PERFORCE change 95674 for review
Todd Miller
millert at FreeBSD.org
Thu Apr 20 14:26:10 UTC 2006
http://perforce.freebsd.org/chv.cgi?CH=95674
Change 95674 by millert at millert_g5tower on 2006/04/20 14:24:53
Move sebsd_{malloc,free} into sebsd_alloc.c and convert all
calls from malloc/free to sebsd_{malloc,free}.
Affected files ...
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/Makefile#6 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/linux-compat.h#12 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd.c#39 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd.h#8 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd_alloc.c#1 add
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd_syscall.c#11 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/mach_av.c#11 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/queue.c#6 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/security.h#6 edit
Differences ...
==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/Makefile#6 (text+ko) ====
@@ -4,7 +4,7 @@
POLICY_DESC= "SEDarwin (SELinux compatible TE)"
POLICY_NOMAN= yes
-POLICY_SRCS= sebsd.c sebsd_syscall.c sebsd_sysctl.c
+POLICY_SRCS= sebsd.c sebsd_alloc.c sebsd_syscall.c sebsd_sysctl.c
POLICY_SRCS+= ss/avtab.c ss/ebitmap.c ss/hashtab.c ss/init.c ss/policydb.c \
ss/queue.c ss/services.c ss/sidtab.c ss/symtab.c ss/mach_av.c \
ss/conditional.c
==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/linux-compat.h#12 (text+ko) ====
@@ -90,19 +90,19 @@
#define __init
-extern void *sebsd_malloc(size_t size, int flags);
-extern void sebsd_free(void *);
+extern void *sebsd_malloc(size_t size, int type, int flags);
+extern void sebsd_free(void *, int);
/* BSD-style malloc/free emulation */
+#ifndef M_SEBSD
#include <sys/malloc.h>
-#define malloc(size, type, flags) sebsd_malloc(size, flags)
-#define free(addr, type) sebsd_free(addr)
#define M_SEBSD M_MACTEMP
+#endif
/* Linux-style kmalloc/kfree (note kfree namespace collision) */
-#define kmalloc(size, flags) sebsd_malloc(size, flags)
-#define kfree(addr) sebsd_free(addr)
-#define __get_free_page(flags) sebsd_malloc(PAGE_SIZE, flags)
+#define kmalloc(size, flags) sebsd_malloc(size, M_SEBSD, flags)
+#define kfree(addr) sebsd_free(addr, M_SEBSD)
+#define __get_free_page(flags) sebsd_malloc(PAGE_SIZE, M_SEBSD, flags)
#define GFP_ATOMIC M_WAITOK /* XXX - want M_NOWAIT but too early */
#define GFP_KERNEL M_WAITOK
==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd.c#39 (text+ko) ====
@@ -59,8 +59,16 @@
#include <sys/vnode.h>
#include <sys/dirent.h>
#include <sys/fcntl.h>
+#include <sys/ucred.h>
+#include <sys/mac_policy.h>
+
+#include <miscfs/devfs/devfsdefs.h>
-#ifdef __APPLE__
+#include <sedarwin/linux-compat.h>
+#include <sedarwin/sebsd.h>
+#include <sedarwin/sebsd_labels.h>
+#include <sedarwin/ss/policydb.h>
+
/*
* The code is conditional upon the following list of defines.
* At the moment, Darwin does not provide support for all of them:
@@ -73,51 +81,8 @@
* HAS_STRINGS
* HAS_ACLS
*/
-
#define HAS_STRINGS
-#include <sys/ucred.h>
-#include <vm/vm_kern.h>
-#include <kern/kalloc.h>
-
-/* XXX - move sebsd_malloc/free */
-void *
-sebsd_malloc(size_t size, int flags)
-{
- size_t *vs, nsize;
-
- nsize = size + sizeof(size_t);
- vs = (flags & M_NOWAIT) ?
