PERFORCE change 40041 for review
Robert Watson
rwatson at FreeBSD.org
Mon Oct 20 23:35:20 GMT 2003
http://perforce.freebsd.org/chv.cgi?CH=40041
Change 40041 by rwatson at rwatson_tislabs on 2003/10/20 16:34:54
Remove POSIX sem code from kern_mac.c now that it's in mac_posix_sem.c.
Hook up mac_posix_sem.c to the build.
Affected files ...
.. //depot/projects/trustedbsd/mac/sys/conf/files#86 edit
.. //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#413 edit
Differences ...
==== //depot/projects/trustedbsd/mac/sys/conf/files#86 (text+ko) ====
@@ -1589,6 +1589,7 @@
posix4/posix4_mib.c standard
kern/uipc_sem.c optional p1003_1b_semaphores
security/mac/mac_pipe.c optional mac
+security/mac/mac_posix_sem.c optional mac
security/mac_biba/mac_biba.c optional mac_biba
security/mac_bsdextended/mac_bsdextended.c optional mac_bsdextended
security/mac_ifoff/mac_ifoff.c optional mac_ifoff
==== //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c#413 (text+ko) ====
@@ -44,7 +44,6 @@
#include "opt_mac.h"
#include "opt_devfs.h"
-#include "opt_posix.h"
#include <sys/param.h>
#include <sys/condvar.h>
@@ -74,8 +73,6 @@
#include <sys/sem.h>
#include <sys/shm.h>
-#include <posix4/ksem.h>
-
#include <vm/vm.h>
#include <vm/pmap.h>
#include <vm/vm_map.h>
@@ -158,11 +155,6 @@
&mac_enforce_network, 0, "Enforce MAC policy on network packets");
TUNABLE_INT("security.mac.enforce_network", &mac_enforce_network);
-static int mac_enforce_posix_sem = 1;
-SYSCTL_INT(_security_mac, OID_AUTO, enforce_posix_sem, CTLFLAG_RW,
- &mac_enforce_posix_sem, 0, "Enforce MAC policy on global POSIX semaphores");
-TUNABLE_INT("security.mac.enforce_posix_sem", &mac_enforce_posix_sem);
-
static int mac_enforce_process = 1;
SYSCTL_INT(_security_mac, OID_AUTO, enforce_process, CTLFLAG_RW,
&mac_enforce_process, 0, "Enforce MAC policy on inter-process operations");
@@ -215,7 +207,7 @@
static unsigned int nmacmbufs, nmaccreds, nmacifnets, nmacbpfdescs,
nmacsockets, nmacmounts, nmactemp, nmacvnodes, nmacdevfsdirents,
nmacipqs, nmacprocs, nmacipcmsgs, nmacipcmsqs,
- nmacipcsemas, nmacipcshms, nmacposixksems;
+ nmacipcsemas, nmacipcshms;
SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, mbufs, CTLFLAG_RD,
&nmacmbufs, 0, "number of mbufs in use");
@@ -247,8 +239,6 @@
&nmacipcsemas, 0, "number of sysv ipc semaphore identifiers inuse");
SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, ipc_shms, CTLFLAG_RD,
&nmacipcshms, 0, "number of sysv ipc shm identifiers inuse");
-SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, posix_ksems, CTLFLAG_RD,
- &nmacposixksems, 0, "number of posix global semaphores inuse");
#endif
static int mac_policy_register(struct mac_policy_conf *mpc);
@@ -833,15 +823,6 @@
MAC_DEBUG_COUNTER_INC(&nmacmounts);
}
-void
-mac_init_posix_ksem(struct ksem *ksemptr)
-{
-
- mac_init_label(&ksemptr->ks_label);
- MAC_PERFORM(init_posix_ksem_label, &ksemptr->ks_label);
- MAC_DEBUG_COUNTER_INC(&nmacposixksems);
-}
-
void
mac_init_proc(struct proc *p)
{
@@ -1036,15 +1017,6 @@
}
void
-mac_destroy_posix_ksem(struct ksem *ksemptr)
-{
-
- MAC_PERFORM(destroy_posix_ksem_label, &ksemptr->ks_label);
- mac_destroy_label(&ksemptr->ks_label);
- MAC_DEBUG_COUNTER_DEC(&nmacposixksems);
-}
-
-void
mac_destroy_proc(struct proc *p)
{
@@ -2175,13 +2147,6 @@
MAC_PERFORM(create_ipc_shm, cred, shmsegptr, &shmsegptr->label);
}
-void
-mac_create_posix_ksem(struct ucred *cred, struct ksem *ksemptr)
-{
-
- MAC_PERFORM(create_posix_ksem, cred, ksemptr, &ksemptr->ks_label);
-}
-
void
mac_create_socket(struct ucred *cred, struct socket *socket)
{
@@ -2813,105 +2778,6 @@
}
int
-mac_check_posix_sem_close(struct ucred *cred, struct ksem *ksemptr)
-{
- int error;
-
- if (!mac_enforce_posix_sem)
- return (0);
-
- //XXX: Should we also pass &ksemptr->ks_label ??
- MAC_CHECK(check_posix_sem_close, cred, ksemptr);
-
- return(error);
-}
-
-int
-mac_check_posix_sem_destroy(struct ucred *cred, struct ksem *ksemptr)
-{
- int error;
-
- if (!mac_enforce_posix_sem)
- return (0);
-
- //XXX: Should we also pass &ksemptr->ks_label ??
- MAC_CHECK(check_posix_sem_destroy, cred, ksemptr);
-
- return(error);
-}
-
-int
-mac_check_posix_sem_openexisting(struct ucred *cred, struct ksem *ksemptr)
-{
- int error;
-
- if (!mac_enforce_posix_sem)
- return (0);
-
- //XXX: Should we also pass &ksemptr->ks_label ??
- MAC_CHECK(check_posix_sem_openexisting, cred, ksemptr);
-
- return(error);
-}
-
-int
-mac_check_posix_sem_getvalue(struct ucred *cred, struct ksem *ksemptr)
-{
- int error;
-
- if (!mac_enforce_posix_sem)
- return (0);
-
- //XXX: Should we also pass &ksemptr->ks_label ??
- MAC_CHECK(check_posix_sem_getvalue, cred, ksemptr);
-
- return(error);
-}
-
-int
-mac_check_posix_sem_post(struct ucred *cred, struct ksem *ksemptr)
-{
- int error;
-
- if (!mac_enforce_posix_sem)
- return (0);
-
- //XXX: Should we also pass &ksemptr->ks_label ??
- MAC_CHECK(check_posix_sem_post, cred, ksemptr);
-
- return(error);
-}
-
-int
-mac_check_posix_sem_unlink(struct ucred *cred, struct ksem *ksemptr)
-{
- int error;
-
- if (!mac_enforce_posix_sem)
- return (0);
-
- //XXX: Should we also pass &ksemptr->ks_label ??
- MAC_CHECK(check_posix_sem_unlink, cred, ksemptr);
-
- return(error);
-}
-
-int
-mac_check_posix_sem_wait(struct ucred *cred, struct ksem *ksemptr)
-{
- int error;
-
- if (!mac_enforce_posix_sem)
- return (0);
-
- //XXX: Should we also pass &ksemptr->ks_label ??
- MAC_CHECK(check_posix_sem_wait, cred, ksemptr);
-
- return(error);
-}
-
-
-int
mac_check_proc_debug(struct ucred *cred, struct proc *proc)
{
int error;
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list