Example #1
0
static void
mac_socketpeer_label_free(struct label *label)
{

	MAC_POLICY_PERFORM_NOSLEEP(socketpeer_destroy_label, label);
	mac_labelzone_free(label);
}
Example #2
0
void
mac_socket_newconn(struct socket *oldso, struct socket *newso)
{

	MAC_POLICY_PERFORM_NOSLEEP(socket_newconn, oldso, oldso->so_label,
	    newso, newso->so_label);
}
Example #3
0
void
mac_vnode_associate_singlelabel(struct mount *mp, struct vnode *vp)
{

	MAC_POLICY_PERFORM_NOSLEEP(vnode_associate_singlelabel, mp,
	    mp->mnt_label, vp, vp->v_label);
}
Example #4
0
void
mac_sysvmsq_create(struct ucred *cred, struct msqid_kernel *msqkptr)
{

	MAC_POLICY_PERFORM_NOSLEEP(sysvmsq_create, cred, msqkptr,
	    msqkptr->label);
}
Example #5
0
void
mac_pipe_label_free(struct label *label)
{

	MAC_POLICY_PERFORM_NOSLEEP(pipe_destroy_label, label);
	mac_labelzone_free(label);
}
Example #6
0
static void
mac_ifnet_label_free(struct label *label)
{

	MAC_POLICY_PERFORM_NOSLEEP(ifnet_destroy_label, label);
	mac_labelzone_free(label);
}
Example #7
0
/*
 * When a new process is created, its label must be initialized.  Generally,
 * this involves inheritence from the parent process, modulo possible deltas.
 * This function allows that processing to take place.
 */
void
mac_cred_copy(struct ucred *src, struct ucred *dest)
{

	MAC_POLICY_PERFORM_NOSLEEP(cred_copy_label, src->cr_label,
	    dest->cr_label);
}
Example #8
0
void
mac_sysvsem_create(struct ucred *cred, struct semid_kernel *semakptr)
{

	MAC_POLICY_PERFORM_NOSLEEP(sysvsem_create, cred, semakptr,
	    semakptr->label);
}
Example #9
0
void
mac_posixshm_create(struct ucred *cred, struct shmfd *shmfd)
{

	MAC_POLICY_PERFORM_NOSLEEP(posixshm_create, cred, shmfd,
	    shmfd->shm_label);
}
Example #10
0
static void
mac_sysv_msgqueue_label_free(struct label *label)
{

	MAC_POLICY_PERFORM_NOSLEEP(sysvmsq_destroy_label, label);
	mac_labelzone_free(label);
}
Example #11
0
void
mac_devfs_update(struct mount *mp, struct devfs_dirent *de, struct vnode *vp)
{

	MAC_POLICY_PERFORM_NOSLEEP(devfs_update, mp, de, de->de_label, vp,
	    vp->v_label);
}
Example #12
0
static void
mac_posixshm_label_free(struct label *label)
{

	MAC_POLICY_PERFORM_NOSLEEP(posixshm_destroy_label, label);
	mac_labelzone_free(label);
}
Example #13
0
static void
mac_pipe_relabel(struct ucred *cred, struct pipepair *pp,
    struct label *newlabel)
{

	MAC_POLICY_PERFORM_NOSLEEP(pipe_relabel, cred, pp, pp->pp_label,
	    newlabel);
}
Example #14
0
static void
mac_socket_relabel(struct ucred *cred, struct socket *so,
    struct label *newlabel)
{

	SOCK_LOCK_ASSERT(so);

	MAC_POLICY_PERFORM_NOSLEEP(socket_relabel, cred, so, so->so_label,
	    newlabel);
}
Example #15
0
void
mac_mbuf_tag_destroy(struct m_tag *tag)
{
	struct label *label;

	label = (struct label *)(tag+1);

	MAC_POLICY_PERFORM_NOSLEEP(mbuf_destroy_label, label);
	mac_destroy_label(label);
}
Example #16
0
void
mac_socketpeer_set_from_socket(struct socket *oldso, struct socket *newso)
{
	
	if (mac_policy_count == 0)
		return;

	MAC_POLICY_PERFORM_NOSLEEP(socketpeer_set_from_socket, oldso,
	    oldso->so_label, newso, newso->so_peerlabel);
}
Example #17
0
void
mac_ifnet_create(struct ifnet *ifp)
{

	if (mac_policy_count == 0)
		return;

	MAC_IFNET_LOCK(ifp);
	MAC_POLICY_PERFORM_NOSLEEP(ifnet_create, ifp, ifp->if_label);
	MAC_IFNET_UNLOCK(ifp);
}
Example #18
0
void
mac_mbuf_copy(struct mbuf *m_from, struct mbuf *m_to)
{
	struct label *src_label, *dest_label;

	if (mac_policy_count == 0)
		return;

	src_label = mac_mbuf_to_label(m_from);
	dest_label = mac_mbuf_to_label(m_to);

	MAC_POLICY_PERFORM_NOSLEEP(mbuf_copy_label, src_label, dest_label);
}
Example #19
0
void
mac_socketpeer_set_from_mbuf(struct mbuf *m, struct socket *so)
{
	struct label *label;

	if (mac_policy_count == 0)
		return;

	label = mac_mbuf_to_label(m);

