diff options
author | rwatson <rwatson@FreeBSD.org> | 2007-10-25 07:49:47 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2007-10-25 07:49:47 +0000 |
commit | 94fbc001c8703dcde08373077f205386188204a9 (patch) | |
tree | 2b2bf123e4e2c0162530484d7e07617bc51aa99a /sys/security/mac | |
parent | 7205d51f8d46369ba85c9260a36b421a72cfedbf (diff) | |
download | FreeBSD-src-94fbc001c8703dcde08373077f205386188204a9.zip FreeBSD-src-94fbc001c8703dcde08373077f205386188204a9.tar.gz |
Further MAC Framework cleanup: normalize some local variable names and
clean up some comments.
Obtained from: TrustedBSD Project
Diffstat (limited to 'sys/security/mac')
-rw-r--r-- | sys/security/mac/mac_framework.h | 4 | ||||
-rw-r--r-- | sys/security/mac/mac_policy.h | 6 | ||||
-rw-r--r-- | sys/security/mac/mac_vfs.c | 33 |
3 files changed, 22 insertions, 21 deletions
diff --git a/sys/security/mac/mac_framework.h b/sys/security/mac/mac_framework.h index a00b90f..44ee79f 100644 --- a/sys/security/mac/mac_framework.h +++ b/sys/security/mac/mac_framework.h @@ -218,9 +218,9 @@ int mac_execve_enter(struct image_params *imgp, struct mac *mac_p); void mac_execve_exit(struct image_params *imgp); void mac_vnode_execve_transition(struct ucred *oldcred, struct ucred *newcred, struct vnode *vp, - struct label *interpvnodelabel, struct image_params *imgp); + struct label *interpvplabel, struct image_params *imgp); int mac_vnode_execve_will_transition(struct ucred *cred, - struct vnode *vp, struct label *interpvnodelabel, + struct vnode *vp, struct label *interpvplabel, struct image_params *imgp); void mac_proc_create_swapper(struct ucred *cred); void mac_proc_create_init(struct ucred *cred); diff --git a/sys/security/mac/mac_policy.h b/sys/security/mac/mac_policy.h index 5106d94..2ff8c83 100644 --- a/sys/security/mac/mac_policy.h +++ b/sys/security/mac/mac_policy.h @@ -339,12 +339,12 @@ typedef void (*mpo_create_mbuf_from_syncache_t)(struct label *sc_label, */ typedef void (*mpo_vnode_execve_transition_t)(struct ucred *old, struct ucred *new, struct vnode *vp, - struct label *vplabel, struct label *interpvnodelabel, + struct label *vplabel, struct label *interpvplabel, struct image_params *imgp, struct label *execlabel); typedef int (*mpo_vnode_execve_will_transition_t)(struct ucred *old, struct vnode *vp, struct label *vplabel, - struct label *interpvnodelabel, - struct image_params *imgp, struct label *execlabel); + struct label *interpvplabel, struct image_params *imgp, + struct label *execlabel); typedef void (*mpo_proc_create_swapper_t)(struct ucred *cred); typedef void (*mpo_proc_create_init_t)(struct ucred *cred); typedef void (*mpo_cred_relabel_t)(struct ucred *cred, diff --git a/sys/security/mac/mac_vfs.c b/sys/security/mac/mac_vfs.c index d6546f6..85af045 100644 --- a/sys/security/mac/mac_vfs.c +++ b/sys/security/mac/mac_vfs.c @@ -321,19 +321,18 @@ mac_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp, void mac_vnode_execve_transition(struct ucred *old, struct ucred *new, - struct vnode *vp, struct label *interpvnodelabel, - struct image_params *imgp) + struct vnode *vp, struct label *interpvplabel, struct image_params *imgp) { ASSERT_VOP_LOCKED(vp, "mac_vnode_execve_transition"); MAC_PERFORM(vnode_execve_transition, old, new, vp, vp->v_label, - interpvnodelabel, imgp, imgp->execlabel); + interpvplabel, imgp, imgp->execlabel); } int mac_vnode_execve_will_transition(struct ucred *old, struct vnode *vp, - struct label *interpvnodelabel, struct image_params *imgp) + struct label *interpvplabel, struct image_params *imgp) { int result; @@ -341,7 +340,7 @@ mac_vnode_execve_will_transition(struct ucred *old, struct vnode *vp, result = 0; MAC_BOOLEAN(vnode_execve_will_transition, ||, old, vp, vp->v_label, - interpvnodelabel, imgp, imgp->execlabel); + interpvplabel, imgp, imgp->execlabel); return (result); } @@ -494,8 +493,8 @@ mac_vnode_check_lookup(struct ucred *cred, struct vnode *dvp, } int -mac_vnode_check_mmap(struct ucred *cred, struct vnode *vp, - int prot, int flags) +mac_vnode_check_mmap(struct ucred *cred, struct vnode *vp, int prot, + int flags) { int error; @@ -506,7 +505,8 @@ mac_vnode_check_mmap(struct ucred *cred, struct vnode *vp, } void -mac_vnode_check_mmap_downgrade(struct ucred *cred, struct vnode *vp, int *prot) +mac_vnode_check_mmap_downgrade(struct ucred *cred, struct vnode *vp, + int *prot) { int result = *prot; @@ -728,8 +728,8 @@ mac_vnode_check_stat(struct ucred *active_cred, struct ucred *file_cred, } int -mac_vnode_check_unlink(struct ucred *cred, struct vnode *dvp, struct vnode *vp, - struct componentname *cnp) +mac_vnode_check_unlink(struct ucred *cred, struct vnode *dvp, + struct vnode *vp, struct componentname *cnp) { int error; @@ -756,7 +756,8 @@ mac_vnode_check_write(struct ucred *active_cred, struct ucred *file_cred, } void -mac_vnode_relabel(struct ucred *cred, struct vnode *vp, struct label *newlabel) +mac_vnode_relabel(struct ucred *cred, struct vnode *vp, + struct label *newlabel) { MAC_PERFORM(vnode_relabel, cred, vp, vp->v_label, newlabel); @@ -806,9 +807,9 @@ mac_devfs_create_directory(struct mount *mp, char *dirname, int dirnamelen, } /* - * Implementation of VOP_SETLABEL() that relies on extended attributes - * to store label data. Can be referenced by filesystems supporting - * extended attributes. + * Implementation of VOP_SETLABEL() that relies on extended attributes to + * store label data. Can be referenced by filesystems supporting extended + * attributes. */ int vop_stdsetlabel_ea(struct vop_setlabel_args *ap) @@ -862,8 +863,8 @@ vn_setlabel(struct vnode *vp, struct label *intlabel, struct ucred *cred) * VADMIN provides the opportunity for the filesystem to make * decisions about who is and is not able to modify labels and * protections on files. This might not be right. We can't assume - * VOP_SETLABEL() will do it, because we might implement that as - * part of vop_stdsetlabel_ea(). + * VOP_SETLABEL() will do it, because we might implement that as part + * of vop_stdsetlabel_ea(). */ error = VOP_ACCESS(vp, VADMIN, cred, curthread); if (error) |