mirror of
https://git.FreeBSD.org/src.git
synced 2025-01-02 12:20:51 +00:00
Normalize TCP syncache-related MAC Framework entry points to match most
other entry points in the form mac_<object>_method(). Discussed with: csjp Obtained from: TrustedBSD Project
This commit is contained in:
parent
34b1e3506c
commit
02be6269c3
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=172970
@ -250,7 +250,7 @@ syncache_free(struct syncache *sc)
|
||||
if (sc->sc_ipopts)
|
||||
(void) m_free(sc->sc_ipopts);
|
||||
#ifdef MAC
|
||||
mac_destroy_syncache(&sc->sc_label);
|
||||
mac_syncache_destroy(&sc->sc_label);
|
||||
#endif
|
||||
|
||||
uma_zfree(tcp_syncache.zone, sc);
|
||||
@ -995,12 +995,12 @@ syncache_add(struct in_conninfo *inc, struct tcpopt *to, struct tcphdr *th,
|
||||
tp = NULL;
|
||||
|
||||
#ifdef MAC
|
||||
if (mac_init_syncache(&maclabel) != 0) {
|
||||
if (mac_syncache_init(&maclabel) != 0) {
|
||||
INP_UNLOCK(inp);
|
||||
INP_INFO_WUNLOCK(&tcbinfo);
|
||||
goto done;
|
||||
} else
|
||||
mac_init_syncache_from_inpcb(maclabel, inp);
|
||||
mac_syncache_create(maclabel, inp);
|
||||
#endif
|
||||
INP_UNLOCK(inp);
|
||||
INP_INFO_WUNLOCK(&tcbinfo);
|
||||
@ -1051,7 +1051,7 @@ syncache_add(struct in_conninfo *inc, struct tcpopt *to, struct tcphdr *th,
|
||||
* storage, free it up. The syncache entry will already
|
||||
* have an initialized label we can use.
|
||||
*/
|
||||
mac_destroy_syncache(&maclabel);
|
||||
mac_syncache_destroy(&maclabel);
|
||||
KASSERT(sc->sc_label != NULL,
|
||||
("%s: label not initialized", __func__));
|
||||
#endif
|
||||
@ -1219,7 +1219,7 @@ syncache_add(struct in_conninfo *inc, struct tcpopt *to, struct tcphdr *th,
|
||||
done:
|
||||
#ifdef MAC
|
||||
if (sc == &scs)
|
||||
mac_destroy_syncache(&maclabel);
|
||||
mac_syncache_destroy(&maclabel);
|
||||
#endif
|
||||
*lsop = NULL;
|
||||
m_freem(m);
|
||||
@ -1260,7 +1260,7 @@ syncache_respond(struct syncache *sc)
|
||||
if (m == NULL)
|
||||
return (ENOBUFS);
|
||||
#ifdef MAC
|
||||
mac_create_mbuf_from_syncache(sc->sc_label, m);
|
||||
mac_syncache_create_mbuf(sc->sc_label, m);
|
||||
#endif
|
||||
m->m_data += max_linkhdr;
|
||||
m->m_len = tlen;
|
||||
|
@ -205,10 +205,10 @@ void mac_netinet_tcp_reply(struct mbuf *m);
|
||||
void mac_ipq_update(struct mbuf *m, struct ipq *ipq);
|
||||
void mac_inpcb_sosetlabel(struct socket *so, struct inpcb *inp);
|
||||
void mac_mbuf_create_from_firewall(struct mbuf *m);
|
||||
void mac_destroy_syncache(struct label **l);
|
||||
int mac_init_syncache(struct label **l);
|
||||
void mac_init_syncache_from_inpcb(struct label *l, struct inpcb *inp);
|
||||
void mac_create_mbuf_from_syncache(struct label *l, struct mbuf *m);
|
||||
void mac_syncache_destroy(struct label **l);
|
||||
int mac_syncache_init(struct label **l);
|
||||
void mac_syncache_create(struct label *l, struct inpcb *inp);
|
||||
void mac_syncache_create_mbuf(struct label *l, struct mbuf *m);
|
||||
|
||||
/*
|
||||
* Labeling event operations: processes.
|
||||
|
@ -295,16 +295,16 @@ mac_mbuf_create_from_firewall(struct mbuf *m)
|
||||
* the syncache code might create.
