Date: Sun, 9 Nov 2003 06:47:27 -0800 (PST) From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 41799 for review Message-ID: <200311091447.hA9ElRG3098661@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=41799 Change 41799 by rwatson@rwatson_paprika on 2003/11/09 06:46:49 As with other objects, move to a (struct label *) pointer in POSIX semaphore structures, rather than a (struct label). Allocate POSIX semaphore labels from the label zone. Further update policies for previous change to pass in a pointer the label as well as a pointer to the semaphore structure, permitting policies to avoid knowledge of the semaphore structure when basing decisions solely on labels. Affected files ... .. //depot/projects/trustedbsd/mac/sys/kern/uipc_sem.c#16 edit .. //depot/projects/trustedbsd/mac/sys/posix4/ksem.h#4 edit .. //depot/projects/trustedbsd/mac/sys/security/mac/mac_posix_sem.c#7 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#225 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#117 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/kern/uipc_sem.c#16 (text+ko) ==== @@ -55,7 +55,6 @@ #include <sys/jail.h> #include <sys/fcntl.h> #ifdef MAC -#include <sys/_label.h> #include <sys/mac.h> #include <posix4/ksem.h> #endif ==== //depot/projects/trustedbsd/mac/sys/posix4/ksem.h#4 (text+ko) ==== @@ -47,8 +47,6 @@ #include <sys/condvar.h> #include <sys/proc.h> #include <sys/queue.h> -#include <sys/_label.h> -#include <sys/mac.h> #ifdef _KERNEL @@ -71,7 +69,7 @@ LIST_HEAD(, kuser) ks_users; /* pids using this sem */ struct mtx ks_mtx; /* mutex protecting this semaphore */ int ks_unlinked; /* Whether the named sem is unlinked */ - struct label ks_label; /* MAC label */ + struct label *ks_label; /* MAC label */ }; #endif /* _KERNEL */ ==== //depot/projects/trustedbsd/mac/sys/security/mac/mac_posix_sem.c#7 (text+ko) ==== @@ -59,29 +59,45 @@ &nmacposixksems, 0, "number of posix global semaphores inuse"); #endif +static struct label * +mac_posix_ksem_label_alloc(void) +{ + struct label *label; + + label = mac_labelzone_alloc(M_WAITOK); + MAC_PERFORM(init_posix_ksem_label, label); + MAC_DEBUG_COUNTER_INC(&nmacposixksems); + return (label); +} + void mac_init_posix_ksem(struct ksem *ksemptr) { - mac_init_label(&ksemptr->ks_label); - MAC_PERFORM(init_posix_ksem_label, &ksemptr->ks_label); - MAC_DEBUG_COUNTER_INC(&nmacposixksems); + ksemptr->ks_label = mac_posix_ksem_label_alloc(); +} + +static void +mac_posix_ksem_label_free(struct label *label) +{ + + MAC_PERFORM(destroy_posix_ksem_label, label); + MAC_DEBUG_COUNTER_DEC(&nmacposixksems); } void mac_destroy_posix_ksem(struct ksem *ksemptr) { - MAC_PERFORM(destroy_posix_ksem_label, &ksemptr->ks_label); - mac_destroy_label(&ksemptr->ks_label); - MAC_DEBUG_COUNTER_DEC(&nmacposixksems); + mac_posix_ksem_label_free(ksemptr->ks_label); + ksemptr->ks_label = NULL; } void mac_create_posix_ksem(struct ucred *cred, struct ksem *ksemptr) { - MAC_PERFORM(create_posix_ksem, cred, ksemptr, &ksemptr->ks_label); + MAC_PERFORM(create_posix_ksem, cred, ksemptr, ksemptr->ks_label); } int @@ -92,7 +108,7 @@ if (!mac_enforce_posix_sem) return (0); - MAC_CHECK(check_posix_sem_close, cred, ksemptr, &ksemptr->ks_label); + MAC_CHECK(check_posix_sem_close, cred, ksemptr, ksemptr->ks_label); return(error); } @@ -105,8 +121,7 @@ if (!mac_enforce_posix_sem) return (0); - MAC_CHECK(check_posix_sem_destroy, cred, ksemptr, - &ksemptr->ks_label); + MAC_CHECK(check_posix_sem_destroy, cred, ksemptr, ksemptr->ks_label); return(error); } @@ -120,7 +135,7 @@ return (0); MAC_CHECK(check_posix_sem_openexisting, cred, ksemptr, - &ksemptr->ks_label); + ksemptr->ks_label); return(error); } @@ -134,7 +149,7 @@ return (0); MAC_CHECK(check_posix_sem_getvalue, cred, ksemptr, - &ksemptr->ks_label); + ksemptr->ks_label); return(error); } @@ -147,7 +162,7 @@ if (!mac_enforce_posix_sem) return (0); - MAC_CHECK(check_posix_sem_post, cred, ksemptr, &ksemptr->ks_label); + MAC_CHECK(check_posix_sem_post, cred, ksemptr, ksemptr->ks_label); return(error); } @@ -160,7 +175,7 @@ if (!mac_enforce_posix_sem) return (0); - MAC_CHECK(check_posix_sem_unlink, cred, ksemptr, &ksemptr->ks_label); + MAC_CHECK(check_posix_sem_unlink, cred, ksemptr, ksemptr->ks_label); return(error); } @@ -173,7 +188,7 @@ if (!mac_enforce_posix_sem) return (0); - MAC_CHECK(check_posix_sem_wait, cred, ksemptr, &ksemptr->ks_label); + MAC_CHECK(check_posix_sem_wait, cred, ksemptr, ksemptr->ks_label); return(error); } ==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#225 (text+ko) ==== @@ -2164,7 +2164,7 @@ return (0); subj = SLOT(cred->cr_label); - obj = SLOT((&ksemptr->ks_label)); + obj = SLOT(ks_label); if (!mac_biba_dominate_single(subj, obj)) return (EACCES); @@ -2182,7 +2182,7 @@ return (0); subj = SLOT(cred->cr_label); - obj = SLOT((&ksemptr->ks_label)); + obj = SLOT(ks_label); if (!mac_biba_dominate_single(obj, subj)) return (EACCES); ==== //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#117 (text+ko) ==== @@ -1616,7 +1616,7 @@ { ASSERT_CRED_LABEL(cred->cr_label); - ASSERT_POSIX_LABEL(&ksemptr->ks_label); + ASSERT_POSIX_LABEL(ks_label); return (0); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200311091447.hA9ElRG3098661>