From owner-p4-projects Wed Mar 20 13: 0:33 2002 Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 531E737B400; Wed, 20 Mar 2002 13:00:13 -0800 (PST) Delivered-To: perforce@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 4A16A37B404 for ; Wed, 20 Mar 2002 13:00:12 -0800 (PST) Received: (from perforce@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g2KL0Bb84418 for perforce@freebsd.org; Wed, 20 Mar 2002 13:00:11 -0800 (PST) (envelope-from green@freebsd.org) Date: Wed, 20 Mar 2002 13:00:11 -0800 (PST) Message-Id: <200203202100.g2KL0Bb84418@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: perforce set sender to green@freebsd.org using -f From: Brian Feldman Subject: PERFORCE change 8083 for review To: Perforce Change Reviews Sender: owner-p4-projects@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG http://people.freebsd.org/~peter/p4db/chv.cgi?CH=8083 Change 8083 by green@green_laptop_2 on 2002/03/20 12:59:18 Convert the structs socket, bpf_d, and ifnet to also using mac_init_type(), mac_create_type*(), and mac_destroy_type(). Affected files ... ... //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#114 edit ... //depot/projects/trustedbsd/mac/sys/kern/uipc_socket.c#14 edit ... //depot/projects/trustedbsd/mac/sys/kern/uipc_socket2.c#11 edit ... //depot/projects/trustedbsd/mac/sys/net/bpf.c#9 edit ... //depot/projects/trustedbsd/mac/sys/net/if.c#14 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#114 (text+ko) ==== @@ -420,13 +420,29 @@ label->m_macflags = MAC_FLAG_INITIALIZED; } +static void +mac_destroy_label(struct mac *label) +{ + + KASSERT(label->m_macflags & MAC_FLAG_INITIALIZED, + ("destroying uninitialized label")); + label->m_macflags &= ~MAC_FLAG_INITIALIZED; +} + SYSCTL_NODE(_security_mac, OID_AUTO, debug, CTLFLAG_RW, 0, "TrustedBSD MAC debug info"); -static unsigned int nmacmbufs, nmacsubjects; +static unsigned int nmacmbufs, nmacsubjects, nmacifnets, nmacbpfdescs, + nmacsockets; SYSCTL_UINT(_security_mac_debug, OID_AUTO, mbufs, CTLFLAG_RD, &nmacmbufs, 0, "number of mbufs in use"); SYSCTL_UINT(_security_mac_debug, OID_AUTO, subjects, CTLFLAG_RD, &nmacsubjects, 0, "number of ucreds in use"); +SYSCTL_UINT(_security_mac_debug, OID_AUTO, ifnets, CTLFLAG_RD, + &nmacifnets, 0, "number of ifnets in use"); +SYSCTL_UINT(_security_mac_debug, OID_AUTO, bpfdescs, CTLFLAG_RD, + &nmacbpfdescs, 0, "number of bpfdescs in use"); +SYSCTL_UINT(_security_mac_debug, OID_AUTO, sockets, CTLFLAG_RD, + &nmacsockets, 0, "number of sockets in use"); int mac_init_mbuf(struct mbuf *m, int how) @@ -442,6 +458,7 @@ mac_destroy_mbuf(struct mbuf *m) { + mac_destroy_label(&m->m_pkthdr.label); atomic_subtract_int(&nmacmbufs, 1); } @@ -457,9 +474,58 @@ mac_destroy_subject(struct ucred *cr) { + mac_destroy_label(&cr->cr_label); atomic_subtract_int(&nmacsubjects, 1); } +void +mac_init_ifnet(struct ifnet *ifp) +{ + + mac_init_label(&ifp->if_label); + atomic_add_int(&nmacifnets, 1); +} + +void +mac_destroy_ifnet(struct ifnet *ifp) +{ + + mac_destroy_label(&ifp->if_label); + atomic_subtract_int(&nmacifnets, 1); +} + +void +mac_init_socket(struct socket *socket) +{ + + mac_init_label(&socket->so_label); + atomic_add_int(&nmacsockets, 1); +} + +void +mac_destroy_socket(struct socket *socket) +{ + + mac_destroy_label(&socket->so_label); + atomic_subtract_int(&nmacsockets, 1); +} + +void +mac_init_bpfdesc(struct bpf_d *bpf_d) +{ + + mac_init_label(&bpf_d->bd_label); + atomic_add_int(&nmacbpfdescs, 1); +} + +void +mac_destroy_bpfdesc(struct bpf_d *bpf_d) +{ + + mac_destroy_label(&bpf_d->bd_label); + atomic_subtract_int(&nmacbpfdescs, 1); +} + static int mac_label_valid(struct mac *label) { @@ -762,10 +828,9 @@ } void -mac_init_ifnet(struct ifnet *ifnet) +mac_create_ifnet(struct ifnet *ifnet) { - mac_init_label(&ifnet->if_label); MAC_PERFORM(create_ifnet, ifnet); } @@ -773,7 +838,6 @@ mac_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d) { - mac_init_label(&bpf_d->bd_label); MAC_PERFORM(create_bpfdesc, cred, bpf_d); } @@ -781,7 +845,6 @@ mac_create_socket(struct ucred *cred, struct socket *socket) { - mac_init_label(&socket->so_label); MAC_PERFORM(create_socket, cred, socket); } @@ -790,7 +853,6 @@ struct mac *newlabel) { - mac_init_label(&socket->so_label); MAC_PERFORM(relabel_socket, cred, socket, newlabel); } ==== //depot/projects/trustedbsd/mac/sys/kern/uipc_socket.c#14 (text+ko) ==== @@ -130,6 +130,9 @@ /* sx_init(&so->so_sxlock, "socket sxlock"); */ TAILQ_INIT(&so->so_aiojobq); ++numopensockets; +#ifdef MAC + mac_init_socket(so); +#endif /* MAC */ } return so; } @@ -230,6 +233,9 @@ FREE(so->so_accf, M_ACCF); } #endif +#ifdef MAC + mac_destroy_socket(so); +#endif /* MAC */ crfree(so->so_cred); /* sx_destroy(&so->so_sxlock); */ zfree(so->so_zone, so); ==== //depot/projects/trustedbsd/mac/sys/kern/uipc_socket2.c#11 (text+ko) ==== ==== //depot/projects/trustedbsd/mac/sys/net/bpf.c#9 (text+ko) ==== @@ -346,6 +346,7 @@ d->bd_sig = SIGIO; d->bd_seesent = 1; #ifdef MAC + mac_init_bpfdesc(d); mac_create_bpfdesc(td->td_proc->p_ucred, d); #endif mtx_init(&d->bd_mtx, devtoname(dev), MTX_DEF); @@ -378,6 +379,9 @@ if (d->bd_bif) bpf_detachd(d); mtx_unlock(&bpf_mtx); +#ifdef MAC + mac_destroy_bpfdesc(d); +#endif /* MAC */ bpf_freed(d); dev->si_drv1 = 0; FREE(d, M_BPF); ==== //depot/projects/trustedbsd/mac/sys/net/if.c#14 (text+ko) ==== @@ -390,6 +390,7 @@ #ifdef MAC mac_init_ifnet(ifp); + mac_create_ifnet(ifp); #endif ifp->if_index = if_findindex(ifp); @@ -528,6 +529,9 @@ /* Announce that the interface is gone. */ rt_ifannouncemsg(ifp, IFAN_DEPARTURE); +#ifdef MAC + mac_destroy_ifnet(ifp); +#endif /* MAC */ KNOTE(&ifp->if_klist, NOTE_EXIT); TAILQ_REMOVE(&ifnet, ifp, if_link); mtx_destroy(&ifp->if_snd.ifq_mtx); To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message