lomac_internalize_label,
< .mpo_pipe_internalize_label = mac_lomac_internalize_label,
< .mpo_socket_internalize_label = mac_lomac_internalize_label,
< .mpo_vnode_internalize_label = mac_lomac_internalize_label,
< .mpo_devfs_create_device = mac_lomac_devfs_create_device,
< .mpo_devfs_create_directory = mac_lomac_devfs_create_directory,
< .mpo_devfs_create_symlink = mac_lomac_devfs_create_symlink,
< .mpo_mount_create = mac_lomac_mount_create,
< .mpo_vnode_relabel = mac_lomac_vnode_relabel,
< .mpo_devfs_update = mac_lomac_devfs_update,
< .mpo_devfs_vnode_associate = mac_lomac_devfs_vnode_associate,
< .mpo_vnode_associate_extattr = mac_lomac_vnode_associate_extattr,
< .mpo_vnode_associate_singlelabel =
< mac_lomac_vnode_associate_singlelabel,
< .mpo_vnode_create_extattr = mac_lomac_vnode_create_extattr,
< .mpo_vnode_setlabel_extattr = mac_lomac_vnode_setlabel_extattr,
< .mpo_socket_create_mbuf = mac_lomac_socket_create_mbuf,
< .mpo_create_mbuf_from_syncache = mac_lomac_create_mbuf_from_syncache,
< .mpo_pipe_create = mac_lomac_pipe_create,
< .mpo_socket_create = mac_lomac_socket_create,
< .mpo_socket_newconn = mac_lomac_socket_newconn,
< .mpo_pipe_relabel = mac_lomac_pipe_relabel,
< .mpo_socket_relabel = mac_lomac_socket_relabel,
< .mpo_socketpeer_set_from_mbuf = mac_lomac_socketpeer_set_from_mbuf,
< .mpo_socketpeer_set_from_socket =
< mac_lomac_socketpeer_set_from_socket,
< .mpo_bpfdesc_create = mac_lomac_bpfdesc_create,
< .mpo_ipq_reassemble = mac_lomac_ipq_reassemble,
< .mpo_netinet_fragment = mac_lomac_netinet_fragment,
< .mpo_ifnet_create = mac_lomac_ifnet_create,
< .mpo_inpcb_create = mac_lomac_inpcb_create,
< .mpo_ipq_create = mac_lomac_ipq_create,
< .mpo_inpcb_create_mbuf = mac_lomac_inpcb_create_mbuf,
< .mpo_create_mbuf_linklayer = mac_lomac_create_mbuf_linklayer,
< .mpo_bpfdesc_create_mbuf = mac_lomac_bpfdesc_create_mbuf,
< .mpo_ifnet_create_mbuf = mac_lomac_ifnet_create_mbuf,
< .mpo_mbuf_create_multicast_encap =
< mac_lomac_mbuf_create_multicast_encap,
< .mpo_mbuf_create_netlayer = mac_lomac_mbuf_create_netlayer,
< .mpo_ipq_match = mac_lomac_ipq_match,
< .mpo_ifnet_relabel = mac_lomac_ifnet_relabel,
< .mpo_ipq_update = mac_lomac_ipq_update,
< .mpo_inpcb_sosetlabel = mac_lomac_inpcb_sosetlabel,
< .mpo_vnode_execve_transition = mac_lomac_vnode_execve_transition,
---
> .mpo_init = lomac_init,
> .mpo_bpfdesc_init_label = lomac_init_label,
> .mpo_cred_init_label = lomac_init_label,
> .mpo_devfs_init_label = lomac_init_label,
> .mpo_ifnet_init_label = lomac_init_label,
> .mpo_init_syncache_label = lomac_init_label_waitcheck,
> .mpo_inpcb_init_label = lomac_init_label_waitcheck,
> .mpo_ipq_init_label = lomac_init_label_waitcheck,
> .mpo_mbuf_init_label = lomac_init_label_waitcheck,
> .mpo_mount_init_label = lomac_init_label,
> .mpo_pipe_init_label = lomac_init_label,
> .mpo_proc_init_label = lomac_proc_init_label,
> .mpo_socket_init_label = lomac_init_label_waitcheck,
> .mpo_socketpeer_init_label = lomac_init_label_waitcheck,
> .mpo_vnode_init_label = lomac_init_label,
> .mpo_init_syncache_from_inpcb = lomac_init_syncache_from_inpcb,
