From 94fbc001c8703dcde08373077f205386188204a9 Mon Sep 17 00:00:00 2001 From: rwatson Date: Thu, 25 Oct 2007 07:49:47 +0000 Subject: Further MAC Framework cleanup: normalize some local variable names and clean up some comments. Obtained from: TrustedBSD Project --- sys/security/mac/mac_framework.h | 4 ++-- sys/security/mac/mac_policy.h | 6 +++--- sys/security/mac/mac_vfs.c | 33 +++++++++++++++++---------------- sys/security/mac_lomac/mac_lomac.c | 8 ++++---- sys/security/mac_stub/mac_stub.c | 10 +++++----- sys/security/mac_test/mac_test.c | 36 ++++++++++++++++++------------------ 6 files changed, 49 insertions(+), 48 deletions(-) (limited to 'sys/security') diff --git a/sys/security/mac/mac_framework.h b/sys/security/mac/mac_framework.h index a00b90f..44ee79f 100644 --- a/sys/security/mac/mac_framework.h +++ b/sys/security/mac/mac_framework.h @@ -218,9 +218,9 @@ int mac_execve_enter(struct image_params *imgp, struct mac *mac_p); void mac_execve_exit(struct image_params *imgp); void mac_vnode_execve_transition(struct ucred *oldcred, struct ucred *newcred, struct vnode *vp, - struct label *interpvnodelabel, struct image_params *imgp); + struct label *interpvplabel, struct image_params *imgp); int mac_vnode_execve_will_transition(struct ucred *cred, - struct vnode *vp, struct label *interpvnodelabel, + struct vnode *vp, struct label *interpvplabel, struct image_params *imgp); void mac_proc_create_swapper(struct ucred *cred); void mac_proc_create_init(struct ucred *cred); diff --git a/sys/security/mac/mac_policy.h b/sys/security/mac/mac_policy.h index 5106d94..2ff8c83 100644 --- a/sys/security/mac/mac_policy.h +++ b/sys/security/mac/mac_policy.h @@ -339,12 +339,12 @@ typedef void (*mpo_create_mbuf_from_syncache_t)(struct label *sc_label, */ typedef void (*mpo_vnode_execve_transition_t)(struct ucred *old, struct ucred *new, struct vnode *vp, - struct label *vplabel, struct label *interpvnodelabel, + struct label *vplabel, struct label *interpvplabel, struct image_params *imgp, struct label *execlabel); typedef int (*mpo_vnode_execve_will_transition_t)(struct ucred *old, struct vnode *vp, struct label *vplabel, - struct label *interpvnodelabel, - struct image_params *imgp, struct label *execlabel); + struct label *interpvplabel, struct image_params *imgp, + struct label *execlabel); typedef void (*mpo_proc_create_swapper_t)(struct ucred *cred); typedef void (*mpo_proc_create_init_t)(struct ucred *cred); typedef void (*mpo_cred_relabel_t)(struct ucred *cred, diff --git a/sys/security/mac/mac_vfs.c b/sys/security/mac/mac_vfs.c index d6546f6..85af045 100644 --- a/sys/security/mac/mac_vfs.c +++ b/sys/security/mac/mac_vfs.c @@ -321,19 +321,18 @@ mac_vnode_setlabel_extattr(struct ucred *cred, struct vnode *vp, void mac_vnode_execve_transition(struct ucred *old, struct ucred *new, - struct vnode *vp, struct label *interpvnodelabel, - struct image_params *imgp) + struct vnode *vp, struct label *interpvplabel, struct image_params *imgp) { ASSERT_VOP_LOCKED(vp, "mac_vnode_execve_transition"); MAC_PERFORM(vnode_execve_transition, old, new, vp, vp->v_label, - interpvnodelabel, imgp, imgp->execlabel); + interpvplabel, imgp, imgp->execlabel); } int mac_vnode_execve_will_transition(struct ucred *old, struct vnode *vp, - struct label *interpvnodelabel, struct image_params *imgp) + struct label *interpvplabel, struct image_params *imgp) { int result; @@ -341,7 +340,7 @@ mac_vnode_execve_will_transition(struct ucred *old, struct vnode *vp, result = 0; MAC_BOOLEAN(vnode_execve_will_transition, ||, old, vp, vp->v_label, - interpvnodelabel, imgp, imgp->execlabel); + interpvplabel, imgp, imgp->execlabel); return (result); } @@ -494,8 +493,8 @@ mac_vnode_check_lookup(struct ucred *cred, struct vnode *dvp, } int -mac_vnode_check_mmap(struct ucred *cred, struct vnode *vp, - int prot, int flags) +mac_vnode_check_mmap(struct ucred *cred, struct vnode *vp, int prot, + int flags) { int error; @@ -506,7 +505,8 @@ mac_vnode_check_mmap(struct ucred *cred, struct vnode *vp, } void -mac_vnode_check_mmap_downgrade(struct ucred *cred, struct vnode *vp, int *prot) +mac_vnode_check_mmap_downgrade(struct ucred *cred, struct vnode *vp, + int *prot) { int result = *prot; @@ -728,8 +728,8 @@ mac_vnode_check_stat(struct ucred *active_cred, struct ucred *file_cred, } int -mac_vnode_check_unlink(struct ucred *cred, struct vnode *dvp, struct vnode *vp, - struct componentname *cnp) +mac_vnode_check_unlink(struct ucred *cred, struct vnode *dvp, + struct vnode *vp, struct componentname *cnp) { int error; @@ -756,7 +756,8 @@ mac_vnode_check_write(struct ucred *active_cred, struct ucred *file_cred, } void -mac_vnode_relabel(struct ucred *cred, struct vnode *vp, struct label *newlabel) +mac_vnode_relabel(struct ucred *cred, struct vnode *vp, + struct label *newlabel) { MAC_PERFORM(vnode_relabel, cred, vp, vp->v_label, newlabel); @@ -806,9 +807,9 @@ mac_devfs_create_directory(struct mount *mp, char *dirname, int dirnamelen, } /* - * Implementation of VOP_SETLABEL() that relies on extended attributes - * to store label data. Can be referenced by filesystems supporting - * extended attributes. + * Implementation of VOP_SETLABEL() that relies on extended attributes to + * store label data. Can be referenced by filesystems supporting extended + * attributes. */ int vop_stdsetlabel_ea(struct vop_setlabel_args *ap) @@ -862,8 +863,8 @@ vn_setlabel(struct vnode *vp, struct label *intlabel, struct ucred *cred) * VADMIN provides the opportunity for the filesystem to make * decisions about who is and is not able to modify labels and * protections on files. This might not be right. We can't assume - * VOP_SETLABEL() will do it, because we might implement that as - * part of vop_stdsetlabel_ea(). + * VOP_SETLABEL() will do it, because we might implement that as part + * of vop_stdsetlabel_ea(). */ error = VOP_ACCESS(vp, VADMIN, cred, curthread); if (error) diff --git a/sys/security/mac_lomac/mac_lomac.c b/sys/security/mac_lomac/mac_lomac.c index 8b44a09..e66cfe9 100644 --- a/sys/security/mac_lomac/mac_lomac.c +++ b/sys/security/mac_lomac/mac_lomac.c @@ -1483,7 +1483,7 @@ mac_lomac_mbuf_create_from_firewall(struct mbuf *m, struct label *mlabel) */ static void mac_lomac_vnode_execve_transition(struct ucred *old, struct ucred *new, - struct vnode *vp, struct label *vplabel, struct label *interpvnodelabel, + struct vnode *vp, struct label *vplabel, struct label *interpvplabel, struct image_params *imgp, struct label *execlabel) { struct mac_lomac *source, *dest, *obj, *robj; @@ -1491,7 +1491,7 @@ mac_lomac_vnode_execve_transition(struct ucred *old, struct ucred *new, source = SLOT(old->cr_label); dest = SLOT(new->cr_label); obj = SLOT(vplabel); - robj = interpvnodelabel != NULL ? SLOT(interpvnodelabel) : obj; + robj = interpvplabel != NULL ? SLOT(interpvplabel) : obj; mac_lomac_copy(source, dest); /* @@ -1519,7 +1519,7 @@ mac_lomac_vnode_execve_transition(struct ucred *old, struct ucred *new, static int mac_lomac_vnode_execve_will_transition(struct ucred *old, struct vnode *vp, - struct label *vplabel, struct label *interpvnodelabel, + struct label *vplabel, struct label *interpvplabel, struct image_params *imgp, struct label *execlabel) { struct mac_lomac *subj, *obj, *robj; @@ -1529,7 +1529,7 @@ mac_lomac_vnode_execve_will_transition(struct ucred *old, struct vnode *vp, subj = SLOT(old->cr_label); obj = SLOT(vplabel); - robj = interpvnodelabel != NULL ? SLOT(interpvnodelabel) : obj; + robj = interpvplabel != NULL ? SLOT(interpvplabel) : obj; return ((robj->ml_flags & MAC_LOMAC_FLAG_AUX && !mac_lomac_dominate_element(&robj->ml_auxsingle, &subj->ml_single) diff --git a/sys/security/mac_stub/mac_stub.c b/sys/security/mac_stub/mac_stub.c index 56a0953..584053b 100644 --- a/sys/security/mac_stub/mac_stub.c +++ b/sys/security/mac_stub/mac_stub.c @@ -179,8 +179,8 @@ stub_vnode_associate_extattr(struct mount *mp, struct label *mplabel, } static void -stub_vnode_associate_singlelabel(struct mount *mp, - struct label *mplabel, struct vnode *vp, struct label *vplabel) +stub_vnode_associate_singlelabel(struct mount *mp, struct label *mplabel, + struct vnode *vp, struct label *vplabel) { } @@ -411,7 +411,7 @@ stub_create_mbuf_from_syncache(struct label *sc_label, struct mbuf *m, } static void -stub_create_mbuf_linklayer(struct ifnet *ifnet, struct label *ifnetlabel, +stub_create_mbuf_linklayer(struct ifnet *ifp, struct label *iflpabel, struct mbuf *m, struct label *mlabel) { @@ -498,7 +498,7 @@ stub_inpcb_sosetlabel(struct socket *so, struct label *solabel, */ static void stub_vnode_execve_transition(struct ucred *old, struct ucred *new, - struct vnode *vp, struct label *vplabel, struct label *interpvnodelabel, + struct vnode *vp, struct label *vplabel, struct label *interpvplabel, struct image_params *imgp, struct label *execlabel) { @@ -506,7 +506,7 @@ stub_vnode_execve_transition(struct ucred *old, struct ucred *new, static int stub_vnode_execve_will_transition(struct ucred *old, struct vnode *vp, - struct label *vplabel, struct label *interpvnodelabel, + struct label *vplabel, struct label *interpvplabel, struct image_params *imgp, struct label *execlabel) { diff --git a/sys/security/mac_test/mac_test.c b/sys/security/mac_test/mac_test.c index c7eaaad..944fb8b 100644 --- a/sys/security/mac_test/mac_test.c +++ b/sys/security/mac_test/mac_test.c @@ -874,10 +874,10 @@ mac_test_netinet_fragment(struct mbuf *datagram, struct label *datagramlabel, COUNTER_DECL(ifnet_create); static void -mac_test_ifnet_create(struct ifnet *ifnet, struct label *ifnetlabel) +mac_test_ifnet_create(struct ifnet *ifp, struct label *ifplabel) { - LABEL_CHECK(ifnetlabel, MAGIC_IFNET); + LABEL_CHECK(ifplabel, MAGIC_IFNET); COUNTER_INC(ifnet_create); } @@ -957,11 +957,11 @@ mac_test_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel, COUNTER_DECL(create_mbuf_linklayer); static void -mac_test_create_mbuf_linklayer(struct ifnet *ifnet, struct label *ifnetlabel, +mac_test_create_mbuf_linklayer(struct ifnet *ifp, struct label *ifplabel, struct