Rename MAC Framework-internal macros used to invoke policy entry points:

MAC_BOOLEAN -> MAC_POLICY_BOOLEAN MAC_BOOLEAN_NOSLEEP -> MAC_POLICY_BOOLEANN_NOSLEEP MAC_CHECK -> MAC_POLICY_CHECK MAC_CHECK_NOSLEEP -> MAC_POLICY_CHECK_NOSLEEP MAC_EXTERNALIZE -> MAC_POLICY_EXTERNALIZE MAC_GRANT -> MAC_POLICY_GRANT MAC_GRANT_NOSLEEP -> MAC_POLICY_GRANT_NOSLEEP MAC_INTERNALIZE -> MAC_POLICY_INTERNALIZE MAC_PERFORM -> MAC_POLICY_PERFORM_CHECK MAC_PERFORM_NOSLEEP -> MAC_POLICY_PERFORM_NOSLEEP This frees up those macro names for use in wrapping calls into the MAC Framework from the remainder of the kernel. Obtained from: TrustedBSD Project
author: rwatson <rwatson@FreeBSD.org> 2009-05-01 21:05:40 +0000
committer: rwatson <rwatson@FreeBSD.org> 2009-05-01 21:05:40 +0000
commit: 7176eb1b5ec1d305e92a20811e862b0ffe42c756 (patch)
tree: 171b16d02dd5723061d2f482274cbf7792e8e355 /sys/security/mac/mac_inet.c
parent: 50b57c0fb59d547c4f1cd4c469029d22b9293a3d (diff)
download: FreeBSD-src-7176eb1b5ec1d305e92a20811e862b0ffe42c756.zip
FreeBSD-src-7176eb1b5ec1d305e92a20811e862b0ffe42c756.tar.gz
1 files changed, 39 insertions, 32 deletions
diff --git a/sys/security/mac/mac_inet.c b/sys/security/mac/mac_inet.c
index df21a16..fd2c629 100644
--- a/sys/security/mac/mac_inet.c
+++ b/sys/security/mac/mac_inet.c
@@ -85,11 +85,11 @@ mac_inpcb_label_alloc(int flag)
 	if (label == NULL)
 		return (NULL);
 	if (flag & M_WAITOK)
-		MAC_CHECK(inpcb_init_label, label, flag);
+		MAC_POLICY_CHECK(inpcb_init_label, label, flag);
 	else
-		MAC_CHECK_NOSLEEP(inpcb_init_label, label, flag);
+		MAC_POLICY_CHECK_NOSLEEP(inpcb_init_label, label, flag);
 	if (error) {
-		MAC_PERFORM_NOSLEEP(inpcb_destroy_label, label);
+		MAC_POLICY_PERFORM_NOSLEEP(inpcb_destroy_label, label);
 		mac_labelzone_free(label);
 		return (NULL);
 	}
@@ -120,11 +120,11 @@ mac_ipq_label_alloc(int flag)
 		return (NULL);
 
 	if (flag & M_WAITOK)
-		MAC_CHECK(ipq_init_label, label, flag);
+		MAC_POLICY_CHECK(ipq_init_label, label, flag);
 	else
-		MAC_CHECK_NOSLEEP(ipq_init_label, label, flag);
+		MAC_POLICY_CHECK_NOSLEEP(ipq_init_label, label, flag);
 	if (error) {
-		MAC_PERFORM_NOSLEEP(ipq_destroy_label, label);
+		MAC_POLICY_PERFORM_NOSLEEP(ipq_destroy_label, label);
 		mac_labelzone_free(label);
 		return (NULL);
 	}
@@ -148,7 +148,7 @@ static void
 mac_inpcb_label_free(struct label *label)
 {
 
-	MAC_PERFORM_NOSLEEP(inpcb_destroy_label, label);
+	MAC_POLICY_PERFORM_NOSLEEP(inpcb_destroy_label, label);
 	mac_labelzone_free(label);
 }
 
@@ -166,7 +166,7 @@ static void
 mac_ipq_label_free(struct label *label)
 {
 
-	MAC_PERFORM_NOSLEEP(ipq_destroy_label, label);
+	MAC_POLICY_PERFORM_NOSLEEP(ipq_destroy_label, label);
 	mac_labelzone_free(label);
 }
 
@@ -184,7 +184,7 @@ void
 mac_inpcb_create(struct socket *so, struct inpcb *inp)
 {
 
-	MAC_PERFORM_NOSLEEP(inpcb_create, so, so->so_label, inp,
+	MAC_POLICY_PERFORM_NOSLEEP(inpcb_create, so, so->so_label, inp,
 	    inp->inp_label);
 }
 
@@ -195,7 +195,8 @@ mac_ipq_reassemble(struct ipq *q, struct mbuf *m)
 
 	label = mac_mbuf_to_label(m);
 
