summaryrefslogtreecommitdiffstats
path: root/sys/security
diff options
context:
space:
mode:
Diffstat (limited to 'sys/security')
-rw-r--r--sys/security/mac/mac_policy.h14
-rw-r--r--sys/security/mac/mac_vfs.c44
-rw-r--r--sys/security/mac_biba/mac_biba.c20
-rw-r--r--sys/security/mac_lomac/mac_lomac.c20
-rw-r--r--sys/security/mac_mls/mac_mls.c20
-rw-r--r--sys/security/mac_stub/mac_stub.c12
-rw-r--r--sys/security/mac_test/mac_test.c39
7 files changed, 54 insertions, 115 deletions
diff --git a/sys/security/mac/mac_policy.h b/sys/security/mac/mac_policy.h
index 451633f..77d3f98 100644
--- a/sys/security/mac/mac_policy.h
+++ b/sys/security/mac/mac_policy.h
@@ -127,7 +127,6 @@ typedef void (*mpo_init_sysv_shm_label_t)(struct label *label);
typedef int (*mpo_init_ipq_label_t)(struct label *label, int flag);
typedef int (*mpo_init_mbuf_label_t)(struct label *label, int flag);
typedef void (*mpo_init_mount_label_t)(struct label *label);
-typedef void (*mpo_init_mount_fs_label_t)(struct label *label);
typedef int (*mpo_init_socket_label_t)(struct label *label, int flag);
typedef int (*mpo_init_socket_peer_label_t)(struct label *label,
int flag);
@@ -147,7 +146,6 @@ typedef void (*mpo_destroy_sysv_shm_label_t)(struct label *label);
typedef void (*mpo_destroy_ipq_label_t)(struct label *label);
typedef void (*mpo_destroy_mbuf_label_t)(struct label *label);
typedef void (*mpo_destroy_mount_label_t)(struct label *label);
-typedef void (*mpo_destroy_mount_fs_label_t)(struct label *label);
typedef void (*mpo_destroy_socket_label_t)(struct label *label);
typedef void (*mpo_destroy_socket_peer_label_t)(struct label *label);
typedef void (*mpo_destroy_pipe_label_t)(struct label *label);
@@ -198,14 +196,14 @@ typedef int (*mpo_internalize_vnode_label_t)(struct label *label,
* like file system objects.
*/
typedef void (*mpo_associate_vnode_devfs_t)(struct mount *mp,
- struct label *fslabel, struct devfs_dirent *de,
+ struct label *mntlabel, struct devfs_dirent *de,
struct label *delabel, struct vnode *vp,
struct label *vlabel);
typedef int (*mpo_associate_vnode_extattr_t)(struct mount *mp,
- struct label *fslabel, struct vnode *vp,
+ struct label *mntlabel, struct vnode *vp,
struct label *vlabel);
typedef void (*mpo_associate_vnode_singlelabel_t)(struct mount *mp,
- struct label *fslabel, struct vnode *vp,
+ struct label *mntlabel, struct vnode *vp,
struct label *vlabel);
typedef void (*mpo_create_devfs_device_t)(struct ucred *cred,
struct mount *mp, struct cdev *dev,
@@ -218,12 +216,12 @@ typedef void (*mpo_create_devfs_symlink_t)(struct ucred *cred,
struct label *ddlabel, struct devfs_dirent *de,
struct label *delabel);
typedef int (*mpo_create_vnode_extattr_t)(struct ucred *cred,
- struct mount *mp, struct label *fslabel,
+ struct mount *mp, struct label *mntlabel,
struct vnode *dvp, struct label *dlabel,
struct vnode *vp, struct label *vlabel,
struct componentname *cnp);
typedef void (*mpo_create_mount_t)(struct ucred *cred, struct mount *mp,
