summaryrefslogtreecommitdiffstats
path: root/sys/security
diff options
context:
space:
mode:
authorrwatson <rwatson@FreeBSD.org>2005-07-05 23:39:51 +0000
committerrwatson <rwatson@FreeBSD.org>2005-07-05 23:39:51 +0000
commit5e71112509f619704ade66a8c8429cb90bfff811 (patch)
tree003ec2c9d889fea416f06bf59091e4fb88ea39d8 /sys/security
parentefcac3d02eb12bd48b935fce603dac730c4f0f40 (diff)
downloadFreeBSD-src-5e71112509f619704ade66a8c8429cb90bfff811.zip
FreeBSD-src-5e71112509f619704ade66a8c8429cb90bfff811.tar.gz
Eliminate MAC entry point mac_create_mbuf_from_mbuf(), which is
redundant with respect to existing mbuf copy label routines. Expose a new mac_copy_mbuf() routine at the top end of the Framework and use that; use the existing mpo_copy_mbuf_label() routine on the bottom end. Obtained from: TrustedBSD Project Sponsored by: SPARTA, SPAWAR Approved by: re (scottl)
Diffstat (limited to 'sys/security')
-rw-r--r--sys/security/mac/mac_framework.h2
-rw-r--r--sys/security/mac/mac_net.c23
-rw-r--r--sys/security/mac/mac_policy.h3
-rw-r--r--sys/security/mac_biba/mac_biba.c22
-rw-r--r--sys/security/mac_lomac/mac_lomac.c22
-rw-r--r--sys/security/mac_mls/mac_mls.c22
-rw-r--r--sys/security/mac_stub/mac_stub.c9
-rw-r--r--sys/security/mac_test/mac_test.c11
8 files changed, 12 insertions, 102 deletions
diff --git a/sys/security/mac/mac_framework.h b/sys/security/mac/mac_framework.h
index e071c8a..810c320 100644
--- a/sys/security/mac/mac_framework.h
+++ b/sys/security/mac/mac_framework.h
@@ -166,6 +166,7 @@ int mac_init_mbuf_tag(struct m_tag *, int flag);
void mac_init_mount(struct mount *);
void mac_init_proc(struct proc *);
void mac_init_vnode(struct vnode *);
+void mac_copy_mbuf(struct mbuf *m_from, struct mbuf *m_to);
void mac_copy_mbuf_tag(struct m_tag *, struct m_tag *);
void mac_copy_vnode_label(struct label *, struct label *label);
void mac_destroy_bpfdesc(struct bpf_d *);
@@ -255,7 +256,6 @@ void mac_create_ipq(struct mbuf *fragment, struct ipq *ipq);
void mac_create_datagram_from_ipq(struct ipq *ipq, struct mbuf *datagram);
void mac_create_fragment(struct mbuf *datagram, struct mbuf *fragment);
void mac_create_mbuf_from_inpcb(struct inpcb *inp, struct mbuf *m);
-void mac_create_mbuf_from_mbuf(struct mbuf *oldmbuf, struct mbuf *newmbuf);
void mac_create_mbuf_linklayer(struct ifnet *ifnet, struct mbuf *m);
void mac_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct mbuf *m);
void mac_create_mbuf_from_ifnet(struct ifnet *ifnet, struct mbuf *m);
diff --git a/sys/security/mac/mac_net.c b/sys/security/mac/mac_net.c
index d0afba9..8883e66 100644
--- a/sys/security/mac/mac_net.c
+++ b/sys/security/mac/mac_net.c
@@ -253,6 +253,17 @@ mac_copy_mbuf_tag(struct m_tag *src, struct m_tag *dest)
MAC_PERFORM(copy_mbuf_label, src_label, dest_label);
}
+void
+mac_copy_mbuf(struct mbuf *m_from, struct mbuf *m_to)
+{
+ struct label *src_label, *dest_label;
+
+ src_label = mac_mbuf_to_label(m_from);
+ dest_label = mac_mbuf_to_label(m_to);
+
+ MAC_PERFORM(copy_mbuf_label, src_label, dest_label);
+}
+
static void
mac_copy_ifnet_label(struct label *src, struct label *dest)
{
@@ -298,18 +309,6 @@ mac_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d)
}
void
-mac_create_mbuf_from_mbuf(struct mbuf *oldmbuf, struct mbuf *newmbuf)
-{
- struct label *oldmbuflabel, *newmbuflabel;
-
- oldmbuflabel = mac_mbuf_to_label(oldmbuf);
- newmbuflabel = mac_mbuf_to_label(newmbuf);
-
- MAC_PERFORM(create_mbuf_from_mbuf, oldmbuf, oldmbuflabel, newmbuf,
- newmbuflabel);
-}
-
-void
mac_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct mbuf *mbuf)
{
struct label *label;
diff --git a/sys/security/mac/mac_policy.h b/sys/security/mac/mac_policy.h
index 9076493..6f10638 100644
--- a/sys/security/mac/mac_policy.h
+++ b/sys/security/mac/mac_policy.h
@@ -284,9 +284,6 @@ struct mac_policy_ops {
void (*mpo_create_mbuf_from_inpcb)(struct inpcb *inp,
struct label *inplabel, struct mbuf *m,
struct label *mlabel);
- void (*mpo_create_mbuf_from_mbuf)(struct mbuf *oldmbuf,
- struct label *oldlabel, struct mbuf *newmbuf,
- struct label *newlabel);
void (*mpo_create_mbuf_linklayer)(struct ifnet *ifnet,
struct label *ifnetlabel, struct mbuf *mbuf,
struct label *mbuflabel);
diff --git a/sys/security/mac_biba/mac_biba.c b/sys/security/mac_biba/mac_biba.c
index 0f5ffc1..8faf806 100644
--- a/sys/security/mac_biba/mac_biba.c
+++ b/sys/security/mac_biba/mac_biba.c
@@ -1285,27 +1285,6 @@ mac_biba_create_mbuf_from_inpcb(struct inpcb *inp, struct label *inplabel,
}
static void
-mac_biba_create_mbuf_from_mbuf(struct mbuf *oldmbuf,
- struct label *oldmbuflabel, struct mbuf *newmbuf,
- struct label *newmbuflabel)
-{
- struct mac_biba *source, *dest;
-
- source = SLOT(oldmbuflabel);
- dest = SLOT(newmbuflabel);
-
- /*
- * Because the source mbuf may not yet have been "created",
- * just initialized, we do a conditional copy. Since we don't
- * allow mbufs to have ranges, do a KASSERT to make sure that
- * doesn't happen.