-	MAC_PERFORM_NOSLEEP(ipq_reassemble, q, q->ipq_label, m, label);
+	MAC_POLICY_PERFORM_NOSLEEP(ipq_reassemble, q, q->ipq_label, m,
+	    label);
 }
 
 void
@@ -206,7 +207,8 @@ mac_netinet_fragment(struct mbuf *m, struct mbuf *frag)
 	mlabel = mac_mbuf_to_label(m);
 	fraglabel = mac_mbuf_to_label(frag);
 
-	MAC_PERFORM_NOSLEEP(netinet_fragment, m, mlabel, frag, fraglabel);
+	MAC_POLICY_PERFORM_NOSLEEP(netinet_fragment, m, mlabel, frag,
+	    fraglabel);
 }
 
 void
@@ -216,7 +218,7 @@ mac_ipq_create(struct mbuf *m, struct ipq *q)
 
 	label = mac_mbuf_to_label(m);
 
-	MAC_PERFORM_NOSLEEP(ipq_create, m, label, q, q->ipq_label);
+	MAC_POLICY_PERFORM_NOSLEEP(ipq_create, m, label, q, q->ipq_label);
 }
 
 void
@@ -227,7 +229,7 @@ mac_inpcb_create_mbuf(struct inpcb *inp, struct mbuf *m)
 	INP_LOCK_ASSERT(inp);
 	mlabel = mac_mbuf_to_label(m);
 
-	MAC_PERFORM_NOSLEEP(inpcb_create_mbuf, inp, inp->inp_label, m,
+	MAC_POLICY_PERFORM_NOSLEEP(inpcb_create_mbuf, inp, inp->inp_label, m,
 	    mlabel);
 }
 
@@ -240,7 +242,7 @@ mac_ipq_match(struct mbuf *m, struct ipq *q)
 	label = mac_mbuf_to_label(m);
 
 	result = 1;
-	MAC_BOOLEAN_NOSLEEP(ipq_match, &&, m, label, q, q->ipq_label);
+	MAC_POLICY_BOOLEAN_NOSLEEP(ipq_match, &&, m, label, q, q->ipq_label);
 
 	return (result);
 }
@@ -253,7 +255,8 @@ mac_netinet_arp_send(struct ifnet *ifp, struct mbuf *m)
 	mlabel = mac_mbuf_to_label(m);
 
 	MAC_IFNET_LOCK(ifp);
-	MAC_PERFORM_NOSLEEP(netinet_arp_send, ifp, ifp->if_label, m, mlabel);
+	MAC_POLICY_PERFORM_NOSLEEP(netinet_arp_send, ifp, ifp->if_label, m,
+	    mlabel);
 	MAC_IFNET_UNLOCK(ifp);
 }
 
@@ -265,8 +268,8 @@ mac_netinet_icmp_reply(struct mbuf *mrecv, struct mbuf *msend)
 	mrecvlabel = mac_mbuf_to_label(mrecv);
 	msendlabel = mac_mbuf_to_label(msend);
 
-	MAC_PERFORM_NOSLEEP(netinet_icmp_reply, mrecv, mrecvlabel, msend,
-	    msendlabel);
+	MAC_POLICY_PERFORM_NOSLEEP(netinet_icmp_reply, mrecv, mrecvlabel,
+	    msend, msendlabel);
 }
 
 void
@@ -276,7 +279,7 @@ mac_netinet_icmp_replyinplace(struct mbuf *m)
 
 	label = mac_mbuf_to_label(m);
 
-	MAC_PERFORM_NOSLEEP(netinet_icmp_replyinplace, m, label);
+	MAC_POLICY_PERFORM_NOSLEEP(netinet_icmp_replyinplace, m, label);
 }
 
 void
@@ -287,7 +290,7 @@ mac_netinet_igmp_send(struct ifnet *ifp, struct mbuf *m)
 	mlabel = mac_mbuf_to_label(m);
 
 	MAC_IFNET_LOCK(ifp);
-	MAC_PERFORM_NOSLEEP(netinet_igmp_send, ifp, ifp->if_label, m,
+	MAC_POLICY_PERFORM_NOSLEEP(netinet_igmp_send, ifp, ifp->if_label, m,
 	    mlabel);
 	MAC_IFNET_UNLOCK(ifp);
 }
@@ -299,7 +302,7 @@ mac_netinet_tcp_reply(struct mbuf *m)
 
 	label = mac_mbuf_to_label(m);
 
-	MAC_PERFORM_NOSLEEP(netinet_tcp_reply, m, label);
+	MAC_POLICY_PERFORM_NOSLEEP(netinet_tcp_reply, m, label);
 }
 
 void
@@ -309,7 +312,7 @@ mac_ipq_update(struct mbuf *m, struct ipq *q)
 
 	label = mac_mbuf_to_label(m);
 
-	MAC_PERFORM_NOSLEEP(ipq_update, m, label, q, q->ipq_label);
+	MAC_POLICY_PERFORM_NOSLEEP(ipq_update, m, label, q, q->ipq_label);
 }
 
 MAC_CHECK_PROBE_DEFINE2(inpcb_check_deliver, "struct inpcb *",
@@ -325,7 +328,7 @@ mac_inpcb_check_deliver(struct inpcb *inp, struct mbuf *m)
 
 	label = mac_mbuf_to_label(m);
 