- struct label *mntlabel, struct label *fslabel);
+ struct label *mntlabel);
typedef void (*mpo_relabel_vnode_t)(struct ucred *cred, struct vnode *vp,
struct label *vnodelabel, struct label *label);
typedef int (*mpo_setlabel_vnode_extattr_t)(struct ucred *cred,
@@ -645,7 +643,6 @@ struct mac_policy_ops {
mpo_init_ipq_label_t mpo_init_ipq_label;
mpo_init_mbuf_label_t mpo_init_mbuf_label;
mpo_init_mount_label_t mpo_init_mount_label;
- mpo_init_mount_fs_label_t mpo_init_mount_fs_label;
mpo_init_socket_label_t mpo_init_socket_label;
mpo_init_socket_peer_label_t mpo_init_socket_peer_label;
mpo_init_pipe_label_t mpo_init_pipe_label;
@@ -665,7 +662,6 @@ struct mac_policy_ops {
mpo_destroy_ipq_label_t mpo_destroy_ipq_label;
mpo_destroy_mbuf_label_t mpo_destroy_mbuf_label;
mpo_destroy_mount_label_t mpo_destroy_mount_label;
- mpo_destroy_mount_fs_label_t mpo_destroy_mount_fs_label;
mpo_destroy_socket_label_t mpo_destroy_socket_label;
mpo_destroy_socket_peer_label_t mpo_destroy_socket_peer_label;
mpo_destroy_pipe_label_t mpo_destroy_pipe_label;
diff --git a/sys/security/mac/mac_vfs.c b/sys/security/mac/mac_vfs.c
index 9196779..c6726d2 100644
--- a/sys/security/mac/mac_vfs.c
+++ b/sys/security/mac/mac_vfs.c
@@ -2,7 +2,7 @@
* Copyright (c) 1999-2002 Robert N. M. Watson
* Copyright (c) 2001 Ilmar S. Habibulin
* Copyright (c) 2001-2005 McAfee, Inc.
- * Copyright (c) 2005 SPARTA, Inc.
+ * Copyright (c) 2005-2006 SPARTA, Inc.
* All rights reserved.
*
* This software was developed by Robert Watson and Ilmar Habibulin for the
@@ -107,22 +107,11 @@ mac_mount_label_alloc(void)
return (label);
}
-static struct label *
-mac_mount_fs_label_alloc(void)
-{
- struct label *label;
-
- label = mac_labelzone_alloc(M_WAITOK);
- MAC_PERFORM(init_mount_fs_label, label);
- return (label);
-}
-
void
mac_init_mount(struct mount *mp)
{
- mp->mnt_mntlabel = mac_mount_label_alloc();
- mp->mnt_fslabel = mac_mount_fs_label_alloc();
+ mp->mnt_label = mac_mount_label_alloc();
}
struct label *
@@ -166,22 +155,12 @@ mac_mount_label_free(struct label *label)
mac_labelzone_free(label);
}
-static void
-mac_mount_fs_label_free(struct label *label)
-{
-
- MAC_PERFORM(destroy_mount_fs_label, label);
- mac_labelzone_free(label);
-}
-
void
mac_destroy_mount(struct mount *mp)
{
- mac_mount_fs_label_free(mp->mnt_fslabel);
- mp->mnt_fslabel = NULL;
- mac_mount_label_free(mp->mnt_mntlabel);
- mp->mnt_mntlabel = NULL;
+ mac_mount_label_free(mp->mnt_label);
+ mp->mnt_label = NULL;
}
void
@@ -242,7 +221,7 @@ mac_associate_vnode_devfs(struct mount *mp, struct devfs_dirent *de,
struct vnode *vp)
{
- MAC_PERFORM(associate_vnode_devfs, mp, mp->mnt_fslabel, de,
+ MAC_PERFORM(associate_vnode_devfs, mp, mp->mnt_label, de,
de->de_label, vp, vp->v_label);
}
@@ -253,7 +232,7 @@ mac_associate_vnode_extattr(struct mount *mp, struct vnode *vp)
ASSERT_VOP_LOCKED(vp, "mac_associate_vnode_extattr");
- MAC_CHECK(associate_vnode_extattr, mp, mp->mnt_fslabel, vp,
+ MAC_CHECK(associate_vnode_extattr, mp, mp->mnt_label, vp,