- */
- KASSERT((source->mb_flags & MAC_BIBA_FLAG_RANGE) == 0,
- ("mac_biba_create_mbuf_from_mbuf: source mbuf has range"));
- mac_biba_copy(source, dest);
-}
-
-static void
mac_biba_create_mbuf_linklayer(struct ifnet *ifnet, struct label *ifnetlabel,
struct mbuf *mbuf, struct label *mbuflabel)
{
@@ -3135,7 +3114,6 @@ static struct mac_policy_ops mac_biba_ops =
.mpo_create_sysv_shm = mac_biba_create_sysv_shm,
.mpo_create_ipq = mac_biba_create_ipq,
.mpo_create_mbuf_from_inpcb = mac_biba_create_mbuf_from_inpcb,
- .mpo_create_mbuf_from_mbuf = mac_biba_create_mbuf_from_mbuf,
.mpo_create_mbuf_linklayer = mac_biba_create_mbuf_linklayer,
.mpo_create_mbuf_from_bpfdesc = mac_biba_create_mbuf_from_bpfdesc,
.mpo_create_mbuf_from_ifnet = mac_biba_create_mbuf_from_ifnet,
diff --git a/sys/security/mac_lomac/mac_lomac.c b/sys/security/mac_lomac/mac_lomac.c
index c4c001a..1a090ec 100644
--- a/sys/security/mac_lomac/mac_lomac.c
+++ b/sys/security/mac_lomac/mac_lomac.c
@@ -1355,27 +1355,6 @@ mac_lomac_create_mbuf_from_inpcb(struct inpcb *inp, struct label *inplabel,
}
static void
-mac_lomac_create_mbuf_from_mbuf(struct mbuf *oldmbuf,
- struct label *oldmbuflabel, struct mbuf *newmbuf,
- struct label *newmbuflabel)
-{
- struct mac_lomac *source, *dest;
-
- source = SLOT(oldmbuflabel);
- dest = SLOT(newmbuflabel);
-
- /*
- * Because the source mbuf may not yet have been "created",
- * just initialized, we do a conditional copy. Since we don't
- * allow mbufs to have ranges, do a KASSERT to make sure that
- * doesn't happen.
- */
- KASSERT((source->ml_flags & MAC_LOMAC_FLAG_RANGE) == 0,
- ("mac_lomac_create_mbuf_from_mbuf: source mbuf has range"));
- mac_lomac_copy(source, dest);
-}
-
-static void
mac_lomac_create_mbuf_linklayer(struct ifnet *ifnet, struct label *ifnetlabel,
struct mbuf *mbuf, struct label *mbuflabel)
{
@@ -2663,7 +2642,6 @@ static struct mac_policy_ops mac_lomac_ops =
.mpo_create_inpcb_from_socket = mac_lomac_create_inpcb_from_socket,
.mpo_create_ipq = mac_lomac_create_ipq,
.mpo_create_mbuf_from_inpcb = mac_lomac_create_mbuf_from_inpcb,
- .mpo_create_mbuf_from_mbuf = mac_lomac_create_mbuf_from_mbuf,
.mpo_create_mbuf_linklayer = mac_lomac_create_mbuf_linklayer,
.mpo_create_mbuf_from_bpfdesc = mac_lomac_create_mbuf_from_bpfdesc,
.mpo_create_mbuf_from_ifnet = mac_lomac_create_mbuf_from_ifnet,
diff --git a/sys/security/mac_mls/mac_mls.c b/sys/security/mac_mls/mac_mls.c
index b630355..a6c1511 100644
--- a/sys/security/mac_mls/mac_mls.c
+++ b/sys/security/mac_mls/mac_mls.c
@@ -1214,27 +1214,6 @@ mac_mls_create_mbuf_from_inpcb(struct inpcb *inp, struct label *inplabel,
}
static void
-mac_mls_create_mbuf_from_mbuf(struct mbuf *oldmbuf,
- struct label *oldmbuflabel, struct mbuf *newmbuf,
- struct label *newmbuflabel)
-{
- struct mac_mls *source, *dest;
-
- source = SLOT(oldmbuflabel);
- dest = SLOT(newmbuflabel);
-
- /*
- * Because the source mbuf may not yet have been "created",
- * just initialized, we do a conditional copy. Since we don't
- * allow mbufs to have ranges, do a KASSERT to make sure that
- * doesn't happen.
