summaryrefslogtreecommitdiffstats
path: root/sys/security/mac_biba
diff options
context:
space:
mode:
authorrwatson <rwatson@FreeBSD.org>2007-04-23 13:15:23 +0000
committerrwatson <rwatson@FreeBSD.org>2007-04-23 13:15:23 +0000
commit7ffc2492aefff9e4350fa66d015e86a00a98f452 (patch)
tree0db2f0a84f3f87dab9a1c320711f201aa8cf85bf /sys/security/mac_biba
parent19d0863e4a316a5e0fdee76bf46871a721ac383d (diff)
downloadFreeBSD-src-7ffc2492aefff9e4350fa66d015e86a00a98f452.zip
FreeBSD-src-7ffc2492aefff9e4350fa66d015e86a00a98f452.tar.gz
Apply variable name normalization to MAC policies: adopt global conventions
for the naming of variables associated with specific data structures. Obtained from: TrustedBSD Project
Diffstat (limited to 'sys/security/mac_biba')
-rw-r--r--sys/security/mac_biba/mac_biba.c422
1 files changed, 209 insertions, 213 deletions
diff --git a/sys/security/mac_biba/mac_biba.c b/sys/security/mac_biba/mac_biba.c
index 663ea5b..f2d973a 100644
--- a/sys/security/mac_biba/mac_biba.c
+++ b/sys/security/mac_biba/mac_biba.c
@@ -784,12 +784,12 @@ mac_biba_copy_label(struct label *src, struct label *dest)
*/
static void
mac_biba_create_devfs_device(struct ucred *cred, struct mount *mp,
- struct cdev *dev, struct devfs_dirent *devfs_dirent, struct label *label)
+ struct cdev *dev, struct devfs_dirent *de, struct label *delabel)
{
struct mac_biba *mac_biba;
int biba_type;
- mac_biba = SLOT(label);
+ mac_biba = SLOT(delabel);
if (strcmp(dev->si_name, "null") == 0 ||
strcmp(dev->si_name, "zero") == 0 ||
strcmp(dev->si_name, "random") == 0 ||
@@ -806,11 +806,11 @@ mac_biba_create_devfs_device(struct ucred *cred, struct mount *mp,
static void
mac_biba_create_devfs_directory(struct mount *mp, char *dirname,
- int dirnamelen, struct devfs_dirent *devfs_dirent, struct label *label)
+ int dirnamelen, struct devfs_dirent *de, struct label *delabel)
{
struct mac_biba *mac_biba;
- mac_biba = SLOT(label);
+ mac_biba = SLOT(delabel);
mac_biba_set_effective(mac_biba, MAC_BIBA_TYPE_HIGH, 0, NULL);
}
@@ -829,36 +829,35 @@ mac_biba_create_devfs_symlink(struct ucred *cred, struct mount *mp,
static void
mac_biba_create_mount(struct ucred *cred, struct mount *mp,
- struct label *mntlabel)
+ struct label *mplabel)
{
struct mac_biba *source, *dest;
source = SLOT(cred->cr_label);
- dest = SLOT(mntlabel);
+ dest = SLOT(mplabel);
mac_biba_copy_effective(source, dest);
}
static void
mac_biba_relabel_vnode(struct ucred *cred, struct vnode *vp,
- struct label *vnodelabel, struct label *label)
+ struct label *vplabel, struct label *newlabel)
{
struct mac_biba *source, *dest;
- source = SLOT(label);
- dest = SLOT(vnodelabel);
+ source = SLOT(newlabel);
+ dest = SLOT(vplabel);
mac_biba_copy(source, dest);
}
static void
-mac_biba_update_devfsdirent(struct mount *mp,
- struct devfs_dirent *devfs_dirent, struct label *direntlabel,
- struct vnode *vp, struct label *vnodelabel)
+mac_biba_update_devfsdirent(struct mount *mp, struct devfs_dirent *de,
+ struct label *delabel, struct vnode *vp, struct label *vplabel)
{
struct mac_biba *source, *dest;
- source = SLOT(vnodelabel);
- dest = SLOT(direntlabel);
+ source = SLOT(vplabel);
+ dest = SLOT(delabel);
mac_biba_copy(source, dest);
}
@@ -866,25 +865,25 @@ mac_biba_update_devfsdirent(struct mount *mp,
static void
mac_biba_associate_vnode_devfs(struct mount *mp, struct label *mntlabel,
struct devfs_dirent *de, struct label *delabel, struct vnode *vp,
- struct label *vlabel)
+ struct label *vplabel)
{
struct mac_biba *source, *dest;
source = SLOT(delabel);
- dest = SLOT(vlabel);
+ dest = SLOT(vplabel);
mac_biba_copy_effective(source, dest);
}
static int
-mac_biba_associate_vnode_extattr(struct mount *mp, struct label *mntlabel,
- struct vnode *vp, struct label *vlabel)
+mac_biba_associate_vnode_extattr(struct mount *mp, struct label *mplabel,
+ struct vnode *vp, struct label *vplabel)
{
struct mac_biba temp, *source, *dest;
int buflen, error;
- source = SLOT(mntlabel);
- dest = SLOT(vlabel);
+ source = SLOT(mplabel);
+ dest = SLOT(vplabel);
buflen = sizeof(temp);
bzero(&temp, buflen);
@@ -918,20 +917,20 @@ mac_biba_associate_vnode_extattr(struct mount *mp, struct label *mntlabel,
static void
mac_biba_associate_vnode_singlelabel(struct mount *mp,
- struct label *mntlabel, struct vnode *vp, struct label *vlabel)
+ struct label *mplabel, struct vnode *vp, struct label *vplabel)
{
struct mac_biba *source, *dest;
- source = SLOT(mntlabel);
- dest = SLOT(vlabel);
+ source = SLOT(mplabel);
+ dest = SLOT(vplabel);
mac_biba_copy_effective(source, dest);
}
static int
mac_biba_create_vnode_extattr(struct ucred *cred, struct mount *mp,
- struct label *mntlabel, struct vnode *dvp, struct label *dlabel,
- struct vnode *vp, struct label *vlabel, struct componentname *cnp)
+ struct label *mplabel, struct vnode *dvp, struct label *dvplabel,
+ struct vnode *vp, struct label *vplabel, struct componentname *cnp)
{
struct mac_biba *source, *dest, temp;
size_t buflen;
@@ -941,7 +940,7 @@ mac_biba_create_vnode_extattr(struct ucred *cred, struct mount *mp,
bzero(&temp, buflen);
source = SLOT(cred->cr_label);
- dest = SLOT(vlabel);
