summaryrefslogtreecommitdiffstats
path: root/sys/security/mac_lomac/mac_lomac.c
diff options
context:
space:
mode:
Diffstat (limited to 'sys/security/mac_lomac/mac_lomac.c')
-rw-r--r--sys/security/mac_lomac/mac_lomac.c112
1 files changed, 56 insertions, 56 deletions
diff --git a/sys/security/mac_lomac/mac_lomac.c b/sys/security/mac_lomac/mac_lomac.c
index c6261bf..be13a47 100644
--- a/sys/security/mac_lomac/mac_lomac.c
+++ b/sys/security/mac_lomac/mac_lomac.c
@@ -499,7 +499,7 @@ maybe_demote(struct mac_lomac *subjlabel, struct mac_lomac *objlabel,
struct proc *p;
pid_t pgid;
- subj = PSLOT(&curthread->td_proc->p_label);
+ subj = PSLOT(curthread->td_proc->p_label);
p = curthread->td_proc;
mtx_lock(&subj->mtx);
@@ -941,7 +941,7 @@ mac_lomac_create_devfs_symlink(struct ucred *cred, struct mount *mp,
{
struct mac_lomac *source, *dest;
- source = SLOT(&cred->cr_label);
+ source = SLOT(cred->cr_label);
dest = SLOT(delabel);
mac_lomac_copy_single(source, dest);
@@ -953,7 +953,7 @@ mac_lomac_create_mount(struct ucred *cred, struct mount *mp,
{
struct mac_lomac *source, *dest;
- source = SLOT(&cred->cr_label);
+ source = SLOT(cred->cr_label);
dest = SLOT(mntlabel);
mac_lomac_copy_single(source, dest);
dest = SLOT(fslabel);
@@ -1082,7 +1082,7 @@ mac_lomac_create_vnode_extattr(struct ucred *cred, struct mount *mp,
buflen = sizeof(temp);
bzero(&temp, buflen);
- source = SLOT(&cred->cr_label);
+ source = SLOT(cred->cr_label);
dest = SLOT(vlabel);
dir = SLOT(dlabel);
if (dir->ml_flags & MAC_LOMAC_FLAG_AUX) {
@@ -1142,7 +1142,7 @@ mac_lomac_create_socket(struct ucred *cred, struct socket *socket,
{
struct mac_lomac *source, *dest;
- source = SLOT(&cred->cr_label);
+ source = SLOT(cred->cr_label);
dest = SLOT(socketlabel);
mac_lomac_copy_single(source, dest);
@@ -1154,7 +1154,7 @@ mac_lomac_create_pipe(struct ucred *cred, struct pipe *pipe,
{
struct mac_lomac *source, *dest;
- source = SLOT(&cred->cr_label);
+ source = SLOT(cred->cr_label);
dest = SLOT(pipelabel);
mac_lomac_copy_single(source, dest);
@@ -1231,7 +1231,7 @@ mac_lomac_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d,
{
struct mac_lomac *source, *dest;
- source = SLOT(&cred->cr_label);
+ source = SLOT(cred->cr_label);
dest = SLOT(bpflabel);
mac_lomac_copy_single(source, dest);
@@ -1453,8 +1453,8 @@ mac_lomac_create_cred(struct ucred *cred_parent, struct ucred *cred_child)
{
struct mac_lomac *source, *dest;
- source = SLOT(&cred_parent->cr_label);
- dest = SLOT(&cred_child->cr_label);
+ source = SLOT(cred_parent->cr_label);
+ dest = SLOT(cred_child->cr_label);
mac_lomac_copy_single(source, dest);
mac_lomac_copy_range(source, dest);
@@ -1468,8 +1468,8 @@ mac_lomac_execve_transition(struct ucred *old, struct ucred *new,
{
struct mac_lomac *source, *dest, *obj, *robj;
- source = SLOT(&old->cr_label);
- dest = SLOT(&new->cr_label);
+ source = SLOT(old->cr_label);
+ dest = SLOT(new->cr_label);
obj = SLOT(vnodelabel);
robj = interpvnodelabel != NULL ? SLOT(interpvnodelabel) : obj;
@@ -1507,7 +1507,7 @@ mac_lomac_execve_will_transition(struct ucred *old, struct vnode *vp,
if (!mac_lomac_enabled || !revocation_enabled)
return (0);
- subj = SLOT(&old->cr_label);
+ subj = SLOT(old->cr_label);
