From owner-p4-projects@FreeBSD.ORG  Sun Nov  9 06:47:29 2003
Return-Path: <owner-p4-projects@FreeBSD.ORG>
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id C3BB316A4D0; Sun,  9 Nov 2003 06:47:28 -0800 (PST)
Delivered-To: perforce@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 994A216A4CE
	for <perforce@freebsd.org>; Sun,  9 Nov 2003 06:47:28 -0800 (PST)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP id EAEA143FDF
	for <perforce@freebsd.org>; Sun,  9 Nov 2003 06:47:27 -0800 (PST)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.12.9/8.12.9) with ESMTP id hA9ElRXJ098664
	for <perforce@freebsd.org>; Sun, 9 Nov 2003 06:47:27 -0800 (PST)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.12.9/8.12.9/Submit) id hA9ElRG3098661
	for perforce@freebsd.org; Sun, 9 Nov 2003 06:47:27 -0800 (PST)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Date: Sun, 9 Nov 2003 06:47:27 -0800 (PST)
Message-Id: <200311091447.hA9ElRG3098661@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	bb+lists.freebsd.perforce@cyrus.watson.org using -f
From: Robert Watson <rwatson@FreeBSD.org>
To: Perforce Change Reviews <perforce@freebsd.org>
Subject: PERFORCE change 41799 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 09 Nov 2003 14:47:29 -0000

http://perforce.freebsd.org/chv.cgi?CH=41799

Change 41799 by rwatson@rwatson_paprika on 2003/11/09 06:46:49

	As with other objects, move to a (struct label *) pointer in
	POSIX semaphore structures, rather than a (struct label).
	Allocate POSIX semaphore labels from the label zone.
	
	Further update policies for previous change to pass in a pointer
	the label as well as a pointer to the semaphore structure,
	permitting policies to avoid knowledge of the semaphore
	structure when basing decisions solely on labels.

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/kern/uipc_sem.c#16 edit
.. //depot/projects/trustedbsd/mac/sys/posix4/ksem.h#4 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac/mac_posix_sem.c#7 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#225 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#117 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/kern/uipc_sem.c#16 (text+ko) ====

@@ -55,7 +55,6 @@
 #include <sys/jail.h>
 #include <sys/fcntl.h>
 #ifdef MAC
-#include <sys/_label.h>
 #include <sys/mac.h>
 #include <posix4/ksem.h>
 #endif

==== //depot/projects/trustedbsd/mac/sys/posix4/ksem.h#4 (text+ko) ====

@@ -47,8 +47,6 @@
 #include <sys/condvar.h>
 #include <sys/proc.h>
 #include <sys/queue.h>
-#include <sys/_label.h>
-#include <sys/mac.h>
 
 #ifdef _KERNEL
 
@@ -71,7 +69,7 @@
 	LIST_HEAD(, kuser) ks_users;	/* pids using this sem */
 	struct mtx ks_mtx;		/* mutex protecting this semaphore */	
 	int ks_unlinked;                /* Whether the named sem is unlinked */
-	struct label ks_label;		/* MAC label */
+	struct label *ks_label;		/* MAC label */
 };
 
 #endif /* _KERNEL */

==== //depot/projects/trustedbsd/mac/sys/security/mac/mac_posix_sem.c#7 (text+ko) ====

@@ -59,29 +59,45 @@
     &nmacposixksems, 0, "number of posix global semaphores inuse");
 #endif
 
+static struct label *
+mac_posix_ksem_label_alloc(void)
+{
+	struct label *label;
+
+	label = mac_labelzone_alloc(M_WAITOK);
+	MAC_PERFORM(init_posix_ksem_label, label);
+	MAC_DEBUG_COUNTER_INC(&nmacposixksems);
+	return (label);
+}
+
 void 
 mac_init_posix_ksem(struct ksem *ksemptr)
 {
 