- (size_t *)kalloc_noblock(nsize) : (size_t *)kalloc(nsize);
- if (vs != NULL) {
- *vs++ = nsize;
- if (flags & M_ZERO)
- bzero(vs, size);
- }
- return (vs);
-}
-
-void
-sebsd_free(void *v)
-{
- size_t *vs = v;
-
- if (vs != NULL) {
- vs--;
- kfree((vm_offset_t)vs, *vs);
- }
-}
-
-#include <miscfs/devfs/devfsdefs.h>
-#endif
-
-#include <sys/mac_policy.h>
-
-#include <sedarwin/linux-compat.h>
-#include <sedarwin/sebsd.h>
-#include <sedarwin/sebsd_labels.h>
-#include <sedarwin/ss/policydb.h>
-
int sebsd_verbose = 0;
static int slot = 1; /* TBD, dynamic */
@@ -395,7 +360,7 @@
{
struct task_security_struct *new_tsec;
- new_tsec = sebsd_malloc(sizeof(*new_tsec), M_ZERO | M_WAITOK);
+ new_tsec = sebsd_malloc(sizeof(*new_tsec), M_SEBSD, M_ZERO | M_WAITOK);
new_tsec->osid = new_tsec->sid = SECINITSID_UNLABELED;
SLOT(label) = new_tsec;
}
@@ -405,7 +370,7 @@
{
struct file_security_struct *new_fsec;
- new_fsec = sebsd_malloc(sizeof(*new_fsec), M_ZERO | M_WAITOK);
+ new_fsec = sebsd_malloc(sizeof(*new_fsec), M_SEBSD, M_ZERO | M_WAITOK);
new_fsec->sid = new_fsec->sid = SECINITSID_UNLABELED;
SLOT(label) = new_fsec;
}
@@ -415,7 +380,7 @@
{
struct mount_security_struct *sbsec;
- sbsec = sebsd_malloc(sizeof(*sbsec), M_ZERO | M_WAITOK);
+ sbsec = sebsd_malloc(sizeof(*sbsec), M_SEBSD, M_ZERO | M_WAITOK);
sbsec->sid = SECINITSID_UNLABELED;
SLOT(label) = sbsec;
}
@@ -425,7 +390,7 @@
{
struct mount_fs_security_struct *sbsec;
- sbsec = sebsd_malloc(sizeof(*sbsec), M_ZERO | M_WAITOK);
+ sbsec = sebsd_malloc(sizeof(*sbsec), M_SEBSD, M_ZERO | M_WAITOK);
sbsec->sid = SECINITSID_UNLABELED;
SLOT(label) = sbsec;
}
@@ -435,7 +400,7 @@
{
struct network_security_struct *new;
- new = sebsd_malloc(sizeof(*new), M_ZERO | M_WAITOK);
+ new = sebsd_malloc(sizeof(*new), M_SEBSD, M_ZERO | M_WAITOK);
new->sid = new->task_sid = SECINITSID_UNLABELED;
SLOT(label) = new;
}
@@ -445,7 +410,7 @@
{
struct network_security_struct *new;
- new = sebsd_malloc(sizeof(*new), M_ZERO | flag);
+ new = sebsd_malloc(sizeof(*new), M_SEBSD, M_ZERO | flag);
if (new == NULL) {
SLOT(label) = NULL;
return (ENOMEM);
@@ -462,7 +427,7 @@
{
struct vnode_security_struct *vsec;
- vsec = sebsd_malloc(sizeof(*vsec), M_ZERO | M_WAITOK);
+ vsec = sebsd_malloc(sizeof(*vsec), M_SEBSD, M_ZERO | M_WAITOK);
vsec->sid = SECINITSID_UNLABELED;
vsec->task_sid = SECINITSID_UNLABELED;
SLOT(label) = vsec;
@@ -473,7 +438,7 @@
{
struct ipc_security_struct *new;
- new = sebsd_malloc(sizeof(*new), M_ZERO | M_WAITOK);
+ new = sebsd_malloc(sizeof(*new), M_SEBSD, M_ZERO | M_WAITOK);
new->sid = SECINITSID_UNLABELED;
SLOT(label) = new;
}
@@ -483,7 +448,7 @@
{
struct vnode_security_struct *vsec;
- vsec = sebsd_malloc(sizeof(*vsec), M_ZERO | M_WAITOK);
