mac_framework.c (101933) | mac_framework.c (101988) |
---|---|
1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001 Ilmar S. Habibulin 4 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson and Ilmar Habibulin for the 8 * TrustedBSD Project. --- 22 unchanged lines hidden (view full) --- 31 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 32 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 33 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 34 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 35 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 36 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 37 * SUCH DAMAGE. 38 * | 1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001 Ilmar S. Habibulin 4 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson and Ilmar Habibulin for the 8 * TrustedBSD Project. --- 22 unchanged lines hidden (view full) --- 31 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 32 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 33 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 34 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 35 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 36 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 37 * SUCH DAMAGE. 38 * |
39 * $FreeBSD: head/sys/security/mac/mac_framework.c 101933 2002-08-15 18:51:26Z rwatson $ | 39 * $FreeBSD: head/sys/security/mac/mac_framework.c 101988 2002-08-16 14:21:38Z rwatson $ |
40 */ 41/* 42 * Developed by the TrustedBSD Project. 43 * 44 * Framework for extensible kernel access control. Kernel and userland 45 * interface to the framework, policy registration and composition. 46 */ 47 --- 114 unchanged lines hidden (view full) --- 162static int mac_vnode_label_cache_misses = 0; 163SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_misses, CTLFLAG_RD, 164 &mac_vnode_label_cache_misses, 0, "Cache misses on vnode labels"); 165static int mac_mmap_revocation_via_cow = 0; 166SYSCTL_INT(_security_mac, OID_AUTO, mmap_revocation_via_cow, CTLFLAG_RW, 167 &mac_mmap_revocation_via_cow, 0, "Revoke mmap access to files via " 168 "copy-on-write semantics, or by removing all write access"); 169 | 40 */ 41/* 42 * Developed by the TrustedBSD Project. 43 * 44 * Framework for extensible kernel access control. Kernel and userland 45 * interface to the framework, policy registration and composition. 46 */ 47 --- 114 unchanged lines hidden (view full) --- 162static int mac_vnode_label_cache_misses = 0; 163SYSCTL_INT(_security_mac, OID_AUTO, vnode_label_cache_misses, CTLFLAG_RD, 164 &mac_vnode_label_cache_misses, 0, "Cache misses on vnode labels"); 165static int mac_mmap_revocation_via_cow = 0; 166SYSCTL_INT(_security_mac, OID_AUTO, mmap_revocation_via_cow, CTLFLAG_RW, 167 &mac_mmap_revocation_via_cow, 0, "Revoke mmap access to files via " 168 "copy-on-write semantics, or by removing all write access"); 169 |
