Remove the flags argument from mac_externalize_*_label(), as it's not

passed into policies or used internally to the MAC Framework.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories

sys/kern/kern_mac.c

@@ -560,7 +560,7 @@ __mac_get_pid(struct thread *td, struct __mac_get_pid_args *uap)
 
 	buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK | M_ZERO);
 	error = mac_externalize_cred_label(&tcred->cr_label, elements,
-	    buffer, mac.m_buflen, M_WAITOK);
+	    buffer, mac.m_buflen);
 	if (error == 0)
 		error = copyout(buffer, mac.m_string, strlen(buffer)+1);
 
@@ -597,7 +597,7 @@ __mac_get_proc(struct thread *td, struct __mac_get_proc_args *uap)
 
 	buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK | M_ZERO);
 	error = mac_externalize_cred_label(&td->td_ucred->cr_label,
-	    elements, buffer, mac.m_buflen, M_WAITOK);
+	    elements, buffer, mac.m_buflen);
 	if (error == 0)
 		error = copyout(buffer, mac.m_string, strlen(buffer)+1);
 
@@ -751,12 +751,12 @@ __mac_get_fd(struct thread *td, struct __mac_get_fd_args *uap)
 	case DTYPE_VNODE:
 		if (error == 0)
 			error = mac_externalize_vnode_label(&intlabel,
-			    elements, buffer, mac.m_buflen, M_WAITOK);
+			    elements, buffer, mac.m_buflen);
 		mac_destroy_vnode_label(&intlabel);
 		break;
 	case DTYPE_PIPE:
 		error = mac_externalize_pipe_label(&intlabel, elements,
-		    buffer, mac.m_buflen, M_WAITOK);
+		    buffer, mac.m_buflen);
 		mac_destroy_pipe_label(&intlabel);
 		break;
 	default:
@@ -812,7 +812,7 @@ __mac_get_file(struct thread *td, struct __mac_get_file_args *uap)
 	mac_init_vnode_label(&intlabel);
 	mac_copy_vnode_label(&nd.ni_vp->v_label, &intlabel);
 	error = mac_externalize_vnode_label(&intlabel, elements, buffer,
-	    mac.m_buflen, M_WAITOK);
+	    mac.m_buflen);
 
 	NDFREE(&nd, 0);
 	mac_destroy_vnode_label(&intlabel);
@@ -867,7 +867,7 @@ __mac_get_link(struct thread *td, struct __mac_get_link_args *uap)
 	mac_init_vnode_label(&intlabel);
 	mac_copy_vnode_label(&nd.ni_vp->v_label, &intlabel);
 	error = mac_externalize_vnode_label(&intlabel, elements, buffer,
-	    mac.m_buflen, M_WAITOK);
+	    mac.m_buflen);
 	NDFREE(&nd, 0);
 	mac_destroy_vnode_label(&intlabel);
 

sys/security/mac/mac_framework.c

@@ -560,7 +560,7 @@ __mac_get_pid(struct thread *td, struct __mac_get_pid_args *uap)
 
 	buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK | M_ZERO);
 	error = mac_externalize_cred_label(&tcred->cr_label, elements,
-	    buffer, mac.m_buflen, M_WAITOK);
+	    buffer, mac.m_buflen);
 	if (error == 0)
 		error = copyout(buffer, mac.m_string, strlen(buffer)+1);
 
@@ -597,7 +597,7 @@ __mac_get_proc(struct thread *td, struct __mac_get_proc_args *uap)
 
 	buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK | M_ZERO);
 	error = mac_externalize_cred_label(&td->td_ucred->cr_label,
-	    elements, buffer, mac.m_buflen, M_WAITOK);
+	    elements, buffer, mac.m_buflen);
 	if (error == 0)
 		error = copyout(buffer, mac.m_string, strlen(buffer)+1);
 
@@ -751,12 +751,12 @@ __mac_get_fd(struct thread *td, struct __mac_get_fd_args *uap)
 	case DTYPE_VNODE:
 		if (error == 0)
 			error = mac_externalize_vnode_label(&intlabel,
-			    elements, buffer, mac.m_buflen, M_WAITOK);
+			    elements, buffer, mac.m_buflen);
 		mac_destroy_vnode_label(&intlabel);
 		break;
 	case DTYPE_PIPE:
 		error = mac_externalize_pipe_label(&intlabel, elements,
-		    buffer, mac.m_buflen, M_WAITOK);
+		    buffer, mac.m_buflen);
 		mac_destroy_pipe_label(&intlabel);
 		break;
 	default:
@@ -812,7 +812,7 @@ __mac_get_file(struct thread *td, struct __mac_get_file_args *uap)
 	mac_init_vnode_label(&intlabel);
 	mac_copy_vnode_label(&nd.ni_vp->v_label, &intlabel);
 	error = mac_externalize_vnode_label(&intlabel, elements, buffer,
-	    mac.m_buflen, M_WAITOK);
+	    mac.m_buflen);
 
