PERFORCE change 113350 for review

Mon Jan 22 16:09:05 UTC 2007

http://perforce.freebsd.org/chv.cgi?CH=113350

Change 113350 by millert at millert_macbook on 2007/01/22 16:08:06

	No longer delay avc logging via printf() until the thread
	exits.  It no longer seems to be required.

Affected files ...

.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/avc/avc_audit.c#5 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/linux-compat.h#6 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#70 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/avc/avc_audit.c#5 (text+ko) ====

@@ -43,76 +43,34 @@
 
 /*
  * Emulate Linux audit API.
- * In the future we may wish to use the BSM audit support instead.
+ * In the future we may wish to use the BSD audit support instead.
  */
 
+lck_spin_t *avc_log_lock;
+
 struct audit_buffer {
 	struct sbuf sbuf;
 	char buf[1024];
 };
-
-#define AUDIT_SLOT_MAX	256
-static SInt32 nslots;
-struct audit_buffer *audit_slots[AUDIT_SLOT_MAX];
-
-lck_spin_t *avc_log_lock;
+static struct audit_buffer audit_buf;
 
 struct audit_buffer *
 audit_log_start(void)
 {
-	struct audit_buffer *ab;
 
-	ab = sebsd_malloc(sizeof(*ab), M_SEBSD, M_NOWAIT);
-	if (ab != NULL)
-		sbuf_new(&ab->sbuf, ab->buf, sizeof(ab->buf), SBUF_FIXEDLEN);
-
-	return (ab);
+	lck_spin_lock(avc_log_lock);
+	sbuf_new(&audit_buf.sbuf, audit_buf.buf, sizeof(audit_buf.buf),
+	    SBUF_FIXEDLEN);
+	return (&audit_buf);
 }
 
 void
 audit_log_end(struct audit_buffer *ab)
 {
-	int i;
-	UInt32 oldval;
 
 	sbuf_finish(&ab->sbuf);
-
-	/*
-	 * Find and claim an audit slot (assumes 32bit pointers).
-	 */
-	for (i = 0; i < AUDIT_SLOT_MAX; i++) {
-		oldval = (UInt32)audit_slots[i];
-		if (oldval == 0 && OSCompareAndSwap(oldval, (UInt32)ab,
-		    (UInt32 *)&audit_slots[i])) {
-			OSIncrementAtomic(&nslots);
-			return;
-		}
-	}
-	/* No free slots, drop record. */
-	sebsd_free(ab, M_SEBSD);
-}
-
-void
-audit_log_process(void)
-{
-	struct audit_buffer *ab;
-	int i;
-
-	/*
-	 * Print and free all existing (finished) audit records.
-	 */
-	lck_spin_lock(avc_log_lock);
-	for (i = 0; nslots != 0 && i < AUDIT_SLOT_MAX; i++) {
-		ab = audit_slots[i];
-		if (ab != NULL) {
-			if (OSCompareAndSwap((UInt32)ab, 0,
-			    (UInt32 *)&audit_slots[i])) {
-				OSDecrementAtomic(&nslots);
-				printf("\n%s\n", sbuf_data(&ab->sbuf));
-				sebsd_free(ab, M_SEBSD);
-			}
-		}
-	}
+	printf("\n%s\n", sbuf_data(&ab->sbuf));
+	sbuf_delete(&ab->sbuf);	/* XXX - not really needed */
 	lck_spin_unlock(avc_log_lock);
 }
 

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/linux-compat.h#6 (text+ko) ====

@@ -142,7 +142,6 @@
 void audit_log_end(struct audit_buffer *);
 void audit_log_format(struct audit_buffer *, const char *, ...);   
 void audit_log_untrustedstring(struct audit_buffer *, const char *);
-void audit_log_process(void);
 #define audit_log(ac, mf, af, ...)	sebsd_log(__VA_ARGS__)
 
 /* we don't enable the selinux netlbl support */

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#70 (text+ko) ====

@@ -3530,14 +3530,6 @@
 	return (ipc_has_perm(cred, pshmlabel, SHM__DESTROY));
 }
 
-static void
-sebsd_thread_userret(int code, int error, struct thread *thread)
-{
-
-	/* Process any pending audit log records at syscall exit. */
-	audit_log_process();
-}
-
 static struct mac_policy_ops sebsd_ops = {
 	.mpo_bpfdesc_label_associate = sebsd_bpfdesc_label_associate,
 	.mpo_bpfdesc_label_destroy = sebsd_label_destroy,
@@ -3749,7 +3741,6 @@
 	.mpo_task_label_init = sebsd_label_init,
 	.mpo_task_label_internalize = sebsd_label_internalize,
 	.mpo_task_label_update = sebsd_task_label_update,
-	.mpo_thread_userret = sebsd_thread_userret,
 	.mpo_vnode_check_access = sebsd_vnode_check_access,
 	.mpo_vnode_check_chdir = sebsd_vnode_check_chdir,
 	.mpo_vnode_check_chroot = sebsd_vnode_check_chroot,