+ dest = SLOT(vplabel);
mac_biba_copy_effective(source, &temp);
error = vn_extattr_set(vp, IO_NODELOCKED, MAC_BIBA_EXTATTR_NAMESPACE,
@@ -953,7 +952,7 @@ mac_biba_create_vnode_extattr(struct ucred *cred, struct mount *mp,
static int
mac_biba_setlabel_vnode_extattr(struct ucred *cred, struct vnode *vp,
- struct label *vlabel, struct label *intlabel)
+ struct label *vplabel, struct label *intlabel)
{
struct mac_biba *source, temp;
size_t buflen;
@@ -989,37 +988,37 @@ mac_biba_create_inpcb_from_socket(struct socket *so, struct label *solabel,
}
static void
-mac_biba_create_mbuf_from_socket(struct socket *so, struct label *socketlabel,
- struct mbuf *m, struct label *mbuflabel)
+mac_biba_create_mbuf_from_socket(struct socket *so, struct label *solabel,
+ struct mbuf *m, struct label *mlabel)
{
struct mac_biba *source, *dest;
- source = SLOT(socketlabel);
- dest = SLOT(mbuflabel);
+ source = SLOT(solabel);
+ dest = SLOT(mlabel);
mac_biba_copy_effective(source, dest);
}
static void
-mac_biba_create_socket(struct ucred *cred, struct socket *socket,
- struct label *socketlabel)
+mac_biba_create_socket(struct ucred *cred, struct socket *so,
+ struct label *solabel)
{
struct mac_biba *source, *dest;
source = SLOT(cred->cr_label);
- dest = SLOT(socketlabel);
+ dest = SLOT(solabel);
mac_biba_copy_effective(source, dest);
}
static void
mac_biba_create_pipe(struct ucred *cred, struct pipepair *pp,
- struct label *pipelabel)
+ struct label *pplabel)
{
struct mac_biba *source, *dest;
source = SLOT(cred->cr_label);
- dest = SLOT(pipelabel);
+ dest = SLOT(pplabel);
mac_biba_copy_effective(source, dest);
}
@@ -1037,50 +1036,49 @@ mac_biba_create_posix_sem(struct ucred *cred, struct ksem *ksemptr,
}
static void
-mac_biba_create_socket_from_socket(struct socket *oldsocket,
- struct label *oldsocketlabel, struct socket *newsocket,
- struct label *newsocketlabel)
+mac_biba_create_socket_from_socket(struct socket *oldso,
+ struct label *oldsolabel, struct socket *newso, struct label *newsolabel)
{
struct mac_biba *source, *dest;
- source = SLOT(oldsocketlabel);
- dest = SLOT(newsocketlabel);
+ source = SLOT(oldsolabel);
+ dest = SLOT(newsolabel);
mac_biba_copy_effective(source, dest);
}
static void
-mac_biba_relabel_socket(struct ucred *cred, struct socket *socket,
- struct label *socketlabel, struct label *newlabel)
+mac_biba_relabel_socket(struct ucred *cred, struct socket *so,
+ struct label *solabel, struct label *newlabel)
{
struct mac_biba *source, *dest;
source = SLOT(newlabel);
- dest = SLOT(socketlabel);
+ dest = SLOT(solabel);
mac_biba_copy(source, dest);
}
static void
mac_biba_relabel_pipe(struct ucred *cred, struct pipepair *pp,
- struct label *pipelabel, struct label *newlabel)
+ struct label *pplabel, struct label *newlabel)
{
struct mac_biba *source, *dest;
source = SLOT(newlabel);
- dest = SLOT(pipelabel);
+ dest = SLOT(pplabel);
mac_biba_copy(source, dest);
}
static void
-mac_biba_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel,
- struct socket *socket, struct label *socketpeerlabel)
+mac_biba_set_socket_peer_from_mbuf(struct mbuf *m, struct label *mlabel,
+ struct socket *so, struct label *sopeerlabel)
{
struct mac_biba *source, *dest;
- source = SLOT(mbuflabel);
- dest = SLOT(socketpeerlabel);
+ source = SLOT(mlabel);
+ dest = SLOT(sopeerlabel);
mac_biba_copy_effective(source, dest);
}
@@ -1088,7 +1086,6 @@ mac_biba_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel,
/*
* Labeling event operations: System V IPC objects.
*/
-
static void
mac_biba_create_sysv_msgmsg(struct ucred *cred, struct msqid_kernel *msqkptr,
struct label *msqlabel, struct msg *msgptr, struct label *msglabel)
@@ -1142,41 +1139,41 @@ mac_biba_create_sysv_shm(struct ucred *cred, struct shmid_kernel *shmsegptr,
* Labeling event operations: network objects.
*/
static void
-mac_biba_set_socket_peer_from_socket(struct socket *oldsocket,
- struct label *oldsocketlabel, struct socket *newsocket,
- struct label *newsocketpeerlabel)
+mac_biba_set_socket_peer_from_socket(struct socket *oldso,
+ struct label *oldsolabel, struct socket *newso,
+ struct label *newsopeerlabel)
{
struct mac_biba *source, *dest;
- source = SLOT(oldsocketlabel);
- dest = SLOT(newsocketpeerlabel);
+ source = SLOT(oldsolabel);
+ dest = SLOT(newsopeerlabel);
mac_biba_copy_effective(source, dest);
}
static void
-mac_biba_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d,
- struct label *bpflabel)
+mac_biba_create_bpfdesc(struct ucred *cred, struct bpf_d *d,
+ struct label *dlabel)
{
struct mac_biba *source, *dest;
source = SLOT(cred->cr_label);
- dest = SLOT(bpflabel);
+ dest = SLOT(dlabel);
mac_biba_copy_effective(source, dest);
}
static void
-mac_biba_create_ifnet(struct ifnet *ifnet, struct label *ifnetlabel)
+mac_biba_create_ifnet(struct ifnet *ifp, struct label *ifplabel)
{
char tifname[IFNAMSIZ], *p, *q;
char tiflist[sizeof(trusted_interfaces)];
struct mac_biba *dest;
int len, type;
- dest = SLOT(ifnetlabel);
+ dest = SLOT(ifplabel);
- if (ifnet->if_type == IFT_LOOP || interfaces_equal != 0) {
+ if (ifp->if_type == IFT_LOOP || interfaces_equal != 0) {
type = MAC_BIBA_TYPE_EQUAL;