-	MAC_CHECK_NOSLEEP(inpcb_check_deliver, inp, inp->inp_label, m,
+	MAC_POLICY_CHECK_NOSLEEP(inpcb_check_deliver, inp, inp->inp_label, m,
 	    label);
 	MAC_CHECK_PROBE2(inpcb_check_deliver, error, inp, m);
 
@@ -342,7 +345,8 @@ mac_inpcb_check_visible(struct ucred *cred, struct inpcb *inp)
 
 	INP_LOCK_ASSERT(inp);
 
-	MAC_CHECK_NOSLEEP(inpcb_check_visible, cred, inp, inp->inp_label);
+	MAC_POLICY_CHECK_NOSLEEP(inpcb_check_visible, cred, inp,
+	    inp->inp_label);
 	MAC_CHECK_PROBE2(inpcb_check_visible, error, cred, inp);
 
 	return (error);
@@ -355,7 +359,7 @@ mac_inpcb_sosetlabel(struct socket *so, struct inpcb *inp)
 	INP_WLOCK_ASSERT(inp);
 	SOCK_LOCK_ASSERT(so);
 
-	MAC_PERFORM_NOSLEEP(inpcb_sosetlabel, so, so->so_label, inp,
+	MAC_POLICY_PERFORM_NOSLEEP(inpcb_sosetlabel, so, so->so_label, inp,
 	    inp->inp_label);
 }
 
@@ -370,8 +374,8 @@ mac_netinet_firewall_reply(struct mbuf *mrecv, struct mbuf *msend)
 	mrecvlabel = mac_mbuf_to_label(mrecv);
 	msendlabel = mac_mbuf_to_label(msend);
 
-	MAC_PERFORM_NOSLEEP(netinet_firewall_reply, mrecv, mrecvlabel, msend,
-	    msendlabel);
+	MAC_POLICY_PERFORM_NOSLEEP(netinet_firewall_reply, mrecv, mrecvlabel,
+	    msend, msendlabel);
 }
 
 void
@@ -383,7 +387,7 @@ mac_netinet_firewall_send(struct mbuf *m)
 
 	label = mac_mbuf_to_label(m);
 
-	MAC_PERFORM_NOSLEEP(netinet_firewall_send, m, label);
+	MAC_POLICY_PERFORM_NOSLEEP(netinet_firewall_send, m, label);
 }
 
 /*
@@ -400,7 +404,7 @@ mac_syncache_destroy(struct label **label)
 {
 
 	if (*label != NULL) {
-		MAC_PERFORM_NOSLEEP(syncache_destroy_label, *label);
+		MAC_POLICY_PERFORM_NOSLEEP(syncache_destroy_label, *label);
 		mac_labelzone_free(*label);
 		*label = NULL;
 	}
@@ -422,9 +426,11 @@ mac_syncache_init(struct label **label)
 		 * MAC_PERFORM so we can propagate allocation failures back
 		 * to the syncache code.
 		 */
-		MAC_CHECK_NOSLEEP(syncache_init_label, *label, M_NOWAIT);
+		MAC_POLICY_CHECK_NOSLEEP(syncache_init_label, *label,
+		    M_NOWAIT);
 		if (error) {
-			MAC_PERFORM_NOSLEEP(syncache_destroy_label, *label);
+			MAC_POLICY_PERFORM_NOSLEEP(syncache_destroy_label,
+			    *label);
 			mac_labelzone_free(*label);
 		}
 		return (error);
@@ -439,7 +445,7 @@ mac_syncache_create(struct label *label, struct inpcb *inp)
 
 	INP_WLOCK_ASSERT(inp);
 
-	MAC_PERFORM_NOSLEEP(syncache_create, label, inp);
+	MAC_POLICY_PERFORM_NOSLEEP(syncache_create, label, inp);
 }
 
 void
@@ -451,5 +457,6 @@ mac_syncache_create_mbuf(struct label *sc_label, struct mbuf *m)
 
 	mlabel = mac_mbuf_to_label(m);
 
-	MAC_PERFORM_NOSLEEP(syncache_create_mbuf, sc_label, m, mlabel);
+	MAC_POLICY_PERFORM_NOSLEEP(syncache_create_mbuf, sc_label, m,
+	    mlabel);
 }
author	rwatson <rwatson@FreeBSD.org>	2009-05-01 21:05:40 +0000
committer	rwatson <rwatson@FreeBSD.org>	2009-05-01 21:05:40 +0000
commit	7176eb1b5ec1d305e92a20811e862b0ffe42c756 (patch)
tree	171b16d02dd5723061d2f482274cbf7792e8e355 /sys/security/mac/mac_inet.c
parent	50b57c0fb59d547c4f1cd4c469029d22b9293a3d (diff)
download	FreeBSD-src-7176eb1b5ec1d305e92a20811e862b0ffe42c756.zip FreeBSD-src-7176eb1b5ec1d305e92a20811e862b0ffe42c756.tar.gz