|
||||
*/
|
||||
void
|
||||
mac_destroy_syncache(struct label **label)
|
||||
mac_syncache_destroy(struct label **label)
|
||||
{
|
||||
|
||||
MAC_PERFORM(destroy_syncache_label, *label);
|
||||
MAC_PERFORM(syncache_destroy_label, *label);
|
||||
mac_labelzone_free(*label);
|
||||
*label = NULL;
|
||||
}
|
||||
|
||||
int
|
||||
mac_init_syncache(struct label **label)
|
||||
mac_syncache_init(struct label **label)
|
||||
{
|
||||
int error;
|
||||
|
||||
@ -317,24 +317,24 @@ mac_init_syncache(struct label **label)
|
||||
* MAC_CHECK instead of the typical MAC_PERFORM so we can propagate
|
||||
* allocation failures back to the syncache code.
|
||||
*/
|
||||
MAC_CHECK(init_syncache_label, *label, M_NOWAIT);
|
||||
MAC_CHECK(syncache_init_label, *label, M_NOWAIT);
|
||||
return (error);
|
||||
}
|
||||
|
||||
void
|
||||
mac_init_syncache_from_inpcb(struct label *label, struct inpcb *inp)
|
||||
mac_syncache_create(struct label *label, struct inpcb *inp)
|
||||
{
|
||||
|
||||
INP_LOCK_ASSERT(inp);
|
||||
MAC_PERFORM(init_syncache_from_inpcb, label, inp);
|
||||
MAC_PERFORM(syncache_create, label, inp);
|
||||
}
|
||||
|
||||
void
|
||||
mac_create_mbuf_from_syncache(struct label *sc_label, struct mbuf *m)
|
||||
mac_syncache_create_mbuf(struct label *sc_label, struct mbuf *m)
|
||||
{
|
||||
struct label *mlabel;
|
||||
|
||||
M_ASSERTPKTHDR(m);
|
||||
mlabel = mac_mbuf_to_label(m);
|
||||
MAC_PERFORM(create_mbuf_from_syncache, sc_label, m, mlabel);
|
||||
MAC_PERFORM(syncache_create_mbuf, sc_label, m, mlabel);
|
||||
}
|
||||
|
@ -328,11 +328,11 @@ typedef void (*mpo_inpcb_sosetlabel_t)(struct socket *so,
|
||||
|
||||
typedef void (*mpo_mbuf_create_from_firewall_t)(struct mbuf *m,
|
||||
struct label *label);
|
||||
typedef void (*mpo_destroy_syncache_label_t)(struct label *label);
|
||||
typedef int (*mpo_init_syncache_label_t)(struct label *label, int flag);
|
||||
typedef void (*mpo_init_syncache_from_inpcb_t)(struct label *label,
|
||||
typedef void (*mpo_syncache_destroy_label_t)(struct label *label);
|
||||
typedef int (*mpo_syncache_init_label_t)(struct label *label, int flag);
|
||||
typedef void (*mpo_syncache_create_t)(struct label *label,
|
||||
struct inpcb *inp);
|
||||
typedef void (*mpo_create_mbuf_from_syncache_t)(struct label *sc_label,
|
||||
typedef void (*mpo_syncache_create_mbuf_t)(struct label *sc_label,
|
||||
struct mbuf *m, struct label *mlabel);
|
||||
/*
|
||||
* Labeling event operations: processes.
