summaryrefslogtreecommitdiffstats
path: root/sys/security/mac
diff options
context:
space:
mode:
Diffstat (limited to 'sys/security/mac')
-rw-r--r--sys/security/mac/mac_framework.c14
-rw-r--r--sys/security/mac/mac_internal.h14
-rw-r--r--sys/security/mac/mac_net.c14
-rw-r--r--sys/security/mac/mac_pipe.c14
-rw-r--r--sys/security/mac/mac_process.c14
-rw-r--r--sys/security/mac/mac_syscalls.c14
-rw-r--r--sys/security/mac/mac_system.c14
-rw-r--r--sys/security/mac/mac_vfs.c14
8 files changed, 88 insertions, 24 deletions
diff --git a/sys/security/mac/mac_framework.c b/sys/security/mac/mac_framework.c
index dd5d2b3..d21d5df 100644
--- a/sys/security/mac/mac_framework.c
+++ b/sys/security/mac/mac_framework.c
@@ -1101,15 +1101,23 @@ mac_init_ipq(struct ipq *ipq)
int
mac_init_mbuf(struct mbuf *m, int flag)
{
+ int error;
+
KASSERT(m->m_flags & M_PKTHDR, ("mac_init_mbuf on non-header mbuf"));
mac_init_label(&m->m_pkthdr.label);
- MAC_PERFORM(init_mbuf_label, &m->m_pkthdr.label, flag);
+ MAC_CHECK(init_mbuf_label, &m->m_pkthdr.label, flag);
+ if (error) {
+ MAC_PERFORM(destroy_mbuf_label, &m->m_pkthdr.label);
+ mac_destroy_label(&m->m_pkthdr.label);
+ }
+
#ifdef MAC_DEBUG
- atomic_add_int(&nmacmbufs, 1);
+ if (error == 0)
+ atomic_add_int(&nmacmbufs, 1);
#endif
- return (0);
+ return (error);
}
void
diff --git a/sys/security/mac/mac_internal.h b/sys/security/mac/mac_internal.h
index dd5d2b3..d21d5df 100644
--- a/sys/security/mac/mac_internal.h
+++ b/sys/security/mac/mac_internal.h
@@ -1101,15 +1101,23 @@ mac_init_ipq(struct ipq *ipq)
int
mac_init_mbuf(struct mbuf *m, int flag)
{
+ int error;
+
KASSERT(m->m_flags & M_PKTHDR, ("mac_init_mbuf on non-header mbuf"));
mac_init_label(&m->m_pkthdr.label);
- MAC_PERFORM(init_mbuf_label, &m->m_pkthdr.label, flag);
+ MAC_CHECK(init_mbuf_label, &m->m_pkthdr.label, flag);
+ if (error) {
+ MAC_PERFORM(destroy_mbuf_label, &m->m_pkthdr.label);
+ mac_destroy_label(&m->m_pkthdr.label);
+ }
+
#ifdef MAC_DEBUG
- atomic_add_int(&nmacmbufs, 1);
+ if (error == 0)
+ atomic_add_int(&nmacmbufs, 1);
#endif
- return (0);
+ return (error);
}
void
diff --git a/sys/security/mac/mac_net.c b/sys/security/mac/mac_net.c
index dd5d2b3..d21d5df 100644
--- a/sys/security/mac/mac_net.c
+++ b/sys/security/mac/mac_net.c
@@ -1101,15 +1101,23 @@ mac_init_ipq(struct ipq *ipq)
int
mac_init_mbuf(struct mbuf *m, int flag)
{
+ int error;
+
KASSERT(m->m_flags & M_PKTHDR, ("mac_init_mbuf on non-header mbuf"));
mac_init_label(&m->m_pkthdr.label);
- MAC_PERFORM(init_mbuf_label, &m->m_pkthdr.label, flag);
+ MAC_CHECK(init_mbuf_label, &m->m_pkthdr.label, flag);
+ if (error) {
+ MAC_PERFORM(destroy_mbuf_label, &m->m_pkthdr.label);
+ mac_destroy_label(&m->m_pkthdr.label);
+ }
+
#ifdef MAC_DEBUG
- atomic_add_int(&nmacmbufs, 1);
+ if (error == 0)
+ atomic_add_int(&nmacmbufs, 1);
#endif
- return (0);
+ return (error);
}
void
diff --git a/sys/security/mac/mac_pipe.c b/sys/security/mac/mac_pipe.c
index dd5d2b3..d21d5df 100644
--- a/sys/security/mac/mac_pipe.c
+++ b/sys/security/mac/mac_pipe.c
@@ -1101,15 +1101,23 @@ mac_init_ipq(struct ipq *ipq)
int
mac_init_mbuf(struct mbuf *m, int flag)
{
+ int error;
+
KASSERT(m->m_flags & M_PKTHDR, ("mac_init_mbuf on non-header mbuf"));
mac_init_label(&m->m_pkthdr.label);
- MAC_PERFORM(init_mbuf_label, &m->m_pkthdr.label, flag);
+ MAC_CHECK(init_mbuf_label, &m->m_pkthdr.label, flag);
+ if (error) {
