From owner-p4-projects Sat Jul 20 8:16:13 2002 Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id D37EE37B401; Sat, 20 Jul 2002 08:15:35 -0700 (PDT) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4978337B400 for ; Sat, 20 Jul 2002 08:15:35 -0700 (PDT) Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id B7DA143E58 for ; Sat, 20 Jul 2002 08:15:34 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from freefall.freebsd.org (perforce@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.4/8.12.4) with ESMTP id g6KFFYJU039421 for ; Sat, 20 Jul 2002 08:15:34 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by freefall.freebsd.org (8.12.4/8.12.4/Submit) id g6KFFXge039418 for perforce@freebsd.org; Sat, 20 Jul 2002 08:15:33 -0700 (PDT) Date: Sat, 20 Jul 2002 08:15:33 -0700 (PDT) Message-Id: <200207201515.g6KFFXge039418@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson Subject: PERFORCE change 14523 for review To: Perforce Change Reviews Sender: owner-p4-projects@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG http://people.freebsd.org/~peter/p4db/chv.cgi?CH=14523 Change 14523 by rwatson@rwatson_curry on 2002/07/20 08:14:56 Dynamically allocate the operation vector so we maintain the ABI for modules even when changing the operation vector. Affected files ... .. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#175 edit .. //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#73 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#175 (text+ko) ==== @@ -187,9 +187,9 @@ error = 0; \ MAC_POLICY_LIST_BUSY(); \ LIST_FOREACH(mpc, &mac_policy_list, mpc_list) { \ - if (mpc->mpc_ops.mpo_ ## check != NULL) \ + if (mpc->mpc_ops->mpo_ ## check != NULL) \ error = error_select( \ - mpc->mpc_ops.mpo_ ## check (args), \ + mpc->mpc_ops->mpo_ ## check (args), \ error); \ } \ MAC_POLICY_LIST_UNBUSY(); \ @@ -208,9 +208,9 @@ \ MAC_POLICY_LIST_BUSY(); \ LIST_FOREACH(mpc, &mac_policy_list, mpc_list) { \ - if (mpc->mpc_ops.mpo_ ## operation != NULL) \ + if (mpc->mpc_ops->mpo_ ## operation != NULL) \ result = result composition \ - mpc->mpc_ops.mpo_ ## operation (args); \ + mpc->mpc_ops->mpo_ ## operation (args); \ } \ MAC_POLICY_LIST_UNBUSY(); \ } while (0) @@ -224,12 +224,13 @@ \ MAC_POLICY_LIST_BUSY(); \ LIST_FOREACH(mpc, &mac_policy_list, mpc_list) { \ - if (mpc->mpc_ops.mpo_ ## operation != NULL) \ - mpc->mpc_ops.mpo_ ## operation (args); \ + if (mpc->mpc_ops->mpo_ ## operation != NULL) \ + mpc->mpc_ops->mpo_ ## operation (args); \ } \ MAC_POLICY_LIST_UNBUSY(); \ } while (0) +MALLOC_DEFINE(M_MACOPVEC, "macopvec", "MAC policy operation vector"); MALLOC_DEFINE(M_TMPLABEL, "tmplabel", "temporary user-label copied storage"); const