goto set;
}
@@ -1203,7 +1200,7 @@ mac_biba_create_ifnet(struct ifnet *ifnet, struct label *ifnetlabel)
if (len < IFNAMSIZ) {
bzero(tifname, sizeof(tifname));
bcopy(q, tifname, len);
- if (strcmp(tifname, ifnet->if_xname) == 0) {
+ if (strcmp(tifname, ifp->if_xname) == 0) {
type = MAC_BIBA_TYPE_HIGH;
break;
}
@@ -1224,12 +1221,12 @@ set:
}
static void
-mac_biba_create_ipq(struct mbuf *fragment, struct label *fragmentlabel,
- struct ipq *ipq, struct label *ipqlabel)
+mac_biba_create_ipq(struct mbuf *m, struct label *mlabel, struct ipq *ipq,
+ struct label *ipqlabel)
{
struct mac_biba *source, *dest;
- source = SLOT(fragmentlabel);
+ source = SLOT(mlabel);
dest = SLOT(ipqlabel);
mac_biba_copy_effective(source, dest);
@@ -1237,25 +1234,25 @@ mac_biba_create_ipq(struct mbuf *fragment, struct label *fragmentlabel,
static void
mac_biba_create_datagram_from_ipq(struct ipq *ipq, struct label *ipqlabel,
- struct mbuf *datagram, struct label *datagramlabel)
+ struct mbuf *m, struct label *mlabel)
{
struct mac_biba *source, *dest;
source = SLOT(ipqlabel);
- dest = SLOT(datagramlabel);
+ dest = SLOT(mlabel);
/* Just use the head, since we require them all to match. */
mac_biba_copy_effective(source, dest);
}
static void
-mac_biba_create_fragment(struct mbuf *datagram, struct label *datagramlabel,
- struct mbuf *fragment, struct label *fragmentlabel)
+mac_biba_create_fragment(struct mbuf *m, struct label *mlabel,
+ struct mbuf *frag, struct label *fraglabel)
{
struct mac_biba *source, *dest;
- source = SLOT(datagramlabel);
- dest = SLOT(fragmentlabel);
+ source = SLOT(mlabel);
+ dest = SLOT(fraglabel);
mac_biba_copy_effective(source, dest);
}
@@ -1273,92 +1270,92 @@ mac_biba_create_mbuf_from_inpcb(struct inpcb *inp, struct label *inplabel,
}
static void
-mac_biba_create_mbuf_linklayer(struct ifnet *ifnet, struct label *ifnetlabel,
- struct mbuf *mbuf, struct label *mbuflabel)
+mac_biba_create_mbuf_linklayer(struct ifnet *ifp, struct label *ifplabel,
+ struct mbuf *m, struct label *mlabel)
{
struct mac_biba *dest;
- dest = SLOT(mbuflabel);
+ dest = SLOT(mlabel);
mac_biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL);
}
static void
-mac_biba_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct label *bpflabel,
- struct mbuf *mbuf, struct label *mbuflabel)
+mac_biba_create_mbuf_from_bpfdesc(struct bpf_d *d, struct label *dlabel,
+ struct mbuf *m, struct label *mlabel)
{
struct mac_biba *source, *dest;
- source = SLOT(bpflabel);
- dest = SLOT(mbuflabel);
+ source = SLOT(dlabel);
+ dest = SLOT(mlabel);
mac_biba_copy_effective(source, dest);
}
static void
-mac_biba_create_mbuf_from_ifnet(struct ifnet *ifnet, struct label *ifnetlabel,
- struct mbuf *m, struct label *mbuflabel)
+mac_biba_create_mbuf_from_ifnet(struct ifnet *ifp, struct label *ifplabel,
+ struct mbuf *m, struct label *mlabel)
{
struct mac_biba *source, *dest;
- source = SLOT(ifnetlabel);
- dest = SLOT(mbuflabel);
+ source = SLOT(ifplabel);
+ dest = SLOT(mlabel);
mac_biba_copy_effective(source, dest);
}
static void
-mac_biba_create_mbuf_multicast_encap(struct mbuf *oldmbuf,
- struct label *oldmbuflabel, struct ifnet *ifnet, struct label *ifnetlabel,
- struct mbuf *newmbuf, struct label *newmbuflabel)
+mac_biba_create_mbuf_multicast_encap(struct mbuf *m, struct label *mlabel,
+ struct ifnet *ifp, struct label *ifplabel, struct mbuf *mnew,
+ struct label *mnewlabel)
{
struct mac_biba *source, *dest;
- source = SLOT(oldmbuflabel);
- dest = SLOT(newmbuflabel);
+ source = SLOT(mlabel);
+ dest = SLOT(mnewlabel);
mac_biba_copy_effective(source, dest);
}
static void
-mac_biba_create_mbuf_netlayer(struct mbuf *oldmbuf, struct label *oldmbuflabel,
- struct mbuf *newmbuf, struct label *newmbuflabel)
+mac_biba_create_mbuf_netlayer(struct mbuf *m, struct label *mlabel,
+ struct mbuf *newm, struct label *mnewlabel)
{
struct mac_biba *source, *dest;
- source = SLOT(oldmbuflabel);
- dest = SLOT(newmbuflabel);
+ source = SLOT(mlabel);
+ dest = SLOT(mnewlabel);
mac_biba_copy_effective(source, dest);
}
static int
-mac_biba_fragment_match(struct mbuf *fragment, struct label *fragmentlabel,
+mac_biba_fragment_match(struct mbuf *m, struct label *mlabel,
struct ipq *ipq, struct label *ipqlabel)
{
struct mac_biba *a, *b;
a = SLOT(ipqlabel);
- b = SLOT(fragmentlabel);
+ b = SLOT(mlabel);
return (mac_biba_equal_effective(a, b));
}
static void
-mac_biba_relabel_ifnet(struct ucred *cred, struct ifnet *ifnet,
- struct label *ifnetlabel, struct label *newlabel)
+mac_biba_relabel_ifnet(struct ucred *cred, struct ifnet *ifp,
+ struct label *ifplabel, struct label *newlabel)
{
struct mac_biba *source, *dest;
source = SLOT(newlabel);
- dest = SLOT(ifnetlabel);
+ dest = SLOT(ifplabel);
mac_biba_copy(source, dest);
}
static void
-mac_biba_update_ipq(struct mbuf *fragment, struct label *fragmentlabel,
- struct ipq *ipq, struct label *ipqlabel)
+mac_biba_update_ipq(struct mbuf *m, struct label *mlabel, struct ipq *ipq,
+ struct label *ipqlabel)
{
/* NOOP: we only accept matching labels, so no need to update */
@@ -1459,16 +1456,16 @@ mac_biba_cleanup_sysv_shm(struct label *shmlabel)
* Access control checks.
