Rename MAC Framework-internal macros used to invoke policy entry points:

MAC_BOOLEAN -> MAC_POLICY_BOOLEAN MAC_BOOLEAN_NOSLEEP -> MAC_POLICY_BOOLEANN_NOSLEEP MAC_CHECK -> MAC_POLICY_CHECK MAC_CHECK_NOSLEEP -> MAC_POLICY_CHECK_NOSLEEP MAC_EXTERNALIZE -> MAC_POLICY_EXTERNALIZE MAC_GRANT -> MAC_POLICY_GRANT MAC_GRANT_NOSLEEP -> MAC_POLICY_GRANT_NOSLEEP MAC_INTERNALIZE -> MAC_POLICY_INTERNALIZE MAC_PERFORM -> MAC_POLICY_PERFORM_CHECK MAC_PERFORM_NOSLEEP -> MAC_POLICY_PERFORM_NOSLEEP This frees up those macro names for use in wrapping calls into the MAC Framework from the remainder of the kernel. Obtained from: TrustedBSD Project
author: rwatson <rwatson@FreeBSD.org> 2009-05-01 21:05:40 +0000
committer: rwatson <rwatson@FreeBSD.org> 2009-05-01 21:05:40 +0000
commit: 7176eb1b5ec1d305e92a20811e862b0ffe42c756 (patch)
tree: 171b16d02dd5723061d2f482274cbf7792e8e355 /sys/security/mac/mac_socket.c
parent: 50b57c0fb59d547c4f1cd4c469029d22b9293a3d (diff)
download: FreeBSD-src-7176eb1b5ec1d305e92a20811e862b0ffe42c756.zip
FreeBSD-src-7176eb1b5ec1d305e92a20811e862b0ffe42c756.tar.gz
1 files changed, 42 insertions, 32 deletions
diff --git a/sys/security/mac/mac_socket.c b/sys/security/mac/mac_socket.c
index fa24499..25f8dae 100644
--- a/sys/security/mac/mac_socket.c
+++ b/sys/security/mac/mac_socket.c
@@ -101,11 +101,11 @@ mac_socket_label_alloc(int flag)
 		return (NULL);
 
 	if (flag & M_WAITOK)
-		MAC_CHECK(socket_init_label, label, flag);
+		MAC_POLICY_CHECK(socket_init_label, label, flag);
 	else
-		MAC_CHECK_NOSLEEP(socket_init_label, label, flag);
+		MAC_POLICY_CHECK_NOSLEEP(socket_init_label, label, flag);
 	if (error) {
-		MAC_PERFORM_NOSLEEP(socket_destroy_label, label);
+		MAC_POLICY_PERFORM_NOSLEEP(socket_destroy_label, label);
 		mac_labelzone_free(label);
 		return (NULL);
 	}
@@ -123,11 +123,11 @@ mac_socketpeer_label_alloc(int flag)
 		return (NULL);
 
 	if (flag & M_WAITOK)
-		MAC_CHECK(socketpeer_init_label, label, flag);
+		MAC_POLICY_CHECK(socketpeer_init_label, label, flag);
 	else
-		MAC_CHECK_NOSLEEP(socketpeer_init_label, label, flag);
+		MAC_POLICY_CHECK_NOSLEEP(socketpeer_init_label, label, flag);
 	if (error) {
-		MAC_PERFORM_NOSLEEP(socketpeer_destroy_label, label);
+		MAC_POLICY_PERFORM_NOSLEEP(socketpeer_destroy_label, label);
 		mac_labelzone_free(label);
 		return (NULL);
 	}
@@ -159,7 +159,7 @@ void
 mac_socket_label_free(struct label *label)
 {
 
-	MAC_PERFORM_NOSLEEP(socket_destroy_label, label);
+	MAC_POLICY_PERFORM_NOSLEEP(socket_destroy_label, label);
 	mac_labelzone_free(label);
 }
 
@@ -167,7 +167,7 @@ static void
 mac_socketpeer_label_free(struct label *label)
 {
 
-	MAC_PERFORM_NOSLEEP(socketpeer_destroy_label, label);
+	MAC_POLICY_PERFORM_NOSLEEP(socketpeer_destroy_label, label);
 	mac_labelzone_free(label);
 }
 
@@ -187,7 +187,7 @@ void
 mac_socket_copy_label(struct label *src, struct label *dest)
 {
 
-	MAC_PERFORM_NOSLEEP(socket_copy_label, src, dest);
+	MAC_POLICY_PERFORM_NOSLEEP(socket_copy_label, src, dest);
 }
 
 int
@@ -196,7 +196,7 @@ mac_socket_externalize_label(struct label *label, char *elements,
 {
 	int error;
 
-	MAC_EXTERNALIZE(socket, label, elements, outbuf, outbuflen);
+	MAC_POLICY_EXTERNALIZE(socket, label, elements, outbuf, outbuflen);
 
 	return (error);
 }
@@ -207,7 +207,8 @@ mac_socketpeer_externalize_label(struct label *label, char *elements,
 {
 	int error;
 
