Date: Mon, 20 Oct 2003 16:35:20 -0700 (PDT) From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 40041 for review Message-ID: <200310202335.h9KNZKL4099783@repoman.freebsd.org>
index | next in thread | raw e-mail
http://perforce.freebsd.org/chv.cgi?CH=40041 Change 40041 by rwatson@rwatson_tislabs on 2003/10/20 16:34:54 Remove POSIX sem code from kern_mac.c now that it's in mac_posix_sem.c. Hook up mac_posix_sem.c to the build. Affected files ... .. //depot/projects/trustedbsd/mac/sys/conf/files#86 edit .. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#413 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/conf/files#86 (text+ko) ==== @@ -1589,6 +1589,7 @@ posix4/posix4_mib.c standard kern/uipc_sem.c optional p1003_1b_semaphores security/mac/mac_pipe.c optional mac +security/mac/mac_posix_sem.c optional mac security/mac_biba/mac_biba.c optional mac_biba security/mac_bsdextended/mac_bsdextended.c optional mac_bsdextended security/mac_ifoff/mac_ifoff.c optional mac_ifoff ==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#413 (text+ko) ==== @@ -44,7 +44,6 @@ #include "opt_mac.h" #include "opt_devfs.h" -#include "opt_posix.h" #include <sys/param.h> #include <sys/condvar.h> @@ -74,8 +73,6 @@ #include <sys/sem.h> #include <sys/shm.h> -#include <posix4/ksem.h> - #include <vm/vm.h> #include <vm/pmap.h> #include <vm/vm_map.h> @@ -158,11 +155,6 @@ &mac_enforce_network, 0, "Enforce MAC policy on network packets"); TUNABLE_INT("security.mac.enforce_network", &mac_enforce_network); -static int mac_enforce_posix_sem = 1; -SYSCTL_INT(_security_mac, OID_AUTO, enforce_posix_sem, CTLFLAG_RW, - &mac_enforce_posix_sem, 0, "Enforce MAC policy on global POSIX semaphores"); -TUNABLE_INT("security.mac.enforce_posix_sem", &mac_enforce_posix_sem); - static int mac_enforce_process = 1; SYSCTL_INT(_security_mac, OID_AUTO, enforce_process, CTLFLAG_RW, &mac_enforce_process, 0, "Enforce MAC policy on inter-process operations"); @@ -215,7 +207,7 @@ static unsigned int nmacmbufs, nmaccreds, nmacifnets, nmacbpfdescs, nmacsockets, nmacmounts, nmactemp, nmacvnodes, nmacdevfsdirents, nmacipqs, nmacprocs, nmacipcmsgs, nmacipcmsqs, - nmacipcsemas, nmacipcshms, nmacposixksems; + nmacipcsemas, nmacipcshms; SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, mbufs, CTLFLAG_RD, &nmacmbufs, 0, "number of mbufs in use"); @@ -247,8 +239,6 @@ &nmacipcsemas, 0, "number of sysv ipc semaphore identifiers inuse"); SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, ipc_shms, CTLFLAG_RD, &nmacipcshms, 0, "number of sysv ipc shm identifiers inuse"); -SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, posix_ksems, CTLFLAG_RD, - &nmacposixksems, 0, "number of posix global semaphores inuse"); #endif static int mac_policy_register(struct mac_policy_conf *mpc); @@ -833,15 +823,6 @@ MAC_DEBUG_COUNTER_INC(&nmacmounts); } -void -mac_init_posix_ksem(struct ksem *ksemptr) -{ - - mac_init_label(&ksemptr->ks_label); - MAC_PERFORM(init_posix_ksem_label, &ksemptr->ks_label); - MAC_DEBUG_COUNTER_INC(&nmacposixksems); -} - void mac_init_proc(struct proc *p) { @@ -1036,15 +1017,6 @@ } void -mac_destroy_posix_ksem(struct ksem *ksemptr) -{ - - MAC_PERFORM(destroy_posix_ksem_label, &ksemptr->ks_label); - mac_destroy_label(&ksemptr->ks_label); - MAC_DEBUG_COUNTER_DEC(&nmacposixksems); -} - -void mac_destroy_proc(struct proc *p) { @@ -2175,13 +2147,6 @@ MAC_PERFORM(create_ipc_shm, cred, shmsegptr, &shmsegptr->label); } -void -mac_create_posix_ksem(struct ucred *cred, struct ksem *ksemptr) -{ - - MAC_PERFORM(create_posix_ksem, cred, ksemptr, &ksemptr->ks_label); -} - void mac_create_socket(struct ucred *cred, struct socket *socket) { @@ -2813,105 +2778,6 @@ } int -mac_check_posix_sem_close(struct ucred *cred, struct ksem *ksemptr) -{ - int error; - - if (!mac_enforce_posix_sem) - return (0); - - //XXX: Should we also pass &ksemptr->ks_label ?? - MAC_CHECK(check_posix_sem_close, cred, ksemptr); - - return(error); -} - -int -mac_check_posix_sem_destroy(struct ucred *cred, struct ksem *ksemptr) -{ - int error; - - if (!mac_enforce_posix_sem) - return (0); - - //XXX: Should we also pass &ksemptr->ks_label ?? - MAC_CHECK(check_posix_sem_destroy, cred, ksemptr); - - return(error); -} - -int -mac_check_posix_sem_openexisting(struct ucred *cred, struct ksem *ksemptr) -{ - int error; - - if (!mac_enforce_posix_sem) - return (0); - - //XXX: Should we also pass &ksemptr->ks_label ?? - MAC_CHECK(check_posix_sem_openexisting, cred, ksemptr); - - return(error); -} - -int -mac_check_posix_sem_getvalue(struct ucred *cred, struct ksem *ksemptr) -{ - int error; - - if (!mac_enforce_posix_sem) - return (0); - - //XXX: Should we also pass &ksemptr->ks_label ?? - MAC_CHECK(check_posix_sem_getvalue, cred, ksemptr); - - return(error); -} - -int -mac_check_posix_sem_post(struct ucred *cred, struct ksem *ksemptr) -{ - int error; - - if (!mac_enforce_posix_sem) - return (0); - - //XXX: Should we also pass &ksemptr->ks_label ?? - MAC_CHECK(check_posix_sem_post, cred, ksemptr); - - return(error); -} - -int -mac_check_posix_sem_unlink(struct ucred *cred, struct ksem *ksemptr) -{ - int error; - - if (!mac_enforce_posix_sem) - return (0); - - //XXX: Should we also pass &ksemptr->ks_label ?? - MAC_CHECK(check_posix_sem_unlink, cred, ksemptr); - - return(error); -} - -int -mac_check_posix_sem_wait(struct ucred *cred, struct ksem *ksemptr) -{ - int error; - - if (!mac_enforce_posix_sem) - return (0); - - //XXX: Should we also pass &ksemptr->ks_label ?? - MAC_CHECK(check_posix_sem_wait, cred, ksemptr); - - return(error); -} - - -int mac_check_proc_debug(struct ucred *cred, struct proc *proc) { int error;help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200310202335.h9KNZKL4099783>