From owner-trustedbsd-cvs@FreeBSD.ORG Thu Apr 20 14:26:10 2006 Return-Path: X-Original-To: trustedbsd-cvs@freebsd.org Delivered-To: trustedbsd-cvs@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7107E16A40D for ; Thu, 20 Apr 2006 14:26:10 +0000 (UTC) (envelope-from owner-perforce@freebsd.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 68DBA43D48 for ; Thu, 20 Apr 2006 14:26:06 +0000 (GMT) (envelope-from owner-perforce@freebsd.org) Received: from mx2.freebsd.org (mx2.freebsd.org [216.136.204.119]) by cyrus.watson.org (Postfix) with ESMTP id 25E9646CF8 for ; Thu, 20 Apr 2006 10:26:04 -0400 (EDT) Received: from hub.freebsd.org (hub.freebsd.org [216.136.204.18]) by mx2.freebsd.org (Postfix) with ESMTP id 24AAA5741A; Thu, 20 Apr 2006 14:25:53 +0000 (GMT) (envelope-from owner-perforce@freebsd.org) Received: by hub.freebsd.org (Postfix, from userid 32767) id 1E68116A403; Thu, 20 Apr 2006 14:25:53 +0000 (UTC) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DD15F16A401 for ; Thu, 20 Apr 2006 14:25:52 +0000 (UTC) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8CE9543D46 for ; Thu, 20 Apr 2006 14:25:52 +0000 (GMT) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id k3KEPqrh051626 for ; Thu, 20 Apr 2006 14:25:52 GMT (envelope-from millert@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.1/8.13.1/Submit) id k3KEPqvF051623 for perforce@freebsd.org; Thu, 20 Apr 2006 14:25:52 GMT (envelope-from millert@freebsd.org) Date: Thu, 20 Apr 2006 14:25:52 GMT Message-Id: <200604201425.k3KEPqvF051623@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to millert@freebsd.org using -f From: Todd Miller To: Perforce Change Reviews Cc: Subject: PERFORCE change 95674 for review X-BeenThere: trustedbsd-cvs@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD CVS and Perforce commit message list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Apr 2006 14:26:10 -0000 http://perforce.freebsd.org/chv.cgi?CH=95674 Change 95674 by millert@millert_g5tower on 2006/04/20 14:24:53 Move sebsd_{malloc,free} into sebsd_alloc.c and convert all calls from malloc/free to sebsd_{malloc,free}. Affected files ... .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/Makefile#6 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/linux-compat.h#12 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd.c#39 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd.h#8 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd_alloc.c#1 add .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd_syscall.c#11 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/mach_av.c#11 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/queue.c#6 edit .. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/security.h#6 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/Makefile#6 (text+ko) ==== @@ -4,7 +4,7 @@ POLICY_DESC= "SEDarwin (SELinux compatible TE)" POLICY_NOMAN= yes -POLICY_SRCS= sebsd.c sebsd_syscall.c sebsd_sysctl.c +POLICY_SRCS= sebsd.c sebsd_alloc.c sebsd_syscall.c sebsd_sysctl.c POLICY_SRCS+= ss/avtab.c ss/ebitmap.c ss/hashtab.c ss/init.c ss/policydb.c \ ss/queue.c ss/services.c ss/sidtab.c ss/symtab.c ss/mach_av.c \ ss/conditional.c ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/linux-compat.h#12 (text+ko) ==== @@ -90,19 +90,19 @@ #define __init -extern void *sebsd_malloc(size_t size, int flags); -extern void sebsd_free(void *); +extern void *sebsd_malloc(size_t size, int type, int flags); +extern void sebsd_free(void *, int); /* BSD-style malloc/free emulation */ +#ifndef M_SEBSD #include -#define malloc(size, type, flags) sebsd_malloc(size, flags) -#define free(addr, type) sebsd_free(addr) #define M_SEBSD M_MACTEMP +#endif /* Linux-style kmalloc/kfree (note kfree namespace collision) */ -#define kmalloc(size, flags) sebsd_malloc(size, flags) -#define kfree(addr) sebsd_free(addr) -#define __get_free_page(flags) sebsd_malloc(PAGE_SIZE, flags) +#define kmalloc(size, flags) sebsd_malloc(size, M_SEBSD, flags) +#define kfree(addr) sebsd_free(addr, M_SEBSD) +#define __get_free_page(flags) sebsd_malloc(PAGE_SIZE, M_SEBSD, flags) #define GFP_ATOMIC M_WAITOK /* XXX - want M_NOWAIT but too early */ #define GFP_KERNEL M_WAITOK ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd.c#39 (text+ko) ==== @@ -59,8 +59,16 @@ #include #include #include +#include +#include + +#include -#ifdef __APPLE__ +#include +#include +#include +#include + /* * The code is conditional upon the following list of defines. * At the moment, Darwin does not provide support for all of them: @@ -73,51 +81,8 @@ * HAS_STRINGS * HAS_ACLS */ - #define HAS_STRINGS -#include -#include -#include - -/* XXX - move sebsd_malloc/free */ -void * -sebsd_malloc(size_t size, int flags) -{ - size_t *vs, nsize; - - nsize = size + sizeof(size_t); - vs = (flags & M_NOWAIT) ? - (size_t *)kalloc_noblock(nsize) : (size_t *)kalloc(nsize); - if (vs != NULL) { - *vs++ = nsize; - if (flags & M_ZERO) - bzero(vs, size); - } - return (vs); -} - -void -sebsd_free(void *v) -{ - size_t *vs = v; - - if (vs != NULL) { - vs--; - kfree((vm_offset_t)vs, *vs); - } -} - -#include -#endif - -#include - -#include -#include -#include -#include - int sebsd_verbose = 0; static int slot = 1; /* TBD, dynamic */ @@ -395,7 +360,7 @@ { struct task_security_struct *new_tsec; - new_tsec = sebsd_malloc(sizeof(*new_tsec), M_ZERO | M_WAITOK); + new_tsec = sebsd_malloc(sizeof(*new_tsec), M_SEBSD, M_ZERO | M_WAITOK); new_tsec->osid = new_tsec->sid = SECINITSID_UNLABELED; SLOT(label) = new_tsec; } @@ -405,7 +370,7 @@ { struct file_security_struct *new_fsec; - new_fsec = sebsd_malloc(sizeof(*new_fsec), M_ZERO | M_WAITOK); + new_fsec = sebsd_malloc(sizeof(*new_fsec), M_SEBSD, M_ZERO | M_WAITOK); new_fsec->sid = new_fsec->sid = SECINITSID_UNLABELED; SLOT(label) = new_fsec; } @@ -415,7 +380,7 @@ { struct mount_security_struct *sbsec; - sbsec = sebsd_malloc(sizeof(*sbsec), M_ZERO | M_WAITOK); + sbsec = sebsd_malloc(sizeof(*sbsec), M_SEBSD, M_ZERO | M_WAITOK); sbsec->sid = SECINITSID_UNLABELED; SLOT(label) = sbsec; } @@ -425,7 +390,7 @@ { struct mount_fs_security_struct *sbsec; - sbsec = sebsd_malloc(sizeof(*sbsec), M_ZERO | M_WAITOK); + sbsec = sebsd_malloc(sizeof(*sbsec), M_SEBSD, M_ZERO | M_WAITOK); sbsec->sid = SECINITSID_UNLABELED; SLOT(label) = sbsec; } @@ -435,7 +400,7 @@ { struct network_security_struct *new; - new = sebsd_malloc(sizeof(*new), M_ZERO | M_WAITOK); + new = sebsd_malloc(sizeof(*new), M_SEBSD, M_ZERO | M_WAITOK); new->sid = new->task_sid = SECINITSID_UNLABELED; SLOT(label) = new; } @@ -445,7 +410,7 @@ { struct network_security_struct *new; - new = sebsd_malloc(sizeof(*new), M_ZERO | flag); + new = sebsd_malloc(sizeof(*new), M_SEBSD, M_ZERO | flag); if (new == NULL) { SLOT(label) = NULL; return (ENOMEM); @@ -462,7 +427,7 @@ { struct vnode_security_struct *vsec; - vsec = sebsd_malloc(sizeof(*vsec), M_ZERO | M_WAITOK); + vsec = sebsd_malloc(sizeof(*vsec), M_SEBSD, M_ZERO | M_WAITOK); vsec->sid = SECINITSID_UNLABELED; vsec->task_sid = SECINITSID_UNLABELED; SLOT(label) = vsec; @@ -473,7 +438,7 @@ { struct ipc_security_struct *new; - new = sebsd_malloc(sizeof(*new), M_ZERO | M_WAITOK); + new = sebsd_malloc(sizeof(*new), M_SEBSD, M_ZERO | M_WAITOK); new->sid = SECINITSID_UNLABELED; SLOT(label) = new; } @@ -483,7 +448,7 @@ { struct vnode_security_struct *vsec; - vsec = sebsd_malloc(sizeof(*vsec), M_ZERO | M_WAITOK); + vsec = sebsd_malloc(sizeof(*vsec), M_SEBSD, M_ZERO | M_WAITOK); vsec->sid = SECINITSID_UNLABELED; vsec->task_sid = SECINITSID_UNLABELED; SLOT(label) = vsec; @@ -493,7 +458,7 @@ sebsd_destroy_label(struct label *label) { - sebsd_free(SLOT(label)); + sebsd_free(SLOT(label), M_SEBSD); SLOT(label) = NULL; } @@ -793,7 +758,7 @@ dirent->sclass = devfs_type_to_security_class(devfs_dirent->dn_type); /* Obtain a SID based on the fstype, path, and class. */ - path = sebsd_malloc(strlen(fullpath) + 2, M_ZERO | M_WAITOK); + path = sebsd_malloc(strlen(fullpath) + 2, M_SEBSD, M_ZERO | M_WAITOK); path[0] = '/'; strcpy(&path[1], fullpath); rc = security_genfs_sid("devfs", path, dirent->sclass, &newsid); @@ -822,7 +787,7 @@ "dirent=%d\n", path, rc, dirent->sclass, newsid, dirent->sid); } - sebsd_free(path); + sebsd_free(path, M_SEBSD); } #if 0 @@ -846,7 +811,7 @@ dirent->sclass = SECCLASS_DIR; /* Obtain a SID based on the fstype, path, and class. */ - path = sebsd_malloc(strlen(fullpath) + 2, M_ZERO | M_WAITOK); + path = sebsd_malloc(strlen(fullpath) + 2, M_SEBSD, M_ZERO | M_WAITOK); path[0] = '/'; strcpy(&path[1], fullpath); rc = security_genfs_sid(mp->mnt_vfc->vfc_name, path, dirent->sclass, @@ -861,7 +826,7 @@ __func__, path, sbsec->sid, mp->mnt_stat.f_mntonname, rc, dirent->sclass, newsid, dirent->sid); } - sebsd_free(path); + sebsd_free(path, M_SEBSD); } static void @@ -888,7 +853,7 @@ lnksec->sclass = SECCLASS_LNK_FILE; /* Obtain a SID based on the fstype, path, and class. */ - path = sebsd_malloc(strlen(fullpath) + 2, M_ZERO | M_WAITOK); + path = sebsd_malloc(strlen(fullpath) + 2, M_SEBSD, M_ZERO | M_WAITOK); path[0] = '/'; strcpy(&path[1], fullpath); rc = security_genfs_sid(mp->mnt_vfc->vfc_name, path, lnksec->sclass, @@ -902,7 +867,7 @@ sbsec->sid, mp->mnt_stat.f_mntonname, rc, lnksec->sclass, newsid, lnksec->sid); } - sebsd_free(path); + sebsd_free(path, M_SEBSD); } #endif /* HAS_DEVFS_DIRENT */ ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd.h#8 (text+ko) ==== @@ -54,5 +54,11 @@ extern int sebsd_syscall(struct proc *p, int call, void *args, int *retv); extern int proc_has_system(struct proc *p, u32 perm); extern int proc_has_security(struct proc *p, u32 perm); +extern void *sebsd_malloc(size_t size, int type, int flags); +extern void sebsd_free(void *, int); + +#ifndef M_SEBSD +#define M_SEBSD M_MACTEMP +#endif #endif /* _SYS_SECURITY_SEBSD_H */ ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd_syscall.c#11 (text+ko) ==== @@ -67,13 +67,13 @@ if (rc) return (rc); - kdata = malloc(len, M_SEBSD, M_WAITOK); + kdata = sebsd_malloc(len, M_SEBSD, M_WAITOK); rc = copyin(data, kdata, len); if (rc) return (rc); rc = security_load_policy(kdata, len); - free(kdata, M_SEBSD); + sebsd_free(kdata, M_SEBSD); return (rc); } @@ -88,13 +88,13 @@ if (rc) return (rc); - kdata = malloc(len, M_SEBSD, M_WAITOK); + kdata = sebsd_malloc(len, M_SEBSD, M_WAITOK); rc = copyin(data, kdata, len); if (rc) return (rc); rc = sebsd_load_migscs(kdata, len); - free(kdata, M_SEBSD); + sebsd_free(kdata, M_SEBSD); return (rc); } @@ -159,7 +159,7 @@ } error = copyout(&olen, outlen, sizeof(int)); out2: - sebsd_free(sids); + sebsd_free(sids, M_SEBSD); out: return (error); } @@ -236,12 +236,12 @@ int error; if (gb->out) - out = malloc(gb->len, M_SEBSD, M_WAITOK); + out = sebsd_malloc(gb->len, M_SEBSD, M_WAITOK); error = security_get_bool_string(&gb->len, out); if (out && error == 0) error = copyout(out, gb->out, gb->len); if (out) - free(out, M_SEBSD); + sebsd_free(out, M_SEBSD); return (error); } @@ -274,24 +274,24 @@ error = copyin(args, &uap, sizeof(struct getsid_args)); if (error) return (error); - ctx = sebsd_malloc(MAX_UC, M_WAITOK); + ctx = sebsd_malloc(MAX_UC, M_SEBSD, M_WAITOK); error = copyinstr(uap.ctx, ctx, MAX_UC, &dummy); if (error) { - sebsd_free(ctx); + sebsd_free(ctx, M_SEBSD); return (error); } - usr = sebsd_malloc(MAX_UC, M_WAITOK); + usr = sebsd_malloc(MAX_UC, M_SEBSD, M_WAITOK); error = copyinstr(uap.usr, usr, MAX_UC, &dummy); if (error) { - sebsd_free(ctx); - sebsd_free(usr); + sebsd_free(ctx, M_SEBSD); + sebsd_free(usr, M_SEBSD); return (error); } ctx[MAX_UC-1] = 0; usr[MAX_UC-1] = 0; error = sys_get_sids(call, ctx, usr, uap.out, uap.outlen); - sebsd_free(ctx); - sebsd_free(usr); + sebsd_free(ctx, M_SEBSD); + sebsd_free(usr, M_SEBSD); break; } @@ -304,31 +304,31 @@ error = copyin(args, &uap, sizeof(struct changesid_args)); if (error) return (error); - doms = sebsd_malloc(MAX_UC, M_WAITOK); + doms = sebsd_malloc(MAX_UC, M_SEBSD, M_WAITOK); error = copyinstr(uap.domain, doms, MAX_UC, &dummy); if (error) { - sebsd_free(doms); + sebsd_free(doms, M_SEBSD); return (error); } - srcs = sebsd_malloc(MAX_UC, M_WAITOK); + srcs = sebsd_malloc(MAX_UC, M_SEBSD, M_WAITOK); error = copyinstr(uap.source, srcs, MAX_UC, &dummy); if (error) { - sebsd_free(doms); - sebsd_free(srcs); + sebsd_free(doms, M_SEBSD); + sebsd_free(srcs, M_SEBSD); return (error); } - scs = sebsd_malloc(MAX_UC, M_WAITOK); + scs = sebsd_malloc(MAX_UC, M_SEBSD, M_WAITOK); error = copyinstr(uap.sclass, scs, MAX_UC, &dummy); if (error) { - sebsd_free(doms); - sebsd_free(srcs); - sebsd_free(scs); + sebsd_free(doms, M_SEBSD); + sebsd_free(srcs, M_SEBSD); + sebsd_free(scs, M_SEBSD); return (error); } error = sys_change_sid(doms, srcs, scs, uap.out, uap.outlen); - sebsd_free(doms); - sebsd_free(srcs); - sebsd_free(scs); + sebsd_free(doms, M_SEBSD); + sebsd_free(srcs, M_SEBSD); + sebsd_free(scs, M_SEBSD); return (error); } @@ -368,17 +368,17 @@ if (copyin(args, &p, sizeof(struct lp_args))) return (EFAULT); - str = malloc(p.len, M_SEBSD, M_WAITOK); + str = sebsd_malloc(p.len, M_SEBSD, M_WAITOK); if (!str) return (ENOMEM); if (copyin(p.data, str, p.len)) { - free(str, M_SEBSD); + sebsd_free(str, M_SEBSD); return (EFAULT); } str[p.len-1] = 0; error = security_set_bool(str+1, str[0]-'0'); - free(str, M_SEBSD); + sebsd_free(str, M_SEBSD); break; } ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/mach_av.c#11 (text+ko) ==== @@ -82,13 +82,14 @@ int i; struct msgid_classinfo *c; - c = sebsd_malloc(sizeof(int) * nclasses + sizeof(*c), M_WAITOK); + c = sebsd_malloc(sizeof(int) * nclasses + sizeof(*c), M_SEBSD, + M_WAITOK); c->baseid = msgid; c->nclasses = nclasses; for (i = 0; i < nclasses; i++) c->classes[i] = *p++; for (i = msgid; i < msgid + size; i++) { - int *ip = sebsd_malloc(sizeof(int), M_WAITOK); + int *ip = sebsd_malloc(sizeof(int), M_SEBSD, M_WAITOK); *ip = i; error = hashtab_insert(ht, ip, c); if (error) { ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/queue.c#6 (text+ko) ==== @@ -20,7 +20,8 @@ { queue_t q; - q = (queue_t) sebsd_malloc(sizeof(struct queue_info), M_WAITOK); + q = (queue_t) sebsd_malloc(sizeof(struct queue_info), M_SEBSD, + M_WAITOK); if (q == NULL) return NULL; @@ -38,7 +39,7 @@ return -1; newnode = (queue_node_ptr_t) sebsd_malloc(sizeof(struct queue_node), - M_WAITOK); + M_SEBSD, M_WAITOK); if (newnode == NULL) return -1; @@ -64,7 +65,7 @@ return -1; newnode = (queue_node_ptr_t) sebsd_malloc(sizeof(struct queue_node), - M_WAITOK); + M_SEBSD, M_WAITOK); if (newnode == NULL) return -1; @@ -100,7 +101,7 @@ q->tail = NULL; e = node->element; - sebsd_free(node); + sebsd_free(node, M_SEBSD); return e; } @@ -129,10 +130,10 @@ while (p != NULL) { temp = p; p = p->next; - sebsd_free(temp); + sebsd_free(temp, M_SEBSD); } - sebsd_free(q); + sebsd_free(q, M_SEBSD); } int queue_map(queue_t q, int (*f) (queue_element_t, void *), void *vp) @@ -185,7 +186,7 @@ temp = p; p = p->next; g(temp->element, vp); - sebsd_free(temp); + sebsd_free(temp, M_SEBSD); } else { last = p; p = p->next; ==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/security.h#6 (text+ko) ==== @@ -90,7 +90,7 @@ int security_genfs_sid(const char *fstype, char *name, u16 sclass, u32 *sid); -#define security_free_context(ctx) ({ if (ctx) free(ctx, M_SEBSD); }) +#define security_free_context(ctx) ({ if (ctx) sebsd_free(ctx, M_SEBSD); }) int security_get_bool_string(int *len, char *out); int security_commit_pending_bools(void);