D38197.diff
No OneTemporary
Actions

Size

6 KB

Referenced Files

None

Subscribers

None

D38197.diff
View Options

	diff --git a/sys/net/if.c b/sys/net/if.c
	--- a/sys/net/if.c
	+++ b/sys/net/if.c
	@@ -4809,6 +4809,18 @@
	ifp->if_debugnet_methods = m;
	}

	+struct label *
	+if_getmaclabel(if_t ifp)
	+{
	+ return (ifp->if_label);
	+}
	+
	+void
	+if_setmaclabel(if_t ifp, struct label *label)
	+{
	+ ifp->if_label = label;
	+}
	+
	int
	if_gettype(if_t ifp)
	{
	diff --git a/sys/net/if_var.h b/sys/net/if_var.h
	--- a/sys/net/if_var.h
	+++ b/sys/net/if_var.h
	@@ -627,6 +627,8 @@
	void if_vlancap(if_t ifp);
	int if_transmit(if_t ifp, struct mbuf *m);
	int if_init(if_t ifp, void *ctx);
	+struct label *if_getmaclabel(if_t ifp);
	+void if_setmaclabel(if_t ifp, struct label *label);

	/*
	* Traversing through interface address lists.
	diff --git a/sys/security/mac/mac_inet.c b/sys/security/mac/mac_inet.c
	--- a/sys/security/mac/mac_inet.c
	+++ b/sys/security/mac/mac_inet.c
	@@ -274,8 +274,8 @@
	mlabel = mac_mbuf_to_label(m);

	MAC_IFNET_LOCK(ifp, locked);
	- MAC_POLICY_PERFORM_NOSLEEP(netinet_arp_send, ifp, ifp->if_label, m,
	- mlabel);
	+ MAC_POLICY_PERFORM_NOSLEEP(netinet_arp_send, ifp, if_getmaclabel(ifp),
	+ m, mlabel);
	MAC_IFNET_UNLOCK(ifp, locked);
	}

	@@ -319,8 +319,8 @@
	mlabel = mac_mbuf_to_label(m);

	MAC_IFNET_LOCK(ifp, locked);
	- MAC_POLICY_PERFORM_NOSLEEP(netinet_igmp_send, ifp, ifp->if_label, m,
	- mlabel);
	+ MAC_POLICY_PERFORM_NOSLEEP(netinet_igmp_send, ifp, if_getmaclabel(ifp),
	+ m, mlabel);
	MAC_IFNET_UNLOCK(ifp, locked);
	}

	diff --git a/sys/security/mac/mac_inet6.c b/sys/security/mac/mac_inet6.c
	--- a/sys/security/mac/mac_inet6.c
	+++ b/sys/security/mac/mac_inet6.c
	@@ -183,6 +183,6 @@

	mlabel = mac_mbuf_to_label(m);

	- MAC_POLICY_PERFORM_NOSLEEP(netinet6_nd6_send, ifp, ifp->if_label, m,
	+ MAC_POLICY_PERFORM_NOSLEEP(netinet6_nd6_send, ifp, if_getmaclabel(ifp), m,
	mlabel);
	}
	diff --git a/sys/security/mac/mac_net.c b/sys/security/mac/mac_net.c
	--- a/sys/security/mac/mac_net.c
	+++ b/sys/security/mac/mac_net.c
	@@ -143,9 +143,9 @@
	{

	if (mac_labeled & MPC_OBJECT_IFNET)
	- ifp->if_label = mac_ifnet_label_alloc();
	+ if_setmaclabel(ifp, mac_ifnet_label_alloc());
	else
	- ifp->if_label = NULL;
	+ if_setmaclabel(ifp, NULL);
	}

	int
	@@ -220,10 +220,10 @@
	void
	mac_ifnet_destroy(struct ifnet *ifp)
	{
	-
	- if (ifp->if_label != NULL) {
	- mac_ifnet_label_free(ifp->if_label);
	- ifp->if_label = NULL;
	+ struct label *label = if_getmaclabel(ifp);
	+ if (label != NULL) {
	+ mac_ifnet_label_free(label);
	+ if_setmaclabel(ifp, NULL);
	}
	}