> .mpo_bpfdesc_destroy_label = lomac_destroy_label,
> .mpo_cred_destroy_label = lomac_destroy_label,
> .mpo_devfs_destroy_label = lomac_destroy_label,
> .mpo_ifnet_destroy_label = lomac_destroy_label,
> .mpo_inpcb_destroy_label = lomac_destroy_label,
> .mpo_ipq_destroy_label = lomac_destroy_label,
> .mpo_mbuf_destroy_label = lomac_destroy_label,
> .mpo_mount_destroy_label = lomac_destroy_label,
> .mpo_pipe_destroy_label = lomac_destroy_label,
> .mpo_proc_destroy_label = lomac_proc_destroy_label,
> .mpo_destroy_syncache_label = lomac_destroy_label,
> .mpo_socket_destroy_label = lomac_destroy_label,
> .mpo_socketpeer_destroy_label = lomac_destroy_label,
> .mpo_vnode_destroy_label = lomac_destroy_label,
> .mpo_cred_copy_label = lomac_copy_label,
> .mpo_ifnet_copy_label = lomac_copy_label,
> .mpo_mbuf_copy_label = lomac_copy_label,
> .mpo_pipe_copy_label = lomac_copy_label,
> .mpo_socket_copy_label = lomac_copy_label,
> .mpo_vnode_copy_label = lomac_copy_label,
> .mpo_cred_externalize_label = lomac_externalize_label,
> .mpo_ifnet_externalize_label = lomac_externalize_label,
> .mpo_pipe_externalize_label = lomac_externalize_label,
> .mpo_socket_externalize_label = lomac_externalize_label,
> .mpo_socketpeer_externalize_label = lomac_externalize_label,
> .mpo_vnode_externalize_label = lomac_externalize_label,
> .mpo_cred_internalize_label = lomac_internalize_label,
> .mpo_ifnet_internalize_label = lomac_internalize_label,
> .mpo_pipe_internalize_label = lomac_internalize_label,
> .mpo_socket_internalize_label = lomac_internalize_label,
> .mpo_vnode_internalize_label = lomac_internalize_label,
> .mpo_devfs_create_device = lomac_devfs_create_device,
> .mpo_devfs_create_directory = lomac_devfs_create_directory,
> .mpo_devfs_create_symlink = lomac_devfs_create_symlink,
> .mpo_mount_create = lomac_mount_create,
> .mpo_vnode_relabel = lomac_vnode_relabel,
> .mpo_devfs_update = lomac_devfs_update,
> .mpo_devfs_vnode_associate = lomac_devfs_vnode_associate,
> .mpo_vnode_associate_extattr = lomac_vnode_associate_extattr,
> .mpo_vnode_associate_singlelabel = lomac_vnode_associate_singlelabel,
> .mpo_vnode_create_extattr = lomac_vnode_create_extattr,
> .mpo_vnode_setlabel_extattr = lomac_vnode_setlabel_extattr,
> .mpo_socket_create_mbuf = lomac_socket_create_mbuf,
> .mpo_create_mbuf_from_syncache = lomac_create_mbuf_from_syncache,
> .mpo_pipe_create = lomac_pipe_create,
> .mpo_socket_create = lomac_socket_create,
> .mpo_socket_newconn = lomac_socket_newconn,
> .mpo_pipe_relabel = lomac_pipe_relabel,
> .mpo_socket_relabel = lomac_socket_relabel,
> .mpo_socketpeer_set_from_mbuf = lomac_socketpeer_set_from_mbuf,
> .mpo_socketpeer_set_from_socket = lomac_socketpeer_set_from_socket,
> .mpo_bpfdesc_create = lomac_bpfdesc_create,
> .mpo_ipq_reassemble = lomac_ipq_reassemble,
> .mpo_netinet_fragment = lomac_netinet_fragment,
> .mpo_ifnet_create = lomac_ifnet_create,
> .mpo_inpcb_create = lomac_inpcb_create,
> .mpo_ipq_create = lomac_ipq_create,
> .mpo_inpcb_create_mbuf = lomac_inpcb_create_mbuf,
> .mpo_create_mbuf_linklayer = lomac_create_mbuf_linklayer,