- */
- KASSERT((source->mm_flags & MAC_MLS_FLAG_RANGE) == 0,
- ("mac_mls_create_mbuf_from_mbuf: source mbuf has range"));
- mac_mls_copy(source, dest);
-}
-
-static void
mac_mls_create_mbuf_linklayer(struct ifnet *ifnet, struct label *ifnetlabel,
struct mbuf *mbuf, struct label *mbuflabel)
{
@@ -2909,7 +2888,6 @@ static struct mac_policy_ops mac_mls_ops =
.mpo_create_sysv_sem = mac_mls_create_sysv_sem,
.mpo_create_sysv_shm = mac_mls_create_sysv_shm,
.mpo_create_mbuf_from_inpcb = mac_mls_create_mbuf_from_inpcb,
- .mpo_create_mbuf_from_mbuf = mac_mls_create_mbuf_from_mbuf,
.mpo_create_mbuf_linklayer = mac_mls_create_mbuf_linklayer,
.mpo_create_mbuf_from_bpfdesc = mac_mls_create_mbuf_from_bpfdesc,
.mpo_create_mbuf_from_ifnet = mac_mls_create_mbuf_from_ifnet,
diff --git a/sys/security/mac_stub/mac_stub.c b/sys/security/mac_stub/mac_stub.c
index 16551d7..f22a48a 100644
--- a/sys/security/mac_stub/mac_stub.c
+++ b/sys/security/mac_stub/mac_stub.c
@@ -402,14 +402,6 @@ stub_create_mbuf_from_inpcb(struct inpcb *inp, struct label *inplabel,
}
static void
-stub_create_mbuf_from_mbuf(struct mbuf *oldmbuf,
- struct label *oldmbuflabel, struct mbuf *newmbuf,
- struct label *newmbuflabel)
-{
-
-}
-
-static void
stub_create_mbuf_linklayer(struct ifnet *ifnet, struct label *ifnetlabel,
struct mbuf *mbuf, struct label *mbuflabel)
{
@@ -1467,7 +1459,6 @@ static struct mac_policy_ops mac_stub_ops =
.mpo_create_fragment = stub_create_fragment,
.mpo_create_ipq = stub_create_ipq,
.mpo_create_mbuf_from_inpcb = stub_create_mbuf_from_inpcb,
- .mpo_create_mbuf_from_mbuf = stub_create_mbuf_from_mbuf,
.mpo_create_mbuf_linklayer = stub_create_mbuf_linklayer,
.mpo_create_mbuf_from_bpfdesc = stub_create_mbuf_from_bpfdesc,
.mpo_create_mbuf_from_ifnet = stub_create_mbuf_from_ifnet,
diff --git a/sys/security/mac_test/mac_test.c b/sys/security/mac_test/mac_test.c
index 42a1037..312287e 100644
--- a/sys/security/mac_test/mac_test.c
+++ b/sys/security/mac_test/mac_test.c
@@ -1140,16 +1140,6 @@ mac_test_create_mbuf_from_inpcb(struct inpcb *inp, struct label *inplabel,
}
static void
-mac_test_create_mbuf_from_mbuf(struct mbuf *oldmbuf,
- struct label *oldmbuflabel, struct mbuf *newmbuf,
- struct label *newmbuflabel)
-{
-
- ASSERT_MBUF_LABEL(oldmbuflabel);
- ASSERT_MBUF_LABEL(newmbuflabel);
-}
-
-static void
mac_test_create_mbuf_linklayer(struct ifnet *ifnet, struct label *ifnetlabel,
struct mbuf *mbuf, struct label *mbuflabel)
{
@@ -2503,7 +2493,6 @@ static struct mac_policy_ops mac_test_ops =
.mpo_create_fragment = mac_test_create_fragment,
.mpo_create_ipq = mac_test_create_ipq,
.mpo_create_mbuf_from_inpcb = mac_test_create_mbuf_from_inpcb,
- .mpo_create_mbuf_from_mbuf = mac_test_create_mbuf_from_mbuf,
.mpo_create_mbuf_linklayer = mac_test_create_mbuf_linklayer,
.mpo_create_mbuf_from_bpfdesc = mac_test_create_mbuf_from_bpfdesc,
.mpo_create_mbuf_from_ifnet = mac_test_create_mbuf_from_ifnet,
OpenPOWER on IntegriCloud