170#ifdef MAC_DEBUG |
|
170static unsigned int nmacmbufs, nmaccreds, nmacifnets, nmacbpfdescs, 171 nmacsockets, nmacmounts, nmactemp, nmacvnodes, nmacdevfsdirents, 172 nmacipqs, nmacpipes; 173SYSCTL_UINT(_security_mac_debug, OID_AUTO, mbufs, CTLFLAG_RD, 174 &nmacmbufs, 0, "number of mbufs in use"); 175SYSCTL_UINT(_security_mac_debug, OID_AUTO, creds, CTLFLAG_RD, 176 &nmaccreds, 0, "number of ucreds in use"); 177SYSCTL_UINT(_security_mac_debug, OID_AUTO, ifnets, CTLFLAG_RD, --- 9 unchanged lines hidden (view full) --- 187SYSCTL_UINT(_security_mac_debug, OID_AUTO, mounts, CTLFLAG_RD, 188 &nmacmounts, 0, "number of mounts in use"); 189SYSCTL_UINT(_security_mac_debug, OID_AUTO, temp, CTLFLAG_RD, 190 &nmactemp, 0, "number of temporary labels in use"); 191SYSCTL_UINT(_security_mac_debug, OID_AUTO, vnodes, CTLFLAG_RD, 192 &nmacvnodes, 0, "number of vnodes in use"); 193SYSCTL_UINT(_security_mac_debug, OID_AUTO, devfsdirents, CTLFLAG_RD, 194 &nmacdevfsdirents, 0, "number of devfs dirents inuse"); | 171static unsigned int nmacmbufs, nmaccreds, nmacifnets, nmacbpfdescs, 172 nmacsockets, nmacmounts, nmactemp, nmacvnodes, nmacdevfsdirents, 173 nmacipqs, nmacpipes; 174SYSCTL_UINT(_security_mac_debug, OID_AUTO, mbufs, CTLFLAG_RD, 175 &nmacmbufs, 0, "number of mbufs in use"); 176SYSCTL_UINT(_security_mac_debug, OID_AUTO, creds, CTLFLAG_RD, 177 &nmaccreds, 0, "number of ucreds in use"); 178SYSCTL_UINT(_security_mac_debug, OID_AUTO, ifnets, CTLFLAG_RD, --- 9 unchanged lines hidden (view full) --- 188SYSCTL_UINT(_security_mac_debug, OID_AUTO, mounts, CTLFLAG_RD, 189 &nmacmounts, 0, "number of mounts in use"); 190SYSCTL_UINT(_security_mac_debug, OID_AUTO, temp, CTLFLAG_RD, 191 &nmactemp, 0, "number of temporary labels in use"); 192SYSCTL_UINT(_security_mac_debug, OID_AUTO, vnodes, CTLFLAG_RD, 193 &nmacvnodes, 0, "number of vnodes in use"); 194SYSCTL_UINT(_security_mac_debug, OID_AUTO, devfsdirents, CTLFLAG_RD, 195 &nmacdevfsdirents, 0, "number of devfs dirents inuse"); |
196#endif |
|
195 196static int error_select(int error1, int error2); 197static int mac_externalize(struct label *label, struct mac *mac); 198static int mac_policy_register(struct mac_policy_conf *mpc); 199static int mac_policy_unregister(struct mac_policy_conf *mpc); 200 201static int mac_stdcreatevnode_ea(struct vnode *vp); 202static void mac_cred_mmapped_drop_perms(struct thread *td, --- 1040 unchanged lines hidden (view full) --- 1243int 1244mac_init_mbuf(struct mbuf *m, int how) 1245{ 1246 KASSERT(m->m_flags & M_PKTHDR, ("mac_init_mbuf on non-header mbuf")); 1247 1248 /* "how" is one of M_(TRY|DONT)WAIT */ 1249 mac_init_label(&m->m_pkthdr.label); 1250 MAC_PERFORM(init_mbuf, m, how, &m->m_pkthdr.label); | 197 198static int error_select(int error1, int error2); 199static int mac_externalize(struct label *label, struct mac *mac); 200static int mac_policy_register(struct