Date: Tue, 26 Aug 2008 23:36:28 GMT From: Wayne Salamon <wsalamon@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 148562 for review Message-ID: <200808262336.m7QNaSKV036984@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=148562 Change 148562 by wsalamon@vh2 on 2008/08/26 23:36:13 For the MAC->AUDIT integration: Remove the do/while statements and place the declaration of variables and code that is conditionally compiled in the conventional #ifdef directives. Affected files ... .. //depot/projects/trustedbsd/audit_mac/src/sys/security/audit/audit.c#11 edit .. //depot/projects/trustedbsd/audit_mac/src/sys/security/audit/audit_bsm.c#5 edit Differences ... ==== //depot/projects/trustedbsd/audit_mac/src/sys/security/audit/audit.c#11 (text) ==== @@ -207,6 +207,9 @@ audit_record_dtor(void *mem, int size, void *arg) { struct kaudit_record *ar; +#ifdef MAC + struct mac_audit_record *head, *next; +#endif KASSERT(sizeof(*ar) == size, ("audit_record_dtor: wrong size")); @@ -226,19 +229,14 @@ #ifdef MAC /* Free the audit data from the MAC policies. */ - do { - struct mac_audit_record *head, *next; - - head = LIST_FIRST(ar->k_ar.ar_mac_records); - while (head != NULL) { - next = LIST_NEXT(head, records); - free(head->data, M_TEMP); - free(head, M_AUDITMAC); - head = next; - } - - free(ar->k_ar.ar_mac_records, M_AUDITMAC); - } while (0); + head = LIST_FIRST(ar->k_ar.ar_mac_records); + while (head != NULL) { + next = LIST_NEXT(head, records); + free(head->data, M_TEMP); + free(head, M_AUDITMAC); + head = next; + } + free(ar->k_ar.ar_mac_records, M_AUDITMAC); #endif } @@ -475,6 +473,9 @@ au_class_t class; au_event_t event; au_id_t auid; +#ifdef MAC + int ret; +#endif KASSERT(td->td_ar == NULL, ("audit_syscall_enter: td->td_ar != NULL")); @@ -508,14 +509,11 @@ * the thread for later use. */ #ifdef MAC -do { - int ret; ret = mac_audit_check_preselect(td->td_ucred, event); if (ret == MAC_AUDIT_YES) { td->td_ar = audit_new(event, td); td->td_ar->k_ar.ar_forced_by_mac = 1; - } - else if (ret == MAC_AUDIT_NO) { + } else if (ret == MAC_AUDIT_NO) { td->td_ar = NULL; } else { /* MAC_AUDIT_DEFAULT */ @@ -546,7 +544,6 @@ td->td_ar = NULL; #ifdef MAC } -} while (0); #endif } @@ -559,7 +556,11 @@ audit_syscall_exit(unsigned int code, int error, struct thread *td) { int retval; +#ifdef MAC + int ret; +#endif + /* * Commit the audit record as desired; once we pass the record into * audit_commit(), the memory is owned by the audit subsystem. The @@ -573,9 +574,6 @@ retval = td->td_retval[0]; #ifdef MAC -do { - int ret; - if (td->td_ar == NULL) /* syscall wasn't audited due to preselect */ return; @@ -590,7 +588,6 @@ td->td_ar = NULL; return; } -} while (0); #endif audit_commit(td->td_ar, error, retval); td->td_ar = NULL; ==== //depot/projects/trustedbsd/audit_mac/src/sys/security/audit/audit_bsm.c#5 (text) ==== @@ -378,6 +378,9 @@ au_tid_t tid; struct audit_record *ar; int ctr; +#ifdef MAC + struct mac_audit_record *mar; +#endif KASSERT(kar != NULL, ("kaudit_to_bsm: kar == NULL")); @@ -1430,33 +1433,29 @@ } #ifdef MAC - do { - /* Convert the audit data from the MAC policies */ - struct mac_audit_record *mar; - - LIST_FOREACH(mar, ar->ar_mac_records, records) { - switch (mar->type) { - case MAC_AUDIT_DATA_TYPE: - tok = au_to_data(AUP_BINARY, AUR_BYTE, - mar->length, mar->data); - kau_write(rec, tok); - break; - case MAC_AUDIT_TEXT_TYPE: - tok = au_to_text(mar->data); - kau_write(rec, tok); - break; - default: - /* - * XXX: we can either continue, - * skipping this particular entry, - * or we can pre-verify the list and - * abort before writing any records - */ - printf("kaudit_to_bsm(): BSM conversion requested for unknown mac_audit data type %d\n", - mar->type); - } + /* Convert the audit data from the MAC policies */ + LIST_FOREACH(mar, ar->ar_mac_records, records) { + switch (mar->type) { + case MAC_AUDIT_DATA_TYPE: + tok = au_to_data(AUP_BINARY, AUR_BYTE, + mar->length, mar->data); + kau_write(rec, tok); + break; + case MAC_AUDIT_TEXT_TYPE: + tok = au_to_text(mar->data); + kau_write(rec, tok); + break; + default: + /* + * XXX: we can either continue, + * skipping this particular entry, + * or we can pre-verify the list and + * abort before writing any records + */ + printf("kaudit_to_bsm(): BSM conversion requested for unknown mac_audit data type %d\n", + mar->type); } - } while (0); + } #endif kau_write(rec, subj_tok);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200808262336.m7QNaSKV036984>