summaryrefslogtreecommitdiffstats
path: root/sys/security/mac/mac_socket.c
diff options
context:
space:
mode:
Diffstat (limited to 'sys/security/mac/mac_socket.c')
-rw-r--r--sys/security/mac/mac_socket.c124
1 files changed, 62 insertions, 62 deletions
diff --git a/sys/security/mac/mac_socket.c b/sys/security/mac/mac_socket.c
index 07722ad..37dfa3f 100644
--- a/sys/security/mac/mac_socket.c
+++ b/sys/security/mac/mac_socket.c
@@ -2,7 +2,7 @@
* Copyright (c) 1999-2002 Robert N. M. Watson
* Copyright (c) 2001 Ilmar S. Habibulin
* Copyright (c) 2001-2005 Networks Associates Technology, Inc.
- * Copyright (c) 2005 SPARTA, Inc.
+ * Copyright (c) 2005-2006 SPARTA, Inc.
* All rights reserved.
*
* This software was developed by Robert Watson and Ilmar Habibulin for the
@@ -94,9 +94,9 @@ mac_socket_label_alloc(int flag)
if (label == NULL)
return (NULL);
- MAC_CHECK(init_socket_label, label, flag);
+ MAC_CHECK(socket_init_label, label, flag);
if (error) {
- MAC_PERFORM(destroy_socket_label, label);
+ MAC_PERFORM(socket_destroy_label, label);
mac_labelzone_free(label);
return (NULL);
}
@@ -104,7 +104,7 @@ mac_socket_label_alloc(int flag)
}
static struct label *
-mac_socket_peer_label_alloc(int flag)
+mac_socketpeer_label_alloc(int flag)
{
struct label *label;
int error;
@@ -113,9 +113,9 @@ mac_socket_peer_label_alloc(int flag)
if (label == NULL)
return (NULL);
- MAC_CHECK(init_socket_peer_label, label, flag);
+ MAC_CHECK(socketpeer_init_label, label, flag);
if (error) {
- MAC_PERFORM(destroy_socket_peer_label, label);
+ MAC_PERFORM(socketpeer_destroy_label, label);
mac_labelzone_free(label);
return (NULL);
}
@@ -123,13 +123,13 @@ mac_socket_peer_label_alloc(int flag)
}
int
-mac_init_socket(struct socket *so, int flag)
+mac_socket_init(struct socket *so, int flag)
{
so->so_label = mac_socket_label_alloc(flag);
if (so->so_label == NULL)
return (ENOMEM);
- so->so_peerlabel = mac_socket_peer_label_alloc(flag);
+ so->so_peerlabel = mac_socketpeer_label_alloc(flag);
if (so->so_peerlabel == NULL) {
mac_socket_label_free(so->so_label);
so->so_label = NULL;
@@ -142,37 +142,37 @@ void
mac_socket_label_free(struct label *label)
{
- MAC_PERFORM(destroy_socket_label, label);
+ MAC_PERFORM(socket_destroy_label, label);
mac_labelzone_free(label);
}
static void
-mac_socket_peer_label_free(struct label *label)
+mac_socketpeer_label_free(struct label *label)
{
- MAC_PERFORM(destroy_socket_peer_label, label);
+ MAC_PERFORM(socketpeer_destroy_label, label);
mac_labelzone_free(label);
}
void
-mac_destroy_socket(struct socket *so)
+mac_socket_destroy(struct socket *so)
{
mac_socket_label_free(so->so_label);
so->so_label = NULL;
- mac_socket_peer_label_free(so->so_peerlabel);
+ mac_socketpeer_label_free(so->so_peerlabel);
so->so_peerlabel = NULL;
}
void
-mac_copy_socket_label(struct label *src, struct label *dest)
+mac_socket_copy_label(struct label *src, struct label *dest)
{
- MAC_PERFORM(copy_socket_label, src, dest);
+ MAC_PERFORM(socket_copy_label, src, dest);
}
int
-mac_externalize_socket_label(struct label *label, char *elements,
+mac_socket_externalize_label(struct label *label, char *elements,
char *outbuf, size_t outbuflen)
{
int error;
@@ -183,18 +183,18 @@ mac_externalize_socket_label(struct label *label, char *elements,
}
static int
-mac_externalize_socket_peer_label(struct label *label, char *elements,
+mac_socketpeer_externalize_label(struct label *label, char *elements,
char *outbuf, size_t outbuflen)
{
int error;
- MAC_EXTERNALIZE(socket_peer, label, elements, outbuf, outbuflen);
+ MAC_EXTERNALIZE(socketpeer, label, elements, outbuf, outbuflen);
return (error);
}
int
-mac_internalize_socket_label(struct label *label, char *string)
+mac_socket_internalize_label(struct label *label, char *string)
{
int error;
@@ -204,34 +204,34 @@ mac_internalize_socket_label(struct label *label, char *string)
}
void
-mac_create_socket(struct ucred *cred, struct socket *so)