*/
static int
-mac_biba_check_bpfdesc_receive(struct bpf_d *bpf_d, struct label *bpflabel,
- struct ifnet *ifnet, struct label *ifnetlabel)
+mac_biba_check_bpfdesc_receive(struct bpf_d *d, struct label *dlabel,
+ struct ifnet *ifp, struct label *ifplabel)
{
struct mac_biba *a, *b;
if (!mac_biba_enabled)
return (0);
- a = SLOT(bpflabel);
- b = SLOT(ifnetlabel);
+ a = SLOT(dlabel);
+ b = SLOT(ifplabel);
if (mac_biba_equal_effective(a, b))
return (0);
@@ -1556,8 +1553,8 @@ mac_biba_check_cred_visible(struct ucred *u1, struct ucred *u2)
}
static int
-mac_biba_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifnet,
- struct label *ifnetlabel, struct label *newlabel)
+mac_biba_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifp,
+ struct label *ifplabel, struct label *newlabel)
{
struct mac_biba *subj, *new;
int error;
@@ -1584,16 +1581,16 @@ mac_biba_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifnet,
}
static int
-mac_biba_check_ifnet_transmit(struct ifnet *ifnet, struct label *ifnetlabel,
- struct mbuf *m, struct label *mbuflabel)
+mac_biba_check_ifnet_transmit(struct ifnet *ifp, struct label *ifplabel,
+ struct mbuf *m, struct label *mlabel)
{
struct mac_biba *p, *i;
if (!mac_biba_enabled)
return (0);
- p = SLOT(mbuflabel);
- i = SLOT(ifnetlabel);
+ p = SLOT(mlabel);
+ i = SLOT(ifplabel);
return (mac_biba_effective_in_range(p, i) ? 0 : EACCES);
}
@@ -1773,7 +1770,6 @@ mac_biba_check_sysv_semctl(struct ucred *cred, struct semid_kernel *semakptr,
return (0);
}
-
static int
mac_biba_check_sysv_semget(struct ucred *cred, struct semid_kernel *semakptr,
struct label *semaklabel)
@@ -1890,7 +1886,7 @@ mac_biba_check_sysv_shmget(struct ucred *cred, struct shmid_kernel *shmsegptr,
static int
mac_biba_check_kld_load(struct ucred *cred, struct vnode *vp,
- struct label *label)
+ struct label *vplabel)
{
struct mac_biba *subj, *obj;
int error;
@@ -1904,17 +1900,16 @@ mac_biba_check_kld_load(struct ucred *cred, struct vnode *vp,
if (error)
return (error);
- obj = SLOT(label);
+ obj = SLOT(vplabel);
if (!mac_biba_high_effective(obj))
return (EACCES);
return (0);
}
-
static int
mac_biba_check_mount_stat(struct ucred *cred, struct mount *mp,
- struct label *mntlabel)
+ struct label *mplabel)
{
struct mac_biba *subj, *obj;
@@ -1922,7 +1917,7 @@ mac_biba_check_mount_stat(struct ucred *cred, struct mount *mp,
return (0);
subj = SLOT(cred->cr_label);
- obj = SLOT(mntlabel);
+ obj = SLOT(mplabel);
if (!mac_biba_dominate_effective(obj, subj))
return (EACCES);
@@ -1932,7 +1927,7 @@ mac_biba_check_mount_stat(struct ucred *cred, struct mount *mp,
static int
mac_biba_check_pipe_ioctl(struct ucred *cred, struct pipepair *pp,
- struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data)
+ struct label *pplabel, unsigned long cmd, void /* caddr_t */ *data)
{
if(!mac_biba_enabled)
@@ -1945,7 +1940,7 @@ mac_biba_check_pipe_ioctl(struct ucred *cred, struct pipepair *pp,
static int
mac_biba_check_pipe_poll(struct ucred *cred, struct pipepair *pp,
- struct label *pipelabel)
+ struct label *pplabel)
{
struct mac_biba *subj, *obj;
@@ -1953,7 +1948,7 @@ mac_biba_check_pipe_poll(struct ucred *cred, struct pipepair *pp,
return (0);
subj = SLOT(cred->cr_label);
- obj = SLOT((pipelabel));
+ obj = SLOT(pplabel);
if (!mac_biba_dominate_effective(obj, subj))
return (EACCES);
@@ -1963,7 +1958,7 @@ mac_biba_check_pipe_poll(struct ucred *cred, struct pipepair *pp,
static int
mac_biba_check_pipe_read(struct ucred *cred, struct pipepair *pp,
- struct label *pipelabel)
+ struct label *pplabel)
{
struct mac_biba *subj, *obj;
@@ -1971,7 +1966,7 @@ mac_biba_check_pipe_read(struct ucred *cred, struct pipepair *pp,
return (0);
subj = SLOT(cred->cr_label);
- obj = SLOT((pipelabel));
+ obj = SLOT(pplabel);
if (!mac_biba_dominate_effective(obj, subj))
return (EACCES);
@@ -1981,14 +1976,14 @@ mac_biba_check_pipe_read(struct ucred *cred, struct pipepair *pp,
static int
mac_biba_check_pipe_relabel(struct ucred *cred, struct pipepair *pp,
- struct label *pipelabel, struct label *newlabel)
+ struct label *pplabel, struct label *newlabel)
{
struct mac_biba *subj, *obj, *new;
int error;
new = SLOT(newlabel);
subj = SLOT(cred->cr_label);
- obj = SLOT(pipelabel);
+ obj = SLOT(pplabel);
/*
* If there is a Biba label update for a pipe, it must be a
@@ -2032,7 +2027,7 @@ mac_biba_check_pipe_relabel(struct ucred *cred, struct pipepair *pp,
static int
mac_biba_check_pipe_stat(struct ucred *cred, struct pipepair *pp,
- struct label *pipelabel)
+ struct label *pplabel)
{
struct mac_biba *subj, *obj;
@@ -2040,7 +2035,7 @@ mac_biba_check_pipe_stat(struct ucred *cred, struct pipepair *pp,
return (0);
subj = SLOT(cred->cr_label);
- obj = SLOT((pipelabel));
+ obj = SLOT(pplabel);
if (!mac_biba_dominate_effective(obj, subj))
return (EACCES);
@@ -2050,7 +2045,7 @@ mac_biba_check_pipe_stat(struct ucred *cred, struct pipepair *pp,
static int
mac_biba_check_pipe_write(struct ucred *cred, struct pipepair *pp,
- struct label *pipelabel)
+ struct label *pplabel)
{
struct mac_biba *subj, *obj;
@@ -2058,7 +2053,7 @@ mac_biba_check_pipe_write(struct ucred *cred, struct pipepair *pp,
return (0);
subj = SLOT(cred->cr_label);
- obj = SLOT((pipelabel));
+ obj = SLOT(pplabel);
if (!mac_biba_dominate_effective(subj, obj))
return (EACCES);