+ vsec = sebsd_malloc(sizeof(*vsec), M_SEBSD, M_ZERO | M_WAITOK);
vsec->sid = SECINITSID_UNLABELED;
vsec->task_sid = SECINITSID_UNLABELED;
SLOT(label) = vsec;
@@ -493,7 +458,7 @@
sebsd_destroy_label(struct label *label)
{
- sebsd_free(SLOT(label));
+ sebsd_free(SLOT(label), M_SEBSD);
SLOT(label) = NULL;
}
@@ -793,7 +758,7 @@
dirent->sclass = devfs_type_to_security_class(devfs_dirent->dn_type);
/* Obtain a SID based on the fstype, path, and class. */
- path = sebsd_malloc(strlen(fullpath) + 2, M_ZERO | M_WAITOK);
+ path = sebsd_malloc(strlen(fullpath) + 2, M_SEBSD, M_ZERO | M_WAITOK);
path[0] = '/';
strcpy(&path[1], fullpath);
rc = security_genfs_sid("devfs", path, dirent->sclass, &newsid);
@@ -822,7 +787,7 @@
"dirent=%d\n", path,
rc, dirent->sclass, newsid, dirent->sid);
}
- sebsd_free(path);
+ sebsd_free(path, M_SEBSD);
}
#if 0
@@ -846,7 +811,7 @@
dirent->sclass = SECCLASS_DIR;
/* Obtain a SID based on the fstype, path, and class. */
- path = sebsd_malloc(strlen(fullpath) + 2, M_ZERO | M_WAITOK);
+ path = sebsd_malloc(strlen(fullpath) + 2, M_SEBSD, M_ZERO | M_WAITOK);
path[0] = '/';
strcpy(&path[1], fullpath);
rc = security_genfs_sid(mp->mnt_vfc->vfc_name, path, dirent->sclass,
@@ -861,7 +826,7 @@
__func__, path, sbsec->sid, mp->mnt_stat.f_mntonname, rc,
dirent->sclass, newsid, dirent->sid);
}
- sebsd_free(path);
+ sebsd_free(path, M_SEBSD);
}
static void
@@ -888,7 +853,7 @@
lnksec->sclass = SECCLASS_LNK_FILE;
/* Obtain a SID based on the fstype, path, and class. */
- path = sebsd_malloc(strlen(fullpath) + 2, M_ZERO | M_WAITOK);
+ path = sebsd_malloc(strlen(fullpath) + 2, M_SEBSD, M_ZERO | M_WAITOK);
path[0] = '/';
strcpy(&path[1], fullpath);
rc = security_genfs_sid(mp->mnt_vfc->vfc_name, path, lnksec->sclass,
@@ -902,7 +867,7 @@
sbsec->sid, mp->mnt_stat.f_mntonname, rc,
lnksec->sclass, newsid, lnksec->sid);
}
- sebsd_free(path);
+ sebsd_free(path, M_SEBSD);
}
#endif /* HAS_DEVFS_DIRENT */
==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd.h#8 (text+ko) ====
@@ -54,5 +54,11 @@
extern int sebsd_syscall(struct proc *p, int call, void *args, int *retv);
extern int proc_has_system(struct proc *p, u32 perm);
extern int proc_has_security(struct proc *p, u32 perm);
+extern void *sebsd_malloc(size_t size, int type, int flags);
+extern void sebsd_free(void *, int);
+
+#ifndef M_SEBSD
+#define M_SEBSD M_MACTEMP
+#endif
#endif /* _SYS_SECURITY_SEBSD_H */
==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/sebsd_syscall.c#11 (text+ko) ====
@@ -67,13 +67,13 @@
if (rc)
return (rc);
- kdata = malloc(len, M_SEBSD, M_WAITOK);
+ kdata = sebsd_malloc(len, M_SEBSD, M_WAITOK);
rc = copyin(data, kdata, len);
if (rc)
return (rc);