|
||||
@ -900,10 +900,10 @@ struct mac_policy_ops {
|
||||
mpo_vnode_check_unlink_t mpo_vnode_check_unlink;
|
||||
mpo_vnode_check_write_t mpo_vnode_check_write;
|
||||
mpo_mbuf_create_from_firewall_t mpo_mbuf_create_from_firewall;
|
||||
mpo_init_syncache_label_t mpo_init_syncache_label;
|
||||
mpo_destroy_syncache_label_t mpo_destroy_syncache_label;
|
||||
mpo_init_syncache_from_inpcb_t mpo_init_syncache_from_inpcb;
|
||||
mpo_create_mbuf_from_syncache_t mpo_create_mbuf_from_syncache;
|
||||
mpo_syncache_init_label_t mpo_syncache_init_label;
|
||||
mpo_syncache_destroy_label_t mpo_syncache_destroy_label;
|
||||
mpo_syncache_create_t mpo_syncache_create;
|
||||
mpo_syncache_create_mbuf_t mpo_syncache_create_mbuf;
|
||||
mpo_priv_check_t mpo_priv_check;
|
||||
mpo_priv_grant_t mpo_priv_grant;
|
||||
};
|
||||
|
@ -3211,7 +3211,7 @@ biba_vnode_check_write(struct ucred *active_cred,
|
||||
}
|
||||
|
||||
static void
|
||||
biba_init_syncache_from_inpcb(struct label *label, struct inpcb *inp)
|
||||
biba_syncache_create(struct label *label, struct inpcb *inp)
|
||||
{
|
||||
struct mac_biba *source, *dest;
|
||||
|
||||
@ -3221,7 +3221,7 @@ biba_init_syncache_from_inpcb(struct label *label, struct inpcb *inp)
|
||||
}
|
||||
|
||||
static void
|
||||
biba_create_mbuf_from_syncache(struct label *sc_label, struct mbuf *m,
|
||||
biba_syncache_create_mbuf(struct label *sc_label, struct mbuf *m,
|
||||
struct label *mlabel)
|
||||
{
|
||||
struct mac_biba *source, *dest;
|
||||
@ -3239,7 +3239,7 @@ static struct mac_policy_ops mac_biba_ops =
|
||||
.mpo_devfs_init_label = biba_init_label,
|
||||
.mpo_ifnet_init_label = biba_init_label,
|
||||
.mpo_inpcb_init_label = biba_init_label_waitcheck,
|
||||
.mpo_init_syncache_label = biba_init_label_waitcheck,
|
||||
.mpo_syncache_init_label = biba_init_label_waitcheck,
|
||||
.mpo_sysvmsg_init_label = biba_init_label,
|
||||
.mpo_sysvmsq_init_label = biba_init_label,
|
||||
.mpo_sysvsem_init_label = biba_init_label,
|
||||
@ -3251,14 +3251,14 @@ static struct mac_policy_ops mac_biba_ops =
|
||||
.mpo_posixsem_init_label = biba_init_label,
|
||||
.mpo_socket_init_label = biba_init_label_waitcheck,
|
||||
.mpo_socketpeer_init_label = biba_init_label_waitcheck,
|
||||
.mpo_init_syncache_from_inpcb = biba_init_syncache_from_inpcb,
|
||||
.mpo_syncache_create = biba_syncache_create,
|
||||
.mpo_vnode_init_label = biba_init_label,
|
||||
.mpo_bpfdesc_destroy_label = biba_destroy_label,
|
||||
.mpo_cred_destroy_label = biba_destroy_label,
|
||||
.mpo_devfs_destroy_label = biba_destroy_label,
|
||||
.mpo_ifnet_destroy_label = biba_destroy_label,
|
||||
.mpo_inpcb_destroy_label = biba_destroy_label,
|
||||
.mpo_destroy_syncache_label = biba_destroy_label,
|
||||
.mpo_syncache_destroy_label = biba_destroy_label,
|
||||
.mpo_sysvmsg_destroy_label = biba_destroy_label,
|
||||
.mpo_sysvmsq_destroy_label = biba_destroy_label,
|
||||
.mpo_sysvsem_destroy_label = biba_destroy_label,
|
||||
@ -3300,7 +3300,7 @@ static struct mac_policy_ops mac_biba_ops =
|
||||
.mpo_vnode_create_extattr = biba_vnode_create_extattr,
|
||||
.mpo_vnode_setlabel_extattr = biba_vnode_setlabel_extattr,
|
||||
.mpo_socket_create_mbuf = biba_socket_create_mbuf,
|
||||
.mpo_create_mbuf_from_syncache = biba_create_mbuf_from_syncache,
|
||||
.mpo_syncache_create_mbuf = biba_syncache_create_mbuf,
|
||||
.mpo_pipe_create = biba_pipe_create,
|
||||
.mpo_posixsem_create = biba_posixsem_create,
|
||||