obj = SLOT(vnodelabel);
robj = interpvnodelabel != NULL ? SLOT(interpvnodelabel) : obj;
@@ -1522,7 +1522,7 @@ mac_lomac_create_proc0(struct ucred *cred)
{
struct mac_lomac *dest;
- dest = SLOT(&cred->cr_label);
+ dest = SLOT(cred->cr_label);
mac_lomac_set_single(dest, MAC_LOMAC_TYPE_EQUAL, 0);
mac_lomac_set_range(dest, MAC_LOMAC_TYPE_LOW, 0, MAC_LOMAC_TYPE_HIGH,
@@ -1534,7 +1534,7 @@ mac_lomac_create_proc1(struct ucred *cred)
{
struct mac_lomac *dest;
- dest = SLOT(&cred->cr_label);
+ dest = SLOT(cred->cr_label);
mac_lomac_set_single(dest, MAC_LOMAC_TYPE_HIGH, 0);
mac_lomac_set_range(dest, MAC_LOMAC_TYPE_LOW, 0, MAC_LOMAC_TYPE_HIGH,
@@ -1547,7 +1547,7 @@ mac_lomac_relabel_cred(struct ucred *cred, struct label *newlabel)
struct mac_lomac *source, *dest;
source = SLOT(newlabel);
- dest = SLOT(&cred->cr_label);
+ dest = SLOT(cred->cr_label);
try_relabel(source, dest);
}
@@ -1578,7 +1578,7 @@ mac_lomac_check_cred_relabel(struct ucred *cred, struct label *newlabel)
struct mac_lomac *subj, *new;
int error;
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
new = SLOT(newlabel);
/*
@@ -1646,8 +1646,8 @@ mac_lomac_check_cred_visible(struct ucred *u1, struct ucred *u2)
if (!mac_lomac_enabled)
return (0);
- subj = SLOT(&u1->cr_label);
- obj = SLOT(&u2->cr_label);
+ subj = SLOT(u1->cr_label);
+ obj = SLOT(u2->cr_label);
/* XXX: range */
if (!mac_lomac_dominate_single(obj, subj))
@@ -1663,7 +1663,7 @@ mac_lomac_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifnet,
struct mac_lomac *subj, *new;
int error;
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
new = SLOT(newlabel);
/*
@@ -1735,7 +1735,7 @@ mac_lomac_check_kld_load(struct ucred *cred, struct vnode *vp,
if (!mac_lomac_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT(label);
if (mac_lomac_subject_privileged(subj))
@@ -1755,7 +1755,7 @@ mac_lomac_check_kld_unload(struct ucred *cred)
if (!mac_lomac_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
if (mac_lomac_subject_privileged(subj))
return (EPERM);
@@ -1785,7 +1785,7 @@ mac_lomac_check_pipe_read(struct ucred *cred, struct pipe *pipe,
if (!mac_lomac_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT((pipelabel));
if (!mac_lomac_dominate_single(obj, subj))
@@ -1802,7 +1802,7 @@ mac_lomac_check_pipe_relabel(struct ucred *cred, struct pipe *pipe,
int error;
new = SLOT(newlabel);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT(pipelabel);
/*
@@ -1854,7 +1854,7 @@ mac_lomac_check_pipe_write(struct ucred *cred, struct pipe *pipe,
if (!mac_lomac_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT((pipelabel));
if (!mac_lomac_subject_dominate(subj, obj))
@@ -1871,8 +1871,8 @@ mac_lomac_check_proc_debug(struct ucred *cred, struct proc *proc)
if (!mac_lomac_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
- obj = SLOT(&proc->p_ucred->cr_label);
+ subj = SLOT(cred->cr_label);
+ obj = SLOT(proc->p_ucred->cr_label);
/* XXX: range checks */
if (!mac_lomac_dominate_single(obj, subj))
@@ -1891,8 +1891,8 @@ mac_lomac_check_proc_sched(struct ucred *cred, struct proc *proc)
if (!mac_lomac_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
- obj = SLOT(&proc->p_ucred->cr_label);
+ subj = SLOT(cred->cr_label);
+ obj = SLOT(proc->p_ucred->cr_label);