@@ -2103,7 +2098,7 @@ mac_biba_check_posix_sem_rdonly(struct ucred *cred, struct ksem *ksemptr,
}
static int
-mac_biba_check_proc_debug(struct ucred *cred, struct proc *proc)
+mac_biba_check_proc_debug(struct ucred *cred, struct proc *p)
{
struct mac_biba *subj, *obj;
@@ -2111,7 +2106,7 @@ mac_biba_check_proc_debug(struct ucred *cred, struct proc *proc)
return (0);
subj = SLOT(cred->cr_label);
- obj = SLOT(proc->p_ucred->cr_label);
+ obj = SLOT(p->p_ucred->cr_label);
/* XXX: range checks */
if (!mac_biba_dominate_effective(obj, subj))
@@ -2123,7 +2118,7 @@ mac_biba_check_proc_debug(struct ucred *cred, struct proc *proc)
}
static int
-mac_biba_check_proc_sched(struct ucred *cred, struct proc *proc)
+mac_biba_check_proc_sched(struct ucred *cred, struct proc *p)
{
struct mac_biba *subj, *obj;
@@ -2131,7 +2126,7 @@ mac_biba_check_proc_sched(struct ucred *cred, struct proc *proc)
return (0);
subj = SLOT(cred->cr_label);
- obj = SLOT(proc->p_ucred->cr_label);
+ obj = SLOT(p->p_ucred->cr_label);
/* XXX: range checks */
if (!mac_biba_dominate_effective(obj, subj))
@@ -2143,7 +2138,7 @@ mac_biba_check_proc_sched(struct ucred *cred, struct proc *proc)
}
static int
-mac_biba_check_proc_signal(struct ucred *cred, struct proc *proc, int signum)
+mac_biba_check_proc_signal(struct ucred *cred, struct proc *p, int signum)
{
struct mac_biba *subj, *obj;
@@ -2151,7 +2146,7 @@ mac_biba_check_proc_signal(struct ucred *cred, struct proc *proc, int signum)
return (0);
subj = SLOT(cred->cr_label);
- obj = SLOT(proc->p_ucred->cr_label);
+ obj = SLOT(p->p_ucred->cr_label);
/* XXX: range checks */
if (!mac_biba_dominate_effective(obj, subj))
@@ -2163,30 +2158,30 @@ mac_biba_check_proc_signal(struct ucred *cred, struct proc *proc, int signum)
}
static int
-mac_biba_check_socket_deliver(struct socket *so, struct label *socketlabel,
- struct mbuf *m, struct label *mbuflabel)
+mac_biba_check_socket_deliver(struct socket *so, struct label *solabel,
+ struct mbuf *m, struct label *mlabel)
{
struct mac_biba *p, *s;
if (!mac_biba_enabled)
return (0);
- p = SLOT(mbuflabel);
- s = SLOT(socketlabel);
+ p = SLOT(mlabel);
+ s = SLOT(solabel);
return (mac_biba_equal_effective(p, s) ? 0 : EACCES);
}
static int
mac_biba_check_socket_relabel(struct ucred *cred, struct socket *so,
- struct label *socketlabel, struct label *newlabel)
+ struct label *solabel, struct label *newlabel)
{
struct mac_biba *subj, *obj, *new;
int error;
new = SLOT(newlabel);
subj = SLOT(cred->cr_label);
- obj = SLOT(socketlabel);
+ obj = SLOT(solabel);
/*
* If there is a Biba label update for the socket, it may be
@@ -2229,8 +2224,8 @@ mac_biba_check_socket_relabel(struct ucred *cred, struct socket *so,
}
static int
-mac_biba_check_socket_visible(struct ucred *cred, struct socket *socket,
- struct label *socketlabel)
+mac_biba_check_socket_visible(struct ucred *cred, struct socket *so,
+ struct label *solabel)
{
struct mac_biba *subj, *obj;
@@ -2238,7 +2233,7 @@ mac_biba_check_socket_visible(struct ucred *cred, struct socket *socket,
return (0);
subj = SLOT(cred->cr_label);
- obj = SLOT(socketlabel);
+ obj = SLOT(solabel);
if (!mac_biba_dominate_effective(obj, subj))
return (ENOENT);
@@ -2437,7 +2432,7 @@ mac_biba_priv_check(struct ucred *cred, int priv)
static int
mac_biba_check_system_acct(struct ucred *cred, struct vnode *vp,
- struct label *label)
+ struct label *vplabel)
{
struct mac_biba *subj, *obj;
int error;
@@ -2451,10 +2446,10 @@ mac_biba_check_system_acct(struct ucred *cred, struct vnode *vp,
if (error)
return (error);
- if (label == NULL)
+ if (vplabel == NULL)
return (0);
- obj = SLOT(label);
+ obj = SLOT(vplabel);
if (!mac_biba_high_effective(obj))
return (EACCES);
@@ -2507,7 +2502,7 @@ mac_biba_check_system_auditon(struct ucred *cred, int cmd)
static int
mac_biba_check_system_swapon(struct ucred *cred, struct vnode *vp,
- struct label *label)
+ struct label *vplabel)
{
struct mac_biba *subj, *obj;
int error;
@@ -2516,7 +2511,7 @@ mac_biba_check_system_swapon(struct ucred *cred, struct vnode *vp,
return (0);
subj = SLOT(cred->cr_label);
- obj = SLOT(label);
+ obj = SLOT(vplabel);
error = mac_biba_subject_privileged(subj);
if (error)
@@ -2577,7 +2572,7 @@ mac_biba_check_system_sysctl(struct ucred *cred, struct sysctl_oid *oidp,
static int
mac_biba_check_vnode_chdir(struct ucred *cred, struct vnode *dvp,
- struct label *dlabel)
+ struct label *dvplabel)
{
struct mac_biba *subj, *obj;
@@ -2585,7 +2580,7 @@ mac_biba_check_vnode_chdir(struct ucred *cred, struct vnode *dvp,
return (0);
subj = SLOT(cred->cr_label);
- obj = SLOT(dlabel);
+ obj = SLOT(dvplabel);
if (!mac_biba_dominate_effective(obj, subj))
return (EACCES);
@@ -2595,7 +2590,7 @@ mac_biba_check_vnode_chdir(struct ucred *cred, struct vnode *dvp,
static int
mac_biba_check_vnode_chroot(struct ucred *cred, struct vnode *dvp,
- struct label *dlabel)
+ struct label *dvplabel)
{
struct mac_biba *subj, *obj;
@@ -2603,7 +2598,7 @@ mac_biba_check_vnode_chroot(struct ucred *cred, struct vnode *dvp,
return (0);
subj = SLOT(cred->cr_label);
- obj = SLOT(dlabel);
+ obj = SLOT(dvplabel);
if (!mac_biba_dominate_effective(obj, subj))
return (EACCES);
@@ -2613,7 +2608,7 @@ mac_biba_check_vnode_chroot(struct ucred *cred, struct vnode *dvp,
static int
mac_biba_check_vnode_create(struct ucred *cred, struct vnode *dvp,