.mpo_socket_create = biba_socket_create,
|
||||
|
@ -1436,7 +1436,7 @@ lomac_inpcb_sosetlabel(struct socket *so, struct label *solabel,
|
||||
}
|
||||
|
||||
static void
|
||||
lomac_init_syncache_from_inpcb(struct label *label, struct inpcb *inp)
|
||||
lomac_syncache_create(struct label *label, struct inpcb *inp)
|
||||
{
|
||||
struct mac_lomac *source, *dest;
|
||||
|
||||
@ -1446,7 +1446,7 @@ lomac_init_syncache_from_inpcb(struct label *label, struct inpcb *inp)
|
||||
}
|
||||
|
||||
static void
|
||||
lomac_create_mbuf_from_syncache(struct label *sc_label, struct mbuf *m,
|
||||
lomac_syncache_create_mbuf(struct label *sc_label, struct mbuf *m,
|
||||
struct label *mlabel)
|
||||
{
|
||||
struct mac_lomac *source, *dest;
|
||||
@ -2809,7 +2809,7 @@ static struct mac_policy_ops lomac_ops =
|
||||
.mpo_cred_init_label = lomac_init_label,
|
||||
.mpo_devfs_init_label = lomac_init_label,
|
||||
.mpo_ifnet_init_label = lomac_init_label,
|
||||
.mpo_init_syncache_label = lomac_init_label_waitcheck,
|
||||
.mpo_syncache_init_label = lomac_init_label_waitcheck,
|
||||
.mpo_inpcb_init_label = lomac_init_label_waitcheck,
|
||||
.mpo_ipq_init_label = lomac_init_label_waitcheck,
|
||||
.mpo_mbuf_init_label = lomac_init_label_waitcheck,
|
||||
@ -2819,7 +2819,7 @@ static struct mac_policy_ops lomac_ops =
|
||||
.mpo_socket_init_label = lomac_init_label_waitcheck,
|
||||
.mpo_socketpeer_init_label = lomac_init_label_waitcheck,
|
||||
.mpo_vnode_init_label = lomac_init_label,
|
||||
.mpo_init_syncache_from_inpcb = lomac_init_syncache_from_inpcb,
|
||||
.mpo_syncache_create = lomac_syncache_create,
|
||||
.mpo_bpfdesc_destroy_label = lomac_destroy_label,
|
||||
.mpo_cred_destroy_label = lomac_destroy_label,
|
||||
.mpo_devfs_destroy_label = lomac_destroy_label,
|
||||
@ -2830,7 +2830,7 @@ static struct mac_policy_ops lomac_ops =
|
||||
.mpo_mount_destroy_label = lomac_destroy_label,
|
||||
.mpo_pipe_destroy_label = lomac_destroy_label,
|
||||
.mpo_proc_destroy_label = lomac_proc_destroy_label,
|
||||
.mpo_destroy_syncache_label = lomac_destroy_label,
|
||||
.mpo_syncache_destroy_label = lomac_destroy_label,
|
||||
.mpo_socket_destroy_label = lomac_destroy_label,
|
||||
.mpo_socketpeer_destroy_label = lomac_destroy_label,
|
||||
.mpo_vnode_destroy_label = lomac_destroy_label,
|
||||
@ -2863,7 +2863,7 @@ static struct mac_policy_ops lomac_ops =
|
||||
.mpo_vnode_create_extattr = lomac_vnode_create_extattr,
|
||||
.mpo_vnode_setlabel_extattr = lomac_vnode_setlabel_extattr,
|
||||
.mpo_socket_create_mbuf = lomac_socket_create_mbuf,
|
||||
.mpo_create_mbuf_from_syncache = lomac_create_mbuf_from_syncache,
|
||||
.mpo_syncache_create_mbuf = lomac_syncache_create_mbuf,
|
||||
.mpo_pipe_create = lomac_pipe_create,
|
||||
.mpo_socket_create = lomac_socket_create,
|
||||
.mpo_socket_newconn = lomac_socket_newconn,
|
||||
|
@ -1305,7 +1305,7 @@ mls_mbuf_create_from_firewall(struct mbuf *m, struct label *mlabel)
|
||||
}
|
||||
|
||||
static void
|
||||
mls_init_syncache_from_inpcb(struct label *label, struct inpcb *inp)
|
||||
mls_syncache_create(struct label *label, struct inpcb *inp)
|
||||
{
|
||||
struct mac_mls *source, *dest;
|
||||
|
||||
@ -1316,7 +1316,7 @@ mls_init_syncache_from_inpcb(struct label *label, struct inpcb *inp)
|
||||
}
|
||||
|
||||
static void
|
||||
mls_create_mbuf_from_syncache(struct label *sc_label, struct mbuf *m,
|
||||
mls_syncache_create_mbuf(struct label *sc_label, struct mbuf *m,
|
||||
struct label *mlabel)
|
||||