rc = security_load_policy(kdata, len);
- free(kdata, M_SEBSD);
+ sebsd_free(kdata, M_SEBSD);
return (rc);
}
@@ -88,13 +88,13 @@
if (rc)
return (rc);
- kdata = malloc(len, M_SEBSD, M_WAITOK);
+ kdata = sebsd_malloc(len, M_SEBSD, M_WAITOK);
rc = copyin(data, kdata, len);
if (rc)
return (rc);
rc = sebsd_load_migscs(kdata, len);
- free(kdata, M_SEBSD);
+ sebsd_free(kdata, M_SEBSD);
return (rc);
}
@@ -159,7 +159,7 @@
}
error = copyout(&olen, outlen, sizeof(int));
out2:
- sebsd_free(sids);
+ sebsd_free(sids, M_SEBSD);
out:
return (error);
}
@@ -236,12 +236,12 @@
int error;
if (gb->out)
- out = malloc(gb->len, M_SEBSD, M_WAITOK);
+ out = sebsd_malloc(gb->len, M_SEBSD, M_WAITOK);
error = security_get_bool_string(&gb->len, out);
if (out && error == 0)
error = copyout(out, gb->out, gb->len);
if (out)
- free(out, M_SEBSD);
+ sebsd_free(out, M_SEBSD);
return (error);
}
@@ -274,24 +274,24 @@
error = copyin(args, &uap, sizeof(struct getsid_args));
if (error)
return (error);
- ctx = sebsd_malloc(MAX_UC, M_WAITOK);
+ ctx = sebsd_malloc(MAX_UC, M_SEBSD, M_WAITOK);
error = copyinstr(uap.ctx, ctx, MAX_UC, &dummy);
if (error) {
- sebsd_free(ctx);
+ sebsd_free(ctx, M_SEBSD);
return (error);
}
- usr = sebsd_malloc(MAX_UC, M_WAITOK);
+ usr = sebsd_malloc(MAX_UC, M_SEBSD, M_WAITOK);
error = copyinstr(uap.usr, usr, MAX_UC, &dummy);
if (error) {
- sebsd_free(ctx);
- sebsd_free(usr);
+ sebsd_free(ctx, M_SEBSD);
+ sebsd_free(usr, M_SEBSD);
return (error);
}
ctx[MAX_UC-1] = 0;
usr[MAX_UC-1] = 0;
error = sys_get_sids(call, ctx, usr, uap.out, uap.outlen);
- sebsd_free(ctx);
- sebsd_free(usr);
+ sebsd_free(ctx, M_SEBSD);
+ sebsd_free(usr, M_SEBSD);
break;
}
@@ -304,31 +304,31 @@
error = copyin(args, &uap, sizeof(struct changesid_args));
if (error)
return (error);
- doms = sebsd_malloc(MAX_UC, M_WAITOK);
+ doms = sebsd_malloc(MAX_UC, M_SEBSD, M_WAITOK);
error = copyinstr(uap.domain, doms, MAX_UC, &dummy);
if (error) {
- sebsd_free(doms);
+ sebsd_free(doms, M_SEBSD);
return (error);
}
- srcs = sebsd_malloc(MAX_UC, M_WAITOK);
+ srcs = sebsd_malloc(MAX_UC, M_SEBSD, M_WAITOK);
error = copyinstr(uap.source, srcs, MAX_UC, &dummy);
if (error) {
- sebsd_free(doms);
- sebsd_free(srcs);
+ sebsd_free(doms, M_SEBSD);
+ sebsd_free(srcs, M_SEBSD);
return (error);
}
- scs = sebsd_malloc(MAX_UC, M_WAITOK);
+ scs = sebsd_malloc(MAX_UC, M_SEBSD, M_WAITOK);
error = copyinstr(uap.sclass, scs, MAX_UC, &dummy);
if (error) {
- sebsd_free(doms);
- sebsd_free(srcs);
- sebsd_free(scs);
+ sebsd_free(doms, M_SEBSD);
+ sebsd_free(srcs, M_SEBSD);
+ sebsd_free(scs, M_SEBSD);
return (error);
}
error = sys_change_sid(doms, srcs, scs, uap.out, uap.outlen);
- sebsd_free(doms);
- sebsd_free(srcs);
- sebsd_free(scs);
