diff options
author | rwatson <rwatson@FreeBSD.org> | 2007-04-23 13:15:23 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2007-04-23 13:15:23 +0000 |
commit | 7ffc2492aefff9e4350fa66d015e86a00a98f452 (patch) | |
tree | 0db2f0a84f3f87dab9a1c320711f201aa8cf85bf /sys | |
parent | 19d0863e4a316a5e0fdee76bf46871a721ac383d (diff) | |
download | FreeBSD-src-7ffc2492aefff9e4350fa66d015e86a00a98f452.zip FreeBSD-src-7ffc2492aefff9e4350fa66d015e86a00a98f452.tar.gz |
Apply variable name normalization to MAC policies: adopt global conventions
for the naming of variables associated with specific data structures.
Obtained from: TrustedBSD Project
Diffstat (limited to 'sys')
-rw-r--r-- | sys/security/mac_biba/mac_biba.c | 422 | ||||
-rw-r--r-- | sys/security/mac_bsdextended/mac_bsdextended.c | 67 | ||||
-rw-r--r-- | sys/security/mac_ifoff/mac_ifoff.c | 28 | ||||
-rw-r--r-- | sys/security/mac_lomac/mac_lomac.c | 401 | ||||
-rw-r--r-- | sys/security/mac_mls/mac_mls.c | 429 | ||||
-rw-r--r-- | sys/security/mac_partition/mac_partition.c | 25 | ||||
-rw-r--r-- | sys/security/mac_portacl/mac_portacl.c | 7 | ||||
-rw-r--r-- | sys/security/mac_seeotheruids/mac_seeotheruids.c | 34 | ||||
-rw-r--r-- | sys/security/mac_stub/mac_stub.c | 279 | ||||
-rw-r--r-- | sys/security/mac_test/mac_test.c | 304 |
10 files changed, 995 insertions, 1001 deletions
diff --git a/sys/security/mac_biba/mac_biba.c b/sys/security/mac_biba/mac_biba.c index 663ea5b..f2d973a 100644 --- a/sys/security/mac_biba/mac_biba.c +++ b/sys/security/mac_biba/mac_biba.c @@ -784,12 +784,12 @@ mac_biba_copy_label(struct label *src, struct label *dest) */ static void mac_biba_create_devfs_device(struct ucred *cred, struct mount *mp, - struct cdev *dev, struct devfs_dirent *devfs_dirent, struct label *label) + struct cdev *dev, struct devfs_dirent *de, struct label *delabel) { struct mac_biba *mac_biba; int biba_type; - mac_biba = SLOT(label); + mac_biba = SLOT(delabel); if (strcmp(dev->si_name, "null") == 0 || strcmp(dev->si_name, "zero") == 0 || strcmp(dev->si_name, "random") == 0 || @@ -806,11 +806,11 @@ mac_biba_create_devfs_device(struct ucred *cred, struct mount *mp, static void mac_biba_create_devfs_directory(struct mount *mp, char *dirname, - int dirnamelen, struct devfs_dirent *devfs_dirent, struct label *label) + int dirnamelen, struct devfs_dirent *de, struct label *delabel) { struct mac_biba *mac_biba; - mac_biba = SLOT(label); + mac_biba = SLOT(delabel); mac_biba_set_effective(mac_biba, MAC_BIBA_TYPE_HIGH, 0, NULL); } @@ -829,36 +829,35 @@ mac_biba_create_devfs_symlink(struct ucred *cred, struct mount *mp, static void mac_biba_create_mount(struct ucred *cred, struct mount *mp, - struct label *mntlabel) + struct label *mplabel) { struct mac_biba *source, *dest; source = SLOT(cred->cr_label); - dest = SLOT(mntlabel); + dest = SLOT(mplabel); mac_biba_copy_effective(source, dest); } static void mac_biba_relabel_vnode(struct ucred *cred, struct vnode *vp, - struct label *vnodelabel, struct label *label) + struct label *vplabel, struct label *newlabel) { struct mac_biba *source, *dest; - source = SLOT(label); - dest = SLOT(vnodelabel); + source = SLOT(newlabel); + dest = SLOT(vplabel); mac_biba_copy(source, dest); } static void -mac_biba_update_devfsdirent(struct mount *mp, - struct devfs_dirent *devfs_dirent, struct label *direntlabel, - struct vnode *vp, struct label *vnodelabel) +mac_biba_update_devfsdirent(struct mount *mp, struct devfs_dirent *de, + struct label *delabel, struct vnode *vp, struct label *vplabel) { struct mac_biba *source, *dest; - source = SLOT(vnodelabel); - dest = SLOT(direntlabel); + source = SLOT(vplabel); + dest = SLOT(delabel); mac_biba_copy(source, dest); } @@ -866,25 +865,25 @@ mac_biba_update_devfsdirent(struct mount *mp, static void mac_biba_associate_vnode_devfs(struct mount *mp, struct label *mntlabel, struct devfs_dirent *de, struct label *delabel, struct vnode *vp, - struct label *vlabel) + struct label *vplabel) { struct mac_biba *source, *dest; source = SLOT(delabel); - dest = SLOT(vlabel); + dest = SLOT(vplabel); mac_biba_copy_effective(source, dest); } static int -mac_biba_associate_vnode_extattr(struct mount *mp, struct label *mntlabel, - struct vnode *vp, struct label *vlabel) +mac_biba_associate_vnode_extattr(struct mount *mp, struct label *mplabel, + struct vnode *vp, struct label *vplabel) { struct mac_biba temp, *source, *dest; int buflen, error; - source = SLOT(mntlabel); - dest = SLOT(vlabel); + source = SLOT(mplabel); + dest = SLOT(vplabel); buflen = sizeof(temp); bzero(&temp, buflen); @@ -918,20 +917,20 @@ mac_biba_associate_vnode_extattr(struct mount *mp, struct label *mntlabel, static void mac_biba_associate_vnode_singlelabel(struct mount *mp, - struct label *mntlabel, struct vnode *vp, struct label *vlabel) + struct label *mplabel, struct vnode *vp, struct label *vplabel) { struct mac_biba *source, *dest; - source = SLOT(mntlabel); - dest = SLOT(vlabel); + source = SLOT(mplabel); + dest = SLOT(vplabel); mac_biba_copy_effective(source, dest); } static int mac_biba_create_vnode_extattr(struct ucred *cred, struct mount *mp, - struct label *mntlabel, struct vnode *dvp, struct label *dlabel, - struct vnode *vp, struct label *vlabel, struct componentname *cnp) + struct label *mplabel, struct vnode *dvp, struct label *dvplabel, + struct vnode *vp, struct label *vplabel, struct componentname *cnp) { struct mac_biba *source, *dest, temp; size_t buflen; @@ -941,7 +940,7 @@ mac_biba_create_vnode_extattr(struct ucred *cred, struct mount *mp, bzero(&temp, buflen); source = SLOT(cred->cr_label); - dest = SLOT(vlabel); + dest = SLOT(vplabel); mac_biba_copy_effective(source, &temp); error = vn_extattr_set(vp, IO_NODELOCKED, MAC_BIBA_EXTATTR_NAMESPACE, @@ -953,7 +952,7 @@ mac_biba_create_vnode_extattr(struct ucred *cred, struct mount *mp, static int mac_biba_setlabel_vnode_extattr(struct ucred *cred, struct vnode *vp, - struct label *vlabel, struct label *intlabel) + struct label *vplabel, struct label *intlabel) { struct mac_biba *source, temp; size_t buflen; @@ -989,37 +988,37 @@ mac_biba_create_inpcb_from_socket(struct socket *so, struct label *solabel, } static void -mac_biba_create_mbuf_from_socket(struct socket *so, struct label *socketlabel, - struct mbuf *m, struct label *mbuflabel) +mac_biba_create_mbuf_from_socket(struct socket *so, struct label *solabel, + struct mbuf *m, struct label *mlabel) { struct mac_biba *source, *dest; - source = SLOT(socketlabel); - dest = SLOT(mbuflabel); + source = SLOT(solabel); + dest = SLOT(mlabel); mac_biba_copy_effective(source, dest); } static void -mac_biba_create_socket(struct ucred *cred, struct socket *socket, - struct label *socketlabel) +mac_biba_create_socket(struct ucred *cred, struct socket *so, + struct label *solabel) { struct mac_biba *source, *dest; source = SLOT(cred->cr_label); - dest = SLOT(socketlabel); + dest = SLOT(solabel); mac_biba_copy_effective(source, dest); } static void mac_biba_create_pipe(struct ucred *cred, struct pipepair *pp, - struct label *pipelabel) + struct label *pplabel) { struct mac_biba *source, *dest; source = SLOT(cred->cr_label); - dest = SLOT(pipelabel); + dest = SLOT(pplabel); mac_biba_copy_effective(source, dest); } @@ -1037,50 +1036,49 @@ mac_biba_create_posix_sem(struct ucred *cred, struct ksem *ksemptr, } static void -mac_biba_create_socket_from_socket(struct socket *oldsocket, - struct label *oldsocketlabel, struct socket *newsocket, - struct label *newsocketlabel) +mac_biba_create_socket_from_socket(struct socket *oldso, + struct label *oldsolabel, struct socket *newso, struct label *newsolabel) { struct mac_biba *source, *dest; - source = SLOT(oldsocketlabel); - dest = SLOT(newsocketlabel); + source = SLOT(oldsolabel); + dest = SLOT(newsolabel); mac_biba_copy_effective(source, dest); } static void -mac_biba_relabel_socket(struct ucred *cred, struct socket *socket, - struct label *socketlabel, struct label *newlabel) +mac_biba_relabel_socket(struct ucred *cred, struct socket *so, + struct label *solabel, struct label *newlabel) { struct mac_biba *source, *dest; source = SLOT(newlabel); - dest = SLOT(socketlabel); + dest = SLOT(solabel); mac_biba_copy(source, dest); } static void mac_biba_relabel_pipe(struct ucred *cred, struct pipepair *pp, - struct label *pipelabel, struct label *newlabel) + struct label *pplabel, struct label *newlabel) { struct mac_biba *source, *dest; source = SLOT(newlabel); - dest = SLOT(pipelabel); + dest = SLOT(pplabel); mac_biba_copy(source, dest); } static void -mac_biba_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel, - struct socket *socket, struct label *socketpeerlabel) +mac_biba_set_socket_peer_from_mbuf(struct mbuf *m, struct label *mlabel, + struct socket *so, struct label *sopeerlabel) { struct mac_biba *source, *dest; - source = SLOT(mbuflabel); - dest = SLOT(socketpeerlabel); + source = SLOT(mlabel); + dest = SLOT(sopeerlabel); mac_biba_copy_effective(source, dest); } @@ -1088,7 +1086,6 @@ mac_biba_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel, /* * Labeling event operations: System V IPC objects. */ - static void mac_biba_create_sysv_msgmsg(struct ucred *cred, struct msqid_kernel *msqkptr, struct label *msqlabel, struct msg *msgptr, struct label *msglabel) @@ -1142,41 +1139,41 @@ mac_biba_create_sysv_shm(struct ucred *cred, struct shmid_kernel *shmsegptr, * Labeling event operations: network objects. */ static void -mac_biba_set_socket_peer_from_socket(struct socket *oldsocket, - struct label *oldsocketlabel, struct socket *newsocket, - struct label *newsocketpeerlabel) +mac_biba_set_socket_peer_from_socket(struct socket *oldso, + struct label *oldsolabel, struct socket *newso, + struct label *newsopeerlabel) { struct mac_biba *source, *dest; - source = SLOT(oldsocketlabel); - dest = SLOT(newsocketpeerlabel); + source = SLOT(oldsolabel); + dest = SLOT(newsopeerlabel); mac_biba_copy_effective(source, dest); } static void -mac_biba_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d, - struct label *bpflabel) +mac_biba_create_bpfdesc(struct ucred *cred, struct bpf_d *d, + struct label *dlabel) { struct mac_biba *source, *dest; source = SLOT(cred->cr_label); - dest = SLOT(bpflabel); + dest = SLOT(dlabel); mac_biba_copy_effective(source, dest); } static void -mac_biba_create_ifnet(struct ifnet *ifnet, struct label *ifnetlabel) +mac_biba_create_ifnet(struct ifnet *ifp, struct label *ifplabel) { char tifname[IFNAMSIZ], *p, *q; char tiflist[sizeof(trusted_interfaces)]; struct mac_biba *dest; int len, type; - dest = SLOT(ifnetlabel); + dest = SLOT(ifplabel); - if (ifnet->if_type == IFT_LOOP || interfaces_equal != 0) { + if (ifp->if_type == IFT_LOOP || interfaces_equal != 0) { type = MAC_BIBA_TYPE_EQUAL; goto set; } @@ -1203,7 +1200,7 @@ mac_biba_create_ifnet(struct ifnet *ifnet, struct label *ifnetlabel) if (len < IFNAMSIZ) { bzero(tifname, sizeof(tifname)); bcopy(q, tifname, len); - if (strcmp(tifname, ifnet->if_xname) == 0) { + if (strcmp(tifname, ifp->if_xname) == 0) { type = MAC_BIBA_TYPE_HIGH; break; } @@ -1224,12 +1221,12 @@ set: } static void -mac_biba_create_ipq(struct mbuf *fragment, struct label *fragmentlabel, - struct ipq *ipq, struct label *ipqlabel) +mac_biba_create_ipq(struct mbuf *m, struct label *mlabel, struct ipq *ipq, + struct label *ipqlabel) { struct mac_biba *source, *dest; - source = SLOT(fragmentlabel); + source = SLOT(mlabel); dest = SLOT(ipqlabel); mac_biba_copy_effective(source, dest); @@ -1237,25 +1234,25 @@ mac_biba_create_ipq(struct mbuf *fragment, struct label *fragmentlabel, static void mac_biba_create_datagram_from_ipq(struct ipq *ipq, struct label *ipqlabel, - struct mbuf *datagram, struct label *datagramlabel) + struct mbuf *m, struct label *mlabel) { struct mac_biba *source, *dest; source = SLOT(ipqlabel); - dest = SLOT(datagramlabel); + dest = SLOT(mlabel); /* Just use the head, since we require them all to match. */ mac_biba_copy_effective(source, dest); } static void -mac_biba_create_fragment(struct mbuf *datagram, struct label *datagramlabel, - struct mbuf *fragment, struct label *fragmentlabel) +mac_biba_create_fragment(struct mbuf *m, struct label *mlabel, + struct mbuf *frag, struct label *fraglabel) { struct mac_biba *source, *dest; - source = SLOT(datagramlabel); - dest = SLOT(fragmentlabel); + source = SLOT(mlabel); + dest = SLOT(fraglabel); mac_biba_copy_effective(source, dest); } @@ -1273,92 +1270,92 @@ mac_biba_create_mbuf_from_inpcb(struct inpcb *inp, struct label *inplabel, } static void -mac_biba_create_mbuf_linklayer(struct ifnet *ifnet, struct label *ifnetlabel, - struct mbuf *mbuf, struct label *mbuflabel) +mac_biba_create_mbuf_linklayer(struct ifnet *ifp, struct label *ifplabel, + struct mbuf *m, struct label *mlabel) { struct mac_biba *dest; - dest = SLOT(mbuflabel); + dest = SLOT(mlabel); mac_biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL); } static void -mac_biba_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct label *bpflabel, - struct mbuf *mbuf, struct label *mbuflabel) +mac_biba_create_mbuf_from_bpfdesc(struct bpf_d *d, struct label *dlabel, + struct mbuf *m, struct label *mlabel) { struct mac_biba *source, *dest; - source = SLOT(bpflabel); - dest = SLOT(mbuflabel); + source = SLOT(dlabel); + dest = SLOT(mlabel); mac_biba_copy_effective(source, dest); } static void -mac_biba_create_mbuf_from_ifnet(struct ifnet *ifnet, struct label *ifnetlabel, - struct mbuf *m, struct label *mbuflabel) +mac_biba_create_mbuf_from_ifnet(struct ifnet *ifp, struct label *ifplabel, + struct mbuf *m, struct label *mlabel) { struct mac_biba *source, *dest; - source = SLOT(ifnetlabel); - dest = SLOT(mbuflabel); + source = SLOT(ifplabel); + dest = SLOT(mlabel); mac_biba_copy_effective(source, dest); } static void -mac_biba_create_mbuf_multicast_encap(struct mbuf *oldmbuf, - struct label *oldmbuflabel, struct ifnet *ifnet, struct label *ifnetlabel, - struct mbuf *newmbuf, struct label *newmbuflabel) +mac_biba_create_mbuf_multicast_encap(struct mbuf *m, struct label *mlabel, + struct ifnet *ifp, struct label *ifplabel, struct mbuf *mnew, + struct label *mnewlabel) { struct mac_biba *source, *dest; - source = SLOT(oldmbuflabel); - dest = SLOT(newmbuflabel); + source = SLOT(mlabel); + dest = SLOT(mnewlabel); mac_biba_copy_effective(source, dest); } static void -mac_biba_create_mbuf_netlayer(struct mbuf *oldmbuf, struct label *oldmbuflabel, - struct mbuf *newmbuf, struct label *newmbuflabel) +mac_biba_create_mbuf_netlayer(struct mbuf *m, struct label *mlabel, + struct mbuf *newm, struct label *mnewlabel) { struct mac_biba *source, *dest; - source = SLOT(oldmbuflabel); - dest = SLOT(newmbuflabel); + source = SLOT(mlabel); + dest = SLOT(mnewlabel); mac_biba_copy_effective(source, dest); } static int -mac_biba_fragment_match(struct mbuf *fragment, struct label *fragmentlabel, +mac_biba_fragment_match(struct mbuf *m, struct label *mlabel, struct ipq *ipq, struct label *ipqlabel) { struct mac_biba *a, *b; a = SLOT(ipqlabel); - b = SLOT(fragmentlabel); + b = SLOT(mlabel); return (mac_biba_equal_effective(a, b)); } static void -mac_biba_relabel_ifnet(struct ucred *cred, struct ifnet *ifnet, - struct label *ifnetlabel, struct label *newlabel) +mac_biba_relabel_ifnet(struct ucred *cred, struct ifnet *ifp, + struct label *ifplabel, struct label *newlabel) { struct mac_biba *source, *dest; source = SLOT(newlabel); - dest = SLOT(ifnetlabel); + dest = SLOT(ifplabel); mac_biba_copy(source, dest); } static void -mac_biba_update_ipq(struct mbuf *fragment, struct label *fragmentlabel, - struct ipq *ipq, struct label *ipqlabel) +mac_biba_update_ipq(struct mbuf *m, struct label *mlabel, struct ipq *ipq, + struct label *ipqlabel) { /* NOOP: we only accept matching labels, so no need to update */ @@ -1459,16 +1456,16 @@ mac_biba_cleanup_sysv_shm(struct label *shmlabel) * Access control checks. */ static int -mac_biba_check_bpfdesc_receive(struct bpf_d *bpf_d, struct label *bpflabel, - struct ifnet *ifnet, struct label *ifnetlabel) +mac_biba_check_bpfdesc_receive(struct bpf_d *d, struct label *dlabel, + struct ifnet *ifp, struct label *ifplabel) { struct mac_biba *a, *b; if (!mac_biba_enabled) return (0); - a = SLOT(bpflabel); - b = SLOT(ifnetlabel); + a = SLOT(dlabel); + b = SLOT(ifplabel); if (mac_biba_equal_effective(a, b)) return (0); @@ -1556,8 +1553,8 @@ mac_biba_check_cred_visible(struct ucred *u1, struct ucred *u2) } static int -mac_biba_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifnet, - struct label *ifnetlabel, struct label *newlabel) +mac_biba_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifp, + struct label *ifplabel, struct label *newlabel) { struct mac_biba *subj, *new; int error; @@ -1584,16 +1581,16 @@ mac_biba_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifnet, } static int -mac_biba_check_ifnet_transmit(struct ifnet *ifnet, struct label *ifnetlabel, - struct mbuf *m, struct label *mbuflabel) +mac_biba_check_ifnet_transmit(struct ifnet *ifp, struct label *ifplabel, + struct mbuf *m, struct label *mlabel) { struct mac_biba *p, *i; if (!mac_biba_enabled) return (0); - p = SLOT(mbuflabel); - i = SLOT(ifnetlabel); + p = SLOT(mlabel); + i = SLOT(ifplabel); return (mac_biba_effective_in_range(p, i) ? 0 : EACCES); } @@ -1773,7 +1770,6 @@ mac_biba_check_sysv_semctl(struct ucred *cred, struct semid_kernel *semakptr, return (0); } - static int mac_biba_check_sysv_semget(struct ucred *cred, struct semid_kernel *semakptr, struct label *semaklabel) @@ -1890,7 +1886,7 @@ mac_biba_check_sysv_shmget(struct ucred *cred, struct shmid_kernel *shmsegptr, static int mac_biba_check_kld_load(struct ucred *cred, struct vnode *vp, - struct label *label) + struct label *vplabel) { struct mac_biba *subj, *obj; int error; @@ -1904,17 +1900,16 @@ mac_biba_check_kld_load(struct ucred *cred, struct vnode *vp, if (error) return (error); - obj = SLOT(label); + obj = SLOT(vplabel); if (!mac_biba_high_effective(obj)) return (EACCES); return (0); } - static int mac_biba_check_mount_stat(struct ucred *cred, struct mount *mp, - struct label *mntlabel) + struct label *mplabel) { struct mac_biba *subj, *obj; @@ -1922,7 +1917,7 @@ mac_biba_check_mount_stat(struct ucred *cred, struct mount *mp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(mntlabel); + obj = SLOT(mplabel); if (!mac_biba_dominate_effective(obj, subj)) return (EACCES); @@ -1932,7 +1927,7 @@ mac_biba_check_mount_stat(struct ucred *cred, struct mount *mp, static int mac_biba_check_pipe_ioctl(struct ucred *cred, struct pipepair *pp, - struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data) + struct label *pplabel, unsigned long cmd, void /* caddr_t */ *data) { if(!mac_biba_enabled) @@ -1945,7 +1940,7 @@ mac_biba_check_pipe_ioctl(struct ucred *cred, struct pipepair *pp, static int mac_biba_check_pipe_poll(struct ucred *cred, struct pipepair *pp, - struct label *pipelabel) + struct label *pplabel) { struct mac_biba *subj, *obj; @@ -1953,7 +1948,7 @@ mac_biba_check_pipe_poll(struct ucred *cred, struct pipepair *pp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT((pipelabel)); + obj = SLOT(pplabel); if (!mac_biba_dominate_effective(obj, subj)) return (EACCES); @@ -1963,7 +1958,7 @@ mac_biba_check_pipe_poll(struct ucred *cred, struct pipepair *pp, static int mac_biba_check_pipe_read(struct ucred *cred, struct pipepair *pp, - struct label *pipelabel) + struct label *pplabel) { struct mac_biba *subj, *obj; @@ -1971,7 +1966,7 @@ mac_biba_check_pipe_read(struct ucred *cred, struct pipepair *pp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT((pipelabel)); + obj = SLOT(pplabel); if (!mac_biba_dominate_effective(obj, subj)) return (EACCES); @@ -1981,14 +1976,14 @@ mac_biba_check_pipe_read(struct ucred *cred, struct pipepair *pp, static int mac_biba_check_pipe_relabel(struct ucred *cred, struct pipepair *pp, - struct label *pipelabel, struct label *newlabel) + struct label *pplabel, struct label *newlabel) { struct mac_biba *subj, *obj, *new; int error; new = SLOT(newlabel); subj = SLOT(cred->cr_label); - obj = SLOT(pipelabel); + obj = SLOT(pplabel); /* * If there is a Biba label update for a pipe, it must be a @@ -2032,7 +2027,7 @@ mac_biba_check_pipe_relabel(struct ucred *cred, struct pipepair *pp, static int mac_biba_check_pipe_stat(struct ucred *cred, struct pipepair *pp, - struct label *pipelabel) + struct label *pplabel) { struct mac_biba *subj, *obj; @@ -2040,7 +2035,7 @@ mac_biba_check_pipe_stat(struct ucred *cred, struct pipepair *pp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT((pipelabel)); + obj = SLOT(pplabel); if (!mac_biba_dominate_effective(obj, subj)) return (EACCES); @@ -2050,7 +2045,7 @@ mac_biba_check_pipe_stat(struct ucred *cred, struct pipepair *pp, static int mac_biba_check_pipe_write(struct ucred *cred, struct pipepair *pp, - struct label *pipelabel) + struct label *pplabel) { struct mac_biba *subj, *obj; @@ -2058,7 +2053,7 @@ mac_biba_check_pipe_write(struct ucred *cred, struct pipepair *pp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT((pipelabel)); + obj = SLOT(pplabel); if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); @@ -2103,7 +2098,7 @@ mac_biba_check_posix_sem_rdonly(struct ucred *cred, struct ksem *ksemptr, } static int -mac_biba_check_proc_debug(struct ucred *cred, struct proc *proc) +mac_biba_check_proc_debug(struct ucred *cred, struct proc *p) { struct mac_biba *subj, *obj; @@ -2111,7 +2106,7 @@ mac_biba_check_proc_debug(struct ucred *cred, struct proc *proc) return (0); subj = SLOT(cred->cr_label); - obj = SLOT(proc->p_ucred->cr_label); + obj = SLOT(p->p_ucred->cr_label); /* XXX: range checks */ if (!mac_biba_dominate_effective(obj, subj)) @@ -2123,7 +2118,7 @@ mac_biba_check_proc_debug(struct ucred *cred, struct proc *proc) } static int -mac_biba_check_proc_sched(struct ucred *cred, struct proc *proc) +mac_biba_check_proc_sched(struct ucred *cred, struct proc *p) { struct mac_biba *subj, *obj; @@ -2131,7 +2126,7 @@ mac_biba_check_proc_sched(struct ucred *cred, struct proc *proc) return (0); subj = SLOT(cred->cr_label); - obj = SLOT(proc->p_ucred->cr_label); + obj = SLOT(p->p_ucred->cr_label); /* XXX: range checks */ if (!mac_biba_dominate_effective(obj, subj)) @@ -2143,7 +2138,7 @@ mac_biba_check_proc_sched(struct ucred *cred, struct proc *proc) } static int -mac_biba_check_proc_signal(struct ucred *cred, struct proc *proc, int signum) +mac_biba_check_proc_signal(struct ucred *cred, struct proc *p, int signum) { struct mac_biba *subj, *obj; @@ -2151,7 +2146,7 @@ mac_biba_check_proc_signal(struct ucred *cred, struct proc *proc, int signum) return (0); subj = SLOT(cred->cr_label); - obj = SLOT(proc->p_ucred->cr_label); + obj = SLOT(p->p_ucred->cr_label); /* XXX: range checks */ if (!mac_biba_dominate_effective(obj, subj)) @@ -2163,30 +2158,30 @@ mac_biba_check_proc_signal(struct ucred *cred, struct proc *proc, int signum) } static int -mac_biba_check_socket_deliver(struct socket *so, struct label *socketlabel, - struct mbuf *m, struct label *mbuflabel) +mac_biba_check_socket_deliver(struct socket *so, struct label *solabel, + struct mbuf *m, struct label *mlabel) { struct mac_biba *p, *s; if (!mac_biba_enabled) return (0); - p = SLOT(mbuflabel); - s = SLOT(socketlabel); + p = SLOT(mlabel); + s = SLOT(solabel); return (mac_biba_equal_effective(p, s) ? 