Consistently name functions for mac_<policy> as <policy>_whatever rather

than mac_<policy>_whatever, as this shortens the names and makes the code
a bit easier to read.

When dealing with label structures, name variables 'mb', 'ml', 'mm rather
than the longer 'mac_biba', 'mac_lomac', and 'mac_mls', likewise making
the code a little easier to read.

Obtained from:	TrustedBSD Project

1 files changed, 30 insertions, 29 deletions

diff --git a/sys/security/mac_ifoff/mac_ifoff.c b/sys/security/mac_ifoff/mac_ifoff.c
index 31bf09a..6d51ea8 100644
--- a/sys/security/mac_ifoff/mac_ifoff.c
+++ b/sys/security/mac_ifoff/mac_ifoff.c
@@ -40,6 +40,7 @@
 
 /*
  * Developed by the TrustedBSD Project.
+ *
  * Limit access to interfaces until they are specifically administratively
  * enabled.  Prevents protocol stack-driven packet leakage in unsafe
  * environments.
@@ -61,38 +62,38 @@ SYSCTL_DECL(_security_mac);
 SYSCTL_NODE(_security_mac, OID_AUTO, ifoff, CTLFLAG_RW, 0,
     "TrustedBSD mac_ifoff policy controls");
 
-static int	mac_ifoff_enabled = 1;
+static int	ifoff_enabled = 1;
 SYSCTL_INT(_security_mac_ifoff, OID_AUTO, enabled, CTLFLAG_RW,
-    &mac_ifoff_enabled, 0, "Enforce ifoff policy");
-TUNABLE_INT("security.mac.ifoff.enabled", &mac_ifoff_enabled);
+    &ifoff_enabled, 0, "Enforce ifoff policy");
+TUNABLE_INT("security.mac.ifoff.enabled", &ifoff_enabled);
 
-static int	mac_ifoff_lo_enabled = 1;
+static int	ifoff_lo_enabled = 1;
 SYSCTL_INT(_security_mac_ifoff, OID_AUTO, lo_enabled, CTLFLAG_RW,
-    &mac_ifoff_lo_enabled, 0, "Enable loopback interfaces");
-TUNABLE_INT("security.mac.ifoff.lo_enabled", &mac_ifoff_lo_enabled);
+    &ifoff_lo_enabled, 0, "Enable loopback interfaces");
+TUNABLE_INT("security.mac.ifoff.lo_enabled", &ifoff_lo_enabled);
 
-static int	mac_ifoff_other_enabled = 0;
+static int	ifoff_other_enabled = 0;
 SYSCTL_INT(_security_mac_ifoff, OID_AUTO, other_enabled, CTLFLAG_RW,
-    &mac_ifoff_other_enabled, 0, "Enable other interfaces");
-TUNABLE_INT("security.mac.ifoff.other_enabled", &mac_ifoff_other_enabled);
+    &ifoff_other_enabled, 0, "Enable other interfaces");
+TUNABLE_INT("security.mac.ifoff.other_enabled", &ifoff_other_enabled);
 
-static int	mac_ifoff_bpfrecv_enabled = 0;
+static int	ifoff_bpfrecv_enabled = 0;
 SYSCTL_INT(_security_mac_ifoff, OID_AUTO, bpfrecv_enabled, CTLFLAG_RW,
-    &mac_ifoff_bpfrecv_enabled, 0, "Enable BPF reception even when interface "
+    &ifoff_bpfrecv_enabled, 0, "Enable BPF reception even when interface "
     "is disabled");
-TUNABLE_INT("security.mac.ifoff.bpfrecv.enabled", &mac_ifoff_bpfrecv_enabled);
+TUNABLE_INT("security.mac.ifoff.bpfrecv.enabled", &ifoff_bpfrecv_enabled);
 
 static int
 ifnet_check_outgoing(struct ifnet *ifp)
 {
 
-	if (!mac_ifoff_enabled)
+	if (!ifoff_enabled)
 		return (0);
 
-	if (mac_ifoff_lo_enabled && ifp->if_type == IFT_LOOP)
+	if (ifoff_lo_enabled && ifp->if_type == IFT_LOOP)
 		return (0);
 