- struct label *dlabel, struct componentname *cnp, struct vattr *vap)
+ struct label *dvplabel, struct componentname *cnp, struct vattr *vap)
{
struct mac_biba *subj, *obj;
@@ -2621,7 +2616,7 @@ mac_biba_check_vnode_create(struct ucred *cred, struct vnode *dvp,
return (0);
subj = SLOT(cred->cr_label);
- obj = SLOT(dlabel);
+ obj = SLOT(dvplabel);
if (!mac_biba_dominate_effective(subj, obj))
return (EACCES);
@@ -2631,7 +2626,7 @@ mac_biba_check_vnode_create(struct ucred *cred, struct vnode *dvp,
static int
mac_biba_check_vnode_delete(struct ucred *cred, struct vnode *dvp,
- struct label *dlabel, struct vnode *vp, struct label *label,
+ struct label *dvplabel, struct vnode *vp, struct label *vplabel,
struct componentname *cnp)
{
struct mac_biba *subj, *obj;
@@ -2640,12 +2635,12 @@ mac_biba_check_vnode_delete(struct ucred *cred, struct vnode *dvp,
return (0);
subj = SLOT(cred->cr_label);
- obj = SLOT(dlabel);
+ obj = SLOT(dvplabel);
if (!mac_biba_dominate_effective(subj, obj))
return (EACCES);
- obj = SLOT(label);
+ obj = SLOT(vplabel);
if (!mac_biba_dominate_effective(subj, obj))
return (EACCES);
@@ -2655,7 +2650,7 @@ mac_biba_check_vnode_delete(struct ucred *cred, struct vnode *dvp,
static int
mac_biba_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp,
- struct label *label, acl_type_t type)
+ struct label *vplabel, acl_type_t type)
{
struct mac_biba *subj, *obj;
@@ -2663,7 +2658,7 @@ mac_biba_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp,
return (0);
subj = SLOT(cred->cr_label);
- obj = SLOT(label);
+ obj = SLOT(vplabel);
if (!mac_biba_dominate_effective(subj, obj))
return (EACCES);
@@ -2673,7 +2668,7 @@ mac_biba_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp,
static int
mac_biba_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp,
- struct label *label, int attrnamespace, const char *name)
+ struct label *vplabel, int attrnamespace, const char *name)
{
struct mac_biba *subj, *obj;
@@ -2681,7 +2676,7 @@ mac_biba_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp,
return (0);
subj = SLOT(cred->cr_label);
- obj = SLOT(label);
+ obj = SLOT(vplabel);
if (!mac_biba_dominate_effective(subj, obj))
return (EACCES);
@@ -2691,7 +2686,7 @@ mac_biba_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp,
static int
mac_biba_check_vnode_exec(struct ucred *cred, struct vnode *vp,
- struct label *label, struct image_params *imgp,
+ struct label *vplabel, struct image_params *imgp,
struct label *execlabel)
{
struct mac_biba *subj, *obj, *exec;
@@ -2713,7 +2708,7 @@ mac_biba_check_vnode_exec(struct ucred *cred, struct vnode *vp,
return (0);
subj = SLOT(cred->cr_label);
- obj = SLOT(label);
+ obj = SLOT(vplabel);
if (!mac_biba_dominate_effective(obj, subj))
return (EACCES);
@@ -2723,7 +2718,7 @@ mac_biba_check_vnode_exec(struct ucred *cred, struct vnode *vp,
static int
mac_biba_check_vnode_getacl(struct ucred *cred, struct vnode *vp,
- struct label *label, acl_type_t type)
+ struct label *vplabel, acl_type_t type)
{
struct mac_biba *subj, *obj;
@@ -2731,7 +2726,7 @@ mac_biba_check_vnode_getacl(struct ucred *cred, struct vnode *vp,
return (0);
subj = SLOT(cred->cr_label);
- obj = SLOT(label);
+ obj = SLOT(vplabel);
if (!mac_biba_dominate_effective(obj, subj))
return (EACCES);
@@ -2741,7 +2736,8 @@ mac_biba_check_vnode_getacl(struct ucred *cred, struct vnode *vp,
static int
mac_biba_check_vnode_getextattr(struct ucred *cred, struct vnode *vp,
- struct label *label, int attrnamespace, const char *name, struct uio *uio)
+ struct label *vplabel, int attrnamespace, const char *name,
+ struct uio *uio)
{
struct mac_biba *subj, *obj;
@@ -2749,7 +2745,7 @@ mac_biba_check_vnode_getextattr(struct ucred *cred, struct vnode *vp,
return (0);
subj = SLOT(cred->cr_label);
- obj = SLOT(label);
+ obj = SLOT(vplabel);
if (!mac_biba_dominate_effective(obj, subj))
return (EACCES);
@@ -2759,7 +2755,7 @@ mac_biba_check_vnode_getextattr(struct ucred *cred, struct vnode *vp,
static int
mac_biba_check_vnode_link(struct ucred *cred, struct vnode *dvp,
- struct label *dlabel, struct vnode *vp, struct label *label,
+ struct label *dvplabel, struct vnode *vp, struct label *vplabel,
struct componentname *cnp)
{
struct mac_biba *subj, *obj;
@@ -2768,12 +2764,12 @@ mac_biba_check_vnode_link(struct ucred *cred, struct vnode *dvp,
return (0);
subj = SLOT(cred->cr_label);
- obj = SLOT(dlabel);
+ obj = SLOT(dvplabel);
if (!mac_biba_dominate_effective(subj, obj))
return (EACCES);
- obj = SLOT(label);
+ obj = SLOT(vplabel);
if (!mac_biba_dominate_effective(subj, obj))
return (EACCES);
@@ -2783,7 +2779,7 @@ mac_biba_check_vnode_link(struct ucred *cred, struct vnode *dvp,
static int
mac_biba_check_vnode_listextattr(struct ucred *cred, struct vnode *vp,
- struct label *label, int attrnamespace)
+ struct label *vplabel, int attrnamespace)
{
struct mac_biba *subj, *obj;
@@ -2791,7 +2787,7 @@ mac_biba_check_vnode_listextattr(struct ucred *cred, struct vnode *vp,
return (0);
subj = SLOT(cred->cr_label);
- obj = SLOT(label);
+ obj = SLOT(vplabel);
if (!mac_biba_dominate_effective(obj, subj))
return (EACCES);
@@ -2801,7 +2797,7 @@ mac_biba_check_vnode_listextattr(struct ucred *cred, struct vnode *vp,
static int
mac_biba_check_vnode_lookup(struct ucred *cred, struct vnode *dvp,
- struct label *dlabel, struct componentname *cnp)
