From ad62572aa21437e0754d7906c261abed08a373dd Mon Sep 17 00:00:00 2001 From: rwatson Date: Thu, 25 Oct 2007 14:37:37 +0000 Subject: Normalize TCP syncache-related MAC Framework entry points to match most other entry points in the form mac__method(). Discussed with: csjp Obtained from: TrustedBSD Project --- sys/netinet/tcp_syncache.c | 12 ++++++------ sys/security/mac/mac_framework.h | 8 ++++---- sys/security/mac/mac_inet.c | 16 ++++++++-------- sys/security/mac/mac_policy.h | 16 ++++++++-------- sys/security/mac_biba/mac_biba.c | 12 ++++++------ sys/security/mac_lomac/mac_lomac.c | 12 ++++++------ sys/security/mac_mls/mac_mls.c | 12 ++++++------ sys/security/mac_stub/mac_stub.c | 12 ++++++------ 8 files changed, 50 insertions(+), 50 deletions(-) (limited to 'sys') diff --git a/sys/netinet/tcp_syncache.c b/sys/netinet/tcp_syncache.c index 430640a..738d8e7 100644 --- a/sys/netinet/tcp_syncache.c +++ b/sys/netinet/tcp_syncache.c @@ -250,7 +250,7 @@ syncache_free(struct syncache *sc) if (sc->sc_ipopts) (void) m_free(sc->sc_ipopts); #ifdef MAC - mac_destroy_syncache(&sc->sc_label); + mac_syncache_destroy(&sc->sc_label); #endif uma_zfree(tcp_syncache.zone, sc); @@ -995,12 +995,12 @@ syncache_add(struct in_conninfo *inc, struct tcpopt *to, struct tcphdr *th, tp = NULL; #ifdef MAC - if (mac_init_syncache(&maclabel) != 0) { + if (mac_syncache_init(&maclabel) != 0) { INP_UNLOCK(inp); INP_INFO_WUNLOCK(&tcbinfo); goto done; } else - mac_init_syncache_from_inpcb(maclabel, inp); + mac_syncache_create(maclabel, inp); #endif INP_UNLOCK(inp); INP_INFO_WUNLOCK(&tcbinfo); @@ -1051,7 +1051,7 @@ syncache_add(struct in_conninfo *inc, struct tcpopt *to, struct tcphdr *th, * storage, free it up. The syncache entry will already * have an initialized label we can use. */ - mac_destroy_syncache(&maclabel); + mac_syncache_destroy(&maclabel); KASSERT(sc->sc_label != NULL, ("%s: label not initialized", __func__)); #endif @@ -1219,7 +1219,7 @@ syncache_add(struct in_conninfo *inc, struct tcpopt *to, struct tcphdr *th, done: #ifdef MAC if (sc == &scs) - mac_destroy_syncache(&maclabel); + mac_syncache_destroy(&maclabel); #endif *lsop = NULL; m_freem(m); @@ -1260,7 +1260,7 @@ syncache_respond(struct syncache *sc) if (m == NULL) return (ENOBUFS); #ifdef MAC - mac_create_mbuf_from_syncache(sc->sc_label, m); + mac_syncache_create_mbuf(sc->sc_label, m); #endif m->m_data += max_linkhdr; m->m_len = tlen; diff --git a/sys/security/mac/mac_framework.h b/sys/security/mac/mac_framework.h index 098d503..c3c0b1e 100644 --- a/sys/security/mac/mac_framework.h +++ b/sys/security/mac/mac_framework.h @@ -205,10 +205,10 @@ void mac_netinet_tcp_reply(struct mbuf *m); void mac_ipq_update(struct mbuf *m, struct ipq *ipq); void mac_inpcb_sosetlabel(struct socket *so, struct inpcb *inp); void mac_mbuf_create_from_firewall(struct mbuf *m); -void mac_destroy_syncache(struct label **l); -int mac_init_syncache(struct label **l); -void mac_init_syncache_from_inpcb(struct label *l, struct inpcb *inp); -void mac_create_mbuf_from_syncache(struct label *l, struct mbuf *m); +void mac_syncache_destroy(struct label **l); +int