mac_policy_conf *mpc); 201static int mac_policy_unregister(struct mac_policy_conf *mpc); 202 203static int mac_stdcreatevnode_ea(struct vnode *vp); 204static void mac_cred_mmapped_drop_perms(struct thread *td, --- 1040 unchanged lines hidden (view full) --- 1245int 1246mac_init_mbuf(struct mbuf *m, int how) 1247{ 1248 KASSERT(m->m_flags & M_PKTHDR, ("mac_init_mbuf on non-header mbuf")); 1249 1250 /* "how" is one of M_(TRY|DONT)WAIT */ 1251 mac_init_label(&m->m_pkthdr.label); 1252 MAC_PERFORM(init_mbuf, m, how, &m->m_pkthdr.label); |
1253#ifdef MAC_DEBUG |
|
1251 atomic_add_int(&nmacmbufs, 1); | 1254 atomic_add_int(&nmacmbufs, 1); |
1255#endif |
|
1252 return (0); 1253} 1254 1255void 1256mac_destroy_mbuf(struct mbuf *m) 1257{ 1258 1259 MAC_PERFORM(destroy_mbuf, m, &m->m_pkthdr.label); 1260 mac_destroy_label(&m->m_pkthdr.label); | 1256 return (0); 1257} 1258 1259void 1260mac_destroy_mbuf(struct mbuf *m) 1261{ 1262 1263 MAC_PERFORM(destroy_mbuf, m, &m->m_pkthdr.label); 1264 mac_destroy_label(&m->m_pkthdr.label); |
1265#ifdef MAC_DEBUG |
|
1261 atomic_subtract_int(&nmacmbufs, 1); | 1266 atomic_subtract_int(&nmacmbufs, 1); |
1267#endif |
|
1262} 1263 1264void 1265mac_init_cred(struct ucred *cr) 1266{ 1267 1268 mac_init_label(&cr->cr_label); 1269 MAC_PERFORM(init_cred, cr, &cr->cr_label); | 1268} 1269 1270void 1271mac_init_cred(struct ucred *cr) 1272{ 1273 1274 mac_init_label(&cr->cr_label); 1275 MAC_PERFORM(init_cred, cr, &cr->cr_label); |
1276#ifdef MAC_DEBUG |
|
1270 atomic_add_int(&nmaccreds, 1); | 1277 atomic_add_int(&nmaccreds, 1); |
1278#endif |
|
1271} 1272 1273void 1274mac_destroy_cred(struct ucred *cr) 1275{ 1276 1277 MAC_PERFORM(destroy_cred, cr, &cr->cr_label); 1278 mac_destroy_label(&cr->cr_label); | 1279} 1280 1281void 1282mac_destroy_cred(struct ucred *cr) 1283{ 1284 1285 MAC_PERFORM(destroy_cred, cr, &cr->cr_label); 1286 mac_destroy_label(&cr->cr_label); |
1287#ifdef MAC_DEBUG |
|
1279 atomic_subtract_int(&nmaccreds, 1); | 1288 atomic_subtract_int(&nmaccreds, 1); |
1289#endif |
|
1280} 1281 1282void 1283mac_init_ifnet(struct ifnet *ifp) 1284{ 1285 1286 mac_init_label(&ifp->if_label); 1287 MAC_PERFORM(init_ifnet, ifp, &ifp->if_label); | 1290} 1291 1292void 1293mac_init_ifnet(struct ifnet *ifp) 1294{ 1295 1296 mac_init_label(&ifp->if_label); 1297 MAC_PERFORM(init_ifnet, ifp, &ifp->if_label); |
1298#ifdef MAC_DEBUG |
|
1288 atomic_add_int(&nmacifnets, 1); | 1299 atomic_add_int(&nmacifnets, 1); |
1300#endif |
|
1289} 1290 1291void 1292mac_destroy_ifnet(struct ifnet *ifp) 1293{ 1294 1295 MAC_PERFORM(destroy_ifnet, ifp, &ifp->if_label); 1296 mac_destroy_label(&ifp->if_label); | 1301} 1302 1303void 1304mac_destroy_ifnet(struct ifnet *ifp) 1305{ 1306 1307 MAC_PERFORM(destroy_ifnet, ifp, &ifp->if_label); 1308 mac_destroy_label(&ifp->if_label); |
1309#ifdef MAC_DEBUG |
|
1297 atomic_subtract_int(&nmacifnets, 1); | 1310 atomic_subtract_int(&nmacifnets, 1); |
