Date: Thu, 15 Nov 2007 11:46:22 GMT From: Zhouyi ZHOU <zhouzhouyi@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 129083 for review Message-ID: <200711151146.lAFBkMmx040949@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=129083 Change 129083 by zhouzhouyi@zhouzhouyi_mactest on 2007/11/15 11:46:10 Modify the code style according to style(9), and modify the error handling style to make the code more mature Affected files ... .. //depot/projects/soc2007/zhouzhouyi_mactest_soc/sys/security/mac_test/mac_test.c#12 edit .. //depot/projects/soc2007/zhouzhouyi_mactest_soc/sys/security/mac_test/mac_test_if.c#4 edit .. //depot/projects/soc2007/zhouzhouyi_mactest_soc/sys/security/mac_test/mac_test_log.c#6 edit .. //depot/projects/soc2007/zhouzhouyi_mactest_soc/sys/security/mac_test/mac_test_private.h#7 edit Differences ... ==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/sys/security/mac_test/mac_test.c#12 (text+ko) ==== @@ -82,6 +82,9 @@ SYSCTL_NODE(_security_mac, OID_AUTO, test, CTLFLAG_RW, 0, "TrustedBSD mac_test policy controls"); +SYSCTL_PROC(_security_mac_test, OID_AUTO, pseudoinit, CTLTYPE_INT | CTLFLAG_RW, 0, 0, + mac_test_init_if, "I", "set to setup the pseudo interfaces for MAC test"); + #define MAGIC_BPF 0xfe1ad1b6 #define MAGIC_DEVFS 0x9ee79c32 #define MAGIC_IFNET 0xc218b120 @@ -2725,9 +2728,15 @@ { LOG_DECL - LABEL_CHECK(cred->cr_label, MAGIC_CRED); - LABEL_CHECK(vplabel, MAGIC_VNODE); - COUNTER_INC(vnode_check_setextattr); + if (attrnamespace == EXTATTR_NAMESPACE_SYSTEM && !strcmp(name, "mac_test") + && uio->uio_iov->iov_len && !strncmp(uio->uio_iov->iov_base, "mac_test", 8)) + LABEL_INIT(vplabel, MAGIC_MACTESTLOG); + else { + LABEL_CHECK(cred->cr_label, MAGIC_CRED); + LABEL_CHECK(vplabel, MAGIC_VNODE); + COUNTER_INC(vnode_check_setextattr); + } + return (0); } ==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/sys/security/mac_test/mac_test_if.c#4 (text+ko) ==== @@ -28,8 +28,7 @@ /* * Developed by the TrustedBSD Project. - * Generic mandatory access module that does nothing. - * Generate a pair of pseudo ethernet nodes + * Generate a pair of pseudo ethernet nodes for test */ /* @@ -79,6 +78,7 @@ #include <netinet/ip_var.h> #include <machine/in_cksum.h> #include "mac_test_private.h" + #ifdef KDB #define DEBUGGER(x) kdb_enter(x) #else @@ -101,7 +101,7 @@ ifp0->if_input(ifp0, mbuf); } } - + static void pseudoread1 (void *arg) { @@ -135,17 +135,13 @@ IFQ_DRV_DEQUEUE(&ifp->if_snd, mbuf); if (mbuf == NULL) break; -/* mbuf = m_defrag(m, M_DONTWAIT); - if (mbuf == NULL){ - m_freem(m); - return; - }*/ + eh = mtod(mbuf, struct ether_header *); - /* (void)memcpy(eaddrdst, eh->ether_dhost, sizeof(eaddrdst)); - (void)memcpy(eaddrsrc, eh->ether_shost, sizeof(eaddrsrc));*/ + ether_type = ntohs(eh->ether_type); ether_typesave = eh->ether_type; m_adj(mbuf, ETHER_HDR_LEN); + switch (ether_type) { case ETHERTYPE_IP: ip = mtod(mbuf, struct ip *); ==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/sys/security/mac_test/mac_test_log.c#6 (text+ko) ==== @@ -60,10 +60,8 @@ #include <sys/queue.h> #include <sys/systm.h> #include <sys/kthread.h> - +#include <security/mac_test/mac_test_private.h> -#include <security/mac_test/mac_test_private.h> -#define MAC_TEST_LOG_FILENAME "mactest" char *elements="?biba,?lomac,?mls,?sebsd"; static struct cdev *mac_test_log_dev; @@ -83,6 +81,8 @@ static TAILQ_HEAD(, mac_test_log_entry) mac_test_log_list; +static struct proc *mac_test_thread; + static struct vnode *logvnode = 0; @@ -95,7 +95,9 @@ int flags, vfslocked; struct mount *mp; struct vattr vat; - + struct uio auio; + struct iovec aiov; + /* Only one process may open the device at a time. */ mtx_lock(&mac_test_log_mtx); if (!mac_test_log_isopen) { @@ -105,32 +107,57 @@ error = EBUSY; mtx_unlock(&mac_test_log_mtx); + if (error) + goto out; + +/* copy from kern/vfs_extattr.c */ NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | MPSAFE, UIO_SYSSPACE, "/var/log/mactest", curthread); flags = O_CREAT|O_TRUNC|FWRITE; error = vn_open(&nd, &flags, S_IRUSR| S_IWUSR, NULL); + if (error) + goto out; + vfslocked = NDHASGIANT(&nd); logvnode = nd.ni_vp; VOP_UNLOCK(logvnode, 0, curthread); - /*truncate it to zero*/ - vn_start_write(logvnode, &mp, V_WAIT | PCATCH); + + if ((error = vn_start_write(logvnode, &mp, V_WAIT))) + goto bad; + VOP_LEASE(logvnode, curthread, curthread->td_ucred, LEASE_WRITE); VATTR_NULL(&vat); vat.va_size = 0; vn_lock(logvnode, LK_EXCLUSIVE | LK_RETRY, curthread); - VOP_SETATTR(logvnode, &vat, curthread->td_ucred, curthread); + /*do truncate */ + error = VOP_SETATTR(logvnode, &vat, curthread->td_ucred, curthread); + + + /*set the external attribute */ + aiov.iov_base = "mac_test"; + aiov.iov_len = strlen("mac_test"); + auio.uio_iov = &aiov; + auio.uio_iovcnt = 1; + auio.uio_offset = 0; + auio.uio_resid = strlen("mac_test"); + auio.uio_rw = UIO_WRITE; + auio.uio_segflg = UIO_SYSSPACE; + auio.uio_td = curthread; + + mac_vnode_check_setextattr(curthread->td_ucred, logvnode, + EXTATTR_NAMESPACE_SYSTEM, "mac_test", &auio); + error = VOP_SETEXTATTR(logvnode, EXTATTR_NAMESPACE_SYSTEM, + "mac_test", &auio, curthread->td_ucred, curthread); VOP_UNLOCK(logvnode, 0, curthread); vn_finished_write(mp); - extattr_set_vp1(logvnode, EXTATTR_NAMESPACE_SYSTEM, "mac_test", - "mac_test", strlen("mac_test"), curthread); - +bad: NDFREE(&nd, NDF_ONLY_PNBUF); - VFS_UNLOCK_GIANT(vfslocked); - + VFS_UNLOCK_GIANT(vfslocked); +out: return (error); } @@ -148,9 +175,9 @@ continue; } mtx_unlock(&mac_test_wait_close); - vn_close(logvnode, O_CREAT|O_TRUNC|FWRITE, curthread->td_ucred, + return vn_close(logvnode, O_CREAT|O_TRUNC|FWRITE, curthread->td_ucred, curthread); - return (0); + } static int @@ -176,9 +203,18 @@ if (!mac_test_can_log) return; + + mte = malloc(sizeof(*mte), M_MAC_TEST_LOG, M_NOWAIT | M_ZERO); + if (NULL == mte) { + return; + } - mte = malloc(sizeof(*mte), M_MAC_TEST_LOG, M_NOWAIT | M_ZERO); mte->mte_record = malloc(record_len, M_MAC_TEST_LOG, M_NOWAIT); + if (NULL == mte->mte_record) { + free(mte, M_MAC_TEST_LOG); + return; + } + bcopy(record, mte->mte_record, record_len); mte->mte_record_len = record_len; mtx_lock(&mac_test_submit_mtx); @@ -225,7 +261,6 @@ } } -static struct proc *mac_test_thread; static void mac_test_log_cdev_init(void *unused) { ==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/sys/security/mac_test/mac_test_private.h#7 (text+ko) ==== @@ -39,8 +39,11 @@ #include <security/mac/mac_internal.h> #include <security/mac/mac_framework.h> +#define MAC_TEST_LOG_FILENAME "mactest" + void mac_test_log_submit(void *record, u_int record_len); + int mac_test_init_if(SYSCTL_HANDLER_ARGS); @@ -61,276 +64,5 @@ static MALLOC_DEFINE(M_MAC_TEST_LOG, "mac_test_log", "mac test logs"); -#define MAC_TEST_LOG_SUBMIT_WITHPID(string,length) do { \ - char *buffer; \ - char *charpoint; \ - struct thread *td = curthread; \ - buffer = malloc(1024, M_MAC_TEST_LOG, M_NOWAIT); \ - if (!buffer) \ - goto exit6; \ - sprintf(buffer,"pid = %d ", td->td_proc->p_pid); \ - charpoint = buffer + strlen(buffer); \ - strcpy(charpoint, string); \ - charpoint += strlen(charpoint); - - -#define MAC_TEST_LOG_DO_SUBMIT \ - mac_test_log_submit(buffer, strlen(buffer)); \ - free(buffer, M_MAC_TEST_LOG); \ -exit6: \ - ; \ -}while(0) - -#define MAC_TEST_LOG_SUBMIT_LABEL(type,label) { \ - int error; \ - int strleng = 0; \ - char *buffer1; \ - char *elements1 = malloc(256, M_MAC_TEST_LOG, M_NOWAIT); \ - if (!elements1) \ - goto exit1; \ - strcpy(elements1, elements); \ - buffer1 = malloc(256, M_MAC_TEST_LOG, M_NOWAIT); \ - if (!buffer1) \ - goto exit; \ - if (!label) \ - strcpy(buffer1,"NULL"); \ - else \ - MAC_EXTERNALIZE(type,label, elements1, buffer1, 256); \ - strleng = strlen(buffer1); \ - *(buffer1 + strleng) = '\n'; \ - *(buffer1 + strleng + 1) = 0; \ - strcpy(charpoint, buffer1); \ - mac_test_log_submit(buffer, strlen(buffer)); \ - free(buffer1, M_MAC_TEST_LOG); \ -exit: \ - free(elements1, M_MAC_TEST_LOG); \ -exit1: \ - free(buffer, M_MAC_TEST_LOG); \ -exit6: \ - ;/*extra ; to avoid label at the end of compound statement*/ \ -}}while(0) - -#define MAC_TEST_LOG_SUBMIT_LABEL2(type,label,type1,label1) { \ - int error; \ - char *buffer1; \ - int strleng = 0; \ - char *elements1 = malloc(256, M_MAC_TEST_LOG, M_NOWAIT); \ - if (!elements1) \ - goto exit3; \ - strcpy(elements1, elements); \ - buffer1 = malloc(256, M_MAC_TEST_LOG, M_NOWAIT); \ - if (!buffer1) \ - goto exit2; \ - if (!label) \ - strcpy(buffer1,"NULL"); \ - else \ - MAC_EXTERNALIZE(type,label, elements1, buffer1, 256); \ - sprintf(charpoint, "%s ", buffer1); \ - charpoint += strlen(charpoint); \ - strcpy(elements1, elements); \ - if (!label1) \ - strcpy(buffer1,"NULL"); \ - else \ - MAC_EXTERNALIZE(type1,label1, elements1, buffer1, 256); \ - strleng = strlen(buffer1); \ - *(buffer1 + strleng) = '\n'; \ - *(buffer1 + strleng + 1) = 0; \ - strcpy(charpoint, buffer1); \ - mac_test_log_submit(buffer, strlen(buffer)); \ - free(buffer1, M_MAC_TEST_LOG); \ -exit2: \ - free(elements1, M_MAC_TEST_LOG); \ -exit3: \ - free(buffer, M_MAC_TEST_LOG); \ -exit6: \ - ;/*extra ; to avoid label at the end of compound statement*/ \ -}}while(0) - -#define MAC_TEST_LOG_SUBMIT_LABEL3(type,label,type1,label1,type2,label2) { \ - int error; \ - int strleng = 0; \ - char *buffer1; \ - char *elements1 = malloc(256, M_MAC_TEST_LOG, M_NOWAIT); \ - if (!elements1) \ - goto exit5; \ - strcpy(elements1, elements); \ - buffer1 = malloc(256, M_MAC_TEST_LOG, M_NOWAIT); \ - if (!buffer1) \ - goto exit4; \ - if (!label) \ - strcpy(buffer1,"NULL"); \ - else \ - MAC_EXTERNALIZE(type,label, elements1, buffer1, 256); \ - sprintf(charpoint, "%s ", buffer1); \ - charpoint += strlen(charpoint); \ - strcpy(elements1, elements); \ - if (!label1) \ - strcpy(buffer1,"NULL"); \ - else \ - MAC_EXTERNALIZE(type1,label1, elements1, buffer1, 256); \ - sprintf(charpoint, "%s ", buffer1); \ - charpoint += strlen(charpoint); \ - strcpy(elements1, elements); \ - if (!label2) \ - strcpy(buffer1,"NULL"); \ - else \ - MAC_EXTERNALIZE(type2,label2, elements1, buffer1, 256); \ - strleng = strlen(buffer1); \ - *(buffer1 + strleng) = '\n'; \ - *(buffer1 + strleng + 1) = 0; \ - strcpy(charpoint, buffer1); \ - mac_test_log_submit(buffer, strlen(buffer)); \ - free(buffer1, M_MAC_TEST_LOG); \ -exit4: \ - free(elements1, M_MAC_TEST_LOG); \ -exit5: \ - free(buffer, M_MAC_TEST_LOG); \ -exit6: \ - ;/*extra ; to avoid label at the end of compound statement*/ \ -}}while(0) - - -#define MAC_TEST_LOG_SUBMIT_LABEL4(type,label,type1,label1,type2,label2,\ - type3,label3) \ - { \ - int error; \ - int strleng = 0; \ - char *buffer1; \ - char *elements1 = malloc(256, M_MAC_TEST_LOG, M_NOWAIT); \ - if (!elements1) \ - goto exit8; \ - strcpy(elements1, elements); \ - buffer1 = malloc(256, M_MAC_TEST_LOG, M_NOWAIT); \ - if (!buffer1) \ - goto exit7; \ - if (!label) \ - strcpy(buffer1,"NULL"); \ - else \ - MAC_EXTERNALIZE(type,label, elements1, buffer1, 256); \ - sprintf(charpoint, "%s ", buffer1); \ - charpoint += strlen(charpoint); \ - strcpy(elements1, elements); \ - if (!label1) \ - strcpy(buffer1,"NULL"); \ - else \ - MAC_EXTERNALIZE(type1,label1, elements1, buffer1, 256); \ - sprintf(charpoint, "%s ", buffer1); \ - charpoint += strlen(charpoint); \ - strcpy(elements1, elements); \ - if (!label2) \ - strcpy(buffer1,"NULL"); \ - else \ - MAC_EXTERNALIZE(type2,label2, elements1, buffer1, 256); \ - sprintf(charpoint, "%s ", buffer1); \ - charpoint += strlen(charpoint); \ - strcpy(elements1, elements); \ - if (!label3) \ - strcpy(buffer1,"NULL"); \ - else \ - MAC_EXTERNALIZE(type3,label3, elements1, buffer1, 256); \ - strleng = strlen(buffer1); \ - *(buffer1 + strleng) = '\n'; \ - *(buffer1 + strleng + 1) = 0; \ - strcpy(charpoint, buffer1); \ - mac_test_log_submit(buffer, strlen(buffer)); \ - free(buffer1, M_MAC_TEST_LOG); \ -exit7: \ - free(elements1, M_MAC_TEST_LOG); \ -exit8: \ - free(buffer, M_MAC_TEST_LOG); \ -exit6: \ - ;/*extra ; to avoid label at the end of compound statement*/ \ -}}while(0) - - -#define MAC_TEST_LOG_SUBMIT_LABEL5(type,label,type1,label1,type2,label2,\ - type3,label3, type4, label4) \ - { \ - int error; \ - int strleng = 0; \ - char *buffer1; \ - char *elements1 = malloc(256, M_MAC_TEST_LOG, M_NOWAIT); \ - if (!elements1) \ - goto exit10; \ - strcpy(elements1, elements); \ - buffer1 = malloc(256, M_MAC_TEST_LOG, M_NOWAIT); \ - if (!buffer1) \ - goto exit9; \ - if (!label) \ - strcpy(buffer1,"NULL"); \ - else \ - MAC_EXTERNALIZE(type,label, elements1, buffer1, 256); \ - sprintf(charpoint, "%s ", buffer1); \ - charpoint += strlen(charpoint); \ - strcpy(elements1, elements); \ - if (!label1) \ - strcpy(buffer1,"NULL"); \ - else \ - MAC_EXTERNALIZE(type1,label1, elements1, buffer1, 256); \ - sprintf(charpoint, "%s ", buffer1); \ - charpoint += strlen(charpoint); \ - strcpy(elements1, elements); \ - if (!label2) \ - strcpy(buffer1,"NULL"); \ - else \ - MAC_EXTERNALIZE(type2,label2, elements1, buffer1, 256); \ - sprintf(charpoint, "%s ", buffer1); \ - charpoint += strlen(charpoint); \ - strcpy(elements1, elements); \ - if (!label3) \ - strcpy(buffer1,"NULL"); \ - else \ - MAC_EXTERNALIZE(type3,label3, elements1, buffer1, 256); \ - sprintf(charpoint, "%s ", buffer1); \ - charpoint += strlen(charpoint); \ - strcpy(elements1, elements); \ - if (!label4) \ - strcpy(buffer1,"NULL"); \ - else \ - MAC_EXTERNALIZE(type4,label4, elements1, buffer1, 256); \ - strleng = strlen(buffer1); \ - *(buffer1 + strleng) = '\n'; \ - *(buffer1 + strleng + 1) = 0; \ - strcpy(charpoint, buffer1); \ - mac_test_log_submit(buffer, strlen(buffer)); \ - free(buffer1, M_MAC_TEST_LOG); \ -exit9: \ - free(elements1, M_MAC_TEST_LOG); \ -exit10: \ - free(buffer, M_MAC_TEST_LOG); \ -exit6: \ - ;/*extra ; to avoid label at the end of compound statement*/ \ -}}while(0) - -#define extattr_set_vp1(vp, attrnamespace, attrname, data, nbytes, td)do\ -{ \ - struct mount *mp; \ - struct uio auio; \ - struct iovec aiov; \ - ssize_t count; \ - int error; \ - VFS_ASSERT_GIANT(vp->v_mount); \ - error = vn_start_write(vp, &mp, V_WAIT | PCATCH); \ - VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE); \ - vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); \ - aiov.iov_base = data; \ - aiov.iov_len = nbytes; \ - auio.uio_iov = &aiov; \ - auio.uio_iovcnt = 1; \ - auio.uio_offset = 0; \ - auio.uio_resid = nbytes; \ - auio.uio_rw = UIO_WRITE; \ - auio.uio_segflg = UIO_SYSSPACE; \ - auio.uio_td = td; \ - count = nbytes; \ - mac_vnode_check_setextattr(td->td_ucred, vp, attrnamespace, \ - attrname, &auio); \ - error = VOP_SETEXTATTR(vp, attrnamespace, attrname, &auio, \ - td->td_ucred, td); \ - count -= auio.uio_resid; \ - td->td_retval[0] = count; \ - VOP_UNLOCK(vp, 0, td); \ - vn_finished_write(mp); \ -}while(0) #endif /* ! _SECURITY_MAC_TEST_PRIVATE_H */
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200711151146.lAFBkMmx040949>