vp->v_label);
return (error);
@@ -263,7 +242,7 @@ void
mac_associate_vnode_singlelabel(struct mount *mp, struct vnode *vp)
{
- MAC_PERFORM(associate_vnode_singlelabel, mp, mp->mnt_fslabel, vp,
+ MAC_PERFORM(associate_vnode_singlelabel, mp, mp->mnt_label, vp,
vp->v_label);
}
@@ -295,8 +274,8 @@ mac_create_vnode_extattr(struct ucred *cred, struct mount *mp,
} else if (error)
return (error);
- MAC_CHECK(create_vnode_extattr, cred, mp, mp->mnt_fslabel,
- dvp, dvp->v_label, vp, vp->v_label, cnp);
+ MAC_CHECK(create_vnode_extattr, cred, mp, mp->mnt_label, dvp,
+ dvp->v_label, vp, vp->v_label, cnp);
if (error) {
VOP_CLOSEEXTATTR(vp, 0, NOCRED, curthread);
@@ -788,8 +767,7 @@ void
mac_create_mount(struct ucred *cred, struct mount *mp)
{
- MAC_PERFORM(create_mount, cred, mp, mp->mnt_mntlabel,
- mp->mnt_fslabel);
+ MAC_PERFORM(create_mount, cred, mp, mp->mnt_label);
}
int
@@ -797,7 +775,7 @@ mac_check_mount_stat(struct ucred *cred, struct mount *mount)
{
int error;
- MAC_CHECK(check_mount_stat, cred, mount, mount->mnt_mntlabel);
+ MAC_CHECK(check_mount_stat, cred, mount, mount->mnt_label);
return (error);
}
diff --git a/sys/security/mac_biba/mac_biba.c b/sys/security/mac_biba/mac_biba.c
index 30dbf79..663ea5b 100644
--- a/sys/security/mac_biba/mac_biba.c
+++ b/sys/security/mac_biba/mac_biba.c
@@ -829,15 +829,13 @@ mac_biba_create_devfs_symlink(struct ucred *cred, struct mount *mp,
static void
mac_biba_create_mount(struct ucred *cred, struct mount *mp,
- struct label *mntlabel, struct label *fslabel)
+ struct label *mntlabel)
{
struct mac_biba *source, *dest;
source = SLOT(cred->cr_label);
dest = SLOT(mntlabel);
mac_biba_copy_effective(source, dest);
- dest = SLOT(fslabel);
- mac_biba_copy_effective(source, dest);
}
static void
@@ -866,7 +864,7 @@ mac_biba_update_devfsdirent(struct mount *mp,
}
static void
-mac_biba_associate_vnode_devfs(struct mount *mp, struct label *fslabel,
+mac_biba_associate_vnode_devfs(struct mount *mp, struct label *mntlabel,
struct devfs_dirent *de, struct label *delabel, struct vnode *vp,
struct label *vlabel)
{
@@ -879,13 +877,13 @@ mac_biba_associate_vnode_devfs(struct mount *mp, struct label *fslabel,
}
static int
-mac_biba_associate_vnode_extattr(struct mount *mp, struct label *fslabel,
+mac_biba_associate_vnode_extattr(struct mount *mp, struct label *mntlabel,
struct vnode *vp, struct label *vlabel)
{
struct mac_biba temp, *source, *dest;
int buflen, error;
- source = SLOT(fslabel);
+ source = SLOT(mntlabel);
dest = SLOT(vlabel);
buflen = sizeof(temp);
@@ -894,7 +892,7 @@ mac_biba_associate_vnode_extattr(struct mount *mp, struct label *fslabel,
error = vn_extattr_get(vp, IO_NODELOCKED, MAC_BIBA_EXTATTR_NAMESPACE,
MAC_BIBA_EXTATTR_NAME, &buflen, (char *) &temp, curthread);
if (error == ENOATTR || error == EOPNOTSUPP) {
- /* Fall back to the fslabel. */
+ /* Fall back to the mntlabel. */
mac_biba_copy_effective(source, dest);
return (0);
} else if (error)