{
|
||||
struct mac_mls *source, *dest;
|
||||
@ -2866,7 +2866,7 @@ static struct mac_policy_ops mls_ops =
|
||||
.mpo_devfs_init_label = mls_init_label,
|
||||
.mpo_ifnet_init_label = mls_init_label,
|
||||
.mpo_inpcb_init_label = mls_init_label_waitcheck,
|
||||
.mpo_init_syncache_label = mls_init_label_waitcheck,
|
||||
.mpo_syncache_init_label = mls_init_label_waitcheck,
|
||||
.mpo_sysvmsg_init_label = mls_init_label,
|
||||
.mpo_sysvmsq_init_label = mls_init_label,
|
||||
.mpo_sysvsem_init_label = mls_init_label,
|
||||
@ -2884,7 +2884,7 @@ static struct mac_policy_ops mls_ops =
|
||||
.mpo_devfs_destroy_label = mls_destroy_label,
|
||||
.mpo_ifnet_destroy_label = mls_destroy_label,
|
||||
.mpo_inpcb_destroy_label = mls_destroy_label,
|
||||
.mpo_destroy_syncache_label = mls_destroy_label,
|
||||
.mpo_syncache_destroy_label = mls_destroy_label,
|
||||
.mpo_sysvmsg_destroy_label = mls_destroy_label,
|
||||
.mpo_sysvmsq_destroy_label = mls_destroy_label,
|
||||
.mpo_sysvsem_destroy_label = mls_destroy_label,
|
||||
@ -2926,7 +2926,7 @@ static struct mac_policy_ops mls_ops =
|
||||
.mpo_vnode_create_extattr = mls_vnode_create_extattr,
|
||||
.mpo_vnode_setlabel_extattr = mls_vnode_setlabel_extattr,
|
||||
.mpo_socket_create_mbuf = mls_socket_create_mbuf,
|
||||
.mpo_create_mbuf_from_syncache = mls_create_mbuf_from_syncache,
|
||||
.mpo_syncache_create_mbuf = mls_syncache_create_mbuf,
|
||||
.mpo_pipe_create = mls_pipe_create,
|
||||
.mpo_posixsem_create = mls_posixsem_create,
|
||||
.mpo_socket_create = mls_socket_create,
|
||||
@ -2940,7 +2940,7 @@ static struct mac_policy_ops mls_ops =
|
||||
.mpo_netinet_fragment = mls_netinet_fragment,
|
||||
.mpo_ifnet_create = mls_ifnet_create,
|
||||
.mpo_inpcb_create = mls_inpcb_create,
|
||||
.mpo_init_syncache_from_inpcb = mls_init_syncache_from_inpcb,
|
||||
.mpo_syncache_create = mls_syncache_create,
|
||||
.mpo_ipq_create = mls_ipq_create,
|
||||
.mpo_sysvmsg_create = mls_sysvmsg_create,
|
||||
.mpo_sysvmsq_create = mls_sysvmsq_create,
|
||||
|
@ -350,7 +350,7 @@ stub_inpcb_create(struct socket *so, struct label *solabel,
|
||||
}
|
||||
|
||||
static void
|
||||
stub_init_syncache_from_inpcb(struct label *label, struct inpcb *inp)
|
||||
stub_syncache_create(struct label *label, struct inpcb *inp)
|
||||
{
|
||||
|
||||
}
|
||||
@ -398,7 +398,7 @@ stub_inpcb_create_mbuf(struct inpcb *inp, struct label *inplabel,
|
||||
}
|
||||
|
||||
static void
|
||||
stub_create_mbuf_from_syncache(struct label *sc_label, struct mbuf *m,
|
||||
stub_syncache_create_mbuf(struct label *sc_label, struct mbuf *m,
|
||||
struct label *mlabel)
|
||||
{
|
||||
|
||||
@ -1654,10 +1654,10 @@ static struct mac_policy_ops stub_ops =
|
||||
.mpo_vnode_check_write = stub_vnode_check_write,
|
||||
.mpo_priv_check = stub_priv_check,
|
||||
.mpo_priv_grant = stub_priv_grant,
|
||||
.mpo_init_syncache_label = stub_init_label_waitcheck,
|
||||
.mpo_destroy_syncache_label = stub_destroy_label,
|
||||
.mpo_init_syncache_from_inpcb = stub_init_syncache_from_inpcb,
|
||||
.mpo_create_mbuf_from_syncache = stub_create_mbuf_from_syncache,
|
||||
.mpo_syncache_init_label = stub_init_label_waitcheck,
|
||||
.mpo_syncache_destroy_label = stub_destroy_label,
|
||||
.mpo_syncache_create = stub_syncache_create,
|
||||
.mpo_syncache_create_mbuf= stub_syncache_create_mbuf,
|
||||
};
|
||||
|
||||
MAC_POLICY_SET(&stub_ops, mac_stub, "TrustedBSD MAC/Stub",
|
||||
|
Loading…
Reference in New Issue
Block a user