diff options
Diffstat (limited to 'sys')
-rw-r--r-- | sys/security/mac/mac_policy.h | 14 | ||||
-rw-r--r-- | sys/security/mac/mac_vfs.c | 44 | ||||
-rw-r--r-- | sys/security/mac_biba/mac_biba.c | 20 | ||||
-rw-r--r-- | sys/security/mac_lomac/mac_lomac.c | 20 | ||||
-rw-r--r-- | sys/security/mac_mls/mac_mls.c | 20 | ||||
-rw-r--r-- | sys/security/mac_stub/mac_stub.c | 12 | ||||
-rw-r--r-- | sys/security/mac_test/mac_test.c | 39 | ||||
-rw-r--r-- | sys/sys/mount.h | 3 |
8 files changed, 55 insertions, 117 deletions
diff --git a/sys/security/mac/mac_policy.h b/sys/security/mac/mac_policy.h index 451633f..77d3f98 100644 --- a/sys/security/mac/mac_policy.h +++ b/sys/security/mac/mac_policy.h @@ -127,7 +127,6 @@ typedef void (*mpo_init_sysv_shm_label_t)(struct label *label); typedef int (*mpo_init_ipq_label_t)(struct label *label, int flag); typedef int (*mpo_init_mbuf_label_t)(struct label *label, int flag); typedef void (*mpo_init_mount_label_t)(struct label *label); -typedef void (*mpo_init_mount_fs_label_t)(struct label *label); typedef int (*mpo_init_socket_label_t)(struct label *label, int flag); typedef int (*mpo_init_socket_peer_label_t)(struct label *label, int flag); @@ -147,7 +146,6 @@ typedef void (*mpo_destroy_sysv_shm_label_t)(struct label *label); typedef void (*mpo_destroy_ipq_label_t)(struct label *label); typedef void (*mpo_destroy_mbuf_label_t)(struct label *label); typedef void (*mpo_destroy_mount_label_t)(struct label *label); -typedef void (*mpo_destroy_mount_fs_label_t)(struct label *label); typedef void (*mpo_destroy_socket_label_t)(struct label *label); typedef void (*mpo_destroy_socket_peer_label_t)(struct label *label); typedef void (*mpo_destroy_pipe_label_t)(struct label *label); @@ -198,14 +196,14 @@ typedef int (*mpo_internalize_vnode_label_t)(struct label *label, * like file system objects. */ typedef void (*mpo_associate_vnode_devfs_t)(struct mount *mp, - struct label *fslabel, struct devfs_dirent *de, + struct label *mntlabel, struct devfs_dirent *de, struct label *delabel, struct vnode *vp, struct label *vlabel); typedef int (*mpo_associate_vnode_extattr_t)(struct mount *mp, - struct label *fslabel, struct vnode *vp, + struct label *mntlabel, struct vnode *vp, struct label *vlabel); typedef void (*mpo_associate_vnode_singlelabel_t)(struct mount *mp, - struct label *fslabel, struct vnode *vp, + struct label *mntlabel, struct vnode *vp, struct label *vlabel); typedef void (*mpo_create_devfs_device_t)(struct ucred *cred, struct mount *mp, struct cdev *dev, @@ -218,12 +216,12 @@ typedef void (*mpo_create_devfs_symlink_t)(struct ucred *cred, struct label *ddlabel, struct devfs_dirent *de, struct label *delabel); typedef int (*mpo_create_vnode_extattr_t)(struct ucred *cred, - struct mount *mp, struct label *fslabel, + struct mount *mp, struct label *mntlabel, struct vnode *dvp, struct label *dlabel, struct vnode *vp, struct label *vlabel, struct componentname *cnp); typedef void (*mpo_create_mount_t)(struct ucred *cred, struct mount *mp, - struct label *mntlabel, struct label *fslabel); + struct label *mntlabel); typedef void (*mpo_relabel_vnode_t)(struct ucred *cred, struct vnode *vp, struct label *vnodelabel, struct label *label); typedef int (*mpo_setlabel_vnode_extattr_t)(struct ucred *cred, @@ -645,7 +643,6 @@ struct mac_policy_ops { mpo_init_ipq_label_t mpo_init_ipq_label; mpo_init_mbuf_label_t mpo_init_mbuf_label; mpo_init_mount_label_t mpo_init_mount_label; - mpo_init_mount_fs_label_t mpo_init_mount_fs_label; mpo_init_socket_label_t mpo_init_socket_label; mpo_init_socket_peer_label_t mpo_init_socket_peer_label; mpo_init_pipe_label_t mpo_init_pipe_label; @@ -665,7 +662,6 @@ struct mac_policy_ops { mpo_destroy_ipq_label_t mpo_destroy_ipq_label; mpo_destroy_mbuf_label_t mpo_destroy_mbuf_label; mpo_destroy_mount_label_t mpo_destroy_mount_label; - mpo_destroy_mount_fs_label_t mpo_destroy_mount_fs_label; mpo_destroy_socket_label_t mpo_destroy_socket_label; mpo_destroy_socket_peer_label_t mpo_destroy_socket_peer_label; mpo_destroy_pipe_label_t mpo_destroy_pipe_label; diff --git a/sys/security/mac/mac_vfs.c b/sys/security/mac/mac_vfs.c index 9196779..c6726d2 100644 --- a/sys/security/mac/mac_vfs.c +++ b/sys/security/mac/mac_vfs.c @@ -2,7 +2,7 @@ * Copyright (c) 1999-2002 Robert N. M. Watson * Copyright (c) 2001 Ilmar S. Habibulin * Copyright (c) 2001-2005 McAfee, Inc. - * Copyright (c) 2005 SPARTA, Inc. + * Copyright (c) 2005-2006 SPARTA, Inc. * All rights reserved. * * This software was developed by Robert Watson and Ilmar Habibulin for the @@ -107,22 +107,11 @@ mac_mount_label_alloc(void) return (label); } -static struct label * -mac_mount_fs_label_alloc(void) -{ - struct label *label; - - label = mac_labelzone_alloc(M_WAITOK); - MAC_PERFORM(init_mount_fs_label, label); - return (label); -} - void mac_init_mount(struct mount *mp) { - mp->mnt_mntlabel = mac_mount_label_alloc(); - mp->mnt_fslabel = mac_mount_fs_label_alloc(); + mp->mnt_label = mac_mount_label_alloc(); } struct label * @@ -166,22 +155,12 @@ mac_mount_label_free(struct label *label) mac_labelzone_free(label); } -static void -mac_mount_fs_label_free(struct label *label) -{ - - MAC_PERFORM(destroy_mount_fs_label, label); - mac_labelzone_free(label); -} - void mac_destroy_mount(struct mount *mp) { - mac_mount_fs_label_free(mp->mnt_fslabel); - mp->mnt_fslabel = NULL; - mac_mount_label_free(mp->mnt_mntlabel); - mp->mnt_mntlabel = NULL; + mac_mount_label_free(mp->mnt_label); + mp->mnt_label = NULL; } void @@ -242,7 +221,7 @@ mac_associate_vnode_devfs(struct mount *mp, struct devfs_dirent *de, struct vnode *vp) { - MAC_PERFORM(associate_vnode_devfs, mp, mp->mnt_fslabel, de, + MAC_PERFORM(associate_vnode_devfs, mp, mp->mnt_label, de, de->de_label, vp, vp->v_label); } @@ -253,7 +232,7 @@ mac_associate_vnode_extattr(struct mount *mp, struct vnode *vp) ASSERT_VOP_LOCKED(vp, "mac_associate_vnode_extattr"); - MAC_CHECK(associate_vnode_extattr, mp, mp->mnt_fslabel, vp, + MAC_CHECK(associate_vnode_extattr, mp, mp->mnt_label, vp, vp->v_label); return (error); @@ -263,7 +242,7 @@ void mac_associate_vnode_singlelabel(struct mount *mp, struct vnode *vp) { - MAC_PERFORM(associate_vnode_singlelabel, mp, mp->mnt_fslabel, vp, + MAC_PERFORM(associate_vnode_singlelabel, mp, mp->mnt_label, vp, vp->v_label); } @@ -295,8 +274,8 @@ mac_create_vnode_extattr(struct ucred *cred, struct mount *mp, } else if (error) return (error); - MAC_CHECK(create_vnode_extattr, cred, mp, mp->mnt_fslabel, - dvp, dvp->v_label, vp, vp->v_label, cnp); + MAC_CHECK(create_vnode_extattr, cred, mp, mp->mnt_label, dvp, + dvp->v_label, vp, vp->v_label, cnp); if (error) { VOP_CLOSEEXTATTR(vp, 0, NOCRED, curthread); @@ -788,8 +767,7 @@ void mac_create_mount(struct ucred *cred, struct mount *mp) { - MAC_PERFORM(create_mount, cred, mp, mp->mnt_mntlabel, - mp->mnt_fslabel); + MAC_PERFORM(create_mount, cred, mp, mp->mnt_label); } int @@ -797,7 +775,7 @@ mac_check_mount_stat(struct ucred *cred, struct mount *mount) { int error; - MAC_CHECK(check_mount_stat, cred, mount, mount->mnt_mntlabel); + MAC_CHECK(check_mount_stat, cred, mount, mount->mnt_label); return (error); } diff --git a/sys/security/mac_biba/mac_biba.c b/sys/security/mac_biba/mac_biba.c index 30dbf79..663ea5b 100644 --- a/sys/security/mac_biba/mac_biba.c +++ b/sys/security/mac_biba/mac_biba.c @@ -829,15 +829,13 @@ mac_biba_create_devfs_symlink(struct ucred *cred, struct mount *mp, static void mac_biba_create_mount(struct ucred *cred, struct mount *mp, - struct label *mntlabel, struct label *fslabel) + struct label *mntlabel) { struct mac_biba *source, *dest; source = SLOT(cred->cr_label); dest = SLOT(mntlabel); mac_biba_copy_effective(source, dest); - dest = SLOT(fslabel); - mac_biba_copy_effective(source, dest); } static void @@ -866,7 +864,7 @@ mac_biba_update_devfsdirent(struct mount *mp, } static void -mac_biba_associate_vnode_devfs(struct mount *mp, struct label *fslabel, +mac_biba_associate_vnode_devfs(struct mount *mp, struct label *mntlabel, struct devfs_dirent *de, struct label *delabel, struct vnode *vp, struct label *vlabel) { @@ -879,13 +877,13 @@ mac_biba_associate_vnode_devfs(struct mount *mp, struct label *fslabel, } static int -mac_biba_associate_vnode_extattr(struct mount *mp, struct label *fslabel, +mac_biba_associate_vnode_extattr(struct mount *mp, struct label *mntlabel, struct vnode *vp, struct label *vlabel) { struct mac_biba temp, *source, *dest; int buflen, error; - source = SLOT(fslabel); + source = SLOT(mntlabel); dest = SLOT(vlabel); buflen = sizeof(temp); @@ -894,7 +892,7 @@ mac_biba_associate_vnode_extattr(struct mount *mp, struct label *fslabel, error = vn_extattr_get(vp, IO_NODELOCKED, MAC_BIBA_EXTATTR_NAMESPACE, MAC_BIBA_EXTATTR_NAME, &buflen, (char *) &temp, curthread); if (error == ENOATTR || error == EOPNOTSUPP) { - /* Fall back to the fslabel. */ + /* Fall back to the mntlabel. */ mac_biba_copy_effective(source, dest); return (0); } else if (error) @@ -920,11 +918,11 @@ mac_biba_associate_vnode_extattr(struct mount *mp, struct label *fslabel, static void mac_biba_associate_vnode_singlelabel(struct mount *mp, - struct label *fslabel, struct vnode *vp, struct label *vlabel) + struct label *mntlabel, struct vnode *vp, struct label *vlabel) { struct mac_biba *source, *dest; - source = SLOT(fslabel); + source = SLOT(mntlabel); dest = SLOT(vlabel); mac_biba_copy_effective(source, dest); @@ -932,7 +930,7 @@ mac_biba_associate_vnode_singlelabel(struct mount *mp, static int mac_biba_create_vnode_extattr(struct ucred *cred, struct mount *mp, - struct label *fslabel, struct vnode *dvp, struct label *dlabel, + struct label *mntlabel, struct vnode *dvp, struct label *dlabel, struct vnode *vp, struct label *vlabel, struct componentname *cnp) { struct mac_biba *source, *dest, temp; @@ -3258,7 +3256,6 @@ static struct mac_policy_ops mac_biba_ops = .mpo_init_ipq_label = mac_biba_init_label_waitcheck, .mpo_init_mbuf_label = mac_biba_init_label_waitcheck, .mpo_init_mount_label = mac_biba_init_label, - .mpo_init_mount_fs_label = mac_biba_init_label, .mpo_init_pipe_label = mac_biba_init_label, .mpo_init_posix_sem_label = mac_biba_init_label, .mpo_init_socket_label = mac_biba_init_label_waitcheck, @@ -3278,7 +3275,6 @@ static struct mac_policy_ops mac_biba_ops = .mpo_destroy_ipq_label = mac_biba_destroy_label, .mpo_destroy_mbuf_label = mac_biba_destroy_label, .mpo_destroy_mount_label = mac_biba_destroy_label, - .mpo_destroy_mount_fs_label = mac_biba_destroy_label, .mpo_destroy_pipe_label = mac_biba_destroy_label, .mpo_destroy_posix_sem_label = mac_biba_destroy_label, .mpo_destroy_socket_label = mac_biba_destroy_label, diff --git a/sys/security/mac_lomac/mac_lomac.c b/sys/security/mac_lomac/mac_lomac.c index c52cf70..c85ec2f 100644 --- a/sys/security/mac_lomac/mac_lomac.c +++ b/sys/security/mac_lomac/mac_lomac.c @@ -949,15 +949,13 @@ mac_lomac_create_devfs_symlink(struct ucred *cred, struct mount *mp, static void mac_lomac_create_mount(struct ucred *cred, struct mount *mp, - struct label *mntlabel, struct label *fslabel) + struct label *mntlabel) { struct mac_lomac *source, *dest; source = SLOT(cred->cr_label); dest = SLOT(mntlabel); mac_lomac_copy_single(source, dest); - dest = SLOT(fslabel); - mac_lomac_copy_single(source, dest); } static void @@ -986,7 +984,7 @@ mac_lomac_update_devfsdirent(struct mount *mp, } static void -mac_lomac_associate_vnode_devfs(struct mount *mp, struct label *fslabel, +mac_lomac_associate_vnode_devfs(struct mount *mp, struct label *mntlabel, struct devfs_dirent *de, struct label *delabel, struct vnode *vp, struct label *vlabel) { @@ -999,13 +997,13 @@ mac_lomac_associate_vnode_devfs(struct mount *mp, struct label *fslabel, } static int -mac_lomac_associate_vnode_extattr(struct mount *mp, struct label *fslabel, +mac_lomac_associate_vnode_extattr(struct mount *mp, struct label *mntlabel, struct vnode *vp, struct label *vlabel) { struct mac_lomac temp, *source, *dest; int buflen, error; - source = SLOT(fslabel); + source = SLOT(mntlabel); dest = SLOT(vlabel); buflen = sizeof(temp); @@ -1014,7 +1012,7 @@ mac_lomac_associate_vnode_extattr(struct mount *mp, struct label *fslabel, error = vn_extattr_get(vp, IO_NODELOCKED, MAC_LOMAC_EXTATTR_NAMESPACE, MAC_LOMAC_EXTATTR_NAME, &buflen, (char *)&temp, curthread); if (error == ENOATTR || error == EOPNOTSUPP) { - /* Fall back to the fslabel. */ + /* Fall back to the mntlabel. */ mac_lomac_copy_single(source, dest); return (0); } else if (error) @@ -1047,11 +1045,11 @@ mac_lomac_associate_vnode_extattr(struct mount *mp, struct label *fslabel, static void