+mac_socket_create(struct ucred *cred, struct socket *so)
{
- MAC_PERFORM(create_socket, cred, so, so->so_label);
+ MAC_PERFORM(socket_create, cred, so, so->so_label);
}
void
-mac_create_socket_from_socket(struct socket *oldso, struct socket *newso)
+mac_socket_newconn(struct socket *oldso, struct socket *newso)
{
SOCK_LOCK_ASSERT(oldso);
- MAC_PERFORM(create_socket_from_socket, oldso, oldso->so_label, newso,
+ MAC_PERFORM(socket_newconn, oldso, oldso->so_label, newso,
newso->so_label);
}
static void
-mac_relabel_socket(struct ucred *cred, struct socket *so,
+mac_socket_relabel(struct ucred *cred, struct socket *so,
struct label *newlabel)
{
SOCK_LOCK_ASSERT(so);
- MAC_PERFORM(relabel_socket, cred, so, so->so_label, newlabel);
+ MAC_PERFORM(socket_relabel, cred, so, so->so_label, newlabel);
}
void
-mac_set_socket_peer_from_mbuf(struct mbuf *m, struct socket *so)
+mac_socketpeer_set_from_mbuf(struct mbuf *m, struct socket *so)
{
struct label *label;
@@ -239,12 +239,12 @@ mac_set_socket_peer_from_mbuf(struct mbuf *m, struct socket *so)
label = mac_mbuf_to_label(m);
- MAC_PERFORM(set_socket_peer_from_mbuf, m, label, so,
+ MAC_PERFORM(socketpeer_set_from_mbuf, m, label, so,
so->so_peerlabel);
}
void
-mac_set_socket_peer_from_socket(struct socket *oldso, struct socket *newso)
+mac_socketpeer_set_from_socket(struct socket *oldso, struct socket *newso)
{
/*
@@ -252,12 +252,12 @@ mac_set_socket_peer_from_socket(struct socket *oldso, struct socket *newso)
* is the original, and one is the new. However, it's called in both
* directions, so we can't assert the lock here currently.
*/
- MAC_PERFORM(set_socket_peer_from_socket, oldso, oldso->so_label,
+ MAC_PERFORM(socketpeer_set_from_socket, oldso, oldso->so_label,
newso, newso->so_peerlabel);
}
void
-mac_create_mbuf_from_socket(struct socket *so, struct mbuf *m)
+mac_socket_create_mbuf(struct socket *so, struct mbuf *m)
{
struct label *label;
@@ -265,59 +265,59 @@ mac_create_mbuf_from_socket(struct socket *so, struct mbuf *m)
label = mac_mbuf_to_label(m);
- MAC_PERFORM(create_mbuf_from_socket, so, so->so_label, m, label);
+ MAC_PERFORM(socket_create_mbuf, so, so->so_label, m, label);
}
int
-mac_check_socket_accept(struct ucred *cred, struct socket *so)
+mac_socket_check_accept(struct ucred *cred, struct socket *so)
{
int error;
SOCK_LOCK_ASSERT(so);
- MAC_CHECK(check_socket_accept, cred, so, so->so_label);
+ MAC_CHECK(socket_check_accept, cred, so, so->so_label);
return (error);
}
int
-mac_check_socket_bind(struct ucred *ucred, struct socket *so,
+mac_socket_check_bind(struct ucred *ucred, struct socket *so,
struct sockaddr *sa)
{
int error;
SOCK_LOCK_ASSERT(so);
- MAC_CHECK(check_socket_bind, ucred, so, so->so_label, sa);
+ MAC_CHECK(socket_check_bind, ucred, so, so->so_label, sa);
return (error);
}
int
-mac_check_socket_connect(struct ucred *cred, struct socket *so,
+mac_socket_check_connect(struct ucred *cred, struct socket *so,
struct sockaddr *sa)
{
int error;
SOCK_LOCK_ASSERT(so);
- MAC_CHECK(check_socket_connect, cred, so, so->so_label, sa);
+ MAC_CHECK(socket_check_connect, cred, so, so->so_label, sa);
return (error);
}
int
-mac_check_socket_create(struct ucred *cred, int domain, int type, int proto)
+mac_socket_check_create(struct ucred *cred, int domain, int type, int proto)
{
int error;
- MAC_CHECK(check_socket_create, cred, domain, type, proto);
+ MAC_CHECK(socket_check_create, cred, domain, type, proto);
return (error);
}
int
-mac_check_socket_deliver(struct socket *so, struct mbuf *m)
+mac_socket_check_deliver(struct socket *so, struct mbuf *m)
{
struct label *label;
int error;
@@ -326,92 +326,92 @@ mac_check_socket_deliver(struct socket *so, struct mbuf *m)
label = mac_mbuf_to_label(m);
- MAC_CHECK(check_socket_deliver, so, so->so_label, m, label);
+ MAC_CHECK(socket_check_deliver, so, so->so_label, m, label);
return (error);
}
int
-mac_check_socket_listen(struct ucred *cred, struct socket *so)