1311#endif |
|
1298} 1299 1300void 1301mac_init_ipq(struct ipq *ipq) 1302{ 1303 1304 mac_init_label(&ipq->ipq_label); 1305 MAC_PERFORM(init_ipq, ipq, &ipq->ipq_label); | 1312} 1313 1314void 1315mac_init_ipq(struct ipq *ipq) 1316{ 1317 1318 mac_init_label(&ipq->ipq_label); 1319 MAC_PERFORM(init_ipq, ipq, &ipq->ipq_label); |
1320#ifdef MAC_DEBUG |
|
1306 atomic_add_int(&nmacipqs, 1); | 1321 atomic_add_int(&nmacipqs, 1); |
1322#endif |
|
1307} 1308 1309void 1310mac_destroy_ipq(struct ipq *ipq) 1311{ 1312 1313 MAC_PERFORM(destroy_ipq, ipq, &ipq->ipq_label); 1314 mac_destroy_label(&ipq->ipq_label); | 1323} 1324 1325void 1326mac_destroy_ipq(struct ipq *ipq) 1327{ 1328 1329 MAC_PERFORM(destroy_ipq, ipq, &ipq->ipq_label); 1330 mac_destroy_label(&ipq->ipq_label); |
1331#ifdef MAC_DEBUG |
|
1315 atomic_subtract_int(&nmacipqs, 1); | 1332 atomic_subtract_int(&nmacipqs, 1); |
1333#endif |
|
1316} 1317 1318void 1319mac_init_socket(struct socket *socket) 1320{ 1321 1322 mac_init_label(&socket->so_label); 1323 mac_init_label(&socket->so_peerlabel); 1324 MAC_PERFORM(init_socket, socket, &socket->so_label, 1325 &socket->so_peerlabel); | 1334} 1335 1336void 1337mac_init_socket(struct socket *socket) 1338{ 1339 1340 mac_init_label(&socket->so_label); 1341 mac_init_label(&socket->so_peerlabel); 1342 MAC_PERFORM(init_socket, socket, &socket->so_label, 1343 &socket->so_peerlabel); |
1344#ifdef MAC_DEBUG |
|
1326 atomic_add_int(&nmacsockets, 1); | 1345 atomic_add_int(&nmacsockets, 1); |
1346#endif |
|
1327} 1328 1329void 1330mac_destroy_socket(struct socket *socket) 1331{ 1332 1333 MAC_PERFORM(destroy_socket, socket, &socket->so_label, 1334 &socket->so_peerlabel); 1335 mac_destroy_label(&socket->so_label); 1336 mac_destroy_label(&socket->so_peerlabel); | 1347} 1348 1349void 1350mac_destroy_socket(struct socket *socket) 1351{ 1352 1353 MAC_PERFORM(destroy_socket, socket, &socket->so_label, 1354 &socket->so_peerlabel); 1355 mac_destroy_label(&socket->so_label); 1356 mac_destroy_label(&socket->so_peerlabel); |
1357#ifdef MAC_DEBUG |
|
1337 atomic_subtract_int(&nmacsockets, 1); | 1358 atomic_subtract_int(&nmacsockets, 1); |
1359#endif |
|
1338} 1339 1340void 1341mac_init_pipe(struct pipe *pipe) 1342{ 1343 struct label *label; 1344 1345 label = malloc(sizeof(struct label), M_MACPIPELABEL, M_ZERO|M_WAITOK); 1346 mac_init_label(label); 1347 pipe->pipe_label = label; 1348 pipe->pipe_peer->pipe_label = label; 1349 MAC_PERFORM(init_pipe, pipe, pipe->pipe_label); | 1360} 1361 1362void 1363mac_init_pipe(struct pipe *pipe) 1364{ 1365 struct label *label; 1366 1367 label = malloc(sizeof(struct label), M_MACPIPELABEL, M_ZERO|M_WAITOK); 1368 mac_init_label(label); 1369 pipe->pipe_label = label; 1370 pipe->pipe_peer->pipe_label = label; 1371 MAC_PERFORM(init_pipe, pipe, pipe->pipe_label); |
1372#ifdef MAC_DEBUG |
|
