PERFORCE change 148562 for review

Tue Aug 26 23:36:30 UTC 2008

http://perforce.freebsd.org/chv.cgi?CH=148562

Change 148562 by wsalamon at vh2 on 2008/08/26 23:36:13

	For the MAC->AUDIT integration:
	Remove the do/while statements and place the declaration of variables
	and code that is conditionally compiled in the conventional #ifdef
	directives.

Affected files ...

.. //depot/projects/trustedbsd/audit_mac/src/sys/security/audit/audit.c#11 edit
.. //depot/projects/trustedbsd/audit_mac/src/sys/security/audit/audit_bsm.c#5 edit

Differences ...

==== //depot/projects/trustedbsd/audit_mac/src/sys/security/audit/audit.c#11 (text) ====

@@ -207,6 +207,9 @@
 audit_record_dtor(void *mem, int size, void *arg)
 {
 	struct kaudit_record *ar;
+#ifdef MAC
+	struct mac_audit_record *head, *next;
+#endif
 
 	KASSERT(sizeof(*ar) == size, ("audit_record_dtor: wrong size"));
 
@@ -226,19 +229,14 @@
 
 #ifdef MAC
 	/* Free the audit data from the MAC policies. */
-        do {
-                struct mac_audit_record *head, *next;
-
-		head = LIST_FIRST(ar->k_ar.ar_mac_records);
-		while (head != NULL) {
-			next = LIST_NEXT(head, records);
-			free(head->data, M_TEMP);
-			free(head, M_AUDITMAC);
-			head = next;
-		}
- 
-		free(ar->k_ar.ar_mac_records, M_AUDITMAC);
-	} while (0);
+	head = LIST_FIRST(ar->k_ar.ar_mac_records);
+	while (head != NULL) {
+		next = LIST_NEXT(head, records);
+		free(head->data, M_TEMP);
+		free(head, M_AUDITMAC);
+		head = next;
+	}
+	free(ar->k_ar.ar_mac_records, M_AUDITMAC);
 #endif
 
 }
@@ -475,6 +473,9 @@
 	au_class_t class;
 	au_event_t event;
 	au_id_t auid;
+#ifdef MAC
+	int ret;
+#endif
 
 	KASSERT(td->td_ar == NULL, ("audit_syscall_enter: td->td_ar != NULL"));
 
@@ -508,14 +509,11 @@
 	 * the thread for later use.
 	 */
 #ifdef MAC
-do {
-	int ret;
 	ret = mac_audit_check_preselect(td->td_ucred, event);
 	if (ret == MAC_AUDIT_YES) {
 		td->td_ar = audit_new(event, td);
 		td->td_ar->k_ar.ar_forced_by_mac = 1;
-	}
-	else if (ret == MAC_AUDIT_NO) {
+	} else if (ret == MAC_AUDIT_NO) {
 		td->td_ar = NULL;
 	}
 	else {	/* MAC_AUDIT_DEFAULT */
@@ -546,7 +544,6 @@
 		td->td_ar = NULL;
 #ifdef MAC
 	}
-} while (0);
 #endif
 }
 
@@ -559,7 +556,11 @@
 audit_syscall_exit(unsigned int code, int error, struct thread *td)
 {
 	int retval;
+#ifdef MAC
+	int ret;
+#endif
 
+
 	/*
 	 * Commit the audit record as desired; once we pass the record into
 	 * audit_commit(), the memory is owned by the audit subsystem.  The
@@ -573,9 +574,6 @@
 		retval = td->td_retval[0];
 
 #ifdef MAC
-do {
-	int ret;
-
 	if (td->td_ar == NULL)	/* syscall wasn't audited due to preselect */
 		return;
 
@@ -590,7 +588,6 @@
 		td->td_ar = NULL;
 		return;
 	}
-} while (0);
 #endif
 	audit_commit(td->td_ar, error, retval);
 	td->td_ar = NULL;

==== //depot/projects/trustedbsd/audit_mac/src/sys/security/audit/audit_bsm.c#5 (text) ====

@@ -378,6 +378,9 @@
 	au_tid_t tid;
 	struct audit_record *ar;
 	int ctr;
+#ifdef MAC
+	struct mac_audit_record *mar;
+#endif
 
 	KASSERT(kar != NULL, ("kaudit_to_bsm: kar == NULL"));
 
@@ -1430,33 +1433,29 @@
 	}
 
 #ifdef MAC
-	do {
-		/* Convert the audit data from the MAC policies */
-		struct mac_audit_record *mar;
-		
-		LIST_FOREACH(mar, ar->ar_mac_records, records) {
-			switch (mar->type) {
-				case MAC_AUDIT_DATA_TYPE:
-					tok = au_to_data(AUP_BINARY, AUR_BYTE,
-					    mar->length, mar->data);
-					kau_write(rec, tok);
-					break;
-				case MAC_AUDIT_TEXT_TYPE:
-					tok = au_to_text(mar->data);
-					kau_write(rec, tok);
-					break;
-				default:
-					/*
-					 * XXX: we can either continue,
-					 * skipping this particular entry,
-					 * or we can pre-verify the list and
-					 * abort before writing any records
-					 */
-					printf("kaudit_to_bsm(): BSM conversion requested for unknown mac_audit data type %d\n",
-					    mar->type);
-			}
+	/* Convert the audit data from the MAC policies */
+	LIST_FOREACH(mar, ar->ar_mac_records, records) {
+		switch (mar->type) {
+			case MAC_AUDIT_DATA_TYPE:
+				tok = au_to_data(AUP_BINARY, AUR_BYTE,
+				    mar->length, mar->data);
+				kau_write(rec, tok);
+				break;
+			case MAC_AUDIT_TEXT_TYPE:
+				tok = au_to_text(mar->data);
+				kau_write(rec, tok);
+				break;
+			default:
+				/*
+				 * XXX: we can either continue,
+				 * skipping this particular entry,
+				 * or we can pre-verify the list and
+				 * abort before writing any records
+				 */
+				printf("kaudit_to_bsm(): BSM conversion requested for unknown mac_audit data type %d\n",
+				    mar->type);
 		}
-	} while (0);
+	}
 #endif
 
 	kau_write(rec, subj_tok);