size_t maxlabelsize = 65536; @@ -298,9 +299,14 @@ mac_policy_register(struct mac_policy_conf *mpc) { struct mac_policy_conf *tmpc; + struct mac_policy_ops *ops; struct mac_policy_op_entry *mpe; int slot; + MALLOC(ops, struct mac_policy_ops *, sizeof(*ops), M_MACOPVEC, + M_WAITOK); + mpc->mpc_ops = ops; + for (mpe = mpc->mpc_entries; mpe->mpe_constant != MAC_OP_LAST; mpe++) { switch (mpe->mpe_constant) { case MAC_OP_LAST: @@ -310,392 +316,392 @@ */ break; case MAC_DESTROY: - mpc->mpc_ops.mpo_destroy = + mpc->mpc_ops->mpo_destroy = mpe->mpe_function; break; case MAC_INIT: - mpc->mpc_ops.mpo_init = + mpc->mpc_ops->mpo_init = mpe->mpe_function; break; case MAC_CREATE_DEVFS_DEVICE: - mpc->mpc_ops.mpo_create_devfs_device = + mpc->mpc_ops->mpo_create_devfs_device = mpe->mpe_function; break; case MAC_CREATE_DEVFS_DIRECTORY: - mpc->mpc_ops.mpo_create_devfs_directory = + mpc->mpc_ops->mpo_create_devfs_directory = mpe->mpe_function; break; case MAC_CREATE_DEVFS_VNODE: - mpc->mpc_ops.mpo_create_devfs_vnode = + mpc->mpc_ops->mpo_create_devfs_vnode = mpe->mpe_function; break; case MAC_STDCREATEVNODE_EA: - mpc->mpc_ops.mpo_stdcreatevnode_ea = + mpc->mpc_ops->mpo_stdcreatevnode_ea = mpe->mpe_function; break; case MAC_CREATE_VNODE_FROM_VNODE: - mpc->mpc_ops.mpo_create_vnode_from_vnode = + mpc->mpc_ops->mpo_create_vnode_from_vnode = mpe->mpe_function; break; case MAC_CREATE_MOUNT: - mpc->mpc_ops.mpo_create_mount = mpe->mpe_function; + mpc->mpc_ops->mpo_create_mount = mpe->mpe_function; break; case MAC_CREATE_ROOT_MOUNT: - mpc->mpc_ops.mpo_create_root_mount = mpe->mpe_function; + mpc->mpc_ops->mpo_create_root_mount = mpe->mpe_function; break; case MAC_RELABEL_VNODE: - mpc->mpc_ops.mpo_relabel_vnode = mpe->mpe_function; + mpc->mpc_ops->mpo_relabel_vnode = mpe->mpe_function; break; case MAC_UPDATE_DEVFSDIRENT_FROM_VNODE: - mpc->mpc_ops.mpo_update_devfsdirent_from_vnode = + mpc->mpc_ops->mpo_update_devfsdirent_from_vnode = mpe->mpe_function; break; case MAC_UPDATE_PROCFSVNODE_FROM_SUBJECT: - mpc->mpc_ops.mpo_update_procfsvnode_from_subject = + mpc->mpc_ops->mpo_update_procfsvnode_from_subject = mpe->mpe_function; break; case MAC_UPDATE_VNODE_FROM_EXTATTR: - mpc->mpc_ops.mpo_update_vnode_from_extattr = + mpc->mpc_ops->mpo_update_vnode_from_extattr = mpe->mpe_function; break; case MAC_UPDATE_VNODE_FROM_EXTERNALIZED: - mpc->mpc_ops.mpo_update_vnode_from_externalized = + mpc->mpc_ops->mpo_update_vnode_from_externalized = mpe->mpe_function; break; case MAC_UPDATE_VNODE_FROM_MOUNT: - mpc->mpc_ops.mpo_update_vnode_from_mount = + mpc->mpc_ops->mpo_update_vnode_from_mount = mpe->mpe_function; break; case MAC_CREATE_MBUF_FROM_SOCKET: - mpc->mpc_ops.mpo_create_mbuf_from_socket = + mpc->mpc_ops->mpo_create_mbuf_from_socket = mpe->mpe_function; break; case MAC_CREATE_SOCKET: - mpc->mpc_ops.mpo_create_socket = mpe->mpe_function; + mpc->mpc_ops->mpo_create_socket = mpe->mpe_function; break; case MAC_CREATE_SOCKET_FROM_SOCKET: - mpc->mpc_ops.mpo_create_socket_from_socket = + mpc->mpc_ops->mpo_create_socket_from_socket = mpe->mpe_function; break; case MAC_RELABEL_SOCKET: - mpc->mpc_ops.mpo_relabel_socket = mpe->mpe_function; + mpc->mpc_ops->mpo_relabel_socket = mpe->mpe_function; break; case MAC_SET_SOCKET_PEER_FROM_MBUF: - mpc->mpc_ops.mpo_set_socket_peer_from_mbuf = + mpc->mpc_ops->mpo_set_socket_peer_from_mbuf = mpe->mpe_function; break; case MAC_SET_SOCKET_PEER_FROM_SOCKET: - mpc->mpc_ops.mpo_set_socket_peer_from_socket = + mpc->mpc_ops->mpo_set_socket_peer_from_socket = mpe->mpe_function; break; case MAC_CREATE_BPFDESC: - mpc->mpc_ops.mpo_create_bpfdesc = + mpc->mpc_ops->mpo_create_bpfdesc = mpe->mpe_function; break; case MAC_CREATE_DATAGRAM_FROM_IPQ: - mpc->mpc_ops.mpo_create_datagram_from_ipq = + mpc->mpc_ops->mpo_create_datagram_from_ipq = mpe->mpe_function; break; case MAC_CREATE_FRAGMENT_FROM_DATAGRAM: - mpc->mpc_ops.mpo_create_fragment_from_datagram = + mpc->mpc_ops->mpo_create_fragment_from_datagram = mpe->mpe_function; break; case MAC_CREATE_IFNET: - mpc->mpc_ops.mpo_create_ifnet = + mpc->mpc_ops->mpo_create_ifnet = mpe->mpe_function; break; case MAC_CREATE_IPQ_FROM_FRAGMENT: - mpc->mpc_ops.mpo_create_ipq_from_fragment = + mpc->mpc_ops->mpo_create_ipq_from_fragment = mpe->mpe_function; break; case MAC_CREATE_MBUF_FROM_MBUF: - mpc->mpc_ops.mpo_create_mbuf_from_mbuf = + mpc->mpc_ops->mpo_create_mbuf_from_mbuf = mpe->mpe_function; break; case MAC_CREATE_MBUF_LINKLAYER_FOR_IFNET: - mpc->mpc_ops.mpo_create_mbuf_linklayer_for_ifnet = + mpc->mpc_ops->mpo_create_mbuf_linklayer_for_ifnet = mpe->mpe_function; break; case MAC_CREATE_MBUF_FROM_BPFDESC: - mpc->mpc_ops.mpo_create_mbuf_from_bpfdesc = + mpc->mpc_ops->mpo_create_mbuf_from_bpfdesc = mpe->mpe_function; break; case MAC_CREATE_MBUF_FROM_IFNET: - mpc->mpc_ops.mpo_create_mbuf_from_ifnet = + mpc->mpc_ops->mpo_create_mbuf_from_ifnet = mpe->mpe_function; break; case MAC_CREATE_MBUF_MULTICAST_ENCAP_FROM_MBUF: - mpc->mpc_ops.mpo_create_mbuf_multicast_encap_from_mbuf = + mpc->mpc_ops->mpo_create_mbuf_multicast_encap_from_mbuf = mpe->mpe_function; break; case MAC_CREATE_MBUF_NETLAYER_FROM_MBUF: - mpc->mpc_ops.mpo_create_mbuf_netlayer_from_mbuf = + mpc->mpc_ops->mpo_create_mbuf_netlayer_from_mbuf = mpe->mpe_function; break; case MAC_FRAGMENT_MATCHES_IPQ: - mpc->mpc_ops.mpo_fragment_matches_ipq = + mpc->mpc_ops->mpo_fragment_matches_ipq = mpe->mpe_function; break; case MAC_RELABEL_IFNET: - mpc->mpc_ops.mpo_relabel_ifnet = mpe->mpe_function; + mpc->mpc_ops->mpo_relabel_ifnet = mpe->mpe_function; break; case MAC_UPDATE_IPQ_FROM_FRAGMENT: - mpc->mpc_ops.mpo_update_ipq_from_fragment = + mpc->mpc_ops->mpo_update_ipq_from_fragment = mpe->mpe_function; break; case MAC_CREATE_SUBJECT: - mpc->mpc_ops.mpo_create_subject = mpe->mpe_function; + mpc->mpc_ops->mpo_create_subject = mpe->mpe_function; break; case MAC_EXECVE_TRANSITION: - mpc->mpc_ops.mpo_execve_transition = mpe->mpe_function; + mpc->mpc_ops->mpo_execve_transition = mpe->mpe_function; break; case MAC_EXECVE_WILL_TRANSITION: - mpc->mpc_ops.mpo_execve_will_transition = + mpc->mpc_ops->mpo_execve_will_transition = mpe->mpe_function; break; case MAC_CREATE_PROC0: - mpc->mpc_ops.mpo_create_proc0 = mpe->mpe_function; + mpc->mpc_ops->mpo_create_proc0 = mpe->mpe_function; break; case MAC_CREATE_PROC1: - mpc->mpc_ops.mpo_create_proc1 = mpe->mpe_function; + mpc->mpc_ops->mpo_create_proc1 = mpe->mpe_function; break; case MAC_RELABEL_SUBJECT: - mpc->mpc_ops.mpo_relabel_subject = + mpc->mpc_ops->mpo_relabel_subject = mpe->mpe_function; break; case MAC_BPFDESC_CHECK_RECEIVE_FROM_IFNET: - mpc->mpc_ops.mpo_bpfdesc_check_receive_from_ifnet = + mpc->mpc_ops->mpo_bpfdesc_check_receive_from_ifnet = mpe->mpe_function; break; case MAC_CRED_CHECK_BIND_SOCKET: - mpc->mpc_ops.mpo_cred_check_bind_socket = + mpc->mpc_ops->mpo_cred_check_bind_socket = mpe->mpe_function; break; case MAC_CRED_CHECK_CONNECT_SOCKET: - mpc->mpc_ops.mpo_cred_check_connect_socket = + mpc->mpc_ops->mpo_cred_check_connect_socket = mpe->mpe_function; break; case MAC_CRED_CHECK_SEE_CRED: - mpc->mpc_ops.mpo_cred_check_see_cred = + mpc->mpc_ops->mpo_cred_check_see_cred = mpe->mpe_function; break; case MAC_CRED_CHECK_SEE_SOCKET: - mpc->mpc_ops.mpo_cred_check_see_socket = + mpc->mpc_ops->mpo_cred_check_see_socket = mpe->mpe_function; break; case MAC_CRED_CHECK_RELABEL_IFNET: - mpc->mpc_ops.mpo_cred_check_relabel_ifnet = + mpc->mpc_ops->mpo_cred_check_relabel_ifnet = mpe->mpe_function; break; case MAC_CRED_CHECK_RELABEL_SOCKET: - mpc->mpc_ops.mpo_cred_check_relabel_socket = + mpc->mpc_ops->mpo_cred_check_relabel_socket = mpe->mpe_function; break; case MAC_CRED_CHECK_RELABEL_SUBJECT: - mpc->mpc_ops.mpo_cred_check_relabel_subject = + mpc->mpc_ops->mpo_cred_check_relabel_subject = mpe->mpe_function; break; case MAC_CRED_CHECK_RELABEL_VNODE: - mpc->mpc_ops.mpo_cred_check_relabel_vnode = + mpc->mpc_ops->mpo_cred_check_relabel_vnode = mpe->mpe_function; break; case MAC_CRED_CHECK_STATFS: - mpc->mpc_ops.mpo_cred_check_statfs = mpe->mpe_function; + mpc->mpc_ops->mpo_cred_check_statfs = mpe->mpe_function; break; case MAC_CRED_CHECK_DEBUG_PROC: - mpc->mpc_ops.mpo_cred_check_debug_proc = + mpc->mpc_ops->mpo_cred_check_debug_proc = mpe->mpe_function; break; case MAC_CRED_CHECK_ACCESS_VNODE: - mpc->mpc_ops.mpo_cred_check_access_vnode = + mpc->mpc_ops->mpo_cred_check_access_vnode = mpe->mpe_function; break; case MAC_CRED_CHECK_CHDIR_VNODE: - mpc->mpc_ops.mpo_cred_check_chdir_vnode = + mpc->mpc_ops->mpo_cred_check_chdir_vnode = mpe->mpe_function; break; case MAC_CRED_CHECK_CHROOT_VNODE: - mpc->mpc_ops.mpo_cred_check_chroot_vnode = + mpc->mpc_ops->mpo_cred_check_chroot_vnode = mpe->mpe_function; break; case MAC_CRED_CHECK_CREATE_VNODE: - mpc->mpc_ops.mpo_cred_check_create_vnode = + mpc->mpc_ops->mpo_cred_check_create_vnode = mpe->mpe_function; break; case MAC_CRED_CHECK_DELETE_VNODE: - mpc->mpc_ops.mpo_cred_check_delete_vnode = + mpc->mpc_ops->mpo_cred_check_delete_vnode = mpe->mpe_function; break; case MAC_CRED_CHECK_DELETEACL_VNODE: - mpc->mpc_ops.mpo_cred_check_deleteacl_vnode = + mpc->mpc_ops->mpo_cred_check_deleteacl_vnode = mpe->mpe_function; break; case MAC_CRED_CHECK_EXEC_VNODE: - mpc->mpc_ops.mpo_cred_check_exec_vnode = + mpc->mpc_ops->mpo_cred_check_exec_vnode = mpe->mpe_function; break; case MAC_CRED_CHECK_GETACL_VNODE: - mpc->mpc_ops.mpo_cred_check_getacl_vnode = + mpc->mpc_ops->mpo_cred_check_getacl_vnode = mpe->mpe_function; break; case MAC_CRED_CHECK_GETEXTATTR_VNODE: - mpc->mpc_ops.mpo_cred_check_getextattr_vnode = + mpc->mpc_ops->mpo_cred_check_getextattr_vnode = mpe->mpe_function; break; case MAC_CRED_CHECK_LISTEN_SOCKET: - mpc->mpc_ops.mpo_cred_check_listen_socket = + mpc->mpc_ops->mpo_cred_check_listen_socket = mpe->mpe_function; break; case MAC_CRED_CHECK_OPEN_VNODE: - mpc->mpc_ops.mpo_cred_check_open_vnode = + mpc->mpc_ops->mpo_cred_check_open_vnode = mpe->mpe_function; break; case MAC_CRED_CHECK_RENAME_FROM_VNODE: - mpc->mpc_ops.mpo_cred_check_rename_from_vnode = + mpc->mpc_ops->mpo_cred_check_rename_from_vnode = mpe->mpe_function; break; case MAC_CRED_CHECK_RENAME_TO_VNODE: - mpc->mpc_ops.mpo_cred_check_rename_to_vnode = + mpc->mpc_ops->mpo_cred_check_rename_to_vnode = mpe->mpe_function; break; case MAC_CRED_CHECK_REVOKE_VNODE: - mpc->mpc_ops.mpo_cred_check_revoke_vnode = + mpc->mpc_ops->mpo_cred_check_revoke_vnode = mpe->mpe_function; break; case MAC_CRED_CHECK_SEARCH_VNODE: - mpc->mpc_ops.mpo_cred_check_search_vnode = + mpc->mpc_ops->mpo_cred_check_search_vnode = mpe->mpe_function; break; case MAC_CRED_CHECK_SETACL_VNODE: - mpc->mpc_ops.mpo_cred_check_setacl_vnode = + mpc->mpc_ops->mpo_cred_check_setacl_vnode = mpe->mpe_function; break; case MAC_CRED_CHECK_SETEXTATTR_VNODE: - mpc->mpc_ops.mpo_cred_check_setextattr_vnode = + mpc->mpc_ops->mpo_cred_check_setextattr_vnode = mpe->mpe_function; break; case MAC_CRED_CHECK_SETFLAGS_VNODE: - mpc->mpc_ops.mpo_cred_check_setflags_vnode = + mpc->mpc_ops->mpo_cred_check_setflags_vnode = mpe->mpe_function; break; case MAC_CRED_CHECK_SETMODE_VNODE: - mpc->mpc_ops.mpo_cred_check_setmode_vnode = + mpc->mpc_ops->mpo_cred_check_setmode_vnode = mpe->mpe_function; break; case MAC_CRED_CHECK_SETOWNER_VNODE: - mpc->mpc_ops.mpo_cred_check_setowner_vnode = + mpc->mpc_ops->mpo_cred_check_setowner_vnode = mpe->mpe_function; break; case MAC_CRED_CHECK_SETUTIMES_VNODE: - mpc->mpc_ops.mpo_cred_check_setutimes_vnode = + mpc->mpc_ops->mpo_cred_check_setutimes_vnode = mpe->mpe_function; break; case MAC_CRED_CHECK_SCHED_PROC: - mpc->mpc_ops.mpo_cred_check_sched_proc = + mpc->mpc_ops->mpo_cred_check_sched_proc = mpe->mpe_function; break; case MAC_CRED_CHECK_SIGNAL_PROC: - mpc->mpc_ops.mpo_cred_check_signal_proc = + mpc->mpc_ops->mpo_cred_check_signal_proc = mpe->mpe_function; break; case MAC_CRED_CHECK_STAT_VNODE: - mpc->mpc_ops.mpo_cred_check_stat_vnode = + mpc->mpc_ops->mpo_cred_check_stat_vnode = mpe->mpe_function; break; case MAC_IFNET_CHECK_SEND_MBUF: - mpc->mpc_ops.mpo_ifnet_check_send_mbuf = + mpc->mpc_ops->mpo_ifnet_check_send_mbuf = mpe->mpe_function; break; case MAC_SOCKET_CHECK_RECEIVE_MBUF: - mpc->mpc_ops.mpo_socket_check_receive_mbuf = + mpc->mpc_ops->mpo_socket_check_receive_mbuf = mpe->mpe_function; break; case MAC_INIT_BPFDESC: - mpc->mpc_ops.mpo_init_bpfdesc = + mpc->mpc_ops->mpo_init_bpfdesc = mpe->mpe_function; break; case MAC_INIT_DEVFSDIRENT: - mpc->mpc_ops.mpo_init_devfsdirent = + mpc->mpc_ops->mpo_init_devfsdirent = mpe->mpe_function; break; case MAC_INIT_IFNET: - mpc->mpc_ops.mpo_init_ifnet = + mpc->mpc_ops->mpo_init_ifnet = mpe->mpe_function; break; case MAC_INIT_IPQ: - mpc->mpc_ops.mpo_init_ipq = + mpc->mpc_ops->mpo_init_ipq = mpe->mpe_function; break; case MAC_INIT_MBUF: - mpc->mpc_ops.mpo_init_mbuf = + mpc->mpc_ops->mpo_init_mbuf = mpe->mpe_function; break; case MAC_INIT_MOUNT: - mpc->mpc_ops.mpo_init_mount = + mpc->mpc_ops->mpo_init_mount = mpe->mpe_function; break; case MAC_INIT_SOCKET: - mpc->mpc_ops.mpo_init_socket = + mpc->mpc_ops->mpo_init_socket = mpe->mpe_function; break; case MAC_INIT_SUBJECT: - mpc->mpc_ops.mpo_init_subject = + mpc->mpc_ops->mpo_init_subject = mpe->mpe_function; break; case MAC_INIT_TEMP: - mpc->mpc_ops.mpo_init_temp = + mpc->mpc_ops->mpo_init_temp = mpe->mpe_function; break; case MAC_INIT_VNODE: - mpc->mpc_ops.mpo_init_vnode = + mpc->mpc_ops->mpo_init_vnode = mpe->mpe_function; break; case MAC_DESTROY_BPFDESC: - mpc->mpc_ops.mpo_destroy_bpfdesc = + mpc->mpc_ops->mpo_destroy_bpfdesc = mpe->mpe_function; break; case MAC_DESTROY_DEVFSDIRENT: - mpc->mpc_ops.mpo_destroy_devfsdirent = + mpc->mpc_ops->mpo_destroy_devfsdirent = mpe->mpe_function; break; case MAC_DESTROY_IFNET: - mpc->mpc_ops.mpo_destroy_ifnet = + mpc->mpc_ops->mpo_destroy_ifnet = mpe->mpe_function; break; case MAC_DESTROY_IPQ: - mpc->mpc_ops.mpo_destroy_ipq = + mpc->mpc_ops->mpo_destroy_ipq = mpe->mpe_function; break; case MAC_DESTROY_MBUF: - mpc->mpc_ops.mpo_destroy_mbuf = + mpc->mpc_ops->mpo_destroy_mbuf = mpe->mpe_function; break; case MAC_DESTROY_MOUNT: - mpc->mpc_ops.mpo_destroy_mount = + mpc->mpc_ops->mpo_destroy_mount = mpe->mpe_function; break; case MAC_DESTROY_SOCKET: - mpc->mpc_ops.mpo_destroy_socket = + mpc->mpc_ops->mpo_destroy_socket = mpe->mpe_function; break; case MAC_DESTROY_SUBJECT: - mpc->mpc_ops.mpo_destroy_subject = + mpc->mpc_ops->mpo_destroy_subject = mpe->mpe_function; break; case MAC_DESTROY_TEMP: - mpc->mpc_ops.mpo_destroy_temp = + mpc->mpc_ops->mpo_destroy_temp = mpe->mpe_function; break; case MAC_DESTROY_VNODE: - mpc->mpc_ops.mpo_destroy_vnode = + mpc->mpc_ops->mpo_destroy_vnode = mpe->mpe_function; break; case MAC_EXTERNALIZE: - mpc->mpc_ops.mpo_externalize = + mpc->mpc_ops->mpo_externalize = mpe->mpe_function; break; case MAC_INTERNALIZE: - mpc->mpc_ops.mpo_internalize = + mpc->mpc_ops->mpo_internalize = mpe->mpe_function; break; /* @@ -731,8 +737,8 @@ LIST_INSERT_HEAD(&mac_policy_list, mpc, mpc_list); /* Per-policy initialization. */ - if (mpc->mpc_ops.mpo_init != NULL) - (*(mpc->mpc_ops.mpo_init))(mpc); + if (mpc->mpc_ops->mpo_init != NULL) + (*(mpc->mpc_ops->mpo_init))(mpc); MAC_POLICY_LIST_UNLOCK(); printf("Security policy loaded: %s (%s)\n", mpc->mpc_fullname, @@ -759,12 +765,15 @@ MAC_POLICY_LIST_UNLOCK(); return (EBUSY); } - if (mpc->mpc_ops.mpo_destroy != NULL) - (*(mpc->mpc_ops.mpo_destroy))(mpc); + if (mpc->mpc_ops->mpo_destroy != NULL) + (*(mpc->mpc_ops->mpo_destroy))(mpc); LIST_REMOVE(mpc, mpc_list); MAC_POLICY_LIST_UNLOCK(); + FREE(mpc->mpc_ops, M_MACOPVEC); + mpc->mpc_ops = NULL; + printf("Security policy unload: %s (%s)\n", mpc->mpc_fullname, mpc->mpc_name); ==== //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h#73 (text+ko) ==== @@ -428,7 +428,7 @@ struct mac_policy_conf { char *mpc_name; /* policy name */ char *mpc_fullname; /* policy full name */ - struct mac_policy_ops mpc_ops; /* policy operations */ + struct mac_policy_ops *mpc_ops; /* policy operations */ struct mac_policy_op_entry *mpc_entries; /* ops to fill in */ int mpc_loadtime_flags; /* flags */ int *mpc_field_off; /* security field */ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message