@@ -920,11 +918,11 @@ mac_biba_associate_vnode_extattr(struct mount *mp, struct label *fslabel,
static void
mac_biba_associate_vnode_singlelabel(struct mount *mp,
- struct label *fslabel, struct vnode *vp, struct label *vlabel)
+ struct label *mntlabel, struct vnode *vp, struct label *vlabel)
{
struct mac_biba *source, *dest;
- source = SLOT(fslabel);
+ source = SLOT(mntlabel);
dest = SLOT(vlabel);
mac_biba_copy_effective(source, dest);
@@ -932,7 +930,7 @@ mac_biba_associate_vnode_singlelabel(struct mount *mp,
static int
mac_biba_create_vnode_extattr(struct ucred *cred, struct mount *mp,
- struct label *fslabel, struct vnode *dvp, struct label *dlabel,
+ struct label *mntlabel, struct vnode *dvp, struct label *dlabel,
struct vnode *vp, struct label *vlabel, struct componentname *cnp)
{
struct mac_biba *source, *dest, temp;
@@ -3258,7 +3256,6 @@ static struct mac_policy_ops mac_biba_ops =
.mpo_init_ipq_label = mac_biba_init_label_waitcheck,
.mpo_init_mbuf_label = mac_biba_init_label_waitcheck,
.mpo_init_mount_label = mac_biba_init_label,
- .mpo_init_mount_fs_label = mac_biba_init_label,
.mpo_init_pipe_label = mac_biba_init_label,
.mpo_init_posix_sem_label = mac_biba_init_label,
.mpo_init_socket_label = mac_biba_init_label_waitcheck,
@@ -3278,7 +3275,6 @@ static struct mac_policy_ops mac_biba_ops =
.mpo_destroy_ipq_label = mac_biba_destroy_label,
.mpo_destroy_mbuf_label = mac_biba_destroy_label,
.mpo_destroy_mount_label = mac_biba_destroy_label,
- .mpo_destroy_mount_fs_label = mac_biba_destroy_label,
.mpo_destroy_pipe_label = mac_biba_destroy_label,
.mpo_destroy_posix_sem_label = mac_biba_destroy_label,
.mpo_destroy_socket_label = mac_biba_destroy_label,
diff --git a/sys/security/mac_lomac/mac_lomac.c b/sys/security/mac_lomac/mac_lomac.c
index c52cf70..c85ec2f 100644
--- a/sys/security/mac_lomac/mac_lomac.c
+++ b/sys/security/mac_lomac/mac_lomac.c
@@ -949,15 +949,13 @@ mac_lomac_create_devfs_symlink(struct ucred *cred, struct mount *mp,
static void
mac_lomac_create_mount(struct ucred *cred, struct mount *mp,
- struct label *mntlabel, struct label *fslabel)
+ struct label *mntlabel)
{
struct mac_lomac *source, *dest;
source = SLOT(cred->cr_label);
dest = SLOT(mntlabel);
mac_lomac_copy_single(source, dest);
- dest = SLOT(fslabel);
- mac_lomac_copy_single(source, dest);
}
static void
@@ -986,7 +984,7 @@ mac_lomac_update_devfsdirent(struct mount *mp,
}
static void
-mac_lomac_associate_vnode_devfs(struct mount *mp, struct label *fslabel,
+mac_lomac_associate_vnode_devfs(struct mount *mp, struct label *mntlabel,
struct devfs_dirent *de, struct label *delabel, struct vnode *vp,
struct label *vlabel)
{
@@ -999,13 +997,13 @@ mac_lomac_associate_vnode_devfs(struct mount *mp, struct label *fslabel,
}
static int
-mac_lomac_associate_vnode_extattr(struct mount *mp, struct label *fslabel,
+mac_lomac_associate_vnode_extattr(struct mount *mp, struct label *mntlabel,
struct vnode *vp, struct label *vlabel)
{
struct mac_lomac temp, *source, *dest;
int buflen, error;
- source = SLOT(fslabel);
