diff options
| author | rwatson <rwatson@FreeBSD.org> | 2008-06-13 22:14:15 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2008-06-13 22:14:15 +0000 |
| commit | f07c38e84aa87001718dc3e4625bc30c9af3be89 (patch) | |
| tree | 73b558170fb5c7801f3fea0db4e1007d0362a79d /sys/security | |
| parent | 0dd1763fd61cb2c8ebe8fb606c1b6ee159ffd6e3 (diff) | |
| download | FreeBSD-src-f07c38e84aa87001718dc3e4625bc30c9af3be89.zip FreeBSD-src-f07c38e84aa87001718dc3e4625bc30c9af3be89.tar.gz | |
The TrustedBSD MAC Framework named struct ipq instances 'ipq', which is the
same as the global variable defined in ip_input.c. Instead, adopt the name
'q' as found in about 1/2 of uses in ip_input.c, preventing a collision on
the name. This is non-harmful, but means that search and replace on the
global works less well (as in the virtualization work), as well as indexing
tools.
MFC after: 1 week
Reported by: julian
Diffstat (limited to 'sys/security')
| -rw-r--r-- | sys/security/mac/mac_framework.h | 12 | ||||
| -rw-r--r-- | sys/security/mac/mac_inet.c | 28 | ||||
| -rw-r--r-- | sys/security/mac/mac_policy.h | 11 | ||||
| -rw-r--r-- | sys/security/mac_biba/mac_biba.c | 20 | ||||
| -rw-r--r-- | sys/security/mac_lomac/mac_lomac.c | 22 | ||||
| -rw-r--r-- | sys/security/mac_mls/mac_mls.c | 20 | ||||
| -rw-r--r-- | sys/security/mac_stub/mac_stub.c | 16 | ||||
| -rw-r--r-- | sys/security/mac_test/mac_test.c | 18 |
8 files changed, 73 insertions, 74 deletions
diff --git a/sys/security/mac/mac_framework.h b/sys/security/mac/mac_framework.h index fa574e9..9b02e4f 100644 --- a/sys/security/mac/mac_framework.h +++ b/sys/security/mac/mac_framework.h @@ -137,12 +137,12 @@ void mac_inpcb_destroy(struct inpcb *); int mac_inpcb_init(struct inpcb *, int); void mac_inpcb_sosetlabel(struct socket *so, struct inpcb *inp); -void mac_ipq_create(struct mbuf *m, struct ipq *ipq); -void mac_ipq_destroy(struct ipq *); -int mac_ipq_init(struct ipq *, int); -int mac_ipq_match(struct mbuf *m, struct ipq *ipq); -void mac_ipq_reassemble(struct ipq *ipq, struct mbuf *m); -void mac_ipq_update(struct mbuf *m, struct ipq *ipq); +void mac_ipq_create(struct mbuf *m, struct ipq *q); +void mac_ipq_destroy(struct ipq *q); +int mac_ipq_init(struct ipq *q, int); +int mac_ipq_match(struct mbuf *m, struct ipq *q); +void mac_ipq_reassemble(struct ipq *q, struct mbuf *m); +void mac_ipq_update(struct mbuf *m, struct ipq *q); int mac_kenv_check_dump(struct ucred *cred); int mac_kenv_check_get(struct ucred *cred, char *name); diff --git a/sys/security/mac/mac_inet.c b/sys/security/mac/mac_inet.c index 9356cd0..76268d3 100644 --- a/sys/security/mac/mac_inet.c +++ b/sys/security/mac/mac_inet.c @@ -117,11 +117,11 @@ mac_ipq_label_alloc(int flag) } int -mac_ipq_init(struct ipq *ipq, int flag) +mac_ipq_init(struct ipq *q, int flag) { - ipq->ipq_label = mac_ipq_label_alloc(flag); - if (ipq->ipq_label == NULL) + q->ipq_label = mac_ipq_label_alloc(flag); + if (q->ipq_label == NULL) return (ENOMEM); return (0); } @@ -151,11 +151,11 @@ mac_ipq_label_free(struct label *label) } void -mac_ipq_destroy(struct ipq *ipq) +mac_ipq_destroy(struct ipq *q) { - mac_ipq_label_free(ipq->ipq_label); - ipq->ipq_label = NULL; + mac_ipq_label_free(q->ipq_label); + q->ipq_label = NULL; } void @@ -166,13 +166,13 @@ mac_inpcb_create(struct socket *so, struct inpcb *inp) } void -mac_ipq_reassemble(struct ipq *ipq, struct mbuf *m) +mac_ipq_reassemble(struct ipq *q, struct mbuf *m) { struct label *label; label = mac_mbuf_to_label(m); - MAC_PERFORM(ipq_reassemble, ipq, ipq->ipq_label, m, label); + MAC_PERFORM(ipq_reassemble, q, q->ipq_label, m, label); } void @@ -187,13 +187,13 @@ mac_netinet_fragment(struct mbuf *m, struct mbuf *frag) } void -mac_ipq_create(struct mbuf *m, struct ipq *ipq) +mac_ipq_create(struct mbuf *m, struct ipq *q) { struct label *label; label = mac_mbuf_to_label(m); - MAC_PERFORM(ipq_create, m, label, ipq, ipq->ipq_label); + MAC_PERFORM(ipq_create, m, label, q, q->ipq_label); } void @@ -208,7 +208,7 @@ mac_inpcb_create_mbuf(struct inpcb *inp, struct mbuf *m) } int -mac_ipq_match(struct mbuf *m, struct ipq *ipq) +mac_ipq_match(struct mbuf *m, struct ipq *q) { struct label *label; int result; @@ -216,7 +216,7 @@ mac_ipq_match(struct mbuf *m, struct ipq *ipq) label = mac_mbuf_to_label(m); result = 1; - MAC_BOOLEAN(ipq_match, &&, m, label, ipq, ipq->ipq_label); + MAC_BOOLEAN(ipq_match, &&, m, label, q, q->ipq_label); return (result); } @@ -278,13 +278,13 @@ mac_netinet_tcp_reply(struct mbuf *m) } void -mac_ipq_update(struct mbuf *m, struct ipq *ipq) +mac_ipq_update(struct mbuf *m, struct ipq *q) { struct label *label; label = mac_mbuf_to_label(m); - MAC_PERFORM(ipq_update, m, label, ipq, ipq->ipq_label); + MAC_PERFORM(ipq_update, m, label, q, q->ipq_label); } int diff --git a/sys/security/mac/mac_policy.h b/sys/security/mac/mac_policy.h index 368558f..8f27ebb 100644 --- a/sys/security/mac/mac_policy.h +++ b/sys/security/mac/mac_policy.h @@ -199,16 +199,15 @@ typedef void (*mpo_inpcb_sosetlabel_t)(struct socket *so, struct label *inplabel); typedef void (*mpo_ipq_create_t)(struct mbuf *m, struct label *mlabel, - struct ipq *ipq, struct label *ipqlabel); + struct ipq *q, struct label *qlabel); typedef void (*mpo_ipq_destroy_label_t)(struct label *label); typedef int (*mpo_ipq_init_label_t)(struct label *label, int flag); typedef int (*mpo_ipq_match_t)(struct mbuf *m, struct label *mlabel, - struct ipq *ipq, struct label *ipqlabel); -typedef void (*mpo_ipq_reassemble)(struct ipq *ipq, - struct label *ipqlabel, struct mbuf *m, - struct label *mlabel); + struct ipq *q, struct label *qlabel); +typedef void (*mpo_ipq_reassemble)(struct ipq *q, struct label *qlabel, + struct mbuf *m, struct label *mlabel); typedef void (*mpo_ipq_update_t)(struct mbuf *m, struct label *mlabel, - struct ipq *ipq, struct label *ipqlabel); + struct ipq *q, struct label *qlabel); typedef int (*mpo_kenv_check_dump_t)(struct ucred *cred); typedef int (*mpo_kenv_check_get_t)(struct ucred *cred, char *name); diff --git a/sys/security/mac_biba/mac_biba.c b/sys/security/mac_biba/mac_biba.c index 052e8f3..08b735f 100644 --- a/sys/security/mac_biba/mac_biba.c +++ b/sys/security/mac_biba/mac_biba.c @@ -1155,36 +1155,36 @@ biba_inpcb_sosetlabel(struct socket *so, struct label *solabel, } static void -biba_ipq_create(struct mbuf *m, struct label *mlabel, struct ipq *ipq, - struct label *ipqlabel) +biba_ipq_create(struct mbuf *m, struct label *mlabel, struct ipq *q, + struct label *qlabel) { struct mac_biba *source, *dest; source = SLOT(mlabel); - dest = SLOT(ipqlabel); + dest = SLOT(qlabel); biba_copy_effective(source, dest); } static int -biba_ipq_match(struct mbuf *m, struct label *mlabel, struct ipq *ipq, - struct label *ipqlabel) +biba_ipq_match(struct mbuf *m, struct label *mlabel, struct ipq *q, + struct label *qlabel) { struct mac_biba *a, *b; - a = SLOT(ipqlabel); + a = SLOT(qlabel); b = SLOT(mlabel); return (biba_equal_effective(a, b)); } static void -biba_ipq_reassemble(struct