1350 atomic_add_int(&nmacpipes, 1); | 1373 atomic_add_int(&nmacpipes, 1); |
1374#endif |
|
1351} 1352 1353void 1354mac_destroy_pipe(struct pipe *pipe) 1355{ 1356 1357 MAC_PERFORM(destroy_pipe, pipe, pipe->pipe_label); 1358 mac_destroy_label(pipe->pipe_label); 1359 free(pipe->pipe_label, M_MACPIPELABEL); | 1375} 1376 1377void 1378mac_destroy_pipe(struct pipe *pipe) 1379{ 1380 1381 MAC_PERFORM(destroy_pipe, pipe, pipe->pipe_label); 1382 mac_destroy_label(pipe->pipe_label); 1383 free(pipe->pipe_label, M_MACPIPELABEL); |
1384#ifdef MAC_DEBUG |
|
1360 atomic_subtract_int(&nmacpipes, 1); | 1385 atomic_subtract_int(&nmacpipes, 1); |
1386#endif |
|
1361} 1362 1363void 1364mac_init_bpfdesc(struct bpf_d *bpf_d) 1365{ 1366 1367 mac_init_label(&bpf_d->bd_label); 1368 MAC_PERFORM(init_bpfdesc, bpf_d, &bpf_d->bd_label); | 1387} 1388 1389void 1390mac_init_bpfdesc(struct bpf_d *bpf_d) 1391{ 1392 1393 mac_init_label(&bpf_d->bd_label); 1394 MAC_PERFORM(init_bpfdesc, bpf_d, &bpf_d->bd_label); |
1395#ifdef MAC_DEBUG |
|
1369 atomic_add_int(&nmacbpfdescs, 1); | 1396 atomic_add_int(&nmacbpfdescs, 1); |
1397#endif |
|
1370} 1371 1372void 1373mac_destroy_bpfdesc(struct bpf_d *bpf_d) 1374{ 1375 1376 MAC_PERFORM(destroy_bpfdesc, bpf_d, &bpf_d->bd_label); 1377 mac_destroy_label(&bpf_d->bd_label); | 1398} 1399 1400void 1401mac_destroy_bpfdesc(struct bpf_d *bpf_d) 1402{ 1403 1404 MAC_PERFORM(destroy_bpfdesc, bpf_d, &bpf_d->bd_label); 1405 mac_destroy_label(&bpf_d->bd_label); |
1406#ifdef MAC_DEBUG |
|
1378 atomic_subtract_int(&nmacbpfdescs, 1); | 1407 atomic_subtract_int(&nmacbpfdescs, 1); |
1408#endif |
|
1379} 1380 1381void 1382mac_init_mount(struct mount *mp) 1383{ 1384 1385 mac_init_label(&mp->mnt_mntlabel); 1386 mac_init_label(&mp->mnt_fslabel); 1387 MAC_PERFORM(init_mount, mp, &mp->mnt_mntlabel, &mp->mnt_fslabel); | 1409} 1410 1411void 1412mac_init_mount(struct mount *mp) 1413{ 1414 1415 mac_init_label(&mp->mnt_mntlabel); 1416 mac_init_label(&mp->mnt_fslabel); 1417 MAC_PERFORM(init_mount, mp, &mp->mnt_mntlabel, &mp->mnt_fslabel); |
1418#ifdef MAC_DEBUG |
|
1388 atomic_add_int(&nmacmounts, 1); | 1419 atomic_add_int(&nmacmounts, 1); |
1420#endif |
|
1389} 1390 1391void 1392mac_destroy_mount(struct mount *mp) 1393{ 1394 1395 MAC_PERFORM(destroy_mount, mp, &mp->mnt_mntlabel, &mp->mnt_fslabel); 1396 mac_destroy_label(&mp->mnt_fslabel); 1397 mac_destroy_label(&mp->mnt_mntlabel); | 1421} 1422 1423void 1424mac_destroy_mount(struct mount *mp) 1425{ 1426 1427 MAC_PERFORM(destroy_mount, mp, &mp->mnt_mntlabel, &mp->mnt_fslabel); 1428 mac_destroy_label(&mp->mnt_fslabel); 1429 mac_destroy_label(&mp->mnt_mntlabel); |
1430#ifdef MAC_DEBUG |
|
1398 atomic_subtract_int(&nmacmounts, 1); | 1431 atomic_subtract_int(&nmacmounts, 1); |
1432#endif |
|
1399} 1400 1401static void 1402mac_init_temp(struct label *label) 1403{ 1404 1405 mac_init_label(label); 1406 MAC_PERFORM(init_temp, label); | 1433} 1434 1435static void 1436mac_init_temp(struct label *label) 1437{ 1438 1439 mac_init_label(label); 1440 MAC_PERFORM(init_temp, label); |
