From owner-p4-projects@FreeBSD.ORG  Mon Oct 20 16:35:22 2003
Return-Path: <owner-p4-projects@FreeBSD.ORG>
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id A6BB016A4C0; Mon, 20 Oct 2003 16:35:22 -0700 (PDT)
Delivered-To: perforce@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 81A0D16A4B3
	for <perforce@freebsd.org>; Mon, 20 Oct 2003 16:35:22 -0700 (PDT)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 716FD43F85
	for <perforce@freebsd.org>; Mon, 20 Oct 2003 16:35:21 -0700 (PDT)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.12.9/8.12.9) with ESMTP id h9KNZLXJ099795
	for <perforce@freebsd.org>; Mon, 20 Oct 2003 16:35:21 -0700 (PDT)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.12.9/8.12.9/Submit) id h9KNZKL4099783
	for perforce@freebsd.org; Mon, 20 Oct 2003 16:35:20 -0700 (PDT)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Date: Mon, 20 Oct 2003 16:35:20 -0700 (PDT)
Message-Id: <200310202335.h9KNZKL4099783@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	bb+lists.freebsd.perforce@cyrus.watson.org using -f
From: Robert Watson <rwatson@FreeBSD.org>
To: Perforce Change Reviews <perforce@freebsd.org>
Subject: PERFORCE change 40041 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Oct 2003 23:35:23 -0000

http://perforce.freebsd.org/chv.cgi?CH=40041

Change 40041 by rwatson@rwatson_tislabs on 2003/10/20 16:34:54

	Remove POSIX sem code from kern_mac.c now that it's in mac_posix_sem.c.
	
	Hook up mac_posix_sem.c to the build.

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/conf/files#86 edit
.. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#413 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/conf/files#86 (text+ko) ====

@@ -1589,6 +1589,7 @@
 posix4/posix4_mib.c	standard
 kern/uipc_sem.c		optional p1003_1b_semaphores
 security/mac/mac_pipe.c		optional mac
+security/mac/mac_posix_sem.c	optional mac
 security/mac_biba/mac_biba.c	optional mac_biba
 security/mac_bsdextended/mac_bsdextended.c	optional mac_bsdextended
 security/mac_ifoff/mac_ifoff.c	optional mac_ifoff

==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#413 (text+ko) ====

@@ -44,7 +44,6 @@
 
 #include "opt_mac.h"
 #include "opt_devfs.h"
-#include "opt_posix.h"
 
 #include <sys/param.h>
 #include <sys/condvar.h>
@@ -74,8 +73,6 @@
 #include <sys/sem.h>
 #include <sys/shm.h>
 
-#include <posix4/ksem.h>
-
 #include <vm/vm.h>
 #include <vm/pmap.h>
 #include <vm/vm_map.h>
@@ -158,11 +155,6 @@
     &mac_enforce_network, 0, "Enforce MAC policy on network packets");
 TUNABLE_INT("security.mac.enforce_network", &mac_enforce_network);
 
-static int	mac_enforce_posix_sem = 1;
-SYSCTL_INT(_security_mac, OID_AUTO, enforce_posix_sem, CTLFLAG_RW,
-    &mac_enforce_posix_sem, 0, "Enforce MAC policy on global POSIX semaphores");
-TUNABLE_INT("security.mac.enforce_posix_sem", &mac_enforce_posix_sem);
-
 static int	mac_enforce_process = 1;
 SYSCTL_INT(_security_mac, OID_AUTO, enforce_process, CTLFLAG_RW,
     &mac_enforce_process, 0, "Enforce MAC policy on inter-process operations");
@@ -215,7 +207,7 @@
 static unsigned int nmacmbufs, nmaccreds, nmacifnets, nmacbpfdescs,
     nmacsockets, nmacmounts, nmactemp, nmacvnodes, nmacdevfsdirents,
     nmacipqs, nmacprocs, nmacipcmsgs, nmacipcmsqs,
-    nmacipcsemas, nmacipcshms, nmacposixksems;
+    nmacipcsemas, nmacipcshms;
 
 SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, mbufs, CTLFLAG_RD,
     &nmacmbufs, 0, "number of mbufs in use");
@@ -247,8 +239,6 @@
     &nmacipcsemas, 0, "number of sysv ipc semaphore identifiers inuse");
 SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, ipc_shms, CTLFLAG_RD,
     &nmacipcshms, 0, "number of sysv ipc shm identifiers inuse");
-SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, posix_ksems, CTLFLAG_RD,
-    &nmacposixksems, 0, "number of posix global semaphores inuse");
 #endif
 
 static int	mac_policy_register(struct mac_policy_conf *mpc);
@@ -833,15 +823,6 @@
 	MAC_DEBUG_COUNTER_INC(&nmacmounts);
 }
 