+ source = SLOT(mntlabel);
dest = SLOT(vlabel);
buflen = sizeof(temp);
@@ -1014,7 +1012,7 @@ mac_lomac_associate_vnode_extattr(struct mount *mp, struct label *fslabel,
error = vn_extattr_get(vp, IO_NODELOCKED, MAC_LOMAC_EXTATTR_NAMESPACE,
MAC_LOMAC_EXTATTR_NAME, &buflen, (char *)&temp, curthread);
if (error == ENOATTR || error == EOPNOTSUPP) {
- /* Fall back to the fslabel. */
+ /* Fall back to the mntlabel. */
mac_lomac_copy_single(source, dest);
return (0);
} else if (error)
@@ -1047,11 +1045,11 @@ mac_lomac_associate_vnode_extattr(struct mount *mp, struct label *fslabel,
static void
mac_lomac_associate_vnode_singlelabel(struct mount *mp,
- struct label *fslabel, struct vnode *vp, struct label *vlabel)
+ struct label *mntlabel, struct vnode *vp, struct label *vlabel)
{
struct mac_lomac *source, *dest;
- source = SLOT(fslabel);
+ source = SLOT(mntlabel);
dest = SLOT(vlabel);
mac_lomac_copy_single(source, dest);
@@ -1059,7 +1057,7 @@ mac_lomac_associate_vnode_singlelabel(struct mount *mp,
static int
mac_lomac_create_vnode_extattr(struct ucred *cred, struct mount *mp,
- struct label *fslabel, struct vnode *dvp, struct label *dlabel,
+ struct label *mntlabel, struct vnode *dvp, struct label *dlabel,
struct vnode *vp, struct label *vlabel, struct componentname *cnp)
{
struct mac_lomac *source, *dest, *dir, temp;
@@ -2833,7 +2831,6 @@ static struct mac_policy_ops mac_lomac_ops =
.mpo_init_ipq_label = mac_lomac_init_label_waitcheck,
.mpo_init_mbuf_label = mac_lomac_init_label_waitcheck,
.mpo_init_mount_label = mac_lomac_init_label,
- .mpo_init_mount_fs_label = mac_lomac_init_label,
.mpo_init_pipe_label = mac_lomac_init_label,
.mpo_init_proc_label = mac_lomac_init_proc_label,
.mpo_init_socket_label = mac_lomac_init_label_waitcheck,
@@ -2848,7 +2845,6 @@ static struct mac_policy_ops mac_lomac_ops =
.mpo_destroy_ipq_label = mac_lomac_destroy_label,
.mpo_destroy_mbuf_label = mac_lomac_destroy_label,
.mpo_destroy_mount_label = mac_lomac_destroy_label,
- .mpo_destroy_mount_fs_label = mac_lomac_destroy_label,
.mpo_destroy_pipe_label = mac_lomac_destroy_label,
.mpo_destroy_proc_label = mac_lomac_destroy_proc_label,
.mpo_destroy_syncache_label = mac_lomac_destroy_label,
diff --git a/sys/security/mac_mls/mac_mls.c b/sys/security/mac_mls/mac_mls.c
index e1cbc91..5169360 100644
--- a/sys/security/mac_mls/mac_mls.c
+++ b/sys/security/mac_mls/mac_mls.c
@@ -793,15 +793,13 @@ mac_mls_create_devfs_symlink(struct ucred *cred, struct mount *mp,
static void
mac_mls_create_mount(struct ucred *cred, struct mount *mp,
- struct label *mntlabel, struct label *fslabel)
+ struct label *mntlabel)
{
struct mac_mls *source, *dest;
source = SLOT(cred->cr_label);
dest = SLOT(mntlabel);
mac_mls_copy_effective(source, dest);
- dest = SLOT(fslabel);
- mac_mls_copy_effective(source, dest);
}
static void
@@ -830,7 +828,7 @@ mac_mls_update_devfsdirent(struct mount *mp,
}
static void
-mac_mls_associate_vnode_devfs(struct mount *mp, struct label *fslabel,