> .mpo_bpfdesc_create_mbuf = lomac_bpfdesc_create_mbuf,
> .mpo_ifnet_create_mbuf = lomac_ifnet_create_mbuf,
> .mpo_mbuf_create_multicast_encap = lomac_mbuf_create_multicast_encap,
> .mpo_mbuf_create_netlayer = lomac_mbuf_create_netlayer,
> .mpo_ipq_match = lomac_ipq_match,
> .mpo_ifnet_relabel = lomac_ifnet_relabel,
> .mpo_ipq_update = lomac_ipq_update,
> .mpo_inpcb_sosetlabel = lomac_inpcb_sosetlabel,
> .mpo_vnode_execve_transition = lomac_vnode_execve_transition,
2912,2960c2892,2940
< mac_lomac_vnode_execve_will_transition,
< .mpo_proc_create_swapper = mac_lomac_proc_create_swapper,
< .mpo_proc_create_init = mac_lomac_proc_create_init,
< .mpo_cred_relabel = mac_lomac_cred_relabel,
< .mpo_bpfdesc_check_receive = mac_lomac_bpfdesc_check_receive,
< .mpo_cred_check_relabel = mac_lomac_cred_check_relabel,
< .mpo_cred_check_visible = mac_lomac_cred_check_visible,
< .mpo_ifnet_check_relabel = mac_lomac_ifnet_check_relabel,
< .mpo_ifnet_check_transmit = mac_lomac_ifnet_check_transmit,
< .mpo_inpcb_check_deliver = mac_lomac_inpcb_check_deliver,
< .mpo_kld_check_load = mac_lomac_kld_check_load,
< .mpo_pipe_check_ioctl = mac_lomac_pipe_check_ioctl,
< .mpo_pipe_check_read = mac_lomac_pipe_check_read,
< .mpo_pipe_check_relabel = mac_lomac_pipe_check_relabel,
< .mpo_pipe_check_write = mac_lomac_pipe_check_write,
< .mpo_proc_check_debug = mac_lomac_proc_check_debug,
< .mpo_proc_check_sched = mac_lomac_proc_check_sched,
< .mpo_proc_check_signal = mac_lomac_proc_check_signal,
< .mpo_socket_check_deliver = mac_lomac_socket_check_deliver,
< .mpo_socket_check_relabel = mac_lomac_socket_check_relabel,
< .mpo_socket_check_visible = mac_lomac_socket_check_visible,
< .mpo_system_check_acct = mac_lomac_system_check_acct,
< .mpo_system_check_auditctl = mac_lomac_system_check_auditctl,
< .mpo_system_check_swapoff = mac_lomac_system_check_swapoff,
< .mpo_system_check_swapon = mac_lomac_system_check_swapon,
< .mpo_system_check_sysctl = mac_lomac_system_check_sysctl,
< .mpo_vnode_check_access = mac_lomac_vnode_check_open,
< .mpo_vnode_check_create = mac_lomac_vnode_check_create,
< .mpo_vnode_check_deleteacl = mac_lomac_vnode_check_deleteacl,
< .mpo_vnode_check_link = mac_lomac_vnode_check_link,
< .mpo_vnode_check_mmap = mac_lomac_vnode_check_mmap,
< .mpo_vnode_check_mmap_downgrade = mac_lomac_vnode_check_mmap_downgrade,
< .mpo_vnode_check_open = mac_lomac_vnode_check_open,
< .mpo_vnode_check_read = mac_lomac_vnode_check_read,
< .mpo_vnode_check_relabel = mac_lomac_vnode_check_relabel,
< .mpo_vnode_check_rename_from = mac_lomac_vnode_check_rename_from,
< .mpo_vnode_check_rename_to = mac_lomac_vnode_check_rename_to,
< .mpo_vnode_check_revoke = mac_lomac_vnode_check_revoke,
< .mpo_vnode_check_setacl = mac_lomac_vnode_check_setacl,
< .mpo_vnode_check_setextattr = mac_lomac_vnode_check_setextattr,
< .mpo_vnode_check_setflags = mac_lomac_vnode_check_setflags,
< .mpo_vnode_check_setmode = mac_lomac_vnode_check_setmode,
< .mpo_vnode_check_setowner = mac_lomac_vnode_check_setowner,
< .mpo_vnode_check_setutimes = mac_lomac_vnode_check_setutimes,
< .mpo_vnode_check_unlink = mac_lomac_vnode_check_unlink,