1441#ifdef MAC_DEBUG |
|
1407 atomic_add_int(&nmactemp, 1); | 1442 atomic_add_int(&nmactemp, 1); |
1443#endif |
|
1408} 1409 1410static void 1411mac_destroy_temp(struct label *label) 1412{ 1413 1414 MAC_PERFORM(destroy_temp, label); 1415 mac_destroy_label(label); | 1444} 1445 1446static void 1447mac_destroy_temp(struct label *label) 1448{ 1449 1450 MAC_PERFORM(destroy_temp, label); 1451 mac_destroy_label(label); |
1452#ifdef MAC_DEBUG |
|
1416 atomic_subtract_int(&nmactemp, 1); | 1453 atomic_subtract_int(&nmactemp, 1); |
1454#endif |
|
1417} 1418 1419void 1420mac_init_vnode(struct vnode *vp) 1421{ 1422 1423 mac_init_label(&vp->v_label); 1424 MAC_PERFORM(init_vnode, vp, &vp->v_label); | 1455} 1456 1457void 1458mac_init_vnode(struct vnode *vp) 1459{ 1460 1461 mac_init_label(&vp->v_label); 1462 MAC_PERFORM(init_vnode, vp, &vp->v_label); |
1463#ifdef MAC_DEBUG |
|
1425 atomic_add_int(&nmacvnodes, 1); | 1464 atomic_add_int(&nmacvnodes, 1); |
1465#endif |
|
1426} 1427 1428void 1429mac_destroy_vnode(struct vnode *vp) 1430{ 1431 1432 MAC_PERFORM(destroy_vnode, vp, &vp->v_label); 1433 mac_destroy_label(&vp->v_label); | 1466} 1467 1468void 1469mac_destroy_vnode(struct vnode *vp) 1470{ 1471 1472 MAC_PERFORM(destroy_vnode, vp, &vp->v_label); 1473 mac_destroy_label(&vp->v_label); |
1474#ifdef MAC_DEBUG |
|
1434 atomic_subtract_int(&nmacvnodes, 1); | 1475 atomic_subtract_int(&nmacvnodes, 1); |
1476#endif |
|
1435} 1436 1437void 1438mac_init_devfsdirent(struct devfs_dirent *de) 1439{ 1440 1441 mac_init_label(&de->de_label); 1442 MAC_PERFORM(init_devfsdirent, de, &de->de_label); | 1477} 1478 1479void 1480mac_init_devfsdirent(struct devfs_dirent *de) 1481{ 1482 1483 mac_init_label(&de->de_label); 1484 MAC_PERFORM(init_devfsdirent, de, &de->de_label); |
1485#ifdef MAC_DEBUG |
|
1443 atomic_add_int(&nmacdevfsdirents, 1); | 1486 atomic_add_int(&nmacdevfsdirents, 1); |
1487#endif |
|
1444} 1445 1446void 1447mac_destroy_devfsdirent(struct devfs_dirent *de) 1448{ 1449 1450 MAC_PERFORM(destroy_devfsdirent, de, &de->de_label); 1451 mac_destroy_label(&de->de_label); | 1488} 1489 1490void 1491mac_destroy_devfsdirent(struct devfs_dirent *de) 1492{ 1493 1494 MAC_PERFORM(destroy_devfsdirent, de, &de->de_label); 1495 mac_destroy_label(&de->de_label); |
1496#ifdef MAC_DEBUG |
|
1452 atomic_subtract_int(&nmacdevfsdirents, 1); | 1497 atomic_subtract_int(&nmacdevfsdirents, 1); |
1498#endif |
|
1453} 1454 1455static int 1456mac_externalize(struct label *label, struct mac *mac) 1457{ 1458 int error; 1459 1460 mac_init_structmac(mac); --- 1660 unchanged lines hidden --- | 1499} 1500 1501static int 1502mac_externalize(struct label *label, struct mac *mac) 1503{ 1504 int error; 1505 1506 mac_init_structmac(mac); --- 1660 unchanged lines hidden --- |