PERFORCE change 18737 for review
Robert Watson
rwatson at freebsd.org
Sat Oct 5 17:29:46 GMT 2002
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=18737
Change 18737 by rwatson at rwatson_tislabs on 2002/10/05 10:28:47
Sort label and object init/destroy functions to match mac_policy
ordering.
Affected files ...
.. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#295 edit
Differences ...
==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#295 (text+ko) ====
@@ -1160,36 +1160,14 @@
/* implicit: label->l_flags &= ~MAC_FLAG_INITIALIZED; */
}
-int
-mac_init_mbuf(struct mbuf *m, int flag)
-{
- int error;
-
- KASSERT(m->m_flags & M_PKTHDR, ("mac_init_mbuf on non-header mbuf"));
-
- mac_init_label(&m->m_pkthdr.label);
-
- MAC_CHECK(init_mbuf_label, &m->m_pkthdr.label, flag);
- if (error) {
- MAC_PERFORM(destroy_mbuf_label, &m->m_pkthdr.label);
- mac_destroy_label(&m->m_pkthdr.label);
- }
-
-#ifdef MAC_DEBUG
- if (error == 0)
- atomic_add_int(&nmacmbufs, 1);
-#endif
- return (error);
-}
-
void
-mac_destroy_mbuf(struct mbuf *m)
+mac_init_bpfdesc(struct bpf_d *bpf_d)
{
- MAC_PERFORM(destroy_mbuf_label, &m->m_pkthdr.label);
- mac_destroy_label(&m->m_pkthdr.label);
+ mac_init_label(&bpf_d->bd_label);
+ MAC_PERFORM(init_bpfdesc_label, &bpf_d->bd_label);
#ifdef MAC_DEBUG
- atomic_subtract_int(&nmacmbufs, 1);
+ atomic_add_int(&nmacbpfdescs, 1);
#endif
}
@@ -1211,24 +1189,17 @@
mac_init_cred_label(&cred->cr_label);
}
-static void
-mac_destroy_cred_label(struct label *label)
+void
+mac_init_devfsdirent(struct devfs_dirent *de)
{
- MAC_PERFORM(destroy_cred_label, label);
- mac_destroy_label(label);
+ mac_init_label(&de->de_label);
+ MAC_PERFORM(init_devfsdirent_label, &de->de_label);
#ifdef MAC_DEBUG
- atomic_subtract_int(&nmaccreds, 1);
+ atomic_add_int(&nmacdevfsdirents, 1);
#endif
}
-void
-mac_destroy_cred(struct ucred *cred)
-{
-
- mac_destroy_cred_label(&cred->cr_label);
-}
-
static void
mac_init_ifnet_label(struct label *label)
{
@@ -1247,43 +1218,82 @@
mac_init_ifnet_label(&ifp->if_label);
}
-static void
-mac_destroy_ifnet_label(struct label *label)
+void
+mac_init_ipq(struct ipq *ipq)
+{
+
+ mac_init_label(&ipq->ipq_label);
+ MAC_PERFORM(init_ipq_label, &ipq->ipq_label);
+#ifdef MAC_DEBUG
+ atomic_add_int(&nmacipqs, 1);
+#endif
+}
+
+int
+mac_init_mbuf(struct mbuf *m, int flag)
{
+ int error;
+
+ KASSERT(m->m_flags & M_PKTHDR, ("mac_init_mbuf on non-header mbuf"));
+
+ mac_init_label(&m->m_pkthdr.label);
+
+ MAC_CHECK(init_mbuf_label, &m->m_pkthdr.label, flag);
+ if (error) {
+ MAC_PERFORM(destroy_mbuf_label, &m->m_pkthdr.label);
+ mac_destroy_label(&m->m_pkthdr.label);
+ }
- MAC_PERFORM(destroy_ifnet_label, label);
- mac_destroy_label(label);
#ifdef MAC_DEBUG
- atomic_subtract_int(&nmacifnets, 1);
+ if (error == 0)
+ atomic_add_int(&nmacmbufs, 1);
#endif
+ return (error);
}
void
-mac_destroy_ifnet(struct ifnet *ifp)
+mac_init_mount(struct mount *mp)
{
- mac_destroy_ifnet_label(&ifp->if_label);
+ mac_init_label(&mp->mnt_mntlabel);
+ mac_init_label(&mp->mnt_fslabel);
+ MAC_PERFORM(init_mount_label, &mp->mnt_mntlabel);
+ MAC_PERFORM(init_mount_fs_label, &mp->mnt_fslabel);
+#ifdef MAC_DEBUG
+ atomic_add_int(&nmacmounts, 1);
+#endif
}
-void
-mac_init_ipq(struct ipq *ipq)
+static void
+mac_init_pipe_label(struct label *label)
{
- mac_init_label(&ipq->ipq_label);
