diff options
-rw-r--r-- | sys/security/mac/mac_framework.h | 14 | ||||
-rw-r--r-- | sys/security/mac/mac_policy.h | 14 | ||||
-rw-r--r-- | sys/security/mac/mac_posix_sem.c | 39 | ||||
-rw-r--r-- | sys/security/mac_biba/mac_biba.c | 18 | ||||
-rw-r--r-- | sys/security/mac_mls/mac_mls.c | 18 | ||||
-rw-r--r-- | sys/security/mac_stub/mac_stub.c | 28 | ||||
-rw-r--r-- | sys/security/mac_test/mac_test.c | 12 |
7 files changed, 71 insertions, 72 deletions
diff --git a/sys/security/mac/mac_framework.h b/sys/security/mac/mac_framework.h index 56fbe33..d9ede98 100644 --- a/sys/security/mac/mac_framework.h +++ b/sys/security/mac/mac_framework.h @@ -183,7 +183,7 @@ void mac_create_sysv_shm(struct ucred *cred, /* * Labeling event operations: POSIX (global/inter-process) semaphores. */ -void mac_create_posix_sem(struct ucred *cred, struct ksem *ksemptr); +void mac_create_posix_sem(struct ucred *cred, struct ksem *ks); /* * Labeling event operations: network objects. @@ -289,12 +289,12 @@ int mac_check_pipe_poll(struct ucred *cred, struct pipepair *pp); int mac_check_pipe_read(struct ucred *cred, struct pipepair *pp); int mac_check_pipe_stat(struct ucred *cred, struct pipepair *pp); int mac_check_pipe_write(struct ucred *cred, struct pipepair *pp); -int mac_check_posix_sem_destroy(struct ucred *cred, struct ksem *ksemptr); -int mac_check_posix_sem_getvalue(struct ucred *cred,struct ksem *ksemptr); -int mac_check_posix_sem_open(struct ucred *cred, struct ksem *ksemptr); -int mac_check_posix_sem_post(struct ucred *cred, struct ksem *ksemptr); -int mac_check_posix_sem_unlink(struct ucred *cred, struct ksem *ksemptr); -int mac_check_posix_sem_wait(struct ucred *cred, struct ksem *ksemptr); +int mac_check_posix_sem_destroy(struct ucred *cred, struct ksem *ks); +int mac_check_posix_sem_getvalue(struct ucred *cred,struct ksem *ks); +int mac_check_posix_sem_open(struct ucred *cred, struct ksem *ks); +int mac_check_posix_sem_post(struct ucred *cred, struct ksem *ks); +int mac_check_posix_sem_unlink(struct ucred *cred, struct ksem *ks); +int mac_check_posix_sem_wait(struct ucred *cred, struct ksem *ks); int mac_check_proc_debug(struct ucred *cred, struct proc *p); int mac_check_proc_sched(struct ucred *cred, struct proc *p); int mac_check_proc_setaudit(struct ucred *cred, struct auditinfo *ai); diff --git a/sys/security/mac/mac_policy.h b/sys/security/mac/mac_policy.h index dfcb987..c16fbb5 100644 --- a/sys/security/mac/mac_policy.h +++ b/sys/security/mac/mac_policy.h @@ -273,7 +273,7 @@ typedef void (*mpo_create_sysv_shm_t)(struct ucred *cred, * Labeling event operations: POSIX (global/inter-process) semaphores. */ typedef void (*mpo_create_posix_sem_t)(struct ucred *cred, - struct ksem *ksemptr, struct label *ks_label); + struct ksem *ks, struct label *kslabel); /* * Labeling event operations: network objects. @@ -434,17 +434,17 @@ typedef int (*mpo_check_pipe_stat_t)(struct ucred *cred, typedef int (*mpo_check_pipe_write_t)(struct ucred *cred, struct pipepair *pp, struct label *pplabel); typedef int (*mpo_check_posix_sem_destroy_t)(struct ucred *cred, - struct ksem *ksemptr, struct label *ks_label); + struct ksem *ks, struct label *kslabel); typedef int (*mpo_check_posix_sem_getvalue_t)(struct ucred *cred, - struct ksem *ksemptr, struct label *ks_label); + struct ksem *ks, struct label *kslabel); typedef int (*mpo_check_posix_sem_open_t)(struct ucred *cred, - struct ksem *ksemptr, struct label *ks_label); + struct ksem *ks, struct label *kslabel); typedef int (*mpo_check_posix_sem_post_t)(struct ucred *cred, - struct ksem *ksemptr, struct label *ks_label); + struct ksem *ks, struct label *kslabel); typedef int (*mpo_check_posix_sem_unlink_t)(struct ucred *cred, - struct ksem *ksemptr, struct label *ks_label); + struct ksem *ks, struct label *kslabel); typedef int (*mpo_check_posix_sem_wait_t)(struct ucred *cred, - struct ksem *ksemptr, struct label *ks_label); + struct ksem *ks, struct label *kslabel); typedef int (*mpo_check_proc_debug_t)(struct ucred *cred, struct proc *p); typedef int (*mpo_check_proc_sched_t)(struct ucred *cred, diff --git a/sys/security/mac/mac_posix_sem.c b/sys/security/mac/mac_posix_sem.c index a00a30e..103eab2 100644 --- a/sys/security/mac/mac_posix_sem.c +++ b/sys/security/mac/mac_posix_sem.c @@ -58,10 +58,10 @@ mac_posix_sem_label_alloc(void) } void -mac_init_posix_sem(struct ksem *ksemptr) +mac_init_posix_sem(struct ksem *ks) { - ksemptr->ks_label = mac_posix_sem_label_alloc(); + ks->ks_label = mac_posix_sem_label_alloc(); } static void @@ -72,77 +72,76 @@ mac_posix_sem_label_free(struct label *label) } void -mac_destroy_posix_sem(struct ksem *ksemptr) +mac_destroy_posix_sem(struct ksem *ks) { - mac_posix_sem_label_free(ksemptr->ks_label); - ksemptr->ks_label = NULL; + mac_posix_sem_label_free(ks->ks_label); + ks->ks_label = NULL; } void -mac_create_posix_sem(struct ucred *cred, struct ksem *ksemptr) +mac_create_posix_sem(struct ucred *cred, struct ksem *ks) { - MAC_PERFORM(create_posix_sem, cred, ksemptr, ksemptr->ks_label); + MAC_PERFORM(create_posix_sem, cred, ks, ks->ks_label); } int -mac_check_posix_sem_destroy(struct ucred *cred, struct ksem *ksemptr) +mac_check_posix_sem_destroy(struct ucred *cred, struct ksem *ks) { int error; - MAC_CHECK(check_posix_sem_destroy, cred, ksemptr, ksemptr->ks_label); + MAC_CHECK(check_posix_sem_destroy, cred, ks, ks->ks_label); return (error); } int -mac_check_posix_sem_open(struct ucred *cred, struct ksem *ksemptr) +mac_check_posix_sem_open(struct ucred *cred, struct ksem *ks) { int error; - MAC_CHECK(check_posix_sem_open, cred, ksemptr, ksemptr->ks_label); + MAC_CHECK(check_posix_sem_open, cred, ks, ks->ks_label); return (error); } int -mac_check_posix_sem_getvalue(struct ucred *cred, struct ksem *ksemptr) +mac_check_posix_sem_getvalue(struct ucred *cred, struct ksem *ks) { int error; - MAC_CHECK(check_posix_sem_getvalue, cred, ksemptr, - ksemptr->ks_label); + MAC_CHECK(check_posix_sem_getvalue, cred, ks, ks->ks_label); return (error); } int -mac_check_posix_sem_post(struct ucred *cred, struct ksem *ksemptr) +mac_check_posix_sem_post(struct ucred *cred, struct ksem *ks) { int error; - MAC_CHECK(check_posix_sem_post, cred, ksemptr, ksemptr->ks_label); + MAC_CHECK(check_posix_sem_post, cred, ks, ks->ks_label); return (error); } int -mac_check_posix_sem_unlink(struct ucred *cred, struct ksem *ksemptr) +mac_check_posix_sem_unlink(struct ucred *cred, struct ksem *ks) { int error; - MAC_CHECK(check_posix_sem_unlink, cred, ksemptr, ksemptr->ks_label); + MAC_CHECK(check_posix_sem_unlink, cred, ks, ks->ks_label); return (error); } int -mac_check_posix_sem_wait(struct ucred *cred, struct ksem *ksemptr) +mac_check_posix_sem_wait(struct