diff options
| -rw-r--r-- | sys/netinet/raw_ip.c | 4 | ||||
| -rw-r--r-- | sys/netinet/tcp_input.c | 2 | ||||
| -rw-r--r-- | sys/netinet/tcp_reass.c | 2 | ||||
| -rw-r--r-- | sys/netinet/udp_usrreq.c | 4 | ||||
| -rw-r--r-- | sys/security/mac/mac_framework.h | 2 | ||||
| -rw-r--r-- | sys/security/mac/mac_policy.h | 8 | ||||
| -rw-r--r-- | sys/security/mac_biba/mac_biba.c | 6 | ||||
| -rw-r--r-- | sys/security/mac_ifoff/mac_ifoff.c | 6 | ||||
| -rw-r--r-- | sys/security/mac_mls/mac_mls.c | 6 | ||||
| -rw-r--r-- | sys/security/mac_none/mac_none.c | 12 | ||||
| -rw-r--r-- | sys/security/mac_stub/mac_stub.c | 12 | ||||
| -rw-r--r-- | sys/security/mac_test/mac_test.c | 12 | ||||
| -rw-r--r-- | sys/sys/mac.h | 2 | ||||
| -rw-r--r-- | sys/sys/mac_policy.h | 8 |
14 files changed, 43 insertions, 43 deletions
diff --git a/sys/netinet/raw_ip.c b/sys/netinet/raw_ip.c index 99d3264..76cdeb6 100644 --- a/sys/netinet/raw_ip.c +++ b/sys/netinet/raw_ip.c @@ -159,7 +159,7 @@ rip_input(m, off) #endif /*IPSEC*/ #ifdef MAC if (policyfail == 0 && - mac_check_socket_receive(last->inp_socket, + mac_check_socket_deliver(last->inp_socket, n) != 0) policyfail = 1; #endif @@ -196,7 +196,7 @@ rip_input(m, off) } #endif /*IPSEC*/ #ifdef MAC - if (mac_check_socket_receive(last->inp_socket, m) != 0) { + if (mac_check_socket_deliver(last->inp_socket, m) != 0) { m_freem(m); ipstat.ips_delivered--; return; diff --git a/sys/netinet/tcp_input.c b/sys/netinet/tcp_input.c index 446fe9f..531efcf 100644 --- a/sys/netinet/tcp_input.c +++ b/sys/netinet/tcp_input.c @@ -657,7 +657,7 @@ findpcb: so = inp->inp_socket; #ifdef MAC - error = mac_check_socket_receive(so, m); + error = mac_check_socket_deliver(so, m); if (error) goto drop; #endif diff --git a/sys/netinet/tcp_reass.c b/sys/netinet/tcp_reass.c index 446fe9f..531efcf 100644 --- a/sys/netinet/tcp_reass.c +++ b/sys/netinet/tcp_reass.c @@ -657,7 +657,7 @@ findpcb: so = inp->inp_socket; #ifdef MAC - error = mac_check_socket_receive(so, m); + error = mac_check_socket_deliver(so, m); if (error) goto drop; #endif diff --git a/sys/netinet/udp_usrreq.c b/sys/netinet/udp_usrreq.c index cc7a59c..1580d74 100644 --- a/sys/netinet/udp_usrreq.c +++ b/sys/netinet/udp_usrreq.c @@ -320,7 +320,7 @@ udp_input(m, off) } #endif /*IPSEC*/ #ifdef MAC - if (mac_check_socket_receive(last->inp_socket, + if (mac_check_socket_deliver(last->inp_socket, m) != 0) policyfail = 1; #endif @@ -406,7 +406,7 @@ udp_input(m, off) } #endif /*IPSEC*/ #ifdef MAC - error = mac_check_socket_receive(inp->inp_socket, m); + error = mac_check_socket_deliver(inp->inp_socket, m); if (error) goto bad; #endif diff --git a/sys/security/mac/mac_framework.h b/sys/security/mac/mac_framework.h index feb1aea..d80387c 100644 --- a/sys/security/mac/mac_framework.h +++ b/sys/security/mac/mac_framework.h @@ -318,8 +318,8 @@ int mac_check_socket_bind(struct ucred *cred, struct socket *so, struct sockaddr *sockaddr); int mac_check_socket_connect(struct ucred *cred, struct socket *so, struct sockaddr *sockaddr); +int mac_check_socket_deliver(struct socket *so, struct mbuf *m); int mac_check_socket_listen(struct ucred *cred, struct socket *so); -int mac_check_socket_receive(struct socket *so, struct mbuf *m); int