PERFORCE change 95677 for review

Todd Miller millert at FreeBSD.org
Thu Apr 20 14:35:31 UTC 2006 

http://perforce.freebsd.org/chv.cgi?CH=95677

Change 95677 by millert at millert_g5tower on 2006/04/20 14:34:51

	Enable policy and policy load locks

Affected files ...

.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/init.c#6 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/services.c#8 edit
.. //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/services.h#4 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/init.c#6 (text+ko) ====

@@ -15,6 +15,8 @@
 #include <sys/malloc.h>
 #include <sys/systm.h>
 
+#include <kern/lock.h>
+
 #include <sedarwin/linux-compat.h>
 #include <sedarwin/sebsd.h>
 #include <sedarwin/ss/global.h>
@@ -34,6 +36,12 @@
 	if (!preload_find_data("sebsd_policy", &policy_len, &policy_data))
 		goto loaderr;
 
+#ifdef __APPLE__
+	/* Initialize security server locks. */
+	policy_rwlock = lock_alloc(TRUE, ETAP_NO_TRACE, ETAP_NO_TRACE);
+	load_sem = mutex_alloc(ETAP_NO_TRACE);
+#endif
+
 	printf("security:  reading policy configuration\n");
 
 	rc = security_load_policy(policy_data, policy_len);
@@ -41,7 +49,7 @@
 		printf("security:  error while reading policy, cannot initialize.\n");
 		return EINVAL;
 	}
-	
+
 	return 0;
 
 loaderr:

==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/services.c#8 (text+ko) ====

@@ -35,35 +35,17 @@
 #include <sedarwin/avc/avc.h>
 #include <sedarwin/avc/avc_ss.h>
 #include <sys/socket.h>
+#include <kern/lock.h>
 
-#ifdef __FreeBSD__
+lock_t *policy_rwlock;
+#define POLICY_RDLOCK lock_read(policy_rwlock)
+#define POLICY_WRLOCK lock_write(policy_rwlock)
+#define POLICY_RDUNLOCK lock_read_done(policy_rwlock)
+#define POLICY_WRUNLOCK lock_write_done(policy_rwlock)
 
-#include <sys/rwlock.h>
-#include <sys/proc.h>
-
-static struct rwlock policy_rwlock;
-#define POLICY_RDLOCK rw_rlock(&policy_rwlock)
-#define POLICY_WRLOCK rw_wlock(&policy_rwlock)
-#define POLICY_RDUNLOCK rw_runlock(&policy_rwlock)
-#define POLICY_WRUNLOCK rw_wunlock(&policy_rwlock)
-
-RW_SYSINIT(policy_rwlock, &policy_rwlock, "SEBSD policy lock");
-
-static struct mtx load_sem;
-#define LOAD_LOCK mtx_lock(&load_sem)
-#define LOAD_UNLOCK mtx_unlock(&load_sem)
-
-MTX_SYSINIT(load_sem, &load_sem, "SEBSD policy load lock", MTX_DEF);
-
-#else
-/* XXX - define locking for Darwin */
-#define POLICY_RDLOCK 
-#define POLICY_WRLOCK 
-#define POLICY_RDUNLOCK
-#define POLICY_WRUNLOCK
-#define LOAD_LOCK
-#define LOAD_UNLOCK
-#endif
+mutex_t *load_sem;
+#define LOAD_LOCK mutex_lock(load_sem)
+#define LOAD_UNLOCK mutex_unlock(load_sem)
 
 struct sidtab sidtab;
 struct policydb policydb;

==== //depot/projects/trustedbsd/sedarwin7/src/sedarwin/sedarwin/ss/services.h#4 (text+ko) ====

@@ -17,5 +17,11 @@
 extern struct sidtab sidtab;
 extern struct policydb policydb;
 
+/*
+ * Security server locks, as allocated by security_init().
+ */
+extern lock_t *policy_rwlock;
+extern mutex_t *load_sem;
+
 #endif	/* _SS_SERVICES_H_ */

More information about the trustedbsd-cvs mailing list