mac_lomac_associate_vnode_singlelabel(struct mount *mp, - struct label *fslabel, struct vnode *vp, struct label *vlabel) + struct label *mntlabel, struct vnode *vp, struct label *vlabel) { struct mac_lomac *source, *dest; - source = SLOT(fslabel); + source = SLOT(mntlabel); dest = SLOT(vlabel); mac_lomac_copy_single(source, dest); @@ -1059,7 +1057,7 @@ mac_lomac_associate_vnode_singlelabel(struct mount *mp, static int mac_lomac_create_vnode_extattr(struct ucred *cred, struct mount *mp, - struct label *fslabel, struct vnode *dvp, struct label *dlabel, + struct label *mntlabel, struct vnode *dvp, struct label *dlabel, struct vnode *vp, struct label *vlabel, struct componentname *cnp) { struct mac_lomac *source, *dest, *dir, temp; @@ -2833,7 +2831,6 @@ static struct mac_policy_ops mac_lomac_ops = .mpo_init_ipq_label = mac_lomac_init_label_waitcheck, .mpo_init_mbuf_label = mac_lomac_init_label_waitcheck, .mpo_init_mount_label = mac_lomac_init_label, - .mpo_init_mount_fs_label = mac_lomac_init_label, .mpo_init_pipe_label = mac_lomac_init_label, .mpo_init_proc_label = mac_lomac_init_proc_label, .mpo_init_socket_label = mac_lomac_init_label_waitcheck, @@ -2848,7 +2845,6 @@ static struct mac_policy_ops mac_lomac_ops = .mpo_destroy_ipq_label = mac_lomac_destroy_label, .mpo_destroy_mbuf_label = mac_lomac_destroy_label, .mpo_destroy_mount_label = mac_lomac_destroy_label, - .mpo_destroy_mount_fs_label = mac_lomac_destroy_label, .mpo_destroy_pipe_label = mac_lomac_destroy_label, .mpo_destroy_proc_label = mac_lomac_destroy_proc_label, .mpo_destroy_syncache_label = mac_lomac_destroy_label, diff --git a/sys/security/mac_mls/mac_mls.c b/sys/security/mac_mls/mac_mls.c index e1cbc91..5169360 100644 --- a/sys/security/mac_mls/mac_mls.c +++ b/sys/security/mac_mls/mac_mls.c @@ -793,15 +793,13 @@ mac_mls_create_devfs_symlink(struct ucred *cred, struct mount *mp, static void mac_mls_create_mount(struct ucred *cred, struct mount *mp, - struct label *mntlabel, struct label *fslabel) + struct label *mntlabel) { struct mac_mls *source, *dest; source = SLOT(cred->cr_label); dest = SLOT(mntlabel); mac_mls_copy_effective(source, dest); - dest = SLOT(fslabel); - mac_mls_copy_effective(source, dest); } static void @@ -830,7 +828,7 @@ mac_mls_update_devfsdirent(struct mount *mp, } static void -mac_mls_associate_vnode_devfs(struct mount *mp, struct label *fslabel, +mac_mls_associate_vnode_devfs(struct mount *mp, struct label *mntlabel, struct devfs_dirent *de, struct label *delabel, struct vnode *vp, struct label *vlabel) { @@ -843,13 +841,13 @@ mac_mls_associate_vnode_devfs(struct mount *mp, struct label *fslabel, } static int -mac_mls_associate_vnode_extattr(struct mount *mp, struct label *fslabel, +mac_mls_associate_vnode_extattr(struct mount *mp, struct label *mntlabel, struct vnode *vp, struct label *vlabel) { struct mac_mls temp, *source, *dest; int buflen, error; - source = SLOT(fslabel); + source = SLOT(mntlabel); dest = SLOT(vlabel); buflen = sizeof(temp); @@ -858,7 +856,7 @@ mac_mls_associate_vnode_extattr(struct mount *mp, struct label *fslabel, error = vn_extattr_get(vp, IO_NODELOCKED, MAC_MLS_EXTATTR_NAMESPACE, MAC_MLS_EXTATTR_NAME, &buflen, (char *) &temp, curthread); if (error == ENOATTR || error == EOPNOTSUPP) { - /* Fall back to the fslabel. */ + /* Fall back to the mntlabel. */ mac_mls_copy_effective(source, dest); return (0); } else if (error) @@ -884,11 +882,11 @@ mac_mls_associate_vnode_extattr(struct mount *mp, struct label *fslabel, static void mac_mls_associate_vnode_singlelabel(struct mount *mp, - struct label *fslabel, struct vnode *vp, struct label *vlabel) + struct label *mntlabel, struct vnode *vp, struct label *vlabel) { struct mac_mls *source, *dest; - source = SLOT(fslabel); + source = SLOT(mntlabel); dest = SLOT(vlabel); mac_mls_copy_effective(source, dest); @@ -896,7 +894,7 @@ mac_mls_associate_vnode_singlelabel(struct mount *mp, static int mac_mls_create_vnode_extattr(struct ucred *cred, struct mount *mp, - struct label *fslabel, struct vnode *dvp, struct label *dlabel, + struct label *mntlabel, struct vnode *dvp, struct label *dlabel, struct vnode *vp, struct label *vlabel, struct componentname *cnp) { struct mac_mls *source, *dest, temp; @@ -2882,7 +2880,6 @@ static struct mac_policy_ops mac_mls_ops = .mpo_init_ipq_label = mac_mls_init_label_waitcheck, .mpo_init_mbuf_label = mac_mls_init_label_waitcheck, .mpo_init_mount_label = mac_mls_init_label, - .mpo_init_mount_fs_label = mac_mls_init_label, .mpo_init_pipe_label = mac_mls_init_label, .mpo_init_posix_sem_label = mac_mls_init_label, .mpo_init_socket_label = mac_mls_init_label_waitcheck, @@ -2901,7 +2898,6 @@ static struct mac_policy_ops mac_mls_ops = .mpo_destroy_ipq_label = mac_mls_destroy_label, .mpo_destroy_mbuf_label = mac_mls_destroy_label, .mpo_destroy_mount_label = mac_mls_destroy_label, - .mpo_destroy_mount_fs_label = mac_mls_destroy_label, .mpo_destroy_pipe_label = mac_mls_destroy_label, .mpo_destroy_posix_sem_label = mac_mls_destroy_label, .mpo_destroy_socket_label = mac_mls_destroy_label, diff --git a/sys/security/mac_stub/mac_stub.c b/sys/security/mac_stub/mac_stub.c index b06c02b..822dd36 100644 --- a/sys/security/mac_stub/mac_stub.c +++ b/sys/security/mac_stub/mac_stub.c @@ -163,7 +163,7 @@ stub_internalize_label(struct label *label, char *element_name, * a lot like file system objects. */ static void -stub_associate_vnode_devfs(struct mount *mp, struct label *fslabel, +stub_associate_vnode_devfs(struct mount *mp, struct label *mntlabel, struct devfs_dirent *de, struct label *delabel, struct vnode *vp, struct label *vlabel) { @@ -171,7 +171,7 @@ stub_associate_vnode_devfs(struct mount *mp, struct label *fslabel, } static int -stub_associate_vnode_extattr(struct mount *mp, struct label *fslabel, +stub_associate_vnode_extattr(struct mount *mp, struct label *mntlabel, struct vnode *vp, struct label *vlabel) { @@ -180,7 +180,7 @@ stub_associate_vnode_extattr(struct mount *mp, struct label *fslabel, static void stub_associate_vnode_singlelabel(struct mount *mp, - struct label *fslabel, struct vnode *vp, struct label *vlabel) + struct label *mntlabel, struct vnode *vp, struct label *vlabel) { } @@ -215,7 +215,7 @@ stub_create_devfs_symlink(struct ucred *cred, struct mount *mp, static int stub_create_vnode_extattr(struct