ipq *ipq, struct label *ipqlabel, struct mbuf *m, +biba_ipq_reassemble(struct ipq *q, struct label *qlabel, struct mbuf *m, struct label *mlabel) { struct mac_biba *source, *dest; - source = SLOT(ipqlabel); + source = SLOT(qlabel); dest = SLOT(mlabel); /* Just use the head, since we require them all to match. */ @@ -1192,8 +1192,8 @@ biba_ipq_reassemble(struct ipq *ipq, struct label *ipqlabel, struct mbuf *m, } static void -biba_ipq_update(struct mbuf *m, struct label *mlabel, struct ipq *ipq, - struct label *ipqlabel) +biba_ipq_update(struct mbuf *m, struct label *mlabel, struct ipq *q, + struct label *qlabel) { /* NOOP: we only accept matching labels, so no need to update */ diff --git a/sys/security/mac_lomac/mac_lomac.c b/sys/security/mac_lomac/mac_lomac.c index 24dbefc..364a22f 100644 --- a/sys/security/mac_lomac/mac_lomac.c +++ b/sys/security/mac_lomac/mac_lomac.c @@ -1283,36 +1283,36 @@ lomac_inpcb_sosetlabel(struct socket *so, struct label *solabel, } static void -lomac_ipq_create(struct mbuf *m, struct label *mlabel, struct ipq *ipq, - struct label *ipqlabel) +lomac_ipq_create(struct mbuf *m, struct label *mlabel, struct ipq *q, + struct label *qlabel) { struct mac_lomac *source, *dest; source = SLOT(mlabel); - dest = SLOT(ipqlabel); + dest = SLOT(qlabel); lomac_copy_single(source, dest); } static int -lomac_ipq_match(struct mbuf *m, struct label *mlabel, struct ipq *ipq, - struct label *ipqlabel) +lomac_ipq_match(struct mbuf *m, struct label *mlabel, struct ipq *q, + struct label *qlabel) { struct mac_lomac *a, *b; - a = SLOT(ipqlabel); + a = SLOT(qlabel); b = SLOT(mlabel); return (lomac_equal_single(a, b)); } static void -lomac_ipq_reassemble(struct ipq *ipq, struct label *ipqlabel, - struct mbuf *m, struct label *mlabel) +lomac_ipq_reassemble(struct ipq *q, struct label *qlabel, struct mbuf *m, + struct label *mlabel) { struct mac_lomac *source, *dest; - source = SLOT(ipqlabel); + source = SLOT(qlabel); dest = SLOT(mlabel); /* Just use the head, since we require them all to match. */ @@ -1320,8 +1320,8 @@ lomac_ipq_reassemble(struct ipq *ipq, struct label *ipqlabel, } static void -lomac_ipq_update(struct mbuf *m, struct label *mlabel, struct ipq *ipq, - struct label *ipqlabel) +lomac_ipq_update(struct mbuf *m, struct label *mlabel, struct ipq *q, + struct label *qlabel) { /* NOOP: we only accept matching labels, so no need to update */ diff --git a/sys/security/mac_mls/mac_mls.c b/sys/security/mac_mls/mac_mls.c index acf9423..d92b739 100644 --- a/sys/security/mac_mls/mac_mls.c +++ b/sys/security/mac_mls/mac_mls.c @@ -1075,36 +1075,36 @@ mls_inpcb_sosetlabel(struct socket *so, struct label *solabel, } static void -mls_ipq_create(struct mbuf *m, struct label *mlabel, struct ipq *ipq, - struct label *ipqlabel) +mls_ipq_create(struct mbuf *m, struct label *mlabel, struct ipq *q, + struct label *qlabel) { struct mac_mls *source, *dest; source = SLOT(mlabel); - dest = SLOT(ipqlabel); + dest = SLOT(qlabel); mls_copy_effective(source, dest); } static int -mls_ipq_match(struct mbuf *m, struct label *mlabel, struct ipq *ipq, - struct label *ipqlabel) +mls_ipq_match(struct mbuf *m, struct label *mlabel, struct ipq *q, + struct label *qlabel) { struct mac_mls *a, *b; - a = SLOT(ipqlabel); + a = SLOT(qlabel); b = SLOT(mlabel); return (mls_equal_effective(a, b)); } static void -mls_ipq_reassemble(struct ipq *ipq, struct label *ipqlabel, struct mbuf *m, +mls_ipq_reassemble(struct ipq *q, struct label *qlabel, struct mbuf *m, struct