-	mac_init_label(&ksemptr->ks_label);
-	MAC_PERFORM(init_posix_ksem_label, &ksemptr->ks_label);
-	MAC_DEBUG_COUNTER_INC(&nmacposixksems);
+	ksemptr->ks_label = mac_posix_ksem_label_alloc();
+}
+
+static void
+mac_posix_ksem_label_free(struct label *label)
+{
+
+	MAC_PERFORM(destroy_posix_ksem_label, label);
+	MAC_DEBUG_COUNTER_DEC(&nmacposixksems);
 }
 
 void
 mac_destroy_posix_ksem(struct ksem *ksemptr)
 {
 
-	MAC_PERFORM(destroy_posix_ksem_label, &ksemptr->ks_label);
-	mac_destroy_label(&ksemptr->ks_label);
-	MAC_DEBUG_COUNTER_DEC(&nmacposixksems);
+	mac_posix_ksem_label_free(ksemptr->ks_label);
+	ksemptr->ks_label = NULL;
 }
 
 void 
 mac_create_posix_ksem(struct ucred *cred, struct ksem *ksemptr)
 {
 
-	MAC_PERFORM(create_posix_ksem, cred, ksemptr, &ksemptr->ks_label);
+	MAC_PERFORM(create_posix_ksem, cred, ksemptr, ksemptr->ks_label);
 }
 
 int
@@ -92,7 +108,7 @@
 	if (!mac_enforce_posix_sem)
 		return (0);
 
-	MAC_CHECK(check_posix_sem_close, cred, ksemptr, &ksemptr->ks_label);
+	MAC_CHECK(check_posix_sem_close, cred, ksemptr, ksemptr->ks_label);
 
 	return(error);
 }
@@ -105,8 +121,7 @@
 	if (!mac_enforce_posix_sem)
 		return (0);
 
-	MAC_CHECK(check_posix_sem_destroy, cred, ksemptr,
-	    &ksemptr->ks_label);
+	MAC_CHECK(check_posix_sem_destroy, cred, ksemptr, ksemptr->ks_label);
 
 	return(error);
 }
@@ -120,7 +135,7 @@
 		return (0);
 
 	MAC_CHECK(check_posix_sem_openexisting, cred, ksemptr,
-	    &ksemptr->ks_label);
+	    ksemptr->ks_label);
 
 	return(error);
 }
@@ -134,7 +149,7 @@
 		return (0);
 
 	MAC_CHECK(check_posix_sem_getvalue, cred, ksemptr,
-	    &ksemptr->ks_label);
+	    ksemptr->ks_label);
 
 	return(error);
 }
@@ -147,7 +162,7 @@
 	if (!mac_enforce_posix_sem)
 		return (0);
 
-	MAC_CHECK(check_posix_sem_post, cred, ksemptr, &ksemptr->ks_label);
+	MAC_CHECK(check_posix_sem_post, cred, ksemptr, ksemptr->ks_label);
 
 	return(error);
 }
@@ -160,7 +175,7 @@
 	if (!mac_enforce_posix_sem)
 		return (0);
 
-	MAC_CHECK(check_posix_sem_unlink, cred, ksemptr, &ksemptr->ks_label);
+	MAC_CHECK(check_posix_sem_unlink, cred, ksemptr, ksemptr->ks_label);
 
 	return(error);
 }
@@ -173,7 +188,7 @@
 	if (!mac_enforce_posix_sem)
 		return (0);
 
-	MAC_CHECK(check_posix_sem_wait, cred, ksemptr, &ksemptr->ks_label);
+	MAC_CHECK(check_posix_sem_wait, cred, ksemptr, ksemptr->ks_label);
 
 	return(error);
 }

==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#225 (text+ko) ====

@@ -2164,7 +2164,7 @@
 		return (0);
 
 	subj = SLOT(cred->cr_label);
-	obj = SLOT((&ksemptr->ks_label));
+	obj = SLOT(ks_label);
 
 	if (!mac_biba_dominate_single(subj, obj))
 		return (EACCES);
@@ -2182,7 +2182,7 @@
 		return (0);
 
 	subj = SLOT(cred->cr_label);
-	obj = SLOT((&ksemptr->ks_label));
+	obj = SLOT(ks_label);
 
 	if (!mac_biba_dominate_single(obj, subj))
 		return (EACCES);

==== //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#117 (text+ko) ====

@@ -1616,7 +1616,7 @@
 {
 
 	ASSERT_CRED_LABEL(cred->cr_label);
-	ASSERT_POSIX_LABEL(&ksemptr->ks_label);
+	ASSERT_POSIX_LABEL(ks_label);
 
 	return (0);
 }