+mac_mls_associate_vnode_devfs(struct mount *mp, struct label *mntlabel,
struct devfs_dirent *de, struct label *delabel, struct vnode *vp,
struct label *vlabel)
{
@@ -843,13 +841,13 @@ mac_mls_associate_vnode_devfs(struct mount *mp, struct label *fslabel,
}
static int
-mac_mls_associate_vnode_extattr(struct mount *mp, struct label *fslabel,
+mac_mls_associate_vnode_extattr(struct mount *mp, struct label *mntlabel,
struct vnode *vp, struct label *vlabel)
{
struct mac_mls temp, *source, *dest;
int buflen, error;
- source = SLOT(fslabel);
+ source = SLOT(mntlabel);
dest = SLOT(vlabel);
buflen = sizeof(temp);
@@ -858,7 +856,7 @@ mac_mls_associate_vnode_extattr(struct mount *mp, struct label *fslabel,
error = vn_extattr_get(vp, IO_NODELOCKED, MAC_MLS_EXTATTR_NAMESPACE,
MAC_MLS_EXTATTR_NAME, &buflen, (char *) &temp, curthread);
if (error == ENOATTR || error == EOPNOTSUPP) {
- /* Fall back to the fslabel. */
+ /* Fall back to the mntlabel. */
mac_mls_copy_effective(source, dest);
return (0);
} else if (error)
@@ -884,11 +882,11 @@ mac_mls_associate_vnode_extattr(struct mount *mp, struct label *fslabel,
static void
mac_mls_associate_vnode_singlelabel(struct mount *mp,
- struct label *fslabel, struct vnode *vp, struct label *vlabel)
+ struct label *mntlabel, struct vnode *vp, struct label *vlabel)
{
struct mac_mls *source, *dest;
- source = SLOT(fslabel);
+ source = SLOT(mntlabel);
dest = SLOT(vlabel);
mac_mls_copy_effective(source, dest);
@@ -896,7 +894,7 @@ mac_mls_associate_vnode_singlelabel(struct mount *mp,
static int
mac_mls_create_vnode_extattr(struct ucred *cred, struct mount *mp,
- struct label *fslabel, struct vnode *dvp, struct label *dlabel,
+ struct label *mntlabel, struct vnode *dvp, struct label *dlabel,
struct vnode *vp, struct label *vlabel, struct componentname *cnp)
{
struct mac_mls *source, *dest, temp;
@@ -2882,7 +2880,6 @@ static struct mac_policy_ops mac_mls_ops =
.mpo_init_ipq_label = mac_mls_init_label_waitcheck,
.mpo_init_mbuf_label = mac_mls_init_label_waitcheck,
.mpo_init_mount_label = mac_mls_init_label,
- .mpo_init_mount_fs_label = mac_mls_init_label,
.mpo_init_pipe_label = mac_mls_init_label,
.mpo_init_posix_sem_label = mac_mls_init_label,
.mpo_init_socket_label = mac_mls_init_label_waitcheck,
@@ -2901,7 +2898,6 @@ static struct mac_policy_ops mac_mls_ops =
.mpo_destroy_ipq_label = mac_mls_destroy_label,
.mpo_destroy_mbuf_label = mac_mls_destroy_label,
.mpo_destroy_mount_label = mac_mls_destroy_label,
- .mpo_destroy_mount_fs_label = mac_mls_destroy_label,
.mpo_destroy_pipe_label = mac_mls_destroy_label,
.mpo_destroy_posix_sem_label = mac_mls_destroy_label,
.mpo_destroy_socket_label = mac_mls_destroy_label,
diff --git a/sys/security/mac_stub/mac_stub.c b/sys/security/mac_stub/mac_stub.c
index b06c02b..822dd36 100644
--- a/sys/security/mac_stub/mac_stub.c
+++ b/sys/security/mac_stub/mac_stub.c
@@ -163,7 +163,7 @@ stub_internalize_label(struct label *label, char *element_name,
* a lot like file system objects.