< .mpo_vnode_check_write = mac_lomac_vnode_check_write,
< .mpo_thread_userret = mac_lomac_thread_userret,
< .mpo_mbuf_create_from_firewall = mac_lomac_mbuf_create_from_firewall,
< .mpo_priv_check = mac_lomac_priv_check,
---
> lomac_vnode_execve_will_transition,
> .mpo_proc_create_swapper = lomac_proc_create_swapper,
> .mpo_proc_create_init = lomac_proc_create_init,
> .mpo_cred_relabel = lomac_cred_relabel,
> .mpo_bpfdesc_check_receive = lomac_bpfdesc_check_receive,
> .mpo_cred_check_relabel = lomac_cred_check_relabel,
> .mpo_cred_check_visible = lomac_cred_check_visible,
> .mpo_ifnet_check_relabel = lomac_ifnet_check_relabel,
> .mpo_ifnet_check_transmit = lomac_ifnet_check_transmit,
> .mpo_inpcb_check_deliver = lomac_inpcb_check_deliver,
> .mpo_kld_check_load = lomac_kld_check_load,
> .mpo_pipe_check_ioctl = lomac_pipe_check_ioctl,
> .mpo_pipe_check_read = lomac_pipe_check_read,
> .mpo_pipe_check_relabel = lomac_pipe_check_relabel,
> .mpo_pipe_check_write = lomac_pipe_check_write,
> .mpo_proc_check_debug = lomac_proc_check_debug,
> .mpo_proc_check_sched = lomac_proc_check_sched,
> .mpo_proc_check_signal = lomac_proc_check_signal,
> .mpo_socket_check_deliver = lomac_socket_check_deliver,
> .mpo_socket_check_relabel = lomac_socket_check_relabel,
> .mpo_socket_check_visible = lomac_socket_check_visible,
> .mpo_system_check_acct = lomac_system_check_acct,
> .mpo_system_check_auditctl = lomac_system_check_auditctl,
> .mpo_system_check_swapoff = lomac_system_check_swapoff,
> .mpo_system_check_swapon = lomac_system_check_swapon,
> .mpo_system_check_sysctl = lomac_system_check_sysctl,
> .mpo_vnode_check_access = lomac_vnode_check_open,
> .mpo_vnode_check_create = lomac_vnode_check_create,
> .mpo_vnode_check_deleteacl = lomac_vnode_check_deleteacl,
> .mpo_vnode_check_link = lomac_vnode_check_link,
> .mpo_vnode_check_mmap = lomac_vnode_check_mmap,
> .mpo_vnode_check_mmap_downgrade = lomac_vnode_check_mmap_downgrade,
> .mpo_vnode_check_open = lomac_vnode_check_open,
> .mpo_vnode_check_read = lomac_vnode_check_read,
> .mpo_vnode_check_relabel = lomac_vnode_check_relabel,
> .mpo_vnode_check_rename_from = lomac_vnode_check_rename_from,
> .mpo_vnode_check_rename_to = lomac_vnode_check_rename_to,
> .mpo_vnode_check_revoke = lomac_vnode_check_revoke,
> .mpo_vnode_check_setacl = lomac_vnode_check_setacl,
> .mpo_vnode_check_setextattr = lomac_vnode_check_setextattr,
> .mpo_vnode_check_setflags = lomac_vnode_check_setflags,
> .mpo_vnode_check_setmode = lomac_vnode_check_setmode,
> .mpo_vnode_check_setowner = lomac_vnode_check_setowner,
> .mpo_vnode_check_setutimes = lomac_vnode_check_setutimes,
> .mpo_vnode_check_unlink = lomac_vnode_check_unlink,
> .mpo_vnode_check_write = lomac_vnode_check_write,
> .mpo_thread_userret = lomac_thread_userret,
> .mpo_mbuf_create_from_firewall = lomac_mbuf_create_from_firewall,
> .mpo_priv_check = lomac_priv_check,
2963c2943
< MAC_POLICY_SET(&mac_lomac_ops, mac_lomac, "TrustedBSD MAC/LOMAC",
---
> MAC_POLICY_SET(&lomac_ops, mac_lomac, "TrustedBSD MAC/LOMAC",
2965c2945
< &mac_lomac_slot);
---
> &lomac_slot);