diff options
author | rwatson <rwatson@FreeBSD.org> | 2007-04-23 13:15:23 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2007-04-23 13:15:23 +0000 |
commit | 7ffc2492aefff9e4350fa66d015e86a00a98f452 (patch) | |
tree | 0db2f0a84f3f87dab9a1c320711f201aa8cf85bf /sys/security/mac_biba/mac_biba.c | |
parent | 19d0863e4a316a5e0fdee76bf46871a721ac383d (diff) | |
download | FreeBSD-src-7ffc2492aefff9e4350fa66d015e86a00a98f452.zip FreeBSD-src-7ffc2492aefff9e4350fa66d015e86a00a98f452.tar.gz |
Apply variable name normalization to MAC policies: adopt global conventions
for the naming of variables associated with specific data structures.
Obtained from: TrustedBSD Project
Diffstat (limited to 'sys/security/mac_biba/mac_biba.c')
-rw-r--r-- | sys/security/mac_biba/mac_biba.c | 422 |
1 files changed, 209 insertions, 213 deletions
diff --git a/sys/security/mac_biba/mac_biba.c b/sys/security/mac_biba/mac_biba.c index 663ea5b..f2d973a 100644 --- a/sys/security/mac_biba/mac_biba.c +++ b/sys/security/mac_biba/mac_biba.c @@ -784,12 +784,12 @@ mac_biba_copy_label(struct label *src, struct label *dest) */ static void mac_biba_create_devfs_device(struct ucred *cred, struct mount *mp, - struct cdev *dev, struct devfs_dirent *devfs_dirent, struct label *label) + struct cdev *dev, struct devfs_dirent *de, struct label *delabel) { struct mac_biba *mac_biba; int biba_type; - mac_biba = SLOT(label); + mac_biba = SLOT(delabel); if (strcmp(dev->si_name, "null") == 0 || strcmp(dev->si_name, "zero") == 0 || strcmp(dev->si_name, "random") == 0 || @@ -806,11 +806,11 @@ mac_biba_create_devfs_device(struct ucred *cred, struct mount *mp, static void mac_biba_create_devfs_directory(struct mount *mp, char *dirname, - int dirnamelen, struct devfs_dirent *devfs_dirent, struct label *label) + int dirnamelen, struct devfs_dirent *de, struct label *delabel) { struct mac_biba *mac_biba; - mac_biba = SLOT(label); + mac_biba = SLOT(delabel); mac_biba_set_effective(mac_biba, MAC_BIBA_TYPE_HIGH, 0, NULL); } @@ -829,36 +829,35 @@ mac_biba_create_devfs_symlink(struct ucred *cred, struct mount *mp, static void mac_biba_create_mount(struct ucred *cred, struct mount *mp, - struct label *mntlabel) + struct label *mplabel) { struct mac_biba *source, *dest; source = SLOT(cred->cr_label); - dest = SLOT(mntlabel); + dest = SLOT(mplabel); mac_biba_copy_effective(source, dest); } static void mac_biba_relabel_vnode(struct ucred *cred, struct vnode *vp, - struct label *vnodelabel, struct label *label) + struct label *vplabel, struct label *newlabel) { struct mac_biba *source, *dest; - source = SLOT(label); - dest = SLOT(vnodelabel); + source = SLOT(newlabel); + dest = SLOT(vplabel); mac_biba_copy(source, dest); } static void -mac_biba_update_devfsdirent(struct mount *mp, - struct devfs_dirent *devfs_dirent, struct label *direntlabel, - struct vnode *vp, struct label *vnodelabel) +mac_biba_update_devfsdirent(struct mount *mp, struct devfs_dirent *de, + struct label *delabel, struct vnode *vp, struct label *vplabel) { struct mac_biba *source, *dest; - source = SLOT(vnodelabel); - dest = SLOT(direntlabel); + source = SLOT(vplabel); + dest = SLOT(delabel); mac_biba_copy(source, dest); } @@ -866,25 +865,25 @@ mac_biba_update_devfsdirent(struct mount *mp, static void mac_biba_associate_vnode_devfs(struct mount *mp, struct label *mntlabel, struct devfs_dirent *de, struct label *delabel, struct vnode *vp, - struct label *vlabel) + struct label *vplabel) { struct mac_biba *source, *dest; source = SLOT(delabel); - dest = SLOT(vlabel); + dest = SLOT(vplabel); mac_biba_copy_effective(source, dest); } static int -mac_biba_associate_vnode_extattr(struct mount *mp, struct label *mntlabel, - struct vnode *vp, struct label *vlabel) +mac_biba_associate_vnode_extattr(struct mount *mp, struct label *mplabel, + struct vnode *vp, struct label *vplabel) { struct mac_biba temp, *source, *dest; int buflen, error; - source = SLOT(mntlabel); - dest = SLOT(vlabel); + source = SLOT(mplabel); + dest = SLOT(vplabel); buflen = sizeof(temp); bzero(&temp, buflen); @@ -918,20 +917,20 @@ mac_biba_associate_vnode_extattr(struct mount *mp, struct label *mntlabel, static void mac_biba_associate_vnode_singlelabel(struct mount *mp, - struct label *mntlabel, struct vnode *vp, struct label *vlabel) + struct label *mplabel, struct vnode *vp, struct label *vplabel) { struct mac_biba *source, *dest; - source = SLOT(mntlabel); - dest = SLOT(vlabel); + source = SLOT(mplabel); + dest = SLOT(vplabel); mac_biba_copy_effective(source, dest); } static int mac_biba_create_vnode_extattr(struct ucred *cred, struct mount *mp, - struct label *mntlabel, struct vnode *dvp, struct label *dlabel, - struct vnode *vp, struct label *vlabel, struct componentname *cnp) + struct label *mplabel, struct vnode *dvp, struct label *dvplabel, + struct vnode *vp, struct label *vplabel, struct componentname *cnp) { struct mac_biba *source, *dest, temp; size_t buflen; @@ -941,7 +940,7 @@ mac_biba_create_vnode_extattr(struct ucred *cred, struct mount *mp, bzero(&temp, buflen); source = SLOT(cred->cr_label); - dest = SLOT(vlabel); + dest = SLOT(vplabel); mac_biba_copy_effective(source, &temp); error = vn_extattr_set(vp, IO_NODELOCKED, MAC_BIBA_EXTATTR_NAMESPACE, @@ -953,7 +952,7 @@ mac_biba_create_vnode_extattr(struct ucred *cred, struct mount *mp, static int mac_biba_setlabel_vnode_extattr(struct ucred *cred, struct vnode *vp, - struct label *vlabel, struct label *intlabel) + struct label *vplabel, struct label *intlabel) { struct mac_biba *source, temp; size_t buflen; @@ -989,37 +988,37 @@ mac_biba_create_inpcb_from_socket(struct socket *so, struct label *solabel, } static void -mac_biba_create_mbuf_from_socket(struct socket *so, struct label *socketlabel, - struct mbuf *m, struct label *mbuflabel) +mac_biba_create_mbuf_from_socket(struct socket *so, struct label *solabel, + struct mbuf *m, struct label *mlabel) { struct mac_biba *source, *dest; - source = SLOT(socketlabel); - dest = SLOT(mbuflabel); + source = SLOT(solabel); + dest = SLOT(mlabel); mac_biba_copy_effective(source, dest); } static void -mac_biba_create_socket(struct ucred *cred, struct socket *socket, - struct label *socketlabel) +mac_biba_create_socket(struct ucred *cred, struct socket *so, + struct label *solabel) { struct mac_biba *source, *dest; source = SLOT(cred->cr_label); - dest = SLOT(socketlabel); + dest = SLOT(solabel); mac_biba_copy_effective(source, dest); } static void mac_biba_create_pipe(struct ucred *cred, struct pipepair *pp, - struct label *pipelabel) + struct label *pplabel) { struct mac_biba *source, *dest; source = SLOT(cred->cr_label); - dest = SLOT(pipelabel); + dest = SLOT(pplabel); mac_biba_copy_effective(source, dest); } @@ -1037,50 +1036,49 @@ mac_biba_create_posix_sem(struct ucred *cred, struct ksem *ksemptr, } static void -mac_biba_create_socket_from_socket(struct socket *oldsocket, - struct label *oldsocketlabel, struct socket *newsocket, - struct label *newsocketlabel) +mac_biba_create_socket_from_socket(struct socket *oldso, + struct label *oldsolabel, struct socket *newso, struct label *newsolabel) { struct mac_biba *source, *dest; - source = SLOT(oldsocketlabel); - dest = SLOT(newsocketlabel); + source = SLOT(oldsolabel); + dest = SLOT(newsolabel); mac_biba_copy_effective(source, dest); } static void -mac_biba_relabel_socket(struct ucred *cred, struct socket *socket, - struct label *socketlabel, struct label *newlabel) +mac_biba_relabel_socket(struct ucred *cred, struct socket *so, + struct label *solabel, struct label *newlabel) { struct mac_biba *source, *dest; source = SLOT(newlabel); - dest = SLOT(socketlabel); + dest = SLOT(solabel); mac_biba_copy(source, dest); } static void mac_biba_relabel_pipe(struct ucred *cred, struct pipepair *pp, - struct label *pipelabel, struct label *newlabel) + struct label *pplabel, struct label *newlabel) { struct mac_biba *source, *dest; source = SLOT(newlabel); - dest = SLOT(pipelabel); + dest = SLOT(pplabel); mac_biba_copy(source, dest); } static void -mac_biba_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel, - struct socket *socket, struct label *socketpeerlabel) +mac_biba_set_socket_peer_from_mbuf(struct mbuf *m, struct label *mlabel, + struct socket *so, struct label *sopeerlabel) { struct mac_biba *source, *dest; - source = SLOT(mbuflabel); - dest = SLOT(socketpeerlabel); + source = SLOT(mlabel); + dest = SLOT(sopeerlabel); mac_biba_copy_effective(source, dest); } @@ -1088,7 +1086,6 @@ mac_biba_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel, /* * Labeling event operations: System V IPC objects. */ - static void mac_biba_create_sysv_msgmsg(struct ucred *cred, struct msqid_kernel *msqkptr, struct label *msqlabel, struct msg *msgptr, struct label *msglabel) @@ -1142,41 +1139,41 @@ mac_biba_create_sysv_shm(struct ucred *cred, struct shmid_kernel *shmsegptr, * Labeling event operations: network objects. */ static void -mac_biba_set_socket_peer_from_socket(struct socket *oldsocket, - struct label *oldsocketlabel, struct socket *newsocket, - struct label *newsocketpeerlabel) +mac_biba_set_socket_peer_from_socket(struct socket *oldso, + struct label *oldsolabel, struct socket *newso, + struct label *newsopeerlabel) { struct mac_biba *source, *dest; - source = SLOT(oldsocketlabel); - dest = SLOT(newsocketpeerlabel); + source = SLOT(oldsolabel); + dest = SLOT(newsopeerlabel); mac_biba_copy_effective(source, dest); } static void -mac_biba_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d, - struct label *bpflabel) +mac_biba_create_bpfdesc(struct ucred *cred, struct bpf_d *d, + struct label *dlabel) { struct mac_biba *source, *dest; source = SLOT(cred->cr_label); - dest = SLOT(bpflabel); + dest = SLOT(dlabel); mac_biba_copy_effective(source, dest); } static void -mac_biba_create_ifnet(struct ifnet *ifnet, struct label *ifnetlabel) +mac_biba_create_ifnet(struct ifnet *ifp, struct label *ifplabel) { char tifname[IFNAMSIZ], *p, *q; char tiflist[sizeof(trusted_interfaces)]; struct mac_biba *dest; int len, type; - dest = SLOT(ifnetlabel); + dest = SLOT(ifplabel); - if (ifnet->if_type == IFT_LOOP || interfaces_equal != 0) { + if (ifp->if_type == IFT_LOOP || interfaces_equal != 0) { type = MAC_BIBA_TYPE_EQUAL; goto set; } @@ -1203,7 +1200,7 @@ mac_biba_create_ifnet(struct ifnet *ifnet, struct label *ifnetlabel) if (len < IFNAMSIZ) { bzero(tifname, sizeof(tifname)); bcopy(q, tifname, len); - if (strcmp(tifname, ifnet->if_xname) == 0) { + if (strcmp(tifname, ifp->if_xname) == 0) { type = MAC_BIBA_TYPE_HIGH; break; } @@ -1224,12 +1221,12 @@ set: } static void -mac_biba_create_ipq(struct mbuf *fragment, struct label *fragmentlabel, - struct ipq *ipq, struct label *ipqlabel) +mac_biba_create_ipq(struct mbuf *m, struct label *mlabel, struct ipq *ipq, + struct label *ipqlabel) { struct mac_biba *source, *dest; - source = SLOT(fragmentlabel); + source = SLOT(mlabel); dest = SLOT(ipqlabel); mac_biba_copy_effective(source, dest); @@ -1237,25 +1234,25 @@ mac_biba_create_ipq(struct mbuf *fragment, struct label *fragmentlabel, static void mac_biba_create_datagram_from_ipq(struct ipq *ipq, struct label *ipqlabel, - struct mbuf *datagram, struct label *datagramlabel) + struct mbuf *m, struct label *mlabel) { struct mac_biba *source, *dest; source = SLOT(ipqlabel); - dest = SLOT(datagramlabel); + dest = SLOT(mlabel); /* Just use the head, since we require them all to match. */ mac_biba_copy_effective(source, dest); } static void -mac_biba_create_fragment(struct mbuf *datagram, struct label *datagramlabel, - struct mbuf *fragment, struct label *fragmentlabel) +mac_biba_create_fragment(struct mbuf *m, struct label *mlabel, + struct mbuf *frag, struct label *fraglabel) { struct mac_biba *source, *dest; - source = SLOT(datagramlabel); - dest = SLOT(fragmentlabel); + source = SLOT(mlabel); + dest = SLOT(fraglabel); mac_biba_copy_effective(source, dest); } @@ -1273,92 +1270,92 @@ mac_biba_create_mbuf_from_inpcb(struct inpcb *inp, struct label *inplabel, } static void -mac_biba_create_mbuf_linklayer(struct ifnet *ifnet, struct label *ifnetlabel, - struct mbuf *mbuf, struct label *mbuflabel) +mac_biba_create_mbuf_linklayer(struct ifnet *ifp, struct label *ifplabel, + struct mbuf *m, struct label *mlabel) { struct mac_biba *dest; - dest = SLOT(mbuflabel); + dest = SLOT(mlabel); mac_biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL); } static void -mac_biba_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct label *bpflabel, - struct mbuf *mbuf, struct label *mbuflabel) +mac_biba_create_mbuf_from_bpfdesc(struct bpf_d *d, struct label *dlabel, + struct mbuf *m, struct label *mlabel) { struct mac_biba *source, *dest; - source = SLOT(bpflabel); - dest = SLOT(mbuflabel); + source = SLOT(dlabel); + dest = SLOT(mlabel); mac_biba_copy_effective(source, dest); } static void -mac_biba_create_mbuf_from_ifnet(struct ifnet *ifnet, struct label *ifnetlabel, - struct mbuf *m, struct label *mbuflabel) +mac_biba_create_mbuf_from_ifnet(struct ifnet *ifp, struct label *ifplabel, + struct mbuf *m, struct label *mlabel) { struct mac_biba *source, *dest; - source = SLOT(ifnetlabel); - dest = SLOT(mbuflabel); + source = SLOT(ifplabel); + dest = SLOT(mlabel); mac_biba_copy_effective(source, dest); } static void -mac_biba_create_mbuf_multicast_encap(struct mbuf *oldmbuf, - struct label *oldmbuflabel, struct ifnet *ifnet, struct label *ifnetlabel, - struct mbuf *newmbuf, struct label *newmbuflabel) +mac_biba_create_mbuf_multicast_encap(struct mbuf *m, struct label *mlabel, + struct ifnet *ifp, struct label *ifplabel, struct mbuf *mnew, + struct label *mnewlabel) { struct mac_biba *source, *dest; - source = SLOT(oldmbuflabel); - dest = SLOT(newmbuflabel); + source = SLOT(mlabel); + dest = SLOT(mnewlabel); mac_biba_copy_effective(source, dest); } static void -mac_biba_create_mbuf_netlayer(struct mbuf *oldmbuf, struct label *oldmbuflabel, - struct mbuf *newmbuf, struct label *newmbuflabel) +mac_biba_create_mbuf_netlayer(struct mbuf *m, struct label *mlabel, + struct mbuf *newm, struct label *mnewlabel) { struct mac_biba *source, *dest; - source = SLOT(oldmbuflabel); - dest = SLOT(newmbuflabel); + source = SLOT(mlabel); + dest = SLOT(mnewlabel); mac_biba_copy_effective(source, dest); } static int -mac_biba_fragment_match(struct mbuf *fragment, struct label *fragmentlabel, +mac_biba_fragment_match(struct mbuf *m, struct label *mlabel, struct ipq *ipq, struct label *ipqlabel) { struct mac_biba *a, *b; a = SLOT(ipqlabel); - b = SLOT(fragmentlabel); + b = SLOT(mlabel); return (mac_biba_equal_effective(a, b)); } static void -mac_biba_relabel_ifnet(struct ucred *cred, struct ifnet *ifnet, - struct label *ifnetlabel, struct label *newlabel) +mac_biba_relabel_ifnet(struct ucred *cred, struct ifnet *ifp, + struct label *ifplabel, struct label *newlabel) { struct mac_biba *source, *dest; source = SLOT(newlabel); - dest = SLOT(ifnetlabel); + dest = SLOT(ifplabel); mac_biba_copy(source, dest); } static void -mac_biba_update_ipq(struct mbuf *fragment, struct label *fragmentlabel, - struct ipq *ipq, struct label *ipqlabel) +mac_biba_update_ipq(struct mbuf *m, struct label *mlabel, struct ipq *ipq, + struct label *ipqlabel) { /* NOOP: we only accept matching labels, so no need to update */ @@ -1459,16 +1456,16 @@ mac_biba_cleanup_sysv_shm(struct label *shmlabel) * Access control checks. */ static int -mac_biba_check_bpfdesc_receive(struct bpf_d *bpf_d, struct label *bpflabel, - struct ifnet *ifnet, struct label *ifnetlabel) +mac_biba_check_bpfdesc_receive(struct