| mac_sysv_sem.c (189797) | mac_sysv_sem.c (191731) |
|---|---|
| 1/*- 2 * Copyright (c) 2003-2004 Networks Associates Technology, Inc. 3 * Copyright (c) 2006 SPARTA, Inc. 4 * Copyright (c) 2009 Robert N. M. Watson 5 * All rights reserved. 6 * 7 * This software was developed for the FreeBSD Project in part by Network 8 * Associates Laboratories, the Security Research Division of Network --- 24 unchanged lines hidden (view full) --- 33 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 34 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 35 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 36 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 37 * SUCH DAMAGE. 38 */ 39 40#include <sys/cdefs.h> | 1/*- 2 * Copyright (c) 2003-2004 Networks Associates Technology, Inc. 3 * Copyright (c) 2006 SPARTA, Inc. 4 * Copyright (c) 2009 Robert N. M. Watson 5 * All rights reserved. 6 * 7 * This software was developed for the FreeBSD Project in part by Network 8 * Associates Laboratories, the Security Research Division of Network --- 24 unchanged lines hidden (view full) --- 33 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 34 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 35 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 36 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 37 * SUCH DAMAGE. 38 */ 39 40#include <sys/cdefs.h> |
| 41__FBSDID("$FreeBSD: head/sys/security/mac/mac_sysv_sem.c 189797 2009-03-14 16:06:06Z rwatson $"); | 41__FBSDID("$FreeBSD: head/sys/security/mac/mac_sysv_sem.c 191731 2009-05-01 21:05:40Z rwatson $"); |
| 42 43#include "opt_kdtrace.h" 44#include "opt_mac.h" 45 46#include <sys/param.h> 47#include <sys/kernel.h> 48#include <sys/lock.h> 49#include <sys/malloc.h> --- 13 unchanged lines hidden (view full) --- 63#include <security/mac/mac_policy.h> 64 65static struct label * 66mac_sysv_sem_label_alloc(void) 67{ 68 struct label *label; 69 70 label = mac_labelzone_alloc(M_WAITOK); | 42 43#include "opt_kdtrace.h" 44#include "opt_mac.h" 45 46#include <sys/param.h> 47#include <sys/kernel.h> 48#include <sys/lock.h> 49#include <sys/malloc.h> --- 13 unchanged lines hidden (view full) --- 63#include <security/mac/mac_policy.h> 64 65static struct label * 66mac_sysv_sem_label_alloc(void) 67{ 68 struct label *label; 69 70 label = mac_labelzone_alloc(M_WAITOK); |
| 71 MAC_PERFORM(sysvsem_init_label, label); | 71 MAC_POLICY_PERFORM(sysvsem_init_label, label); |
| 72 return (label); 73} 74 75void 76mac_sysvsem_init(struct semid_kernel *semakptr) 77{ 78 79 if (mac_labeled & MPC_OBJECT_SYSVSEM) 80 semakptr->label = mac_sysv_sem_label_alloc(); 81 else 82 semakptr->label = NULL; 83} 84 85static void 86mac_sysv_sem_label_free(struct label *label) 87{ 88 | 72 return (label); 73} 74 75void 76mac_sysvsem_init(struct semid_kernel *semakptr) 77{ 78 79 if (mac_labeled & MPC_OBJECT_SYSVSEM) 80 semakptr->label = mac_sysv_sem_label_alloc(); 81 else 82 semakptr->label = NULL; 83} 84 85static void 86mac_sysv_sem_label_free(struct label *label) 87{ 88 |
| 89 MAC_PERFORM_NOSLEEP(sysvsem_destroy_label, label); | 89 MAC_POLICY_PERFORM_NOSLEEP(sysvsem_destroy_label, label); |