/* XXX: range checks */
if (!mac_lomac_dominate_single(obj, subj))
@@ -1911,8 +1911,8 @@ mac_lomac_check_proc_signal(struct ucred *cred, struct proc *proc, int signum)
if (!mac_lomac_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
- obj = SLOT(&proc->p_ucred->cr_label);
+ subj = SLOT(cred->cr_label);
+ obj = SLOT(proc->p_ucred->cr_label);
/* XXX: range checks */
if (!mac_lomac_dominate_single(obj, subj))
@@ -1946,7 +1946,7 @@ mac_lomac_check_socket_relabel(struct ucred *cred, struct socket *socket,
int error;
new = SLOT(newlabel);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT(socketlabel);
/*
@@ -1998,7 +1998,7 @@ mac_lomac_check_socket_visible(struct ucred *cred, struct socket *socket,
if (!mac_lomac_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT(socketlabel);
if (!mac_lomac_dominate_single(obj, subj))
@@ -2016,7 +2016,7 @@ mac_lomac_check_system_swapon(struct ucred *cred, struct vnode *vp,
if (!mac_lomac_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT(label);
if (mac_lomac_subject_privileged(subj))
@@ -2037,7 +2037,7 @@ mac_lomac_check_system_sysctl(struct ucred *cred, int *name, u_int namelen,
if (!mac_lomac_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
/*
* In general, treat sysctl variables as lomac/high, but also
@@ -2071,7 +2071,7 @@ mac_lomac_check_vnode_create(struct ucred *cred, struct vnode *dvp,
if (!mac_lomac_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT(dlabel);
if (!mac_lomac_subject_dominate(subj, obj))
@@ -2093,7 +2093,7 @@ mac_lomac_check_vnode_delete(struct ucred *cred, struct vnode *dvp,
if (!mac_lomac_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT(dlabel);
if (!mac_lomac_subject_dominate(subj, obj))
@@ -2116,7 +2116,7 @@ mac_lomac_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp,
if (!mac_lomac_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT(label);
if (!mac_lomac_subject_dominate(subj, obj))
@@ -2135,7 +2135,7 @@ mac_lomac_check_vnode_link(struct ucred *cred, struct vnode *dvp,
if (!mac_lomac_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT(dlabel);
if (!mac_lomac_subject_dominate(subj, obj))
@@ -2162,7 +2162,7 @@ mac_lomac_check_vnode_mmap(struct ucred *cred, struct vnode *vp,
if (!mac_lomac_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT(label);
if (prot & VM_PROT_WRITE) {
@@ -2190,7 +2190,7 @@ mac_lomac_check_vnode_mprotect(struct ucred *cred, struct vnode *vp,
if (!mac_lomac_enabled || !revocation_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT(label);
if (prot & VM_PROT_WRITE) {
@@ -2218,7 +2218,7 @@ mac_lomac_check_vnode_mmap_downgrade(struct ucred *cred, struct vnode *vp,
if (!mac_lomac_enabled || !revocation_enabled)
return;
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT(label);
if (!mac_lomac_subject_dominate(subj, obj))
@@ -2234,7 +2234,7 @@ mac_lomac_check_vnode_open(struct ucred *cred, struct vnode *vp,
if (!mac_lomac_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT(vnodelabel);
/* XXX privilege override for admin? */
@@ -2255,7 +2255,7 @@ mac_lomac_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred,
if (!mac_lomac_enabled || !revocation_enabled)
return (0);
- subj = SLOT(&active_cred->cr_label);
