Date: Wed, 16 Aug 2006 13:30:47 GMT From: Todd Miller <millert@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 104219 for review Message-ID: <200608161330.k7GDUls2069626@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=104219 Change 104219 by millert@millert_macbook on 2006/08/16 13:30:07 Introduce a reference count to struct mac_label_element so that we don't have to loop through every policy in mac_policy_removefrom_labellist() to tell whether or not another policy is interested in the label namespace. Affected files ... .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_base.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_internal.h#3 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_base.c#3 (text+ko) ==== @@ -518,6 +518,7 @@ LIST_FOREACH(mle, &mac_static_label_element_list, mle_list) { if (strcmp(name, mle->mle_name) == 0) { + /* ref count unused for static list */ found = TRUE; break; } @@ -526,12 +527,14 @@ LIST_FOREACH(mle, &mac_label_element_list, mle_list) { if (strcmp(name, mle->mle_name) == 0) { + mle->mle_refs++; found = TRUE; break; } } if (!found) { strcpy(new_mles[midx]->mle_name, name); + new_mles[midx]->mle_refs = 1; LIST_INSERT_HEAD(list, new_mles[midx], mle_list); midx++; @@ -556,10 +559,8 @@ mac_policy_removefrom_labellist(struct mac_policy_conf *mpc) { struct mac_label_element *mle; - struct mac_policy_conf *lmpc; - const char *name, *name2; - u_int idx, idx2; - int found; + const char *name; + u_int idx; if (mpc->mpc_labelnames == NULL) return; @@ -567,7 +568,8 @@ if (mpc->mpc_labelname_count == 0) return; - /* Check each label namespace managed by the policy and remove + /* + * Check each label namespace managed by the policy and remove * it from the non-static list only if no other policy is interested * in that label namespace. */ @@ -575,33 +577,15 @@ mac_policy_grab_exclusive(); for (idx = 0; idx < mpc->mpc_labelname_count; idx++) { name = mpc->mpc_labelnames[idx]; - found = FALSE; - LIST_FOREACH(lmpc, &mac_static_policy_list, mpc_list) - for (idx2 = 0; idx2 < lmpc->mpc_labelname_count; - idx2++) { - name2 = lmpc->mpc_labelnames[idx2]; - if (strcmp(name, name2) == 0) { - found = TRUE; - break; - } - } - if (!found) /* No 'static' policy manages the namespace */ - LIST_FOREACH(lmpc, &mac_policy_list, mpc_list) - for (idx2 = 0; idx2 < lmpc->mpc_labelname_count; - idx2++) { - name2 = lmpc->mpc_labelnames[idx2]; - if (strcmp(name, name2) == 0) { - found = TRUE; - break; - } - } - - if (!found) /* No policy manages this namespace */ - LIST_FOREACH(mle, &mac_label_element_list, mle_list) - if (strcmp(name, mle->mle_name) == 0) { + LIST_FOREACH(mle, &mac_label_element_list, mle_list) { + if (strcmp(name, mle->mle_name) == 0) { + if (--mle->mle_refs == 0) { LIST_REMOVE(mle, mle_list); FREE(mle, M_MACTEMP); } + break; + } + } } if (mac_late) mac_policy_release_exclusive(); ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_internal.h#3 (text+ko) ==== @@ -80,6 +80,7 @@ * Type of list used to manage label namespace names. */ struct mac_label_element { + int mle_refs; char mle_name[MAC_MAX_LABEL_ELEMENT_NAME]; LIST_ENTRY(mac_label_element) mle_list; };
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200608161330.k7GDUls2069626>