PERFORCE change 104219 for review

Todd Miller millert at FreeBSD.org
Wed Aug 16 13:30:52 UTC 2006 

http://perforce.freebsd.org/chv.cgi?CH=104219

Change 104219 by millert at millert_macbook on 2006/08/16 13:30:07

	Introduce a reference count to struct mac_label_element
	so that we don't have to loop through every policy in
	mac_policy_removefrom_labellist() to tell whether or not
	another policy is interested in the label namespace.

Affected files ...

.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_base.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_internal.h#3 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_base.c#3 (text+ko) ====

@@ -518,6 +518,7 @@
 			LIST_FOREACH(mle, &mac_static_label_element_list, 
 			    mle_list) {
 				if (strcmp(name, mle->mle_name) == 0) {
+					/* ref count unused for static list */
 					found = TRUE;
 					break;
 				}
@@ -526,12 +527,14 @@
 				LIST_FOREACH(mle, 
 				    &mac_label_element_list, mle_list) {
 					if (strcmp(name, mle->mle_name) == 0) {
+						mle->mle_refs++;
 						found = TRUE;
 						break;
 					}
 				}
 			if (!found) {
 				strcpy(new_mles[midx]->mle_name, name);
+				new_mles[midx]->mle_refs = 1;
 				LIST_INSERT_HEAD(list, new_mles[midx], 
 				    mle_list);
 				midx++;
@@ -556,10 +559,8 @@
 mac_policy_removefrom_labellist(struct mac_policy_conf *mpc)
 {
 	struct mac_label_element *mle;
-	struct mac_policy_conf *lmpc;
-	const char *name, *name2;
-	u_int idx, idx2;
-	int found;
+	const char *name;
+	u_int idx;
 
 	if (mpc->mpc_labelnames == NULL)
 		return;
@@ -567,7 +568,8 @@
 	if (mpc->mpc_labelname_count == 0)
 		return;
 
-	/* Check each label namespace managed by the policy and remove
+	/*
+	 * Check each label namespace managed by the policy and remove
 	 * it from the non-static list only if no other policy is interested
 	 * in that label namespace.
 	 */
@@ -575,33 +577,15 @@
 		mac_policy_grab_exclusive();
 	for (idx = 0; idx < mpc->mpc_labelname_count; idx++) {
 		name = mpc->mpc_labelnames[idx];
-		found = FALSE;
-		LIST_FOREACH(lmpc, &mac_static_policy_list, mpc_list)
-			for (idx2 = 0; idx2 < lmpc->mpc_labelname_count; 
-			    idx2++) {
-				name2 = lmpc->mpc_labelnames[idx2];
-				if (strcmp(name, name2) == 0) {
-					found = TRUE;
-					break;
-				}
-			}
-		if (!found)	/* No 'static' policy manages the namespace */
-			LIST_FOREACH(lmpc, &mac_policy_list, mpc_list)
-				for (idx2 = 0; idx2 < lmpc->mpc_labelname_count;
-				    idx2++) {
-					name2 = lmpc->mpc_labelnames[idx2];
-					if (strcmp(name, name2) == 0) {
-						found = TRUE;
-						break;
-					}
-				}
-
-		if (!found) 	/* No policy manages this namespace */
-			LIST_FOREACH(mle, &mac_label_element_list, mle_list)
-				if (strcmp(name, mle->mle_name) == 0) {
+		LIST_FOREACH(mle, &mac_label_element_list, mle_list) {
+			if (strcmp(name, mle->mle_name) == 0) {
+				if (--mle->mle_refs == 0) {
 					LIST_REMOVE(mle, mle_list);
 					FREE(mle, M_MACTEMP);
 				}
+				break;
+			}
+		}
 	}
 	if (mac_late)
 		mac_policy_release_exclusive();

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_internal.h#3 (text+ko) ====

@@ -80,6 +80,7 @@
  * Type of list used to manage label namespace names.
  */   
 struct mac_label_element {
+	int				mle_refs;
 	char				mle_name[MAC_MAX_LABEL_ELEMENT_NAME];
 	LIST_ENTRY(mac_label_element)	mle_list;
 };

More information about the trustedbsd-cvs mailing list