From owner-p4-projects@FreeBSD.ORG Mon Jan 22 16:08:53 2007 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id BC55416A479; Mon, 22 Jan 2007 16:08:53 +0000 (UTC) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 9629316A400 for ; Mon, 22 Jan 2007 16:08:53 +0000 (UTC) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (repoman.freebsd.org [69.147.83.41]) by mx1.freebsd.org (Postfix) with ESMTP id 84CBA13C45E for ; Mon, 22 Jan 2007 16:08:53 +0000 (UTC) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id l0MG8rPK027765 for ; Mon, 22 Jan 2007 16:08:53 GMT (envelope-from millert@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.6/8.13.4/Submit) id l0MG8r2r027762 for perforce@freebsd.org; Mon, 22 Jan 2007 16:08:53 GMT (envelope-from millert@freebsd.org) Date: Mon, 22 Jan 2007 16:08:53 GMT Message-Id: <200701221608.l0MG8r2r027762@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to millert@freebsd.org using -f From: Todd Miller To: Perforce Change Reviews Cc: Subject: PERFORCE change 113350 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Jan 2007 16:08:54 -0000 http://perforce.freebsd.org/chv.cgi?CH=113350 Change 113350 by millert@millert_macbook on 2007/01/22 16:08:06 No longer delay avc logging via printf() until the thread exits. It no longer seems to be required. Affected files ... .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/avc/avc_audit.c#5 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/linux-compat.h#6 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#70 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/avc/avc_audit.c#5 (text+ko) ==== @@ -43,76 +43,34 @@ /* * Emulate Linux audit API. - * In the future we may wish to use the BSM audit support instead. + * In the future we may wish to use the BSD audit support instead. */ +lck_spin_t *avc_log_lock; + struct audit_buffer { struct sbuf sbuf; char buf[1024]; }; - -#define AUDIT_SLOT_MAX 256 -static SInt32 nslots; -struct audit_buffer *audit_slots[AUDIT_SLOT_MAX]; - -lck_spin_t *avc_log_lock; +static struct audit_buffer audit_buf; struct audit_buffer * audit_log_start(void) { - struct audit_buffer *ab; - ab = sebsd_malloc(sizeof(*ab), M_SEBSD, M_NOWAIT); - if (ab != NULL) - sbuf_new(&ab->sbuf, ab->buf, sizeof(ab->buf), SBUF_FIXEDLEN); - - return (ab); + lck_spin_lock(avc_log_lock); + sbuf_new(&audit_buf.sbuf, audit_buf.buf, sizeof(audit_buf.buf), + SBUF_FIXEDLEN); + return (&audit_buf); } void audit_log_end(struct audit_buffer *ab) { - int i; - UInt32 oldval; sbuf_finish(&ab->sbuf); - - /* - * Find and claim an audit slot (assumes 32bit pointers). - */ - for (i = 0; i < AUDIT_SLOT_MAX; i++) { - oldval = (UInt32)audit_slots[i]; - if (oldval == 0 && OSCompareAndSwap(oldval, (UInt32)ab, - (UInt32 *)&audit_slots[i])) { - OSIncrementAtomic(&nslots); - return; - } - } - /* No free slots, drop record. */ - sebsd_free(ab, M_SEBSD); -} - -void -audit_log_process(void) -{ - struct audit_buffer *ab; - int i; - - /* - * Print and free all existing (finished) audit records. - */ - lck_spin_lock(avc_log_lock); - for (i = 0; nslots != 0 && i < AUDIT_SLOT_MAX; i++) { - ab = audit_slots[i]; - if (ab != NULL) { - if (OSCompareAndSwap((UInt32)ab, 0, - (UInt32 *)&audit_slots[i])) { - OSDecrementAtomic(&nslots); - printf("\n%s\n", sbuf_data(&ab->sbuf)); - sebsd_free(ab, M_SEBSD); - } - } - } + printf("\n%s\n", sbuf_data(&ab->sbuf)); + sbuf_delete(&ab->sbuf); /* XXX - not really needed */ lck_spin_unlock(avc_log_lock); } ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/linux-compat.h#6 (text+ko) ==== @@ -142,7 +142,6 @@ void audit_log_end(struct audit_buffer *); void audit_log_format(struct audit_buffer *, const char *, ...); void audit_log_untrustedstring(struct audit_buffer *, const char *); -void audit_log_process(void); #define audit_log(ac, mf, af, ...) sebsd_log(__VA_ARGS__) /* we don't enable the selinux netlbl support */ ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#70 (text+ko) ==== @@ -3530,14 +3530,6 @@ return (ipc_has_perm(cred, pshmlabel, SHM__DESTROY)); } -static void -sebsd_thread_userret(int code, int error, struct thread *thread) -{ - - /* Process any pending audit log records at syscall exit. */ - audit_log_process(); -} - static struct mac_policy_ops sebsd_ops = { .mpo_bpfdesc_label_associate = sebsd_bpfdesc_label_associate, .mpo_bpfdesc_label_destroy = sebsd_label_destroy, @@ -3749,7 +3741,6 @@ .mpo_task_label_init = sebsd_label_init, .mpo_task_label_internalize = sebsd_label_internalize, .mpo_task_label_update = sebsd_task_label_update, - .mpo_thread_userret = sebsd_thread_userret, .mpo_vnode_check_access = sebsd_vnode_check_access, .mpo_vnode_check_chdir = sebsd_vnode_check_chdir, .mpo_vnode_check_chroot = sebsd_vnode_check_chroot,