Date: Sun, 29 Sep 2002 23:48:41 -0700 (PDT) From: Adam Migus <amigus@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 18364 for review Message-ID: <200209300648.g8U6mf8g058202@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=18364 Change 18364 by amigus@amigus_ganymede on 2002/09/29 23:47:48 Integ the removal of macctl now to avoid pain later since we can now do everything we need to with sysctl and mac_syscall. Teaked the max text label length while there. The change to 8k will happen when we start allocating buffers dynamically in the text functions. Affected files ... .. //depot/projects/trustedbsd/mac/sys/kern/init_sysent.c#33 integrate .. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#282 integrate .. //depot/projects/trustedbsd/mac/sys/kern/syscalls.c#33 integrate .. //depot/projects/trustedbsd/mac/sys/kern/syscalls.master#29 integrate .. //depot/projects/trustedbsd/mac/sys/sys/mac.h#165 integrate .. //depot/projects/trustedbsd/mac/sys/sys/syscall.h#33 integrate .. //depot/projects/trustedbsd/mac/sys/sys/sysproto.h#34 integrate Differences ... ==== //depot/projects/trustedbsd/mac/sys/kern/init_sysent.c#33 (text+ko) ==== @@ -424,10 +424,9 @@ { SYF_MPSAFE | AS(sendfile_args), (sy_call_t *)sendfile }, /* 393 = sendfile */ { SYF_MPSAFE | AS(mac_syscall_args), (sy_call_t *)mac_syscall }, /* 394 = mac_syscall */ { SYF_MPSAFE | AS(__mac_get_pid_args), (sy_call_t *)__mac_get_pid }, /* 395 = __mac_get_pid */ - { SYF_MPSAFE | AS(macctl_args), (sy_call_t *)macctl }, /* 396 = macctl */ - { SYF_MPSAFE | AS(__mac_get_link_args), (sy_call_t *)__mac_get_link }, /* 397 = __mac_get_link */ - { SYF_MPSAFE | AS(__mac_set_link_args), (sy_call_t *)__mac_set_link }, /* 398 = __mac_set_link */ - { AS(extattr_set_link_args), (sy_call_t *)extattr_set_link }, /* 399 = extattr_set_link */ - { AS(extattr_get_link_args), (sy_call_t *)extattr_get_link }, /* 400 = extattr_get_link */ - { AS(extattr_delete_link_args), (sy_call_t *)extattr_delete_link }, /* 401 = extattr_delete_link */ + { SYF_MPSAFE | AS(__mac_get_link_args), (sy_call_t *)__mac_get_link }, /* 396 = __mac_get_link */ + { SYF_MPSAFE | AS(__mac_set_link_args), (sy_call_t *)__mac_set_link }, /* 397 = __mac_set_link */ + { AS(extattr_set_link_args), (sy_call_t *)extattr_set_link }, /* 398 = extattr_set_link */ + { AS(extattr_get_link_args), (sy_call_t *)extattr_get_link }, /* 499 = extattr_get_link */ + { AS(extattr_delete_link_args), (sy_call_t *)extattr_delete_link }, /* 400 = extattr_delete_link */ }; ==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#282 (text+ko) ==== @@ -4189,98 +4189,6 @@ return (error); } -/* - * MPSAFE - */ -int -macctl(struct thread *td, struct macctl_args *uap) -{ - struct mac_policy_conf *mpc; - char _policy[MAC_MAX_POLICY_NAME]; - size_t _arglen, inretlen, outretlen; - u_int iretval, _op; - void *_arg, *vpretval; - int error; - - inretlen = outretlen = 0; - _arg = vpretval = mpc = NULL; - iretval = 0; - - _arglen = SCARG(uap, arglen); - - if (_arglen > MACCTL_MAX_ARG_LENGTH) - return (EINVAL); - - _op = SCARG(uap, op); - - error = copyin(SCARG(uap, retlen), &inretlen, sizeof(inretlen)); - if (error) - return (error); - - if (SCARG(uap, arg) != NULL && _arglen != 0) { - _arg = malloc(_arglen, M_MACTEMP, M_WAITOK | M_ZERO); - error = copyin(SCARG(uap, arg), _arg, _arglen); - if (error) - goto out; - } - - error = copyinstr(SCARG(uap, policy), _policy, sizeof(_policy), NULL); - if (error) - goto out; - - MAC_POLICY_LIST_BUSY(); - LIST_FOREACH(mpc, &mac_policy_list, mpc_list) { - if (strcmp(mpc->mpc_name, _policy) == 0) { - break; - } - } - - switch (_op) { - case MACCTL_OP_POLICY_PRESENT: - if (mpc) - iretval = 1; - else - iretval = 0; - vpretval = &iretval; - outretlen = sizeof(iretval); - break; - case MACCTL_OP_POLICY_FULLNAME: - if (mpc != NULL) { - vpretval = (void *)mpc->mpc_fullname; - outretlen = strlen(mpc->mpc_fullname) + 1; - } - else { - error = EINVAL; - goto busyout; - } - break; - } - - if (vpretval == NULL) { - if (_arg == NULL) - error = EINVAL; - goto busyout; - } - - if (inretlen < outretlen) { - error = EOVERFLOW; - goto busyout; - } - - error = copyout(&outretlen, SCARG(uap, retlen), sizeof(outretlen)); - if (error) - goto busyout; - error = copyout(vpretval, SCARG(uap, ret), outretlen); - -busyout: - MAC_POLICY_LIST_UNBUSY(); -out: - if (_arg) - free (_arg, M_MACTEMP); - - return (error); -} - SYSINIT(mac, SI_SUB_MAC, SI_ORDER_FIRST, mac_init, NULL); SYSINIT(mac_late, SI_SUB_MAC_LATE, SI_ORDER_FIRST, mac_late_init, NULL); @@ -4342,11 +4250,4 @@ return (ENOSYS); } -int -macctl(struct thread *td, struct macctl_args *uap) -{ - - return (ENOSYS); -} - #endif /* !MAC */ ==== //depot/projects/trustedbsd/mac/sys/kern/syscalls.c#33 (text+ko) ==== @@ -403,10 +403,9 @@ "sendfile", /* 393 = sendfile */ "mac_syscall", /* 394 = mac_syscall */ "__mac_get_pid", /* 395 = __mac_get_pid */ - "macctl", /* 396 = macctl */ - "__mac_get_link", /* 397 = __mac_get_link */ - "__mac_set_link", /* 398 = __mac_set_link */ - "extattr_set_link", /* 399 = extattr_set_link */ - "extattr_get_link", /* 400 = extattr_get_link */ - "extattr_delete_link", /* 401 = extattr_delete_link */ + "__mac_get_link", /* 396 = __mac_get_link */ + "__mac_set_link", /* 397 = __mac_set_link */ + "extattr_set_link", /* 398 = extattr_set_link */ + "extattr_get_link", /* 399 = extattr_get_link */ + "extattr_delete_link", /* 400 = extattr_delete_link */ }; ==== //depot/projects/trustedbsd/mac/sys/kern/syscalls.master#29 (text+ko) ==== @@ -570,17 +570,15 @@ 394 MSTD BSD { int mac_syscall(const char *policy, int call, \ void *arg); } 395 MSTD BSD { int __mac_get_pid(pid_t pid, struct mac *mac_p); } -396 MSTD BSD { int macctl(char *policy, u_int op, void *arg, \ - u_int arglen, void *ret, u_int *retlen); } -397 MSTD BSD { int __mac_get_link(const char *path_p, \ +396 MSTD BSD { int __mac_get_link(const char *path_p, \ struct mac *mac_p); } -398 MSTD BSD { int __mac_set_link(const char *path_p, \ +397 MSTD BSD { int __mac_set_link(const char *path_p, \ struct mac *mac_p); } -399 STD BSD { int extattr_set_link(const char *path, \ +398 STD BSD { int extattr_set_link(const char *path, \ int attrnamespace, const char *attrname, \ void *data, size_t nbytes); } -400 STD BSD { ssize_t extattr_get_link(const char *path, \ +399 STD BSD { ssize_t extattr_get_link(const