	@@ -308,7 +308,7 @@
	return;

	MAC_IFNET_LOCK(ifp, locked);
	- MAC_POLICY_PERFORM_NOSLEEP(ifnet_create, ifp, ifp->if_label);
	+ MAC_POLICY_PERFORM_NOSLEEP(ifnet_create, ifp, if_getmaclabel(ifp));
	MAC_IFNET_UNLOCK(ifp, locked);
	}

	@@ -345,7 +345,7 @@
	label = mac_mbuf_to_label(m);

	MAC_IFNET_LOCK(ifp, locked);
	- MAC_POLICY_PERFORM_NOSLEEP(ifnet_create_mbuf, ifp, ifp->if_label, m,
	+ MAC_POLICY_PERFORM_NOSLEEP(ifnet_create_mbuf, ifp, if_getmaclabel(ifp), m,
	label);
	MAC_IFNET_UNLOCK(ifp, locked);
	}
	@@ -366,7 +366,7 @@

	MAC_IFNET_LOCK(ifp, locked);
	MAC_POLICY_CHECK_NOSLEEP(bpfdesc_check_receive, d, d->bd_label, ifp,
	- ifp->if_label);
	+ if_getmaclabel(ifp));
	MAC_CHECK_PROBE2(bpfdesc_check_receive, error, d, ifp);
	MAC_IFNET_UNLOCK(ifp, locked);

	@@ -387,7 +387,7 @@
	label = mac_mbuf_to_label(m);

	MAC_IFNET_LOCK(ifp, locked);
	- MAC_POLICY_CHECK_NOSLEEP(ifnet_check_transmit, ifp, ifp->if_label, m,
	+ MAC_POLICY_CHECK_NOSLEEP(ifnet_check_transmit, ifp, if_getmaclabel(ifp), m,
	label);
	MAC_CHECK_PROBE2(ifnet_check_transmit, error, ifp, m);
	MAC_IFNET_UNLOCK(ifp, locked);
	@@ -425,7 +425,7 @@
	buffer = malloc(mac.m_buflen, M_MACTEMP, M_WAITOK \| M_ZERO);
	intlabel = mac_ifnet_label_alloc();
	MAC_IFNET_LOCK(ifp, locked);
	- mac_ifnet_copy_label(ifp->if_label, intlabel);
	+ mac_ifnet_copy_label(if_getmaclabel(ifp), intlabel);
	MAC_IFNET_UNLOCK(ifp, locked);
	error = mac_ifnet_externalize_label(intlabel, elements, buffer,
	mac.m_buflen);
	@@ -486,14 +486,14 @@

	MAC_IFNET_LOCK(ifp, locked);
	MAC_POLICY_CHECK_NOSLEEP(ifnet_check_relabel, cred, ifp,
	- ifp->if_label, intlabel);
	+ if_getmaclabel(ifp), intlabel);
	if (error) {
	MAC_IFNET_UNLOCK(ifp, locked);
	mac_ifnet_label_free(intlabel);
	return (error);
	}

	- MAC_POLICY_PERFORM_NOSLEEP(ifnet_relabel, cred, ifp, ifp->if_label,
	+ MAC_POLICY_PERFORM_NOSLEEP(ifnet_relabel, cred, ifp, if_getmaclabel(ifp),
	intlabel);
	MAC_IFNET_UNLOCK(ifp, locked);

	diff --git a/sys/security/mac_biba/mac_biba.c b/sys/security/mac_biba/mac_biba.c
	--- a/sys/security/mac_biba/mac_biba.c
	+++ b/sys/security/mac_biba/mac_biba.c
	@@ -1064,7 +1064,7 @@

	dest = SLOT(ifplabel);

