diff options
author | rwatson <rwatson@FreeBSD.org> | 2007-10-24 19:04:04 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2007-10-24 19:04:04 +0000 |
commit | 60570a92bf794d255e5f8ed235b49c553776ad92 (patch) | |
tree | fea282db79628eed98808fd38cc46445b2f97ca5 /sys/compat | |
parent | 7781c2181af1113baab38322a55a90b5469cba03 (diff) | |
download | FreeBSD-src-60570a92bf794d255e5f8ed235b49c553776ad92.zip FreeBSD-src-60570a92bf794d255e5f8ed235b49c553776ad92.tar.gz |
Merge first in a series of TrustedBSD MAC Framework KPI changes
from Mac OS X Leopard--rationalize naming for entry points to
the following general forms:
mac_<object>_<method/action>
mac_<object>_check_<method/action>
The previous naming scheme was inconsistent and mostly
reversed from the new scheme. Also, make object types more
consistent and remove spaces from object types that contain
multiple parts ("posix_sem" -> "posixsem") to make mechanical
parsing easier. Introduce a new "netinet" object type for
certain IPv4/IPv6-related methods. Also simplify, slightly,
some entry point names.
All MAC policy modules will need to be recompiled, and modules
not updates as part of this commit will need to be modified to
conform to the new KPI.
Sponsored by: SPARTA (original patches against Mac OS X)
Obtained from: TrustedBSD Project, Apple Computer
Diffstat (limited to 'sys/compat')
-rw-r--r-- | sys/compat/linux/linux_file.c | 2 | ||||
-rw-r--r-- | sys/compat/linux/linux_getcwd.c | 4 | ||||
-rw-r--r-- | sys/compat/linux/linux_misc.c | 2 | ||||
-rw-r--r-- | sys/compat/svr4/svr4_fcntl.c | 2 | ||||
-rw-r--r-- | sys/compat/svr4/svr4_misc.c | 6 |
5 files changed, 8 insertions, 8 deletions
diff --git a/sys/compat/linux/linux_file.c b/sys/compat/linux/linux_file.c index 5833b39..bee733c 100644 --- a/sys/compat/linux/linux_file.c +++ b/sys/compat/linux/linux_file.c @@ -467,7 +467,7 @@ again: /* * Do directory search MAC check using non-cached credentials. */ - if ((error = mac_check_vnode_readdir(td->td_ucred, vp))) + if ((error = mac_vnode_check_readdir(td->td_ucred, vp))) goto out; #endif /* MAC */ if ((error = VOP_READDIR(vp, &auio, fp->f_cred, &eofflag, &ncookies, diff --git a/sys/compat/linux/linux_getcwd.c b/sys/compat/linux/linux_getcwd.c index c244e50..1110fc1 100644 --- a/sys/compat/linux/linux_getcwd.c +++ b/sys/compat/linux/linux_getcwd.c @@ -170,7 +170,7 @@ linux_getcwd_scandir(lvpp, uvpp, bpp, bufp, td) * On successful return, *uvpp will be locked */ #ifdef MAC - error = mac_check_vnode_lookup(td->td_ucred, lvp, &cn); + error = mac_vnode_check_lookup(td->td_ucred, lvp, &cn); if (error == 0) #endif error = VOP_LOOKUP(lvp, uvpp, &cn); @@ -216,7 +216,7 @@ unionread: eofflag = 0; #ifdef MAC - error = mac_check_vnode_readdir(td->td_ucred, uvp); + error = mac_vnode_check_readdir(td->td_ucred, uvp); if (error == 0) #endif /* MAC */ error = VOP_READDIR(uvp, &uio, td->td_ucred, &eofflag, diff --git a/sys/compat/linux/linux_misc.c b/sys/compat/linux/linux_misc.c index 01f1cee..96adc6d 100644 --- a/sys/compat/linux/linux_misc.c +++ b/sys/compat/linux/linux_misc.c @@ -301,7 +301,7 @@ linux_uselib(struct thread *td, struct linux_uselib_args *args) * than vn_open(). */ #ifdef MAC - error = mac_check_vnode_open(td->td_ucred, vp, FREAD); + error = mac_vnode_check_open(td->td_ucred, vp, FREAD); if (error) goto cleanup; #endif diff --git a/sys/compat/svr4/svr4_fcntl.c b/sys/compat/svr4/svr4_fcntl.c index 8735abb..792a8a7 100644 --- a/sys/compat/svr4/svr4_fcntl.c +++ b/sys/compat/svr4/svr4_fcntl.c @@ -271,7 +271,7 @@ fd_revoke(td, fd) #ifdef MAC vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); - error = mac_check_vnode_revoke(td->td_ucred, vp); + error = mac_vnode_check_revoke(td->td_ucred, vp); VOP_UNLOCK(vp, 0, td); if (error) goto out; diff --git a/sys/compat/svr4/svr4_misc.c b/sys/compat/svr4/svr4_misc.c index e4c48c0..85385b5 100644 --- a/sys/compat/svr4/svr4_misc.c +++ b/sys/compat/svr4/svr4_misc.c @@ -296,7 +296,7 @@ again: } #ifdef MAC - error = mac_check_vnode_readdir(td->td_ucred, vp); + error = mac_vnode_check_readdir(td->td_ucred, vp); if (error) goto out; #endif @@ -461,7 +461,7 @@ again: auio.uio_offset = off; #ifdef MAC - error = mac_check_vnode_readdir(td->td_ucred, vp); + error = mac_vnode_check_readdir(td->td_ucred, vp); if (error) goto out; #endif @@ -625,7 +625,7 @@ svr4_sys_fchroot(td, uap) if (error) goto fail; #ifdef MAC - error = mac_check_vnode_chroot(td->td_ucred, vp); + error = mac_vnode_check_chroot(td->td_ucred, vp); if (error) goto fail; #endif |