mac_syscalls.c (122159) | mac_syscalls.c (122454) |
---|---|
1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001 Ilmar S. Habibulin 4 * Copyright (c) 2001, 2002, 2003 Networks Associates Technology, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson and Ilmar Habibulin for the 8 * TrustedBSD Project. --- 20 unchanged lines hidden (view full) --- 29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * SUCH DAMAGE. 35 */ 36 | 1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001 Ilmar S. Habibulin 4 * Copyright (c) 2001, 2002, 2003 Networks Associates Technology, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson and Ilmar Habibulin for the 8 * TrustedBSD Project. --- 20 unchanged lines hidden (view full) --- 29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * SUCH DAMAGE. 35 */ 36 |
37/* 38 * Framework for extensible kernel access control. Kernel and userland 39 * interface to the framework, policy registration and composition. | 37/*- 38 * Framework for extensible kernel access control. This file contains 39 * Kernel and userland interface to the framework, policy registration 40 * and composition. Per-object interfaces, controls, and labeling may be 41 * found in src/sys/mac/. Sample policies may be found in src/sys/mac*. |
40 */ 41 42#include <sys/cdefs.h> | 42 */ 43 44#include <sys/cdefs.h> |
43__FBSDID("$FreeBSD: head/sys/security/mac/mac_syscalls.c 122159 2003-11-06 03:42:43Z rwatson $"); | 45__FBSDID("$FreeBSD: head/sys/security/mac/mac_syscalls.c 122454 2003-11-11 03:40:04Z rwatson $"); |
44 45#include "opt_mac.h" 46#include "opt_devfs.h" 47 48#include <sys/param.h> 49#include <sys/condvar.h> 50#include <sys/extattr.h> 51#include <sys/imgact.h> --- 125 unchanged lines hidden (view full) --- 177 * any locks (other than potentially Giant) since we may sleep for 178 * long (potentially indefinite) periods of time waiting for the 179 * framework to become quiescent so that a policy list change may 180 * be made. 181 */ 182void 183mac_policy_grab_exclusive(void) 184{ | 46 47#include "opt_mac.h" 48#include "opt_devfs.h" 49 50#include <sys/param.h> 51#include <sys/condvar.h> 52#include <sys/extattr.h> 53#include <sys/imgact.h> --- 125 unchanged lines hidden (view full) --- 179 * any locks (other than potentially Giant) since we may sleep for 180 * long (potentially indefinite) periods of time waiting for the 181 * framework to become quiescent so that a policy list change may 182 * be made. 183 */ 184void 185mac_policy_grab_exclusive(void) 186{ |
187 |
|
185 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 186 "mac_policy_grab_exclusive() at %s:%d", __FILE__, __LINE__); 187 mtx_lock(&mac_policy_mtx); 188 while (mac_policy_count != 0) 189 cv_wait(&mac_policy_cv, &mac_policy_mtx); 190} 191 192void 193mac_policy_assert_exclusive(void) 194{ | 188 WITNESS_WARN(WARN_GIANTOK | WARN_SLEEPOK, NULL, 189 "mac_policy_grab_exclusive() at %s:%d", __FILE__, __LINE__); 190 mtx_lock(&mac_policy_mtx); 191 while (mac_policy_count != 0) 192 cv_wait(&mac_policy_cv, &mac_policy_mtx); 193} 194 195void 196mac_policy_assert_exclusive(void) 197{ |
198 |
|
195 mtx_assert(&mac_policy_mtx, MA_OWNED); 196 KASSERT(mac_policy_count == 0, 197 ("mac_policy_assert_exclusive(): not exclusive")); 198} 199 200void 201mac_policy_release_exclusive(void) 202{ 203 204 KASSERT(mac_policy_count == 0, 205 ("mac_policy_release_exclusive(): not exclusive")); 206 mtx_unlock(&mac_policy_mtx); 207 cv_signal(&mac_policy_cv); 208} 209 210void 211mac_policy_list_busy(void) 212{ | 199 mtx_assert(&mac_policy_mtx, MA_OWNED); 200 KASSERT(mac_policy_count == 0, 201 ("mac_policy_assert_exclusive(): not exclusive")); 202} 203 204void 205mac_policy_release_exclusive(void) 206{ 207 208 KASSERT(mac_policy_count == 0, 209 ("mac_policy_release_exclusive(): not exclusive")); 210 mtx_unlock(&mac_policy_mtx); 211 cv_signal(&mac_policy_cv); 212} 213 214void 215mac_policy_list_busy(void) 216{ |
217 |
|
213 mtx_lock(&mac_policy_mtx); 214 mac_policy_count++; 215 mtx_unlock(&mac_policy_mtx); 216} 217 218int 219mac_policy_list_conditional_busy(void) 220{ --- 7 unchanged lines hidden (view full) --- 228 ret = 0; 229 mtx_unlock(&mac_policy_mtx); 230 return (ret); 231} 232 233void 234mac_policy_list_unbusy(void) 235{ | 218 mtx_lock(&mac_policy_mtx); 219 mac_policy_count++; 220 mtx_unlock(&mac_policy_mtx); 221} 222 223int 224mac_policy_list_conditional_busy(void) 225{ --- 7 unchanged lines hidden (view full) --- 233 ret = 0; 234 mtx_unlock(&mac_policy_mtx); 235 return (ret); 236} 237 238void 239mac_policy_list_unbusy(void) 240{ |
241 |
|
236 mtx_lock(&mac_policy_mtx); 237 mac_policy_count--; 238 KASSERT(mac_policy_count >= 0, ("MAC_POLICY_LIST_LOCK")); 239 if (mac_policy_count == 0) 240 cv_signal(&mac_policy_cv); 241 mtx_unlock(&mac_policy_mtx); 242} 243 --- 957 unchanged lines hidden --- | 242 mtx_lock(&mac_policy_mtx); 243 mac_policy_count--; 244 KASSERT(mac_policy_count >= 0, ("MAC_POLICY_LIST_LOCK")); 245 if (mac_policy_count == 0) 246 cv_signal(&mac_policy_cv); 247 mtx_unlock(&mac_policy_mtx); 248} 249 --- 957 unchanged lines hidden --- |