From owner-p4-projects@FreeBSD.ORG Wed Aug 16 13:30:49 2006 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 276C116A4E6; Wed, 16 Aug 2006 13:30:49 +0000 (UTC) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DDF1C16A4E2 for ; Wed, 16 Aug 2006 13:30:48 +0000 (UTC) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id ECFA143D4C for ; Wed, 16 Aug 2006 13:30:47 +0000 (GMT) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id k7GDUlOU069629 for ; Wed, 16 Aug 2006 13:30:47 GMT (envelope-from millert@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.6/8.13.4/Submit) id k7GDUls2069626 for perforce@freebsd.org; Wed, 16 Aug 2006 13:30:47 GMT (envelope-from millert@freebsd.org) Date: Wed, 16 Aug 2006 13:30:47 GMT Message-Id: <200608161330.k7GDUls2069626@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to millert@freebsd.org using -f From: Todd Miller To: Perforce Change Reviews Cc: Subject: PERFORCE change 104219 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Aug 2006 13:30:49 -0000 http://perforce.freebsd.org/chv.cgi?CH=104219 Change 104219 by millert@millert_macbook on 2006/08/16 13:30:07 Introduce a reference count to struct mac_label_element so that we don't have to loop through every policy in mac_policy_removefrom_labellist() to tell whether or not another policy is interested in the label namespace. Affected files ... .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_base.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_internal.h#3 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_base.c#3 (text+ko) ==== @@ -518,6 +518,7 @@ LIST_FOREACH(mle, &mac_static_label_element_list, mle_list) { if (strcmp(name, mle->mle_name) == 0) { + /* ref count unused for static list */ found = TRUE; break; } @@ -526,12 +527,14 @@ LIST_FOREACH(mle, &mac_label_element_list, mle_list) { if (strcmp(name, mle->mle_name) == 0) { + mle->mle_refs++; found = TRUE; break; } } if (!found) { strcpy(new_mles[midx]->mle_name, name); + new_mles[midx]->mle_refs = 1; LIST_INSERT_HEAD(list, new_mles[midx], mle_list); midx++; @@ -556,10 +559,8 @@ mac_policy_removefrom_labellist(struct mac_policy_conf *mpc) { struct mac_label_element *mle; - struct mac_policy_conf *lmpc; - const char *name, *name2; - u_int idx, idx2; - int found; + const char *name; + u_int idx; if (mpc->mpc_labelnames == NULL) return; @@ -567,7 +568,8 @@ if (mpc->mpc_labelname_count == 0) return; - /* Check each label namespace managed by the policy and remove + /* + * Check each label namespace managed by the policy and remove * it from the non-static list only if no other policy is interested * in that label namespace. */ @@ -575,33 +577,15 @@ mac_policy_grab_exclusive(); for (idx = 0; idx < mpc->mpc_labelname_count; idx++) { name = mpc->mpc_labelnames[idx]; - found = FALSE; - LIST_FOREACH(lmpc, &mac_static_policy_list, mpc_list) - for (idx2 = 0; idx2 < lmpc->mpc_labelname_count; - idx2++) { - name2 = lmpc->mpc_labelnames[idx2]; - if (strcmp(name, name2) == 0) { - found = TRUE; - break; - } - } - if (!found) /* No 'static' policy manages the namespace */ - LIST_FOREACH(lmpc, &mac_policy_list, mpc_list) - for (idx2 = 0; idx2 < lmpc->mpc_labelname_count; - idx2++) { - name2 = lmpc->mpc_labelnames[idx2]; - if (strcmp(name, name2) == 0) { - found = TRUE; - break; - } - } - - if (!found) /* No policy manages this namespace */ - LIST_FOREACH(mle, &mac_label_element_list, mle_list) - if (strcmp(name, mle->mle_name) == 0) { + LIST_FOREACH(mle, &mac_label_element_list, mle_list) { + if (strcmp(name, mle->mle_name) == 0) { + if (--mle->mle_refs == 0) { LIST_REMOVE(mle, mle_list); FREE(mle, M_MACTEMP); } + break; + } + } } if (mac_late) mac_policy_release_exclusive(); ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_internal.h#3 (text+ko) ==== @@ -80,6 +80,7 @@ * Type of list used to manage label namespace names. */ struct mac_label_element { + int mle_refs; char mle_name[MAC_MAX_LABEL_ELEMENT_NAME]; LIST_ENTRY(mac_label_element) mle_list; };