Date: Mon, 22 Jan 2007 16:08:53 GMT From: Todd Miller <millert@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 113350 for review Message-ID: <200701221608.l0MG8r2r027762@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=113350 Change 113350 by millert@millert_macbook on 2007/01/22 16:08:06 No longer delay avc logging via printf() until the thread exits. It no longer seems to be required. Affected files ... .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/avc/avc_audit.c#5 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/linux-compat.h#6 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#70 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/avc/avc_audit.c#5 (text+ko) ==== @@ -43,76 +43,34 @@ /* * Emulate Linux audit API. - * In the future we may wish to use the BSM audit support instead. + * In the future we may wish to use the BSD audit support instead. */ +lck_spin_t *avc_log_lock; + struct audit_buffer { struct sbuf sbuf; char buf[1024]; }; - -#define AUDIT_SLOT_MAX 256 -static SInt32 nslots; -struct audit_buffer *audit_slots[AUDIT_SLOT_MAX]; - -lck_spin_t *avc_log_lock; +static struct audit_buffer audit_buf; struct audit_buffer * audit_log_start(void) { - struct audit_buffer *ab; - ab = sebsd_malloc(sizeof(*ab), M_SEBSD, M_NOWAIT); - if (ab != NULL) - sbuf_new(&ab->sbuf, ab->buf, sizeof(ab->buf), SBUF_FIXEDLEN); - - return (ab); + lck_spin_lock(avc_log_lock); + sbuf_new(&audit_buf.sbuf, audit_buf.buf, sizeof(audit_buf.buf), + SBUF_FIXEDLEN); + return (&audit_buf); } void audit_log_end(struct audit_buffer *ab) { - int i; - UInt32 oldval; sbuf_finish(&ab->sbuf); - - /* - * Find and claim an audit slot (assumes 32bit pointers). - */ - for (i = 0; i < AUDIT_SLOT_MAX; i++) { - oldval = (UInt32)audit_slots[i]; - if (oldval == 0 && OSCompareAndSwap(oldval, (UInt32)ab, - (UInt32 *)&audit_slots[i])) { - OSIncrementAtomic(&nslots); - return; - } - } - /* No free slots, drop record. */ - sebsd_free(ab, M_SEBSD); -} - -void -audit_log_process(void) -{ - struct audit_buffer *ab; - int i; - - /* - * Print and free all existing (finished) audit records. - */ - lck_spin_lock(avc_log_lock); - for (i = 0; nslots != 0 && i < AUDIT_SLOT_MAX; i++) { - ab = audit_slots[i]; - if (ab != NULL) { - if (OSCompareAndSwap((UInt32)ab, 0, - (UInt32 *)&audit_slots[i])) { - OSDecrementAtomic(&nslots); - printf("\n%s\n", sbuf_data(&ab->sbuf)); - sebsd_free(ab, M_SEBSD); - } - } - } + printf("\n%s\n", sbuf_data(&ab->sbuf)); + sbuf_delete(&ab->sbuf); /* XXX - not really needed */ lck_spin_unlock(avc_log_lock); } ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/linux-compat.h#6 (text+ko) ==== @@ -142,7 +142,6 @@ void audit_log_end(struct audit_buffer *); void audit_log_format(struct audit_buffer *, const char *, ...); void audit_log_untrustedstring(struct audit_buffer *, const char *); -void audit_log_process(void); #define audit_log(ac, mf, af, ...) sebsd_log(__VA_ARGS__) /* we don't enable the selinux netlbl support */ ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#70 (text+ko) ==== @@ -3530,14 +3530,6 @@ return (ipc_has_perm(cred, pshmlabel, SHM__DESTROY)); } -static void -sebsd_thread_userret(int code, int error, struct thread *thread) -{ - - /* Process any pending audit log records at syscall exit. */ - audit_log_process(); -} - static struct mac_policy_ops sebsd_ops = { .mpo_bpfdesc_label_associate = sebsd_bpfdesc_label_associate, .mpo_bpfdesc_label_destroy = sebsd_label_destroy, @@ -3749,7 +3741,6 @@ .mpo_task_label_init = sebsd_label_init, .mpo_task_label_internalize = sebsd_label_internalize, .mpo_task_label_update = sebsd_task_label_update, - .mpo_thread_userret = sebsd_thread_userret, .mpo_vnode_check_access = sebsd_vnode_check_access, .mpo_vnode_check_chdir = sebsd_vnode_check_chdir, .mpo_vnode_check_chroot = sebsd_vnode_check_chroot,
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200701221608.l0MG8r2r027762>