From owner-p4-projects@FreeBSD.ORG Tue Aug 26 23:36:30 2008 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 020781065684; Tue, 26 Aug 2008 23:36:30 +0000 (UTC) Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A21D71065678 for ; Tue, 26 Aug 2008 23:36:29 +0000 (UTC) (envelope-from wsalamon@computer.org) Received: from repoman.freebsd.org (repoman.freebsd.org [IPv6:2001:4f8:fff6::29]) by mx1.freebsd.org (Postfix) with ESMTP id 779EB8FC18 for ; Tue, 26 Aug 2008 23:36:29 +0000 (UTC) (envelope-from wsalamon@computer.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.14.2/8.14.2) with ESMTP id m7QNaTih036987 for ; Tue, 26 Aug 2008 23:36:29 GMT (envelope-from wsalamon@computer.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.14.2/8.14.1/Submit) id m7QNaSKV036984 for perforce@freebsd.org; Tue, 26 Aug 2008 23:36:28 GMT (envelope-from wsalamon@computer.org) Date: Tue, 26 Aug 2008 23:36:28 GMT Message-Id: <200808262336.m7QNaSKV036984@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to wsalamon@computer.org using -f From: Wayne Salamon To: Perforce Change Reviews Cc: Subject: PERFORCE change 148562 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Aug 2008 23:36:30 -0000 http://perforce.freebsd.org/chv.cgi?CH=148562 Change 148562 by wsalamon@vh2 on 2008/08/26 23:36:13 For the MAC->AUDIT integration: Remove the do/while statements and place the declaration of variables and code that is conditionally compiled in the conventional #ifdef directives. Affected files ... .. //depot/projects/trustedbsd/audit_mac/src/sys/security/audit/audit.c#11 edit .. //depot/projects/trustedbsd/audit_mac/src/sys/security/audit/audit_bsm.c#5 edit Differences ... ==== //depot/projects/trustedbsd/audit_mac/src/sys/security/audit/audit.c#11 (text) ==== @@ -207,6 +207,9 @@ audit_record_dtor(void *mem, int size, void *arg) { struct kaudit_record *ar; +#ifdef MAC + struct mac_audit_record *head, *next; +#endif KASSERT(sizeof(*ar) == size, ("audit_record_dtor: wrong size")); @@ -226,19 +229,14 @@ #ifdef MAC /* Free the audit data from the MAC policies. */ - do { - struct mac_audit_record *head, *next; - - head = LIST_FIRST(ar->k_ar.ar_mac_records); - while (head != NULL) { - next = LIST_NEXT(head, records); - free(head->data, M_TEMP); - free(head, M_AUDITMAC); - head = next; - } - - free(ar->k_ar.ar_mac_records, M_AUDITMAC); - } while (0); + head = LIST_FIRST(ar->k_ar.ar_mac_records); + while (head != NULL) { + next = LIST_NEXT(head, records); + free(head->data, M_TEMP); + free(head, M_AUDITMAC); + head = next; + } + free(ar->k_ar.ar_mac_records, M_AUDITMAC); #endif } @@ -475,6 +473,9 @@ au_class_t class; au_event_t event; au_id_t auid; +#ifdef MAC + int ret; +#endif KASSERT(td->td_ar == NULL, ("audit_syscall_enter: td->td_ar != NULL")); @@ -508,14 +509,11 @@ * the thread for later use. */ #ifdef MAC -do { - int ret; ret = mac_audit_check_preselect(td->td_ucred, event); if (ret == MAC_AUDIT_YES) { td->td_ar = audit_new(event, td); td->td_ar->k_ar.ar_forced_by_mac = 1; - } - else if (ret == MAC_AUDIT_NO) { + } else if (ret == MAC_AUDIT_NO) { td->td_ar = NULL; } else { /* MAC_AUDIT_DEFAULT */ @@ -546,7 +544,6 @@ td->td_ar = NULL; #ifdef MAC } -} while (0); #endif } @@ -559,7 +556,11 @@ audit_syscall_exit(unsigned int code, int error, struct thread *td) { int retval; +#ifdef MAC + int ret; +#endif + /* * Commit the audit record as desired; once we pass the record into * audit_commit(), the memory is owned by the audit subsystem. The @@ -573,9 +574,6 @@ retval = td->td_retval[0]; #ifdef MAC -do { - int ret; - if (td->td_ar == NULL) /* syscall wasn't audited due to preselect */ return; @@ -590,7 +588,6 @@ td->td_ar = NULL; return; } -} while (0); #endif audit_commit(td->td_ar, error, retval); td->td_ar = NULL; ==== //depot/projects/trustedbsd/audit_mac/src/sys/security/audit/audit_bsm.c#5 (text) ==== @@ -378,6 +378,9 @@ au_tid_t tid; struct audit_record *ar; int ctr; +#ifdef MAC + struct mac_audit_record *mar; +#endif KASSERT(kar != NULL, ("kaudit_to_bsm: kar == NULL")); @@ -1430,33 +1433,29 @@ } #ifdef MAC - do { - /* Convert the audit data from the MAC policies */ - struct mac_audit_record *mar; - - LIST_FOREACH(mar, ar->ar_mac_records, records) { - switch (mar->type) { - case MAC_AUDIT_DATA_TYPE: - tok = au_to_data(AUP_BINARY, AUR_BYTE, - mar->length, mar->data); - kau_write(rec, tok); - break; - case MAC_AUDIT_TEXT_TYPE: - tok = au_to_text(mar->data); - kau_write(rec, tok); - break; - default: - /* - * XXX: we can either continue, - * skipping this particular entry, - * or we can pre-verify the list and - * abort before writing any records - */ - printf("kaudit_to_bsm(): BSM conversion requested for unknown mac_audit data type %d\n", - mar->type); - } + /* Convert the audit data from the MAC policies */ + LIST_FOREACH(mar, ar->ar_mac_records, records) { + switch (mar->type) { + case MAC_AUDIT_DATA_TYPE: + tok = au_to_data(AUP_BINARY, AUR_BYTE, + mar->length, mar->data); + kau_write(rec, tok); + break; + case MAC_AUDIT_TEXT_TYPE: + tok = au_to_text(mar->data); + kau_write(rec, tok); + break; + default: + /* + * XXX: we can either continue, + * skipping this particular entry, + * or we can pre-verify the list and + * abort before writing any records + */ + printf("kaudit_to_bsm(): BSM conversion requested for unknown mac_audit data type %d\n", + mar->type); } - } while (0); + } #endif kau_write(rec, subj_tok);