*/
static void
-stub_associate_vnode_devfs(struct mount *mp, struct label *fslabel,
+stub_associate_vnode_devfs(struct mount *mp, struct label *mntlabel,
struct devfs_dirent *de, struct label *delabel, struct vnode *vp,
struct label *vlabel)
{
@@ -171,7 +171,7 @@ stub_associate_vnode_devfs(struct mount *mp, struct label *fslabel,
}
static int
-stub_associate_vnode_extattr(struct mount *mp, struct label *fslabel,
+stub_associate_vnode_extattr(struct mount *mp, struct label *mntlabel,
struct vnode *vp, struct label *vlabel)
{
@@ -180,7 +180,7 @@ stub_associate_vnode_extattr(struct mount *mp, struct label *fslabel,
static void
stub_associate_vnode_singlelabel(struct mount *mp,
- struct label *fslabel, struct vnode *vp, struct label *vlabel)
+ struct label *mntlabel, struct vnode *vp, struct label *vlabel)
{
}
@@ -215,7 +215,7 @@ stub_create_devfs_symlink(struct ucred *cred, struct mount *mp,
static int
stub_create_vnode_extattr(struct ucred *cred, struct mount *mp,
- struct label *fslabel, struct vnode *dvp, struct label *dlabel,
+ struct label *mntlabel, struct vnode *dvp, struct label *dlabel,
struct vnode *vp, struct label *vlabel, struct componentname *cnp)
{
@@ -224,7 +224,7 @@ stub_create_vnode_extattr(struct ucred *cred, struct mount *mp,
static void
stub_create_mount(struct ucred *cred, struct mount *mp,
- struct label *mntlabel, struct label *fslabel)
+ struct label *mntlabel)
{
}
@@ -1447,7 +1447,6 @@ static struct mac_policy_ops mac_stub_ops =
.mpo_init_ipq_label = stub_init_label_waitcheck,
.mpo_init_mbuf_label = stub_init_label_waitcheck,
.mpo_init_mount_label = stub_init_label,
- .mpo_init_mount_fs_label = stub_init_label,
.mpo_init_pipe_label = stub_init_label,
.mpo_init_posix_sem_label = stub_init_label,
.mpo_init_socket_label = stub_init_label_waitcheck,
@@ -1465,7 +1464,6 @@ static struct mac_policy_ops mac_stub_ops =
.mpo_destroy_ipq_label = stub_destroy_label,
.mpo_destroy_mbuf_label = stub_destroy_label,
.mpo_destroy_mount_label = stub_destroy_label,
- .mpo_destroy_mount_fs_label = stub_destroy_label,
.mpo_destroy_pipe_label = stub_destroy_label,
.mpo_destroy_posix_sem_label = stub_destroy_label,
.mpo_destroy_socket_label = stub_destroy_label,
diff --git a/sys/security/mac_test/mac_test.c b/sys/security/mac_test/mac_test.c
index 5c53b15..c5493ff 100644
--- a/sys/security/mac_test/mac_test.c
+++ b/sys/security/mac_test/mac_test.c
@@ -268,15 +268,6 @@ mac_test_init_mount_label(struct label *label)
COUNTER_INC(init_mount_label);
}
-COUNTER_DECL(init_mount_fs_label);
-static void
-mac_test_init_mount_fs_label(struct label *label)
-{
-
- LABEL_INIT(label, MAGIC_MOUNT);
- COUNTER_INC(init_mount_fs_label);
-}
-
COUNTER_DECL(init_socket_label);
static int
mac_test_init_socket_label(struct label *label, int flag)
@@ -459,15 +450,6 @@ mac_test_destroy_mount_label(struct label *label)
COUNTER_INC(destroy_mount_label);
}
-COUNTER_DECL(destroy_mount_fs_label);
-static void
-mac_test_destroy_mount_fs_label(struct label *label)
-{
-
- LABEL_DESTROY(label, MAGIC_MOUNT);
- COUNTER_INC(destroy_mount_fs_label);
-}
-
COUNTER_DECL(destroy_socket_label);
static void
mac_test_destroy_socket_label(struct label *label)
@@ -612,12 +594,12 @@ mac_test_internalize_label(struct label *label, char *element_name,
*/
COUNTER_DECL(associate_vnode_devfs);
static void