-	MAC_EXTERNALIZE(socketpeer, label, elements, outbuf, outbuflen);
+	MAC_POLICY_EXTERNALIZE(socketpeer, label, elements, outbuf,
+	    outbuflen);
 
 	return (error);
 }
@@ -217,7 +218,7 @@ mac_socket_internalize_label(struct label *label, char *string)
 {
 	int error;
 
-	MAC_INTERNALIZE(socket, label, string);
+	MAC_POLICY_INTERNALIZE(socket, label, string);
 
 	return (error);
 }
@@ -226,7 +227,7 @@ void
 mac_socket_create(struct ucred *cred, struct socket *so)
 {
 
-	MAC_PERFORM_NOSLEEP(socket_create, cred, so, so->so_label);
+	MAC_POLICY_PERFORM_NOSLEEP(socket_create, cred, so, so->so_label);
 }
 
 void
@@ -235,8 +236,8 @@ mac_socket_newconn(struct socket *oldso, struct socket *newso)
 
 	SOCK_LOCK_ASSERT(oldso);
 
-	MAC_PERFORM_NOSLEEP(socket_newconn, oldso, oldso->so_label, newso,
-	    newso->so_label);
+	MAC_POLICY_PERFORM_NOSLEEP(socket_newconn, oldso, oldso->so_label,
+	    newso, newso->so_label);
 }
 
 static void
@@ -246,7 +247,7 @@ mac_socket_relabel(struct ucred *cred, struct socket *so,
 
 	SOCK_LOCK_ASSERT(so);
 
-	MAC_PERFORM_NOSLEEP(socket_relabel, cred, so, so->so_label,
+	MAC_POLICY_PERFORM_NOSLEEP(socket_relabel, cred, so, so->so_label,
 	    newlabel);
 }
 
@@ -259,7 +260,7 @@ mac_socketpeer_set_from_mbuf(struct mbuf *m, struct socket *so)
 
 	label = mac_mbuf_to_label(m);
 
-	MAC_PERFORM_NOSLEEP(socketpeer_set_from_mbuf, m, label, so,
+	MAC_POLICY_PERFORM_NOSLEEP(socketpeer_set_from_mbuf, m, label, so,
 	    so->so_peerlabel);
 }
 
@@ -272,7 +273,7 @@ mac_socketpeer_set_from_socket(struct socket *oldso, struct socket *newso)
 	 * is the original, and one is the new.  However, it's called in both
 	 * directions, so we can't assert the lock here currently.
 	 */
-	MAC_PERFORM_NOSLEEP(socketpeer_set_from_socket, oldso,
+	MAC_POLICY_PERFORM_NOSLEEP(socketpeer_set_from_socket, oldso,
 	    oldso->so_label, newso, newso->so_peerlabel);
 }
 
@@ -285,7 +286,8 @@ mac_socket_create_mbuf(struct socket *so, struct mbuf *m)
 
 	label = mac_mbuf_to_label(m);
 
-	MAC_PERFORM_NOSLEEP(socket_create_mbuf, so, so->so_label, m, label);
+	MAC_POLICY_PERFORM_NOSLEEP(socket_create_mbuf, so, so->so_label, m,
+	    label);
 }
 
 MAC_CHECK_PROBE_DEFINE2(socket_check_accept, "struct ucred *",
@@ -298,7 +300,8 @@ mac_socket_check_accept(struct ucred *cred, struct socket *so)
 
 	SOCK_LOCK_ASSERT(so);
 
-	MAC_CHECK_NOSLEEP(socket_check_accept, cred, so, so->so_label);
+	MAC_POLICY_CHECK_NOSLEEP(socket_check_accept, cred, so,
+	    so->so_label);
 	MAC_CHECK_PROBE2(socket_check_accept, error, cred, so);
 
 	return (error);
@@ -315,7 +318,8 @@ mac_socket_check_bind(struct ucred *cred, struct socket *so,
 
 	SOCK_LOCK_ASSERT(so);
 
-	MAC_CHECK_NOSLEEP(socket_check_bind, cred, so, so->so_label, sa);
+	MAC_POLICY_CHECK_NOSLEEP(socket_check_bind, cred, so, so->so_label,
+	    sa);
 	MAC_CHECK_PROBE3(socket_check_bind, error, cred, so, sa);
 
 	return (error);
@@ -332,7 +336,8 @@ mac_socket_check_connect(struct ucred *cred, struct socket *so,
 
 	SOCK_LOCK_ASSERT(so);
 
-	MAC_CHECK_NOSLEEP(socket_check_connect, cred, so, so->so_label, sa);
+	MAC_POLICY_CHECK_NOSLEEP(socket_check_connect, cred, so,
+	    so->so_label, sa);
 	MAC_CHECK_PROBE3(socket_check_connect, error, cred, so, sa);
 
 	return (error);
@@ -346,7 +351,8 @@ mac_socket_check_create(struct ucred *cred, int domain, int type, int proto)
 {
 	int error;
 