bpf_d *d, struct label *dlabel, + struct ifnet *ifp, struct label *ifplabel) { struct mac_biba *a, *b; if (!mac_biba_enabled) return (0); - a = SLOT(bpflabel); - b = SLOT(ifnetlabel); + a = SLOT(dlabel); + b = SLOT(ifplabel); if (mac_biba_equal_effective(a, b)) return (0); @@ -1556,8 +1553,8 @@ mac_biba_check_cred_visible(struct ucred *u1, struct ucred *u2) } static int -mac_biba_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifnet, - struct label *ifnetlabel, struct label *newlabel) +mac_biba_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifp, + struct label *ifplabel, struct label *newlabel) { struct mac_biba *subj, *new; int error; @@ -1584,16 +1581,16 @@ mac_biba_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifnet, } static int -mac_biba_check_ifnet_transmit(struct ifnet *ifnet, struct label *ifnetlabel, - struct mbuf *m, struct label *mbuflabel) +mac_biba_check_ifnet_transmit(struct ifnet *ifp, struct label *ifplabel, + struct mbuf *m, struct label *mlabel) { struct mac_biba *p, *i; if (!mac_biba_enabled) return (0); - p = SLOT(mbuflabel); - i = SLOT(ifnetlabel); + p = SLOT(mlabel); + i = SLOT(ifplabel); return (mac_biba_effective_in_range(p, i) ? 0 : EACCES); } @@ -1773,7 +1770,6 @@ mac_biba_check_sysv_semctl(struct ucred *cred, struct semid_kernel *semakptr, return (0); } - static int mac_biba_check_sysv_semget(struct ucred *cred, struct semid_kernel *semakptr, struct label *semaklabel) @@ -1890,7 +1886,7 @@ mac_biba_check_sysv_shmget(struct ucred *cred, struct shmid_kernel *shmsegptr, static int mac_biba_check_kld_load(struct ucred *cred, struct vnode *vp, - struct label *label) + struct label *vplabel) { struct mac_biba *subj, *obj; int error; @@ -1904,17 +1900,16 @@ mac_biba_check_kld_load(struct ucred *cred, struct vnode *vp, if (error) return (error); - obj = SLOT(label); + obj = SLOT(vplabel); if (!mac_biba_high_effective(obj)) return (EACCES); return (0); } - static int mac_biba_check_mount_stat(struct ucred *cred, struct mount *mp, - struct label *mntlabel) + struct label *mplabel) { struct mac_biba *subj, *obj; @@ -1922,7 +1917,7 @@ mac_biba_check_mount_stat(struct ucred *cred, struct mount *mp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(mntlabel); + obj = SLOT(mplabel); if (!mac_biba_dominate_effective(obj, subj)) return (EACCES); @@ -1932,7 +1927,7 @@ mac_biba_check_mount_stat(struct ucred *cred, struct mount *mp, static int mac_biba_check_pipe_ioctl(struct ucred *cred, struct pipepair *pp, - struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data) + struct label *pplabel, unsigned long cmd, void /* caddr_t */ *data) { if(!mac_biba_enabled) @@ -1945,7 +1940,7 @@ mac_biba_check_pipe_ioctl(struct ucred *cred, struct pipepair *pp, static int mac_biba_check_pipe_poll(struct ucred *cred, struct pipepair *pp, - struct label *pipelabel) + struct label *pplabel) { struct mac_biba *subj, *obj; @@ -1953,7 +1948,7 @@ mac_biba_check_pipe_poll(struct ucred *cred, struct pipepair *pp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT((pipelabel)); + obj = SLOT(pplabel); if (!mac_biba_dominate_effective(obj, subj)) return (EACCES); @@ -1963,7 +1958,7 @@ mac_biba_check_pipe_poll(struct ucred *cred, struct pipepair *pp, static int mac_biba_check_pipe_read(struct ucred *cred, struct pipepair *pp, - struct label *pipelabel) + struct label *pplabel) { struct mac_biba *subj, *obj; @@ -1971,7 +1966,7 @@ mac_biba_check_pipe_read(struct ucred *cred, struct pipepair *pp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT((pipelabel)); + obj = SLOT(pplabel); if (!mac_biba_dominate_effective(obj, subj)) return (EACCES); @@ -1981,14 +1976,14 @@ mac_biba_check_pipe_read(struct ucred *cred, struct pipepair *pp, static int mac_biba_check_pipe_relabel(struct ucred *cred, struct pipepair *pp, - struct label *pipelabel, struct label *newlabel) + struct label *pplabel, struct label *newlabel) { struct mac_biba *subj, *obj, *new; int error; new = SLOT(newlabel); subj = SLOT(cred->cr_label); - obj = SLOT(pipelabel); + obj = SLOT(pplabel); /* * If there is a Biba label update for a pipe, it must be a @@ -2032,7 +2027,7 @@ mac_biba_check_pipe_relabel(struct ucred *cred, struct pipepair *pp, static int mac_biba_check_pipe_stat(struct ucred *cred, struct pipepair *pp, - struct label *pipelabel) + struct label *pplabel) { struct mac_biba *subj, *obj; @@ -2040,7 +2035,7 @@ mac_biba_check_pipe_stat(struct ucred *cred, struct pipepair *pp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT((pipelabel)); + obj = SLOT(pplabel); if (!mac_biba_dominate_effective(obj, subj)) return (EACCES); @@ -2050,7 +2045,7 @@ mac_biba_check_pipe_stat(struct ucred *cred, struct pipepair *pp, static int mac_biba_check_pipe_write(struct ucred *cred, struct pipepair *pp, - struct label *pipelabel) + struct label *pplabel) { struct mac_biba *subj, *obj; @@ -2058,7 +2053,7 @@ mac_biba_check_pipe_write(struct ucred *cred, struct pipepair *pp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT((pipelabel)); + obj = SLOT(pplabel); if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); @@ -2103,7 +2098,7 @@ mac_biba_check_posix_sem_rdonly(struct ucred *cred, struct