0 : EACCES); } static int mac_biba_check_socket_relabel(struct ucred *cred, struct socket *so, - struct label *socketlabel, struct label *newlabel) + struct label *solabel, struct label *newlabel) { struct mac_biba *subj, *obj, *new; int error; new = SLOT(newlabel); subj = SLOT(cred->cr_label); - obj = SLOT(socketlabel); + obj = SLOT(solabel); /* * If there is a Biba label update for the socket, it may be @@ -2229,8 +2224,8 @@ mac_biba_check_socket_relabel(struct ucred *cred, struct socket *so, } static int -mac_biba_check_socket_visible(struct ucred *cred, struct socket *socket, - struct label *socketlabel) +mac_biba_check_socket_visible(struct ucred *cred, struct socket *so, + struct label *solabel) { struct mac_biba *subj, *obj; @@ -2238,7 +2233,7 @@ mac_biba_check_socket_visible(struct ucred *cred, struct socket *socket, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(socketlabel); + obj = SLOT(solabel); if (!mac_biba_dominate_effective(obj, subj)) return (ENOENT); @@ -2437,7 +2432,7 @@ mac_biba_priv_check(struct ucred *cred, int priv) static int mac_biba_check_system_acct(struct ucred *cred, struct vnode *vp, - struct label *label) + struct label *vplabel) { struct mac_biba *subj, *obj; int error; @@ -2451,10 +2446,10 @@ mac_biba_check_system_acct(struct ucred *cred, struct vnode *vp, if (error) return (error); - if (label == NULL) + if (vplabel == NULL) return (0); - obj = SLOT(label); + obj = SLOT(vplabel); if (!mac_biba_high_effective(obj)) return (EACCES); @@ -2507,7 +2502,7 @@ mac_biba_check_system_auditon(struct ucred *cred, int cmd) static int mac_biba_check_system_swapon(struct ucred *cred, struct vnode *vp, - struct label *label) + struct label *vplabel) { struct mac_biba *subj, *obj; int error; @@ -2516,7 +2511,7 @@ mac_biba_check_system_swapon(struct ucred *cred, struct vnode *vp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(label); + obj = SLOT(vplabel); error = mac_biba_subject_privileged(subj); if (error) @@ -2577,7 +2572,7 @@ mac_biba_check_system_sysctl(struct ucred *cred, struct sysctl_oid *oidp, static int mac_biba_check_vnode_chdir(struct ucred *cred, struct vnode *dvp, - struct label *dlabel) + struct label *dvplabel) { struct mac_biba *subj, *obj; @@ -2585,7 +2580,7 @@ mac_biba_check_vnode_chdir(struct ucred *cred, struct vnode *dvp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(dlabel); + obj = SLOT(dvplabel); if (!mac_biba_dominate_effective(obj, subj)) return (EACCES); @@ -2595,7 +2590,7 @@ mac_biba_check_vnode_chdir(struct ucred *cred, struct vnode *dvp, static int mac_biba_check_vnode_chroot(struct ucred *cred, struct vnode *dvp, - struct label *dlabel) + struct label *dvplabel) { struct mac_biba *subj, *obj; @@ -2603,7 +2598,7 @@ mac_biba_check_vnode_chroot(struct ucred *cred, struct vnode *dvp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(dlabel); + obj = SLOT(dvplabel); if (!mac_biba_dominate_effective(obj, subj)) return (EACCES); @@ -2613,7 +2608,7 @@ mac_biba_check_vnode_chroot(struct ucred *cred, struct vnode *dvp, static int mac_biba_check_vnode_create(struct ucred *cred, struct vnode *dvp, - struct label *dlabel, struct componentname *cnp, struct vattr *vap) + struct label *dvplabel, struct componentname *cnp, struct vattr *vap) { struct mac_biba *subj, *obj; @@ -2621,7 +2616,7 @@ mac_biba_check_vnode_create(struct ucred *cred, struct vnode *dvp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(dlabel); + obj = SLOT(dvplabel); if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); @@ -2631,7 +2626,7 @@ mac_biba_check_vnode_create(struct ucred *cred, struct vnode *dvp, static int mac_biba_check_vnode_delete(struct ucred *cred, struct vnode *dvp, - struct label *dlabel, struct vnode *vp, struct label *label, + struct label *dvplabel, struct vnode *vp, struct label *vplabel, struct componentname *cnp) { struct mac_biba *subj, *obj; @@ -2640,12 +2635,12 @@ mac_biba_check_vnode_delete(struct ucred *cred, struct vnode *dvp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(dlabel); + obj = SLOT(dvplabel); if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); - obj = SLOT(label); + obj = SLOT(vplabel); if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); @@ -2655,7 +2650,7 @@ mac_biba_check_vnode_delete(struct ucred *cred, struct vnode *dvp, static int mac_biba_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, - struct label *label, acl_type_t type) + struct label *vplabel, acl_type_t type) { struct mac_biba *subj, *obj; @@ -2663,7 +2658,7 @@ mac_biba_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(label); + obj = SLOT(vplabel); if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); @@ -2673,7 +2668,7 @@ mac_biba_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, static int mac_biba_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp, - struct label *label, int attrnamespace, const char *name) + struct label *vplabel, int attrnamespace, const char *name) { struct mac_biba *subj, *obj; @@ -2681,7 +2676,7 @@ mac_biba_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(label); + obj = SLOT(vplabel); if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); @@ -2691,7 +2686,7 @@ mac_biba_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp, static int mac_biba_check_vnode_exec(struct ucred *cred, struct vnode *vp, - struct label *label, struct image_params *imgp, + struct label *vplabel, struct image_params *imgp, struct label *execlabel) { struct mac_biba *subj, *obj, *exec; @@ -2713,7 +2708,7 @@ mac_biba_check_vnode_exec(struct ucred *cred, struct vnode *vp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(label); + obj = SLOT(vplabel); if (!mac_biba_dominate_effective(obj, subj)) return (EACCES); @@ -2723,7 +2718,7 @@ mac_biba_check_vnode_exec(struct ucred *cred, struct vnode *vp, static int mac_biba_check_vnode_getacl(struct ucred *cred, struct vnode *vp, - struct label *label, acl_type_t type) + struct label *vplabel, acl_type_t type) { struct mac_biba *subj, *obj; @@ -2731,7 +2726,7 @@ mac_biba_check_vnode_getacl(struct ucred *cred, struct vnode *vp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(label); + obj = SLOT(vplabel); if (!mac_biba_dominate_effective(obj, subj)) return (EACCES); @@ -2741,7 +2736,8 @@ mac_biba_check_vnode_getacl(struct ucred *cred, struct vnode *vp, static int mac_biba_check_vnode_getextattr(struct ucred *cred, struct vnode *vp, - struct label *label, int attrnamespace, const char *name, struct uio *uio) + struct label *vplabel, int attrnamespace, const char *name, + struct uio *uio) { struct mac_biba *subj, *obj; @@ -2749,7 +2745,7 @@ mac_biba_check_vnode_getextattr(struct ucred *cred, struct vnode *vp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(label); + obj = SLOT(vplabel); if (!mac_biba_dominate_effective(obj, subj)) return (EACCES); @@ -2759,7 +2755,7 @@ mac_biba_check_vnode_getextattr(struct ucred *cred, struct vnode *vp, static int mac_biba_check_vnode_link(struct ucred *cred, struct vnode *dvp, - struct label *dlabel, struct vnode *vp, struct label *label, + struct label *dvplabel, struct vnode *vp, struct label *vplabel, struct componentname *cnp) { struct mac_biba *subj, *obj; @@ -2768,12 +2764,12 @@ mac_biba_check_vnode_link(struct ucred *cred, struct vnode *dvp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(dlabel); + obj = SLOT(dvplabel); if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); - obj = SLOT(label); + obj = SLOT(vplabel); if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); @@ -2783,7 +2779,7 @@ mac_biba_check_vnode_link(struct ucred *cred, struct vnode *dvp, static int mac_biba_check_vnode_listextattr(struct ucred *cred, struct vnode *vp, - struct label *label, int attrnamespace) + struct label *vplabel, int attrnamespace) { struct mac_biba *subj, *obj; @@ -2791,7 +2787,7 @@ mac_biba_check_vnode_listextattr(struct ucred *cred, struct vnode *vp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(label); + obj = SLOT(vplabel); if (!mac_biba_dominate_effective(obj, subj)) return (EACCES); @@ -2801,7 +2797,7 @@ mac_biba_check_vnode_listextattr(struct ucred *cred, struct vnode *vp, static int mac_biba_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, - struct label *dlabel, struct componentname *cnp) + struct label *dvplabel, struct componentname *cnp) { struct mac_biba *subj, *obj; @@ -2809,7 +2805,7 @@ mac_biba_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(dlabel); + obj = SLOT(dvplabel); if (!mac_biba_dominate_effective(obj, subj)) return (EACCES); @@ -2819,7 +2815,7 @@ mac_biba_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, static int mac_biba_check_vnode_mmap(struct ucred *cred, struct vnode *vp, - struct label *label, int prot, int flags) + struct label *vplabel, int prot, int flags) { struct mac_biba *subj, *obj; @@ -2831,7 +2827,7 @@ mac_biba_check_vnode_mmap(struct ucred *cred, struct vnode *vp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(label); + obj = SLOT(vplabel); if (prot & (VM_PROT_READ | VM_PROT_EXECUTE)) { if (!mac_biba_dominate_effective(obj, subj)) @@ -2847,7 +2843,7 @@ mac_biba_check_vnode_mmap(struct ucred *cred, struct vnode *vp, static int mac_biba_check_vnode_open(struct ucred *cred, struct vnode *vp, - struct label *vnodelabel, int acc_mode) + struct label *vplabel, int acc_mode) { struct mac_biba *subj, *obj; @@ -2855,7 +2851,7 @@ mac_biba_check_vnode_open(struct ucred *cred, struct vnode *vp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(vnodelabel); + obj = SLOT(vplabel); /* XXX privilege override for admin? */ if (acc_mode & (VREAD | VEXEC | VSTAT)) { @@ -2872,7 +2868,7 @@ mac_biba_check_vnode_open(struct ucred *cred, struct vnode *vp, static int mac_biba_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred, - struct vnode *vp, struct label *label) + struct vnode *vp, struct label *vplabel) { struct mac_biba *subj, *obj; @@ -2880,7 +2876,7 @@ mac_biba_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred, return (0); subj = SLOT(active_cred->cr_label); - obj = SLOT(label); + obj = SLOT(vplabel); if (!mac_biba_dominate_effective(obj, subj)) return (EACCES); @@ -2890,7 +2886,7 @@ mac_biba_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred, static int mac_biba_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred, - struct vnode *vp, struct label *label) + struct vnode *vp, struct label *vplabel) { struct mac_biba *subj, *obj; @@ -2898,7 +2894,7 @@ mac_biba_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred, return (0); subj = SLOT(active_cred->cr_label); - obj = SLOT(label); + obj = SLOT(vplabel); if (!mac_biba_dominate_effective(obj, subj)) return (EACCES); @@ -2908,7 +2904,7 @@ mac_biba_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred, static int mac_biba_check_vnode_readdir(struct ucred *cred, struct vnode *dvp, - struct label *dlabel) + struct label *dvplabel) { struct mac_biba *subj, *obj; @@ -2916,7 +2912,7 @@ mac_biba_check_vnode_readdir(struct ucred *cred, struct vnode *dvp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(dlabel); + obj = SLOT(dvplabel); if (!mac_biba_dominate_effective(obj, subj)) return (EACCES); @@ -2926,7 +2922,7 @@ mac_biba_check_vnode_readdir(struct ucred *cred, struct vnode *dvp, static int mac_biba_check_vnode_readlink(struct ucred *cred, struct vnode *vp, - struct label *label) + struct label *vplabel) { struct mac_biba *subj, *obj; @@ -2934,7 +2930,7 @@ mac_biba_check_vnode_readlink(struct ucred *cred, struct vnode *vp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(label); + obj = SLOT(vplabel); if (!mac_biba_dominate_effective(obj, subj)) return (EACCES); @@ -2944,12 +2940,12 @@ mac_biba_check_vnode_readlink(struct ucred *cred, struct vnode *vp, static int mac_biba_check_vnode_relabel(struct ucred *cred, struct vnode *vp, - struct label *vnodelabel, struct label *newlabel) + struct label *vplabel, struct label *newlabel) { struct mac_biba *old, *new, *subj; int error; - old = SLOT(vnodelabel); + old = SLOT(vplabel); new = SLOT(newlabel); subj = SLOT(cred->cr_label); @@ -2995,7 +2991,7 @@ mac_biba_check_vnode_relabel(struct ucred *cred, struct vnode *vp, static int mac_biba_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp, - struct label *dlabel, struct vnode *vp, struct label *label, + struct label *dvplabel, struct vnode *vp, struct label *vplabel, struct componentname *cnp) { struct mac_biba *subj, *obj; @@ -3004,12 +3000,12 @@ mac_biba_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(dlabel); + obj = SLOT(dvplabel); if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); - obj = SLOT(label); + obj = SLOT(vplabel); if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); @@ -3019,8 +3015,8 @@ mac_biba_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp, static int mac_biba_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp, - struct label *dlabel, struct vnode *vp, struct label *label, int samedir, - struct componentname *cnp) + struct label *dvplabel, struct vnode *vp, struct label *vplabel, + int samedir, struct componentname *cnp) { struct mac_biba *subj, *obj; @@ -3028,13 +3024,13 @@ mac_biba_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(dlabel); + obj = SLOT(dvplabel); if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); if (vp != NULL) { - obj = SLOT(label); + obj = SLOT(vplabel); if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); @@ -3045,7 +3041,7 @@ mac_biba_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp, static int mac_biba_check_vnode_revoke(struct ucred *cred, struct vnode *vp, - struct label *label) + struct label *vplabel) { struct mac_biba *subj, *obj; @@ -3053,7 +3049,7 @@ mac_biba_check_vnode_revoke(struct ucred *cred, struct vnode *vp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(label); + obj = SLOT(vplabel); if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); @@ -3063,7 +3059,7 @@ mac_biba_check_vnode_revoke(struct ucred *cred, struct vnode *vp, static int mac_biba_check_vnode_setacl(struct ucred *cred, struct vnode *vp, - struct label *label, acl_type_t type, struct acl *acl) + struct label *vplabel, acl_type_t type, struct acl *acl) { struct mac_biba *subj, *obj; @@ -3071,7 +3067,7 @@ mac_biba_check_vnode_setacl(struct ucred *cred, struct vnode *vp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(label); + obj = SLOT(vplabel); if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); @@ -3081,7 +3077,7 @@ mac_biba_check_vnode_setacl(struct ucred *cred, struct vnode *vp, static int mac_biba_check_vnode_setextattr(struct ucred *cred, struct vnode *vp, - struct label *vnodelabel, int attrnamespace, const char *name, + struct label *vplabel, int attrnamespace, const char *name, struct uio *uio) { struct mac_biba *subj, *obj; @@ -3090,7 +3086,7 @@ mac_biba_check_vnode_setextattr(struct ucred *cred, struct vnode *vp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(vnodelabel); + obj = SLOT(vplabel); if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); @@ -3102,7 +3098,7 @@ mac_biba_check_vnode_setextattr(struct ucred *cred, struct vnode *vp, static int mac_biba_check_vnode_setflags(struct ucred *cred, struct vnode *vp, - struct label *vnodelabel, u_long flags) + struct label *vplabel, u_long flags) { struct mac_biba *subj, *obj; @@ -3110,7 +3106,7 @@ mac_biba_check_vnode_setflags(struct ucred *cred, struct vnode *vp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(vnodelabel); + obj = SLOT(vplabel); if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); @@ -3120,7 +3116,7 @@ mac_biba_check_vnode_setflags(struct ucred *cred, struct vnode *vp, static int mac_biba_check_vnode_setmode(struct ucred *cred, struct vnode *vp, - struct label *vnodelabel, mode_t mode) + struct label *vplabel, mode_t mode) { struct mac_biba *subj, *obj; @@ -3128,7 +3124,7 @@ mac_biba_check_vnode_setmode(struct ucred *cred, struct vnode *vp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(vnodelabel); + obj = SLOT(vplabel); if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); @@ -3138,7 +3134,7 @@ mac_biba_check_vnode_setmode(struct ucred *cred, struct vnode *vp, static int mac_biba_check_vnode_setowner(struct ucred *cred, struct vnode *vp, - struct label *vnodelabel, uid_t uid, gid_t gid) + struct label *vplabel, uid_t uid, gid_t gid) { struct mac_biba *subj, *obj; @@ -3146,7 +3142,7 @@ mac_biba_check_vnode_setowner(struct ucred *cred, struct vnode *vp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(vnodelabel); + obj = SLOT(vplabel); if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); @@ -3156,7 +3152,7 @@ mac_biba_check_vnode_setowner(struct ucred *cred, struct vnode *vp, static int mac_biba_check_vnode_setutimes(struct ucred *cred, struct vnode *vp, - struct label *vnodelabel, struct timespec atime, struct timespec mtime) + struct label *vplabel, struct timespec atime, struct timespec mtime) { struct mac_biba *subj, *obj; @@ -3164,7 +3160,7 @@ mac_biba_check_vnode_setutimes(struct ucred *cred, struct vnode *vp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(vnodelabel); + obj = SLOT(vplabel); if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); @@ -3174,7 +3170,7 @@ mac_biba_check_vnode_setutimes(struct ucred *cred, struct vnode *vp, static int mac_biba_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred, - struct vnode *vp, struct label *vnodelabel) + struct vnode *vp, struct label *vplabel) { struct mac_biba *subj, *obj; @@ -3182,7 +3178,7 @@ mac_biba_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred, return (0); subj = SLOT(active_cred->cr_label); - obj = SLOT(vnodelabel); + obj = SLOT(vplabel); if (!mac_biba_dominate_effective(obj, subj)) return (EACCES); @@ -3192,7 +3188,7 @@ mac_biba_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred, static int mac_biba_check_vnode_write(struct ucred *active_cred, - struct ucred *file_cred, struct vnode *vp, struct label *label) + struct ucred *file_cred, struct vnode *vp, struct label *vplabel) { struct mac_biba *subj, *obj; @@ -3200,7 +3196,7 @@ mac_biba_check_vnode_write(struct ucred *active_cred, return (0); subj = SLOT(active_cred->cr_label); - obj = SLOT(label); + obj = SLOT(vplabel); if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); @@ -3231,12 +3227,12 @@ mac_biba_init_syncache_from_inpcb(struct label *label, struct inpcb *inp) static void mac_biba_create_mbuf_from_syncache(struct label *sc_label, struct mbuf *m, - struct label *mbuf_label) + struct label *mlabel) { struct mac_biba *source, *dest; source = SLOT(sc_label); - dest = SLOT(mbuf_label); + dest = SLOT(mlabel); mac_biba_copy_effective(source, dest); } diff --git a/sys/security/mac_bsdextended/mac_bsdextended.c b/sys/security/mac_bsdextended/mac_bsdextended.c index da99f2b..7d8603e 100644 --- a/sys/security/mac_bsdextended/mac_bsdextended.c +++ b/sys/security/mac_bsdextended/mac_bsdextended.c @@ -489,7 +489,7 @@ mac_bsdextended_check_vp(struct ucred *cred, struct vnode *vp, int acc_mode) static int mac_bsdextended_check_system_acct(struct ucred *cred, struct vnode *vp, - struct label *label) + struct label *vplabel) { return (mac_bsdextended_check_vp(cred, vp, MBI_WRITE)); @@ -497,7 +497,7 @@ mac_bsdextended_check_system_acct(struct ucred *cred, struct vnode *vp, static int mac_bsdextended_check_system_auditctl(struct ucred *cred, struct vnode *vp, - struct label *label) + struct label *vplabel) { return (mac_bsdextended_check_vp(cred, vp, MBI_WRITE)); @@ -505,7 +505,7 @@ mac_bsdextended_check_system_auditctl(struct ucred *cred, struct vnode *vp, static int mac_bsdextended_check_system_swapoff(struct ucred *cred, struct vnode *vp, - struct label *label) + struct label *vplabel) { return (mac_bsdextended_check_vp(cred, vp, MBI_WRITE)); @@ -513,7 +513,7 @@ mac_bsdextended_check_system_swapoff(struct ucred *cred, struct vnode *vp, static int mac_bsdextended_check_system_swapon(struct ucred *cred, struct vnode *vp, - struct label *label) + struct label *vplabel) { return (mac_bsdextended_check_vp(cred, vp, MBI_WRITE)); @@ -521,7 +521,7 @@ mac_bsdextended_check_system_swapon(struct ucred *cred, struct vnode *vp, static int mac_bsdextended_check_vnode_access(struct ucred *cred, struct vnode *vp, - struct label *label, int acc_mode) + struct label *vplabel, int acc_mode) { return (mac_bsdextended_check_vp(cred, vp, acc_mode)); @@ -529,7 +529,7 @@ mac_bsdextended_check_vnode_access(struct ucred *cred, struct vnode *vp, static int mac_bsdextended_check_vnode_chdir(struct ucred *cred, struct vnode *dvp, - struct label *dlabel) + struct label *dvplabel) { return (mac_bsdextended_check_vp(cred, dvp, MBI_EXEC)); @@ -537,7 +537,7 @@ mac_bsdextended_check_vnode_chdir(struct ucred *cred, struct vnode *dvp, static int mac_bsdextended_check_vnode_chroot(struct ucred *cred, struct vnode *dvp, - struct label *dlabel) + struct label *dvplabel) { return (mac_bsdextended_check_vp(cred, dvp, MBI_EXEC)); @@ -545,7 +545,7 @@ mac_bsdextended_check_vnode_chroot(struct ucred *cred, struct vnode *dvp, static int mac_bsdextended_check_create_vnode(struct ucred *cred, struct vnode *dvp, - struct label *dlabel, struct componentname *cnp, struct vattr *vap) + struct label *dvplabel, struct componentname *cnp, struct vattr *vap) { return (mac_bsdextended_check_vp(cred, dvp, MBI_WRITE)); @@ -553,7 +553,7 @@ mac_bsdextended_check_create_vnode(struct ucred *cred, struct vnode *dvp, static int mac_bsdextended_check_vnode_delete(struct ucred *cred, struct vnode *dvp, - struct label *dlabel, struct vnode *vp, struct label *label, + struct label *dvplabel, struct vnode *vp, struct label *vplabel, struct componentname *cnp) { int error; @@ -567,15 +567,16 @@ mac_bsdextended_check_vnode_delete(struct ucred *cred, struct vnode *dvp, static int mac_bsdextended_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, - struct label *label, acl_type_t type) + struct label *vplabel, acl_type_t type) { return (mac_bsdextended_check_vp(cred, vp, MBI_ADMIN)); } static int -mac_bsdextended_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp, - struct label *label, int attrnamespace, const char *name) +mac_bsdextended_check_vnode_deleteextattr(struct ucred *cred, + struct vnode *vp, struct label *vplabel, int attrnamespace, + const char *name) { return (mac_bsdextended_check_vp(cred, vp, MBI_WRITE)); @@ -583,7 +584,7 @@ mac_bsdextended_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp, static int mac_bsdextended_check_vnode_exec(struct ucred *cred, struct vnode *vp, - struct label *label, struct image_params *imgp, + struct label *vplabel, struct image_params *imgp, struct label *execlabel) { @@ -592,7 +593,7 @@ mac_bsdextended_check_vnode_exec(struct ucred *cred, struct vnode *vp, static int mac_bsdextended_check_vnode_getacl(struct ucred *cred, struct vnode *vp, - struct label *label, acl_type_t type) + struct label *vplabel, acl_type_t type) { return (mac_bsdextended_check_vp(cred, vp, MBI_STAT)); @@ -600,7 +601,8 @@ mac_bsdextended_check_vnode_getacl(struct ucred *cred, struct vnode *vp, static int mac_bsdextended_check_vnode_getextattr(struct ucred *cred, struct vnode *vp, - struct label *label, int attrnamespace, const char *name, struct uio *uio) + struct label *vplabel, int attrnamespace, const char *name, + struct uio *uio) { return (mac_bsdextended_check_vp(cred, vp, MBI_READ)); @@ -608,7 +610,7 @@ mac_bsdextended_check_vnode_getextattr(struct ucred *cred, struct vnode *vp, static int mac_bsdextended_check_vnode_link(struct ucred *cred, struct vnode *dvp, - struct label *dlabel, struct vnode *vp, struct label *label, + struct label *dvplabel, struct vnode *vp, struct label *label, struct componentname *cnp) { int error; @@ -625,7 +627,7 @@ mac_bsdextended_check_vnode_link(struct ucred *cred, struct vnode *dvp, static int mac_bsdextended_check_vnode_listextattr(struct ucred *cred, struct vnode *vp, - struct label *label, int attrnamespace) + struct label *vplabel, int attrnamespace) { return (mac_bsdextended_check_vp(cred, vp, MBI_READ)); @@ -633,7 +635,7 @@ mac_bsdextended_check_vnode_listextattr(struct ucred *cred, struct vnode *vp, static int mac_bsdextended_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, - struct label *dlabel, struct componentname *cnp) + struct label *dvplabel, struct componentname *cnp) { return (mac_bsdextended_check_vp(cred, dvp, MBI_EXEC)); @@ -641,7 +643,7 @@ mac_bsdextended_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, static int mac_bsdextended_check_vnode_open(struct ucred *cred, struct vnode *vp, - struct label *filelabel, int acc_mode) + struct label *vplabel, int acc_mode) { return (mac_bsdextended_check_vp(cred, vp, acc_mode)); @@ -649,7 +651,7 @@ mac_bsdextended_check_vnode_open(struct ucred *cred, struct vnode *vp, static int mac_bsdextended_check_vnode_readdir(struct ucred *cred, struct vnode *dvp, - struct label *dlabel) + struct label *dvplabel) { return (mac_bsdextended_check_vp(cred, dvp, MBI_READ)); @@ -657,7 +659,7 @@ mac_bsdextended_check_vnode_readdir(struct ucred *cred, struct vnode *dvp, static int mac_bsdextended_check_vnode_readdlink(struct ucred *cred, struct vnode *vp, - struct label *label) + struct label *vplabel) { return (mac_bsdextended_check_vp(cred, vp, MBI_READ)); @@ -665,7 +667,7 @@ mac_bsdextended_check_vnode_readdlink(struct ucred *cred, struct vnode *vp, static int mac_bsdextended_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp, - struct label *dlabel, struct vnode *vp, struct label *label, + struct label *dvplabel, struct vnode *vp, struct label *vplabel, struct componentname *cnp) { int