+ struct label *dvplabel, struct componentname *cnp)
{
struct mac_biba *subj, *obj;
@@ -2809,7 +2805,7 @@ mac_biba_check_vnode_lookup(struct ucred *cred, struct vnode *dvp,
return (0);
subj = SLOT(cred->cr_label);
- obj = SLOT(dlabel);
+ obj = SLOT(dvplabel);
if (!mac_biba_dominate_effective(obj, subj))
return (EACCES);
@@ -2819,7 +2815,7 @@ mac_biba_check_vnode_lookup(struct ucred *cred, struct vnode *dvp,
static int
mac_biba_check_vnode_mmap(struct ucred *cred, struct vnode *vp,
- struct label *label, int prot, int flags)
+ struct label *vplabel, int prot, int flags)
{
struct mac_biba *subj, *obj;
@@ -2831,7 +2827,7 @@ mac_biba_check_vnode_mmap(struct ucred *cred, struct vnode *vp,
return (0);
subj = SLOT(cred->cr_label);
- obj = SLOT(label);
+ obj = SLOT(vplabel);
if (prot & (VM_PROT_READ | VM_PROT_EXECUTE)) {
if (!mac_biba_dominate_effective(obj, subj))
@@ -2847,7 +2843,7 @@ mac_biba_check_vnode_mmap(struct ucred *cred, struct vnode *vp,
static int
mac_biba_check_vnode_open(struct ucred *cred, struct vnode *vp,
- struct label *vnodelabel, int acc_mode)
+ struct label *vplabel, int acc_mode)
{
struct mac_biba *subj, *obj;
@@ -2855,7 +2851,7 @@ mac_biba_check_vnode_open(struct ucred *cred, struct vnode *vp,
return (0);
subj = SLOT(cred->cr_label);
- obj = SLOT(vnodelabel);
+ obj = SLOT(vplabel);
/* XXX privilege override for admin? */
if (acc_mode & (VREAD | VEXEC | VSTAT)) {
@@ -2872,7 +2868,7 @@ mac_biba_check_vnode_open(struct ucred *cred, struct vnode *vp,
static int
mac_biba_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred,
- struct vnode *vp, struct label *label)
+ struct vnode *vp, struct label *vplabel)
{
struct mac_biba *subj, *obj;
@@ -2880,7 +2876,7 @@ mac_biba_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred,
return (0);
subj = SLOT(active_cred->cr_label);
- obj = SLOT(label);
+ obj = SLOT(vplabel);
if (!mac_biba_dominate_effective(obj, subj))
return (EACCES);
@@ -2890,7 +2886,7 @@ mac_biba_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred,
static int
mac_biba_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred,
- struct vnode *vp, struct label *label)
+ struct vnode *vp, struct label *vplabel)
{
struct mac_biba *subj, *obj;
@@ -2898,7 +2894,7 @@ mac_biba_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred,
return (0);
subj = SLOT(active_cred->cr_label);
- obj = SLOT(label);
+ obj = SLOT(vplabel);
if (!mac_biba_dominate_effective(obj, subj))
return (EACCES);
@@ -2908,7 +2904,7 @@ mac_biba_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred,
static int
mac_biba_check_vnode_readdir(struct ucred *cred, struct vnode *dvp,
- struct label *dlabel)
+ struct label *dvplabel)
{
struct mac_biba *subj, *obj;
@@ -2916,7 +2912,7 @@ mac_biba_check_vnode_readdir(struct ucred *cred, struct vnode *dvp,
return (0);
subj = SLOT(cred->cr_label);
- obj = SLOT(dlabel);
+ obj = SLOT(dvplabel);
if (!mac_biba_dominate_effective(obj, subj))
return (EACCES);
@@ -2926,7 +2922,7 @@ mac_biba_check_vnode_readdir(struct ucred *cred, struct vnode *dvp,
static int
mac_biba_check_vnode_readlink(struct ucred *cred, struct vnode *vp,
- struct label *label)
+ struct label *vplabel)
{
struct mac_biba *subj, *obj;
@@ -2934,7 +2930,7 @@ mac_biba_check_vnode_readlink(struct ucred *cred, struct vnode *vp,
return (0);
subj = SLOT(cred->cr_label);
- obj = SLOT(label);
+ obj = SLOT(vplabel);
if (!mac_biba_dominate_effective(obj, subj))
return (EACCES);
@@ -2944,12 +2940,12 @@ mac_biba_check_vnode_readlink(struct ucred *cred, struct vnode *vp,
static int
mac_biba_check_vnode_relabel(struct ucred *cred, struct vnode *vp,
- struct label *vnodelabel, struct label *newlabel)
+ struct label *vplabel, struct label *newlabel)
{
struct mac_biba *old, *new, *subj;
int error;
- old = SLOT(vnodelabel);
+ old = SLOT(vplabel);
new = SLOT(newlabel);
subj = SLOT(cred->cr_label);
@@ -2995,7 +2991,7 @@ mac_biba_check_vnode_relabel(struct ucred *cred, struct vnode *vp,
static int
mac_biba_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp,
- struct label *dlabel, struct vnode *vp, struct label *label,
+ struct label *dvplabel, struct vnode *vp, struct label *vplabel,
struct componentname *cnp)
{
struct mac_biba *subj, *obj;
@@ -3004,12 +3000,12 @@ mac_biba_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp,
return (0);
subj = SLOT(cred->cr_label);
- obj = SLOT(dlabel);
+ obj = SLOT(dvplabel);
if (!mac_biba_dominate_effective(subj, obj))
return (EACCES);
- obj = SLOT(label);
+ obj = SLOT(vplabel);
if (!mac_biba_dominate_effective(subj, obj))
return (EACCES);
@@ -3019,8 +3015,8 @@ mac_biba_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp,
static int
mac_biba_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp,
- struct label *dlabel, struct vnode *vp, struct label *label, int samedir,
- struct componentname *cnp)
+ struct label *dvplabel, struct vnode *vp, struct label *vplabel,
+ int samedir, struct componentname *cnp)
{
struct mac_biba *subj, *obj;
@@ -3028,13 +3024,13 @@ mac_biba_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp,
return (0);
subj = SLOT(cred->cr_label);
- obj = SLOT(dlabel);
+ obj = SLOT(dvplabel);
if (!mac_biba_dominate_effective(subj, obj))
return (EACCES);
if (vp != NULL) {
- obj = SLOT(label);
+ obj = SLOT(vplabel);
if (!mac_biba_dominate_effective(subj, obj))
return (EACCES);