- MAC_PERFORM(init_ipq_label, &ipq->ipq_label);
+ mac_init_label(label);
+ MAC_PERFORM(init_pipe_label, label);
#ifdef MAC_DEBUG
- atomic_add_int(&nmacipqs, 1);
+ atomic_add_int(&nmacpipes, 1);
#endif
}
void
-mac_destroy_ipq(struct ipq *ipq)
+mac_init_pipe(struct pipe *pipe)
+{
+ struct label *label;
+
+ label = malloc(sizeof(struct label), M_MACPIPELABEL, M_ZERO|M_WAITOK);
+ pipe->pipe_label = label;
+ pipe->pipe_peer->pipe_label = label;
+ mac_init_pipe_label(label);
+}
+
+void
+mac_init_proc(struct proc *p)
{
- MAC_PERFORM(destroy_ipq_label, &ipq->ipq_label);
- mac_destroy_label(&ipq->ipq_label);
+ mac_init_label(&p->p_label);
+ MAC_PERFORM(init_proc, p, &p->p_label);
#ifdef MAC_DEBUG
- atomic_subtract_int(&nmacipqs, 1);
+ atomic_add_int(&nmacprocs, 1);
#endif
}
@@ -1341,126 +1351,100 @@
}
static void
-mac_destroy_socket_label(struct label *label)
+mac_init_vnode_label(struct label *label)
{
- MAC_PERFORM(destroy_socket_label, label);
- mac_destroy_label(label);
+ mac_init_label(label);
+ MAC_PERFORM(init_vnode_label, label);
#ifdef MAC_DEBUG
- atomic_subtract_int(&nmacsockets, 1);
+ atomic_add_int(&nmacvnodes, 1);
#endif
}
-static void
-mac_destroy_socket_peer_label(struct label *label)
+void
+mac_init_vnode(struct vnode *vp)
{
- MAC_PERFORM(destroy_socket_peer_label, label);
- mac_destroy_label(label);
+ mac_init_vnode_label(&vp->v_label);
}
void
-mac_destroy_socket(struct socket *socket)
+mac_destroy_bpfdesc(struct bpf_d *bpf_d)
{
- mac_destroy_socket_label(&socket->so_label);
- mac_destroy_socket_peer_label(&socket->so_peerlabel);
-}
-
-static void
-mac_init_pipe_label(struct label *label)
-{
-
- mac_init_label(label);
- MAC_PERFORM(init_pipe_label, label);
+ MAC_PERFORM(destroy_bpfdesc_label, &bpf_d->bd_label);
+ mac_destroy_label(&bpf_d->bd_label);
#ifdef MAC_DEBUG
- atomic_add_int(&nmacpipes, 1);
+ atomic_subtract_int(&nmacbpfdescs, 1);
#endif
}
-void
-mac_init_pipe(struct pipe *pipe)
-{
- struct label *label;
-
- label = malloc(sizeof(struct label), M_MACPIPELABEL, M_ZERO|M_WAITOK);
- pipe->pipe_label = label;
- pipe->pipe_peer->pipe_label = label;
- mac_init_pipe_label(label);
-}
-
static void
-mac_destroy_pipe_label(struct label *label)
+mac_destroy_cred_label(struct label *label)
{
- MAC_PERFORM(destroy_pipe_label, label);
+ MAC_PERFORM(destroy_cred_label, label);
mac_destroy_label(label);
#ifdef MAC_DEBUG
- atomic_subtract_int(&nmacpipes, 1);
+ atomic_subtract_int(&nmaccreds, 1);
#endif
}
void
-mac_destroy_pipe(struct pipe *pipe)
+mac_destroy_cred(struct ucred *cred)
{
- mac_destroy_pipe_label(pipe->pipe_label);
- free(pipe->pipe_label, M_MACPIPELABEL);
+
+ mac_destroy_cred_label(&cred->cr_label);
}
void
-mac_init_proc(struct proc *p)
+mac_destroy_devfsdirent(struct devfs_dirent *de)
{
- mac_init_label(&p->p_label);
- MAC_PERFORM(init_proc, p, &p->p_label);
+ MAC_PERFORM(destroy_devfsdirent_label, &de->de_label);
+ mac_destroy_label(&de->de_label);
#ifdef MAC_DEBUG
- atomic_add_int(&nmacprocs, 1);
+ atomic_subtract_int(&nmacdevfsdirents, 1);
#endif
}
void
-mac_destroy_proc(struct proc *p)
+mac_destroy_mbuf(struct mbuf *m)
{
- MAC_PERFORM(destroy_proc, p, &p->p_label);
- mac_destroy_label(&p->p_label);
+ MAC_PERFORM(destroy_mbuf_label, &m->m_pkthdr.label);
+ mac_destroy_label(&m->m_pkthdr.label);
#ifdef MAC_DEBUG
- atomic_subtract_int(&nmacprocs, 1);
+ atomic_subtract_int(&nmacmbufs, 1);