error; @@ -680,8 +682,8 @@ mac_bsdextended_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp, static int mac_bsdextended_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp, - struct label *dlabel, struct vnode *vp, struct label *label, int samedir, - struct componentname *cnp) + struct label *dvplabel, struct vnode *vp, struct label *vplabel, + int samedir, struct componentname *cnp) { int error; @@ -697,7 +699,7 @@ mac_bsdextended_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp, static int mac_bsdextended_check_vnode_revoke(struct ucred *cred, struct vnode *vp, - struct label *label) + struct label *vplabel) { return (mac_bsdextended_check_vp(cred, vp, MBI_ADMIN)); @@ -705,7 +707,7 @@ mac_bsdextended_check_vnode_revoke(struct ucred *cred, struct vnode *vp, static int mac_bsdextended_check_setacl_vnode(struct ucred *cred, struct vnode *vp, - struct label *label, acl_type_t type, struct acl *acl) + struct label *vplabel, acl_type_t type, struct acl *acl) { return (mac_bsdextended_check_vp(cred, vp, MBI_ADMIN)); @@ -713,7 +715,8 @@ mac_bsdextended_check_setacl_vnode(struct ucred *cred, struct vnode *vp, static int mac_bsdextended_check_vnode_setextattr(struct ucred *cred, struct vnode *vp, - struct label *label, int attrnamespace, const char *name, struct uio *uio) + struct label *vplabel, int attrnamespace, const char *name, + struct uio *uio) { return (mac_bsdextended_check_vp(cred, vp, MBI_WRITE)); @@ -721,7 +724,7 @@ mac_bsdextended_check_vnode_setextattr(struct ucred *cred, struct vnode *vp, static int mac_bsdextended_check_vnode_setflags(struct ucred *cred, struct vnode *vp, - struct label *label, u_long flags) + struct label *vplabel, u_long flags) { return (mac_bsdextended_check_vp(cred, vp, MBI_ADMIN)); @@ -729,7 +732,7 @@ mac_bsdextended_check_vnode_setflags(struct ucred *cred, struct vnode *vp, static int mac_bsdextended_check_vnode_setmode(struct ucred *cred, struct vnode *vp, - struct label *label, mode_t mode) + struct label *vplabel, mode_t mode) { return (mac_bsdextended_check_vp(cred, vp, MBI_ADMIN)); @@ -737,7 +740,7 @@ mac_bsdextended_check_vnode_setmode(struct ucred *cred, struct vnode *vp, static int mac_bsdextended_check_vnode_setowner(struct ucred *cred, struct vnode *vp, - struct label *label, uid_t uid, gid_t gid) + struct label *vplabel, uid_t uid, gid_t gid) { return (mac_bsdextended_check_vp(cred, vp, MBI_ADMIN)); @@ -745,7 +748,7 @@ mac_bsdextended_check_vnode_setowner(struct ucred *cred, struct vnode *vp, static int mac_bsdextended_check_vnode_setutimes(struct ucred *cred, struct vnode *vp, - struct label *label, struct timespec atime, struct timespec utime) + struct label *vplabel, struct timespec atime, struct timespec utime) { return (mac_bsdextended_check_vp(cred, vp, MBI_ADMIN)); @@ -753,7 +756,7 @@ mac_bsdextended_check_vnode_setutimes(struct ucred *cred, struct vnode *vp, static int mac_bsdextended_check_vnode_stat(struct ucred *active_cred, - struct ucred *file_cred, struct vnode *vp, struct label *label) + struct ucred *file_cred, struct vnode *vp, struct label *vplabel) { return (mac_bsdextended_check_vp(active_cred, vp, MBI_STAT)); diff --git a/sys/security/mac_ifoff/mac_ifoff.c b/sys/security/mac_ifoff/mac_ifoff.c index 778b60b..412a547 100644 --- a/sys/security/mac_ifoff/mac_ifoff.c +++ b/sys/security/mac_ifoff/mac_ifoff.c @@ -79,31 +79,31 @@ SYSCTL_INT(_security_mac_ifoff, OID_AUTO, bpfrecv_enabled, CTLFLAG_RW, TUNABLE_INT("security.mac.ifoff.bpfrecv.enabled", &mac_ifoff_bpfrecv_enabled); static int -check_ifnet_outgoing(struct ifnet *ifnet) +check_ifnet_outgoing(struct ifnet *ifp) { if (!mac_ifoff_enabled) return (0); - if (mac_ifoff_lo_enabled && ifnet->if_type == IFT_LOOP) + if (mac_ifoff_lo_enabled && ifp->if_type == IFT_LOOP) return (0); - if (mac_ifoff_other_enabled && ifnet->if_type != IFT_LOOP) + if (mac_ifoff_other_enabled && ifp->if_type != IFT_LOOP) return (0); return (EPERM); } static int -check_ifnet_incoming(struct ifnet *ifnet, int viabpf) +check_ifnet_incoming(struct ifnet *ifp, int viabpf) { if (!mac_ifoff_enabled) return (0); - if (mac_ifoff_lo_enabled && ifnet->if_type == IFT_LOOP) + if (mac_ifoff_lo_enabled && ifp->if_type == IFT_LOOP) return (0); - if (mac_ifoff_other_enabled && ifnet->if_type != IFT_LOOP) + if (mac_ifoff_other_enabled && ifp->if_type != IFT_LOOP) return (0); if (viabpf && mac_ifoff_bpfrecv_enabled) @@ -113,19 +113,19 @@ check_ifnet_incoming(struct ifnet *ifnet, int viabpf) } static int -mac_ifoff_check_bpfdesc_receive(struct bpf_d *bpf_d, struct label *bpflabel, - struct ifnet *ifnet, struct label *ifnetlabel) +mac_ifoff_check_bpfdesc_receive(struct bpf_d *d, struct label *dlabel, + struct ifnet *ifp, struct label *ifplabel) { - return (check_ifnet_incoming(ifnet, 1)); + return (check_ifnet_incoming(ifp, 1)); } static int -mac_ifoff_check_ifnet_transmit(struct ifnet *ifnet, struct label *ifnetlabel, - struct mbuf *m, struct label *mbuflabel) +mac_ifoff_check_ifnet_transmit(struct ifnet *ifp, struct label *ifplabel, + struct mbuf *m, struct label *mlabel) { - return (check_ifnet_outgoing(ifnet)); + return (check_ifnet_outgoing(ifp)); } static int @@ -141,8 +141,8 @@ mac_ifoff_check_inpcb_deliver(struct inpcb *inp, struct label *inplabel, } static int -mac_ifoff_check_socket_deliver(struct socket *so, struct label *socketlabel, - struct mbuf *m, struct label *mbuflabel) +mac_ifoff_check_socket_deliver(struct socket *so, struct label *solabel, + struct mbuf *m, struct label *mlabel) { M_ASSERTPKTHDR(m); diff --git a/sys/security/mac_lomac/mac_lomac.c b/sys/security/mac_lomac/mac_lomac.c index c85ec2f..f415816 100644 --- a/sys/security/mac_lomac/mac_lomac.c +++ b/sys/security/mac_lomac/mac_lomac.c @@ -495,7 +495,7 @@ static int mac_lomac_to_string(struct sbuf *sb, static int maybe_demote(struct mac_lomac *subjlabel, struct mac_lomac *objlabel, - const char *actionname, const char *objname, struct vnode *vpq) + const char *actionname, const char *objname, struct vnode *vp) { struct sbuf subjlabel_sb, subjtext_sb, objlabel_sb; char *subjlabeltext, *objlabeltext, *subjtext; @@ -564,14 +564,14 @@ maybe_demote(struct mac_lomac *subjlabel, struct mac_lomac *objlabel, objlabeltext = sbuf_data(&objlabel_sb); pgid = p->p_pgrp->pg_id; /* XXX could be stale? */ - if (vpq != NULL && VOP_GETATTR(vpq, &va, curthread->td_ucred, + if (vp != NULL && VOP_GETATTR(vp, &va, curthread->td_ucred, curthread) == 0) { log(LOG_INFO, "LOMAC: level-%s subject p%dg%du%d:%s demoted to" " level %s after %s a level-%s %s (inode=%ld, " "mountpount=%s)\n", subjlabeltext, p->p_pid, pgid, curthread->td_ucred->cr_uid, p->p_comm, subjtext, actionname, objlabeltext, objname, - va.va_fileid, vpq->v_mount->mnt_stat.f_mntonname); + va.va_fileid, vp->v_mount->mnt_stat.f_mntonname); } else { log(LOG_INFO, "LOMAC: level-%s subject p%dg%du%d:%s demoted to" " level %s after %s a level-%s %s\n", @@ -903,12 +903,12 @@ mac_lomac_copy_label(struct label *src, struct label *dest) */ static void mac_lomac_create_devfs_device(struct ucred *cred, struct mount *mp, - struct cdev *dev, struct devfs_dirent *devfs_dirent, struct label *label) + struct cdev *dev, struct devfs_dirent *de, struct label *delabel) { struct mac_lomac *mac_lomac; int lomac_type; - mac_lomac = SLOT(label); + mac_lomac = SLOT(delabel); if (strcmp(dev->si_name, "null") == 0 || strcmp(dev->si_name, "zero") == 0 || strcmp(dev->si_name, "random") == 0 || @@ -926,11 +926,11 @@ mac_lomac_create_devfs_device(struct ucred *cred, struct mount *mp, static void mac_lomac_create_devfs_directory(struct mount *mp, char *dirname, - int dirnamelen, struct devfs_dirent *devfs_dirent, struct label *label) + int dirnamelen, struct devfs_dirent *de, struct label *delabel) { struct mac_lomac *mac_lomac; - mac_lomac = SLOT(label); + mac_lomac = SLOT(delabel); mac_lomac_set_single(mac_lomac, MAC_LOMAC_TYPE_HIGH, 0); } @@ -949,62 +949,61 @@ mac_lomac_create_devfs_symlink(struct ucred *cred, struct mount *mp, static void mac_lomac_create_mount(struct ucred *cred, struct mount *mp, - struct label *mntlabel) + struct label *mplabel) { struct mac_lomac *source, *dest; source = SLOT(cred->cr_label); - dest = SLOT(mntlabel); + dest = SLOT(mplabel); mac_lomac_copy_single(source, dest); } static void mac_lomac_relabel_vnode(struct ucred *cred, struct vnode *vp, - struct label *vnodelabel, struct label *label) + struct label *vplabel, struct label *newlabel) { struct mac_lomac *source, *dest; - source = SLOT(label); - dest = SLOT(vnodelabel); + source = SLOT(newlabel); + dest = SLOT(vplabel); try_relabel(source, dest); } static void -mac_lomac_update_devfsdirent(struct mount *mp, - struct devfs_dirent *devfs_dirent, struct label *direntlabel, - struct vnode *vp, struct label *vnodelabel) +mac_lomac_update_devfsdirent(struct mount *mp, struct devfs_dirent *de, + struct label *delabel, struct vnode *vp, struct label *vplabel) { struct mac_lomac *source, *dest; - source = SLOT(vnodelabel); - dest = SLOT(direntlabel); + source = SLOT(vplabel); + dest = SLOT(delabel); mac_lomac_copy(source, dest); } static void -mac_lomac_associate_vnode_devfs(struct mount *mp, struct label *mntlabel, +mac_lomac_associate_vnode_devfs(struct mount *mp, struct label *mplabel, struct devfs_dirent *de, struct label *delabel, struct vnode *vp, - struct label *vlabel) + struct label *vplabel) { struct mac_lomac *source, *dest; source = SLOT(delabel); - dest = SLOT(vlabel); + dest = SLOT(vplabel); mac_lomac_copy_single(source, dest); } static int -mac_lomac_associate_vnode_extattr(struct mount *mp, struct label *mntlabel, - struct vnode *vp, struct label *vlabel) +mac_lomac_associate_vnode_extattr(struct mount *mp, struct label *mplabel, + struct vnode *vp, struct label *vplabel) { struct mac_lomac temp, *source, *dest; int buflen, error; - source = SLOT(mntlabel); - dest = SLOT(vlabel); + source = SLOT(mplabel); + dest = SLOT(vplabel); buflen = sizeof(temp); bzero(&temp, buflen); @@ -1045,20 +1044,20 @@ mac_lomac_associate_vnode_extattr(struct mount *mp, struct label *mntlabel, static void mac_lomac_associate_vnode_singlelabel(struct mount *mp, - struct label *mntlabel, struct vnode *vp, struct label *vlabel) + struct label *mplabel, struct vnode *vp, struct label *vplabel) { struct mac_lomac *source, *dest; - source = SLOT(mntlabel); - dest = SLOT(vlabel); + source = SLOT(mplabel); + dest = SLOT(vplabel); mac_lomac_copy_single(source, dest); } static int mac_lomac_create_vnode_extattr(struct ucred *cred, struct mount *mp, - struct label *mntlabel, struct vnode *dvp, struct label *dlabel, - struct vnode *vp, struct label *vlabel, struct componentname *cnp) + struct label *mplabel, struct vnode *dvp, struct label *dvplabel, + struct vnode *vp, struct label *vplabel, struct componentname *cnp) { struct mac_lomac *source, *dest, *dir, temp; size_t buflen; @@ -1068,8 +1067,8 @@ mac_lomac_create_vnode_extattr(struct ucred *cred, struct mount *mp, bzero(&temp, buflen); source = SLOT(cred->cr_label); - dest = SLOT(vlabel); - dir = SLOT(dlabel); + dest = SLOT(vplabel); + dir = SLOT(dvplabel); if (dir->ml_flags & MAC_LOMAC_FLAG_AUX) { mac_lomac_copy_auxsingle(dir, &temp); mac_lomac_set_single(&temp, dir->ml_auxsingle.mle_type, @@ -1087,7 +1086,7 @@ mac_lomac_create_vnode_extattr(struct ucred *cred, struct mount *mp, static int mac_lomac_setlabel_vnode_extattr(struct ucred *cred, struct vnode *vp, - struct label *vlabel, struct label *intlabel) + struct label *vplabel, struct label *intlabel) { struct mac_lomac *source, temp; size_t buflen; @@ -1122,86 +1121,85 @@ mac_lomac_create_inpcb_from_socket(struct socket *so, struct label *solabel, } static void -mac_lomac_create_mbuf_from_socket(struct socket *so, struct label *socketlabel, - struct mbuf *m, struct label *mbuflabel) +mac_lomac_create_mbuf_from_socket(struct socket *so, struct label *solabel, + struct mbuf *m, struct label *mlabel) { struct mac_lomac *source, *dest; - source = SLOT(socketlabel); - dest = SLOT(mbuflabel); + source = SLOT(solabel); + dest = SLOT(mlabel); mac_lomac_copy_single(source, dest); } static void -mac_lomac_create_socket(struct ucred *cred, struct socket *socket, - struct label *socketlabel) +mac_lomac_create_socket(struct ucred *cred, struct socket *so, + struct label *solabel) { struct mac_lomac *source, *dest; source = SLOT(cred->cr_label); - dest = SLOT(socketlabel); + dest = SLOT(solabel); mac_lomac_copy_single(source, dest); } static void mac_lomac_create_pipe(struct ucred *cred, struct pipepair *pp, - struct label *pipelabel) + struct label *pplabel) { struct mac_lomac *source, *dest; source = SLOT(cred->cr_label); - dest = SLOT(pipelabel); + dest = SLOT(pplabel); mac_lomac_copy_single(source, dest); } static void -mac_lomac_create_socket_from_socket(struct socket *oldsocket, - struct label *oldsocketlabel, struct socket *newsocket, - struct label *newsocketlabel) +mac_lomac_create_socket_from_socket(struct socket *oldso, + struct label *oldsolabel, struct socket *newso, struct label *newsolabel) { struct mac_lomac *source, *dest; - source = SLOT(oldsocketlabel); - dest = SLOT(newsocketlabel); + source = SLOT(oldsolabel); + dest = SLOT(newsolabel); mac_lomac_copy_single(source, dest); } static void -mac_lomac_relabel_socket(struct ucred *cred, struct socket *socket, - struct label *socketlabel, struct label *newlabel) +mac_lomac_relabel_socket(struct ucred *cred, struct socket *so, + struct label *solabel, struct label *newlabel) { struct mac_lomac *source, *dest; source = SLOT(newlabel); - dest = SLOT(socketlabel); + dest = SLOT(solabel); try_relabel(source, dest); } static void mac_lomac_relabel_pipe(struct ucred *cred, struct pipepair *pp, - struct label *pipelabel, struct label *newlabel) + struct label *pplabel, struct label *newlabel) { struct mac_lomac *source, *dest; source = SLOT(newlabel); - dest = SLOT(pipelabel); + dest = SLOT(pplabel); try_relabel(source, dest); } static void -mac_lomac_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel, - struct socket *socket, struct label *socketpeerlabel) +mac_lomac_set_socket_peer_from_mbuf(struct mbuf *m, struct label *mlabel, + struct socket *so, struct label *sopeerlabel) { struct mac_lomac *source, *dest; - source = SLOT(mbuflabel); - dest = SLOT(socketpeerlabel); + source = SLOT(mlabel); + dest = SLOT(sopeerlabel); mac_lomac_copy_single(source, dest); } @@ -1210,41 +1208,41 @@ mac_lomac_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel, * Labeling event operations: network objects. */ static void -mac_lomac_set_socket_peer_from_socket(struct socket *oldsocket, - struct label *oldsocketlabel, struct socket *newsocket, - struct label *newsocketpeerlabel) +mac_lomac_set_socket_peer_from_socket(struct socket *oldso, + struct label *oldsolabel, struct socket *newso, + struct label *newsopeerlabel) { struct mac_lomac *source, *dest; - source = SLOT(oldsocketlabel); - dest = SLOT(newsocketpeerlabel); + source = SLOT(oldsolabel); + dest = SLOT(newsopeerlabel); mac_lomac_copy_single(source, dest); } static void -mac_lomac_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d, - struct label *bpflabel) +mac_lomac_create_bpfdesc(struct ucred *cred, struct bpf_d *d, + struct label *dlabel) { struct mac_lomac *source, *dest; source = SLOT(cred->cr_label); - dest = SLOT(bpflabel); + dest = SLOT(dlabel); mac_lomac_copy_single(source, dest); } static void -mac_lomac_create_ifnet(struct ifnet *ifnet, struct label *ifnetlabel) +mac_lomac_create_ifnet(struct ifnet *ifp, struct label *ifplabel) { char tifname[IFNAMSIZ], *p, *q; char tiflist[sizeof(trusted_interfaces)]; struct mac_lomac *dest; int len, grade; - dest = SLOT(ifnetlabel); + dest = SLOT(ifplabel); - if (ifnet->if_type == IFT_LOOP) { + if (ifp->if_type == IFT_LOOP) { grade = MAC_LOMAC_TYPE_EQUAL; goto set; } @@ -1271,7 +1269,7 @@ mac_lomac_create_ifnet(struct ifnet *ifnet, struct label *ifnetlabel) if (len < IFNAMSIZ) { bzero(tifname, sizeof(tifname)); bcopy(q, tifname, len); - if (strcmp(tifname, ifnet->if_xname) == 0) { + if (strcmp(tifname, ifp->if_xname) == 0) { grade = MAC_LOMAC_TYPE_HIGH; break; } @@ -1293,12 +1291,12 @@ set: } static void -mac_lomac_create_ipq(struct mbuf *fragment, struct label *fragmentlabel, - struct ipq *ipq, struct label *ipqlabel) +mac_lomac_create_ipq(struct mbuf *m, struct label *mlabel, struct ipq *ipq, + struct label *ipqlabel) { struct mac_lomac *source, *dest; - source = SLOT(fragmentlabel); + source = SLOT(mlabel); dest = SLOT(ipqlabel); mac_lomac_copy_single(source, dest); @@ -1306,25 +1304,25 @@ mac_lomac_create_ipq(struct mbuf *fragment, struct label *fragmentlabel, static void mac_lomac_create_datagram_from_ipq(struct ipq *ipq, struct label *ipqlabel, - struct mbuf *datagram, struct label *datagramlabel) + struct mbuf *m, struct label *mlabel) { struct mac_lomac *source, *dest; source = SLOT(ipqlabel); - dest = SLOT(datagramlabel); + dest = SLOT(mlabel); /* Just use the head, since we require them all to match. */ mac_lomac_copy_single(source, dest); } static void -mac_lomac_create_fragment(struct mbuf *datagram, struct label *datagramlabel, - struct mbuf *fragment, struct label *fragmentlabel) +mac_lomac_create_fragment(struct mbuf *m, struct label *mlabel, + struct mbuf *frag, struct label *fraglabel) { struct mac_lomac *source, *dest; - source = SLOT(datagramlabel); - dest = SLOT(fragmentlabel); + source = SLOT(mlabel); + dest = SLOT(fraglabel); mac_lomac_copy_single(source, dest); } @@ -1342,92 +1340,92 @@ mac_lomac_create_mbuf_from_inpcb(struct inpcb *inp, struct label *inplabel, } static void -mac_lomac_create_mbuf_linklayer(struct ifnet *ifnet, struct label *ifnetlabel, - struct mbuf *mbuf, struct label *mbuflabel) +mac_lomac_create_mbuf_linklayer(struct ifnet *ifp, struct label *ifplabel, + struct mbuf *m, struct label *mlabel) { struct mac_lomac *dest; - dest = SLOT(mbuflabel); + dest = SLOT(mlabel); mac_lomac_set_single(dest, MAC_LOMAC_TYPE_EQUAL, 0); } static void -mac_lomac_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct label *bpflabel, - struct mbuf *mbuf, struct label *mbuflabel) +mac_lomac_create_mbuf_from_bpfdesc(struct bpf_d *d, struct label *dlabel, + struct mbuf *m, struct label *mlabel) { struct mac_lomac *source, *dest; - source = SLOT(bpflabel); - dest = SLOT(mbuflabel); + source = SLOT(dlabel); + dest = SLOT(mlabel); mac_lomac_copy_single(source, dest); } static void -mac_lomac_create_mbuf_from_ifnet(struct ifnet *ifnet, struct label *ifnetlabel, - struct mbuf *m, struct label *mbuflabel) +mac_lomac_create_mbuf_from_ifnet(struct ifnet *ifp, struct label *ifplabel, + struct mbuf *m, struct label *mlabel) { struct mac_lomac *source, *dest; - source = SLOT(ifnetlabel); - dest = SLOT(mbuflabel); + source = SLOT(ifplabel); + dest = SLOT(mlabel); mac_lomac_copy_single(source, dest); } static void -mac_lomac_create_mbuf_multicast_encap(struct mbuf *oldmbuf, - struct label *oldmbuflabel, struct ifnet *ifnet, struct label *ifnetlabel, - struct mbuf *newmbuf, struct label *newmbuflabel) +mac_lomac_create_mbuf_multicast_encap(struct mbuf *m, struct label *mlabel, + struct ifnet *ifp, struct label *ifplabel, struct mbuf *mnew, + struct label *mnewlabel) { struct mac_lomac *source, *dest; - source = SLOT(oldmbuflabel); - dest = SLOT(newmbuflabel); + source = SLOT(mlabel); + dest = SLOT(mnewlabel); mac_lomac_copy_single(source, dest); } static void -mac_lomac_create_mbuf_netlayer(struct mbuf *oldmbuf, struct label *oldmbuflabel, - struct mbuf *newmbuf, struct label *newmbuflabel) +mac_lomac_create_mbuf_netlayer(struct mbuf *m, struct label *mlabel, + struct mbuf *mnew, struct label *mnewlabel) { struct mac_lomac *source, *dest; - source = SLOT(oldmbuflabel); - dest = SLOT(newmbuflabel); + source = SLOT(mlabel); + dest = SLOT(mnewlabel); mac_lomac_copy_single(source, dest); } static int -mac_lomac_fragment_match(struct mbuf *fragment, struct label *fragmentlabel, +mac_lomac_fragment_match(struct mbuf *m, struct label *mlabel, struct ipq *ipq, struct label *ipqlabel) { struct mac_lomac *a, *b; a = SLOT(ipqlabel); - b = SLOT(fragmentlabel); + b = SLOT(mlabel); return (mac_lomac_equal_single(a, b)); } static void -mac_lomac_relabel_ifnet(struct ucred *cred, struct ifnet *ifnet, - struct label *ifnetlabel, struct label *newlabel) +mac_lomac_relabel_ifnet(struct ucred *cred, struct ifnet *ifp, + struct label *ifplabel, struct label *newlabel) { struct mac_lomac *source, *dest; source = SLOT(newlabel); - dest = SLOT(ifnetlabel); + dest = SLOT(ifplabel); try_relabel(source, dest); } static void -mac_lomac_update_ipq(struct mbuf *fragment, struct label *fragmentlabel, - struct ipq *ipq, struct label *ipqlabel) +mac_lomac_update_ipq(struct mbuf *m, struct label *mlabel, struct ipq *ipq, + struct label *ipqlabel) { /* NOOP: we only accept matching labels, so no need to update */ @@ -1457,21 +1455,21 @@ mac_lomac_init_syncache_from_inpcb(struct label *label, struct inpcb *inp) static void mac_lomac_create_mbuf_from_syncache(struct label *sc_label, struct mbuf *m, - struct label *mbuf_label) + struct label *mlabel) { struct mac_lomac *source, *dest; source = SLOT(sc_label); - dest = SLOT(mbuf_label); + dest = SLOT(mlabel); mac_lomac_copy(source, dest); } static void -mac_lomac_create_mbuf_from_firewall(struct mbuf *m, struct label *label) +mac_lomac_create_mbuf_from_firewall(struct mbuf *m, struct label *mlabel) { struct mac_lomac *dest; - dest = SLOT(label); + dest = SLOT(mlabel); /* XXX: where is the label for the firewall really comming from? */ mac_lomac_set_single(dest, MAC_LOMAC_TYPE_EQUAL, 0); @@ -1482,15 +1480,14 @@ mac_lomac_create_mbuf_from_firewall(struct mbuf *m, struct label *label) */ static void mac_lomac_execve_transition(struct ucred *old, struct ucred *new, - struct vnode *vp, struct label *vnodelabel, - struct label *interpvnodelabel, struct image_params *imgp, - struct label *execlabel) + struct vnode *vp, struct label *vplabel, struct label *interpvnodelabel, + struct image_params *imgp, struct label *execlabel) { struct mac_lomac *source, *dest, *obj, *robj; source = SLOT(old->cr_label); dest = SLOT(new->cr_label); - obj = SLOT(vnodelabel); + obj = SLOT(vplabel); robj = interpvnodelabel != NULL ? SLOT(interpvnodelabel) : obj; mac_lomac_copy(source, dest); @@ -1519,7 +1516,7 @@ mac_lomac_execve_transition(struct ucred *old, struct ucred *new, static int mac_lomac_execve_will_transition(struct ucred *old, struct vnode *vp, - struct label *vnodelabel, struct label *interpvnodelabel, + struct label *vplabel, struct label *interpvnodelabel, struct image_params *imgp, struct label *execlabel) { struct mac_lomac *subj, *obj, *robj; @@ -1528,7 +1525,7 @@ mac_lomac_execve_will_transition(struct ucred *old, struct vnode *vp, return (0); subj = SLOT(old->cr_label); - obj = SLOT(vnodelabel); + obj = SLOT(vplabel); robj = interpvnodelabel != NULL ? SLOT(interpvnodelabel) : obj; return ((robj->ml_flags & MAC_LOMAC_FLAG_AUX && @@ -1576,16 +1573,16 @@ mac_lomac_relabel_cred(struct ucred *cred, struct label *newlabel) * Access control checks. */ static int -mac_lomac_check_bpfdesc_receive(struct bpf_d *bpf_d, struct label *bpflabel, - struct ifnet *ifnet, struct label *ifnetlabel) +mac_lomac_check_bpfdesc_receive(struct bpf_d *d, struct label *dlabel, + struct ifnet *ifp, struct label *ifplabel) { struct mac_lomac *a, *b; if (!mac_lomac_enabled) return (0); - a = SLOT(bpflabel); - b = SLOT(ifnetlabel); + a = SLOT(dlabel); + b = SLOT(ifplabel); if (mac_lomac_equal_single(a, b)) return (0); @@ -1659,15 +1656,15 @@ mac_lomac_check_cred_relabel(struct ucred *cred, struct label *newlabel) } static int -mac_lomac_check_cred_visible(struct ucred *u1, struct ucred *u2) +mac_lomac_check_cred_visible(struct ucred *cr1, struct ucred *cr2) { struct mac_lomac *subj, *obj; if (!mac_lomac_enabled) return (0); - subj = SLOT(u1->cr_label); - obj = SLOT(u2->cr_label); + subj = SLOT(cr1->cr_label); + obj = SLOT(cr2->cr_label); /* XXX: range */ if (!mac_lomac_dominate_single(obj, subj)) @@ -1677,8 +1674,8 @@ mac_lomac_check_cred_visible(struct ucred *u1, struct ucred *u2) } static int -mac_lomac_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifnet, - struct label *ifnetlabel, struct label *newlabel) +mac_lomac_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifp, + struct label *ifplabel, struct label *newlabel) { struct mac_lomac *subj, *new; int error; @@ -1734,16 +1731,16 @@ mac_lomac_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifnet, } static int -mac_lomac_check_ifnet_transmit(struct ifnet *ifnet, struct label *ifnetlabel, - struct mbuf *m, struct label *mbuflabel) +mac_lomac_check_ifnet_transmit(struct ifnet *ifp, struct label *ifplabel, + struct mbuf *m, struct label *mlabel) { struct mac_lomac *p, *i; if (!mac_lomac_enabled) return (0); - p = SLOT(mbuflabel); - i = SLOT(ifnetlabel); + p = SLOT(mlabel); + i = SLOT(ifplabel); return (mac_lomac_single_in_range(p, i) ? 