 	NDFREE(&nd, 0);
 	mac_destroy_vnode_label(&intlabel);
@@ -867,7 +867,7 @@ __mac_get_link(struct thread *td, struct __mac_get_link_args *uap)
 	mac_init_vnode_label(&intlabel);
 	mac_copy_vnode_label(&nd.ni_vp->v_label, &intlabel);
 	error = mac_externalize_vnode_label(&intlabel, elements, buffer,
-	    mac.m_buflen, M_WAITOK);
+	    mac.m_buflen);
 	NDFREE(&nd, 0);
 	mac_destroy_vnode_label(&intlabel);
 

sys/security/mac/mac_internal.h

@@ -101,7 +101,7 @@ int	mac_allocate_slot(void);
 int	mac_check_cred_relabel(struct ucred *cred, struct label *newlabel);
 void	mac_destroy_cred_label(struct label *label);
 int	mac_externalize_cred_label(struct label *label, char *elements, 
-	    char *outbuf, size_t outbuflen, int flags);
+	    char *outbuf, size_t outbuflen);
 void	mac_init_cred_label(struct label *label);
 int	mac_internalize_cred_label(struct label *label, char *string);
 void	mac_relabel_cred(struct ucred *cred, struct label *newlabel);
@@ -109,12 +109,12 @@ void	mac_relabel_cred(struct ucred *cred, struct label *newlabel);
 void	mac_copy_pipe_label(struct label *src, struct label *dest);
 void	mac_destroy_pipe_label(struct label *label);
 int	mac_externalize_pipe_label(struct label *label, char *elements,
-	    char *outbuf, size_t outbuflen, int flags);
+	    char *outbuf, size_t outbuflen);
 void	mac_init_pipe_label(struct label *label);
 int	mac_internalize_pipe_label(struct label *label, char *string);
 
 int	mac_externalize_vnode_label(struct label *label, char *elements,
-	    char *outbuf, size_t outbuflen, int flags);
+	    char *outbuf, size_t outbuflen);
 int	mac_internalize_vnode_label(struct label *label, char *string);
 void	mac_check_vnode_mmap_downgrade(struct ucred *cred, struct vnode *vp,
 	    int *prot);

sys/security/mac/mac_net.c

@@ -333,7 +333,7 @@ mac_copy_mbuf_tag(struct m_tag *src, struct m_tag *dest)
 
 static int
 mac_externalize_ifnet_label(struct label *label, char *elements,
-    char *outbuf, size_t outbuflen, int flags)
+    char *outbuf, size_t outbuflen)
 {
 	int error;
 
@@ -344,7 +344,7 @@ mac_externalize_ifnet_label(struct label *label, char *elements,
 
 static int
 mac_externalize_socket_label(struct label *label, char *elements,
-    char *outbuf, size_t outbuflen, int flags)
+    char *outbuf, size_t outbuflen)
 {
 	int error;
 
@@ -355,7 +355,7 @@ mac_externalize_socket_label(struct label *label, char *elements,
 
 static int
 mac_externalize_socket_peer_label(struct label *label, char *elements,
-    char *outbuf, size_t outbuflen, int flags)
+    char *outbuf, size_t outbuflen)
 {
 	int error;
 
@@ -768,7 +768,7 @@ mac_ioctl_ifnet_get(struct ucred *cred, struct ifreq *ifr,
 
 	buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK | M_ZERO);
 	error = mac_externalize_ifnet_label(&ifnet->if_label, elements,
-	    buffer, mac.m_buflen, M_WAITOK);
+	    buffer, mac.m_buflen);
 	if (error == 0)
 		error = copyout(buffer, mac.m_string, strlen(buffer)+1);
 
@@ -893,7 +893,7 @@ mac_getsockopt_label_get(struct ucred *cred, struct socket *so,
 
 	buffer = malloc(mac->m_buflen, M_MACTEMP, M_WAITOK | M_ZERO);
 	error = mac_externalize_socket_label(&so->so_label, elements,
-	    buffer, mac->m_buflen, M_WAITOK);
+	    buffer, mac->m_buflen);
 	if (error == 0)
 		error = copyout(buffer, mac->m_string, strlen(buffer)+1);
 