ksem *ksemptr, } static int -mac_biba_check_proc_debug(struct ucred *cred, struct proc *proc) +mac_biba_check_proc_debug(struct ucred *cred, struct proc *p) { struct mac_biba *subj, *obj; @@ -2111,7 +2106,7 @@ mac_biba_check_proc_debug(struct ucred *cred, struct proc *proc) return (0); subj = SLOT(cred->cr_label); - obj = SLOT(proc->p_ucred->cr_label); + obj = SLOT(p->p_ucred->cr_label); /* XXX: range checks */ if (!mac_biba_dominate_effective(obj, subj)) @@ -2123,7 +2118,7 @@ mac_biba_check_proc_debug(struct ucred *cred, struct proc *proc) } static int -mac_biba_check_proc_sched(struct ucred *cred, struct proc *proc) +mac_biba_check_proc_sched(struct ucred *cred, struct proc *p) { struct mac_biba *subj, *obj; @@ -2131,7 +2126,7 @@ mac_biba_check_proc_sched(struct ucred *cred, struct proc *proc) return (0); subj = SLOT(cred->cr_label); - obj = SLOT(proc->p_ucred->cr_label); + obj = SLOT(p->p_ucred->cr_label); /* XXX: range checks */ if (!mac_biba_dominate_effective(obj, subj)) @@ -2143,7 +2138,7 @@ mac_biba_check_proc_sched(struct ucred *cred, struct proc *proc) } static int -mac_biba_check_proc_signal(struct ucred *cred, struct proc *proc, int signum) +mac_biba_check_proc_signal(struct ucred *cred, struct proc *p, int signum) { struct mac_biba *subj, *obj; @@ -2151,7 +2146,7 @@ mac_biba_check_proc_signal(struct ucred *cred, struct proc *proc, int signum) return (0); subj = SLOT(cred->cr_label); - obj = SLOT(proc->p_ucred->cr_label); + obj = SLOT(p->p_ucred->cr_label); /* XXX: range checks */ if (!mac_biba_dominate_effective(obj, subj)) @@ -2163,30 +2158,30 @@ mac_biba_check_proc_signal(struct ucred *cred, struct proc *proc, int signum) } static int -mac_biba_check_socket_deliver(struct socket *so, struct label *socketlabel, - struct mbuf *m, struct label *mbuflabel) +mac_biba_check_socket_deliver(struct socket *so, struct label *solabel, + struct mbuf *m, struct label *mlabel) { struct mac_biba *p, *s; if (!mac_biba_enabled) return (0); - p = SLOT(mbuflabel); - s = SLOT(socketlabel); + p = SLOT(mlabel); + s = SLOT(solabel); return (mac_biba_equal_effective(p, s) ? 0 : EACCES); } static int mac_biba_check_socket_relabel(struct ucred *cred, struct socket *so, - struct label *socketlabel, struct label *newlabel) + struct label *solabel, struct label *newlabel) { struct mac_biba *subj, *obj, *new; int error; new = SLOT(newlabel); subj = SLOT(cred->cr_label); - obj = SLOT(socketlabel); + obj = SLOT(solabel); /* * If there is a Biba label update for the socket, it may be @@ -2229,8 +2224,8 @@ mac_biba_check_socket_relabel(struct ucred *cred, struct socket *so, } static int -mac_biba_check_socket_visible(struct ucred *cred, struct socket *socket, - struct label *socketlabel) +mac_biba_check_socket_visible(struct ucred *cred, struct socket *so, + struct label *solabel) { struct mac_biba *subj, *obj; @@ -2238,7 +2233,7 @@ mac_biba_check_socket_visible(struct ucred *cred, struct socket *socket, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(socketlabel); + obj = SLOT(solabel); if (!mac_biba_dominate_effective(obj, subj)) return (ENOENT); @@ -2437,7 +2432,7 @@ mac_biba_priv_check(struct ucred *cred, int priv) static int mac_biba_check_system_acct(struct ucred *cred, struct vnode *vp, - struct label *label) + struct label *vplabel) { struct mac_biba *subj, *obj; int error; @@ -2451,10 +2446,10 @@ mac_biba_check_system_acct(struct ucred *cred, struct vnode *vp, if (error) return (error); - if (label == NULL) + if (vplabel == NULL) return (0); - obj = SLOT(label); + obj = SLOT(vplabel); if (!mac_biba_high_effective(obj)) return (EACCES); @@ -2507,7 +2502,7 @@ mac_biba_check_system_auditon(struct ucred *cred, int cmd) static int mac_biba_check_system_swapon(struct ucred *cred, struct vnode *vp, - struct label *label) + struct label *vplabel) { struct mac_biba *subj, *obj; int error; @@ -2516,7 +2511,7 @@ mac_biba_check_system_swapon(struct ucred *cred, struct vnode *vp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(label); + obj = SLOT(vplabel); error = mac_biba_subject_privileged(subj); if (error) @@ -2577,7 +2572,7 @@ mac_biba_check_system_sysctl(struct ucred *cred, struct sysctl_oid *oidp, static int mac_biba_check_vnode_chdir(struct ucred *cred, struct vnode *dvp, - struct label *dlabel) + struct label *dvplabel) { struct mac_biba *subj, *obj; @@ -2585,7 +2580,7 @@ mac_biba_check_vnode_chdir(struct ucred *cred, struct vnode *dvp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(dlabel); + obj = SLOT(dvplabel); if (!mac_biba_dominate_effective(obj, subj)) return (EACCES); @@ -2595,7 +2590,7 @@ mac_biba_check_vnode_chdir(struct ucred *cred, struct vnode *dvp, static int mac_biba_check_vnode_chroot(struct ucred *cred, struct vnode *dvp, - struct label *dlabel) + struct label *dvplabel) { struct mac_biba *subj, *obj; @@ -2603,7 +2598,7 @@ mac_biba_check_vnode_chroot(struct ucred *cred, struct vnode *dvp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(dlabel); + obj = SLOT(dvplabel); if (!mac_biba_dominate_effective(obj, subj)) return (EACCES); @@ -2613,7 +2608,7 @@ mac_biba_check_vnode_chroot(struct ucred *cred, struct vnode *dvp, static int mac_biba_check_vnode_create(struct