0 : EACCES); } @@ -1765,7 +1762,7 @@ mac_lomac_check_inpcb_deliver(struct inpcb *inp, struct label *inplabel, static int mac_lomac_check_kld_load(struct ucred *cred, struct vnode *vp, - struct label *label) + struct label *vplabel) { struct mac_lomac *subj, *obj; @@ -1773,7 +1770,7 @@ mac_lomac_check_kld_load(struct ucred *cred, struct vnode *vp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(label); + obj = SLOT(vplabel); if (mac_lomac_subject_privileged(subj)) return (EPERM); @@ -1786,10 +1783,10 @@ mac_lomac_check_kld_load(struct ucred *cred, struct vnode *vp, static int mac_lomac_check_pipe_ioctl(struct ucred *cred, struct pipepair *pp, - struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data) + struct label *pplabel, unsigned long cmd, void /* caddr_t */ *data) { - if(!mac_lomac_enabled) + if (!mac_lomac_enabled) return (0); /* XXX: This will be implemented soon... */ @@ -1799,7 +1796,7 @@ mac_lomac_check_pipe_ioctl(struct ucred *cred, struct pipepair *pp, static int mac_lomac_check_pipe_read(struct ucred *cred, struct pipepair *pp, - struct label *pipelabel) + struct label *pplabel) { struct mac_lomac *subj, *obj; @@ -1807,7 +1804,7 @@ mac_lomac_check_pipe_read(struct ucred *cred, struct pipepair *pp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT((pipelabel)); + obj = SLOT(pplabel); if (!mac_lomac_dominate_single(obj, subj)) return (maybe_demote(subj, obj, "reading", "pipe", NULL)); @@ -1817,14 +1814,14 @@ mac_lomac_check_pipe_read(struct ucred *cred, struct pipepair *pp, static int mac_lomac_check_pipe_relabel(struct ucred *cred, struct pipepair *pp, - struct label *pipelabel, struct label *newlabel) + struct label *pplabel, struct label *newlabel) { struct mac_lomac *subj, *obj, *new; int error; new = SLOT(newlabel); subj = SLOT(cred->cr_label); - obj = SLOT(pipelabel); + obj = SLOT(pplabel); /* * If there is a LOMAC label update for a pipe, it must be a @@ -1868,7 +1865,7 @@ mac_lomac_check_pipe_relabel(struct ucred *cred, struct pipepair *pp, static int mac_lomac_check_pipe_write(struct ucred *cred, struct pipepair *pp, - struct label *pipelabel) + struct label *pplabel) { struct mac_lomac *subj, *obj; @@ -1876,7 +1873,7 @@ mac_lomac_check_pipe_write(struct ucred *cred, struct pipepair *pp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT((pipelabel)); + obj = SLOT(pplabel); if (!mac_lomac_subject_dominate(subj, obj)) return (EACCES); @@ -1885,7 +1882,7 @@ mac_lomac_check_pipe_write(struct ucred *cred, struct pipepair *pp, } static int -mac_lomac_check_proc_debug(struct ucred *cred, struct proc *proc) +mac_lomac_check_proc_debug(struct ucred *cred, struct proc *p) { struct mac_lomac *subj, *obj; @@ -1893,7 +1890,7 @@ mac_lomac_check_proc_debug(struct ucred *cred, struct proc *proc) return (0); subj = SLOT(cred->cr_label); - obj = SLOT(proc->p_ucred->cr_label); + obj = SLOT(p->p_ucred->cr_label); /* XXX: range checks */ if (!mac_lomac_dominate_single(obj, subj)) @@ -1905,7 +1902,7 @@ mac_lomac_check_proc_debug(struct ucred *cred, struct proc *proc) } static int -mac_lomac_check_proc_sched(struct ucred *cred, struct proc *proc) +mac_lomac_check_proc_sched(struct ucred *cred, struct proc *p) { struct mac_lomac *subj, *obj; @@ -1913,7 +1910,7 @@ mac_lomac_check_proc_sched(struct ucred *cred, struct proc *proc) return (0); subj = SLOT(cred->cr_label); - obj = SLOT(proc->p_ucred->cr_label); + obj = SLOT(p->p_ucred->cr_label); /* XXX: range checks */ if (!mac_lomac_dominate_single(obj, subj)) @@ -1925,7 +1922,7 @@ mac_lomac_check_proc_sched(struct ucred *cred, struct proc *proc) } static int -mac_lomac_check_proc_signal(struct ucred *cred, struct proc *proc, int signum) +mac_lomac_check_proc_signal(struct ucred *cred, struct proc *p, int signum) { struct mac_lomac *subj, *obj; @@ -1933,7 +1930,7 @@ mac_lomac_check_proc_signal(struct ucred *cred, struct proc *proc, int signum) return (0); subj = SLOT(cred->cr_label); - obj = SLOT(proc->p_ucred->cr_label); + obj = SLOT(p->p_ucred->cr_label); /* XXX: range checks */ if (!mac_lomac_dominate_single(obj, subj)) @@ -1945,30 +1942,30 @@ mac_lomac_check_proc_signal(struct ucred *cred, struct proc *proc, int signum) } static int -mac_lomac_check_socket_deliver(struct socket *so, struct label *socketlabel, - struct mbuf *m, struct label *mbuflabel) +mac_lomac_check_socket_deliver(struct socket *so, struct label *solabel, + struct mbuf *m, struct label *mlabel) { struct mac_lomac *p, *s; if (!mac_lomac_enabled) return (0); - p = SLOT(mbuflabel); - s = SLOT(socketlabel); + p = SLOT(mlabel); + s = SLOT(solabel); return (mac_lomac_equal_single(p, s) ? 0 : EACCES); } static int -mac_lomac_check_socket_relabel(struct ucred *cred, struct socket *socket, - struct label *socketlabel, struct label *newlabel) +mac_lomac_check_socket_relabel(struct ucred *cred, struct socket *so, + struct label *solabel, struct label *newlabel) { struct mac_lomac *subj, *obj, *new; int error; new = SLOT(newlabel); subj = SLOT(cred->cr_label); - obj = SLOT(socketlabel); + obj = SLOT(solabel); /* * If there is a LOMAC label update for the socket, it may be @@ -2011,8 +2008,8 @@ mac_lomac_check_socket_relabel(struct ucred *cred, struct socket *socket, } static int -mac_lomac_check_socket_visible(struct ucred *cred, struct socket *socket, - struct label *socketlabel) +mac_lomac_check_socket_visible(struct ucred *cred, struct socket *so, + struct label *solabel) { struct mac_lomac *subj, *obj; @@ -2020,7 +2017,7 @@ mac_lomac_check_socket_visible(struct ucred *cred, struct socket *socket, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(socketlabel); + obj = SLOT(solabel); if (!mac_lomac_dominate_single(obj, subj)) return (ENOENT); @@ -2220,7 +2217,7 @@ mac_lomac_priv_check(struct ucred *cred, int priv) static int mac_lomac_check_system_acct(struct ucred *cred, struct vnode *vp, - struct label *label) + struct label *vplabel) { struct mac_lomac *subj, *obj; @@ -2228,7 +2225,7 @@ mac_lomac_check_system_acct(struct ucred *cred, struct vnode *vp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(label); + obj = SLOT(vplabel); if (mac_lomac_subject_privileged(subj)) return (EPERM); @@ -2241,7 +2238,7 @@ mac_lomac_check_system_acct(struct ucred *cred, struct vnode *vp, static int mac_lomac_check_system_auditctl(struct ucred *cred, struct vnode *vp, - struct label *label) + struct label *vplabel) { struct mac_lomac *subj, *obj; @@ -2249,7 +2246,7 @@ mac_lomac_check_system_auditctl(struct ucred *cred, struct vnode *vp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(label); + obj = SLOT(vplabel); if (mac_lomac_subject_privileged(subj)) return (EPERM); @@ -2262,7 +2259,7 @@ mac_lomac_check_system_auditctl(struct ucred *cred, struct vnode *vp, static int mac_lomac_check_system_swapoff(struct ucred *cred, struct vnode *vp, - struct label *label) + struct label *vplabel) { struct mac_lomac *subj; @@ -2279,7 +2276,7 @@ mac_lomac_check_system_swapoff(struct ucred *cred, struct vnode *vp, static int mac_lomac_check_system_swapon(struct ucred *cred, struct vnode *vp, - struct label *label) + struct label *vplabel) { struct mac_lomac *subj, *obj; @@ -2287,7 +2284,7 @@ mac_lomac_check_system_swapon(struct ucred *cred, struct vnode *vp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(label); + obj = SLOT(vplabel); if (mac_lomac_subject_privileged(subj)) return (EPERM); @@ -2328,7 +2325,7 @@ mac_lomac_check_system_sysctl(struct ucred *cred, struct sysctl_oid *oidp, static int mac_lomac_check_vnode_create(struct ucred *cred, struct vnode *dvp, - struct label *dlabel, struct componentname *cnp, struct vattr *vap) + struct label *dvplabel, struct componentname *cnp, struct vattr *vap) { struct mac_lomac *subj, *obj; @@ -2336,7 +2333,7 @@ mac_lomac_check_vnode_create(struct ucred *cred, struct vnode *dvp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(dlabel); + obj = SLOT(dvplabel); if (!mac_lomac_subject_dominate(subj, obj)) return (EACCES); @@ -2349,7 +2346,7 @@ mac_lomac_check_vnode_create(struct ucred *cred, struct vnode *dvp, static int mac_lomac_check_vnode_delete(struct ucred *cred, struct vnode *dvp, - struct label *dlabel, struct vnode *vp, struct label *label, + struct label *dvplabel, struct vnode *vp, struct label *vplabel, struct componentname *cnp) { struct mac_lomac *subj, *obj; @@ -2358,12 +2355,12 @@ mac_lomac_check_vnode_delete(struct ucred *cred, struct vnode *dvp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(dlabel); + obj = SLOT(dvplabel); if (!mac_lomac_subject_dominate(subj, obj)) return (EACCES); - obj = SLOT(label); + obj = SLOT(vplabel); if (!mac_lomac_subject_dominate(subj, obj)) return (EACCES); @@ -2373,7 +2370,7 @@ mac_lomac_check_vnode_delete(struct ucred *cred, struct vnode *dvp, static int mac_lomac_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, - struct label *label, acl_type_t type) + struct label *vplabel, acl_type_t type) { struct mac_lomac *subj, *obj; @@ -2381,7 +2378,7 @@ mac_lomac_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(label); + obj = SLOT(vplabel); if (!mac_lomac_subject_dominate(subj, obj)) return (EACCES); @@ -2391,7 +2388,7 @@ mac_lomac_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, static int mac_lomac_check_vnode_link(struct ucred *cred, struct vnode *dvp, - struct label *dlabel, struct vnode *vp, struct label *label, + struct label *dvplabel, struct vnode *vp, struct label *vplabel, struct componentname *cnp) { struct mac_lomac *subj, *obj; @@ -2400,12 +2397,12 @@ mac_lomac_check_vnode_link(struct ucred *cred, struct vnode *dvp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(dlabel); + obj = SLOT(dvplabel); if (!mac_lomac_subject_dominate(subj, obj)) return (EACCES); - obj = SLOT(label); + obj = SLOT(vplabel); if (!mac_lomac_subject_dominate(subj, obj)) return (EACCES); @@ -2415,7 +2412,7 @@ mac_lomac_check_vnode_link(struct ucred *cred, struct vnode *dvp, static int mac_lomac_check_vnode_mmap(struct ucred *cred, struct vnode *vp, - struct label *label, int prot, int flags) + struct label *vplabel, int prot, int flags) { struct mac_lomac *subj, *obj; @@ -2427,7 +2424,7 @@ mac_lomac_check_vnode_mmap(struct ucred *cred, struct vnode *vp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(label); + obj = SLOT(vplabel); if (((prot & VM_PROT_WRITE) != 0) && ((flags & MAP_SHARED) != 0)) { if (!mac_lomac_subject_dominate(subj, obj)) @@ -2443,7 +2440,7 @@ mac_lomac_check_vnode_mmap(struct ucred *cred, struct vnode *vp, static void mac_lomac_check_vnode_mmap_downgrade(struct ucred *cred, struct vnode *vp, - struct label *label, /* XXX vm_prot_t */ int *prot) + struct label *vplabel, /* XXX vm_prot_t */ int *prot) { struct mac_lomac *subj, *obj; @@ -2455,7 +2452,7 @@ mac_lomac_check_vnode_mmap_downgrade(struct ucred *cred, struct vnode *vp, return; subj = SLOT(cred->cr_label); - obj = SLOT(label); + obj = SLOT(vplabel); if (!mac_lomac_subject_dominate(subj, obj)) *prot &= ~VM_PROT_WRITE; @@ -2463,7 +2460,7 @@ mac_lomac_check_vnode_mmap_downgrade(struct ucred *cred, struct vnode *vp, static int mac_lomac_check_vnode_open(struct ucred *cred, struct vnode *vp, - struct label *vnodelabel, int acc_mode) + struct label *vplabel, int acc_mode) { struct mac_lomac *subj, *obj; @@ -2471,7 +2468,7 @@ mac_lomac_check_vnode_open(struct ucred *cred, struct vnode *vp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(vnodelabel); + obj = SLOT(vplabel); /* XXX privilege override for admin? */ if (acc_mode & (VWRITE | VAPPEND | VADMIN)) { @@ -2484,7 +2481,7 @@ mac_lomac_check_vnode_open(struct ucred *cred, struct vnode *vp, static int mac_lomac_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred, - struct vnode *vp, struct label *label) + struct vnode *vp, struct label *vplabel) { struct mac_lomac *subj, *obj; @@ -2492,7 +2489,7 @@ mac_lomac_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred, return (0); subj = SLOT(active_cred->cr_label); - obj = SLOT(label); + obj = SLOT(vplabel); if (!mac_lomac_dominate_single(obj, subj)) return (maybe_demote(subj, obj, "reading", "file", vp)); @@ -2502,12 +2499,12 @@ mac_lomac_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred, static int mac_lomac_check_vnode_relabel(struct ucred *cred, struct vnode *vp, - struct label *vnodelabel, struct label *newlabel) + struct label *vplabel, struct label *newlabel) { struct mac_lomac *old, *new, *subj; int error; - old = SLOT(vnodelabel); + old = SLOT(vplabel); new = SLOT(newlabel); subj = SLOT(cred->cr_label); @@ -2578,7 +2575,7 @@ mac_lomac_check_vnode_relabel(struct ucred *cred, struct vnode *vp, static int mac_lomac_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp, - struct label *dlabel, struct vnode *vp, struct label *label, + struct label *dvplabel, struct vnode *vp, struct label *vplabel, struct componentname *cnp) { struct mac_lomac *subj, *obj; @@ -2587,12 +2584,12 @@ mac_lomac_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(dlabel); + obj = SLOT(dvplabel); if (!mac_lomac_subject_dominate(subj, obj)) return (EACCES); - obj = SLOT(label); + obj = SLOT(vplabel); if (!mac_lomac_subject_dominate(subj, obj)) return (EACCES); @@ -2602,8 +2599,8 @@ mac_lomac_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp, static int mac_lomac_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp, - struct label *dlabel, struct vnode *vp, struct label *label, int samedir, - struct componentname *cnp) + struct label *dvplabel, struct vnode *vp, struct label *vplabel, + int samedir, struct componentname *cnp) { struct mac_lomac *subj, *obj; @@ -2611,13 +2608,13 @@ mac_lomac_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(dlabel); + obj = SLOT(dvplabel); if (!mac_lomac_subject_dominate(subj, obj)) return (EACCES); if (vp != NULL) { - obj = SLOT(label); + obj = SLOT(vplabel); if (!mac_lomac_subject_dominate(subj, obj)) return (EACCES); @@ -2628,7 +2625,7 @@ mac_lomac_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp, static int mac_lomac_check_vnode_revoke(struct ucred *cred, struct vnode *vp, - struct label *label) + struct label *vplabel) { struct mac_lomac *subj, *obj; @@ -2636,7 +2633,7 @@ mac_lomac_check_vnode_revoke(struct ucred *cred, struct vnode *vp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(label); + obj = SLOT(vplabel); if (!mac_lomac_subject_dominate(subj, obj)) return (EACCES); @@ -2646,7 +2643,7 @@ mac_lomac_check_vnode_revoke(struct ucred *cred, struct vnode *vp, static int mac_lomac_check_vnode_setacl(struct ucred *cred, struct vnode *vp, - struct label *label, acl_type_t type, struct acl *acl) + struct label *vplabel, acl_type_t type, struct acl *acl) { struct mac_lomac *subj, *obj; @@ -2654,7 +2651,7 @@ mac_lomac_check_vnode_setacl(struct ucred *cred, struct vnode *vp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(label); + obj = SLOT(vplabel); if (!mac_lomac_subject_dominate(subj, obj)) return (EACCES); @@ -2664,7 +2661,7 @@ mac_lomac_check_vnode_setacl(struct ucred *cred, struct vnode *vp, static int mac_lomac_check_vnode_setextattr(struct ucred *cred, struct vnode *vp, - struct label *vnodelabel, int attrnamespace, const char *name, + struct label *vplabel, int attrnamespace, const char *name, struct uio *uio) { struct mac_lomac *subj, *obj; @@ -2673,7 +2670,7 @@ mac_lomac_check_vnode_setextattr(struct ucred *cred, struct vnode *vp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(vnodelabel); + obj = SLOT(vplabel); if (!mac_lomac_subject_dominate(subj, obj)) return (EACCES); @@ -2685,7 +2682,7 @@ mac_lomac_check_vnode_setextattr(struct ucred *cred, struct vnode *vp, static int mac_lomac_check_vnode_setflags(struct ucred *cred, struct vnode *vp, - struct label *vnodelabel, u_long flags) + struct label *vplabel, u_long flags) { struct mac_lomac *subj, *obj; @@ -2693,7 +2690,7 @@ mac_lomac_check_vnode_setflags(struct ucred *cred, struct vnode *vp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(vnodelabel); + obj = SLOT(vplabel); if (!mac_lomac_subject_dominate(subj, obj)) return (EACCES); @@ -2703,7 +2700,7 @@ mac_lomac_check_vnode_setflags(struct ucred *cred, struct vnode *vp, static int mac_lomac_check_vnode_setmode(struct ucred *cred, struct vnode *vp, - struct label *vnodelabel, mode_t mode) + struct label *vplabel, mode_t mode) { struct mac_lomac *subj, *obj; @@ -2711,7 +2708,7 @@ mac_lomac_check_vnode_setmode(struct ucred *cred, struct vnode *vp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(vnodelabel); + obj = SLOT(vplabel); if (!mac_lomac_subject_dominate(subj, obj)) return (EACCES); @@ -2721,7 +2718,7 @@ mac_lomac_check_vnode_setmode(struct ucred *cred, struct vnode *vp, static int mac_lomac_check_vnode_setowner(struct ucred *cred, struct vnode *vp, - struct label *vnodelabel, uid_t uid, gid_t gid) + struct label *vplabel, uid_t uid, gid_t gid) { struct mac_lomac *subj, *obj; @@ -2729,7 +2726,7 @@ mac_lomac_check_vnode_setowner(struct ucred *cred, struct vnode *vp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(vnodelabel); + obj = SLOT(vplabel); if (!mac_lomac_subject_dominate(subj, obj)) return (EACCES); @@ -2739,7 +2736,7 @@ mac_lomac_check_vnode_setowner(struct ucred *cred, struct vnode *vp, static int mac_lomac_check_vnode_setutimes(struct ucred *cred, struct vnode *vp, - struct label *vnodelabel, struct timespec atime, struct timespec mtime) + struct label *vplabel, struct timespec atime, struct timespec mtime) { struct mac_lomac *subj, *obj; @@ -2747,7 +2744,7 @@ mac_lomac_check_vnode_setutimes(struct ucred *cred, struct vnode *vp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(vnodelabel); + obj = SLOT(vplabel); if (!mac_lomac_subject_dominate(subj, obj)) return (EACCES); @@ -2757,7 +2754,7 @@ mac_lomac_check_vnode_setutimes(struct ucred *cred, struct vnode *vp, static int mac_lomac_check_vnode_write(struct ucred *active_cred, - struct ucred *file_cred, struct vnode *vp, struct label *label) + struct ucred *file_cred, struct vnode *vp, struct label *vplabel) { struct mac_lomac *subj, *obj; @@ -2765,7 +2762,7 @@ mac_lomac_check_vnode_write(struct ucred *active_cred, return (0); subj = SLOT(active_cred->cr_label); - obj = SLOT(label); + obj = SLOT(vplabel); if (!mac_lomac_subject_dominate(subj, obj)) return (EACCES); diff --git a/sys/security/mac_mls/mac_mls.c b/sys/security/mac_mls/mac_mls.c index 5169360..506f031 100644 --- a/sys/security/mac_mls/mac_mls.c +++ b/sys/security/mac_mls/mac_mls.c @@ -745,12 +745,12 @@ mac_mls_copy_label(struct label *src, struct label *dest) */ static void mac_mls_create_devfs_device(struct ucred *cred, struct mount *mp, - struct cdev *dev, struct devfs_dirent *devfs_dirent, struct label *label) + struct cdev *dev, struct devfs_dirent *de, struct label *delabel) { struct mac_mls *mac_mls; int mls_type; - mac_mls = SLOT(label); + mac_mls = SLOT(delabel); if (strcmp(dev->si_name, "null") == 0 || strcmp(dev->si_name, "zero") == 0 || strcmp(dev->si_name, "random") == 0 || @@ -770,11 +770,11 @@ mac_mls_create_devfs_device(struct ucred *cred, struct mount *mp, static void mac_mls_create_devfs_directory(struct mount *mp, char *dirname, - int dirnamelen, struct devfs_dirent *devfs_dirent, struct label *label) + int dirnamelen, struct devfs_dirent *de, struct label *delabel) { struct mac_mls *mac_mls; - mac_mls = SLOT(label); + mac_mls = SLOT(delabel); mac_mls_set_effective(mac_mls, MAC_MLS_TYPE_LOW, 0, NULL); } @@ -793,62 +793,61 @@ mac_mls_create_devfs_symlink(struct ucred *cred, struct mount *mp, static void mac_mls_create_mount(struct ucred *cred, struct mount *mp, - struct label *mntlabel) + struct label *mplabel) { struct mac_mls *source, *dest; source = SLOT(cred->cr_label); - dest = SLOT(mntlabel); + dest = SLOT(mplabel); mac_mls_copy_effective(source, dest); } static void mac_mls_relabel_vnode(struct ucred *cred, struct vnode *vp, - struct label *vnodelabel, struct label *label) + struct label *vplabel, struct label *label) { struct mac_mls *source, *dest; source = SLOT(label); - dest = SLOT(vnodelabel); + dest = SLOT(vplabel); mac_mls_copy(source, dest); } static void -mac_mls_update_devfsdirent(struct mount *mp, - struct devfs_dirent *devfs_dirent, struct label *direntlabel, - struct vnode *vp, struct label *vnodelabel) +mac_mls_update_devfsdirent(struct mount *mp, struct devfs_dirent *de, + struct label *delabel, struct vnode *vp, struct label *vplabel) { struct mac_mls *source, *dest; - source = SLOT(vnodelabel); - dest = SLOT(direntlabel); + source = SLOT(vplabel); + dest = SLOT(delabel); mac_mls_copy_effective(source, dest); } static void -mac_mls_associate_vnode_devfs(struct mount *mp, struct label *mntlabel, +mac_mls_associate_vnode_devfs(struct mount *mp, struct label *mplabel, struct devfs_dirent *de, struct label *delabel, struct vnode *vp, - struct label *vlabel) + struct label *vplabel) { struct mac_mls *source, *dest; source = SLOT(delabel); - dest = SLOT(vlabel); + dest = SLOT(vplabel); mac_mls_copy_effective(source, dest); } static int -mac_mls_associate_vnode_extattr(struct mount *mp, struct label *mntlabel, - struct vnode *vp, struct label *vlabel) +mac_mls_associate_vnode_extattr(struct mount *mp, struct label *mplabel, + struct vnode *vp, struct label *vplabel) { struct mac_mls temp, *source, *dest; int buflen, error; - source = SLOT(mntlabel); - dest = SLOT(vlabel); + source = SLOT(mplabel); + dest = SLOT(vplabel); buflen = sizeof(temp); bzero(&temp, buflen); @@ -882,20 +881,20 @@ mac_mls_associate_vnode_extattr(struct mount *mp, struct label *mntlabel, static void mac_mls_associate_vnode_singlelabel(struct mount *mp, - struct label *mntlabel, struct vnode *vp, struct label *vlabel) + struct label *mplabel, struct vnode *vp, struct label *vplabel) { struct mac_mls *source, *dest; - source = SLOT(mntlabel); - dest = SLOT(vlabel); + source = SLOT(mplabel); + dest = SLOT(vplabel); mac_mls_copy_effective(source, dest); } static int mac_mls_create_vnode_extattr(struct ucred *cred, struct mount *mp, - struct label *mntlabel, struct vnode *dvp, struct label *dlabel, - struct vnode *vp, struct label *vlabel, struct componentname *cnp) + struct label *mplabel, struct vnode *dvp, struct label *dvplabel, + struct vnode *vp, struct label *vplabel, struct componentname *cnp) { struct mac_mls *source, *dest, temp; size_t buflen; @@ -905,7 +904,7 @@ mac_mls_create_vnode_extattr(struct ucred *cred, struct mount *mp, bzero(&temp, buflen); source = SLOT(cred->cr_label); - dest = SLOT(vlabel); + dest = SLOT(vplabel); mac_mls_copy_effective(source, &temp); error = vn_extattr_set(vp, IO_NODELOCKED, MAC_MLS_EXTATTR_NAMESPACE, @@ -917,7 +916,7 @@ mac_mls_create_vnode_extattr(struct ucred *cred, struct mount *mp, static int mac_mls_setlabel_vnode_extattr(struct ucred *cred, struct vnode *vp, - struct label *vlabel, struct label *intlabel) + struct label *vplabel, struct label *intlabel) { struct mac_mls *source, temp; size_t buflen; @@ -953,37 +952,37 @@ mac_mls_create_inpcb_from_socket(struct socket *so, struct label *solabel, } static void -mac_mls_create_mbuf_from_socket(struct socket *so, struct label *socketlabel, - struct mbuf *m, struct label *mbuflabel) +mac_mls_create_mbuf_from_socket(struct socket *so, struct label *solabel, + struct mbuf *m, struct label *mlabel) { struct mac_mls *source, *dest; - source = SLOT(socketlabel); - dest = SLOT(mbuflabel); + source = SLOT(solabel); + dest = SLOT(mlabel); mac_mls_copy_effective(source, dest); } static void -mac_mls_create_socket(struct ucred *cred, struct socket *socket, - struct label *socketlabel) +mac_mls_create_socket(struct ucred *cred, struct socket *so, + struct label *solabel) { struct mac_mls *source, *dest; source = SLOT(cred->cr_label); - dest = SLOT(socketlabel); + dest = SLOT(solabel); mac_mls_copy_effective(source, dest); } static void mac_mls_create_pipe(struct ucred *cred, struct pipepair *pp, - struct label *pipelabel) + struct label *pplabel) { struct mac_mls *source, *dest; source = SLOT(cred->cr_label); - dest = SLOT(pipelabel); + dest = SLOT(pplabel); mac_mls_copy_effective(source, dest); } @@ -1001,50 +1000,49 @@ mac_mls_create_posix_sem(struct ucred *cred, struct ksem *ksemptr, } static void -mac_mls_create_socket_from_socket(struct socket *oldsocket, - struct label *oldsocketlabel, struct socket *newsocket, - struct label *newsocketlabel) +mac_mls_create_socket_from_socket(struct socket *oldso, + struct label *oldsolabel, struct socket *newso, struct label *newsolabel) { struct mac_mls *source, *dest; - source = SLOT(oldsocketlabel); - dest = SLOT(newsocketlabel); + source = SLOT(oldsolabel); + dest = SLOT(newsolabel); mac_mls_copy_effective(source, dest); } static void -mac_mls_relabel_socket(struct ucred *cred, struct socket *socket, - struct label *socketlabel, struct label *newlabel) +mac_mls_relabel_socket(struct ucred *cred, struct socket *so, + struct label *solabel, struct label *newlabel) { struct mac_mls *source, *dest; source = SLOT(newlabel); - dest = SLOT(socketlabel); + dest = SLOT(solabel); mac_mls_copy(source, dest); } static void mac_mls_relabel_pipe(struct ucred *cred, struct pipepair *pp, - struct label *pipelabel, struct label *newlabel) + struct label *pplabel, struct label *newlabel) { struct mac_mls *source, *dest; source = SLOT(newlabel); - dest = SLOT(pipelabel); + dest = SLOT(pplabel); mac_mls_copy(source, dest); } static void -mac_mls_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel, - struct socket *socket, struct label *socketpeerlabel) +mac_mls_set_socket_peer_from_mbuf(struct mbuf *m, struct label *mlabel, + struct socket *so, struct label *sopeerlabel) { struct mac_mls *source, *dest; - source = SLOT(mbuflabel); - dest = SLOT(socketpeerlabel); + source = SLOT(mlabel); + dest = SLOT(sopeerlabel); mac_mls_copy_effective(source, dest); } @@ -1052,14 +1050,13 @@ mac_mls_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel, /* * Labeling event operations: System V IPC objects. */ - static void mac_mls_create_sysv_msgmsg(struct ucred *cred, struct msqid_kernel *msqkptr, struct label *msqlabel, struct msg *msgptr, struct label *msglabel) { struct mac_mls *source, *dest; - /* Ignore the msgq label */ + /* Ignore the msgq label. */ source = SLOT(cred->cr_label); dest = SLOT(msglabel); @@ -1106,39 +1103,39 @@ mac_mls_create_sysv_shm(struct ucred *cred, struct shmid_kernel *shmsegptr, * Labeling event operations: network objects. */ static void -mac_mls_set_socket_peer_from_socket(struct socket *oldsocket, - struct label *oldsocketlabel, struct socket *newsocket, - struct label *newsocketpeerlabel) +mac_mls_set_socket_peer_from_socket(struct socket *oldso, + struct label *oldsolabel, struct socket *newso, + struct label *newsopeerlabel) { struct mac_mls *source, *dest; - source = SLOT(oldsocketlabel); - dest = SLOT(newsocketpeerlabel); + source = SLOT(oldsolabel); + dest = SLOT(newsopeerlabel); mac_mls_copy_effective(source, dest); } static void -mac_mls_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d, - struct label *bpflabel) +mac_mls_create_bpfdesc(struct ucred *cred, struct bpf_d *d, + struct label *dlabel) { struct mac_mls *source, *dest; source = SLOT(cred->cr_label); - dest = SLOT(bpflabel); + dest = SLOT(dlabel); mac_mls_copy_effective(source, dest); } static void -mac_mls_create_ifnet(struct ifnet *ifnet, struct label *ifnetlabel) +mac_mls_create_ifnet(struct ifnet *ifp, struct label *ifplabel) { struct mac_mls *dest; int type; - dest = SLOT(ifnetlabel); + dest = SLOT(ifplabel); - if (ifnet->if_type == IFT_LOOP) + if (ifp->if_type == IFT_LOOP) type = MAC_MLS_TYPE_EQUAL; else type = MAC_MLS_TYPE_LOW; @@ -1148,12 +1145,12 @@ mac_mls_create_ifnet(struct ifnet *ifnet, struct label *ifnetlabel) } static void -mac_mls_create_ipq(struct mbuf *fragment, struct label *fragmentlabel, - struct ipq *ipq, struct label *ipqlabel) +mac_mls_create_ipq(struct mbuf *m, struct label *mlabel, struct ipq *ipq, + struct label *ipqlabel) { struct mac_mls *source, *dest; - source = SLOT(fragmentlabel); + source = SLOT(mlabel); dest = SLOT(ipqlabel); mac_mls_copy_effective(source, dest); @@ -1161,25 +1158,25 @@ mac_mls_create_ipq(struct mbuf *fragment, struct label *fragmentlabel, static void mac_mls_create_datagram_from_ipq(struct ipq *ipq, struct label *ipqlabel, - struct mbuf *datagram, struct label *datagramlabel) + struct mbuf *m, struct label *mlabel) { struct mac_mls *source, *dest; source = SLOT(ipqlabel); - dest = SLOT(datagramlabel); + dest = SLOT(mlabel); /* Just use the head, since we require them all to match. */ mac_mls_copy_effective(source, dest); } static void -mac_mls_create_fragment(struct mbuf *datagram, struct label *datagramlabel, - struct mbuf *fragment, struct label *fragmentlabel) +mac_mls_create_fragment(struct mbuf *m, struct label *mlabel, + struct mbuf *frag, struct label *fraglabel) { struct mac_mls *source, *dest; - source = SLOT(datagramlabel); - dest = SLOT(fragmentlabel); + source = SLOT(mlabel); + dest = SLOT(fraglabel); mac_mls_copy_effective(source, dest); } @@ -1197,92 +1194,92 @@ mac_mls_create_mbuf_from_inpcb(struct inpcb *inp, struct label *inplabel, } static void -mac_mls_create_mbuf_linklayer(struct ifnet *ifnet, struct label *ifnetlabel, - struct mbuf *mbuf, struct label *mbuflabel) +mac_mls_create_mbuf_linklayer(struct ifnet *ifp, struct label *ifplabel, + struct mbuf *m, struct label *mlabel) { struct mac_mls *dest; - dest = SLOT(mbuflabel); + dest = SLOT(mlabel); mac_mls_set_effective(dest, MAC_MLS_TYPE_EQUAL, 0, NULL); } static void -mac_mls_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct label *bpflabel, - struct mbuf *mbuf, struct label *mbuflabel) +mac_mls_create_mbuf_from_bpfdesc(struct bpf_d *d, struct label *dlabel, + struct mbuf *m, struct label *mlabel) { struct mac_mls *source, *dest; - source = SLOT(bpflabel); - dest = SLOT(mbuflabel); + source = SLOT(dlabel); + dest = SLOT(mlabel); mac_mls_copy_effective(source, dest); } static void -mac_mls_create_mbuf_from_ifnet(struct ifnet *ifnet, struct label *ifnetlabel, - struct mbuf *m, struct label *mbuflabel) +mac_mls_create_mbuf_from_ifnet(struct ifnet *ifp, struct label *ifplabel, + struct mbuf *m, struct label *mlabel) { struct mac_mls *source, *dest; - source = SLOT(ifnetlabel); - dest = SLOT(mbuflabel); + source = SLOT(ifplabel); + dest = SLOT(mlabel); mac_mls_copy_effective(source, dest); } static void -mac_mls_create_mbuf_multicast_encap(struct mbuf *oldmbuf, - struct label *oldmbuflabel, struct ifnet *ifnet, struct label *ifnetlabel, - struct mbuf *newmbuf, struct label *newmbuflabel) +mac_mls_create_mbuf_multicast_encap(struct mbuf *m, struct label *mlabel, + struct ifnet *ifp, struct label *ifplabel, struct mbuf *mnew, + struct label *mnewlabel) { struct mac_mls *source, *dest; - source = SLOT(oldmbuflabel); - dest = SLOT(newmbuflabel); + source = SLOT(mlabel); + dest = SLOT(mnewlabel); mac_mls_copy_effective(source, dest); } static void -mac_mls_create_mbuf_netlayer(struct mbuf *oldmbuf, struct label *oldmbuflabel, - struct mbuf *newmbuf, struct label *newmbuflabel) +mac_mls_create_mbuf_netlayer(struct mbuf *m, struct label *mlabel, + struct mbuf *mnew, struct label *mnewlabel) { struct mac_mls *source, *dest; - source = SLOT(oldmbuflabel); - dest = SLOT(newmbuflabel); + source = SLOT(mlabel); + dest = SLOT(mnewlabel); mac_mls_copy_effective(source, dest); } static int -mac_mls_fragment_match(struct mbuf *fragment, struct label *fragmentlabel, - struct ipq *ipq, struct label *ipqlabel) +mac_mls_fragment_match(struct mbuf *m, struct label *mlabel, struct ipq *ipq, + struct label *ipqlabel) { struct mac_mls *a, *b; a = SLOT(ipqlabel); - b = SLOT(fragmentlabel); + b = SLOT(mlabel); return (mac_mls_equal_effective(a, b)); } static void -mac_mls_relabel_ifnet(struct ucred *cred, struct ifnet *ifnet, - struct label *ifnetlabel, struct label *newlabel) +mac_mls_relabel_ifnet(struct ucred *cred, struct ifnet *ifp, + struct label *ifplabel, struct label *newlabel) { struct mac_mls *source, *dest; source = SLOT(newlabel); - dest = SLOT(ifnetlabel); + dest = SLOT(ifplabel); mac_mls_copy(source, dest); } static void -mac_mls_update_ipq(struct mbuf *fragment, struct label *fragmentlabel, - struct ipq *ipq, struct label *ipqlabel) +mac_mls_update_ipq(struct mbuf *m, struct label *mlabel, struct ipq *ipq, + struct label *ipqlabel) { /* NOOP: we only accept matching labels, so no need to update */ @@ -1301,11 +1298,11 @@ mac_mls_inpcb_sosetlabel(struct socket *so, struct label *solabel, } static void -mac_mls_create_mbuf_from_firewall(struct mbuf *m, struct label *mbuflabel) +mac_mls_create_mbuf_from_firewall(struct mbuf *m, struct label *mlabel) { struct mac_mls *dest; - dest = SLOT(mbuflabel); + dest = SLOT(mlabel); /* XXX: where is the label for the firewall really comming from? */ mac_mls_set_effective(dest, MAC_MLS_TYPE_EQUAL, 0, NULL); @@ -1323,12 +1320,12 @@ mac_mls_init_syncache_from_inpcb(struct label *label, struct inpcb *inp) static void mac_mls_create_mbuf_from_syncache(struct label *sc_label, struct mbuf *m, - struct label *mbuf_label) + struct label *mlabel) { struct mac_mls *source, *dest; source = SLOT(sc_label); - dest = SLOT(mbuf_label); + dest = SLOT(mlabel); mac_mls_copy_effective(source, dest); } @@ -1405,16 +1402,16 @@ mac_mls_cleanup_sysv_shm(struct label *shmlabel) * Access control checks. */ static int -mac_mls_check_bpfdesc_receive(struct bpf_d *bpf_d, struct label *bpflabel, - struct ifnet *ifnet, struct label *ifnetlabel) +mac_mls_check_bpfdesc_receive(struct bpf_d *d, struct label *dlabel, + struct ifnet *ifp, struct label *ifplabel) { struct mac_mls *a, *b; if (!mac_mls_enabled) return (0); - a = SLOT(bpflabel); - b = SLOT(ifnetlabel); + a = SLOT(dlabel); + b = SLOT(ifplabel); if (mac_mls_equal_effective(a, b)) return (0); @@ -1484,15 +1481,15 @@ mac_mls_check_cred_relabel(struct ucred *cred, struct label *newlabel) } static int -mac_mls_check_cred_visible(struct ucred *u1, struct ucred *u2) +mac_mls_check_cred_visible(struct ucred *cr1, struct ucred *cr2) { struct mac_mls *subj, *obj; if (!mac_mls_enabled) return (0); - subj = SLOT(u1->cr_label); - obj = SLOT(u2->cr_label); + subj = SLOT(cr1->cr_label); + obj = SLOT(cr2->cr_label); /* XXX: range */ if (!mac_mls_dominate_effective(subj, obj)) @@ -1502,8 +1499,8 @@ mac_mls_check_cred_visible(struct ucred *u1, struct ucred *u2) } static int -mac_mls_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifnet, - struct label *ifnetlabel, struct label *newlabel) +mac_mls_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifp, + struct label *ifplabel, struct label *newlabel) { struct mac_mls *subj, *new; int error; @@ -1528,16 +1525,16 @@ mac_mls_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifnet, } static int -mac_mls_check_ifnet_transmit(struct ifnet *ifnet, struct label *ifnetlabel, - struct mbuf *m, struct label *mbuflabel) +mac_mls_check_ifnet_transmit(struct ifnet *ifp, struct label *ifplabel, + struct mbuf *m, struct label *mlabel) { struct mac_mls *p, *i; if (!mac_mls_enabled) return (0); - p = SLOT(mbuflabel); - i = SLOT(ifnetlabel); + p = SLOT(mlabel); + i = SLOT(ifplabel); return (mac_mls_effective_in_range(p, i) ? 0 : EACCES); } @@ -1848,7 +1845,7 @@ mac_mls_check_mount_stat(struct ucred *cred, struct mount *mp, static int mac_mls_check_pipe_ioctl(struct ucred *cred, struct pipepair *pp, - struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data) + struct label *pplabel, unsigned long cmd, void /* caddr_t */ *data) { if(!mac_mls_enabled) @@ -1861,7 +1858,7 @@ mac_mls_check_pipe_ioctl(struct ucred *cred, struct pipepair *pp, static int mac_mls_check_pipe_poll(struct ucred *cred, struct pipepair *pp, - struct label *pipelabel) + struct label *pplabel) { struct mac_mls *subj, *obj; @@ -1869,7 +1866,7 @@ mac_mls_check_pipe_poll(struct ucred *cred, struct pipepair *pp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT((pipelabel)); + obj = SLOT(pplabel); if (!mac_mls_dominate_effective(subj, obj)) return (EACCES); @@ -1879,7 +1876,7 @@ mac_mls_check_pipe_poll(struct ucred *cred, struct pipepair *pp, static int mac_mls_check_pipe_read(struct ucred *cred, struct pipepair *pp, - struct label *pipelabel) + struct label *pplabel) { struct mac_mls *subj, *obj; @@ -1887,7 +1884,7 @@ mac_mls_check_pipe_read(struct ucred *cred, struct pipepair *pp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT((pipelabel)); + obj = SLOT(pplabel); if (!mac_mls_dominate_effective(subj, obj)) return (EACCES); @@ -1897,14 +1894,14 @@ mac_mls_check_pipe_read(struct ucred *cred, struct pipepair *pp, static int mac_mls_check_pipe_relabel(struct ucred *cred, struct pipepair *pp, - struct label *pipelabel, struct label *newlabel) + struct label *pplabel, struct label *newlabel) { struct mac_mls *subj, *obj, *new; int error; new = SLOT(newlabel); subj = SLOT(cred->cr_label); - obj = SLOT(pipelabel); + obj = SLOT(pplabel); /* * If there is an MLS label update for a pipe, it must be a @@ -1948,7 +1945,7 @@ mac_mls_check_pipe_relabel(struct ucred *cred, struct pipepair *pp, static int mac_mls_check_pipe_stat(struct ucred *cred, struct pipepair *pp, - struct label *pipelabel) + struct label *pplabel) { struct mac_mls *subj, *obj; @@ -1956,7 +1953,7 @@ mac_mls_check_pipe_stat(struct ucred *cred, struct pipepair *pp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT((pipelabel)); + obj = SLOT(pplabel); if (!mac_mls_dominate_effective(subj, obj)) return (EACCES); @@ -1966,7 +1963,7 @@ mac_mls_check_pipe_stat(struct ucred *cred, struct pipepair *pp, static int mac_mls_check_pipe_write(struct ucred *cred, struct pipepair *pp, - struct label *pipelabel) + struct label *pplabel) { struct mac_mls *subj, *obj; @@ -1974,7 +1971,7 @@ mac_mls_check_pipe_write(struct ucred *cred, struct pipepair *pp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT((pipelabel)); + obj = SLOT(pplabel); if (!mac_mls_dominate_effective(obj, subj)) return (EACCES); @@ -2019,7 +2016,7 @@ mac_mls_check_posix_sem_rdonly(struct ucred *cred, struct ksem *ksemptr, } static int -mac_mls_check_proc_debug(struct ucred *cred, struct proc *proc) +mac_mls_check_proc_debug(struct ucred *cred, struct proc *p) { struct mac_mls *subj, *obj; @@ -2027,7 +2024,7 @@ mac_mls_check_proc_debug(struct ucred *cred, struct proc *proc) return (0); subj = SLOT(cred->cr_label); - obj = SLOT(proc->p_ucred->cr_label); + obj = SLOT(p->p_ucred->cr_label); /* XXX: range checks */ if (!mac_mls_dominate_effective(subj, obj)) @@ -2039,7 +2036,7 @@ mac_mls_check_proc_debug(struct ucred *cred, struct proc *proc) } static int -mac_mls_check_proc_sched(struct ucred *cred, struct proc *proc) +mac_mls_check_proc_sched(struct ucred *cred, struct proc *p) { struct mac_mls *subj, *obj; @@ -2047,7 +2044,7 @@ mac_mls_check_proc_sched(struct ucred *cred, struct proc *proc) return (0); subj = SLOT(cred->cr_label); - obj = SLOT(proc->p_ucred->cr_label); + obj = SLOT(p->p_ucred->cr_label); /* XXX: range checks */ if (!mac_mls_dominate_effective(subj, obj)) @@ -2059,7 +2056,7 @@ mac_mls_check_proc_sched(struct ucred *cred, struct proc *proc) } static int -mac_mls_check_proc_signal(struct ucred *cred, struct proc *proc, int signum) +mac_mls_check_proc_signal(struct ucred *cred, struct proc *p, int signum) { struct mac_mls *subj, *obj; @@ -2067,7 +2064,7 @@ mac_mls_check_proc_signal(struct ucred *cred, struct proc *proc, int signum) return (0); subj = SLOT(cred->cr_label); - obj = SLOT(proc->p_ucred->cr_label); + obj = SLOT(p->p_ucred->cr_label); /* XXX: range checks */ if (!mac_mls_dominate_effective(subj, obj)) @@ -2079,30 +2076,30 @@ mac_mls_check_proc_signal(struct ucred *cred, struct proc *proc, int signum) } static int -mac_mls_check_socket_deliver(struct socket *so, struct label *socketlabel, - struct mbuf *m, struct label *mbuflabel) +mac_mls_check_socket_deliver(struct socket *so, struct label *solabel, + struct mbuf *m, struct label *mlabel) { struct mac_mls *p, *s; if (!mac_mls_enabled) return (0); - p = SLOT(mbuflabel); - s = SLOT(socketlabel); + p = SLOT(mlabel); + s = SLOT(solabel); return (mac_mls_equal_effective(p, s) ? 0 : EACCES); } static int -mac_mls_check_socket_relabel(struct ucred *cred, struct socket *socket, - struct label *socketlabel, struct label *newlabel) +mac_mls_check_socket_relabel(struct ucred *cred, struct socket *so, + struct label *solabel, struct label *newlabel) { struct mac_mls *subj, *obj, *new; int error; new = SLOT(newlabel); subj = SLOT(cred->cr_label); - obj = SLOT(socketlabel); + obj = SLOT(solabel); /* * If there is an MLS label update for the socket, it may be @@ -2145,8 +2142,8 @@ mac_mls_check_socket_relabel(struct ucred *cred, struct socket *socket, } static int -mac_mls_check_socket_visible(struct ucred *cred, struct socket *socket, - struct label *socketlabel) +mac_mls_check_socket_visible(struct ucred *cred, struct socket *so, + struct label *solabel) { struct mac_mls *subj, *obj; @@ -2154,7 +2151,7 @@ mac_mls_check_socket_visible(struct ucred *cred, struct socket *socket, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(socketlabel); + obj = SLOT(solabel); if (!mac_mls_dominate_effective(subj, obj)) return (ENOENT); @@ -2164,7 +2161,7 @@ mac_mls_check_socket_visible(struct ucred *cred, struct socket *socket, static int mac_mls_check_system_acct(struct ucred *cred, struct vnode *vp, - struct label *label) + struct label *vplabel) { struct mac_mls *subj, *obj; @@ -2172,7 +2169,7 @@ mac_mls_check_system_acct(struct ucred *cred, struct vnode *vp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(label); + obj = SLOT(vplabel); if (!mac_mls_dominate_effective(obj, subj) || !mac_mls_dominate_effective(subj, obj)) @@ -2183,7 +2180,7 @@ mac_mls_check_system_acct(struct ucred *cred, struct vnode *vp, static int mac_mls_check_system_auditctl(struct ucred *cred, struct vnode *vp, - struct label *label) + struct label *vplabel) { struct mac_mls *subj, *obj; @@ -2191,7 +2188,7 @@ mac_mls_check_system_auditctl(struct ucred *cred, struct vnode *vp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(label); + obj = SLOT(vplabel); if (!mac_mls_dominate_effective(obj, subj) || !mac_mls_dominate_effective(subj, obj)) @@ -2202,7 +2199,7 @@ mac_mls_check_system_auditctl(struct ucred *cred, struct vnode *vp, static int mac_mls_check_system_swapon(struct ucred *cred, struct vnode *vp, - struct label *label) + struct label *vplabel) { struct mac_mls *subj, *obj; @@ -2210,7 +2207,7 @@ mac_mls_check_system_swapon(struct ucred *cred, struct vnode *vp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(label); + obj = SLOT(vplabel); if (!mac_mls_dominate_effective(obj, subj) || !mac_mls_dominate_effective(subj, obj)) @@ -2221,7 +2218,7 @@ mac_mls_check_system_swapon(struct ucred *cred, struct vnode *vp, static int mac_mls_check_vnode_chdir(struct ucred *cred, struct vnode *dvp, - struct label *dlabel) + struct label *dvplabel) { struct mac_mls *subj, *obj; @@ -2229,7 +2226,7 @@ mac_mls_check_vnode_chdir(struct ucred *cred, struct vnode *dvp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(dlabel); + obj = SLOT(dvplabel); if (!mac_mls_dominate_effective(subj, obj)) return (EACCES); @@ -2239,7 +2236,7 @@ mac_mls_check_vnode_chdir(struct ucred *cred, struct vnode *dvp, static int mac_mls_check_vnode_chroot(struct ucred *cred, struct vnode *dvp, - struct label *dlabel) + struct label *dvplabel) { struct mac_mls *subj, *obj; @@ -2247,7 +2244,7 @@ mac_mls_check_vnode_chroot(struct ucred *cred, struct vnode *dvp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(dlabel); + obj = SLOT(dvplabel); if (!mac_mls_dominate_effective(subj, obj)) return (EACCES); @@ -2257,7 +2254,7 @@ mac_mls_check_vnode_chroot(struct ucred *cred, struct vnode *dvp, static int mac_mls_check_vnode_create(struct ucred *cred, struct vnode *dvp, - struct label *dlabel, struct componentname *cnp, struct vattr *vap) + struct label *dvplabel, struct componentname *cnp, struct vattr *vap) { struct mac_mls *subj, *obj; @@ -2265,7 +2262,7 @@ mac_mls_check_vnode_create(struct ucred *cred, struct vnode *dvp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(dlabel); + obj = SLOT(dvplabel); if (!mac_mls_dominate_effective(obj, subj)) return (EACCES); @@ -2275,7 +2272,7 @@ mac_mls_check_vnode_create(struct ucred *cred, struct vnode *dvp, static int mac_mls_check_vnode_delete(struct ucred *cred, struct vnode *dvp, - struct label *dlabel, struct vnode *vp, struct label *label, + struct label *dvplabel, struct vnode *vp, struct label *vplabel, struct componentname *cnp) { struct mac_mls *subj, *obj; @@ -2284,12 +2281,12 @@ mac_mls_check_vnode_delete(struct ucred *cred, struct vnode *dvp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(dlabel); + obj = SLOT(dvplabel); if (!mac_mls_dominate_effective(obj, subj)) return (EACCES); - obj = SLOT(label); + obj = SLOT(vplabel); if (!mac_mls_dominate_effective(obj, subj)) return (EACCES); @@ -2299,7 +2296,7 @@ mac_mls_check_vnode_delete(struct ucred *cred, struct vnode *dvp, static int mac_mls_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, - struct label *label, acl_type_t type) + struct label *vplabel, acl_type_t type) { struct mac_mls *subj, *obj; @@ -2307,7 +2304,7 @@ mac_mls_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(label); + obj = SLOT(vplabel); if (!mac_mls_dominate_effective(obj, subj)) return (EACCES); @@ -2317,7 +2314,7 @@ mac_mls_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, static int mac_mls_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp, - struct label *label, int attrnamespace, const char *name) + struct label *vplabel, int attrnamespace, const char *name) { struct mac_mls *subj, *obj; @@ -2325,7 +2322,7 @@ mac_mls_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(label); + obj = SLOT(vplabel); if (!mac_mls_dominate_effective(obj, subj)) return (EACCES); @@ -2335,7 +2332,7 @@ mac_mls_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp, static int mac_mls_check_vnode_exec(struct ucred *cred, struct vnode *vp, - struct label *label, struct image_params *imgp, + struct label *vplabel, struct image_params *imgp, struct label *execlabel) { struct mac_mls *subj, *obj, *exec; @@ -2357,7 +2354,7 @@ mac_mls_check_vnode_exec(struct ucred *cred, struct vnode *vp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(label); + obj = SLOT(vplabel); if (!mac_mls_dominate_effective(subj, obj)) return (EACCES); @@ -2367,7 +2364,7 @@ mac_mls_check_vnode_exec(struct ucred *cred, struct vnode *vp, static int mac_mls_check_vnode_getacl(struct ucred *cred, struct vnode *vp, - struct label *label, acl_type_t type) + struct label *vplabel, acl_type_t type) { struct mac_mls *subj, *obj; @@ -2375,7 +2372,7 @@ mac_mls_check_vnode_getacl(struct ucred *cred, struct vnode *vp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(label); + obj = SLOT(vplabel); if (!mac_mls_dominate_effective(subj, obj)) return (EACCES); @@ -2385,7 +2382,8 @@ mac_mls_check_vnode_getacl(struct ucred *cred, struct vnode *vp, static int mac_mls_check_vnode_getextattr(struct ucred *cred, struct vnode *vp, - struct label *label, int attrnamespace, const char *name, struct uio *uio) + struct label *vplabel, int attrnamespace, const char *name, + struct uio *uio) { struct mac_mls *subj, *obj; @@ -2393,7 +2391,7 @@ mac_mls_check_vnode_getextattr(struct ucred *cred, struct vnode *vp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(label); + obj = SLOT(vplabel); if (!mac_mls_dominate_effective(subj, obj)) return (EACCES); @@ -2403,7 +2401,7 @@ mac_mls_check_vnode_getextattr(struct ucred *cred, struct vnode *vp, static int mac_mls_check_vnode_link(struct ucred *cred, struct vnode *dvp, - struct label *dlabel, struct vnode *vp, struct label *label, + struct label *dvplabel, struct vnode *vp, struct label *vplabel, struct componentname *cnp) { struct mac_mls *subj, *obj; @@ -2412,12 +2410,12 @@ mac_mls_check_vnode_link(struct ucred *cred, struct vnode *dvp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(dlabel); + obj = SLOT(dvplabel); if (!mac_mls_dominate_effective(obj, subj)) return (EACCES); - obj = SLOT(dlabel); + obj = SLOT(dvplabel); if (!mac_mls_dominate_effective(obj, subj)) return (EACCES); @@ -2426,7 +2424,7 @@ mac_mls_check_vnode_link(struct ucred *cred, struct vnode *dvp, static int mac_mls_check_vnode_listextattr(struct ucred *cred, struct vnode *vp, - struct label *label, int attrnamespace) + struct label *vplabel, int attrnamespace) { struct mac_mls *subj, *obj; @@ -2435,7 +2433,7 @@ mac_mls_check_vnode_listextattr(struct