Date: Wed, 30 Oct 2002 10:48:51 -0800 (PST) From: Robert Watson <rwatson@FreeBSD.org> To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/kern kern_mac.c src/sys/security/mac_biba mac_biba.c src/sys/security/mac_bsdextended mac_bsdextended.c src/sys/security/mac_ifoff mac_ifoff.c src/sys/security/mac_mls mac_mls.c src/sys/security/mac_none mac_none.c ... Message-ID: <200210301848.g9UImp4j071876@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
rwatson 2002/10/30 10:48:51 PST
Modified files:
sys/kern kern_mac.c
sys/security/mac_biba mac_biba.c
sys/security/mac_bsdextended mac_bsdextended.c
sys/security/mac_ifoff mac_ifoff.c
sys/security/mac_mls mac_mls.c
sys/security/mac_none mac_none.c
sys/security/mac_partition mac_partition.c
sys/security/mac_seeotheruids mac_seeotheruids.c
sys/security/mac_test mac_test.c
sys/sys mac_policy.h
Log:
Move to C99 sparse structure initialization for the mac_policy_ops
structure definition, rather than using an operation vector
we translate into the structure. Originally, we used a vector
for two reasons:
(1) We wanted to define the structure sparsely, which wasn't
supported by the C compiler for structures. For a policy
with five entry points, you don't want to have to stick in
a few hundred NULL function pointers.
(2) We thought it would improve ABI compatibility allowing modules
to work with kernels that had a superset of the entry points
defined in the module, even if the kernel had changed its
entry point set.
Both of these no longer apply:
(1) C99 gives us a way to sparsely define a static structure.
(2) The ABI problems existed anyway, due to enumeration numbers,
argument changes, and semantic mismatches. Since the going
rule for FreeBSD is that you really need your modules to
pretty closely match your kernel, it's not worth the
complexity.
This submit eliminates the operation vector, dynamic allocation
of the operation structure, copying of the vector to the
structure, and redoes the vectors in each policy to direct
structure definitions. One enourmous benefit of this change
is that we now get decent type checking on policy entry point
implementation arguments.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
Revision Changes Path
1.56 +0 -583 src/sys/kern/kern_mac.c
1.39 +132 -263 src/sys/security/mac_biba/mac_biba.c
1.6 +28 -55 src/sys/security/mac_bsdextended/mac_bsdextended.c
1.3 +5 -9 src/sys/security/mac_ifoff/mac_ifoff.c
1.29 +130 -259 src/sys/security/mac_mls/mac_mls.c
1.19 +136 -271 src/sys/security/mac_none/mac_none.c
1.2 +17 -33 src/sys/security/mac_partition/mac_partition.c
1.2 +7 -13 src/sys/security/mac_seeotheruids/mac_seeotheruids.c
1.16 +134 -265 src/sys/security/mac_test/mac_test.c
1.24 +4 -155 src/sys/sys/mac_policy.h
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200210301848.g9UImp4j071876>