mac_check_socket_visible(struct ucred *cred, struct socket *so); int mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int flags); diff --git a/sys/security/mac/mac_policy.h b/sys/security/mac/mac_policy.h index 7d279aa..5463fa9 100644 --- a/sys/security/mac/mac_policy.h +++ b/sys/security/mac/mac_policy.h @@ -250,11 +250,11 @@ struct mac_policy_ops { int (*mpo_check_socket_connect)(struct ucred *cred, struct socket *so, struct label *socketlabel, struct sockaddr *sockaddr); - int (*mpo_check_socket_listen)(struct ucred *cred, - struct socket *so, struct label *socketlabel); - int (*mpo_check_socket_receive)(struct socket *so, + int (*mpo_check_socket_deliver)(struct socket *so, struct label *socketlabel, struct mbuf *m, struct label *mbuflabel); + int (*mpo_check_socket_listen)(struct ucred *cred, + struct socket *so, struct label *socketlabel); int (*mpo_check_socket_relabel)(struct ucred *cred, struct socket *so, struct label *socketlabel, struct label *newlabel); @@ -411,9 +411,9 @@ enum mac_op_constant { MAC_CHECK_PROC_SIGNAL, MAC_CHECK_SOCKET_BIND, MAC_CHECK_SOCKET_CONNECT, + MAC_CHECK_SOCKET_DELIVER, MAC_CHECK_SOCKET_LISTEN, MAC_CHECK_SOCKET_RELABEL, - MAC_CHECK_SOCKET_RECEIVE, MAC_CHECK_SOCKET_VISIBLE, MAC_CHECK_VNODE_ACCESS, MAC_CHECK_VNODE_CHDIR, diff --git a/sys/security/mac_biba/mac_biba.c b/sys/security/mac_biba/mac_biba.c index a7620b3..83c82e4 100644 --- a/sys/security/mac_biba/mac_biba.c +++ b/sys/security/mac_biba/mac_biba.c @@ -1424,7 +1424,7 @@ mac_biba_check_proc_signal(struct ucred *cred, struct proc *proc, int signum) } static int -mac_biba_check_socket_receive(struct socket *so, struct label *socketlabel, +mac_biba_check_socket_deliver(struct socket *so, struct label *socketlabel, struct mbuf *m, struct label *mbuflabel) { struct mac_biba *p, *s; @@ -2161,8 +2161,8 @@ static struct mac_policy_op_entry mac_biba_ops[] = (macop_t)mac_biba_check_proc_sched }, { MAC_CHECK_PROC_SIGNAL, (macop_t)mac_biba_check_proc_signal }, - { MAC_CHECK_SOCKET_RECEIVE, - (macop_t)mac_biba_check_socket_receive }, + { MAC_CHECK_SOCKET_DELIVER, + (macop_t)mac_biba_check_socket_deliver }, { MAC_CHECK_SOCKET_RELABEL, (macop_t)mac_biba_check_socket_relabel }, { MAC_CHECK_SOCKET_VISIBLE, diff --git a/sys/security/mac_ifoff/mac_ifoff.c b/sys/security/mac_ifoff/mac_ifoff.c index b43bb1a..8aea44a 100644 --- a/sys/security/mac_ifoff/mac_ifoff.c +++ b/sys/security/mac_ifoff/mac_ifoff.c @@ -146,7 +146,7 @@ mac_ifoff_check_ifnet_transmit(struct ifnet *ifnet, struct label *ifnetlabel, } static int -mac_ifoff_check_socket_receive(struct socket *so, struct label *socketlabel, +mac_ifoff_check_socket_deliver(struct socket *so, struct label *socketlabel, struct mbuf *m, struct label *mbuflabel) { @@ -164,8 +164,8 @@ static struct mac_policy_op_entry mac_ifoff_ops[] = (macop_t)mac_ifoff_check_bpfdesc_receive }, { MAC_CHECK_IFNET_TRANSMIT, (macop_t)mac_ifoff_check_ifnet_transmit }, - { MAC_CHECK_SOCKET_RECEIVE, - (macop_t)mac_ifoff_check_socket_receive }, + { MAC_CHECK_SOCKET_DELIVER, + (macop_t)mac_ifoff_check_socket_deliver }, { MAC_OP_LAST, NULL } }; diff --git a/sys/security/mac_mls/mac_mls.c b/sys/security/mac_mls/mac_mls.c index a4b1e1f..958bda9 100644 --- a/sys/security/mac_mls/mac_mls.c +++ b/sys/security/mac_mls/mac_mls.c @@ -1371,7 +1371,7 @@ mac_mls_check_proc_signal(struct ucred *cred, struct proc *proc, int signum) } static int -mac_mls_check_socket_receive(struct socket *so, struct label *socketlabel, +mac_mls_check_socket_deliver(struct socket *so, struct label *socketlabel, struct mbuf *m, struct label *mbuflabel) { struct mac_mls *p, *s; @@ -2112,8 +2112,8 @@ static struct mac_policy_op_entry mac_mls_ops[] = (macop_t)mac_mls_check_proc_sched }, { MAC_CHECK_PROC_SIGNAL, (macop_t)mac_mls_check_proc_signal }, - { MAC_CHECK_SOCKET_RECEIVE, - (macop_t)mac_mls_check_socket_receive }, + { MAC_CHECK_SOCKET_DELIVER, + (macop_t)mac_mls_check_socket_deliver }, { MAC_CHECK_SOCKET_RELABEL, (macop_t)mac_mls_check_socket_relabel }, { MAC_CHECK_SOCKET_VISIBLE, diff --git a/sys/security/mac_none/mac_none.c b/sys/security/mac_none/mac_none.c index 8174c2a..b1f154e 100644 --- a/sys/security/mac_none/mac_none.c +++ b/sys/security/mac_none/mac_none.c @@ -654,16 +654,16 @@ mac_none_check_socket_connect(struct ucred *cred, struct socket *socket, } static int -mac_none_check_socket_listen(struct ucred *cred, struct vnode *vp, - struct label *socketlabel) +mac_none_check_socket_deliver(struct socket *so, struct label *socketlabel, + struct mbuf *m, struct label *mbuflabel) { return (0); } static int -mac_none_check_socket_receive(struct socket *so, struct label *socketlabel, - struct mbuf *m, struct label *mbuflabel) +mac_none_check_socket_listen(struct ucred *cred, struct vnode *vp, + struct label *socketlabel) { return (0); @@ -1042,10 +1042,10 @@ static struct mac_policy_op_entry mac_none_ops[] = (macop_t)mac_none_check_socket_bind }, { MAC_CHECK_SOCKET_CONNECT, (macop_t)mac_none_check_socket_connect }, + { MAC_CHECK_SOCKET_DELIVER, + (macop_t)mac_none_check_socket_deliver }, { MAC_CHECK_SOCKET_LISTEN, (macop_t)mac_none_check_socket_listen }, - { MAC_CHECK_SOCKET_RECEIVE, - (macop_t)mac_none_check_socket_receive }, { MAC_CHECK_SOCKET_RELABEL, (macop_t)mac_none_check_socket_relabel }, { MAC_CHECK_SOCKET_VISIBLE, diff --git a/sys/security/mac_stub/mac_stub.c b/sys/security/mac_stub/mac_stub.c index 8174c2a..b1f154e 100644 --- a/sys/security/mac_stub/mac_stub.c +++ b/sys/security/mac_stub/mac_stub.c @@ -654,16 +654,16 @@ mac_none_check_socket_connect(struct ucred *cred, struct socket *socket, } static int -mac_none_check_socket_listen(struct ucred *cred, struct vnode *vp, - struct label *socketlabel) +mac_none_check_socket_deliver(struct socket *so, struct label *socketlabel, + struct mbuf *m, struct label *mbuflabel) { return (0); } static int -mac_none_check_socket_receive(struct socket *so, struct label *socketlabel, - struct mbuf *m, struct label *mbuflabel) +mac_none_check_socket_listen(struct ucred *cred, struct vnode *vp, + struct label *socketlabel) { return (0); @@ -1042,10 +1042,10 @@ static struct mac_policy_op_entry mac_none_ops[] = (macop_t)mac_none_check_socket_bind }, { MAC_CHECK_SOCKET_CONNECT, (macop_t)mac_none_check_socket_connect }, + { MAC_CHECK_SOCKET_DELIVER, + (macop_t)mac_none_check_socket_deliver }, { MAC_CHECK_SOCKET_LISTEN, (macop_t)mac_none_check_socket_listen }, - { MAC_CHECK_SOCKET_RECEIVE, - (macop_t)mac_none_check_socket_receive }, { MAC_CHECK_SOCKET_RELABEL, (macop_t)mac_none_check_socket_relabel }, { MAC_CHECK_SOCKET_VISIBLE, diff --git a/sys/security/mac_test/mac_test.c b/sys/security/mac_test/mac_test.c index c3050d2..2e0d3ca 100644 --- a/sys/security/mac_test/mac_test.c +++ b/sys/security/mac_test/mac_test.c @@ -862,16 +862,16 @@ mac_test_check_socket_connect(struct ucred *cred, struct socket *socket, } static int -mac_test_check_socket_listen(struct ucred *cred, struct socket *socket, - struct label *socketlabel, struct sockaddr *sockaddr) +mac_test_check_socket_deliver(struct socket *socket, struct label *socketlabel, + struct mbuf *m, struct label *mbuflabel) { return (0); } static int -mac_test_check_socket_receive(struct socket *socket, struct label *socketlabel, - struct mbuf *m, struct label *mbuflabel) +mac_test_check_socket_listen(struct ucred *cred, struct socket *socket, + struct label *socketlabel, struct sockaddr *sockaddr) { return (0); @@ -1248,10 +1248,10 @@ static struct mac_policy_op_entry mac_test_ops[] = (macop_t)mac_test_check_socket_bind }, { MAC_CHECK_SOCKET_CONNECT, (macop_t)mac_test_check_socket_connect }, + { MAC_CHECK_SOCKET_DELIVER, + (macop_t)mac_test_check_socket_deliver }, { MAC_CHECK_SOCKET_LISTEN, (macop_t)mac_test_check_socket_listen }, - { MAC_CHECK_SOCKET_RECEIVE, - (macop_t)mac_test_check_socket_receive }, { MAC_CHECK_SOCKET_RELABEL, (macop_t)mac_test_check_socket_relabel }, { MAC_CHECK_SOCKET_VISIBLE, diff --git a/sys/sys/mac.h b/sys/sys/mac.h index feb1aea..d80387c 100644 --- a/sys/sys/mac.h +++ b/sys/sys/mac.h @@ -318,8 +318,8 @@ int mac_check_socket_bind(struct ucred *cred, struct socket *so, struct sockaddr *sockaddr); int mac_check_socket_connect(struct ucred *cred, struct socket *so, struct sockaddr *sockaddr); +int mac_check_socket_deliver(struct socket *so, struct mbuf *m); int mac_check_socket_listen(struct ucred *cred, struct socket *so); -int mac_check_socket_receive(struct socket *so, struct mbuf *m); int mac_check_socket_visible(struct ucred *cred, struct socket *so); int mac_check_vnode_access(struct ucred *cred, struct vnode *vp, int flags); diff --git a/sys/sys/mac_policy.h b/sys/sys/mac_policy.h index 7d279aa..5463fa9 100644 --- a/sys/sys/mac_policy.h +++ b/sys/sys/mac_policy.h @@ -250,11 +250,11 @@ struct mac_policy_ops { int (*mpo_check_socket_connect)(struct ucred *cred, struct socket *so, struct label *socketlabel, struct sockaddr *sockaddr); - int (*mpo_check_socket_listen)(struct ucred *cred, - struct socket *so, struct label *socketlabel); - int (*mpo_check_socket_receive)(struct socket *so, + int (*mpo_check_socket_deliver)(struct socket *so, struct label *socketlabel, struct mbuf *m, struct label *mbuflabel); + int (*mpo_check_socket_listen)(struct ucred *cred, + struct socket *so, struct label *socketlabel); int (*mpo_check_socket_relabel)(struct ucred *cred, struct socket *so, struct label *socketlabel, struct label *newlabel); @@ -411,9 +411,9 @@ enum mac_op_constant { MAC_CHECK_PROC_SIGNAL, MAC_CHECK_SOCKET_BIND, MAC_CHECK_SOCKET_CONNECT, + MAC_CHECK_SOCKET_DELIVER, MAC_CHECK_SOCKET_LISTEN, MAC_CHECK_SOCKET_RELABEL, - MAC_CHECK_SOCKET_RECEIVE, MAC_CHECK_SOCKET_VISIBLE, MAC_CHECK_VNODE_ACCESS, MAC_CHECK_VNODE_CHDIR, |