-	if (mac_ifoff_other_enabled && ifp->if_type != IFT_LOOP)
+	if (ifoff_other_enabled && ifp->if_type != IFT_LOOP)
 		return (0);
 
 	return (EPERM);
@@ -101,23 +102,23 @@ ifnet_check_outgoing(struct ifnet *ifp)
 static int
 ifnet_check_incoming(struct ifnet *ifp, int viabpf)
 {
-	if (!mac_ifoff_enabled)
+	if (!ifoff_enabled)
 		return (0);
 
-	if (mac_ifoff_lo_enabled && ifp->if_type == IFT_LOOP)
+	if (ifoff_lo_enabled && ifp->if_type == IFT_LOOP)
 		return (0);
 
-	if (mac_ifoff_other_enabled && ifp->if_type != IFT_LOOP)
+	if (ifoff_other_enabled && ifp->if_type != IFT_LOOP)
 		return (0);
 
-	if (viabpf && mac_ifoff_bpfrecv_enabled)
+	if (viabpf && ifoff_bpfrecv_enabled)
 		return (0);
 
 	return (EPERM);
 }
 
 static int
-mac_ifoff_bpfdesc_check_receive(struct bpf_d *d, struct label *dlabel,
+ifoff_bpfdesc_check_receive(struct bpf_d *d, struct label *dlabel,
     struct ifnet *ifp, struct label *ifplabel)
 {
 
@@ -125,7 +126,7 @@ mac_ifoff_bpfdesc_check_receive(struct bpf_d *d, struct label *dlabel,
 }
 
 static int
-mac_ifoff_ifnet_check_transmit(struct ifnet *ifp, struct label *ifplabel,
+ifoff_ifnet_check_transmit(struct ifnet *ifp, struct label *ifplabel,
     struct mbuf *m, struct label *mlabel)
 {
 
@@ -133,7 +134,7 @@ mac_ifoff_ifnet_check_transmit(struct ifnet *ifp, struct label *ifplabel,
 }
 
 static int
-mac_ifoff_inpcb_check_deliver(struct inpcb *inp, struct label *inplabel,
+ifoff_inpcb_check_deliver(struct inpcb *inp, struct label *inplabel,
     struct mbuf *m, struct label *mlabel)
 {
 
@@ -145,7 +146,7 @@ mac_ifoff_inpcb_check_deliver(struct inpcb *inp, struct label *inplabel,
 }
 
 static int
-mac_ifoff_socket_check_deliver(struct socket *so, struct label *solabel,
+ifoff_socket_check_deliver(struct socket *so, struct label *solabel,
     struct mbuf *m, struct label *mlabel)
 {
 
@@ -156,13 +157,13 @@ mac_ifoff_socket_check_deliver(struct socket *so, struct label *solabel,
 	return (0);
 }
 
-static struct mac_policy_ops mac_ifoff_ops =
+static struct mac_policy_ops ifoff_ops =
 {
-	.mpo_bpfdesc_check_receive = mac_ifoff_bpfdesc_check_receive,
-	.mpo_ifnet_check_transmit = mac_ifoff_ifnet_check_transmit,
-	.mpo_inpcb_check_deliver = mac_ifoff_inpcb_check_deliver,
-	.mpo_socket_check_deliver = mac_ifoff_socket_check_deliver,
+	.mpo_bpfdesc_check_receive = ifoff_bpfdesc_check_receive,
+	.mpo_ifnet_check_transmit = ifoff_ifnet_check_transmit,
+	.mpo_inpcb_check_deliver = ifoff_inpcb_check_deliver,
+	.mpo_socket_check_deliver = ifoff_socket_check_deliver,
 };
 
-MAC_POLICY_SET(&mac_ifoff_ops, mac_ifoff, "TrustedBSD MAC/ifoff",
+MAC_POLICY_SET(&ifoff_ops, mac_ifoff, "TrustedBSD MAC/ifoff",
     MPC_LOADTIME_FLAG_UNLOADOK, NULL);