ucred *cred, struct mount *mp, - struct label *fslabel, struct vnode *dvp, struct label *dlabel, + struct label *mntlabel, struct vnode *dvp, struct label *dlabel, struct vnode *vp, struct label *vlabel, struct componentname *cnp) { @@ -224,7 +224,7 @@ stub_create_vnode_extattr(struct ucred *cred, struct mount *mp, static void stub_create_mount(struct ucred *cred, struct mount *mp, - struct label *mntlabel, struct label *fslabel) + struct label *mntlabel) { } @@ -1447,7 +1447,6 @@ static struct mac_policy_ops mac_stub_ops = .mpo_init_ipq_label = stub_init_label_waitcheck, .mpo_init_mbuf_label = stub_init_label_waitcheck, .mpo_init_mount_label = stub_init_label, - .mpo_init_mount_fs_label = stub_init_label, .mpo_init_pipe_label = stub_init_label, .mpo_init_posix_sem_label = stub_init_label, .mpo_init_socket_label = stub_init_label_waitcheck, @@ -1465,7 +1464,6 @@ static struct mac_policy_ops mac_stub_ops = .mpo_destroy_ipq_label = stub_destroy_label, .mpo_destroy_mbuf_label = stub_destroy_label, .mpo_destroy_mount_label = stub_destroy_label, - .mpo_destroy_mount_fs_label = stub_destroy_label, .mpo_destroy_pipe_label = stub_destroy_label, .mpo_destroy_posix_sem_label = stub_destroy_label, .mpo_destroy_socket_label = stub_destroy_label, diff --git a/sys/security/mac_test/mac_test.c b/sys/security/mac_test/mac_test.c index 5c53b15..c5493ff 100644 --- a/sys/security/mac_test/mac_test.c +++ b/sys/security/mac_test/mac_test.c @@ -268,15 +268,6 @@ mac_test_init_mount_label(struct label *label) COUNTER_INC(init_mount_label); } -COUNTER_DECL(init_mount_fs_label); -static void -mac_test_init_mount_fs_label(struct label *label) -{ - - LABEL_INIT(label, MAGIC_MOUNT); - COUNTER_INC(init_mount_fs_label); -} - COUNTER_DECL(init_socket_label); static int mac_test_init_socket_label(struct label *label, int flag) @@ -459,15 +450,6 @@ mac_test_destroy_mount_label(struct label *label) COUNTER_INC(destroy_mount_label); } -COUNTER_DECL(destroy_mount_fs_label); -static void -mac_test_destroy_mount_fs_label(struct label *label) -{ - - LABEL_DESTROY(label, MAGIC_MOUNT); - COUNTER_INC(destroy_mount_fs_label); -} - COUNTER_DECL(destroy_socket_label); static void mac_test_destroy_socket_label(struct label *label) @@ -612,12 +594,12 @@ mac_test_internalize_label(struct label *label, char *element_name, */ COUNTER_DECL(associate_vnode_devfs); static void -mac_test_associate_vnode_devfs(struct mount *mp, struct label *fslabel, +mac_test_associate_vnode_devfs(struct mount *mp, struct label *mntlabel, struct devfs_dirent *de, struct label *delabel, struct vnode *vp, struct label *vlabel) { - LABEL_CHECK(fslabel, MAGIC_MOUNT); + LABEL_CHECK(mntlabel, MAGIC_MOUNT); LABEL_CHECK(delabel, MAGIC_DEVFS); LABEL_CHECK(vlabel, MAGIC_VNODE); COUNTER_INC(associate_vnode_devfs); @@ -625,11 +607,11 @@ mac_test_associate_vnode_devfs(struct mount *mp, struct label *fslabel, COUNTER_DECL(associate_vnode_extattr); static int -mac_test_associate_vnode_extattr(struct mount *mp, struct label *fslabel, +mac_test_associate_vnode_extattr(struct mount *mp, struct label *mntlabel, struct vnode *vp, struct label *vlabel) { - LABEL_CHECK(fslabel, MAGIC_MOUNT); + LABEL_CHECK(mntlabel, MAGIC_MOUNT); LABEL_CHECK(vlabel, MAGIC_VNODE); COUNTER_INC(associate_vnode_extattr); @@ -639,10 +621,10 @@ mac_test_associate_vnode_extattr(struct mount *mp, struct label *fslabel, COUNTER_DECL(associate_vnode_singlelabel); static void mac_test_associate_vnode_singlelabel(struct mount *mp, - struct label *fslabel, struct vnode *vp, struct label *vlabel) + struct label *mntlabel, struct vnode *vp, struct label *vlabel) { - LABEL_CHECK(fslabel, MAGIC_MOUNT); + LABEL_CHECK(mntlabel, MAGIC_MOUNT); LABEL_CHECK(vlabel, MAGIC_VNODE); COUNTER_INC(associate_vnode_singlelabel); } @@ -685,12 +667,12 @@ mac_test_create_devfs_symlink(struct ucred *cred, struct mount *mp, COUNTER_DECL(create_vnode_extattr); static int mac_test_create_vnode_extattr(struct ucred *cred, struct mount *mp, - struct label *fslabel, struct vnode *dvp, struct label *dlabel, + struct label *mntlabel, struct vnode *dvp, struct label *dlabel, struct vnode *vp, struct label *vlabel, struct componentname *cnp) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(fslabel, MAGIC_MOUNT); + LABEL_CHECK(mntlabel, MAGIC_MOUNT); LABEL_CHECK(dlabel, MAGIC_VNODE); COUNTER_INC(create_vnode_extattr); @@ -700,12 +682,11 @@ mac_test_create_vnode_extattr(struct ucred *cred, struct mount *mp, COUNTER_DECL(create_mount); static void mac_test_create_mount(struct ucred *cred, struct mount *mp, - struct label *mntlabel, struct label *fslabel) + struct label *mntlabel) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); LABEL_CHECK(mntlabel, MAGIC_MOUNT); - LABEL_CHECK(fslabel, MAGIC_MOUNT); COUNTER_INC(create_mount); } @@ -2490,7 +2471,6 @@ static struct mac_policy_ops mac_test_ops = .mpo_init_ipq_label = mac_test_init_ipq_label, .mpo_init_mbuf_label = mac_test_init_mbuf_label, .mpo_init_mount_label = mac_test_init_mount_label, - .mpo_init_mount_fs_label = mac_test_init_mount_fs_label, .mpo_init_pipe_label = mac_test_init_pipe_label, .mpo_init_posix_sem_label = mac_test_init_posix_sem_label, .mpo_init_proc_label = mac_test_init_proc_label, @@ -2510,7 +2490,6 @@ static struct mac_policy_ops mac_test_ops = .mpo_destroy_ipq_label = mac_test_destroy_ipq_label, .mpo_destroy_mbuf_label = mac_test_destroy_mbuf_label, .mpo_destroy_mount_label = mac_test_destroy_mount_label, - .mpo_destroy_mount_fs_label = mac_test_destroy_mount_fs_label, .mpo_destroy_pipe_label = mac_test_destroy_pipe_label, .mpo_destroy_posix_sem_label = mac_test_destroy_posix_sem_label, .mpo_destroy_proc_label = mac_test_destroy_proc_label, diff --git a/sys/sys/mount.h b/sys/sys/mount.h index 9b76c1b..6eeb5dd 100644 --- a/sys/sys/mount.h +++ b/sys/sys/mount.h @@ -168,8 +168,7 @@ struct mount { time_t mnt_time; /* last time written*/ int mnt_iosize_max; /* max size for clusters, etc */ struct netexport *mnt_export; /* export list */ - struct label *mnt_mntlabel; /* MAC label for the mount */ - struct label *mnt_fslabel; /* MAC label for the fs */ + struct label *mnt_label; /* MAC label for the fs */ u_int mnt_hashseed; /* Random seed for vfs_hash */ int mnt_markercnt; /* marker vnodes in use */ int mnt_holdcnt; /* hold count */ |