#endif
}
-void
-mac_init_bpfdesc(struct bpf_d *bpf_d)
+static void
+mac_destroy_ifnet_label(struct label *label)
{
- mac_init_label(&bpf_d->bd_label);
- MAC_PERFORM(init_bpfdesc_label, &bpf_d->bd_label);
+ MAC_PERFORM(destroy_ifnet_label, label);
+ mac_destroy_label(label);
#ifdef MAC_DEBUG
- atomic_add_int(&nmacbpfdescs, 1);
+ atomic_subtract_int(&nmacifnets, 1);
#endif
}
void
-mac_destroy_bpfdesc(struct bpf_d *bpf_d)
+mac_destroy_ifnet(struct ifnet *ifp)
{
- MAC_PERFORM(destroy_bpfdesc_label, &bpf_d->bd_label);
- mac_destroy_label(&bpf_d->bd_label);
-#ifdef MAC_DEBUG
- atomic_subtract_int(&nmacbpfdescs, 1);
-#endif
+ mac_destroy_ifnet_label(&ifp->if_label);
}
void
-mac_init_mount(struct mount *mp)
+mac_destroy_ipq(struct ipq *ipq)
{
- mac_init_label(&mp->mnt_mntlabel);
- mac_init_label(&mp->mnt_fslabel);
- MAC_PERFORM(init_mount_label, &mp->mnt_mntlabel);
- MAC_PERFORM(init_mount_fs_label, &mp->mnt_fslabel);
+ MAC_PERFORM(destroy_ipq_label, &ipq->ipq_label);
+ mac_destroy_label(&ipq->ipq_label);
#ifdef MAC_DEBUG
- atomic_add_int(&nmacmounts, 1);
+ atomic_subtract_int(&nmacipqs, 1);
#endif
}
@@ -1478,61 +1462,77 @@
}
static void
-mac_init_vnode_label(struct label *label)
+mac_destroy_pipe_label(struct label *label)
{
- mac_init_label(label);
- MAC_PERFORM(init_vnode_label, label);
+ MAC_PERFORM(destroy_pipe_label, label);
+ mac_destroy_label(label);
#ifdef MAC_DEBUG
- atomic_add_int(&nmacvnodes, 1);
+ atomic_subtract_int(&nmacpipes, 1);
#endif
}
void
-mac_init_vnode(struct vnode *vp)
+mac_destroy_pipe(struct pipe *pipe)
+{
+ mac_destroy_pipe_label(pipe->pipe_label);
+ free(pipe->pipe_label, M_MACPIPELABEL);
+}
+
+void
+mac_destroy_proc(struct proc *p)
{
- mac_init_vnode_label(&vp->v_label);
+ MAC_PERFORM(destroy_proc, p, &p->p_label);
+ mac_destroy_label(&p->p_label);
+#ifdef MAC_DEBUG
+ atomic_subtract_int(&nmacprocs, 1);
+#endif
}
static void
-mac_destroy_vnode_label(struct label *label)
+mac_destroy_socket_label(struct label *label)
{
- MAC_PERFORM(destroy_vnode_label, label);
+ MAC_PERFORM(destroy_socket_label, label);
mac_destroy_label(label);
#ifdef MAC_DEBUG
- atomic_subtract_int(&nmacvnodes, 1);
+ atomic_subtract_int(&nmacsockets, 1);
#endif
}
+static void
+mac_destroy_socket_peer_label(struct label *label)
+{
+
+ MAC_PERFORM(destroy_socket_peer_label, label);
+ mac_destroy_label(label);
+}
+
void
-mac_destroy_vnode(struct vnode *vp)
+mac_destroy_socket(struct socket *socket)
{
- mac_destroy_vnode_label(&vp->v_label);
+ mac_destroy_socket_label(&socket->so_label);
+ mac_destroy_socket_peer_label(&socket->so_peerlabel);
}
-void
-mac_init_devfsdirent(struct devfs_dirent *de)
+static void
+mac_destroy_vnode_label(struct label *label)
{
- mac_init_label(&de->de_label);
- MAC_PERFORM(init_devfsdirent_label, &de->de_label);
+ MAC_PERFORM(destroy_vnode_label, label);
+ mac_destroy_label(label);
#ifdef MAC_DEBUG
- atomic_add_int(&nmacdevfsdirents, 1);
+ atomic_subtract_int(&nmacvnodes, 1);
#endif
}
void
-mac_destroy_devfsdirent(struct devfs_dirent *de)
+mac_destroy_vnode(struct vnode *vp)
{
- MAC_PERFORM(destroy_devfsdirent_label, &de->de_label);
- mac_destroy_label(&de->de_label);
-#ifdef MAC_DEBUG
- atomic_subtract_int(&nmacdevfsdirents, 1);
-#endif
+ mac_destroy_vnode_label(&vp->v_label);
}
static void
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list