	MAC_POLICY_PERFORM_NOSLEEP(socketpeer_set_from_mbuf, m, label, so,
	    so->so_peerlabel);
}
Example #20
0
void
mac_netinet6_nd6_send(struct ifnet *ifp, struct mbuf *m)
{
	struct label *mlabel;

	if (mac_policy_count == 0)
		return;

	mlabel = mac_mbuf_to_label(m);

	MAC_POLICY_PERFORM_NOSLEEP(netinet6_nd6_send, ifp, ifp->if_label, m,
	    mlabel);
}
Example #21
0
void
mac_ip6q_update(struct mbuf *m, struct ip6q *q6)
{
	struct label *label;

	if (mac_policy_count == 0)
		return;

	label = mac_mbuf_to_label(m);

	MAC_POLICY_PERFORM_NOSLEEP(ip6q_update, m, label, q6,
	    q6->ip6q_label);
}
Example #22
0
void
mac_socket_create_mbuf(struct socket *so, struct mbuf *m)
{
	struct label *label;

	if (mac_policy_count == 0)
		return;

	label = mac_mbuf_to_label(m);

	MAC_POLICY_PERFORM_NOSLEEP(socket_create_mbuf, so, so->so_label, m,
	    label);
}
Example #23
0
/*
 * mac_mbuf_tag_copy is called when an mbuf header is duplicated, in which
 * case the labels must also be duplicated.
 */
void
mac_mbuf_tag_copy(struct m_tag *src, struct m_tag *dest)
{
	struct label *src_label, *dest_label;

	src_label = (struct label *)(src+1);
	dest_label = (struct label *)(dest+1);

	/*
	 * mac_mbuf_tag_init() is called on the target tag in m_tag_copy(),
	 * so we don't need to call it here.
	 */
	MAC_POLICY_PERFORM_NOSLEEP(mbuf_copy_label, src_label, dest_label);
}
Example #24
0
void
mac_netatalk_aarp_send(struct ifnet *ifp, struct mbuf *m)
{
	struct label *mlabel;

	if (mac_policy_count == 0)
		return;

	mlabel = mac_mbuf_to_label(m);

	MAC_IFNET_LOCK(ifp);
	MAC_POLICY_PERFORM_NOSLEEP(netatalk_aarp_send, ifp, ifp->if_label, m,
	    mlabel);
	MAC_IFNET_UNLOCK(ifp);
}
Example #25
0
void
mac_bpfdesc_create_mbuf(struct bpf_d *d, struct mbuf *m)
{
	struct label *label;

	BPFD_LOCK_ASSERT(d);

	if (mac_policy_count == 0)
		return;

	label = mac_mbuf_to_label(m);

	MAC_POLICY_PERFORM_NOSLEEP(bpfdesc_create_mbuf, d, d->bd_label, m,
	    label);
}
Example #26
0
void
mac_ifnet_create_mbuf(struct ifnet *ifp, struct mbuf *m)
{
	struct label *label;

	if (mac_policy_count == 0)
		return;

	label = mac_mbuf_to_label(m);

	MAC_IFNET_LOCK(ifp);
	MAC_POLICY_PERFORM_NOSLEEP(ifnet_create_mbuf, ifp, ifp->if_label, m,
	    label);
	MAC_IFNET_UNLOCK(ifp);
}
Example #27
0
int
mac_mbuf_tag_init(struct m_tag *tag, int flag)
{
	struct label *label;
	int error;

	label = (struct label *) (tag + 1);
	mac_init_label(label);

	if (flag & M_WAITOK)
		MAC_POLICY_CHECK(mbuf_init_label, label, flag);
	else
		MAC_POLICY_CHECK_NOSLEEP(mbuf_init_label, label, flag);
	if (error) {
		MAC_POLICY_PERFORM_NOSLEEP(mbuf_destroy_label, label);
		mac_destroy_label(label);
	}
	return (error);
}
Example #28
0
static struct label *
mac_ip6q_label_alloc(int flag)
{
	struct label *label;
	int error;

	label = mac_labelzone_alloc(flag);
	if (label == NULL)
		return (NULL);

	if (flag & M_WAITOK)
		MAC_POLICY_CHECK(ip6q_init_label, label, flag);
	else
		MAC_POLICY_CHECK_NOSLEEP(ip6q_init_label, label, flag);
	if (error) {
		MAC_POLICY_PERFORM_NOSLEEP(ip6q_destroy_label, label);
		mac_labelzone_free(label);
		return (NULL);
	}
	return (label);
}
Example #29
0
void
mac_sysvmsq_cleanup(struct msqid_kernel *msqkptr)
{

	MAC_POLICY_PERFORM_NOSLEEP(sysvmsq_cleanup, msqkptr->label);
}
Example #30
0
void
mac_sysvmsg_cleanup(struct msg *msgptr)
{

	MAC_POLICY_PERFORM_NOSLEEP(sysvmsg_cleanup, msgptr->label);
}