mac_syncache_init(struct label **l); +void mac_syncache_create(struct label *l, struct inpcb *inp); +void mac_syncache_create_mbuf(struct label *l, struct mbuf *m); /* * Labeling event operations: processes. diff --git a/sys/security/mac/mac_inet.c b/sys/security/mac/mac_inet.c index 001be116..c5f6403 100644 --- a/sys/security/mac/mac_inet.c +++ b/sys/security/mac/mac_inet.c @@ -295,16 +295,16 @@ mac_mbuf_create_from_firewall(struct mbuf *m) * the syncache code might create. */ void -mac_destroy_syncache(struct label **label) +mac_syncache_destroy(struct label **label) { - MAC_PERFORM(destroy_syncache_label, *label); + MAC_PERFORM(syncache_destroy_label, *label); mac_labelzone_free(*label); *label = NULL; } int -mac_init_syncache(struct label **label) +mac_syncache_init(struct label **label) { int error; @@ -317,24 +317,24 @@ mac_init_syncache(struct label **label) * MAC_CHECK instead of the typical MAC_PERFORM so we can propagate * allocation failures back to the syncache code. */ - MAC_CHECK(init_syncache_label, *label, M_NOWAIT); + MAC_CHECK(syncache_init_label, *label, M_NOWAIT); return (error); } void -mac_init_syncache_from_inpcb(struct label *label, struct inpcb *inp) +mac_syncache_create(struct label *label, struct inpcb *inp) { INP_LOCK_ASSERT(inp); - MAC_PERFORM(init_syncache_from_inpcb, label, inp); + MAC_PERFORM(syncache_create, label, inp); } void -mac_create_mbuf_from_syncache(struct label *sc_label, struct mbuf *m) +mac_syncache_create_mbuf(struct label *sc_label, struct mbuf *m) { struct label *mlabel; M_ASSERTPKTHDR(m); mlabel = mac_mbuf_to_label(m); - MAC_PERFORM(create_mbuf_from_syncache, sc_label, m, mlabel); + MAC_PERFORM(syncache_create_mbuf, sc_label, m, mlabel); } diff --git a/sys/security/mac/mac_policy.h b/sys/security/mac/mac_policy.h index a4eff3d..0cf8c87 100644 --- a/sys/security/mac/mac_policy.h +++ b/sys/security/mac/mac_policy.h @@ -328,11 +328,11 @@ typedef void (*mpo_inpcb_sosetlabel_t)(struct socket *so, typedef void (*mpo_mbuf_create_from_firewall_t)(struct mbuf *m, struct label *label); -typedef void (*mpo_destroy_syncache_label_t)(struct label *label); -typedef int (*mpo_init_syncache_label_t)(struct label *label, int flag); -typedef void (*mpo_init_syncache_from_inpcb_t)(struct label *label, +typedef void (*mpo_syncache_destroy_label_t)(struct label *label); +typedef int (*mpo_syncache_init_label_t)(struct label *label, int flag); +typedef void (*mpo_syncache_create_t)(struct label *label, struct inpcb *inp); -typedef void (*mpo_create_mbuf_from_syncache_t)(struct label *sc_label, +typedef void (*mpo_syncache_create_mbuf_t)(struct label *sc_label, struct mbuf *m, struct label *mlabel); /* * Labeling event operations: processes. @@ -900,10 +900,10 @@ struct mac_policy_ops { mpo_vnode_check_unlink_t mpo_vnode_check_unlink; mpo_vnode_check_write_t mpo_vnode_check_write; mpo_mbuf_create_from_firewall_t mpo_mbuf_create_from_firewall; - mpo_init_syncache_label_t mpo_init_syncache_label; - mpo_destroy_syncache_label_t mpo_destroy_syncache_label; - mpo_init_syncache_from_inpcb_t mpo_init_syncache_from_inpcb; - mpo_create_mbuf_from_syncache_t