Date: Wed, 20 Mar 2002 13:00:11 -0800 (PST) From: Brian Feldman <green@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 8083 for review Message-ID: <200203202100.g2KL0Bb84418@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=8083 Change 8083 by green@green_laptop_2 on 2002/03/20 12:59:18 Convert the structs socket, bpf_d, and ifnet to also using mac_init_type(), mac_create_type*(), and mac_destroy_type(). Affected files ... ... //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#114 edit ... //depot/projects/trustedbsd/mac/sys/kern/uipc_socket.c#14 edit ... //depot/projects/trustedbsd/mac/sys/kern/uipc_socket2.c#11 edit ... //depot/projects/trustedbsd/mac/sys/net/bpf.c#9 edit ... //depot/projects/trustedbsd/mac/sys/net/if.c#14 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#114 (text+ko) ==== @@ -420,13 +420,29 @@ label->m_macflags = MAC_FLAG_INITIALIZED; } +static void +mac_destroy_label(struct mac *label) +{ + + KASSERT(label->m_macflags & MAC_FLAG_INITIALIZED, + ("destroying uninitialized label")); + label->m_macflags &= ~MAC_FLAG_INITIALIZED; +} + SYSCTL_NODE(_security_mac, OID_AUTO, debug, CTLFLAG_RW, 0, "TrustedBSD MAC debug info"); -static unsigned int nmacmbufs, nmacsubjects; +static unsigned int nmacmbufs, nmacsubjects, nmacifnets, nmacbpfdescs, + nmacsockets; SYSCTL_UINT(_security_mac_debug, OID_AUTO, mbufs, CTLFLAG_RD, &nmacmbufs, 0, "number of mbufs in use"); SYSCTL_UINT(_security_mac_debug, OID_AUTO, subjects, CTLFLAG_RD, &nmacsubjects, 0, "number of ucreds in use"); +SYSCTL_UINT(_security_mac_debug, OID_AUTO, ifnets, CTLFLAG_RD, + &nmacifnets, 0, "number of ifnets in use"); +SYSCTL_UINT(_security_mac_debug, OID_AUTO, bpfdescs, CTLFLAG_RD, + &nmacbpfdescs, 0, "number of bpfdescs in use"); +SYSCTL_UINT(_security_mac_debug, OID_AUTO, sockets, CTLFLAG_RD, + &nmacsockets, 0, "number of sockets in use"); int mac_init_mbuf(struct mbuf *m, int how) @@ -442,6 +458,7 @@ mac_destroy_mbuf(struct mbuf *m) { + mac_destroy_label(&m->m_pkthdr.label); atomic_subtract_int(&nmacmbufs, 1); } @@ -457,9 +474,58 @@ mac_destroy_subject(struct ucred *cr) { + mac_destroy_label(&cr->cr_label); atomic_subtract_int(&nmacsubjects, 1); } +void +mac_init_ifnet(struct ifnet *ifp) +{ + + mac_init_label(&ifp->if_label); + atomic_add_int(&nmacifnets, 1); +} + +void +mac_destroy_ifnet(struct ifnet *ifp) +{ + + mac_destroy_label(&ifp->if_label); + atomic_subtract_int(&nmacifnets, 1); +} + +void +mac_init_socket(struct socket *socket) +{ + + mac_init_label(&socket->so_label); + atomic_add_int(&nmacsockets, 1); +} + +void +mac_destroy_socket(struct socket *socket) +{ + + mac_destroy_label(&socket->so_label); + atomic_subtract_int(&nmacsockets, 1); +} + +void +mac_init_bpfdesc(struct bpf_d *bpf_d) +{ + + mac_init_label(&bpf_d->bd_label); + atomic_add_int(&nmacbpfdescs, 1); +} + +void +mac_destroy_bpfdesc(struct bpf_d *bpf_d) +{ + + mac_destroy_label(&bpf_d->bd_label); + atomic_subtract_int(&nmacbpfdescs, 1); +} + static int mac_label_valid(struct mac *label) { @@ -762,10 +828,9 @@ } void -mac_init_ifnet(struct ifnet *ifnet) +mac_create_ifnet(struct ifnet *ifnet) { - mac_init_label(&ifnet->if_label); MAC_PERFORM(create_ifnet, ifnet); } @@ -773,7 +838,6 @@ mac_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d) { - mac_init_label(&bpf_d->bd_label); MAC_PERFORM(create_bpfdesc, cred, bpf_d); } @@ -781,7 +845,6 @@ mac_create_socket(struct ucred *cred, struct socket *socket) { - mac_init_label(&socket->so_label); MAC_PERFORM(create_socket, cred, socket); } @@ -790,7 +853,6 @@ struct mac *newlabel) { - mac_init_label(&socket->so_label); MAC_PERFORM(relabel_socket, cred, socket, newlabel); } ==== //depot/projects/trustedbsd/mac/sys/kern/uipc_socket.c#14 (text+ko) ==== @@ -130,6 +130,9 @@ /* sx_init(&so->so_sxlock, "socket sxlock"); */ TAILQ_INIT(&so->so_aiojobq); ++numopensockets; +#ifdef MAC + mac_init_socket(so); +#endif /* MAC */ } return so; } @@ -230,6 +233,9 @@ FREE(so->so_accf, M_ACCF); } #endif +#ifdef MAC + mac_destroy_socket(so); +#endif /* MAC */ crfree(so->so_cred); /* sx_destroy(&so->so_sxlock); */ zfree(so->so_zone, so); ==== //depot/projects/trustedbsd/mac/sys/kern/uipc_socket2.c#11 (text+ko) ==== ==== //depot/projects/trustedbsd/mac/sys/net/bpf.c#9 (text+ko) ==== @@ -346,6 +346,7 @@ d->bd_sig = SIGIO; d->bd_seesent = 1; #ifdef MAC + mac_init_bpfdesc(d); mac_create_bpfdesc(td->td_proc->p_ucred, d); #endif mtx_init(&d->bd_mtx, devtoname(dev), MTX_DEF); @@ -378,6 +379,9 @@ if (d->bd_bif) bpf_detachd(d); mtx_unlock(&bpf_mtx); +#ifdef MAC + mac_destroy_bpfdesc(d); +#endif /* MAC */ bpf_freed(d); dev->si_drv1 = 0; FREE(d, M_BPF); ==== //depot/projects/trustedbsd/mac/sys/net/if.c#14 (text+ko) ==== @@ -390,6 +390,7 @@ #ifdef MAC mac_init_ifnet(ifp); + mac_create_ifnet(ifp); #endif ifp->if_index = if_findindex(ifp); @@ -528,6 +529,9 @@ /* Announce that the interface is gone. */ rt_ifannouncemsg(ifp, IFAN_DEPARTURE); +#ifdef MAC + mac_destroy_ifnet(ifp); +#endif /* MAC */ KNOTE(&ifp->if_klist, NOTE_EXIT); TAILQ_REMOVE(&ifnet, ifp, if_link); mtx_destroy(&ifp->if_snd.ifq_mtx); To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200203202100.g2KL0Bb84418>