+ sebsd_free(doms, M_SEBSD);
+ sebsd_free(srcs, M_SEBSD);
+ sebsd_free(scs, M_SEBSD);
return (error);
}
@@ -368,17 +368,17 @@
if (copyin(args, &p, sizeof(struct lp_args)))
return (EFAULT);
- str = malloc(p.len, M_SEBSD, M_WAITOK);
+ str = sebsd_malloc(p.len, M_SEBSD, M_WAITOK);
if (!str)
return (ENOMEM);
if (copyin(p.data, str, p.len)) {
- free(str, M_SEBSD);
+ sebsd_free(str, M_SEBSD);
return (EFAULT);
}
str[p.len-1] = 0;
error = security_set_bool(str+1, str[0]-'0');
- free(str, M_SEBSD);
+ sebsd_free(str, M_SEBSD);
break;
}
==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/mach_av.c#11 (text+ko) ====
@@ -82,13 +82,14 @@
int i;
struct msgid_classinfo *c;
- c = sebsd_malloc(sizeof(int) * nclasses + sizeof(*c), M_WAITOK);
+ c = sebsd_malloc(sizeof(int) * nclasses + sizeof(*c), M_SEBSD,
+ M_WAITOK);
c->baseid = msgid;
c->nclasses = nclasses;
for (i = 0; i < nclasses; i++)
c->classes[i] = *p++;
for (i = msgid; i < msgid + size; i++) {
- int *ip = sebsd_malloc(sizeof(int), M_WAITOK);
+ int *ip = sebsd_malloc(sizeof(int), M_SEBSD, M_WAITOK);
*ip = i;
error = hashtab_insert(ht, ip, c);
if (error) {
==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/queue.c#6 (text+ko) ====
@@ -20,7 +20,8 @@
{
queue_t q;
- q = (queue_t) sebsd_malloc(sizeof(struct queue_info), M_WAITOK);
+ q = (queue_t) sebsd_malloc(sizeof(struct queue_info), M_SEBSD,
+ M_WAITOK);
if (q == NULL)
return NULL;
@@ -38,7 +39,7 @@
return -1;
newnode = (queue_node_ptr_t) sebsd_malloc(sizeof(struct queue_node),
- M_WAITOK);
+ M_SEBSD, M_WAITOK);
if (newnode == NULL)
return -1;
@@ -64,7 +65,7 @@
return -1;
newnode = (queue_node_ptr_t) sebsd_malloc(sizeof(struct queue_node),
- M_WAITOK);
+ M_SEBSD, M_WAITOK);
if (newnode == NULL)
return -1;
@@ -100,7 +101,7 @@
q->tail = NULL;
e = node->element;
- sebsd_free(node);
+ sebsd_free(node, M_SEBSD);
return e;
}
@@ -129,10 +130,10 @@
while (p != NULL) {
temp = p;
p = p->next;
- sebsd_free(temp);
+ sebsd_free(temp, M_SEBSD);
}
- sebsd_free(q);
+ sebsd_free(q, M_SEBSD);
}
int queue_map(queue_t q, int (*f) (queue_element_t, void *), void *vp)
@@ -185,7 +186,7 @@
temp = p;
p = p->next;
g(temp->element, vp);
- sebsd_free(temp);
+ sebsd_free(temp, M_SEBSD);
} else {
last = p;
p = p->next;
==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/security.h#6 (text+ko) ====
@@ -90,7 +90,7 @@
int security_genfs_sid(const char *fstype, char *name, u16 sclass,
u32 *sid);
-#define security_free_context(ctx) ({ if (ctx) free(ctx, M_SEBSD); })
+#define security_free_context(ctx) ({ if (ctx) sebsd_free(ctx, M_SEBSD); })
int security_get_bool_string(int *len, char *out);
int security_commit_pending_bools(void);
More information about the trustedbsd-cvs
mailing list