@@ -3045,7 +3041,7 @@ mac_biba_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp,
static int
mac_biba_check_vnode_revoke(struct ucred *cred, struct vnode *vp,
- struct label *label)
+ struct label *vplabel)
{
struct mac_biba *subj, *obj;
@@ -3053,7 +3049,7 @@ mac_biba_check_vnode_revoke(struct ucred *cred, struct vnode *vp,
return (0);
subj = SLOT(cred->cr_label);
- obj = SLOT(label);
+ obj = SLOT(vplabel);
if (!mac_biba_dominate_effective(subj, obj))
return (EACCES);
@@ -3063,7 +3059,7 @@ mac_biba_check_vnode_revoke(struct ucred *cred, struct vnode *vp,
static int
mac_biba_check_vnode_setacl(struct ucred *cred, struct vnode *vp,
- struct label *label, acl_type_t type, struct acl *acl)
+ struct label *vplabel, acl_type_t type, struct acl *acl)
{
struct mac_biba *subj, *obj;
@@ -3071,7 +3067,7 @@ mac_biba_check_vnode_setacl(struct ucred *cred, struct vnode *vp,
return (0);
subj = SLOT(cred->cr_label);
- obj = SLOT(label);
+ obj = SLOT(vplabel);
if (!mac_biba_dominate_effective(subj, obj))
return (EACCES);
@@ -3081,7 +3077,7 @@ mac_biba_check_vnode_setacl(struct ucred *cred, struct vnode *vp,
static int
mac_biba_check_vnode_setextattr(struct ucred *cred, struct vnode *vp,
- struct label *vnodelabel, int attrnamespace, const char *name,
+ struct label *vplabel, int attrnamespace, const char *name,
struct uio *uio)
{
struct mac_biba *subj, *obj;
@@ -3090,7 +3086,7 @@ mac_biba_check_vnode_setextattr(struct ucred *cred, struct vnode *vp,
return (0);
subj = SLOT(cred->cr_label);
- obj = SLOT(vnodelabel);
+ obj = SLOT(vplabel);
if (!mac_biba_dominate_effective(subj, obj))
return (EACCES);
@@ -3102,7 +3098,7 @@ mac_biba_check_vnode_setextattr(struct ucred *cred, struct vnode *vp,
static int
mac_biba_check_vnode_setflags(struct ucred *cred, struct vnode *vp,
- struct label *vnodelabel, u_long flags)
+ struct label *vplabel, u_long flags)
{
struct mac_biba *subj, *obj;
@@ -3110,7 +3106,7 @@ mac_biba_check_vnode_setflags(struct ucred *cred, struct vnode *vp,
return (0);
subj = SLOT(cred->cr_label);
- obj = SLOT(vnodelabel);
+ obj = SLOT(vplabel);
if (!mac_biba_dominate_effective(subj, obj))
return (EACCES);
@@ -3120,7 +3116,7 @@ mac_biba_check_vnode_setflags(struct ucred *cred, struct vnode *vp,
static int
mac_biba_check_vnode_setmode(struct ucred *cred, struct vnode *vp,
- struct label *vnodelabel, mode_t mode)
+ struct label *vplabel, mode_t mode)
{
struct mac_biba *subj, *obj;
@@ -3128,7 +3124,7 @@ mac_biba_check_vnode_setmode(struct ucred *cred, struct vnode *vp,
return (0);
subj = SLOT(cred->cr_label);
- obj = SLOT(vnodelabel);
+ obj = SLOT(vplabel);
if (!mac_biba_dominate_effective(subj, obj))
return (EACCES);
@@ -3138,7 +3134,7 @@ mac_biba_check_vnode_setmode(struct ucred *cred, struct vnode *vp,
static int
mac_biba_check_vnode_setowner(struct ucred *cred, struct vnode *vp,
- struct label *vnodelabel, uid_t uid, gid_t gid)
+ struct label *vplabel, uid_t uid, gid_t gid)
{
struct mac_biba *subj, *obj;
@@ -3146,7 +3142,7 @@ mac_biba_check_vnode_setowner(struct ucred *cred, struct vnode *vp,
return (0);
subj = SLOT(cred->cr_label);
- obj = SLOT(vnodelabel);
+ obj = SLOT(vplabel);
if (!mac_biba_dominate_effective(subj, obj))
return (EACCES);
@@ -3156,7 +3152,7 @@ mac_biba_check_vnode_setowner(struct ucred *cred, struct vnode *vp,
static int
mac_biba_check_vnode_setutimes(struct ucred *cred, struct vnode *vp,
- struct label *vnodelabel, struct timespec atime, struct timespec mtime)
+ struct label *vplabel, struct timespec atime, struct timespec mtime)
{
struct mac_biba *subj, *obj;
@@ -3164,7 +3160,7 @@ mac_biba_check_vnode_setutimes(struct ucred *cred, struct vnode *vp,
return (0);
subj = SLOT(cred->cr_label);
- obj = SLOT(vnodelabel);
+ obj = SLOT(vplabel);
if (!mac_biba_dominate_effective(subj, obj))
return (EACCES);
@@ -3174,7 +3170,7 @@ mac_biba_check_vnode_setutimes(struct ucred *cred, struct vnode *vp,
static int
mac_biba_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred,
- struct vnode *vp, struct label *vnodelabel)
+ struct vnode *vp, struct label *vplabel)
{
struct mac_biba *subj, *obj;
@@ -3182,7 +3178,7 @@ mac_biba_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred,
return (0);
subj = SLOT(active_cred->cr_label);
- obj = SLOT(vnodelabel);
+ obj = SLOT(vplabel);
if (!mac_biba_dominate_effective(obj, subj))
return (EACCES);
@@ -3192,7 +3188,7 @@ mac_biba_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred,
static int
mac_biba_check_vnode_write(struct ucred *active_cred,
- struct ucred *file_cred, struct vnode *vp, struct label *label)
+ struct ucred *file_cred, struct vnode *vp, struct label *vplabel)
{
struct mac_biba *subj, *obj;
@@ -3200,7 +3196,7 @@ mac_biba_check_vnode_write(struct ucred *active_cred,
return (0);
subj = SLOT(active_cred->cr_label);
- obj = SLOT(label);
+ obj = SLOT(vplabel);
if (!mac_biba_dominate_effective(subj, obj))
return (EACCES);
@@ -3231,12 +3227,12 @@ mac_biba_init_syncache_from_inpcb(struct label *label, struct inpcb *inp)
static void
mac_biba_create_mbuf_from_syncache(struct label *sc_label, struct mbuf *m,
- struct label *mbuf_label)
+ struct label *mlabel)
{
struct mac_biba *source, *dest;
source = SLOT(sc_label);
- dest = SLOT(mbuf_label);
+ dest = SLOT(mlabel);
mac_biba_copy_effective(source, dest);
}
OpenPOWER on IntegriCloud