-void 
-mac_init_posix_ksem(struct ksem *ksemptr)
-{
-
-	mac_init_label(&ksemptr->ks_label);
-	MAC_PERFORM(init_posix_ksem_label, &ksemptr->ks_label);
-	MAC_DEBUG_COUNTER_INC(&nmacposixksems);
-}
-
 void
 mac_init_proc(struct proc *p)
 {
@@ -1036,15 +1017,6 @@
 }
 
 void
-mac_destroy_posix_ksem(struct ksem *ksemptr)
-{
-
-	MAC_PERFORM(destroy_posix_ksem_label, &ksemptr->ks_label);
-	mac_destroy_label(&ksemptr->ks_label);
-	MAC_DEBUG_COUNTER_DEC(&nmacposixksems);
-}
-
-void
 mac_destroy_proc(struct proc *p)
 {
 
@@ -2175,13 +2147,6 @@
 	MAC_PERFORM(create_ipc_shm, cred, shmsegptr, &shmsegptr->label);
 }
 
-void 
-mac_create_posix_ksem(struct ucred *cred, struct ksem *ksemptr)
-{
-
-	MAC_PERFORM(create_posix_ksem, cred, ksemptr, &ksemptr->ks_label);
-}
-
 void
 mac_create_socket(struct ucred *cred, struct socket *socket)
 {
@@ -2813,105 +2778,6 @@
 }
 
 int
-mac_check_posix_sem_close(struct ucred *cred, struct ksem *ksemptr)
-{
-	int error;
-
-	if (!mac_enforce_posix_sem)
-		return (0);
-
-	//XXX: Should we also pass &ksemptr->ks_label ??
-	MAC_CHECK(check_posix_sem_close, cred, ksemptr);
-
-	return(error);
-}
-
-int
-mac_check_posix_sem_destroy(struct ucred *cred, struct ksem *ksemptr)
-{
-	int error;
-
-	if (!mac_enforce_posix_sem)
-		return (0);
-
-	//XXX: Should we also pass &ksemptr->ks_label ??
-	MAC_CHECK(check_posix_sem_destroy, cred, ksemptr);
-
-	return(error);
-}
-
-int
-mac_check_posix_sem_openexisting(struct ucred *cred, struct ksem *ksemptr)
-{
-	int error;
-
-	if (!mac_enforce_posix_sem)
-		return (0);
-
-	//XXX: Should we also pass &ksemptr->ks_label ??
-	MAC_CHECK(check_posix_sem_openexisting, cred, ksemptr);
-
-	return(error);
-}
-
-int
-mac_check_posix_sem_getvalue(struct ucred *cred, struct ksem *ksemptr)
-{
-	int error;
-
-	if (!mac_enforce_posix_sem)
-		return (0);
-
-	//XXX: Should we also pass &ksemptr->ks_label ??
-	MAC_CHECK(check_posix_sem_getvalue, cred, ksemptr);
-
-	return(error);
-}
-
-int
-mac_check_posix_sem_post(struct ucred *cred, struct ksem *ksemptr)
-{
-	int error;
-
-	if (!mac_enforce_posix_sem)
-		return (0);
-
-	//XXX: Should we also pass &ksemptr->ks_label ??
-	MAC_CHECK(check_posix_sem_post, cred, ksemptr);
-
-	return(error);
-}
-
-int
-mac_check_posix_sem_unlink(struct ucred *cred, struct ksem *ksemptr)
-{
-	int error;
-
-	if (!mac_enforce_posix_sem)
-		return (0);
-
-	//XXX: Should we also pass &ksemptr->ks_label ??
-	MAC_CHECK(check_posix_sem_unlink, cred, ksemptr);
-
-	return(error);
-}
-
-int
-mac_check_posix_sem_wait(struct ucred *cred, struct ksem *ksemptr)
-{
-	int error;
-
-	if (!mac_enforce_posix_sem)
-		return (0);
-
-	//XXX: Should we also pass &ksemptr->ks_label ??
-	MAC_CHECK(check_posix_sem_wait, cred, ksemptr);
-
-	return(error);
-}
-
-
-int
 mac_check_proc_debug(struct ucred *cred, struct proc *proc)
 {
 	int error;