mpo_create_mbuf_from_syncache; + mpo_syncache_init_label_t mpo_syncache_init_label; + mpo_syncache_destroy_label_t mpo_syncache_destroy_label; + mpo_syncache_create_t mpo_syncache_create; + mpo_syncache_create_mbuf_t mpo_syncache_create_mbuf; mpo_priv_check_t mpo_priv_check; mpo_priv_grant_t mpo_priv_grant; }; diff --git a/sys/security/mac_biba/mac_biba.c b/sys/security/mac_biba/mac_biba.c index d0207bb..c50ff44 100644 --- a/sys/security/mac_biba/mac_biba.c +++ b/sys/security/mac_biba/mac_biba.c @@ -3211,7 +3211,7 @@ biba_vnode_check_write(struct ucred *active_cred, } static void -biba_init_syncache_from_inpcb(struct label *label, struct inpcb *inp) +biba_syncache_create(struct label *label, struct inpcb *inp) { struct mac_biba *source, *dest; @@ -3221,7 +3221,7 @@ biba_init_syncache_from_inpcb(struct label *label, struct inpcb *inp) } static void -biba_create_mbuf_from_syncache(struct label *sc_label, struct mbuf *m, +biba_syncache_create_mbuf(struct label *sc_label, struct mbuf *m, struct label *mlabel) { struct mac_biba *source, *dest; @@ -3239,7 +3239,7 @@ static struct mac_policy_ops mac_biba_ops = .mpo_devfs_init_label = biba_init_label, .mpo_ifnet_init_label = biba_init_label, .mpo_inpcb_init_label = biba_init_label_waitcheck, - .mpo_init_syncache_label = biba_init_label_waitcheck, + .mpo_syncache_init_label = biba_init_label_waitcheck, .mpo_sysvmsg_init_label = biba_init_label, .mpo_sysvmsq_init_label = biba_init_label, .mpo_sysvsem_init_label = biba_init_label, @@ -3251,14 +3251,14 @@ static struct mac_policy_ops mac_biba_ops = .mpo_posixsem_init_label = biba_init_label, .mpo_socket_init_label = biba_init_label_waitcheck, .mpo_socketpeer_init_label = biba_init_label_waitcheck, - .mpo_init_syncache_from_inpcb = biba_init_syncache_from_inpcb, + .mpo_syncache_create = biba_syncache_create, .mpo_vnode_init_label = biba_init_label, .mpo_bpfdesc_destroy_label = biba_destroy_label, .mpo_cred_destroy_label = biba_destroy_label, .mpo_devfs_destroy_label = biba_destroy_label, .mpo_ifnet_destroy_label = biba_destroy_label, .mpo_inpcb_destroy_label = biba_destroy_label, - .mpo_destroy_syncache_label = biba_destroy_label, + .mpo_syncache_destroy_label = biba_destroy_label, .mpo_sysvmsg_destroy_label = biba_destroy_label, .mpo_sysvmsq_destroy_label = biba_destroy_label, .mpo_sysvsem_destroy_label = biba_destroy_label, @@ -3300,7 +3300,7 @@ static struct mac_policy_ops mac_biba_ops = .mpo_vnode_create_extattr = biba_vnode_create_extattr, .mpo_vnode_setlabel_extattr = biba_vnode_setlabel_extattr, .mpo_socket_create_mbuf = biba_socket_create_mbuf, - .mpo_create_mbuf_from_syncache = biba_create_mbuf_from_syncache, + .mpo_syncache_create_mbuf = biba_syncache_create_mbuf, .mpo_pipe_create = biba_pipe_create, .mpo_posixsem_create = biba_posixsem_create, .mpo_socket_create = biba_socket_create, diff --git a/sys/security/mac_lomac/mac_lomac.c b/sys/security/mac_lomac/mac_lomac.c index 01b0b5a..4203ad5 100644 --- a/sys/security/mac_lomac/mac_lomac.c +++ b/sys/security/mac_lomac/mac_lomac.c @@ -1436,7 +1436,7 @@ lomac_inpcb_sosetlabel(struct socket *so, struct label *solabel, } static