ucred *cred, struct vnode *vp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(label); + obj = SLOT(vplabel); if (!mac_mls_dominate_effective(subj, obj)) return (EACCES); @@ -2445,7 +2443,7 @@ mac_mls_check_vnode_listextattr(struct ucred *cred, struct vnode *vp, static int mac_mls_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, - struct label *dlabel, struct componentname *cnp) + struct label *dvplabel, struct componentname *cnp) { struct mac_mls *subj, *obj; @@ -2453,7 +2451,7 @@ mac_mls_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(dlabel); + obj = SLOT(dvplabel); if (!mac_mls_dominate_effective(subj, obj)) return (EACCES); @@ -2463,7 +2461,7 @@ mac_mls_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, static int mac_mls_check_vnode_mmap(struct ucred *cred, struct vnode *vp, - struct label *label, int prot, int flags) + struct label *vplabel, int prot, int flags) { struct mac_mls *subj, *obj; @@ -2475,7 +2473,7 @@ mac_mls_check_vnode_mmap(struct ucred *cred, struct vnode *vp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(label); + obj = SLOT(vplabel); if (prot & (VM_PROT_READ | VM_PROT_EXECUTE)) { if (!mac_mls_dominate_effective(subj, obj)) @@ -2491,7 +2489,7 @@ mac_mls_check_vnode_mmap(struct ucred *cred, struct vnode *vp, static int mac_mls_check_vnode_open(struct ucred *cred, struct vnode *vp, - struct label *vnodelabel, int acc_mode) + struct label *vplabel, int acc_mode) { struct mac_mls *subj, *obj; @@ -2499,7 +2497,7 @@ mac_mls_check_vnode_open(struct ucred *cred, struct vnode *vp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(vnodelabel); + obj = SLOT(vplabel); /* XXX privilege override for admin? */ if (acc_mode & (VREAD | VEXEC | VSTAT)) { @@ -2516,7 +2514,7 @@ mac_mls_check_vnode_open(struct ucred *cred, struct vnode *vp, static int mac_mls_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred, - struct vnode *vp, struct label *label) + struct vnode *vp, struct label *vplabel) { struct mac_mls *subj, *obj; @@ -2524,7 +2522,7 @@ mac_mls_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred, return (0); subj = SLOT(active_cred->cr_label); - obj = SLOT(label); + obj = SLOT(vplabel); if (!mac_mls_dominate_effective(subj, obj)) return (EACCES); @@ -2534,7 +2532,7 @@ mac_mls_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred, static int mac_mls_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred, - struct vnode *vp, struct label *label) + struct vnode *vp, struct label *vplabel) { struct mac_mls *subj, *obj; @@ -2542,7 +2540,7 @@ mac_mls_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred, return (0); subj = SLOT(active_cred->cr_label); - obj = SLOT(label); + obj = SLOT(vplabel); if (!mac_mls_dominate_effective(subj, obj)) return (EACCES); @@ -2552,7 +2550,7 @@ mac_mls_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred, static int mac_mls_check_vnode_readdir(struct ucred *cred, struct vnode *dvp, - struct label *dlabel) + struct label *dvplabel) { struct mac_mls *subj, *obj; @@ -2560,7 +2558,7 @@ mac_mls_check_vnode_readdir(struct ucred *cred, struct vnode *dvp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(dlabel); + obj = SLOT(dvplabel); if (!mac_mls_dominate_effective(subj, obj)) return (EACCES); @@ -2570,7 +2568,7 @@ mac_mls_check_vnode_readdir(struct ucred *cred, struct vnode *dvp, static int mac_mls_check_vnode_readlink(struct ucred *cred, struct vnode *vp, - struct label *vnodelabel) + struct label *vplabel) { struct mac_mls *subj, *obj; @@ -2578,7 +2576,7 @@ mac_mls_check_vnode_readlink(struct ucred *cred, struct vnode *vp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(vnodelabel); + obj = SLOT(vplabel); if (!mac_mls_dominate_effective(subj, obj)) return (EACCES); @@ -2588,12 +2586,12 @@ mac_mls_check_vnode_readlink(struct ucred *cred, struct vnode *vp, static int mac_mls_check_vnode_relabel(struct ucred *cred, struct vnode *vp, - struct label *vnodelabel, struct label *newlabel) + struct label *vplabel, struct label *newlabel) { struct mac_mls *old, *new, *subj; int error; - old = SLOT(vnodelabel); + old = SLOT(vplabel); new = SLOT(newlabel); subj = SLOT(cred->cr_label); @@ -2637,10 +2635,9 @@ mac_mls_check_vnode_relabel(struct ucred *cred, struct vnode *vp, return (0); } - static int mac_mls_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp, - struct label *dlabel, struct vnode *vp, struct label *label, + struct label *dvplabel, struct vnode *vp, struct label *vplabel, struct componentname *cnp) { struct mac_mls *subj, *obj; @@ -2649,12 +2646,12 @@ mac_mls_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(dlabel); + obj = SLOT(dvplabel); if (!mac_mls_dominate_effective(obj, subj)) return (EACCES); - obj = SLOT(label); + obj = SLOT(vplabel); if (!mac_mls_dominate_effective(obj, subj)) return (EACCES); @@ -2664,8 +2661,8 @@ mac_mls_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp, static int mac_mls_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp, - struct label *dlabel, struct vnode *vp, struct label *label, int samedir, - struct componentname *cnp) + struct label *dvplabel, struct vnode *vp, struct label *vplabel, + int samedir, struct componentname *cnp) { struct mac_mls *subj, *obj; @@ -2673,13 +2670,13 @@ mac_mls_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(dlabel); + obj = SLOT(dvplabel); if (!mac_mls_dominate_effective(obj, subj)) return (EACCES); if (vp != NULL) { - obj = SLOT(label); + obj = SLOT(vplabel); if (!mac_mls_dominate_effective(obj, subj)) return (EACCES); @@ -2690,7 +2687,7 @@ mac_mls_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp, static int mac_mls_check_vnode_revoke(struct ucred *cred, struct vnode *vp, - struct label *label) + struct label *vplabel) { struct mac_mls *subj, *obj; @@ -2698,7 +2695,7 @@ mac_mls_check_vnode_revoke(struct ucred *cred, struct vnode *vp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(label); + obj = SLOT(vplabel); if (!mac_mls_dominate_effective(obj, subj)) return (EACCES); @@ -2708,7 +2705,7 @@ mac_mls_check_vnode_revoke(struct ucred *cred, struct vnode *vp, static int mac_mls_check_vnode_setacl(struct ucred *cred, struct vnode *vp, - struct label *label, acl_type_t type, struct acl *acl) + struct label *vplabel, acl_type_t type, struct acl *acl) { struct mac_mls *subj, *obj; @@ -2716,7 +2713,7 @@ mac_mls_check_vnode_setacl(struct ucred *cred, struct vnode *vp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(label); + obj = SLOT(vplabel); if (!mac_mls_dominate_effective(obj, subj)) return (EACCES); @@ -2726,7 +2723,7 @@ mac_mls_check_vnode_setacl(struct ucred *cred, struct vnode *vp, static int mac_mls_check_vnode_setextattr(struct ucred *cred, struct vnode *vp, - struct label *vnodelabel, int attrnamespace, const char *name, + struct label *vplabel, int attrnamespace, const char *name, struct uio *uio) { struct mac_mls *subj, *obj; @@ -2735,7 +2732,7 @@ mac_mls_check_vnode_setextattr(struct ucred *cred, struct vnode *vp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(vnodelabel); + obj = SLOT(vplabel); if (!mac_mls_dominate_effective(obj, subj)) return (EACCES); @@ -2747,7 +2744,7 @@ mac_mls_check_vnode_setextattr(struct ucred *cred, struct vnode *vp, static int mac_mls_check_vnode_setflags(struct ucred *cred, struct vnode *vp, - struct label *vnodelabel, u_long flags) + struct label *vplabel, u_long flags) { struct mac_mls *subj, *obj; @@ -2755,7 +2752,7 @@ mac_mls_check_vnode_setflags(struct ucred *cred, struct vnode *vp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(vnodelabel); + obj = SLOT(vplabel); if (!mac_mls_dominate_effective(obj, subj)) return (EACCES); @@ -2765,7 +2762,7 @@ mac_mls_check_vnode_setflags(struct ucred *cred, struct vnode *vp, static int mac_mls_check_vnode_setmode(struct ucred *cred, struct vnode *vp, - struct label *vnodelabel, mode_t mode) + struct label *vplabel, mode_t mode) { struct mac_mls *subj, *obj; @@ -2773,7 +2770,7 @@ mac_mls_check_vnode_setmode(struct ucred *cred, struct vnode *vp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(vnodelabel); + obj = SLOT(vplabel); if (!mac_mls_dominate_effective(obj, subj)) return (EACCES); @@ -2783,7 +2780,7 @@ mac_mls_check_vnode_setmode(struct ucred *cred, struct vnode *vp, static int mac_mls_check_vnode_setowner(struct ucred *cred, struct vnode *vp, - struct label *vnodelabel, uid_t uid, gid_t gid) + struct label *vplabel, uid_t uid, gid_t gid) { struct mac_mls *subj, *obj; @@ -2791,7 +2788,7 @@ mac_mls_check_vnode_setowner(struct ucred *cred, struct vnode *vp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(vnodelabel); + obj = SLOT(vplabel); if (!mac_mls_dominate_effective(obj, subj)) return (EACCES); @@ -2801,7 +2798,7 @@ mac_mls_check_vnode_setowner(struct ucred *cred, struct vnode *vp, static int mac_mls_check_vnode_setutimes(struct ucred *cred, struct vnode *vp, - struct label *vnodelabel, struct timespec atime, struct timespec mtime) + struct label *vplabel, struct timespec atime, struct timespec mtime) { struct mac_mls *subj, *obj; @@ -2809,7 +2806,7 @@ mac_mls_check_vnode_setutimes(struct ucred *cred, struct vnode *vp, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(vnodelabel); + obj = SLOT(vplabel); if (!mac_mls_dominate_effective(obj, subj)) return (EACCES); @@ -2819,7 +2816,7 @@ mac_mls_check_vnode_setutimes(struct ucred *cred, struct vnode *vp, static int mac_mls_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred, - struct vnode *vp, struct label *vnodelabel) + struct vnode *vp, struct label *vplabel) { struct mac_mls *subj, *obj; @@ -2827,7 +2824,7 @@ mac_mls_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred, return (0); subj = SLOT(active_cred->cr_label); - obj = SLOT(vnodelabel); + obj = SLOT(vplabel); if (!mac_mls_dominate_effective(subj, obj)) return (EACCES); @@ -2837,7 +2834,7 @@ mac_mls_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred, static int mac_mls_check_vnode_write(struct ucred *active_cred, struct ucred *file_cred, - struct vnode *vp, struct label *label) + struct vnode *vp, struct label *vplabel) { struct mac_mls *subj, *obj; @@ -2845,7 +2842,7 @@ mac_mls_check_vnode_write(struct ucred *active_cred, struct ucred *file_cred, return (0); subj = SLOT(active_cred->cr_label); - obj = SLOT(label); + obj = SLOT(vplabel); if (!mac_mls_dominate_effective(obj, subj)) return (EACCES); diff --git a/sys/security/mac_partition/mac_partition.c b/sys/security/mac_partition/mac_partition.c index 7a566b9..c418d3f 100644 --- a/sys/security/mac_partition/mac_partition.c +++ b/sys/security/mac_partition/mac_partition.c @@ -174,60 +174,61 @@ mac_partition_check_cred_relabel(struct ucred *cred, struct label *newlabel) } static int -mac_partition_check_cred_visible(struct ucred *u1, struct ucred *u2) +mac_partition_check_cred_visible(struct ucred *cr1, struct ucred *cr2) { int error; - error = label_on_label(u1->cr_label, u2->cr_label); + error = label_on_label(cr1->cr_label, cr2->cr_label); return (error == 0 ? 0 : ESRCH); } static int -mac_partition_check_proc_debug(struct ucred *cred, struct proc *proc) +mac_partition_check_proc_debug(struct ucred *cred, struct proc *p) { int error; - error = label_on_label(cred->cr_label, proc->p_ucred->cr_label); + error = label_on_label(cred->cr_label, p->p_ucred->cr_label); return (error ? ESRCH : 0); } static int -mac_partition_check_proc_sched(struct ucred *cred, struct proc *proc) +mac_partition_check_proc_sched(struct ucred *cred, struct proc *p) { int error; - error = label_on_label(cred->cr_label, proc->p_ucred->cr_label); + error = label_on_label(cred->cr_label, p->p_ucred->cr_label); return (error ? ESRCH : 0); } static int -mac_partition_check_proc_signal(struct ucred *cred, struct proc *proc, +mac_partition_check_proc_signal(struct ucred *cred, struct proc *p, int signum) { int error; - error = label_on_label(cred->cr_label, proc->p_ucred->cr_label); + error = label_on_label(cred->cr_label, p->p_ucred->cr_label); return (error ? ESRCH : 0); } static int -mac_partition_check_socket_visible(struct ucred *cred, struct socket *socket, - struct label *socketlabel) +mac_partition_check_socket_visible(struct ucred *cred, struct socket *so, + struct label *solabel) { int error; - error = label_on_label(cred->cr_label, socketlabel); + error = label_on_label(cred->cr_label, solabel); return (error ? ENOENT : 0); } static int mac_partition_check_vnode_exec(struct ucred *cred, struct vnode *vp, - struct label *label, struct image_params *imgp, struct label *execlabel) + struct label *vplabel, struct image_params *imgp, + struct label *execlabel) { if (execlabel != NULL) { diff --git a/sys/security/mac_portacl/mac_portacl.c b/sys/security/mac_portacl/mac_portacl.c index 113f254..9adccba 100644 --- a/sys/security/mac_portacl/mac_portacl.c +++ b/sys/security/mac_portacl/mac_portacl.c @@ -432,7 +432,7 @@ rules_check(struct ucred *cred, int family, int type, u_int16_t port) */ static int check_socket_bind(struct ucred *cred, struct socket *so, - struct label *socketlabel, struct sockaddr *sockaddr) + struct label *solabel, struct sockaddr *sa) { struct sockaddr_in *sin; struct inpcb *inp; @@ -454,13 +454,12 @@ check_socket_bind(struct ucred *cred, struct socket *so, return (0); /* Reject addresses we don't understand; fail closed. */ - if (sockaddr->sa_family != AF_INET && - sockaddr->sa_family != AF_INET6) + if (sa->sa_family != AF_INET && sa->sa_family != AF_INET6) return (EINVAL); family = so->so_proto->pr_domain->dom_family; type = so->so_type; - sin = (struct sockaddr_in *) sockaddr; + sin = (struct sockaddr_in *) sa; port = ntohs(sin->sin_port); /* diff --git a/sys/security/mac_seeotheruids/mac_seeotheruids.c b/sys/security/mac_seeotheruids/mac_seeotheruids.c index 63278f1..c87c865 100644 --- a/sys/security/mac_seeotheruids/mac_seeotheruids.c +++ b/sys/security/mac_seeotheruids/mac_seeotheruids.c @@ -36,6 +36,7 @@ /* * Developed by the TrustedBSD Project. + * * Prevent processes owned by a particular uid from seeing various transient * kernel objects associated with other uids. */ @@ -92,27 +93,28 @@ SYSCTL_INT(_security_mac_seeotheruids, OID_AUTO, specificgid, CTLFLAG_RW, &specificgid, 0, "Specific gid to be exempt from seeotheruids policy"); static int -mac_seeotheruids_check(struct ucred *u1, struct ucred *u2) +mac_seeotheruids_check(struct ucred *cr1, struct ucred *cr2) { if (!mac_seeotheruids_enabled) return (0); if (primarygroup_enabled) { - if (u1->cr_rgid == u2->cr_rgid) + if (cr1->cr_rgid == cr2->cr_rgid) return (0); } if (specificgid_enabled) { - if (u1->cr_rgid == specificgid || groupmember(specificgid, u1)) + if (cr1->cr_rgid == specificgid || + groupmember(specificgid, cr1)) return (0); } - if (u1->cr_ruid == u2->cr_ruid) + if (cr1->cr_ruid == cr2->cr_ruid) return (0); if (suser_privileged) { - if (priv_check_cred(u1, PRIV_SEEOTHERUIDS, SUSER_ALLOWJAIL) + if (priv_check_cred(cr1, PRIV_SEEOTHERUIDS, SUSER_ALLOWJAIL) == 0) return (0); } @@ -121,40 +123,40 @@ mac_seeotheruids_check(struct ucred *u1, struct ucred *u2) } static int -mac_seeotheruids_check_cred_visible(struct ucred *u1, struct ucred *u2) +mac_seeotheruids_check_cred_visible(struct ucred *cr1, struct ucred *cr2) { - return (mac_seeotheruids_check(u1, u2)); + return (mac_seeotheruids_check(cr1, cr2)); } static int -mac_seeotheruids_check_proc_signal(struct ucred *cred, struct proc *proc, +mac_seeotheruids_check_proc_signal(struct ucred *cred, struct proc *p, int signum) { - return (mac_seeotheruids_check(cred, proc->p_ucred)); + return (mac_seeotheruids_check(cred, p->p_ucred)); } static int -mac_seeotheruids_check_proc_sched(struct ucred *cred, struct proc *proc) +mac_seeotheruids_check_proc_sched(struct ucred *cred, struct proc *p) { - return (mac_seeotheruids_check(cred, proc->p_ucred)); + return (mac_seeotheruids_check(cred, p->p_ucred)); } static int -mac_seeotheruids_check_proc_debug(struct ucred *cred, struct proc *proc) +mac_seeotheruids_check_proc_debug(struct ucred *cred, struct proc *p) { - return (mac_seeotheruids_check(cred, proc->p_ucred)); + return (mac_seeotheruids_check(cred, p->p_ucred)); } static int -mac_seeotheruids_check_socket_visible(struct ucred *cred, struct socket *socket, - struct label *socketlabel) +mac_seeotheruids_check_socket_visible(struct ucred *cred, struct socket *so, + struct label *solabel) { - return (mac_seeotheruids_check(cred, socket->so_cred)); + return (mac_seeotheruids_check(cred, so->so_cred)); } static struct mac_policy_ops mac_seeotheruids_ops = diff --git a/sys/security/mac_stub/mac_stub.c b/sys/security/mac_stub/mac_stub.c index 822dd36..d924395 100644 --- a/sys/security/mac_stub/mac_stub.c +++ b/sys/security/mac_stub/mac_stub.c @@ -163,16 +163,16 @@ stub_internalize_label(struct label *label, char *element_name, * a lot like file system objects. */ static void -stub_associate_vnode_devfs(struct mount *mp, struct label *mntlabel, +stub_associate_vnode_devfs(struct mount *mp, struct label *mplabel, struct devfs_dirent *de, struct label *delabel, struct vnode *vp, - struct label *vlabel) + struct label *vplabel) { } static int -stub_associate_vnode_extattr(struct mount *mp, struct label *mntlabel, - struct vnode *vp, struct label *vlabel) +stub_associate_vnode_extattr(struct mount *mp, struct label *mplabel, + struct vnode *vp, struct label *vplabel) { return (0); @@ -180,7 +180,7 @@ stub_associate_vnode_extattr(struct mount *mp, struct label *mntlabel, static void stub_associate_vnode_singlelabel(struct mount *mp, - struct label *mntlabel, struct vnode *vp, struct label *vlabel) + struct label *mplabel, struct vnode *vp, struct label *vplabel) { } @@ -193,14 +193,14 @@ stub_associate_nfsd_label(struct ucred *cred) static void stub_create_devfs_device(struct ucred *cred, struct mount *mp, - struct cdev *dev, struct devfs_dirent *devfs_dirent, struct label *label) + struct cdev *dev, struct devfs_dirent *de, struct label *delabel) { } static void stub_create_devfs_directory(struct mount *mp, char *dirname, - int dirnamelen, struct devfs_dirent *devfs_dirent, struct label *label) + int dirnamelen, struct devfs_dirent *de, struct label *delabel) { } @@ -215,8 +215,8 @@ stub_create_devfs_symlink(struct ucred *cred, struct mount *mp, static int stub_create_vnode_extattr(struct ucred *cred, struct mount *mp, - struct label *mntlabel, struct vnode *dvp, struct label *dlabel, - struct vnode *vp, struct label *vlabel, struct componentname *cnp) + struct label *mntlabel, struct vnode *dvp, struct label *dvplabel, + struct vnode *vp, struct label *vplabel, struct componentname *cnp) { return (0); @@ -224,30 +224,29 @@ stub_create_vnode_extattr(struct ucred *cred, struct mount *mp, static void stub_create_mount(struct ucred *cred, struct mount *mp, - struct label *mntlabel) + struct label *mplabel) { } static void stub_relabel_vnode(struct ucred *cred, struct vnode *vp, - struct label *vnodelabel, struct label *label) + struct label *vplabel, struct label *label) { } static int stub_setlabel_vnode_extattr(struct ucred *cred, struct vnode *vp, - struct label *vlabel, struct label *intlabel) + struct label *vplabel, struct label *intlabel) { return (0); } static void -stub_update_devfsdirent(struct mount *mp, - struct devfs_dirent *devfs_dirent, struct label *direntlabel, - struct vnode *vp, struct label *vnodelabel) +stub_update_devfsdirent(struct mount *mp, struct devfs_dirent *de, + struct label *delabel, struct vnode *vp, struct label *vplabel) { } @@ -256,22 +255,22 @@ stub_update_devfsdirent(struct mount *mp, * Labeling event operations: IPC object. */ static void -stub_create_mbuf_from_socket(struct socket *so, struct label *socketlabel, - struct mbuf *m, struct label *mbuflabel) +stub_create_mbuf_from_socket(struct socket *so, struct label *solabel, + struct mbuf *m, struct label *mlabel) { } static void -stub_create_socket(struct ucred *cred, struct socket *socket, - struct label *socketlabel) +stub_create_socket(struct ucred *cred, struct socket *so, + struct label *solabel) { } static void stub_create_pipe(struct ucred *cred, struct pipepair *pp, - struct label *pipelabel) + struct label *pplabel) { } @@ -284,38 +283,37 @@ stub_create_posix_sem(struct ucred *cred, struct ksem *ksemptr, } static void -stub_create_socket_from_socket(struct socket *oldsocket, - struct label *oldsocketlabel, struct socket *newsocket, - struct label *newsocketlabel) +stub_create_socket_from_socket(struct socket *oldso, + struct label *oldsolabel, struct socket *newso, struct label *newsolabel) { } static void -stub_relabel_socket(struct ucred *cred, struct socket *socket, - struct label *socketlabel, struct label *newlabel) +stub_relabel_socket(struct ucred *cred, struct socket *so, + struct label *solabel, struct label *newlabel) { } static void stub_relabel_pipe(struct ucred *cred, struct pipepair *pp, - struct label *pipelabel, struct label *newlabel) + struct label *pplabel, struct label *newlabel) { } static void -stub_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel, - struct socket *socket, struct label *socketpeerlabel) +stub_set_socket_peer_from_mbuf(struct mbuf *m, struct label *mlabel, + struct socket *so, struct label *sopeerlabel) { } static void -stub_set_socket_peer_from_socket(struct socket *oldsocket, - struct label *oldsocketlabel, struct socket *newsocket, - struct label *newsocketpeerlabel) +stub_set_socket_peer_from_socket(struct socket *oldso, + struct label *oldsolabel, struct socket *newso, + struct label *newsopeerlabel) { } @@ -324,28 +322,28 @@ stub_set_socket_peer_from_socket(struct socket *oldsocket, * Labeling event operations: network objects. */ static void -stub_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d, - struct label *bpflabel) +stub_create_bpfdesc(struct ucred *cred, struct bpf_d *d, + struct label *dlabel) { } static void stub_create_datagram_from_ipq(struct ipq *ipq, struct label *ipqlabel, - struct mbuf *datagram, struct label *datagramlabel) + struct mbuf *m, struct label *mlabel) { } static void -stub_create_fragment(struct mbuf *datagram, struct label *datagramlabel, - struct mbuf *fragment, struct label *fragmentlabel) +stub_create_fragment(struct mbuf *m, struct label *mlabel, struct mbuf *frag, + struct label *fraglabel) { } static void -stub_create_ifnet(struct ifnet *ifnet, struct label *ifnetlabel) +stub_create_ifnet(struct ifnet *ifp, struct label *ifplabel) { } @@ -392,8 +390,8 @@ stub_create_sysv_shm(struct ucred *cred, struct shmid_kernel *shmsegptr, } static void -stub_create_ipq(struct mbuf *fragment, struct label *fragmentlabel, - struct ipq *ipq, struct label *ipqlabel) +stub_create_ipq(struct mbuf *m, struct label *mlabel, struct ipq *ipq, + struct label *ipqlabel) { } @@ -407,57 +405,56 @@ stub_create_mbuf_from_inpcb(struct inpcb *inp, struct label *inplabel, static void stub_create_mbuf_from_syncache(struct label *sc_label, struct mbuf *m, - - struct label *mbuf_label) + struct label *mlabel) { } static void stub_create_mbuf_linklayer(struct ifnet *ifnet, struct label *ifnetlabel, - struct mbuf *mbuf, struct label *mbuflabel) + struct mbuf *m, struct label *mlabel) { } static void -stub_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct label *bpflabel, - struct mbuf *mbuf, struct label *mbuflabel) +stub_create_mbuf_from_bpfdesc(struct bpf_d *d, struct label *dlabel, + struct mbuf *m, struct label *mlabel) { } static void -stub_create_mbuf_from_ifnet(struct ifnet *ifnet, struct label *ifnetlabel, - struct mbuf *m, struct label *mbuflabel) +stub_create_mbuf_from_ifnet(struct ifnet *ifp, struct label *ifplabel, + struct mbuf *m, struct label *mlabel) { } static void -stub_create_mbuf_multicast_encap(struct mbuf *oldmbuf, - struct label *oldmbuflabel, struct ifnet *ifnet, struct label *ifnetlabel, - struct mbuf *newmbuf, struct label *newmbuflabel) +stub_create_mbuf_multicast_encap(struct mbuf *m, struct label *mlabel, + struct ifnet *ifp, struct label *ifplabel, struct mbuf *mnew, + struct label *mnewlabel) { } static void -stub_create_mbuf_netlayer(struct mbuf *oldmbuf, - struct label *oldmbuflabel, struct mbuf *newmbuf, struct label *newmbuflabel) +stub_create_mbuf_netlayer(struct mbuf *m, struct label *mlabel, + struct mbuf *mnew, struct label *mnewlabel) { } static void -stub_create_mbuf_from_firewall(struct mbuf *m, struct label *label) +stub_create_mbuf_from_firewall(struct mbuf *m, struct label *mlabel) { } static int -stub_fragment_match(struct mbuf *fragment, struct