Date: Fri, 22 Oct 2004 22:07:05 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 63543 for review Message-ID: <200410222207.i9MM756V041744@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=63543 Change 63543 by rwatson@rwatson_tislabs on 2004/10/22 22:06:20 Some cleanup for merge to CVS: formatting, layout, structure. Affected files ... .. //depot/projects/trustedbsd/mac/sys/kern/sysv_ipc.c#11 edit .. //depot/projects/trustedbsd/mac/sys/kern/sysv_msg.c#26 edit .. //depot/projects/trustedbsd/mac/sys/kern/sysv_sem.c#29 edit .. //depot/projects/trustedbsd/mac/sys/kern/sysv_shm.c#26 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/kern/sysv_ipc.c#11 (text+ko) ==== ==== //depot/projects/trustedbsd/mac/sys/kern/sysv_msg.c#26 (text+ko) ==== @@ -218,6 +218,9 @@ { struct msqid_kernel *msqkptr; int msqid; +#ifdef MAC + int i; +#endif /* * Make sure that the msgunload maintains the consistency of the @@ -240,11 +243,8 @@ #ifdef MAC - int i; - /* Clean up the MAC label associated with the msg objects. */ for (i = 0; i < msginfo.msgtql; i++) mac_destroy_sysv_msgmsg(&msghdrs[i]); - /* Clean up the MAC label associated with the msq objects. */ for (msqid = 0; msqid < msginfo.msgmni; msqid++) mac_destroy_sysv_msgqueue(&msqids[msqid]); #endif @@ -346,7 +346,6 @@ msghdr->msg_next = free_msghdrs; free_msghdrs = msghdr; #ifdef MAC - /* XXX: Reset the MAC label */ mac_cleanup_sysv_msgmsg(msghdr); #endif } @@ -403,9 +402,9 @@ goto done2; } #ifdef MAC - if ((error = mac_check_sysv_msqctl(td->td_ucred,msqkptr,cmd))) { - MPRINTF(( - "MAC Framework: mac_check_sysv_msqctl permission denied!\n")); + error = mac_check_sysv_msqctl(td->td_ucred, msqkptr, cmd); + if (error != 0) { + MPRINTF(("mac_check_sysv_msqctl returned %d\n", error)); goto done2; } #endif @@ -431,16 +430,14 @@ * thread cannot free a certain msghdr. The msq will get * into an inconsistent state. */ - msghdr = msqkptr->u.msg_first; - while (msghdr != NULL) { - if ((error = mac_check_sysv_msgrmid(td->td_ucred, - msghdr))) { - MPRINTF( - "MAC Framework: mac_check_sysv_msgrmid permission denied\n"); - /* XXX wakeup(msqkptr); ??? */ + for (msghdr = msqkptr->u.msg_first; msghdr != NULL; + msghdr = msghdr->msg_next) { + error = mac_check_sysv_msgrmid(td->td_ucred, msghdr); + if (error != 0) { + MPRINTF(("mac_check_sysv_msgrmid returned %d\n", + error)); goto done2; } - msghdr = msghdr->msg_next; } #endif @@ -465,7 +462,6 @@ msqkptr->u.msg_qbytes = 0; /* Mark it as free */ #ifdef MAC - /* XXX: Reset the MAC label */ mac_cleanup_sysv_msgqueue(msqkptr); #endif @@ -570,9 +566,10 @@ goto done2; } #ifdef MAC - if ((error = mac_check_sysv_msqget(cred, msqkptr))) { - MPRINTF( - "MAC Framework: mac_check_sysv_msqget access denied\n"); + error = mac_check_sysv_msqget(cred, msqkptr); + if (error != 0) { + MPRINTF(("mac_check_sysv_msqget returned %d\n", + error); goto done2; } #endif @@ -694,13 +691,9 @@ } #ifdef MAC - /* - * Make sure that the thread has access rights to the message - * queue. - */ - if ((error = mac_check_sysv_msqsnd(td->td_ucred, msqkptr))) { - MPRINTF(( -"MAC Framework: mac_check_sysv_msqsnd permission denied\n")); + error = mac_check_sysv_msqsnd(td->td_ucred, msqkptr); + if (error != 0) { + MPRINTF(("mac_check_sysv_msqsnd returned %d\n", error)); goto done2; } #endif @@ -819,12 +812,12 @@ msghdr->msg_spot = -1; msghdr->msg_ts = msgsz; #ifdef MAC - mac_create_sysv_msgmsg(td->td_ucred, msqkptr, msghdr); /* - * XXX: Should the mac_check_sysv_msgmsq check follow here + * XXXMAC: Should the mac_check_sysv_msgmsq check follow here * immediately? Or, should it be checked just before the msg is * enqueued in the msgq (as it is done now)? */ + mac_create_sysv_msgmsg(td->td_ucred, msqkptr, msghdr); #endif /* @@ -930,31 +923,30 @@ goto done2; } - /* - * Put the message into the queue - */ - #ifdef MAC /* * Note: Since the task/thread allocates the msghdr and usually - * primes it with its own MAC label,for a majority of policies, it + * primes it with its own MAC label, for a majority of policies, it * won't be necessary to check whether the msghdr has access - * permissions to the msgq. The mac_check_sysv_msqsnd check would + * permissions to the msgq. The mac_check_sysv_msqsnd check would * suffice in that case. However, this hook may be required where * individual policies derive a non-identical label for the msghdr * from the current thread label and may want to check the msghdr * enqueue permissions, along with read/write permissions to the * msgq. */ - if ((error = mac_check_sysv_msgmsq(td->td_ucred,msghdr,msqkptr))) { - MPRINTF(( - "MAC Framework: mac_check_sysv_msqmsq permission denied\n")); + error = mac_check_sysv_msgmsq(td->td_ucred, msghdr, msqkptr); + if (error != 0) { + MPRINTF(("mac_check_sysv_msqmsq returned %d\n", error)); msg_freehdr(msghdr); wakeup(msqkptr); goto done2; } #endif + /* + * Put the message into the queue + */ if (msqkptr->u.msg_first == NULL) { msqkptr->u.msg_first = msghdr; msqkptr->u.msg_last = msghdr; @@ -1038,12 +1030,9 @@ } #ifdef MAC - /* - * Make sure that the thread has access rights to the message queue. - */ - if ((error = mac_check_sysv_msqrcv(td->td_ucred, msqkptr))) { - MPRINTF(( -"MAC Framework: mac_check_sysv_msqrcv permission denied\n")); + error = mac_check_sysv_msqrcv(td->td_ucred, msqkptr); + if (error != 0) { + MPRINTF(("mac_check_sysv_msqrcv returned %d\n", error)); goto done2; } #endif @@ -1062,14 +1051,11 @@ goto done2; } #ifdef MAC - /* - * Make sure that the thread has access - * rights to the message header. - */ - if ((error = mac_check_sysv_msgrcv(td->td_ucred, - msghdr))) { - MPRINTF(( - "MAC Framework: mac_check_sysv_msgrcv permission denied\n")); + error = mac_check_sysv_msgrcv(td->td_ucred, + msghdr); + if (error != 0) { + MPRINTF(("mac_check_sysv_msgrcv " + "returned %d\n", error)); goto done2; } #endif @@ -1113,16 +1099,12 @@ goto done2; } #ifdef MAC - /* - * Make sure that the thread has - * access rights to the message - * header. - */ - if ((error = - mac_check_sysv_msgrcv(td->td_ucred, - msghdr))) { - MPRINTF(( - "MAC Framework: mac_check_sysv_msgrcv permission denied\n")); + error = mac_check_sysv_msgrcv( + td->td_ucred, msghdr); + if (error != 0) { + MPRINTF(("mac_check_sysv_" + "msgrcv returned %d\n", + error)); goto done2; } #endif ==== //depot/projects/trustedbsd/mac/sys/kern/sysv_sem.c#29 (text+ko) ==== @@ -551,9 +551,9 @@ if ((error = ipcperm(td, &semakptr->u.sem_perm, IPC_R))) goto done2; #ifdef MAC - if ((error = mac_check_sysv_semctl(cred, semakptr, cmd))) { - MPRINTF(( - "MAC Framework: mac_check_sysv_semctl access denied\n")); + error = mac_check_sysv_semctl(cred, semakptr, cmd); + if (error != 0) { + MPRINTF(("mac_check_sysv_semctl returned %d\n", error)); goto done2; } #endif @@ -574,9 +574,9 @@ sema_mtxp = &sema_mtx[semid]; #ifdef MAC mtx_lock(sema_mtxp); - if ((error = mac_check_sysv_semctl(cred, semakptr, cmd))) { - MPRINTF(( - "MAC Framework: mac_check_sysv_semctl access denied\n")); + error = mac_check_sysv_semctl(cred, semakptr, cmd); + if (error != 0) { + MPRINTF(("mac_check_sysv_semctl returned %d\n", error)); goto done2; } mtx_unlock(sema_mtxp); @@ -838,10 +838,10 @@ goto done2; } #ifdef MAC - if ((error = mac_check_sysv_semget(cred, - &sema[semid]))) { - MPRINTF(( - "MAC Framework: mac_check_sysv_semget access denied\n")); + error = mac_check_sysv_semget(cred, &sema[semid]); + if (error != 0) { + MPRINTF(("mac_check_sysv_semget returned %d\n", + error); goto done2; } #endif @@ -999,14 +999,9 @@ goto done2; } #ifdef MAC - /* - * The MAC hook checks whether the thread has read (and possibly - * write) permissions to the semaphore array based on the - * sopptr->sem_op value. - */ - if ((error = mac_check_sysv_semop(td->td_ucred, semakptr, j))) { - MPRINTF(( - "MAC Framework: mac_check_sysv_semop access denied\n")); + error = mac_check_sysv_semop(td->td_ucred, semakptr, j); + if (error != 0) { + MPRINTF(("mac_check_sysv_semop returned %d\n", error)); goto done2; } #endif ==== //depot/projects/trustedbsd/mac/sys/kern/sysv_shm.c#26 (text+ko) ==== @@ -221,7 +221,6 @@ shm_nused--; shmseg->u.shm_perm.mode = SHMSEG_FREE; #ifdef MAC - /* Reset the MAC label */ mac_cleanup_sysv_shm(shmseg); #endif } @@ -295,9 +294,9 @@ */ struct shmid_kernel *shmsegptr; shmsegptr = &shmsegs[IPCID_TO_IX(shmmap_s->shmid)]; - if ((error = mac_check_sysv_shmdt(td->td_ucred, shmsegptr))) { - MPRINTF(( - "MAC Framework: mac_check_sysv_shmdt access denied\n")); + error = mac_check_sysv_shmdt(td->td_ucred, shmsegptr); + if (error != 0) { + MPRINTF(("mac_check_sysv_shmdt returned %d\n", error)); goto done2; } #endif @@ -356,9 +355,9 @@ if (error) goto done2; #ifdef MAC - if ((error = mac_check_sysv_shmat(td->td_ucred, shmseg, shmflg))) { - MPRINTF(( - "MAC Framework: mac_check_sysv_shmat access denied\n")); + error = mac_check_sysv_shmat(td->td_ucred, shmseg, shmflg); + if (error != 0) { + MPRINTF(("mac_check_sysv_shmat returned %d\n", error); goto done2; } #endif @@ -476,9 +475,9 @@ if (error) goto done2; #ifdef MAC - if ((error = mac_check_sysv_shmctl(td->td_ucred, shmseg, uap->cmd))) { - MPRINTF(( - "MAC Framework: mac_check_sysv_shmctl access denied\n")); + error = mac_check_sysv_shmctl(td->td_ucred, shmseg, uap->cmd); + if (error != 0) { + MPRINTF(("mac_check_sysv_shmctl returned %d\n", error); goto done2; } #endif @@ -564,9 +563,9 @@ goto done2; } #ifdef MAC - if ((error = mac_check_sysv_shmctl(td->td_ucred, shmseg, cmd))) { - MPRINTF(( - "MAC Framework: mac_check_sysv_shmctl access denied\n")); + error = mac_check_sysv_shmctl(td->td_ucred, shmseg, cmd); + if (error != 0) { + MPRINTF(("mac_check_sysv_shmctl returned %d\n", error)); goto done2; } #endif @@ -694,10 +693,9 @@ return (EEXIST); error = ipcperm(td, &shmseg->u.shm_perm, mode); #ifdef MAC - if ((error = mac_check_sysv_shmget(td->td_ucred,shmseg,uap->shmflg))) { - MPRINTF(( - "MAC Framework: mac_check_sysv_shmget access denied\n")); - } + error = mac_check_sysv_shmget(td->td_ucred, shmseg, uap->shmflg); + if (error != 0) + MPRINTF(("mac_check_sysv_shmget returned %d\n", error)); #endif if (error) return (error);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200410222207.i9MM756V041744>