From d61198e422e40a336aa2bcefe4e97511b78315b6 Mon Sep 17 00:00:00 2001 From: Robert Watson Date: Thu, 15 Aug 2002 18:51:26 +0000 Subject: [PATCH] Rename mac_check_socket_receive() to mac_check_socket_deliver() so that we can use the names _receive() and _send() for the receive() and send() checks. Rename related constants, policy implementations, etc. PR: Submitted by: Reviewed by: Approved by: Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs MFC after: --- sys/kern/kern_mac.c | 36 ++++++++++++++++---------------- sys/security/mac/mac_framework.c | 36 ++++++++++++++++---------------- sys/security/mac/mac_internal.h | 36 ++++++++++++++++---------------- sys/security/mac/mac_net.c | 36 ++++++++++++++++---------------- sys/security/mac/mac_pipe.c | 36 ++++++++++++++++---------------- sys/security/mac/mac_process.c | 36 ++++++++++++++++---------------- sys/security/mac/mac_syscalls.c | 36 ++++++++++++++++---------------- sys/security/mac/mac_system.c | 36 ++++++++++++++++---------------- sys/security/mac/mac_vfs.c | 36 ++++++++++++++++---------------- 9 files changed, 162 insertions(+), 162 deletions(-) diff --git a/sys/kern/kern_mac.c b/sys/kern/kern_mac.c index 23c6a7c0eeab..66e16e968fc8 100644 --- a/sys/kern/kern_mac.c +++ b/sys/kern/kern_mac.c @@ -693,12 +693,12 @@ mac_policy_register(struct mac_policy_conf *mpc) mpc->mpc_ops->mpo_check_socket_connect = mpe->mpe_function; break; - case MAC_CHECK_SOCKET_LISTEN: - mpc->mpc_ops->mpo_check_socket_listen = + case MAC_CHECK_SOCKET_DELIVER: + mpc->mpc_ops->mpo_check_socket_deliver = mpe->mpe_function; break; - case MAC_CHECK_SOCKET_RECEIVE: - mpc->mpc_ops->mpo_check_socket_receive = + case MAC_CHECK_SOCKET_LISTEN: + mpc->mpc_ops->mpo_check_socket_listen = mpe->mpe_function; break; case MAC_CHECK_SOCKET_RELABEL: @@ -2533,6 +2533,20 @@ mac_check_socket_connect(struct ucred *cred, struct socket *socket, return (error); } +int +mac_check_socket_deliver(struct socket *socket, struct mbuf *mbuf) +{ + int error; + + if (!mac_enforce_socket) + return (0); + + MAC_CHECK(check_socket_deliver, socket, &socket->so_label, mbuf, + &mbuf->m_pkthdr.label); + + return (error); +} + int mac_check_socket_listen(struct ucred *cred, struct socket *socket) { @@ -2545,20 +2559,6 @@ mac_check_socket_listen(struct ucred *cred, struct socket *socket) return (error); } -int -mac_check_socket_receive(struct socket *socket, struct mbuf *mbuf) -{ - int error; - - if (!mac_enforce_socket) - return (0); - - MAC_CHECK(check_socket_receive, socket, &socket->so_label, mbuf, - &mbuf->m_pkthdr.label); - - return (error); -} - static int mac_check_socket_relabel(struct ucred *cred, struct socket *socket, struct label *newlabel) diff --git a/sys/security/mac/mac_framework.c b/sys/security/mac/mac_framework.c index 23c6a7c0eeab..66e16e968fc8 100644 --- a/sys/security/mac/mac_framework.c +++ b/sys/security/mac/mac_framework.c @@ -693,12 +693,12 @@ mac_policy_register(struct mac_policy_conf *mpc) mpc->mpc_ops->mpo_check_socket_connect = mpe->mpe_function; break; - case MAC_CHECK_SOCKET_LISTEN: - mpc->mpc_ops->mpo_check_socket_listen = + case