mbuf *mbuf, struct label *mbuflabel) { - LABEL_CHECK(ifnetlabel, MAGIC_IFNET); + LABEL_CHECK(ifplabel, MAGIC_IFNET); LABEL_CHECK(mbuflabel, MAGIC_MBUF); COUNTER_INC(create_mbuf_linklayer); } @@ -979,11 +979,11 @@ mac_test_bpfdesc_create_mbuf(struct bpf_d *bpf_d, struct label *bpflabel, COUNTER_DECL(ifnet_create_mbuf); static void -mac_test_ifnet_create_mbuf(struct ifnet *ifnet, struct label *ifnetlabel, +mac_test_ifnet_create_mbuf(struct ifnet *ifp, struct label *ifplabel, struct mbuf *m, struct label *mbuflabel) { - LABEL_CHECK(ifnetlabel, MAGIC_IFNET); + LABEL_CHECK(ifplabel, MAGIC_IFNET); LABEL_CHECK(mbuflabel, MAGIC_MBUF); COUNTER_INC(ifnet_create_mbuf); } @@ -991,12 +991,12 @@ mac_test_ifnet_create_mbuf(struct ifnet *ifnet, struct label *ifnetlabel, COUNTER_DECL(mbuf_create_multicast_encap); static void mac_test_mbuf_create_multicast_encap(struct mbuf *oldmbuf, - struct label *oldmbuflabel, struct ifnet *ifnet, struct label *ifnetlabel, + struct label *oldmbuflabel, struct ifnet *ifp, struct label *ifplabel, struct mbuf *newmbuf, struct label *newmbuflabel) { LABEL_CHECK(oldmbuflabel, MAGIC_MBUF); - LABEL_CHECK(ifnetlabel, MAGIC_IFNET); + LABEL_CHECK(ifplabel, MAGIC_IFNET); LABEL_CHECK(newmbuflabel, MAGIC_MBUF); COUNTER_INC(mbuf_create_multicast_encap); } @@ -1046,12 +1046,12 @@ mac_test_netinet_tcp_reply(struct mbuf *m, struct label *mlabel) COUNTER_DECL(ifnet_relabel); static void -mac_test_ifnet_relabel(struct ucred *cred, struct ifnet *ifnet, - struct label *ifnetlabel, struct label *newlabel) +mac_test_ifnet_relabel(struct ucred *cred, struct ifnet *ifp, + struct label *ifplabel, struct label *newlabel) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(ifnetlabel, MAGIC_IFNET); + LABEL_CHECK(ifplabel, MAGIC_IFNET); LABEL_CHECK(newlabel, MAGIC_IFNET); COUNTER_INC(ifnet_relabel); } @@ -1194,11 +1194,11 @@ mac_test_sysvshm_cleanup(struct label *shmlabel) COUNTER_DECL(bpfdesc_check_receive); static int mac_test_bpfdesc_check_receive(struct bpf_d *bpf_d, struct label *bpflabel, - struct ifnet *ifnet, struct label *ifnetlabel) + struct ifnet *ifp, struct label *ifplabel) { LABEL_CHECK(bpflabel, MAGIC_BPF); - LABEL_CHECK(ifnetlabel, MAGIC_IFNET); + LABEL_CHECK(ifplabel, MAGIC_IFNET); COUNTER_INC(bpfdesc_check_receive); return (0); @@ -1230,12 +1230,12 @@ mac_test_cred_check_visible(struct ucred *u1, struct ucred *u2) COUNTER_DECL(ifnet_check_relabel); static int -mac_test_ifnet_check_relabel(struct ucred *cred, struct ifnet *ifnet, - struct label *ifnetlabel, struct label *newlabel) +mac_test_ifnet_check_relabel(struct ucred *cred, struct ifnet *ifp, + struct label *ifplabel, struct label *newlabel) { LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(ifnetlabel, MAGIC_IFNET); + LABEL_CHECK(ifplabel, MAGIC_IFNET); LABEL_CHECK(newlabel, MAGIC_IFNET); COUNTER_INC(ifnet_check_relabel); @@ -1244,11 +1244,11 @@ mac_test_ifnet_check_relabel(struct ucred *cred, struct ifnet *ifnet, COUNTER_DECL(ifnet_check_transmit); static int -mac_test_ifnet_check_transmit(struct ifnet *ifnet, struct label *ifnetlabel, +mac_test_ifnet_check_transmit(struct ifnet *ifp, struct label *ifplabel, struct mbuf *m, struct label *mbuflabel) { - LABEL_CHECK(ifnetlabel, MAGIC_IFNET); + LABEL_CHECK(ifplabel, MAGIC_IFNET); LABEL_CHECK(mbuflabel, MAGIC_MBUF); COUNTER_INC(ifnet_check_transmit); -- cgit v1.1