+ subj = SLOT(active_cred->cr_label);
obj = SLOT(label);
if (!mac_lomac_dominate_single(obj, subj))
@@ -2273,7 +2273,7 @@ mac_lomac_check_vnode_relabel(struct ucred *cred, struct vnode *vp,
old = SLOT(vnodelabel);
new = SLOT(newlabel);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
/*
* If there is a LOMAC label update for the vnode, it must be a
@@ -2350,7 +2350,7 @@ mac_lomac_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp,
if (!mac_lomac_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT(dlabel);
if (!mac_lomac_subject_dominate(subj, obj))
@@ -2374,7 +2374,7 @@ mac_lomac_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp,
if (!mac_lomac_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT(dlabel);
if (!mac_lomac_subject_dominate(subj, obj))
@@ -2399,7 +2399,7 @@ mac_lomac_check_vnode_revoke(struct ucred *cred, struct vnode *vp,
if (!mac_lomac_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT(label);
if (!mac_lomac_subject_dominate(subj, obj))
@@ -2417,7 +2417,7 @@ mac_lomac_check_vnode_setacl(struct ucred *cred, struct vnode *vp,
if (!mac_lomac_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT(label);
if (!mac_lomac_subject_dominate(subj, obj))
@@ -2436,7 +2436,7 @@ mac_lomac_check_vnode_setextattr(struct ucred *cred, struct vnode *vp,
if (!mac_lomac_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT(vnodelabel);
if (!mac_lomac_subject_dominate(subj, obj))
@@ -2456,7 +2456,7 @@ mac_lomac_check_vnode_setflags(struct ucred *cred, struct vnode *vp,
if (!mac_lomac_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT(vnodelabel);
if (!mac_lomac_subject_dominate(subj, obj))
@@ -2474,7 +2474,7 @@ mac_lomac_check_vnode_setmode(struct ucred *cred, struct vnode *vp,
if (!mac_lomac_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT(vnodelabel);
if (!mac_lomac_subject_dominate(subj, obj))
@@ -2492,7 +2492,7 @@ mac_lomac_check_vnode_setowner(struct ucred *cred, struct vnode *vp,
if (!mac_lomac_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT(vnodelabel);
if (!mac_lomac_subject_dominate(subj, obj))
@@ -2510,7 +2510,7 @@ mac_lomac_check_vnode_setutimes(struct ucred *cred, struct vnode *vp,
if (!mac_lomac_enabled)
return (0);
- subj = SLOT(&cred->cr_label);
+ subj = SLOT(cred->cr_label);
obj = SLOT(vnodelabel);
if (!mac_lomac_subject_dominate(subj, obj))
@@ -2528,7 +2528,7 @@ mac_lomac_check_vnode_write(struct ucred *active_cred,
if (!mac_lomac_enabled || !revocation_enabled)
return (0);
- subj = SLOT(&active_cred->cr_label);
+ subj = SLOT(active_cred->cr_label);
obj = SLOT(label);
if (!mac_lomac_subject_dominate(subj, obj))
@@ -2541,7 +2541,7 @@ static void
mac_lomac_thread_userret(struct thread *td)
{
struct proc *p = td->td_proc;
- struct mac_lomac_proc *subj = PSLOT(&p->p_label);
+ struct mac_lomac_proc *subj = PSLOT(p->p_label);
struct ucred *newcred, *oldcred;
int dodrop;
@@ -2568,7 +2568,7 @@ mac_lomac_thread_userret(struct thread *td)
oldcred = p->p_ucred;
crcopy(newcred, oldcred);
crhold(newcred);
- mac_lomac_copy(&subj->mac_lomac, SLOT(&newcred->cr_label));
+ mac_lomac_copy(&subj->mac_lomac, SLOT(newcred->cr_label));
p->p_ucred = newcred;
crfree(oldcred);
dodrop = 1;
OpenPOWER on IntegriCloud