void -lomac_init_syncache_from_inpcb(struct label *label, struct inpcb *inp) +lomac_syncache_create(struct label *label, struct inpcb *inp) { struct mac_lomac *source, *dest; @@ -1446,7 +1446,7 @@ lomac_init_syncache_from_inpcb(struct label *label, struct inpcb *inp) } static void -lomac_create_mbuf_from_syncache(struct label *sc_label, struct mbuf *m, +lomac_syncache_create_mbuf(struct label *sc_label, struct mbuf *m, struct label *mlabel) { struct mac_lomac *source, *dest; @@ -2809,7 +2809,7 @@ static struct mac_policy_ops lomac_ops = .mpo_cred_init_label = lomac_init_label, .mpo_devfs_init_label = lomac_init_label, .mpo_ifnet_init_label = lomac_init_label, - .mpo_init_syncache_label = lomac_init_label_waitcheck, + .mpo_syncache_init_label = lomac_init_label_waitcheck, .mpo_inpcb_init_label = lomac_init_label_waitcheck, .mpo_ipq_init_label = lomac_init_label_waitcheck, .mpo_mbuf_init_label = lomac_init_label_waitcheck, @@ -2819,7 +2819,7 @@ static struct mac_policy_ops lomac_ops = .mpo_socket_init_label = lomac_init_label_waitcheck, .mpo_socketpeer_init_label = lomac_init_label_waitcheck, .mpo_vnode_init_label = lomac_init_label, - .mpo_init_syncache_from_inpcb = lomac_init_syncache_from_inpcb, + .mpo_syncache_create = lomac_syncache_create, .mpo_bpfdesc_destroy_label = lomac_destroy_label, .mpo_cred_destroy_label = lomac_destroy_label, .mpo_devfs_destroy_label = lomac_destroy_label, @@ -2830,7 +2830,7 @@ static struct mac_policy_ops lomac_ops = .mpo_mount_destroy_label = lomac_destroy_label, .mpo_pipe_destroy_label = lomac_destroy_label, .mpo_proc_destroy_label = lomac_proc_destroy_label, - .mpo_destroy_syncache_label = lomac_destroy_label, + .mpo_syncache_destroy_label = lomac_destroy_label, .mpo_socket_destroy_label = lomac_destroy_label, .mpo_socketpeer_destroy_label = lomac_destroy_label, .mpo_vnode_destroy_label = lomac_destroy_label, @@ -2863,7 +2863,7 @@ static struct mac_policy_ops lomac_ops = .mpo_vnode_create_extattr = lomac_vnode_create_extattr, .mpo_vnode_setlabel_extattr = lomac_vnode_setlabel_extattr, .mpo_socket_create_mbuf = lomac_socket_create_mbuf, - .mpo_create_mbuf_from_syncache = lomac_create_mbuf_from_syncache, + .mpo_syncache_create_mbuf = lomac_syncache_create_mbuf, .mpo_pipe_create = lomac_pipe_create, .mpo_socket_create = lomac_socket_create, .mpo_socket_newconn = lomac_socket_newconn, diff --git a/sys/security/mac_mls/mac_mls.c b/sys/security/mac_mls/mac_mls.c index 5bb5394..440af2a 100644 --- a/sys/security/mac_mls/mac_mls.c +++ b/sys/security/mac_mls/mac_mls.c @@ -1305,7 +1305,7 @@ mls_mbuf_create_from_firewall(struct mbuf *m, struct label *mlabel) } static void -mls_init_syncache_from_inpcb(struct label *label, struct inpcb *inp) +mls_syncache_create(struct label *label, struct inpcb *inp) { struct mac_mls *source, *dest; @@ -1316,7 +1316,7 @@ mls_init_syncache_from_inpcb(struct label *label, struct inpcb *inp) } static void -mls_create_mbuf_from_syncache(struct label *sc_label, struct mbuf *m, +mls_syncache_create_mbuf(struct label *sc_label, struct mbuf *m, struct label *mlabel) { struct mac_mls *source, *dest; @@ -2866,7 +2866,7 @@ static struct mac_policy_ops mls_ops = .mpo_devfs_init_label = mls_init_label, .mpo_ifnet_init_label = mls_init_label, .mpo_inpcb_init_label = mls_init_label_waitcheck, - .mpo_init_syncache_label = mls_init_label_waitcheck, + .mpo_syncache_init_label = mls_init_label_waitcheck, .mpo_sysvmsg_init_label = mls_init_label, .mpo_sysvmsq_init_label = mls_init_label, .mpo_sysvsem_init_label = mls_init_label, @@ -2884,7 +2884,7 @@ static struct mac_policy_ops mls_ops = .mpo_devfs_destroy_label = mls_destroy_label, .mpo_ifnet_destroy_label = mls_destroy_label, .mpo_inpcb_destroy_label = mls_destroy_label, - .mpo_destroy_syncache_label = mls_destroy_label, + .mpo_syncache_destroy_label = mls_destroy_label, .mpo_sysvmsg_destroy_label = mls_destroy_label, .mpo_sysvmsq_destroy_label = mls_destroy_label, .mpo_sysvsem_destroy_label = mls_destroy_label, @@ -2926,7 +2926,7 @@ static struct mac_policy_ops mls_ops = .mpo_vnode_create_extattr = mls_vnode_create_extattr, .mpo_vnode_setlabel_extattr = mls_vnode_setlabel_extattr, .mpo_socket_create_mbuf = mls_socket_create_mbuf, - .mpo_create_mbuf_from_syncache = mls_create_mbuf_from_syncache, + .mpo_syncache_create_mbuf = mls_syncache_create_mbuf, .mpo_pipe_create = mls_pipe_create, .mpo_posixsem_create = mls_posixsem_create, .mpo_socket_create = mls_socket_create, @@ -2940,7 +2940,7 @@ static struct mac_policy_ops mls_ops = .mpo_netinet_fragment = mls_netinet_fragment, .mpo_ifnet_create = mls_ifnet_create, .mpo_inpcb_create = mls_inpcb_create, - .mpo_init_syncache_from_inpcb = mls_init_syncache_from_inpcb, + .mpo_syncache_create = mls_syncache_create, .mpo_ipq_create = mls_ipq_create, .mpo_sysvmsg_create = mls_sysvmsg_create, .mpo_sysvmsq_create = mls_sysvmsq_create, diff --git a/sys/security/mac_stub/mac_stub.c b/sys/security/mac_stub/mac_stub.c index 138a099..4e15ffc 100644 --- a/sys/security/mac_stub/mac_stub.c +++ b/sys/security/mac_stub/mac_stub.c @@ -350,7 +350,7 @@ stub_inpcb_create(struct socket *so, struct label *solabel, } static void -stub_init_syncache_from_inpcb(struct label *label, struct inpcb *inp) +stub_syncache_create(struct label *label, struct inpcb *inp) { } @@ -398,7 +398,7 @@ stub_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel, } static void -stub_create_mbuf_from_syncache(struct label *sc_label, struct mbuf *m, +stub_syncache_create_mbuf(struct label *sc_label, struct mbuf *m, struct label *mlabel) { @@ -1654,10 +1654,10 @@ static struct mac_policy_ops stub_ops = .mpo_vnode_check_write = stub_vnode_check_write, .mpo_priv_check = stub_priv_check, .mpo_priv_grant = stub_priv_grant, - .mpo_init_syncache_label = stub_init_label_waitcheck, - .mpo_destroy_syncache_label = stub_destroy_label, - .mpo_init_syncache_from_inpcb = stub_init_syncache_from_inpcb, - .mpo_create_mbuf_from_syncache = stub_create_mbuf_from_syncache, + .mpo_syncache_init_label = stub_init_label_waitcheck, + .mpo_syncache_destroy_label = stub_destroy_label, + .mpo_syncache_create = stub_syncache_create, + .mpo_syncache_create_mbuf= stub_syncache_create_mbuf, }; MAC_POLICY_SET(&stub_ops, mac_stub, "TrustedBSD MAC/Stub", -- cgit v1.1