1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001 Ilmar S. Habibulin 4 * Copyright (c) 2001, 2002, 2003 Networks Associates Technology, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson and Ilmar Habibulin for the 8 * TrustedBSD Project. --- 20 unchanged lines hidden (view full) --- 29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * SUCH DAMAGE. 35 */ 36 |
37/*- 38 * Framework for extensible kernel access control. This file contains 39 * Kernel and userland interface to the framework, policy registration 40 * and composition. Per-object interfaces, controls, and labeling may be 41 * found in src/sys/mac/. Sample policies may be found in src/sys/mac*. |
42 */ 43 44#include <sys/cdefs.h> |
45__FBSDID("$FreeBSD: head/sys/security/mac/mac_syscalls.c 122454 2003-11-11 03:40:04Z rwatson $"); |
46 47#include "opt_mac.h" 48#include "opt_devfs.h" 49 50#include <sys/param.h> 51#include <sys/condvar.h> 52#include <sys/extattr.h> 53#include <sys/imgact.h> --- 125 unchanged lines hidden (view full) --- 179 * any locks (other than potentially Giant) since we may sleep for 180 * long (potentially indefinite) periods of time waiting for the 181 * framework to become quiescent so that a policy list change may 182 * be made. 183 */ 184void 185mac_policy_grab_exclusive(void) 186{ |
187 |
188 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 189 "mac_policy_grab_exclusive() at %s:%d", __FILE__, __LINE__); 190 mtx_lock(&mac_policy_mtx); 191 while (mac_policy_count != 0) 192 cv_wait(&mac_policy_cv, &mac_policy_mtx); 193} 194 195void 196mac_policy_assert_exclusive(void) 197{ |
198 |
199 mtx_assert(&mac_policy_mtx, MA_OWNED); 200 KASSERT(mac_policy_count == 0, 201 ("mac_policy_assert_exclusive(): not exclusive")); 202} 203 204void 205mac_policy_release_exclusive(void) 206{ 207 208 KASSERT(mac_policy_count == 0, 209 ("mac_policy_release_exclusive(): not exclusive")); 210 mtx_unlock(&mac_policy_mtx); 211 cv_signal(&mac_policy_cv); 212} 213 214void 215mac_policy_list_busy(void) 216{ |
217 |
218 mtx_lock(&mac_policy_mtx); 219 mac_policy_count++; 220 mtx_unlock(&mac_policy_mtx); 221} 222 223int 224mac_policy_list_conditional_busy(void) 225{ --- 7 unchanged lines hidden (view full) --- 233 ret = 0; 234 mtx_unlock(&mac_policy_mtx); 235 return (ret); 236} 237 238void 239mac_policy_list_unbusy(void) 240{ |
241 |
242 mtx_lock(&mac_policy_mtx); 243 mac_policy_count--; 244 KASSERT(mac_policy_count >= 0, ("MAC_POLICY_LIST_LOCK")); 245 if (mac_policy_count == 0) 246 cv_signal(&mac_policy_cv); 247 mtx_unlock(&mac_policy_mtx); 248} 249 --- 957 unchanged lines hidden --- |