label *fragmentlabel, - struct ipq *ipq, struct label *ipqlabel) +stub_fragment_match(struct mbuf *m, struct label *mlabel, struct ipq *ipq, + struct label *ipqlabel) { return (1); @@ -476,15 +473,15 @@ stub_reflect_mbuf_tcp(struct mbuf *m, struct label *mlabel) } static void -stub_relabel_ifnet(struct ucred *cred, struct ifnet *ifnet, - struct label *ifnetlabel, struct label *newlabel) +stub_relabel_ifnet(struct ucred *cred, struct ifnet *ifp, + struct label *ifplabel, struct label *newlabel) { } static void -stub_update_ipq(struct mbuf *fragment, struct label *fragmentlabel, - struct ipq *ipq, struct label *ipqlabel) +stub_update_ipq(struct mbuf *m, struct label *mlabel, struct ipq *ipq, + struct label *ipqlabel) { } @@ -501,16 +498,15 @@ stub_inpcb_sosetlabel(struct socket *so, struct label *solabel, */ static void stub_execve_transition(struct ucred *old, struct ucred *new, - struct vnode *vp, struct label *vnodelabel, - struct label *interpvnodelabel, struct image_params *imgp, - struct label *execlabel) + struct vnode *vp, struct label *vplabel, struct label *interpvnodelabel, + struct image_params *imgp, struct label *execlabel) { } static int stub_execve_will_transition(struct ucred *old, struct vnode *vp, - struct label *vnodelabel, struct label *interpvnodelabel, + struct label *vplabel, struct label *interpvnodelabel, struct image_params *imgp, struct label *execlabel) { @@ -572,8 +568,8 @@ stub_cleanup_sysv_shm(struct label *shmlabel) * Access control checks. */ static int -stub_check_bpfdesc_receive(struct bpf_d *bpf_d, struct label *bpflabel, - struct ifnet *ifnet, struct label *ifnet_label) +stub_check_bpfdesc_receive(struct bpf_d *d, struct label *dlabel, + struct ifnet *ifp, struct label *ifplabel) { return (0); @@ -587,23 +583,23 @@ stub_check_cred_relabel(struct ucred *cred, struct label *newlabel) } static int -stub_check_cred_visible(struct ucred *u1, struct ucred *u2) +stub_check_cred_visible(struct ucred *cr1, struct ucred *cr2) { return (0); } static int -stub_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifnet, - struct label *ifnetlabel, struct label *newlabel) +stub_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifp, + struct label *ifplabel, struct label *newlabel) { return (0); } static int -stub_check_ifnet_transmit(struct ifnet *ifnet, struct label *ifnetlabel, - struct mbuf *m, struct label *mbuflabel) +stub_check_ifnet_transmit(struct ifnet *ifp, struct label *ifplabel, + struct mbuf *m, struct label *mlabel) { return (0); @@ -767,7 +763,7 @@ stub_check_kenv_unset(struct ucred *cred, char *name) static int stub_check_kld_load(struct ucred *cred, struct vnode *vp, - struct label *vlabel) + struct label *vplabel) { return (0); @@ -782,7 +778,7 @@ stub_check_kld_stat(struct ucred *cred) static int stub_check_mount_stat(struct ucred *cred, struct mount *mp, - struct label *mntlabel) + struct label *mplabel) { return (0); @@ -790,7 +786,7 @@ stub_check_mount_stat(struct ucred *cred, struct mount *mp, static int stub_check_pipe_ioctl(struct ucred *cred, struct pipepair *pp, - struct label *pipelabel, unsigned long cmd, void /* caddr_t */ *data) + struct label *pplabel, unsigned long cmd, void /* caddr_t */ *data) { return (0); @@ -798,7 +794,7 @@ stub_check_pipe_ioctl(struct ucred *cred, struct pipepair *pp, static int stub_check_pipe_poll(struct ucred *cred, struct pipepair *pp, - struct label *pipelabel) + struct label *pplabel) { return (0); @@ -806,7 +802,7 @@ stub_check_pipe_poll(struct ucred *cred, struct pipepair *pp, static int stub_check_pipe_read(struct ucred *cred, struct pipepair *pp, - struct label *pipelabel) + struct label *pplabel) { return (0); @@ -814,7 +810,7 @@ stub_check_pipe_read(struct ucred *cred, struct pipepair *pp, static int stub_check_pipe_relabel(struct ucred *cred, struct pipepair *pp, - struct label *pipelabel, struct label *newlabel) + struct label *pplabel, struct label *newlabel) { return (0); @@ -822,7 +818,7 @@ stub_check_pipe_relabel(struct ucred *cred, struct pipepair *pp, static int stub_check_pipe_stat(struct ucred *cred, struct pipepair *pp, - struct label *pipelabel) + struct label *pplabel) { return (0); @@ -830,7 +826,7 @@ stub_check_pipe_stat(struct ucred *cred, struct pipepair *pp, static int stub_check_pipe_write(struct ucred *cred, struct pipepair *pp, - struct label *pipelabel) + struct label *pplabel) { return (0); @@ -885,28 +881,28 @@ stub_check_posix_sem_wait(struct ucred *cred, struct ksem *ksemptr, } static int -stub_check_proc_debug(struct ucred *cred, struct proc *proc) +stub_check_proc_debug(struct ucred *cred, struct proc *p) { return (0); } static int -stub_check_proc_sched(struct ucred *cred, struct proc *proc) +stub_check_proc_sched(struct ucred *cred, struct proc *p) { return (0); } static int -stub_check_proc_signal(struct ucred *cred, struct proc *proc, int signum) +stub_check_proc_signal(struct ucred *cred, struct proc *p, int signum) { return (0); } static int -stub_check_proc_wait(struct ucred *cred, struct proc *proc) +stub_check_proc_wait(struct ucred *cred, struct proc *p) { return (0); @@ -993,40 +989,39 @@ stub_check_proc_setresgid(struct ucred *cred, gid_t rgid, gid_t egid, } static int -stub_check_socket_accept(struct ucred *cred, struct socket *socket, - struct label *socketlabel) +stub_check_socket_accept(struct ucred *cred, struct socket *so, + struct label *solabel) { return (0); } static int -stub_check_socket_bind(struct ucred *cred, struct socket *socket, - struct label *socketlabel, struct sockaddr *sockaddr) +stub_check_socket_bind(struct ucred *cred, struct socket *so, + struct label *solabel, struct sockaddr *sa) { return (0); } static int -stub_check_socket_connect(struct ucred *cred, struct socket *socket, - struct label *socketlabel, struct sockaddr *sockaddr) +stub_check_socket_connect(struct ucred *cred, struct socket *so, + struct label *solabel, struct sockaddr *sa) { return (0); } static int -stub_check_socket_create(struct ucred *cred, int domain, int type, - int protocol) +stub_check_socket_create(struct ucred *cred, int domain, int type, int proto) { return (0); } static int -stub_check_socket_deliver(struct socket *so, struct label *socketlabel, - struct mbuf *m, struct label *mbuflabel) +stub_check_socket_deliver(struct socket *so, struct label *solabel, + struct mbuf *m, struct label *mlabel) { return (0); @@ -1034,7 +1029,7 @@ stub_check_socket_deliver(struct socket *so, struct label *socketlabel, static int stub_check_socket_listen(struct ucred *cred, struct socket *so, - struct label *socketlabel) + struct label *solabel) { return (0); @@ -1042,7 +1037,7 @@ stub_check_socket_listen(struct ucred *cred, struct socket *so, static int stub_check_socket_poll(struct ucred *cred, struct socket *so, - struct label *socketlabel) + struct label *solabel) { return (0); @@ -1050,22 +1045,22 @@ stub_check_socket_poll(struct ucred *cred, struct socket *so, static int stub_check_socket_receive(struct ucred *cred, struct socket *so, - struct label *socketlabel) + struct label *solabel) { return (0); } static int -stub_check_socket_relabel(struct ucred *cred, struct socket *socket, - struct label *socketlabel, struct label *newlabel) +stub_check_socket_relabel(struct ucred *cred, struct socket *so, + struct label *solabel, struct label *newlabel) { return (0); } static int stub_check_socket_send(struct ucred *cred, struct socket *so, - struct label *socketlabel) + struct label *solabel) { return (0); @@ -1073,15 +1068,15 @@ stub_check_socket_send(struct ucred *cred, struct socket *so, static int stub_check_socket_stat(struct ucred *cred, struct socket *so, - struct label *socketlabel) + struct label *solabel) { return (0); } static int -stub_check_socket_visible(struct ucred *cred, struct socket *socket, - struct label *socketlabel) +stub_check_socket_visible(struct ucred *cred, struct socket *so, + struct label *solabel) { return (0); @@ -1089,7 +1084,7 @@ stub_check_socket_visible(struct ucred *cred, struct socket *socket, static int stub_check_system_acct(struct ucred *cred, struct vnode *vp, - struct label *vlabel) + struct label *vplabel) { return (0); @@ -1104,7 +1099,7 @@ stub_check_system_audit(struct ucred *cred, void *record, int length) static int stub_check_system_auditctl(struct ucred *cred, struct vnode *vp, - struct label *vlabel) + struct label *vplabel) { return (0); @@ -1126,7 +1121,7 @@ stub_check_system_reboot(struct ucred *cred, int how) static int stub_check_system_swapoff(struct ucred *cred, struct vnode *vp, - struct label *label) + struct label *vplabel) { return (0); @@ -1134,7 +1129,7 @@ stub_check_system_swapoff(struct ucred *cred, struct vnode *vp, static int stub_check_system_swapon(struct ucred *cred, struct vnode *vp, - struct label *label) + struct label *vplabel) { return (0); @@ -1150,7 +1145,7 @@ stub_check_system_sysctl(struct ucred *cred, struct sysctl_oid *oidp, static int stub_check_vnode_access(struct ucred *cred, struct vnode *vp, - struct label *label, int acc_mode) + struct label *vplabel, int acc_mode) { return (0); @@ -1158,7 +1153,7 @@ stub_check_vnode_access(struct ucred *cred, struct vnode *vp, static int stub_check_vnode_chdir(struct ucred *cred, struct vnode *dvp, - struct label *dlabel) + struct label *dvplabel) { return (0); @@ -1166,7 +1161,7 @@ stub_check_vnode_chdir(struct ucred *cred, struct vnode *dvp, static int stub_check_vnode_chroot(struct ucred *cred, struct vnode *dvp, - struct label *dlabel) + struct label *dvplabel) { return (0); @@ -1174,7 +1169,7 @@ stub_check_vnode_chroot(struct ucred *cred, struct vnode *dvp, static int stub_check_vnode_create(struct ucred *cred, struct vnode *dvp, - struct label *dlabel, struct componentname *cnp, struct vattr *vap) + struct label *dvplabel, struct componentname *cnp, struct vattr *vap) { return (0); @@ -1182,7 +1177,7 @@ stub_check_vnode_create(struct ucred *cred, struct vnode *dvp, static int stub_check_vnode_delete(struct ucred *cred, struct vnode *dvp, - struct label *dlabel, struct vnode *vp, struct label *label, + struct label *dvplabel, struct vnode *vp, struct label *vplabel, struct componentname *cnp) { @@ -1191,7 +1186,7 @@ stub_check_vnode_delete(struct ucred *cred, struct vnode *dvp, static int stub_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, - struct label *label, acl_type_t type) + struct label *vplabel, acl_type_t type) { return (0); @@ -1199,7 +1194,7 @@ stub_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, static int stub_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp, - struct label *label, int attrnamespace, const char *name) + struct label *vplabel, int attrnamespace, const char *name) { return (0); @@ -1207,7 +1202,7 @@ stub_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp, static int stub_check_vnode_exec(struct ucred *cred, struct vnode *vp, - struct label *label, struct image_params *imgp, + struct label *vplabel, struct image_params *imgp, struct label *execlabel) { @@ -1216,7 +1211,7 @@ stub_check_vnode_exec(struct ucred *cred, struct vnode *vp, static int stub_check_vnode_getacl(struct ucred *cred, struct vnode *vp, - struct label *label, acl_type_t type) + struct label *vplabel, acl_type_t type) { return (0); @@ -1224,7 +1219,8 @@ stub_check_vnode_getacl(struct ucred *cred, struct vnode *vp, static int stub_check_vnode_getextattr(struct ucred *cred, struct vnode *vp, - struct label *label, int attrnamespace, const char *name, struct uio *uio) + struct label *vplabel, int attrnamespace, const char *name, + struct uio *uio) { return (0); @@ -1232,7 +1228,7 @@ stub_check_vnode_getextattr(struct ucred *cred, struct vnode *vp, static int stub_check_vnode_link(struct ucred *cred, struct vnode *dvp, - struct label *dlabel, struct vnode *vp, struct label *label, + struct label *dvplabel, struct vnode *vp, struct label *vplabel, struct componentname *cnp) { @@ -1241,7 +1237,7 @@ stub_check_vnode_link(struct ucred *cred, struct vnode *dvp, static int stub_check_vnode_listextattr(struct ucred *cred, struct vnode *vp, - struct label *label, int attrnamespace) + struct label *vplabel, int attrnamespace) { return (0); @@ -1249,7 +1245,7 @@ stub_check_vnode_listextattr(struct ucred *cred, struct vnode *vp, static int stub_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, - struct label *dlabel, struct componentname *cnp) + struct label *dvplabel, struct componentname *cnp) { return (0); @@ -1257,22 +1253,22 @@ stub_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, static int stub_check_vnode_mmap(struct ucred *cred, struct vnode *vp, - struct label *label, int prot, int flags) + struct label *vplabel, int prot, int flags) { return (0); } static void -stub_check_vnode_mmap_downgrade(struct ucred *cred, - struct vnode *vp, struct label *label, int *prot) +stub_check_vnode_mmap_downgrade(struct ucred *cred, struct vnode *vp, + struct label *vplabel, int *prot) { } static int -stub_check_vnode_mprotect(struct ucred *cred, - struct vnode *vp, struct label *label, int prot) +stub_check_vnode_mprotect(struct ucred *cred, struct vnode *vp, + struct label *vplabel, int prot) { return (0); @@ -1280,7 +1276,7 @@ stub_check_vnode_mprotect(struct ucred *cred, static int stub_check_vnode_open(struct ucred *cred, struct vnode *vp, - struct label *filelabel, int acc_mode) + struct label *vplabel, int acc_mode) { return (0); @@ -1288,7 +1284,7 @@ stub_check_vnode_open(struct ucred *cred, struct vnode *vp, static int stub_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred, - struct vnode *vp, struct label *label) + struct vnode *vp, struct label *vplabel) { return (0); @@ -1296,7 +1292,7 @@ stub_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred, static int stub_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred, - struct vnode *vp, struct label *label) + struct vnode *vp, struct label *vplabel) { return (0); @@ -1304,7 +1300,7 @@ stub_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred, static int stub_check_vnode_readdir(struct ucred *cred, struct vnode *vp, - struct label *dlabel) + struct label *dvplabel) { return (0); @@ -1312,7 +1308,7 @@ stub_check_vnode_readdir(struct ucred *cred, struct vnode *vp, static int stub_check_vnode_readlink(struct ucred *cred, struct vnode *vp, - struct label *vnodelabel) + struct label *vplabel) { return (0); @@ -1320,7 +1316,7 @@ stub_check_vnode_readlink(struct ucred *cred, struct vnode *vp, static int stub_check_vnode_relabel(struct ucred *cred, struct vnode *vp, - struct label *vnodelabel, struct label *newlabel) + struct label *vplabel, struct label *newlabel) { return (0); @@ -1328,7 +1324,7 @@ stub_check_vnode_relabel(struct ucred *cred, struct vnode *vp, static int stub_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp, - struct label *dlabel, struct vnode *vp, struct label *label, + struct label *dvplabel, struct vnode *vp, struct label *vplabel, struct componentname *cnp) { @@ -1337,8 +1333,8 @@ stub_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp, static int stub_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp, - struct label *dlabel, struct vnode *vp, struct label *label, int samedir, - struct componentname *cnp) + struct label *dvplabel, struct vnode *vp, struct label *vplabel, + int samedir, struct componentname *cnp) { return (0); @@ -1346,7 +1342,7 @@ stub_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp, static int stub_check_vnode_revoke(struct ucred *cred, struct vnode *vp, - struct label *label) + struct label *vplabel) { return (0); @@ -1354,7 +1350,7 @@ stub_check_vnode_revoke(struct ucred *cred, struct vnode *vp, static int stub_check_vnode_setacl(struct ucred *cred, struct vnode *vp, - struct label *label, acl_type_t type, struct acl *acl) + struct label *vplabel, acl_type_t type, struct acl *acl) { return (0); @@ -1362,7 +1358,8 @@ stub_check_vnode_setacl(struct ucred *cred, struct vnode *vp, static int stub_check_vnode_setextattr(struct ucred *cred, struct vnode *vp, - struct label *label, int attrnamespace, const char *name, struct uio *uio) + struct label *vplabel, int attrnamespace, const char *name, + struct uio *uio) { return (0); @@ -1370,7 +1367,7 @@ stub_check_vnode_setextattr(struct ucred *cred, struct vnode *vp, static int stub_check_vnode_setflags(struct ucred *cred, struct vnode *vp, - struct label *label, u_long flags) + struct label *vplabel, u_long flags) { return (0); @@ -1378,7 +1375,7 @@ stub_check_vnode_setflags(struct ucred *cred, struct vnode *vp, static int stub_check_vnode_setmode(struct ucred *cred, struct vnode *vp, - struct label *label, mode_t mode) + struct label *vplabel, mode_t mode) { return (0); @@ -1386,7 +1383,7 @@ stub_check_vnode_setmode(struct ucred *cred, struct vnode *vp, static int stub_check_vnode_setowner(struct ucred *cred, struct vnode *vp, - struct label *label, uid_t uid, gid_t gid) + struct label *vplabel, uid_t uid, gid_t gid) { return (0); @@ -1394,7 +1391,7 @@ stub_check_vnode_setowner(struct ucred *cred, struct vnode *vp, static int stub_check_vnode_setutimes(struct ucred *cred, struct vnode *vp, - struct label *label, struct timespec atime, struct timespec mtime) + struct label *vplabel, struct timespec atime, struct timespec mtime) { return (0); @@ -1402,15 +1399,15 @@ stub_check_vnode_setutimes(struct ucred *cred, struct vnode *vp, static int stub_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred, - struct vnode *vp, struct label *label) + struct vnode *vp, struct label *vplabel) { return (0); } static int -stub_check_vnode_write(struct ucred *active_cred, - struct ucred *file_cred, struct vnode *vp, struct label *label) +stub_check_vnode_write(struct ucred *active_cred, struct ucred *file_cred, + struct vnode *vp, struct label *vplabel) { return (0); diff --git a/sys/security/mac_test/mac_test.c b/sys/security/mac_test/mac_test.c index c5493ff..54f76d1 100644 --- a/sys/security/mac_test/mac_test.c +++ b/sys/security/mac_test/mac_test.c @@ -594,25 +594,25 @@ mac_test_internalize_label(struct label *label, char *element_name, */ COUNTER_DECL(associate_vnode_devfs); static void -mac_test_associate_vnode_devfs(struct mount *mp, struct label *mntlabel, +mac_test_associate_vnode_devfs(struct mount *mp, struct label *mplabel, struct devfs_dirent *de, struct label *delabel, struct vnode *vp, - struct label *vlabel) + struct label *vplabel) { - LABEL_CHECK(mntlabel, MAGIC_MOUNT); + LABEL_CHECK(mplabel, MAGIC_MOUNT); LABEL_CHECK(delabel, MAGIC_DEVFS); - LABEL_CHECK(vlabel, MAGIC_VNODE); + LABEL_CHECK(vplabel, MAGIC_VNODE); COUNTER_INC(associate_vnode_devfs); } COUNTER_DECL(associate_vnode_extattr); static int -mac_test_associate_vnode_extattr(struct mount *mp, struct label *mntlabel, - struct vnode *vp, struct label *vlabel) +mac_test_associate_vnode_extattr(struct mount *mp, struct label *mplabel, + struct vnode *vp, struct label *vplabel) { - LABEL_CHECK(mntlabel, MAGIC_MOUNT); - LABEL_CHECK(vlabel, MAGIC_VNODE); + LABEL_CHECK(mplabel, MAGIC_MOUNT); + LABEL_CHECK(vplabel, MAGIC_VNODE); COUNTER_INC(associate_vnode_extattr); return (0); @@ -620,34 +620,34 @@ mac_test_associate_vnode_extattr(struct mount *mp, struct label *mntlabel, COUNTER_DECL(associate_vnode_singlelabel); static void -mac_test_associate_vnode_singlelabel(struct mount *mp, - struct label *mntlabel, struct vnode *vp, struct label *vlabel) +mac_test_associate_vnode_singlelabel(struct mount *mp, struct label *mplabel, + struct vnode *vp, struct label *vplabel) { - LABEL_CHECK(mntlabel, MAGIC_MOUNT); - LABEL_CHECK(vlabel, MAGIC_VNODE); + LABEL_CHECK(mplabel, MAGIC_MOUNT); + LABEL_CHECK(vplabel, MAGIC_VNODE); COUNTER_INC(associate_vnode_singlelabel); } COUNTER_DECL(create_devfs_device); static void mac_test_create_devfs_device(struct ucred *cred, struct mount *mp, - struct cdev *dev, struct devfs_dirent *devfs_dirent, struct label *label) + struct cdev *dev, struct devfs_dirent *de, struct label *delabel) { if (cred != NULL) LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(label, MAGIC_DEVFS); + LABEL_CHECK(delabel, MAGIC_DEVFS); COUNTER_INC(create_devfs_device); } COUNTER_DECL(create_devfs_directory); static void mac_test_create_devfs_directory(struct mount *mp, char *dirname, - int dirnamelen, struct devfs_dirent *devfs_dirent, struct label *label) + int dirnamelen, struct devfs_dirent *de, struct label *delabel) { - LABEL_CHECK(label, MAGIC_DEVFS); + LABEL_CHECK(delabel, MAGIC_DEVFS); COUNTER_INC(create_devfs_directory); } @@ -667,13 +667,13 @@ mac_test_create_devfs_symlink(struct ucred *cred, struct mount *mp, COUNTER_DECL(create_vnode_extattr); static int mac_test_create_vnode_extattr(struct ucred *cred, struct mount *mp, - struct label *mntlabel, struct vnode *dvp, struct label *dlabel, - struct vnode *vp, struct label *vlabel, struct componentname *cnp) + struct label *mplabel, struct vnode *dvp, struct label *dvplabel, + struct vnode *vp, struct label *vplabel, struct componentname *cnp) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(mntlabel, MAGIC_MOUNT); - LABEL_CHECK(dlabel, MAGIC_VNODE); + LABEL_CHECK(mplabel, MAGIC_MOUNT); + LABEL_CHECK(dvplabel, MAGIC_VNODE); COUNTER_INC(create_vnode_extattr); return (0); @@ -682,22 +682,22 @@ mac_test_create_vnode_extattr(struct ucred *cred, struct mount *mp, COUNTER_DECL(create_mount); static void mac_test_create_mount(struct ucred *cred, struct mount *mp, - struct label *mntlabel) + struct label *mplabel) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(mntlabel, MAGIC_MOUNT); + LABEL_CHECK(mplabel, MAGIC_MOUNT); COUNTER_INC(create_mount); } COUNTER_DECL(relabel_vnode); static void mac_test_relabel_vnode(struct ucred *cred, struct vnode *vp, - struct label *vnodelabel, struct label *label) + struct label *vplabel, struct label *label) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(vnodelabel, MAGIC_VNODE); + LABEL_CHECK(vplabel, MAGIC_VNODE); LABEL_CHECK(label, MAGIC_VNODE); COUNTER_INC(relabel_vnode); } @@ -705,11 +705,11 @@ mac_test_relabel_vnode(struct ucred *cred, struct vnode *vp, COUNTER_DECL(setlabel_vnode_extattr); static int mac_test_setlabel_vnode_extattr(struct ucred *cred, struct vnode *vp, - struct label *vlabel, struct label *intlabel) + struct label *vplabel, struct label *intlabel) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(vlabel, MAGIC_VNODE); + LABEL_CHECK(vplabel, MAGIC_VNODE); LABEL_CHECK(intlabel, MAGIC_VNODE); COUNTER_INC(setlabel_vnode_extattr); @@ -720,11 +720,11 @@ COUNTER_DECL(update_devfsdirent); static void mac_test_update_devfsdirent(struct mount *mp, struct devfs_dirent *devfs_dirent, struct label *direntlabel, - struct vnode *vp, struct label *vnodelabel) + struct vnode *vp, struct label *vplabel) { LABEL_CHECK(direntlabel, MAGIC_DEVFS); - LABEL_CHECK(vnodelabel, MAGIC_VNODE); + LABEL_CHECK(vplabel, MAGIC_VNODE); COUNTER_INC(update_devfsdirent); } @@ -1082,14 +1082,14 @@ COUNTER_DECL(execve_transition); static void mac_test_execve_transition(struct ucred *old, struct ucred *new, struct vnode *vp, struct label *filelabel, - struct label *interpvnodelabel, struct image_params *imgp, + struct label *interpvplabel, struct image_params *imgp, struct label *execlabel) { LABEL_CHECK(old->cr_label, MAGIC_CRED); LABEL_CHECK(new->cr_label, MAGIC_CRED); LABEL_CHECK(filelabel, MAGIC_VNODE); - LABEL_CHECK(interpvnodelabel, MAGIC_VNODE); + LABEL_CHECK(interpvplabel, MAGIC_VNODE); LABEL_CHECK(execlabel, MAGIC_CRED); COUNTER_INC(execve_transition); } @@ -1097,13 +1097,13 @@ mac_test_execve_transition(struct ucred *old, struct ucred *new, COUNTER_DECL(execve_will_transition); static int mac_test_execve_will_transition(struct ucred *old, struct vnode *vp, - struct label *filelabel, struct label *interpvnodelabel, + struct label *filelabel, struct label *interpvplabel, struct image_params *imgp, struct label *execlabel) { LABEL_CHECK(old->cr_label, MAGIC_CRED); LABEL_CHECK(filelabel, MAGIC_VNODE); - LABEL_CHECK(interpvnodelabel, MAGIC_VNODE); + LABEL_CHECK(interpvplabel, MAGIC_VNODE); LABEL_CHECK(execlabel, MAGIC_CRED); COUNTER_INC(execve_will_transition); @@ -1520,11 +1520,11 @@ mac_test_check_kld_stat(struct ucred *cred) COUNTER_DECL(check_mount_stat); static int mac_test_check_mount_stat(struct ucred *cred, struct mount *mp, - struct label *mntlabel) + struct label *mplabel) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(mntlabel, MAGIC_MOUNT); + LABEL_CHECK(mplabel, MAGIC_MOUNT); COUNTER_INC(check_mount_stat); return (0); @@ -1624,11 +1624,11 @@ mac_test_check_posix_sem(struct ucred *cred, struct ksem *ksemptr, COUNTER_DECL(check_proc_debug); static int -mac_test_check_proc_debug(struct ucred *cred, struct proc *proc) +mac_test_check_proc_debug(struct ucred *cred, struct proc *p) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(proc->p_ucred->cr_label, MAGIC_CRED); + LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); COUNTER_INC(check_proc_debug); return (0); @@ -1636,11 +1636,11 @@ mac_test_check_proc_debug(struct ucred *cred, struct proc *proc) COUNTER_DECL(check_proc_sched); static int -mac_test_check_proc_sched(struct ucred *cred, struct proc *proc) +mac_test_check_proc_sched(struct ucred *cred, struct proc *p) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(proc->p_ucred->cr_label, MAGIC_CRED); + LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); COUNTER_INC(check_proc_sched); return (0); @@ -1648,11 +1648,11 @@ mac_test_check_proc_sched(struct ucred *cred, struct proc *proc) COUNTER_DECL(check_proc_signal); static int -mac_test_check_proc_signal(struct ucred *cred, struct proc *proc, int signum) +mac_test_check_proc_signal(struct ucred *cred, struct proc *p, int signum) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(proc->p_ucred->cr_label, MAGIC_CRED); + LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); COUNTER_INC(check_proc_signal); return (0); @@ -1784,11 +1784,11 @@ mac_test_check_proc_setresgid(struct ucred *cred, gid_t rgid, gid_t egid, COUNTER_DECL(check_proc_wait); static int -mac_test_check_proc_wait(struct ucred *cred, struct proc *proc) +mac_test_check_proc_wait(struct ucred *cred, struct proc *p) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(proc->p_ucred->cr_label, MAGIC_CRED); + LABEL_CHECK(p->p_ucred->cr_label, MAGIC_CRED); COUNTER_INC(check_proc_wait); return (0); @@ -1796,12 +1796,12 @@ mac_test_check_proc_wait(struct ucred *cred, struct proc *proc) COUNTER_DECL(check_socket_accept); static int -mac_test_check_socket_accept(struct ucred *cred, struct socket *socket, - struct label *socketlabel) +mac_test_check_socket_accept(struct ucred *cred, struct socket *so, + struct label *solabel) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(socketlabel, MAGIC_SOCKET); + LABEL_CHECK(solabel, MAGIC_SOCKET); COUNTER_INC(check_socket_accept); return (0); @@ -1809,12 +1809,12 @@ mac_test_check_socket_accept(struct ucred *cred, struct socket *socket, COUNTER_DECL(check_socket_bind); static int -mac_test_check_socket_bind(struct ucred *cred, struct socket *socket, - struct label *socketlabel, struct sockaddr *sockaddr) +mac_test_check_socket_bind(struct ucred *cred, struct socket *so, + struct label *solabel, struct sockaddr *sa) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(socketlabel, MAGIC_SOCKET); + LABEL_CHECK(solabel, MAGIC_SOCKET); COUNTER_INC(check_socket_bind); return (0); @@ -1822,12 +1822,12 @@ mac_test_check_socket_bind(struct ucred *cred, struct socket *socket, COUNTER_DECL(check_socket_connect); static int -mac_test_check_socket_connect(struct ucred *cred, struct socket *socket, - struct label *socketlabel, struct sockaddr *sockaddr) +mac_test_check_socket_connect(struct ucred *cred, struct socket *so, + struct label *solabel, struct sockaddr *sa) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(socketlabel, MAGIC_SOCKET); + LABEL_CHECK(solabel, MAGIC_SOCKET); COUNTER_INC(check_socket_connect); return (0); @@ -1835,12 +1835,12 @@ mac_test_check_socket_connect(struct ucred *cred, struct socket *socket, COUNTER_DECL(check_socket_deliver); static int -mac_test_check_socket_deliver(struct socket *socket, struct label *socketlabel, - struct mbuf *m, struct label *mbuflabel) +mac_test_check_socket_deliver(struct socket *so, struct label *solabel, + struct mbuf *m, struct label *mlabel) { - LABEL_CHECK(socketlabel, MAGIC_SOCKET); - LABEL_CHECK(mbuflabel, MAGIC_MBUF); + LABEL_CHECK(solabel, MAGIC_SOCKET); + LABEL_CHECK(mlabel, MAGIC_MBUF); COUNTER_INC(check_socket_deliver); return (0); @@ -1848,12 +1848,12 @@ mac_test_check_socket_deliver(struct socket *socket, struct label *socketlabel, COUNTER_DECL(check_socket_listen); static int -mac_test_check_socket_listen(struct ucred *cred, struct socket *socket, - struct label *socketlabel) +mac_test_check_socket_listen(struct ucred *cred, struct socket *so, + struct label *solabel) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(socketlabel, MAGIC_SOCKET); + LABEL_CHECK(solabel, MAGIC_SOCKET); COUNTER_INC(check_socket_listen); return (0); @@ -1861,12 +1861,12 @@ mac_test_check_socket_listen(struct ucred *cred, struct socket *socket, COUNTER_DECL(check_socket_poll); static int -mac_test_check_socket_poll(struct ucred *cred, struct socket *socket, - struct label *socketlabel) +mac_test_check_socket_poll(struct ucred *cred, struct socket *so, + struct label *solabel) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(socketlabel, MAGIC_SOCKET); + LABEL_CHECK(solabel, MAGIC_SOCKET); COUNTER_INC(check_socket_poll); return (0); @@ -1874,12 +1874,12 @@ mac_test_check_socket_poll(struct ucred *cred, struct socket *socket, COUNTER_DECL(check_socket_receive); static int -mac_test_check_socket_receive(struct ucred *cred, struct socket *socket, - struct label *socketlabel) +mac_test_check_socket_receive(struct ucred *cred, struct socket *so, + struct label *solabel) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(socketlabel, MAGIC_SOCKET); + LABEL_CHECK(solabel, MAGIC_SOCKET); COUNTER_INC(check_socket_receive); return (0); @@ -1887,12 +1887,12 @@ mac_test_check_socket_receive(struct ucred *cred, struct socket *socket, COUNTER_DECL(check_socket_relabel); static int -mac_test_check_socket_relabel(struct ucred *cred, struct socket *socket, - struct label *socketlabel, struct label *newlabel) +mac_test_check_socket_relabel(struct ucred *cred, struct socket *so, + struct label *solabel, struct label *newlabel) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(socketlabel, MAGIC_SOCKET); + LABEL_CHECK(solabel, MAGIC_SOCKET); LABEL_CHECK(newlabel, MAGIC_SOCKET); COUNTER_INC(check_socket_relabel); @@ -1901,12 +1901,12 @@ mac_test_check_socket_relabel(struct ucred *cred, struct socket *socket, COUNTER_DECL(check_socket_send); static int -mac_test_check_socket_send(struct ucred *cred, struct socket *socket, - struct label *socketlabel) +mac_test_check_socket_send(struct ucred *cred, struct socket *so, + struct label *solabel) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(socketlabel, MAGIC_SOCKET); + LABEL_CHECK(solabel, MAGIC_SOCKET); COUNTER_INC(check_socket_send); return (0); @@ -1914,12 +1914,12 @@ mac_test_check_socket_send(struct ucred *cred, struct socket *socket, COUNTER_DECL(check_socket_stat); static int -mac_test_check_socket_stat(struct ucred *cred, struct socket *socket, - struct label *socketlabel) +mac_test_check_socket_stat(struct ucred *cred, struct socket *so, + struct label *solabel) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(socketlabel, MAGIC_SOCKET); + LABEL_CHECK(solabel, MAGIC_SOCKET); COUNTER_INC(check_socket_stat); return (0); @@ -1927,12 +1927,12 @@ mac_test_check_socket_stat(struct ucred *cred, struct socket *socket, COUNTER_DECL(check_socket_visible); static int -mac_test_check_socket_visible(struct ucred *cred, struct socket *socket, - struct label *socketlabel) +mac_test_check_socket_visible(struct ucred *cred, struct socket *so, + struct label *solabel) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(socketlabel, MAGIC_SOCKET); + LABEL_CHECK(solabel, MAGIC_SOCKET); COUNTER_INC(check_socket_visible); return (0); @@ -1941,11 +1941,11 @@ mac_test_check_socket_visible(struct ucred *cred, struct socket *socket, COUNTER_DECL(check_system_acct); static int mac_test_check_system_acct(struct ucred *cred, struct vnode *vp, - struct label *label) + struct label *vplabel) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(label, MAGIC_VNODE); + LABEL_CHECK(vplabel, MAGIC_VNODE); COUNTER_INC(check_system_acct); return (0); @@ -1965,11 +1965,11 @@ mac_test_check_system_audit(struct ucred *cred, void *record, int length) COUNTER_DECL(check_system_auditctl); static int mac_test_check_system_auditctl(struct ucred *cred, struct vnode *vp, - struct label *label) + struct label *vplabel) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(label, MAGIC_VNODE); + LABEL_CHECK(vplabel, MAGIC_VNODE); COUNTER_INC(check_system_auditctl); return (0); @@ -2000,11 +2000,11 @@ mac_test_check_system_reboot(struct ucred *cred, int how) COUNTER_DECL(check_system_swapoff); static int mac_test_check_system_swapoff(struct ucred *cred, struct vnode *vp, - struct label *label) + struct label *vplabel) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(label, MAGIC_VNODE); + LABEL_CHECK(vplabel, MAGIC_VNODE); COUNTER_INC(check_system_swapoff); return (0); @@ -2013,11 +2013,11 @@ mac_test_check_system_swapoff(struct ucred *cred, struct vnode *vp, COUNTER_DECL(check_system_swapon); static int mac_test_check_system_swapon(struct ucred *cred, struct vnode *vp, - struct label *label) + struct label *vplabel) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(label, MAGIC_VNODE); + LABEL_CHECK(vplabel, MAGIC_VNODE); COUNTER_INC(check_system_swapon); return (0); @@ -2038,11 +2038,11 @@ mac_test_check_system_sysctl(struct ucred *cred, struct sysctl_oid *oidp, COUNTER_DECL(check_vnode_access); static int mac_test_check_vnode_access(struct ucred *cred, struct vnode *vp, - struct label *label, int acc_mode) + struct label *vplabel, int acc_mode) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(label, MAGIC_VNODE); + LABEL_CHECK(vplabel, MAGIC_VNODE); COUNTER_INC(check_vnode_access); return (0); @@ -2051,11 +2051,11 @@ mac_test_check_vnode_access(struct ucred *cred, struct vnode *vp, COUNTER_DECL(check_vnode_chdir); static int mac_test_check_vnode_chdir(struct ucred *cred, struct vnode *dvp, - struct label *dlabel) + struct label *dvplabel) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(dlabel, MAGIC_VNODE); + LABEL_CHECK(dvplabel, MAGIC_VNODE); COUNTER_INC(check_vnode_chdir); return (0); @@ -2064,11 +2064,11 @@ mac_test_check_vnode_chdir(struct ucred *cred, struct vnode *dvp, COUNTER_DECL(check_vnode_chroot); static int mac_test_check_vnode_chroot(struct ucred *cred, struct vnode *dvp, - struct label *dlabel) + struct label *dvplabel) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(dlabel, MAGIC_VNODE); + LABEL_CHECK(dvplabel, MAGIC_VNODE); COUNTER_INC(check_vnode_chroot); return (0); @@ -2077,11 +2077,11 @@ mac_test_check_vnode_chroot(struct ucred *cred, struct vnode *dvp, COUNTER_DECL(check_vnode_create); static int mac_test_check_vnode_create(struct ucred *cred, struct vnode *dvp, - struct label *dlabel, struct componentname *cnp, struct vattr *vap) + struct label *dvplabel, struct componentname *cnp, struct vattr *vap) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(dlabel, MAGIC_VNODE); + LABEL_CHECK(dvplabel, MAGIC_VNODE); COUNTER_INC(check_vnode_create); return (0); @@ -2090,13 +2090,13 @@ mac_test_check_vnode_create(struct ucred *cred, struct vnode *dvp, COUNTER_DECL(check_vnode_delete); static int mac_test_check_vnode_delete(struct ucred *cred, struct vnode *dvp, - struct label *dlabel, struct vnode *vp, struct label *label, + struct label *dvplabel, struct vnode *vp, struct label *vplabel, struct componentname *cnp) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(dlabel, MAGIC_VNODE); - LABEL_CHECK(label, MAGIC_VNODE); + LABEL_CHECK(dvplabel, MAGIC_VNODE); + LABEL_CHECK(vplabel, MAGIC_VNODE); COUNTER_INC(check_vnode_delete); return (0); @@ -2105,11 +2105,11 @@ mac_test_check_vnode_delete(struct ucred *cred, struct vnode *dvp, COUNTER_DECL(check_vnode_deleteacl); static int mac_test_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, - struct label *label, acl_type_t type) + struct label *vplabel, acl_type_t type) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(label, MAGIC_VNODE); + LABEL_CHECK(vplabel, MAGIC_VNODE); COUNTER_INC(check_vnode_deleteacl); return (0); @@ -2118,11 +2118,11 @@ mac_test_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, COUNTER_DECL(check_vnode_deleteextattr); static int mac_test_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp, - struct label *label, int attrnamespace, const char *name) + struct label *vplabel, int attrnamespace, const char *name) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(label, MAGIC_VNODE); + LABEL_CHECK(vplabel, MAGIC_VNODE); COUNTER_INC(check_vnode_deleteextattr); return (0); @@ -2131,12 +2131,12 @@ mac_test_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp, COUNTER_DECL(check_vnode_exec); static int mac_test_check_vnode_exec(struct ucred *cred, struct vnode *vp, - struct label *label, struct image_params *imgp, + struct label *vplabel, struct image_params *imgp, struct label *execlabel) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(label, MAGIC_VNODE); + LABEL_CHECK(vplabel, MAGIC_VNODE); LABEL_CHECK(execlabel, MAGIC_CRED); COUNTER_INC(check_vnode_exec); @@ -2146,11 +2146,11 @@ mac_test_check_vnode_exec(struct ucred *cred, struct vnode *vp, COUNTER_DECL(check_vnode_getacl); static int mac_test_check_vnode_getacl(struct ucred *cred, struct vnode *vp, - struct label *label, acl_type_t type) + struct label *vplabel, acl_type_t type) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(label, MAGIC_VNODE); + LABEL_CHECK(vplabel, MAGIC_VNODE); COUNTER_INC(check_vnode_getacl); return (0); @@ -2159,11 +2159,12 @@ mac_test_check_vnode_getacl(struct ucred *cred, struct vnode *vp, COUNTER_DECL(check_vnode_getextattr); static int mac_test_check_vnode_getextattr(struct ucred *cred, struct vnode *vp, - struct label *label, int attrnamespace, const char *name, struct uio *uio) + struct label *vplabel, int attrnamespace, const char *name, + struct uio *uio) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(label, MAGIC_VNODE); + LABEL_CHECK(vplabel, MAGIC_VNODE); COUNTER_INC(check_vnode_getextattr); return (0); @@ -2172,13 +2173,13 @@ mac_test_check_vnode_getextattr(struct ucred *cred, struct vnode *vp, COUNTER_DECL(check_vnode_link); static int mac_test_check_vnode_link(struct ucred *cred, struct vnode *dvp, - struct label *dlabel, struct vnode *vp, struct label *label, + struct label *dvplabel, struct vnode *vp, struct label *vplabel, struct componentname *cnp) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(dlabel, MAGIC_VNODE); - LABEL_CHECK(label, MAGIC_VNODE); + LABEL_CHECK(dvplabel, MAGIC_VNODE); + LABEL_CHECK(vplabel, MAGIC_VNODE); COUNTER_INC(check_vnode_link); return (0); @@ -2187,11 +2188,11 @@ mac_test_check_vnode_link(struct ucred *cred, struct vnode *dvp, COUNTER_DECL(check_vnode_listextattr); static int mac_test_check_vnode_listextattr(struct ucred *cred, struct vnode *vp, - struct label *label, int attrnamespace) + struct label *vplabel, int attrnamespace) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(label, MAGIC_VNODE); + LABEL_CHECK(vplabel, MAGIC_VNODE); COUNTER_INC(check_vnode_listextattr); return (0); @@ -2200,11 +2201,11 @@ mac_test_check_vnode_listextattr(struct ucred *cred, struct vnode *vp, COUNTER_DECL(check_vnode_lookup); static int mac_test_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, - struct label *dlabel, struct componentname *cnp) + struct label *dvplabel, struct componentname *cnp) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(dlabel, MAGIC_VNODE); + LABEL_CHECK(dvplabel, MAGIC_VNODE); COUNTER_INC(check_vnode_lookup); return (0); @@ -2213,11 +2214,11 @@ mac_test_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, COUNTER_DECL(check_vnode_mmap); static int mac_test_check_vnode_mmap(struct ucred *cred, struct vnode *vp, - struct label *label, int prot, int flags) + struct label *vplabel, int prot, int flags) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(label, MAGIC_VNODE); + LABEL_CHECK(vplabel, MAGIC_VNODE); COUNTER_INC(check_vnode_mmap); return (0); @@ -2226,11 +2227,11 @@ mac_test_check_vnode_mmap(struct ucred *cred, struct vnode *vp, COUNTER_DECL(check_vnode_open); static int mac_test_check_vnode_open(struct ucred *cred, struct vnode *vp, - struct label *filelabel, int acc_mode) + struct label *vplabel, int acc_mode) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(filelabel, MAGIC_VNODE); + LABEL_CHECK(vplabel, MAGIC_VNODE); COUNTER_INC(check_vnode_open); return (0); @@ -2239,13 +2240,13 @@ mac_test_check_vnode_open(struct ucred *cred, struct vnode *vp, COUNTER_DECL(check_vnode_poll); static int mac_test_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred, - struct vnode *vp, struct label *label) + struct vnode *vp, struct label *vplabel) { LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); if (file_cred != NULL) LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); - LABEL_CHECK(label, MAGIC_VNODE); + LABEL_CHECK(vplabel, MAGIC_VNODE); COUNTER_INC(check_vnode_poll); return (0); @@ -2254,13 +2255,13 @@ mac_test_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred, COUNTER_DECL(check_vnode_read); static int mac_test_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred, - struct vnode *vp, struct label *label) + struct vnode *vp, struct label *vplabel) { LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); if (file_cred != NULL) LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); - LABEL_CHECK(label, MAGIC_VNODE); + LABEL_CHECK(vplabel, MAGIC_VNODE); COUNTER_INC(check_vnode_read); return (0); @@ -2269,11 +2270,11 @@ mac_test_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred, COUNTER_DECL(check_vnode_readdir); static int mac_test_check_vnode_readdir(struct ucred *cred, struct vnode *dvp, - struct label *dlabel) + struct label *dvplabel) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(dlabel, MAGIC_VNODE); + LABEL_CHECK(dvplabel, MAGIC_VNODE); COUNTER_INC(check_vnode_readdir); return (0); @@ -2282,11 +2283,11 @@ mac_test_check_vnode_readdir(struct ucred *cred, struct vnode *dvp, COUNTER_DECL(check_vnode_readlink); static int mac_test_check_vnode_readlink(struct ucred *cred, struct vnode *vp, - struct label *vnodelabel) + struct label *vplabel) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(vnodelabel, MAGIC_VNODE); + LABEL_CHECK(vplabel, MAGIC_VNODE); COUNTER_INC(check_vnode_readlink); return (0); @@ -2295,11 +2296,11 @@ mac_test_check_vnode_readlink(struct ucred *cred, struct vnode *vp, COUNTER_DECL(check_vnode_relabel); static int mac_test_check_vnode_relabel(struct ucred *cred, struct vnode *vp, - struct label *vnodelabel, struct label *newlabel) + struct label *vplabel, struct label *newlabel) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(vnodelabel, MAGIC_VNODE); + LABEL_CHECK(vplabel, MAGIC_VNODE); LABEL_CHECK(newlabel, MAGIC_VNODE); COUNTER_INC(check_vnode_relabel); @@ -2309,13 +2310,13 @@ mac_test_check_vnode_relabel(struct ucred *cred, struct vnode *vp, COUNTER_DECL(check_vnode_rename_from); static int mac_test_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp, - struct label *dlabel, struct vnode *vp, struct label *label, + struct label *dvplabel, struct vnode *vp, struct label *vplabel, struct componentname *cnp) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(dlabel, MAGIC_VNODE); - LABEL_CHECK(label, MAGIC_VNODE); + LABEL_CHECK(dvplabel, MAGIC_VNODE); + LABEL_CHECK(vplabel, MAGIC_VNODE); COUNTER_INC(check_vnode_rename_from); return (0); @@ -2324,13 +2325,13 @@ mac_test_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp, COUNTER_DECL(check_vnode_rename_to); static int mac_test_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp, - struct label *dlabel, struct vnode *vp, struct label *label, int samedir, - struct componentname *cnp) + struct label *dvplabel, struct vnode *vp, struct label *vplabel, + int samedir, struct componentname *cnp) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(dlabel, MAGIC_VNODE); - LABEL_CHECK(label, MAGIC_VNODE); + LABEL_CHECK(dvplabel, MAGIC_VNODE); + LABEL_CHECK(vplabel, MAGIC_VNODE); COUNTER_INC(check_vnode_rename_to); return (0); @@ -2339,11 +2340,11 @@ mac_test_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp, COUNTER_DECL(check_vnode_revoke); static int mac_test_check_vnode_revoke(struct ucred *cred, struct vnode *vp, - struct label *label) + struct label *vplabel) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(label, MAGIC_VNODE); + LABEL_CHECK(vplabel, MAGIC_VNODE); COUNTER_INC(check_vnode_revoke); return (0); @@ -2352,11 +2353,11 @@ mac_test_check_vnode_revoke(struct ucred *cred, struct vnode *vp, COUNTER_DECL(check_vnode_setacl); static int mac_test_check_vnode_setacl(struct ucred *cred, struct vnode *vp, - struct label *label, acl_type_t type, struct acl *acl) + struct label *vplabel, acl_type_t type, struct acl *acl) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(label, MAGIC_VNODE); + LABEL_CHECK(vplabel, MAGIC_VNODE); COUNTER_INC(check_vnode_setacl); return (0); @@ -2365,11 +2366,12 @@ mac_test_check_vnode_setacl(struct ucred *cred, struct vnode *vp, COUNTER_DECL(check_vnode_setextattr); static int mac_test_check_vnode_setextattr(struct ucred *cred, struct vnode *vp, - struct label *label, int attrnamespace, const char *name, struct uio *uio) + struct label *vplabel, int attrnamespace, const char *name, + struct uio *uio) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(label, MAGIC_VNODE); + LABEL_CHECK(vplabel, MAGIC_VNODE); COUNTER_INC(check_vnode_setextattr); return (0); @@ -2378,11 +2380,11 @@ mac_test_check_vnode_setextattr(struct ucred *cred, struct vnode *vp, COUNTER_DECL(check_vnode_setflags); static int mac_test_check_vnode_setflags(struct ucred *cred, struct vnode *vp, - struct label *label, u_long flags) + struct label *vplabel, u_long flags) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(label, MAGIC_VNODE); + LABEL_CHECK(vplabel, MAGIC_VNODE); COUNTER_INC(check_vnode_setflags); return (0); @@ -2391,11 +2393,11 @@ mac_test_check_vnode_setflags(struct ucred *cred, struct vnode *vp, COUNTER_DECL(check_vnode_setmode); static int mac_test_check_vnode_setmode(struct ucred *cred, struct vnode *vp, - struct label *label, mode_t mode) + struct label *vplabel, mode_t mode) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(label, MAGIC_VNODE); + LABEL_CHECK(vplabel, MAGIC_VNODE); COUNTER_INC(check_vnode_setmode); return (0); @@ -2404,11 +2406,11 @@ mac_test_check_vnode_setmode(struct ucred *cred, struct vnode *vp, COUNTER_DECL(check_vnode_setowner); static int mac_test_check_vnode_setowner(struct ucred *cred, struct vnode *vp, - struct label *label, uid_t uid, gid_t gid) + struct label *vplabel, uid_t uid, gid_t gid) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(label, MAGIC_VNODE); + LABEL_CHECK(vplabel, MAGIC_VNODE); COUNTER_INC(check_vnode_setowner); return (0); @@ -2417,11 +2419,11 @@ mac_test_check_vnode_setowner(struct ucred *cred, struct vnode *vp, COUNTER_DECL(check_vnode_setutimes); static int mac_test_check_vnode_setutimes(struct ucred *cred, struct vnode *vp, - struct label *label, struct timespec atime, struct timespec mtime) + struct label *vplabel, struct timespec atime, struct timespec mtime) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(label, MAGIC_VNODE); + LABEL_CHECK(vplabel, MAGIC_VNODE); COUNTER_INC(check_vnode_setutimes); return (0); @@ -2430,13 +2432,13 @@ mac_test_check_vnode_setutimes(struct ucred *cred, struct vnode *vp, COUNTER_DECL(check_vnode_stat); static int mac_test_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred, - struct vnode *vp, struct label *label) + struct vnode *vp, struct label *vplabel) { LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); if (file_cred != NULL) LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); - LABEL_CHECK(label, MAGIC_VNODE); + LABEL_CHECK(vplabel, MAGIC_VNODE); COUNTER_INC(check_vnode_stat); return (0); @@ -2445,13 +2447,13 @@ mac_test_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred, COUNTER_DECL(check_vnode_write); static int mac_test_check_vnode_write(struct ucred *active_cred, - struct ucred *file_cred, struct vnode *vp, struct label *label) + struct ucred *file_cred, struct vnode *vp, struct label *vplabel) { LABEL_CHECK(active_cred->cr_label, MAGIC_CRED); if (file_cred != NULL) LABEL_CHECK(file_cred->cr_label, MAGIC_CRED); - LABEL_CHECK(label, MAGIC_VNODE); + LABEL_CHECK(vplabel, MAGIC_VNODE); COUNTER_INC(check_vnode_write); return (0); |