From owner-cvs-all Wed Oct 30 10:50:10 2002 Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D9DBF37B401; Wed, 30 Oct 2002 10:50:07 -0800 (PST) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7508443E77; Wed, 30 Oct 2002 10:50:07 -0800 (PST) (envelope-from rwatson@FreeBSD.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.12.6/8.12.6) with ESMTP id g9UImpmV071878; Wed, 30 Oct 2002 10:48:51 -0800 (PST) (envelope-from rwatson@repoman.freebsd.org) Received: (from rwatson@localhost) by repoman.freebsd.org (8.12.6/8.12.6/Submit) id g9UImp4j071876; Wed, 30 Oct 2002 10:48:51 -0800 (PST) Message-Id: <200210301848.g9UImp4j071876@repoman.freebsd.org> From: Robert Watson Date: Wed, 30 Oct 2002 10:48:51 -0800 (PST) To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/kern kern_mac.c src/sys/security/mac_biba mac_biba.c src/sys/security/mac_bsdextended mac_bsdextended.c src/sys/security/mac_ifoff mac_ifoff.c src/sys/security/mac_mls mac_mls.c src/sys/security/mac_none mac_none.c ... X-FreeBSD-CVS-Branch: HEAD Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG rwatson 2002/10/30 10:48:51 PST Modified files: sys/kern kern_mac.c sys/security/mac_biba mac_biba.c sys/security/mac_bsdextended mac_bsdextended.c sys/security/mac_ifoff mac_ifoff.c sys/security/mac_mls mac_mls.c sys/security/mac_none mac_none.c sys/security/mac_partition mac_partition.c sys/security/mac_seeotheruids mac_seeotheruids.c sys/security/mac_test mac_test.c sys/sys mac_policy.h Log: Move to C99 sparse structure initialization for the mac_policy_ops structure definition, rather than using an operation vector we translate into the structure. Originally, we used a vector for two reasons: (1) We wanted to define the structure sparsely, which wasn't supported by the C compiler for structures. For a policy with five entry points, you don't want to have to stick in a few hundred NULL function pointers. (2) We thought it would improve ABI compatibility allowing modules to work with kernels that had a superset of the entry points defined in the module, even if the kernel had changed its entry point set. Both of these no longer apply: (1) C99 gives us a way to sparsely define a static structure. (2) The ABI problems existed anyway, due to enumeration numbers, argument changes, and semantic mismatches. Since the going rule for FreeBSD is that you really need your modules to pretty closely match your kernel, it's not worth the complexity. This submit eliminates the operation vector, dynamic allocation of the operation structure, copying of the vector to the structure, and redoes the vectors in each policy to direct structure definitions. One enourmous benefit of this change is that we now get decent type checking on policy entry point implementation arguments. Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories Revision Changes Path 1.56 +0 -583 src/sys/kern/kern_mac.c 1.39 +132 -263 src/sys/security/mac_biba/mac_biba.c 1.6 +28 -55 src/sys/security/mac_bsdextended/mac_bsdextended.c 1.3 +5 -9 src/sys/security/mac_ifoff/mac_ifoff.c 1.29 +130 -259 src/sys/security/mac_mls/mac_mls.c 1.19 +136 -271 src/sys/security/mac_none/mac_none.c 1.2 +17 -33 src/sys/security/mac_partition/mac_partition.c 1.2 +7 -13 src/sys/security/mac_seeotheruids/mac_seeotheruids.c 1.16 +134 -265 src/sys/security/mac_test/mac_test.c 1.24 +4 -155 src/sys/sys/mac_policy.h To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message