PERFORCE change 125828 for review

Wed Aug 29 13:35:21 PDT 2007

http://perforce.freebsd.org/chv.cgi?CH=125828

Change 125828 by rwatson at rwatson_zoo on 2007/08/29 20:34:59

	Fix issues in recent integration by adapting branch-local code to new
	world order from CVS.

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/i386/i386/trap.c#52 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac/mac_policy.h#5 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#155 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/i386/i386/trap.c#52 (text+ko) ====

@@ -64,7 +64,6 @@
 #include <sys/kernel.h>
 #include <sys/ktr.h>
 #include <sys/lock.h>
-#include <sys/mac.h>
 #include <sys/mutex.h>
 #include <sys/resourcevar.h>
 #include <sys/signalvar.h>
@@ -80,6 +79,7 @@
 #include <sys/pmckern.h>
 #endif
 #include <security/audit/audit.h>
+#include <security/mac/mac_framework.h>
 
 #include <vm/vm.h>
 #include <vm/vm_param.h>

==== //depot/projects/trustedbsd/mac/sys/security/mac/mac_policy.h#5 (text+ko) ====

@@ -323,6 +323,9 @@
 		    struct label *ifplabel, struct label *newlabel);
 typedef void	(*mpo_update_ipq_t)(struct mbuf *m, struct label *mlabel,
 		    struct ipq *ipq, struct label *ipqlabel);
+typedef int	(*mpo_update_mbuf_from_cipso_t)(struct mbuf *m,
+		    struct label *mlabel, struct ifnet *ifp,
+		    struct label *ifplabel, char *cp, int *code);
 typedef void	(*mpo_inpcb_sosetlabel_t)(struct socket *so,
 		    struct label *label, struct inpcb *inp,
 		    struct label *inplabel);
@@ -757,6 +760,7 @@
 	mpo_reflect_mbuf_tcp_t			mpo_reflect_mbuf_tcp;
 	mpo_relabel_ifnet_t			mpo_relabel_ifnet;
 	mpo_update_ipq_t			mpo_update_ipq;
+	mpo_update_mbuf_from_cipso_t		mpo_update_mbuf_from_cipso;
 	mpo_inpcb_sosetlabel_t			mpo_inpcb_sosetlabel;
 
 	/*

==== //depot/projects/trustedbsd/mac/sys/security/mac_test/mac_test.c#155 (text+ko) ====

@@ -1068,11 +1068,11 @@
 COUNTER_DECL(update_mbuf_from_cipso);
 static int
 mac_test_update_mbuf_from_cipso(struct mbuf *m, struct label *mlabel,
-    struct ifnet *ifnet, struct label *ifnetlabel, char *cp, int *code)
+    struct ifnet *ifp, struct label *ifplabel, char *cp, int *code)
 {
 
-	ASSERT_MBUF_LABEL(mlabel);
-	ASSERT_IFNET_LABEL(ifnetlabel);
+	LABEL_CHECK(mlabel, MAGIC_MBUF);
+	LABEL_CHECK(ifplabel, MAGIC_IFNET);
 
 	return (0);
 }
@@ -1152,15 +1152,23 @@
 }
 
 COUNTER_DECL(thread_userret);
+static void
+mac_test_thread_userret(struct thread *td)
+{
+
+	COUNTER_INC(thread_userret);
+}
+
+COUNTER_DECL(thread_userret_sysctl);
 static int
 sysctl_mac_test_thread_userret(SYSCTL_HANDLER_ARGS)
 {
 
-	COUNTER_INC(thread_userret);
-	mtx_lock_spin(&sched_lock);
+	COUNTER_INC(thread_userret_sysctl);
+	thread_lock(curthread);
 	curthread->td_flags |= TDF_ASTPENDING;
 	curthread->td_proc->p_sflag |= PS_MACPEND;
-	mtx_unlock_spin(&sched_lock);
+	thread_unlock(curthread);
 	return (sysctl_handle_int(oidp, NULL, curthread->td_proc->p_pid,
 	    req));
 }
