diff options
| author | rwatson <rwatson@FreeBSD.org> | 2007-02-06 14:19:25 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2007-02-06 14:19:25 +0000 |
| commit | 19777f08023deb4d6171525896812b717dd9c968 (patch) | |
| tree | 5dc8beed75f16d01bef656c68bffd5b9829a48ff /sys/security/mac_partition | |
| parent | f82b2337b98055d193bfafd3608aa0505161ec29 (diff) | |
| download | FreeBSD-src-19777f08023deb4d6171525896812b717dd9c968.zip FreeBSD-src-19777f08023deb4d6171525896812b717dd9c968.tar.gz | |
Introduce accessor functions mac_label_get() and mac_label_set() to replace
LABEL_TO_SLOT() macro used by policy modules to query and set label data
in struct label. Instead of using a union, store an intptr_t, simplifying
the API.
Update policies: in most cases this required only small tweaks to current
wrapper macros. In two cases, a single wrapper macros had to be split into
separate get and set macros.
Move struct label definition from _label.h to mac_internal.h and remove
_label.h. With this change, policies may now treat struct label * as
opaque, allowing us to change the layout of struct label without breaking
the policy module ABI. For example, we could make the maximum number of
policies with labels modifiable at boot-time rather than just at
compile-time.
Obtained from: TrustedBSD Project
Diffstat (limited to 'sys/security/mac_partition')
| -rw-r--r-- | sys/security/mac_partition/mac_partition.c | 21 |
1 files changed, 11 insertions, 10 deletions
diff --git a/sys/security/mac_partition/mac_partition.c b/sys/security/mac_partition/mac_partition.c index 1b282e8..76420a5 100644 --- a/sys/security/mac_partition/mac_partition.c +++ b/sys/security/mac_partition/mac_partition.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 1999-2002 Robert N. M. Watson + * Copyright (c) 1999-2002, 2007 Robert N. M. Watson * Copyright (c) 2001-2002 Networks Associates Technology, Inc. * All rights reserved. * @@ -79,7 +79,8 @@ SYSCTL_INT(_security_mac_partition, OID_AUTO, enabled, CTLFLAG_RW, &mac_partition_enabled, 0, "Enforce partition policy"); static int partition_slot; -#define SLOT(l) (LABEL_TO_SLOT((l), partition_slot).l_long) +#define SLOT(l) mac_label_get((l), partition_slot) +#define SLOT_SET(l, v) mac_label_set((l), partition_slot, (v)) static void mac_partition_init(struct mac_policy_conf *conf) @@ -91,21 +92,21 @@ static void mac_partition_init_label(struct label *label) { - SLOT(label) = 0; + SLOT_SET(label, 0); } static void mac_partition_destroy_label(struct label *label) { - SLOT(label) = 0; + SLOT_SET(label, 0); } static void mac_partition_copy_label(struct label *src, struct label *dest) { - SLOT(dest) = SLOT(src); + SLOT_SET(dest, SLOT(src)); } static int @@ -118,7 +119,7 @@ mac_partition_externalize_label(struct label *label, char *element_name, (*claimed)++; - if (sbuf_printf(sb, "%ld", SLOT(label)) == -1) + if (sbuf_printf(sb, "%d", SLOT(label)) == -1) return (EINVAL); else return (0); @@ -133,7 +134,7 @@ mac_partition_internalize_label(struct label *label, char *element_name, return (0); (*claimed)++; - SLOT(label) = strtol(element_data, NULL, 10); + SLOT_SET(label, strtol(element_data, NULL, 10)); return (0); } @@ -141,14 +142,14 @@ static void mac_partition_create_proc0(struct ucred *cred) { - SLOT(cred->cr_label) = 0; + SLOT_SET(cred->cr_label, 0); } static void mac_partition_create_proc1(struct ucred *cred) { - SLOT(cred->cr_label) = 0; + SLOT_SET(cred->cr_label, 0); } static void @@ -156,7 +157,7 @@ mac_partition_relabel_cred(struct ucred *cred, struct label *newlabel) { if (SLOT(newlabel) != 0) - SLOT(cred->cr_label) = SLOT(newlabel); + SLOT_SET(cred->cr_label, SLOT(newlabel)); } static int |