ucred *cred, struct vnode *dvp, - struct label *dlabel, struct componentname *cnp, struct vattr *vap) + struct label *dvplabel, struct componentname *cnp, struct vattr *vap) { struct mac_biba *subj, *obj; @@ -2621,7 +2616,7 @@ mac_biba_check_vnode_create(struct ucred *cred, struct vnode *dvp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(dlabel); + obj = SLOT(dvplabel); if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); @@ -2631,7 +2626,7 @@ mac_biba_check_vnode_create(struct ucred *cred, struct vnode *dvp, static int mac_biba_check_vnode_delete(struct ucred *cred, struct vnode *dvp, - struct label *dlabel, struct vnode *vp, struct label *label, + struct label *dvplabel, struct vnode *vp, struct label *vplabel, struct componentname *cnp) { struct mac_biba *subj, *obj; @@ -2640,12 +2635,12 @@ mac_biba_check_vnode_delete(struct ucred *cred, struct vnode *dvp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(dlabel); + obj = SLOT(dvplabel); if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); - obj = SLOT(label); + obj = SLOT(vplabel); if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); @@ -2655,7 +2650,7 @@ mac_biba_check_vnode_delete(struct ucred *cred, struct vnode *dvp, static int mac_biba_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, - struct label *label, acl_type_t type) + struct label *vplabel, acl_type_t type) { struct mac_biba *subj, *obj; @@ -2663,7 +2658,7 @@ mac_biba_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(label); + obj = SLOT(vplabel); if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); @@ -2673,7 +2668,7 @@ mac_biba_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, static int mac_biba_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp, - struct label *label, int attrnamespace, const char *name) + struct label *vplabel, int attrnamespace, const char *name) { struct mac_biba *subj, *obj; @@ -2681,7 +2676,7 @@ mac_biba_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(label); + obj = SLOT(vplabel); if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); @@ -2691,7 +2686,7 @@ mac_biba_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp, static int mac_biba_check_vnode_exec(struct ucred *cred, struct vnode *vp, - struct label *label, struct image_params *imgp, + struct label *vplabel, struct image_params *imgp, struct label *execlabel) { struct mac_biba *subj, *obj, *exec; @@ -2713,7 +2708,7 @@ mac_biba_check_vnode_exec(struct ucred *cred, struct vnode *vp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(label); + obj = SLOT(vplabel); if (!mac_biba_dominate_effective(obj, subj)) return (EACCES); @@ -2723,7 +2718,7 @@ mac_biba_check_vnode_exec(struct ucred *cred, struct vnode *vp, static int mac_biba_check_vnode_getacl(struct ucred *cred, struct vnode *vp, - struct label *label, acl_type_t type) + struct label *vplabel, acl_type_t type) { struct mac_biba *subj, *obj; @@ -2731,7 +2726,7 @@ mac_biba_check_vnode_getacl(struct ucred *cred, struct vnode *vp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(label); + obj = SLOT(vplabel); if (!mac_biba_dominate_effective(obj, subj)) return (EACCES); @@ -2741,7 +2736,8 @@ mac_biba_check_vnode_getacl(struct ucred *cred, struct vnode *vp, static int mac_biba_check_vnode_getextattr(struct ucred *cred, struct vnode *vp, - struct label *label, int attrnamespace, const char *name, struct uio *uio) + struct label *vplabel, int attrnamespace, const char *name, + struct uio *uio) { struct mac_biba *subj, *obj; @@ -2749,7 +2745,7 @@ mac_biba_check_vnode_getextattr(struct ucred *cred, struct vnode *vp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(label); + obj = SLOT(vplabel); if (!mac_biba_dominate_effective(obj, subj)) return (EACCES); @@ -2759,7 +2755,7 @@ mac_biba_check_vnode_getextattr(struct ucred *cred, struct vnode *vp, static int mac_biba_check_vnode_link(struct ucred *cred, struct vnode *dvp, - struct label *dlabel, struct vnode *vp, struct label *label, + struct label *dvplabel, struct vnode *vp, struct label *vplabel, struct componentname *cnp) { struct mac_biba *subj, *obj; @@ -2768,12 +2764,12 @@ mac_biba_check_vnode_link(struct ucred *cred, struct vnode *dvp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(dlabel); + obj = SLOT(dvplabel); if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); - obj = SLOT(label); + obj = SLOT(vplabel); if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); @@ -2783,7 +2779,7 @@ mac_biba_check_vnode_link(struct ucred *cred, struct vnode *dvp, static int mac_biba_check_vnode_listextattr(struct ucred *cred, struct vnode *vp, - struct label *label, int attrnamespace) + struct label *vplabel, int attrnamespace) { struct mac_biba *subj, *obj; @@ -2791,7 +2787,7 @@ mac_biba_check_vnode_listextattr(struct ucred *cred, struct vnode *vp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(label); + obj = SLOT(vplabel); if (!mac_biba_dominate_effective(obj, subj)) return (EACCES); @@ -2801,7 +2797,7 @@ mac_biba_check_vnode_listextattr(struct ucred *cred, struct vnode *vp, static int mac_biba_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, - struct label *dlabel, struct componentname *cnp) + struct label *dvplabel, struct componentname *cnp) { struct mac_biba *subj, *obj; @@ -2809,7 +2805,7 @@ mac_biba_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(dlabel); + obj = SLOT(dvplabel); if (!mac_biba_dominate_effective(obj, subj)) return (EACCES); @@ -2819,7 +2815,7 @@ mac_biba_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, static int mac_biba_check_vnode_mmap(struct ucred *cred, struct vnode *vp, - struct label *label, int prot, int flags) + struct label *vplabel, int prot, int flags) { struct mac_biba *subj, *obj; @@ -2831,7 +2827,7 @@ mac_biba_check_vnode_mmap(struct ucred *cred, struct vnode *vp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(label); + obj = SLOT(vplabel); if (prot & (VM_PROT_READ | VM_PROT_EXECUTE)) { if (!mac_biba_dominate_effective(obj, subj)) @@ -2847,7 +2843,7 @@ mac_biba_check_vnode_mmap(struct ucred *cred, struct vnode *vp, static int mac_biba_check_vnode_open(struct ucred *cred, struct vnode *vp, - struct label *vnodelabel, int acc_mode) + struct label *vplabel, int acc_mode) { struct mac_biba *subj, *obj; @@ -2855,7 +2851,7 @@ mac_biba_check_vnode_open(struct ucred *cred, struct vnode *vp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(vnodelabel); + obj = SLOT(vplabel); /* XXX privilege override for admin? */ if (acc_mode & (VREAD | VEXEC | VSTAT)) { @@ -2872,7 +2868,7 @@ mac_biba_check_vnode_open(struct ucred *cred, struct vnode *vp, static int mac_biba_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred, - struct vnode *vp, struct label *label) + struct vnode *vp, struct label *vplabel) { struct mac_biba *subj, *obj; @@ -2880,7 +2876,7 @@ mac_biba_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred, return (0); subj = SLOT(active_cred->cr_label); - obj = SLOT(label); + obj = SLOT(vplabel); if (!mac_biba_dominate_effective(obj, subj)) return (EACCES); @@ -2890,7 +2886,7 @@ mac_biba_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred, static int mac_biba_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred, - struct vnode *vp, struct label *label) + struct vnode *vp, struct label *vplabel) { struct mac_biba *subj, *obj; @@ -2898,7 +2894,7 @@ mac_biba_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred, return (0); subj = SLOT(active_cred->cr_label); - obj = SLOT(label); + obj = SLOT(vplabel); if (!mac_biba_dominate_effective(obj, subj)) return (EACCES); @@ -2908,7 +2904,7 @@ mac_biba_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred, static int mac_biba_check_vnode_readdir(struct ucred *cred, struct vnode *dvp, - struct label *dlabel) + struct label *dvplabel) { struct mac_biba *subj, *obj; @@ -2916,7 +2912,7 @@ mac_biba_check_vnode_readdir(struct ucred *cred, struct vnode *dvp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(dlabel); + obj = SLOT(dvplabel); if (!mac_biba_dominate_effective(obj, subj)) return (EACCES); @@ -2926,7 +2922,7 @@ mac_biba_check_vnode_readdir(struct ucred *cred, struct vnode *dvp, static int mac_biba_check_vnode_readlink(struct ucred *cred, struct vnode *vp, - struct label *label) + struct label *vplabel) { struct mac_biba *subj, *obj; @@ -2934,7 +2930,7 @@ mac_biba_check_vnode_readlink(struct ucred *cred, struct vnode *vp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(label); + obj = SLOT(vplabel); if (!mac_biba_dominate_effective(obj, subj)) return (EACCES); @@ -2944,12 +2940,12 @@ mac_biba_check_vnode_readlink(struct ucred *cred, struct vnode *vp, static int mac_biba_check_vnode_relabel(struct ucred *cred, struct vnode *vp, - struct label *vnodelabel, struct label *newlabel) + struct label *vplabel, struct label *newlabel) { struct mac_biba *old, *new, *subj; int error; - old = SLOT(vnodelabel); + old = SLOT(vplabel); new = SLOT(newlabel); subj = SLOT(cred->cr_label); @@ -2995,7 +2991,7 @@ mac_biba_check_vnode_relabel(struct ucred *cred, struct vnode *vp, static int mac_biba_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp, - struct label *dlabel, struct vnode *vp, struct label *label, + struct label *dvplabel, struct vnode *vp, struct label *vplabel, struct componentname *cnp) { struct mac_biba *subj, *obj; @@ -3004,12 +3000,12 @@ mac_biba_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(dlabel); + obj = SLOT(dvplabel); if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); - obj = SLOT(label); + obj = SLOT(vplabel); if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); @@ -3019,8 +3015,8 @@ mac_biba_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp, static int mac_biba_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp, - struct label *dlabel, struct vnode *vp, struct label *label, int samedir, - struct componentname *cnp) + struct label *dvplabel, struct vnode *vp, struct label *vplabel, + int samedir, struct componentname *cnp) { struct mac_biba *subj, *obj; @@ -3028,13 +3024,13 @@ mac_biba_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(dlabel); + obj = SLOT(dvplabel); if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); if (vp != NULL) { - obj = SLOT(label); + obj = SLOT(vplabel); if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); @@ -3045,7 +3041,7 @@ mac_biba_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp, static int mac_biba_check_vnode_revoke(struct ucred *cred, struct vnode *vp, - struct label *label) + struct label *vplabel) { struct mac_biba *subj, *obj; @@ -3053,7 +3049,7 @@ mac_biba_check_vnode_revoke(struct ucred *cred, struct vnode *vp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(label); + obj = SLOT(vplabel); if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); @@ -3063,7 +3059,7 @@ mac_biba_check_vnode_revoke(struct ucred *cred, struct vnode *vp, static int mac_biba_check_vnode_setacl(struct ucred *cred, struct vnode *vp, - struct label *label, acl_type_t type, struct acl *acl) + struct label *vplabel, acl_type_t type, struct acl *acl) { struct mac_biba *subj, *obj; @@ -3071,7 +3067,7 @@ mac_biba_check_vnode_setacl(struct ucred *cred, struct vnode *vp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(label); + obj = SLOT(vplabel); if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); @@ -3081,7 +3077,7 @@ mac_biba_check_vnode_setacl(struct ucred *cred, struct vnode *vp, static int mac_biba_check_vnode_setextattr(struct ucred *cred, struct vnode *vp, - struct label *vnodelabel, int attrnamespace, const char *name, + struct label *vplabel, int attrnamespace, const char *name, struct uio *uio) { struct mac_biba *subj, *obj; @@ -3090,7 +3086,7 @@ mac_biba_check_vnode_setextattr(struct ucred *cred, struct vnode *vp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(vnodelabel); + obj = SLOT(vplabel); if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); @@ -3102,7 +3098,7 @@ mac_biba_check_vnode_setextattr(struct ucred *cred, struct vnode *vp, static int mac_biba_check_vnode_setflags(struct ucred *cred, struct vnode *vp, - struct label *vnodelabel, u_long flags) + struct label *vplabel, u_long flags) { struct mac_biba *subj, *obj; @@ -3110,7 +3106,7 @@ mac_biba_check_vnode_setflags(struct ucred *cred, struct vnode *vp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(vnodelabel); + obj = SLOT(vplabel); if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); @@ -3120,7 +3116,7 @@ mac_biba_check_vnode_setflags(struct ucred *cred, struct vnode *vp, static int mac_biba_check_vnode_setmode(struct ucred *cred, struct vnode *vp, - struct label *vnodelabel, mode_t mode) + struct label *vplabel, mode_t mode) { struct mac_biba *subj, *obj; @@ -3128,7 +3124,7 @@ mac_biba_check_vnode_setmode(struct ucred *cred, struct vnode *vp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(vnodelabel); + obj = SLOT(vplabel); if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); @@ -3138,7 +3134,7 @@ mac_biba_check_vnode_setmode(struct ucred *cred, struct vnode *vp, static int mac_biba_check_vnode_setowner(struct ucred *cred, struct vnode *vp, - struct label *vnodelabel, uid_t uid, gid_t gid) + struct label *vplabel, uid_t uid, gid_t gid) { struct mac_biba *subj, *obj; @@ -3146,7 +3142,7 @@ mac_biba_check_vnode_setowner(struct ucred *cred, struct vnode *vp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(vnodelabel); + obj = SLOT(vplabel); if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); @@ -3156,7 +3152,7 @@ mac_biba_check_vnode_setowner(struct ucred *cred, struct vnode *vp, static int mac_biba_check_vnode_setutimes(struct ucred *cred, struct vnode *vp, - struct label *vnodelabel, struct timespec atime, struct timespec mtime) + struct label *vplabel, struct timespec atime, struct timespec mtime) { struct mac_biba *subj, *obj; @@ -3164,7 +3160,7 @@ mac_biba_check_vnode_setutimes(struct ucred *cred, struct vnode *vp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(vnodelabel); + obj = SLOT(vplabel); if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); @@ -3174,7 +3170,7 @@ mac_biba_check_vnode_setutimes(struct ucred *cred, struct vnode *vp, static int mac_biba_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred, - struct vnode *vp, struct label *vnodelabel) + struct vnode *vp, struct label *vplabel) { struct mac_biba *subj, *obj; @@ -3182,7 +3178,7 @@ mac_biba_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred, return (0); subj = SLOT(active_cred->cr_label); - obj = SLOT(vnodelabel); + obj = SLOT(vplabel); if (!mac_biba_dominate_effective(obj, subj)) return (EACCES); @@ -3192,7 +3188,7 @@ mac_biba_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred, static int mac_biba_check_vnode_write(struct ucred *active_cred, - struct ucred *file_cred, struct vnode *vp, struct label *label) + struct ucred *file_cred, struct vnode *vp, struct label *vplabel) { struct mac_biba *subj, *obj; @@ -3200,7 +3196,7 @@ mac_biba_check_vnode_write(struct ucred *active_cred, return (0); subj = SLOT(active_cred->cr_label); - obj = SLOT(label); + obj = SLOT(vplabel); if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); @@ -3231,12 +3227,12 @@ mac_biba_init_syncache_from_inpcb(struct label *label, struct inpcb *inp) static void mac_biba_create_mbuf_from_syncache(struct label *sc_label, struct mbuf *m, - struct label *mbuf_label) + struct label *mlabel) { struct mac_biba *source, *dest; source = SLOT(sc_label); - dest = SLOT(mbuf_label); + dest = SLOT(mlabel); mac_biba_copy_effective(source, dest); } |