label *mlabel) { struct mac_mls *source, *dest; - source = SLOT(ipqlabel); + source = SLOT(qlabel); dest = SLOT(mlabel); /* Just use the head, since we require them all to match. */ @@ -1112,8 +1112,8 @@ mls_ipq_reassemble(struct ipq *ipq, struct label *ipqlabel, struct mbuf *m, } static void -mls_ipq_update(struct mbuf *m, struct label *mlabel, struct ipq *ipq, - struct label *ipqlabel) +mls_ipq_update(struct mbuf *m, struct label *mlabel, struct ipq *q, + struct label *qlabel) { /* NOOP: we only accept matching labels, so no need to update */ diff --git a/sys/security/mac_stub/mac_stub.c b/sys/security/mac_stub/mac_stub.c index 165e7bb..6c8f2f5 100644 --- a/sys/security/mac_stub/mac_stub.c +++ b/sys/security/mac_stub/mac_stub.c @@ -307,30 +307,30 @@ stub_inpcb_sosetlabel(struct socket *so, struct label *solabel, } static void -stub_ipq_create(struct mbuf *m, struct label *mlabel, struct ipq *ipq, - struct label *ipqlabel) +stub_ipq_create(struct mbuf *m, struct label *mlabel, struct ipq *q, + struct label *qlabel) { } static int -stub_ipq_match(struct mbuf *m, struct label *mlabel, struct ipq *ipq, - struct label *ipqlabel) +stub_ipq_match(struct mbuf *m, struct label *mlabel, struct ipq *q, + struct label *qlabel) { return (1); } static void -stub_ipq_reassemble(struct ipq *ipq, struct label *ipqlabel, - struct mbuf *m, struct label *mlabel) +stub_ipq_reassemble(struct ipq *q, struct label *qlabel, struct mbuf *m, + struct label *mlabel) { } static void -stub_ipq_update(struct mbuf *m, struct label *mlabel, struct ipq *ipq, - struct label *ipqlabel) +stub_ipq_update(struct mbuf *m, struct label *mlabel, struct ipq *q, + struct label *qlabel) { } diff --git a/sys/security/mac_test/mac_test.c b/sys/security/mac_test/mac_test.c index 14d3b80..bacebd4 100644 --- a/sys/security/mac_test/mac_test.c +++ b/sys/security/mac_test/mac_test.c @@ -553,11 +553,11 @@ test_inpcb_sosetlabel(struct socket *so, struct label *solabel, COUNTER_DECL(ipq_create); static void test_ipq_create(struct mbuf *fragment, struct label *fragmentlabel, - struct ipq *ipq, struct label *ipqlabel) + struct ipq *q, struct label *qlabel) { LABEL_CHECK(fragmentlabel, MAGIC_MBUF); - LABEL_CHECK(ipqlabel, MAGIC_IPQ); + LABEL_CHECK(qlabel, MAGIC_IPQ); COUNTER_INC(ipq_create); } @@ -588,11 +588,11 @@ test_ipq_init_label(struct label *label, int flag) COUNTER_DECL(ipq_match); static int test_ipq_match(struct mbuf *fragment, struct label *fragmentlabel, - struct ipq *ipq, struct label *ipqlabel) + struct ipq *q, struct label *qlabel) { LABEL_CHECK(fragmentlabel, MAGIC_MBUF); - LABEL_CHECK(ipqlabel, MAGIC_IPQ); + LABEL_CHECK(qlabel, MAGIC_IPQ); COUNTER_INC(ipq_match); return (1); @@ -600,23 +600,23 @@ test_ipq_match(struct mbuf *fragment, struct label *fragmentlabel, COUNTER_DECL(ipq_reassemble); static void -test_ipq_reassemble(struct ipq *ipq, struct label *ipqlabel, struct mbuf *m, +test_ipq_reassemble(struct ipq *q, struct label *qlabel, struct mbuf *m, struct label *mlabel) { - LABEL_CHECK(ipqlabel, MAGIC_IPQ); + LABEL_CHECK(qlabel, MAGIC_IPQ); LABEL_CHECK(mlabel, MAGIC_MBUF); COUNTER_INC(ipq_reassemble); } COUNTER_DECL(ipq_update); static void -test_ipq_update(struct mbuf *m, struct label *mlabel, struct ipq *ipq, - struct label *ipqlabel) +test_ipq_update(struct mbuf *m, struct label *mlabel, struct ipq *q, + struct label *qlabel) { LABEL_CHECK(mlabel, MAGIC_MBUF); - LABEL_CHECK(ipqlabel, MAGIC_IPQ); + LABEL_CHECK(qlabel, MAGIC_IPQ); COUNTER_INC(ipq_update); } |