| 90 mac_labelzone_free(label); 91} 92 93void 94mac_sysvsem_destroy(struct semid_kernel *semakptr) 95{ 96 97 if (semakptr->label != NULL) { 98 mac_sysv_sem_label_free(semakptr->label); 99 semakptr->label = NULL; 100 } 101} 102 103void 104mac_sysvsem_create(struct ucred *cred, struct semid_kernel *semakptr) 105{ 106 | 90 mac_labelzone_free(label); 91} 92 93void 94mac_sysvsem_destroy(struct semid_kernel *semakptr) 95{ 96 97 if (semakptr->label != NULL) { 98 mac_sysv_sem_label_free(semakptr->label); 99 semakptr->label = NULL; 100 } 101} 102 103void 104mac_sysvsem_create(struct ucred *cred, struct semid_kernel *semakptr) 105{ 106 |
| 107 MAC_PERFORM_NOSLEEP(sysvsem_create, cred, semakptr, semakptr->label); | 107 MAC_POLICY_PERFORM_NOSLEEP(sysvsem_create, cred, semakptr, 108 semakptr->label); |
| 108} 109 110void 111mac_sysvsem_cleanup(struct semid_kernel *semakptr) 112{ 113 | 109} 110 111void 112mac_sysvsem_cleanup(struct semid_kernel *semakptr) 113{ 114 |
| 114 MAC_PERFORM_NOSLEEP(sysvsem_cleanup, semakptr->label); | 115 MAC_POLICY_PERFORM_NOSLEEP(sysvsem_cleanup, semakptr->label); |
| 115} 116 117MAC_CHECK_PROBE_DEFINE3(sysvsem_check_semctl, "struct ucred *", 118 "struct semid_kernel *", "int"); 119 120int 121mac_sysvsem_check_semctl(struct ucred *cred, struct semid_kernel *semakptr, 122 int cmd) 123{ 124 int error; 125 | 116} 117 118MAC_CHECK_PROBE_DEFINE3(sysvsem_check_semctl, "struct ucred *", 119 "struct semid_kernel *", "int"); 120 121int 122mac_sysvsem_check_semctl(struct ucred *cred, struct semid_kernel *semakptr, 123 int cmd) 124{ 125 int error; 126 |
| 126 MAC_CHECK_NOSLEEP(sysvsem_check_semctl, cred, semakptr, | 127 MAC_POLICY_CHECK_NOSLEEP(sysvsem_check_semctl, cred, semakptr, |
| 127 semakptr->label, cmd); 128 MAC_CHECK_PROBE3(sysvsem_check_semctl, error, cred, semakptr, cmd); 129 130 return (error); 131} 132 133MAC_CHECK_PROBE_DEFINE2(sysvsem_check_semget, "struct ucred *", 134 "struct semid_kernel *"); 135 136int 137mac_sysvsem_check_semget(struct ucred *cred, struct semid_kernel *semakptr) 138{ 139 int error; 140 | 128 semakptr->label, cmd); 129 MAC_CHECK_PROBE3(sysvsem_check_semctl, error, cred, semakptr, cmd); 130 131 return (error); 132} 133 134MAC_CHECK_PROBE_DEFINE2(sysvsem_check_semget, "struct ucred *", 135 "struct semid_kernel *"); 136 137int 138mac_sysvsem_check_semget(struct ucred *cred, struct semid_kernel *semakptr) 139{ 140 int error; 141 |
| 141 MAC_CHECK_NOSLEEP(sysvsem_check_semget, cred, semakptr, | 142 MAC_POLICY_CHECK_NOSLEEP(sysvsem_check_semget, cred, semakptr, |
| 142 semakptr->label); 143 144 return (error); 145} 146 147MAC_CHECK_PROBE_DEFINE3(sysvsem_check_semop, "struct ucred *", 148 "struct semid_kernel *", "size_t"); 149 150int 151mac_sysvsem_check_semop(struct ucred *cred, struct semid_kernel *semakptr, 152 size_t accesstype) 153{ 154 int error; 155 | 143 semakptr->label); 144 145 return (error); 146} 147 148MAC_CHECK_PROBE_DEFINE3(sysvsem_check_semop, "struct ucred *", 149 "struct semid_kernel *", "size_t"); 150 151int 152mac_sysvsem_check_semop(struct ucred *cred, struct semid_kernel *semakptr, 153 size_t accesstype) 154{ 155 int error; 156 |
| 156 MAC_CHECK_NOSLEEP(sysvsem_check_semop, cred, semakptr, | 157 MAC_POLICY_CHECK_NOSLEEP(sysvsem_check_semop, cred, semakptr, |
| 157 semakptr->label, accesstype); 158 MAC_CHECK_PROBE3(sysvsem_check_semop, error, cred, semakptr, 159 accesstype); 160 161 return (error); 162} | 158 semakptr->label, accesstype); 159 MAC_CHECK_PROBE3(sysvsem_check_semop, error, cred, semakptr, 160 accesstype); 161 162 return (error); 163} |