ucred *cred, struct ksem *ks) { int error; - MAC_CHECK(check_posix_sem_wait, cred, ksemptr, ksemptr->ks_label); + MAC_CHECK(check_posix_sem_wait, cred, ks, ks->ks_label); return (error); } diff --git a/sys/security/mac_biba/mac_biba.c b/sys/security/mac_biba/mac_biba.c index 7d56b6b..5a87aee 100644 --- a/sys/security/mac_biba/mac_biba.c +++ b/sys/security/mac_biba/mac_biba.c @@ -1024,13 +1024,13 @@ mac_biba_create_pipe(struct ucred *cred, struct pipepair *pp, } static void -mac_biba_create_posix_sem(struct ucred *cred, struct ksem *ksemptr, - struct label *ks_label) +mac_biba_create_posix_sem(struct ucred *cred, struct ksem *ks, + struct label *kslabel) { struct mac_biba *source, *dest; source = SLOT(cred->cr_label); - dest = SLOT(ks_label); + dest = SLOT(kslabel); mac_biba_copy_effective(source, dest); } @@ -2062,8 +2062,8 @@ mac_biba_check_pipe_write(struct ucred *cred, struct pipepair *pp, } static int -mac_biba_check_posix_sem_write(struct ucred *cred, struct ksem *ksemptr, - struct label *ks_label) +mac_biba_check_posix_sem_write(struct ucred *cred, struct ksem *ks, + struct label *kslabel) { struct mac_biba *subj, *obj; @@ -2071,7 +2071,7 @@ mac_biba_check_posix_sem_write(struct ucred *cred, struct ksem *ksemptr, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(ks_label); + obj = SLOT(kslabel); if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); @@ -2080,8 +2080,8 @@ mac_biba_check_posix_sem_write(struct ucred *cred, struct ksem *ksemptr, } static int -mac_biba_check_posix_sem_rdonly(struct ucred *cred, struct ksem *ksemptr, - struct label *ks_label) +mac_biba_check_posix_sem_rdonly(struct ucred *cred, struct ksem *ks, + struct label *kslabel) { struct mac_biba *subj, *obj; @@ -2089,7 +2089,7 @@ mac_biba_check_posix_sem_rdonly(struct ucred *cred, struct ksem *ksemptr, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(ks_label); + obj = SLOT(kslabel); if (!mac_biba_dominate_effective(obj, subj)) return (EACCES); diff --git a/sys/security/mac_mls/mac_mls.c b/sys/security/mac_mls/mac_mls.c index cc4e1ad..0a84ae1 100644 --- a/sys/security/mac_mls/mac_mls.c +++ b/sys/security/mac_mls/mac_mls.c @@ -989,13 +989,13 @@ mac_mls_create_pipe(struct ucred *cred, struct pipepair *pp, } static void -mac_mls_create_posix_sem(struct ucred *cred, struct ksem *ksemptr, - struct label *ks_label) +mac_mls_create_posix_sem(struct ucred *cred, struct ksem *ks, + struct label *kslabel) { struct mac_mls *source, *dest; source = SLOT(cred->cr_label); - dest = SLOT(ks_label); + dest = SLOT(kslabel); mac_mls_copy_effective(source, dest); } @@ -1981,8 +1981,8 @@ mac_mls_check_pipe_write(struct ucred *cred, struct pipepair *pp, } static int -mac_mls_check_posix_sem_write(struct ucred *cred, struct ksem *ksemptr, - struct label *ks_label) +mac_mls_check_posix_sem_write(struct ucred *cred, struct ksem *ks, + struct label *kslabel) { struct mac_mls *subj, *obj; @@ -1990,7 +1990,7 @@ mac_mls_check_posix_sem_write(struct ucred *cred, struct ksem *ksemptr, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(ks_label); + obj = SLOT(kslabel); if (!mac_mls_dominate_effective(obj, subj)) return (EACCES); @@ -1999,8 +1999,8 @@ mac_mls_check_posix_sem_write(struct ucred *cred, struct ksem *ksemptr, } static int -mac_mls_check_posix_sem_rdonly(struct ucred *cred, struct ksem *ksemptr, - struct label *ks_label) +mac_mls_check_posix_sem_rdonly(struct ucred *cred, struct ksem *ks, + struct label *kslabel) { struct mac_mls *subj, *obj; @@ -2008,7 +2008,7 @@ mac_mls_check_posix_sem_rdonly(struct ucred *cred, struct ksem *ksemptr, return (0); subj = SLOT(cred->cr_label); - obj = SLOT(ks_label); + obj = SLOT(kslabel); if (!mac_mls_dominate_effective(subj, obj)) return (EACCES); diff --git a/sys/security/mac_stub/mac_stub.c b/sys/security/mac_stub/mac_stub.c index 8c39999..8fa9a0d 100644 --- a/sys/security/mac_stub/mac_stub.c +++ b/sys/security/mac_stub/mac_stub.c @@ -276,8 +276,8 @@ stub_create_pipe(struct ucred *cred, struct pipepair *pp, } static void -stub_create_posix_sem(struct ucred *cred, struct ksem *ksemptr, - struct label *ks_label) +stub_create_posix_sem(struct ucred *cred, struct ksem *ks, + struct label *kslabel) { } @@ -833,48 +833,48 @@ stub_check_pipe_write(struct ucred *cred, struct pipepair *pp, } static int -stub_check_posix_sem_destroy(struct ucred *cred, struct ksem *ksemptr, - struct label *ks_label) +stub_check_posix_sem_destroy(struct ucred *cred, struct ksem *ks, + struct label *kslabel) { return (0); } static int -stub_check_posix_sem_getvalue(struct ucred *cred, struct ksem *ksemptr, - struct label *ks_label) +stub_check_posix_sem_getvalue(struct ucred *cred, struct ksem *ks, + struct label *kslabel) { return (0); } static int -stub_check_posix_sem_open(struct ucred *cred, struct ksem *ksemptr, - struct label *ks_label) +stub_check_posix_sem_open(struct ucred *cred, struct ksem *ks, + struct label *kslabel) { return (0); } static int -stub_check_posix_sem_post(struct ucred *cred, struct ksem *ksemptr, - struct label *ks_label) +stub_check_posix_sem_post(struct ucred *cred, struct ksem *ks, + struct label *kslabel) { return (0); } static int -stub_check_posix_sem_unlink(struct ucred *cred, struct ksem *ksemptr, - struct label *ks_label) +stub_check_posix_sem_unlink(struct ucred *cred, struct ksem *ks, + struct label *kslabel) { return (0); } static int -stub_check_posix_sem_wait(struct ucred *cred, struct ksem *ksemptr, - struct label *ks_label) +stub_check_posix_sem_wait(struct ucred *cred, struct ksem *ks, + struct label *kslabel) { return (0); diff --git a/sys/security/mac_test/mac_test.c b/sys/security/mac_test/mac_test.c index 14b67b6..4947cdc 100644 --- a/sys/security/mac_test/mac_test.c +++ b/sys/security/mac_test/mac_test.c @@ -765,12 +765,12 @@ mac_test_create_pipe(struct ucred *cred, struct pipepair *pp, COUNTER_DECL(create_posix_sem); static void -mac_test_create_posix_sem(struct ucred *cred, struct ksem *ksem, - struct label *posixlabel) +mac_test_create_posix_sem(struct ucred *cred, struct ksem *ks, + struct label *kslabel) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(posixlabel, MAGIC_POSIX_SEM); + LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); COUNTER_INC(create_posix_sem); } @@ -1610,12 +1610,12 @@ mac_test_check_pipe_write(struct ucred *cred, struct pipepair *pp, COUNTER_DECL(check_posix_sem); static int -mac_test_check_posix_sem(struct ucred *cred, struct ksem *ksemptr, - struct label *ks_label) +mac_test_check_posix_sem(struct ucred *cred, struct ksem *ks, + struct label *kslabel) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(ks_label, MAGIC_POSIX_SEM); + LABEL_CHECK(kslabel, MAGIC_POSIX_SEM); COUNTER_INC(check_posix_sem); return (0); |