+ MAC_PERFORM(destroy_mbuf_label, &m->m_pkthdr.label);
+ mac_destroy_label(&m->m_pkthdr.label);
+ }
+
#ifdef MAC_DEBUG
- atomic_add_int(&nmacmbufs, 1);
+ if (error == 0)
+ atomic_add_int(&nmacmbufs, 1);
#endif
- return (0);
+ return (error);
}
void
diff --git a/sys/security/mac/mac_process.c b/sys/security/mac/mac_process.c
index dd5d2b3..d21d5df 100644
--- a/sys/security/mac/mac_process.c
+++ b/sys/security/mac/mac_process.c
@@ -1101,15 +1101,23 @@ mac_init_ipq(struct ipq *ipq)
int
mac_init_mbuf(struct mbuf *m, int flag)
{
+ int error;
+
KASSERT(m->m_flags & M_PKTHDR, ("mac_init_mbuf on non-header mbuf"));
mac_init_label(&m->m_pkthdr.label);
- MAC_PERFORM(init_mbuf_label, &m->m_pkthdr.label, flag);
+ MAC_CHECK(init_mbuf_label, &m->m_pkthdr.label, flag);
+ if (error) {
+ MAC_PERFORM(destroy_mbuf_label, &m->m_pkthdr.label);
+ mac_destroy_label(&m->m_pkthdr.label);
+ }
+
#ifdef MAC_DEBUG
- atomic_add_int(&nmacmbufs, 1);
+ if (error == 0)
+ atomic_add_int(&nmacmbufs, 1);
#endif
- return (0);
+ return (error);
}
void
diff --git a/sys/security/mac/mac_syscalls.c b/sys/security/mac/mac_syscalls.c
index dd5d2b3..d21d5df 100644
--- a/sys/security/mac/mac_syscalls.c
+++ b/sys/security/mac/mac_syscalls.c
@@ -1101,15 +1101,23 @@ mac_init_ipq(struct ipq *ipq)
int
mac_init_mbuf(struct mbuf *m, int flag)
{
+ int error;
+
KASSERT(m->m_flags & M_PKTHDR, ("mac_init_mbuf on non-header mbuf"));
mac_init_label(&m->m_pkthdr.label);
- MAC_PERFORM(init_mbuf_label, &m->m_pkthdr.label, flag);
+ MAC_CHECK(init_mbuf_label, &m->m_pkthdr.label, flag);
+ if (error) {
+ MAC_PERFORM(destroy_mbuf_label, &m->m_pkthdr.label);
+ mac_destroy_label(&m->m_pkthdr.label);
+ }
+
#ifdef MAC_DEBUG
- atomic_add_int(&nmacmbufs, 1);
+ if (error == 0)
+ atomic_add_int(&nmacmbufs, 1);
#endif
- return (0);
+ return (error);
}
void
diff --git a/sys/security/mac/mac_system.c b/sys/security/mac/mac_system.c
index dd5d2b3..d21d5df 100644
--- a/sys/security/mac/mac_system.c
+++ b/sys/security/mac/mac_system.c
@@ -1101,15 +1101,23 @@ mac_init_ipq(struct ipq *ipq)
int
mac_init_mbuf(struct mbuf *m, int flag)
{
+ int error;
+
KASSERT(m->m_flags & M_PKTHDR, ("mac_init_mbuf on non-header mbuf"));
mac_init_label(&m->m_pkthdr.label);
- MAC_PERFORM(init_mbuf_label, &m->m_pkthdr.label, flag);
+ MAC_CHECK(init_mbuf_label, &m->m_pkthdr.label, flag);
+ if (error) {
+ MAC_PERFORM(destroy_mbuf_label, &m->m_pkthdr.label);
+ mac_destroy_label(&m->m_pkthdr.label);
+ }
+
#ifdef MAC_DEBUG
- atomic_add_int(&nmacmbufs, 1);
+ if (error == 0)
+ atomic_add_int(&nmacmbufs, 1);
#endif
- return (0);
+ return (error);
}
void
diff --git a/sys/security/mac/mac_vfs.c b/sys/security/mac/mac_vfs.c
index dd5d2b3..d21d5df 100644
--- a/sys/security/mac/mac_vfs.c
+++ b/sys/security/mac/mac_vfs.c
@@ -1101,15 +1101,23 @@ mac_init_ipq(struct ipq *ipq)
int
mac_init_mbuf(struct mbuf *m, int flag)
{
+ int error;
+
KASSERT(m->m_flags & M_PKTHDR, ("mac_init_mbuf on non-header mbuf"));
mac_init_label(&m->m_pkthdr.label);
- MAC_PERFORM(init_mbuf_label, &m->m_pkthdr.label, flag);
+ MAC_CHECK(init_mbuf_label, &m->m_pkthdr.label, flag);
+ if (error) {
+ MAC_PERFORM(destroy_mbuf_label, &m->m_pkthdr.label);
+ mac_destroy_label(&m->m_pkthdr.label);
+ }
+
#ifdef MAC_DEBUG
- atomic_add_int(&nmacmbufs, 1);
+ if (error == 0)
+ atomic_add_int(&nmacmbufs, 1);
#endif
- return (0);
+ return (error);
}
void
OpenPOWER on IntegriCloud