	- if (ifp->if_type == IFT_LOOP \|\| interfaces_equal != 0) {
	+ if (if_gettype(ifp) == IFT_LOOP \|\| interfaces_equal != 0) {
	type = MAC_BIBA_TYPE_EQUAL;
	goto set;
	}
	@@ -1091,7 +1091,7 @@
	if (len < IFNAMSIZ) {
	bzero(tifname, sizeof(tifname));
	bcopy(q, tifname, len);
	- if (strcmp(tifname, ifp->if_xname) == 0) {
	+ if (strcmp(tifname, if_name(ifp)) == 0) {
	type = MAC_BIBA_TYPE_HIGH;
	break;
	}
	diff --git a/sys/security/mac_ifoff/mac_ifoff.c b/sys/security/mac_ifoff/mac_ifoff.c
	--- a/sys/security/mac_ifoff/mac_ifoff.c
	+++ b/sys/security/mac_ifoff/mac_ifoff.c
	@@ -90,10 +90,10 @@
	if (!ifoff_enabled)
	return (0);

	- if (ifoff_lo_enabled && ifp->if_type == IFT_LOOP)
	+ if (ifoff_lo_enabled && if_gettype(ifp) == IFT_LOOP)
	return (0);

	- if (ifoff_other_enabled && ifp->if_type != IFT_LOOP)
	+ if (ifoff_other_enabled && if_gettype(ifp) != IFT_LOOP)
	return (0);

	return (EPERM);
	@@ -105,10 +105,10 @@
	if (!ifoff_enabled)
	return (0);

	- if (ifoff_lo_enabled && ifp->if_type == IFT_LOOP)
	+ if (ifoff_lo_enabled && if_gettype(ifp) == IFT_LOOP)
	return (0);

	- if (ifoff_other_enabled && ifp->if_type != IFT_LOOP)
	+ if (ifoff_other_enabled && if_gettype(ifp) != IFT_LOOP)
	return (0);

	if (viabpf && ifoff_bpfrecv_enabled)
	diff --git a/sys/security/mac_lomac/mac_lomac.c b/sys/security/mac_lomac/mac_lomac.c
	--- a/sys/security/mac_lomac/mac_lomac.c
	+++ b/sys/security/mac_lomac/mac_lomac.c
	@@ -1188,7 +1188,7 @@

	dest = SLOT(ifplabel);

	- if (ifp->if_type == IFT_LOOP) {
	+ if (if_gettype(ifp) == IFT_LOOP) {
	grade = MAC_LOMAC_TYPE_EQUAL;
	goto set;
	}
	@@ -1215,7 +1215,7 @@
	if (len < IFNAMSIZ) {
	bzero(tifname, sizeof(tifname));
	bcopy(q, tifname, len);
	- if (strcmp(tifname, ifp->if_xname) == 0) {
	+ if (strcmp(tifname, if_name(ifp)) == 0) {
	grade = MAC_LOMAC_TYPE_HIGH;
	break;
	}
	diff --git a/sys/security/mac_mls/mac_mls.c b/sys/security/mac_mls/mac_mls.c
	--- a/sys/security/mac_mls/mac_mls.c
	+++ b/sys/security/mac_mls/mac_mls.c
	@@ -1024,7 +1024,7 @@

	dest = SLOT(ifplabel);

	- if (ifp->if_type == IFT_LOOP)
	+ if (if_gettype(ifp) == IFT_LOOP)
	type = MAC_MLS_TYPE_EQUAL;
	else
	type = MAC_MLS_TYPE_LOW;

File Metadata

Mime Type: text/plain
Expires: Wed, Feb 5, 11:34 AM (20 h, 54 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 16473483
Default Alt Text: D38197.diff (6 KB)

D38197.diffNo OneTemporaryActions

D38197.diffView Options

File Metadata

Event Timeline

D38197.diff
No OneTemporary
Actions

D38197.diff
View Options