char *path, \ int attrnamespace, const char *attrname, \ void *data, size_t nbytes); } -401 STD BSD { int extattr_delete_link(const char *path, \ +400 STD BSD { int extattr_delete_link(const char *path, \ int attrnamespace, const char *attrname); } ==== //depot/projects/trustedbsd/mac/sys/sys/mac.h#165 (text+ko) ==== @@ -69,7 +69,7 @@ * include files once the revised user interface is available. */ #define MAC_MAX_LABEL_ELEMENT_NAME 32 -#define MAC_MAX_LABEL_ELEMENT_DATALEN 128 +#define MAC_MAX_LABEL_ELEMENT_DATALEN 4096 /* XXX: Will be 8192 soon */ struct mac_element { char me_name[MAC_MAX_LABEL_ELEMENT_NAME]; void *me_data; @@ -92,13 +92,6 @@ */ #define MAC_MAX_POLICY_NAME 32 -#define MACCTL_MAX_ARG_LENGTH 4096 - -enum macctl_ops { - MACCTL_OP_POLICY_PRESENT, - MACCTL_OP_POLICY_FULLNAME -}; - #ifndef _KERNEL /* @@ -173,9 +166,12 @@ struct mac_biba_element mb_rangelow, mb_rangehigh; }; +#define MAC_MLS_MAX_COMPARTMENTS 256 + struct mac_mls_element { u_short mme_type; u_short mme_level; + u_char mme_compartments[MAC_MLS_MAX_COMPARTMENTS >> 3]; }; struct mac_mls { ==== //depot/projects/trustedbsd/mac/sys/sys/syscall.h#33 (text+ko) ==== @@ -309,10 +309,9 @@ #define SYS_sendfile 393 #define SYS_mac_syscall 394 #define SYS___mac_get_pid 395 -#define SYS_macctl 396 -#define SYS___mac_get_link 397 -#define SYS___mac_set_link 398 -#define SYS_extattr_set_link 399 -#define SYS_extattr_get_link 400 -#define SYS_extattr_delete_link 401 -#define SYS_MAXSYSCALL 402 +#define SYS___mac_get_link 396 +#define SYS___mac_set_link 397 +#define SYS_extattr_set_link 398 +#define SYS_extattr_get_link 399 +#define SYS_extattr_delete_link 400 +#define SYS_MAXSYSCALL 401 ==== //depot/projects/trustedbsd/mac/sys/sys/sysproto.h#34 (text+ko) ==== @@ -1129,14 +1129,6 @@ char pid_l_[PADL_(pid_t)]; pid_t pid; char pid_r_[PADR_(pid_t)]; char mac_p_l_[PADL_(struct mac *)]; struct mac * mac_p; char mac_p_r_[PADR_(struct mac *)]; }; -struct macctl_args { - char policy_l_[PADL_(char *)]; char * policy; char policy_r_[PADR_(char *)]; - char op_l_[PADL_(u_int)]; u_int op; char op_r_[PADR_(u_int)]; - char arg_l_[PADL_(void *)]; void * arg; char arg_r_[PADR_(void *)]; - char arglen_l_[PADL_(u_int)]; u_int arglen; char arglen_r_[PADR_(u_int)]; - char ret_l_[PADL_(void *)]; void * ret; char ret_r_[PADR_(void *)]; - char retlen_l_[PADL_(u_int *)]; u_int * retlen; char retlen_r_[PADR_(u_int *)]; -}; struct __mac_get_link_args { char path_p_l_[PADL_(const char *)]; const char * path_p; char path_p_r_[PADR_(const char *)]; char mac_p_l_[PADL_(struct mac *)]; struct mac * mac_p; char mac_p_r_[PADR_(struct mac *)]; @@ -1418,7 +1410,6 @@ int sendfile(struct thread *, struct sendfile_args *); int mac_syscall(struct thread *, struct mac_syscall_args *); int __mac_get_pid(struct thread *, struct __mac_get_pid_args *); -int macctl(struct thread *, struct macctl_args *); int __mac_get_link(struct thread *, struct __mac_get_link_args *); int __mac_set_link(struct thread *, struct __mac_set_link_args *); int extattr_set_link(struct thread *, struct extattr_set_link_args *); To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200209300648.g8U6mf8g058202>