MAC_CHECK_SOCKET_DELIVER: + mpc->mpc_ops->mpo_check_socket_deliver = mpe->mpe_function; break; - case MAC_CHECK_SOCKET_RECEIVE: - mpc->mpc_ops->mpo_check_socket_receive = + case MAC_CHECK_SOCKET_LISTEN: + mpc->mpc_ops->mpo_check_socket_listen = mpe->mpe_function; break; case MAC_CHECK_SOCKET_RELABEL: @@ -2533,6 +2533,20 @@ mac_check_socket_connect(struct ucred *cred, struct socket *socket, return (error); } +int +mac_check_socket_deliver(struct socket *socket, struct mbuf *mbuf) +{ + int error; + + if (!mac_enforce_socket) + return (0); + + MAC_CHECK(check_socket_deliver, socket, &socket->so_label, mbuf, + &mbuf->m_pkthdr.label); + + return (error); +} + int mac_check_socket_listen(struct ucred *cred, struct socket *socket) { @@ -2545,20 +2559,6 @@ mac_check_socket_listen(struct ucred *cred, struct socket *socket) return (error); } -int -mac_check_socket_receive(struct socket *socket, struct mbuf *mbuf) -{ - int error; - - if (!mac_enforce_socket) - return (0); - - MAC_CHECK(check_socket_receive, socket, &socket->so_label, mbuf, - &mbuf->m_pkthdr.label); - - return (error); -} - static int mac_check_socket_relabel(struct ucred *cred, struct socket *socket, struct label *newlabel) diff --git a/sys/security/mac/mac_internal.h b/sys/security/mac/mac_internal.h index 23c6a7c0eeab..66e16e968fc8 100644 --- a/sys/security/mac/mac_internal.h +++ b/sys/security/mac/mac_internal.h @@ -693,12 +693,12 @@ mac_policy_register(struct mac_policy_conf *mpc) mpc->mpc_ops->mpo_check_socket_connect = mpe->mpe_function; break; - case MAC_CHECK_SOCKET_LISTEN: - mpc->mpc_ops->mpo_check_socket_listen = + case MAC_CHECK_SOCKET_DELIVER: + mpc->mpc_ops->mpo_check_socket_deliver = mpe->mpe_function; break; - case MAC_CHECK_SOCKET_RECEIVE: - mpc->mpc_ops->mpo_check_socket_receive = + case MAC_CHECK_SOCKET_LISTEN: + mpc->mpc_ops->mpo_check_socket_listen = mpe->mpe_function; break; case MAC_CHECK_SOCKET_RELABEL: @@ -2533,6 +2533,20 @@ mac_check_socket_connect(struct ucred *cred, struct socket *socket, return (error); } +int +mac_check_socket_deliver(struct socket *socket, struct mbuf *mbuf) +{ + int error; + + if (!mac_enforce_socket) + return (0); + + MAC_CHECK(check_socket_deliver, socket, &socket->so_label, mbuf, + &mbuf->m_pkthdr.label); + + return (error); +} + int mac_check_socket_listen(struct ucred *cred, struct socket *socket) { @@ -2545,20 +2559,6 @@ mac_check_socket_listen(struct ucred *cred, struct socket *socket) return (error); } -int -mac_check_socket_receive(struct socket *socket, struct mbuf *mbuf) -{ - int error; - - if (!mac_enforce_socket) - return (0); - - MAC_CHECK(check_socket_receive, socket, &socket->so_label, mbuf, - &mbuf->m_pkthdr.label); - - return (error); -} - static int mac_check_socket_relabel(struct ucred *cred, struct socket *socket, struct label *newlabel) diff --git a/sys/security/mac/mac_net.c b/sys/security/mac/mac_net.c index 23c6a7c0eeab..66e16e968fc8 100644 --- a/sys/security/mac/mac_net.c +++ b/sys/security/mac/mac_net.c @@ -693,12 +693,12 @@ mac_policy_register(struct mac_policy_conf *mpc) mpc->mpc_ops->mpo_check_socket_connect = mpe->mpe_function; break; - case MAC_CHECK_SOCKET_LISTEN: - mpc->mpc_ops->mpo_check_socket_listen = + case MAC_CHECK_SOCKET_DELIVER: + mpc->mpc_ops->mpo_check_socket_deliver = mpe->mpe_function; break; - case MAC_CHECK_SOCKET_RECEIVE: - mpc->mpc_ops->mpo_check_socket_receive = + case MAC_CHECK_SOCKET_LISTEN: + mpc->mpc_ops->mpo_check_socket_listen = mpe->mpe_function; break; case MAC_CHECK_SOCKET_RELABEL: @@ -2533,6 +2533,20 @@ mac_check_socket_connect(struct ucred *cred, struct socket *socket, return (error); } +int +mac_check_socket_deliver(struct socket *socket, struct mbuf *mbuf) +{ + int error; + + if (!mac_enforce_socket) + return (0); + + MAC_CHECK(check_socket_deliver, socket, &socket->so_label, mbuf, + &mbuf->m_pkthdr.label); + + return (error); +} + int mac_check_socket_listen(struct ucred *cred, struct socket *socket) { @@ -2545,20 +2559,6 @@ mac_check_socket_listen(struct ucred *cred, struct socket *socket) return (error); } -int -mac_check_socket_receive(struct socket *socket, struct mbuf *mbuf) -{ - int error; - - if (!mac_enforce_socket) - return (0); - - MAC_CHECK(check_socket_receive, socket, &socket->so_label, mbuf, - &mbuf->m_pkthdr.label); - - return (error); -} - static int mac_check_socket_relabel(struct ucred *cred, struct socket *socket, struct label *newlabel) diff --git a/sys/security/mac/mac_pipe.c b/sys/security/mac/mac_pipe.c index 23c6a7c0eeab..66e16e968fc8 100644 --- a/sys/security/mac/mac_pipe.c +++ b/sys/security/mac/mac_pipe.c @@ -693,12 +693,12 @@ mac_policy_register(struct mac_policy_conf *mpc) mpc->mpc_ops->mpo_check_socket_connect = mpe->mpe_function; break; - case MAC_CHECK_SOCKET_LISTEN: - mpc->mpc_ops->mpo_check_socket_listen = + case MAC_CHECK_SOCKET_DELIVER: + mpc->mpc_ops->mpo_check_socket_deliver = mpe->mpe_function; break; - case MAC_CHECK_SOCKET_RECEIVE: - mpc->mpc_ops->mpo_check_socket_receive = + case MAC_CHECK_SOCKET_LISTEN: + mpc->mpc_ops->mpo_check_socket_listen = mpe->mpe_function; break; case MAC_CHECK_SOCKET_RELABEL: @@ -2533,6 +2533,20 @@ mac_check_socket_connect(struct ucred *cred, struct socket *socket, return (error); } +int +mac_check_socket_deliver(struct socket *socket, struct mbuf *mbuf) +{ + int error; + + if (!mac_enforce_socket) + return (0); + + MAC_CHECK(check_socket_deliver, socket, &socket->so_label, mbuf, + &mbuf->m_pkthdr.label); + + return (error); +} + int mac_check_socket_listen(struct ucred *cred, struct socket *socket) { @@ -2545,20 +2559,6 @@ mac_check_socket_listen(struct ucred *cred, struct socket *socket) return (error); } -int -mac_check_socket_receive(struct socket *socket, struct mbuf *mbuf) -{ - int error; - - if (!mac_enforce_socket) - return (0); - - MAC_CHECK(check_socket_receive, socket, &socket->so_label, mbuf, - &mbuf->m_pkthdr.label); - - return (error); -} - static int mac_check_socket_relabel(struct ucred *cred, struct socket *socket, struct label *newlabel) diff --git a/sys/security/mac/mac_process.c b/sys/security/mac/mac_process.c index 23c6a7c0eeab..66e16e968fc8 100644 --- a/sys/security/mac/mac_process.c +++ b/sys/security/mac/mac_process.c @@ -693,12 +693,12 @@ mac_policy_register(struct mac_policy_conf *mpc) mpc->mpc_ops->mpo_check_socket_connect = mpe->mpe_function; break; - case MAC_CHECK_SOCKET_LISTEN: - mpc->mpc_ops->mpo_check_socket_listen = + case MAC_CHECK_SOCKET_DELIVER: + mpc->mpc_ops->mpo_check_socket_deliver = mpe->mpe_function; break; - case MAC_CHECK_SOCKET_RECEIVE: - mpc->mpc_ops->mpo_check_socket_receive = + case MAC_CHECK_SOCKET_LISTEN: + mpc->mpc_ops->mpo_check_socket_listen = mpe->mpe_function; break; case MAC_CHECK_SOCKET_RELABEL: @@ -2533,6 +2533,20 @@ mac_check_socket_connect(struct ucred *cred, struct socket *socket, return (error); } +int +mac_check_socket_deliver(struct socket *socket, struct mbuf *mbuf) +{ + int error; + + if (!mac_enforce_socket) + return (0); + + MAC_CHECK(check_socket_deliver, socket, &socket->so_label, mbuf, + &mbuf->m_pkthdr.label); + + return (error); +} + int mac_check_socket_listen(struct ucred *cred, struct socket *socket) { @@ -2545,20 +2559,6 @@ mac_check_socket_listen(struct ucred *cred, struct socket *socket) return (error); } -int -mac_check_socket_receive(struct socket *socket, struct mbuf *mbuf) -{ - int error; - - if (!mac_enforce_socket) - return (0); - - MAC_CHECK(check_socket_receive, socket, &socket->so_label, mbuf, - &mbuf->m_pkthdr.label); - - return (error); -} - static int mac_check_socket_relabel(struct ucred *cred, struct socket *socket, struct label *newlabel) diff --git a/sys/security/mac/mac_syscalls.c b/sys/security/mac/mac_syscalls.c index 23c6a7c0eeab..66e16e968fc8 100644 --- a/sys/security/mac/mac_syscalls.c +++ b/sys/security/mac/mac_syscalls.c @@ -693,12 +693,12 @@ mac_policy_register(struct mac_policy_conf *mpc) mpc->mpc_ops->mpo_check_socket_connect = mpe->mpe_function; break; - case MAC_CHECK_SOCKET_LISTEN: - mpc->mpc_ops->mpo_check_socket_listen = + case MAC_CHECK_SOCKET_DELIVER: + mpc->mpc_ops->mpo_check_socket_deliver = mpe->mpe_function; break; - case MAC_CHECK_SOCKET_RECEIVE: - mpc->mpc_ops->mpo_check_socket_receive = + case MAC_CHECK_SOCKET_LISTEN: + mpc->mpc_ops->mpo_check_socket_listen = mpe->mpe_function; break; case MAC_CHECK_SOCKET_RELABEL: @@ -2533,6 +2533,20 @@ mac_check_socket_connect(struct ucred *cred, struct socket *socket, return (error); } +int +mac_check_socket_deliver(struct socket *socket, struct mbuf *mbuf) +{ + int error; + + if (!mac_enforce_socket) + return (0); + + MAC_CHECK(check_socket_deliver, socket, &socket->so_label, mbuf, + &mbuf->m_pkthdr.label); + + return (error); +} + int mac_check_socket_listen(struct ucred *cred, struct socket *socket) { @@ -2545,20 +2559,6 @@ mac_check_socket_listen(struct ucred *cred, struct socket *socket) return (error); } -int -mac_check_socket_receive(struct socket *socket, struct mbuf *mbuf) -{ - int error; - - if (!mac_enforce_socket) - return (0); - - MAC_CHECK(check_socket_receive, socket, &socket->so_label, mbuf, - &mbuf->m_pkthdr.label); - - return (error); -} - static int mac_check_socket_relabel(struct ucred *cred, struct socket *socket, struct label *newlabel) diff --git a/sys/security/mac/mac_system.c b/sys/security/mac/mac_system.c index 