1/*-
2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson
3 * Copyright (c) 2001 Ilmar S. Habibulin
4 * Copyright (c) 2001, 2002, 2003 Networks Associates Technology, Inc.
5 * All rights reserved.
6 *
7 * This software was developed by Robert Watson and Ilmar Habibulin for the
8 * TrustedBSD Project.
--- 20 unchanged lines hidden (view full) ---
29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 * SUCH DAMAGE.
35 */
36
37/*
38 * Framework for extensible kernel access control. Kernel and userland
39 * interface to the framework, policy registration and composition.
40 */
41
42#include <sys/cdefs.h>
43__FBSDID("$FreeBSD: head/sys/security/mac/mac_syscalls.c 122159 2003-11-06 03:42:43Z rwatson $");
44
45#include "opt_mac.h"
46#include "opt_devfs.h"
47
48#include <sys/param.h>
49#include <sys/condvar.h>
50#include <sys/extattr.h>
51#include <sys/imgact.h>
--- 125 unchanged lines hidden (view full) ---
177 * any locks (other than potentially Giant) since we may sleep for
178 * long (potentially indefinite) periods of time waiting for the
179 * framework to become quiescent so that a policy list change may
180 * be made.
181 */
182void
183mac_policy_grab_exclusive(void)
184{
185 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
186 "mac_policy_grab_exclusive() at %s:%d", __FILE__, __LINE__);
187 mtx_lock(&mac_policy_mtx);
188 while (mac_policy_count != 0)
189 cv_wait(&mac_policy_cv, &mac_policy_mtx);
190}
191
192void
193mac_policy_assert_exclusive(void)
194{
195 mtx_assert(&mac_policy_mtx, MA_OWNED);
196 KASSERT(mac_policy_count == 0,
197 ("mac_policy_assert_exclusive(): not exclusive"));
198}
199
200void
201mac_policy_release_exclusive(void)
202{
203
204 KASSERT(mac_policy_count == 0,
205 ("mac_policy_release_exclusive(): not exclusive"));
206 mtx_unlock(&mac_policy_mtx);
207 cv_signal(&mac_policy_cv);
208}
209
210void
211mac_policy_list_busy(void)
212{
213 mtx_lock(&mac_policy_mtx);
214 mac_policy_count++;
215 mtx_unlock(&mac_policy_mtx);
216}
217
218int
219mac_policy_list_conditional_busy(void)
220{
--- 7 unchanged lines hidden (view full) ---
228 ret = 0;
229 mtx_unlock(&mac_policy_mtx);
230 return (ret);
231}
232
233void
234mac_policy_list_unbusy(void)
235{
236 mtx_lock(&mac_policy_mtx);
237 mac_policy_count--;
238 KASSERT(mac_policy_count >= 0, ("MAC_POLICY_LIST_LOCK"));
239 if (mac_policy_count == 0)
240 cv_signal(&mac_policy_cv);
241 mtx_unlock(&mac_policy_mtx);
242}
243
--- 957 unchanged lines hidden ---
2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson
3 * Copyright (c) 2001 Ilmar S. Habibulin
4 * Copyright (c) 2001, 2002, 2003 Networks Associates Technology, Inc.
5 * All rights reserved.
6 *
7 * This software was developed by Robert Watson and Ilmar Habibulin for the
8 * TrustedBSD Project.
--- 20 unchanged lines hidden (view full) ---
29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 * SUCH DAMAGE.
35 */
36
37/*
38 * Framework for extensible kernel access control. Kernel and userland
39 * interface to the framework, policy registration and composition.
40 */
41
42#include <sys/cdefs.h>
43__FBSDID("$FreeBSD: head/sys/security/mac/mac_syscalls.c 122159 2003-11-06 03:42:43Z rwatson $");
44
45#include "opt_mac.h"
46#include "opt_devfs.h"
47
48#include <sys/param.h>
49#include <sys/condvar.h>
50#include <sys/extattr.h>
51#include <sys/imgact.h>
--- 125 unchanged lines hidden (view full) ---
177 * any locks (other than potentially Giant) since we may sleep for
178 * long (potentially indefinite) periods of time waiting for the
179 * framework to become quiescent so that a policy list change may
180 * be made.
181 */
182void
183mac_policy_grab_exclusive(void)
184{
185 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL,
186 "mac_policy_grab_exclusive() at %s:%d", __FILE__, __LINE__);
187 mtx_lock(&mac_policy_mtx);
188 while (mac_policy_count != 0)
189 cv_wait(&mac_policy_cv, &mac_policy_mtx);
190}
191
192void
193mac_policy_assert_exclusive(void)
194{
195 mtx_assert(&mac_policy_mtx, MA_OWNED);
196 KASSERT(mac_policy_count == 0,
197 ("mac_policy_assert_exclusive(): not exclusive"));
198}
199
200void
201mac_policy_release_exclusive(void)
202{
203
204 KASSERT(mac_policy_count == 0,
205 ("mac_policy_release_exclusive(): not exclusive"));
206 mtx_unlock(&mac_policy_mtx);
207 cv_signal(&mac_policy_cv);
208}
209
210void
211mac_policy_list_busy(void)
212{
213 mtx_lock(&mac_policy_mtx);
214 mac_policy_count++;
215 mtx_unlock(&mac_policy_mtx);
216}
217
218int
219mac_policy_list_conditional_busy(void)
220{
--- 7 unchanged lines hidden (view full) ---
228 ret = 0;
229 mtx_unlock(&mac_policy_mtx);
230 return (ret);
231}
232
233void
234mac_policy_list_unbusy(void)
235{
236 mtx_lock(&mac_policy_mtx);
237 mac_policy_count--;
238 KASSERT(mac_policy_count >= 0, ("MAC_POLICY_LIST_LOCK"));
239 if (mac_policy_count == 0)
240 cv_signal(&mac_policy_cv);
241 mtx_unlock(&mac_policy_mtx);
242}
243
--- 957 unchanged lines hidden ---