@@ -923,7 +923,7 @@ mac_getsockopt_peerlabel_get(struct ucred *cred, struct socket *so,
 
 	buffer = malloc(mac->m_buflen, M_MACTEMP, M_WAITOK | M_ZERO);
 	error = mac_externalize_socket_peer_label(&so->so_peerlabel,
-	    elements, buffer, mac->m_buflen, M_WAITOK);
+	    elements, buffer, mac->m_buflen);
 	if (error == 0)
 		error = copyout(buffer, mac->m_string, strlen(buffer)+1);
 

sys/security/mac/mac_pipe.c

@@ -109,7 +109,7 @@ mac_copy_pipe_label(struct label *src, struct label *dest)
 
 int
 mac_externalize_pipe_label(struct label *label, char *elements,
-    char *outbuf, size_t outbuflen, int flags)
+    char *outbuf, size_t outbuflen)
 {
 	int error;
 

sys/security/mac/mac_process.c

@@ -148,7 +148,7 @@ mac_destroy_proc(struct proc *p)
 
 int
 mac_externalize_cred_label(struct label *label, char *elements,
-    char *outbuf, size_t outbuflen, int flags)
+    char *outbuf, size_t outbuflen)
 {
 	int error;
 

sys/security/mac/mac_syscalls.c

@@ -560,7 +560,7 @@ __mac_get_pid(struct thread *td, struct __mac_get_pid_args *uap)
 
 	buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK | M_ZERO);
 	error = mac_externalize_cred_label(&tcred->cr_label, elements,
-	    buffer, mac.m_buflen, M_WAITOK);
+	    buffer, mac.m_buflen);
 	if (error == 0)
 		error = copyout(buffer, mac.m_string, strlen(buffer)+1);
 
@@ -597,7 +597,7 @@ __mac_get_proc(struct thread *td, struct __mac_get_proc_args *uap)
 
 	buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK | M_ZERO);
 	error = mac_externalize_cred_label(&td->td_ucred->cr_label,
-	    elements, buffer, mac.m_buflen, M_WAITOK);
+	    elements, buffer, mac.m_buflen);
 	if (error == 0)
 		error = copyout(buffer, mac.m_string, strlen(buffer)+1);
 
@@ -751,12 +751,12 @@ __mac_get_fd(struct thread *td, struct __mac_get_fd_args *uap)
 	case DTYPE_VNODE:
 		if (error == 0)
 			error = mac_externalize_vnode_label(&intlabel,
-			    elements, buffer, mac.m_buflen, M_WAITOK);
+			    elements, buffer, mac.m_buflen);
 		mac_destroy_vnode_label(&intlabel);
 		break;
 	case DTYPE_PIPE:
 		error = mac_externalize_pipe_label(&intlabel, elements,
-		    buffer, mac.m_buflen, M_WAITOK);
+		    buffer, mac.m_buflen);
 		mac_destroy_pipe_label(&intlabel);
 		break;
 	default:
@@ -812,7 +812,7 @@ __mac_get_file(struct thread *td, struct __mac_get_file_args *uap)
 	mac_init_vnode_label(&intlabel);
 	mac_copy_vnode_label(&nd.ni_vp->v_label, &intlabel);
 	error = mac_externalize_vnode_label(&intlabel, elements, buffer,
-	    mac.m_buflen, M_WAITOK);
+	    mac.m_buflen);
 
 	NDFREE(&nd, 0);
 	mac_destroy_vnode_label(&intlabel);
@@ -867,7 +867,7 @@ __mac_get_link(struct thread *td, struct __mac_get_link_args *uap)
 	mac_init_vnode_label(&intlabel);
 	mac_copy_vnode_label(&nd.ni_vp->v_label, &intlabel);
 	error = mac_externalize_vnode_label(&intlabel, elements, buffer,
-	    mac.m_buflen, M_WAITOK);
+	    mac.m_buflen);
 	NDFREE(&nd, 0);
 	mac_destroy_vnode_label(&intlabel);
 

sys/security/mac/mac_vfs.c

@@ -181,7 +181,7 @@ mac_copy_vnode_label(struct label *src, struct label *dest)
 
 int
 mac_externalize_vnode_label(struct label *label, char *elements,
-    char *outbuf, size_t outbuflen, int flags)
+    char *outbuf, size_t outbuflen)
 {
 	int error;