-mac_test_associate_vnode_devfs(struct mount *mp, struct label *fslabel,
+mac_test_associate_vnode_devfs(struct mount *mp, struct label *mntlabel,
struct devfs_dirent *de, struct label *delabel, struct vnode *vp,
struct label *vlabel)
{
- LABEL_CHECK(fslabel, MAGIC_MOUNT);
+ LABEL_CHECK(mntlabel, MAGIC_MOUNT);
LABEL_CHECK(delabel, MAGIC_DEVFS);
LABEL_CHECK(vlabel, MAGIC_VNODE);
COUNTER_INC(associate_vnode_devfs);
@@ -625,11 +607,11 @@ mac_test_associate_vnode_devfs(struct mount *mp, struct label *fslabel,
COUNTER_DECL(associate_vnode_extattr);
static int
-mac_test_associate_vnode_extattr(struct mount *mp, struct label *fslabel,
+mac_test_associate_vnode_extattr(struct mount *mp, struct label *mntlabel,
struct vnode *vp, struct label *vlabel)
{
- LABEL_CHECK(fslabel, MAGIC_MOUNT);
+ LABEL_CHECK(mntlabel, MAGIC_MOUNT);
LABEL_CHECK(vlabel, MAGIC_VNODE);
COUNTER_INC(associate_vnode_extattr);
@@ -639,10 +621,10 @@ mac_test_associate_vnode_extattr(struct mount *mp, struct label *fslabel,
COUNTER_DECL(associate_vnode_singlelabel);
static void
mac_test_associate_vnode_singlelabel(struct mount *mp,
- struct label *fslabel, struct vnode *vp, struct label *vlabel)
+ struct label *mntlabel, struct vnode *vp, struct label *vlabel)
{
- LABEL_CHECK(fslabel, MAGIC_MOUNT);
+ LABEL_CHECK(mntlabel, MAGIC_MOUNT);
LABEL_CHECK(vlabel, MAGIC_VNODE);
COUNTER_INC(associate_vnode_singlelabel);
}
@@ -685,12 +667,12 @@ mac_test_create_devfs_symlink(struct ucred *cred, struct mount *mp,
COUNTER_DECL(create_vnode_extattr);
static int
mac_test_create_vnode_extattr(struct ucred *cred, struct mount *mp,
- struct label *fslabel, struct vnode *dvp, struct label *dlabel,
+ struct label *mntlabel, struct vnode *dvp, struct label *dlabel,
struct vnode *vp, struct label *vlabel, struct componentname *cnp)
{
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
- LABEL_CHECK(fslabel, MAGIC_MOUNT);
+ LABEL_CHECK(mntlabel, MAGIC_MOUNT);
LABEL_CHECK(dlabel, MAGIC_VNODE);
COUNTER_INC(create_vnode_extattr);
@@ -700,12 +682,11 @@ mac_test_create_vnode_extattr(struct ucred *cred, struct mount *mp,
COUNTER_DECL(create_mount);
static void
mac_test_create_mount(struct ucred *cred, struct mount *mp,
- struct label *mntlabel, struct label *fslabel)
+ struct label *mntlabel)
{
LABEL_CHECK(cred->cr_label, MAGIC_CRED);
LABEL_CHECK(mntlabel, MAGIC_MOUNT);
- LABEL_CHECK(fslabel, MAGIC_MOUNT);
COUNTER_INC(create_mount);
}
@@ -2490,7 +2471,6 @@ static struct mac_policy_ops mac_test_ops =
.mpo_init_ipq_label = mac_test_init_ipq_label,
.mpo_init_mbuf_label = mac_test_init_mbuf_label,
.mpo_init_mount_label = mac_test_init_mount_label,
- .mpo_init_mount_fs_label = mac_test_init_mount_fs_label,
.mpo_init_pipe_label = mac_test_init_pipe_label,
.mpo_init_posix_sem_label = mac_test_init_posix_sem_label,
.mpo_init_proc_label = mac_test_init_proc_label,
@@ -2510,7 +2490,6 @@ static struct mac_policy_ops mac_test_ops =
.mpo_destroy_ipq_label = mac_test_destroy_ipq_label,
.mpo_destroy_mbuf_label = mac_test_destroy_mbuf_label,
.mpo_destroy_mount_label = mac_test_destroy_mount_label,
- .mpo_destroy_mount_fs_label = mac_test_destroy_mount_fs_label,
.mpo_destroy_pipe_label = mac_test_destroy_pipe_label,
.mpo_destroy_posix_sem_label = mac_test_destroy_posix_sem_label,
.mpo_destroy_proc_label = mac_test_destroy_proc_label,
OpenPOWER on IntegriCloud