23c6a7c0eeab..66e16e968fc8 100644 --- a/sys/security/mac/mac_system.c +++ b/sys/security/mac/mac_system.c @@ -693,12 +693,12 @@ mac_policy_register(struct mac_policy_conf *mpc) mpc->mpc_ops->mpo_check_socket_connect = mpe->mpe_function; break; - case MAC_CHECK_SOCKET_LISTEN: - mpc->mpc_ops->mpo_check_socket_listen = + case MAC_CHECK_SOCKET_DELIVER: + mpc->mpc_ops->mpo_check_socket_deliver = mpe->mpe_function; break; - case MAC_CHECK_SOCKET_RECEIVE: - mpc->mpc_ops->mpo_check_socket_receive = + case MAC_CHECK_SOCKET_LISTEN: + mpc->mpc_ops->mpo_check_socket_listen = mpe->mpe_function; break; case MAC_CHECK_SOCKET_RELABEL: @@ -2533,6 +2533,20 @@ mac_check_socket_connect(struct ucred *cred, struct socket *socket, return (error); } +int +mac_check_socket_deliver(struct socket *socket, struct mbuf *mbuf) +{ + int error; + + if (!mac_enforce_socket) + return (0); + + MAC_CHECK(check_socket_deliver, socket, &socket->so_label, mbuf, + &mbuf->m_pkthdr.label); + + return (error); +} + int mac_check_socket_listen(struct ucred *cred, struct socket *socket) { @@ -2545,20 +2559,6 @@ mac_check_socket_listen(struct ucred *cred, struct socket *socket) return (error); } -int -mac_check_socket_receive(struct socket *socket, struct mbuf *mbuf) -{ - int error; - - if (!mac_enforce_socket) - return (0); - - MAC_CHECK(check_socket_receive, socket, &socket->so_label, mbuf, - &mbuf->m_pkthdr.label); - - return (error); -} - static int mac_check_socket_relabel(struct ucred *cred, struct socket *socket, struct label *newlabel) diff --git a/sys/security/mac/mac_vfs.c b/sys/security/mac/mac_vfs.c index 23c6a7c0eeab..66e16e968fc8 100644 --- a/sys/security/mac/mac_vfs.c +++ b/sys/security/mac/mac_vfs.c @@ -693,12 +693,12 @@ mac_policy_register(struct mac_policy_conf *mpc) mpc->mpc_ops->mpo_check_socket_connect = mpe->mpe_function; break; - case MAC_CHECK_SOCKET_LISTEN: - mpc->mpc_ops->mpo_check_socket_listen = + case MAC_CHECK_SOCKET_DELIVER: + mpc->mpc_ops->mpo_check_socket_deliver = mpe->mpe_function; break; - case MAC_CHECK_SOCKET_RECEIVE: - mpc->mpc_ops->mpo_check_socket_receive = + case MAC_CHECK_SOCKET_LISTEN: + mpc->mpc_ops->mpo_check_socket_listen = mpe->mpe_function; break; case MAC_CHECK_SOCKET_RELABEL: @@ -2533,6 +2533,20 @@ mac_check_socket_connect(struct ucred *cred, struct socket *socket, return (error); } +int +mac_check_socket_deliver(struct socket *socket, struct mbuf *mbuf) +{ + int error; + + if (!mac_enforce_socket) + return (0); + + MAC_CHECK(check_socket_deliver, socket, &socket->so_label, mbuf, + &mbuf->m_pkthdr.label); + + return (error); +} + int mac_check_socket_listen(struct ucred *cred, struct socket *socket) { @@ -2545,20 +2559,6 @@ mac_check_socket_listen(struct ucred *cred, struct socket *socket) return (error); } -int -mac_check_socket_receive(struct socket *socket, struct mbuf *mbuf) -{ - int error; - - if (!mac_enforce_socket) - return (0); - - MAC_CHECK(check_socket_receive, socket, &socket->so_label, mbuf, - &mbuf->m_pkthdr.label); - - return (error); -} - static int mac_check_socket_relabel(struct ucred *cred, struct socket *socket, struct label *newlabel)