-	MAC_CHECK_NOSLEEP(socket_check_create, cred, domain, type, proto);
+	MAC_POLICY_CHECK_NOSLEEP(socket_check_create, cred, domain, type,
+	    proto);
 	MAC_CHECK_PROBE4(socket_check_create, error, cred, domain, type,
 	    proto);
 
@@ -366,7 +372,8 @@ mac_socket_check_deliver(struct socket *so, struct mbuf *m)
 
 	label = mac_mbuf_to_label(m);
 
-	MAC_CHECK_NOSLEEP(socket_check_deliver, so, so->so_label, m, label);
+	MAC_POLICY_CHECK_NOSLEEP(socket_check_deliver, so, so->so_label, m,
+	    label);
 	MAC_CHECK_PROBE2(socket_check_deliver, error, so, m);
 
 	return (error);
@@ -382,7 +389,8 @@ mac_socket_check_listen(struct ucred *cred, struct socket *so)
 
 	SOCK_LOCK_ASSERT(so);
 
-	MAC_CHECK_NOSLEEP(socket_check_listen, cred, so, so->so_label);
+	MAC_POLICY_CHECK_NOSLEEP(socket_check_listen, cred, so,
+	    so->so_label);
 	MAC_CHECK_PROBE2(socket_check_listen, error, cred, so);
 
 	return (error);
@@ -398,7 +406,7 @@ mac_socket_check_poll(struct ucred *cred, struct socket *so)
 
 	SOCK_LOCK_ASSERT(so);
 
-	MAC_CHECK_NOSLEEP(socket_check_poll, cred, so, so->so_label);
+	MAC_POLICY_CHECK_NOSLEEP(socket_check_poll, cred, so, so->so_label);
 	MAC_CHECK_PROBE2(socket_check_poll, error, cred, so);
 
 	return (error);
@@ -414,7 +422,8 @@ mac_socket_check_receive(struct ucred *cred, struct socket *so)
 
 	SOCK_LOCK_ASSERT(so);
 
-	MAC_CHECK_NOSLEEP(socket_check_receive, cred, so, so->so_label);
+	MAC_POLICY_CHECK_NOSLEEP(socket_check_receive, cred, so,
+	    so->so_label);
 	MAC_CHECK_PROBE2(socket_check_receive, error, cred, so);
 
 	return (error);
@@ -431,8 +440,8 @@ mac_socket_check_relabel(struct ucred *cred, struct socket *so,
 
 	SOCK_LOCK_ASSERT(so);
 
-	MAC_CHECK_NOSLEEP(socket_check_relabel, cred, so, so->so_label,
-	    newlabel);
+	MAC_POLICY_CHECK_NOSLEEP(socket_check_relabel, cred, so,
+	    so->so_label, newlabel);
 	MAC_CHECK_PROBE3(socket_check_relabel, error, cred, so, newlabel);
 
 	return (error);
@@ -448,7 +457,7 @@ mac_socket_check_send(struct ucred *cred, struct socket *so)
 
 	SOCK_LOCK_ASSERT(so);
 
-	MAC_CHECK_NOSLEEP(socket_check_send, cred, so, so->so_label);
+	MAC_POLICY_CHECK_NOSLEEP(socket_check_send, cred, so, so->so_label);
 	MAC_CHECK_PROBE2(socket_check_send, error, cred, so);
 
 	return (error);
@@ -464,7 +473,7 @@ mac_socket_check_stat(struct ucred *cred, struct socket *so)
 
 	SOCK_LOCK_ASSERT(so);
 
-	MAC_CHECK_NOSLEEP(socket_check_stat, cred, so, so->so_label);
+	MAC_POLICY_CHECK_NOSLEEP(socket_check_stat, cred, so, so->so_label);
 	MAC_CHECK_PROBE2(socket_check_stat, error, cred, so);
 
 	return (error);
@@ -480,7 +489,8 @@ mac_socket_check_visible(struct ucred *cred, struct socket *so)
 
 	SOCK_LOCK_ASSERT(so);
 
-	MAC_CHECK_NOSLEEP(socket_check_visible, cred, so, so->so_label);
+	MAC_POLICY_CHECK_NOSLEEP(socket_check_visible, cred, so,
+	    so->so_label);
 	MAC_CHECK_PROBE2(socket_check_visible, error, cred, so);
 
 	return (error);
author	rwatson <rwatson@FreeBSD.org>	2009-05-01 21:05:40 +0000
committer	rwatson <rwatson@FreeBSD.org>	2009-05-01 21:05:40 +0000
commit	7176eb1b5ec1d305e92a20811e862b0ffe42c756 (patch)
tree	171b16d02dd5723061d2f482274cbf7792e8e355 /sys/security/mac/mac_socket.c
parent	50b57c0fb59d547c4f1cd4c469029d22b9293a3d (diff)
download	FreeBSD-src-7176eb1b5ec1d305e92a20811e862b0ffe42c756.zip FreeBSD-src-7176eb1b5ec1d305e92a20811e862b0ffe42c756.tar.gz