+mac_socket_check_listen(struct ucred *cred, struct socket *so)
{
int error;
SOCK_LOCK_ASSERT(so);
- MAC_CHECK(check_socket_listen, cred, so, so->so_label);
+ MAC_CHECK(socket_check_listen, cred, so, so->so_label);
return (error);
}
int
-mac_check_socket_poll(struct ucred *cred, struct socket *so)
+mac_socket_check_poll(struct ucred *cred, struct socket *so)
{
int error;
SOCK_LOCK_ASSERT(so);
- MAC_CHECK(check_socket_poll, cred, so, so->so_label);
+ MAC_CHECK(socket_check_poll, cred, so, so->so_label);
return (error);
}
int
-mac_check_socket_receive(struct ucred *cred, struct socket *so)
+mac_socket_check_receive(struct ucred *cred, struct socket *so)
{
int error;
SOCK_LOCK_ASSERT(so);
- MAC_CHECK(check_socket_receive, cred, so, so->so_label);
+ MAC_CHECK(socket_check_receive, cred, so, so->so_label);
return (error);
}
static int
-mac_check_socket_relabel(struct ucred *cred, struct socket *so,
+mac_socket_check_relabel(struct ucred *cred, struct socket *so,
struct label *newlabel)
{
int error;
SOCK_LOCK_ASSERT(so);
- MAC_CHECK(check_socket_relabel, cred, so, so->so_label, newlabel);
+ MAC_CHECK(socket_check_relabel, cred, so, so->so_label, newlabel);
return (error);
}
int
-mac_check_socket_send(struct ucred *cred, struct socket *so)
+mac_socket_check_send(struct ucred *cred, struct socket *so)
{
int error;
SOCK_LOCK_ASSERT(so);
- MAC_CHECK(check_socket_send, cred, so, so->so_label);
+ MAC_CHECK(socket_check_send, cred, so, so->so_label);
return (error);
}
int
-mac_check_socket_stat(struct ucred *cred, struct socket *so)
+mac_socket_check_stat(struct ucred *cred, struct socket *so)
{
int error;
SOCK_LOCK_ASSERT(so);
- MAC_CHECK(check_socket_stat, cred, so, so->so_label);
+ MAC_CHECK(socket_check_stat, cred, so, so->so_label);
return (error);
}
int
-mac_check_socket_visible(struct ucred *cred, struct socket *so)
+mac_socket_check_visible(struct ucred *cred, struct socket *so)
{
int error;
SOCK_LOCK_ASSERT(so);
- MAC_CHECK(check_socket_visible, cred, so, so->so_label);
+ MAC_CHECK(socket_check_visible, cred, so, so->so_label);
return (error);
}
@@ -431,13 +431,13 @@ mac_socket_label_set(struct ucred *cred, struct socket *so,
* acquire the socket lock before refreshing, holding both locks.
*/
SOCK_LOCK(so);
- error = mac_check_socket_relabel(cred, so, label);
+ error = mac_socket_check_relabel(cred, so, label);
if (error) {
SOCK_UNLOCK(so);
return (error);
}
- mac_relabel_socket(cred, so, label);
+ mac_socket_relabel(cred, so, label);
SOCK_UNLOCK(so);
/*
@@ -471,7 +471,7 @@ mac_setsockopt_label(struct ucred *cred, struct socket *so, struct mac *mac)
}
intlabel = mac_socket_label_alloc(M_WAITOK);
- error = mac_internalize_socket_label(intlabel, buffer);
+ error = mac_socket_internalize_label(intlabel, buffer);
free(buffer, M_MACTEMP);
if (error)
goto out;
@@ -503,9 +503,9 @@ mac_getsockopt_label(struct ucred *cred, struct socket *so, struct mac *mac)
buffer = malloc(mac->m_buflen, M_MACTEMP, M_WAITOK | M_ZERO);
intlabel = mac_socket_label_alloc(M_WAITOK);
SOCK_LOCK(so);
- mac_copy_socket_label(so->so_label, intlabel);
+ mac_socket_copy_label(so->so_label, intlabel);
SOCK_UNLOCK(so);
- error = mac_externalize_socket_label(intlabel, elements, buffer,
+ error = mac_socket_externalize_label(intlabel, elements, buffer,
mac->m_buflen);
mac_socket_label_free(intlabel);
if (error == 0)
@@ -539,9 +539,9 @@ mac_getsockopt_peerlabel(struct ucred *cred, struct socket *so,
buffer = malloc(mac->m_buflen, M_MACTEMP, M_WAITOK | M_ZERO);
intlabel = mac_socket_label_alloc(M_WAITOK);
SOCK_LOCK(so);
- mac_copy_socket_label(so->so_peerlabel, intlabel);
+ mac_socket_copy_label(so->so_peerlabel, intlabel);
SOCK_UNLOCK(so);
- error = mac_externalize_socket_peer_label(intlabel, elements, buffer,
+ error = mac_socketpeer_externalize_label(intlabel, elements, buffer,
mac->m_buflen);
mac_socket_label_free(intlabel);
if (error == 0)
OpenPOWER on IntegriCloud