PERFORCE change 129083 for review

[Zhouyi ZHOU]

http://perforce.freebsd.org/chv.cgi?CH=129083

Change 129083 by zhouzhouyi at zhouzhouyi_mactest on 2007/11/15 11:46:10

	Modify the code style according to style(9), and modify the error handling style to make
	the code more mature

Affected files ...

.. //depot/projects/soc2007/zhouzhouyi_mactest_soc/sys/security/mac_test/mac_test.c#12 edit
.. //depot/projects/soc2007/zhouzhouyi_mactest_soc/sys/security/mac_test/mac_test_if.c#4 edit
.. //depot/projects/soc2007/zhouzhouyi_mactest_soc/sys/security/mac_test/mac_test_log.c#6 edit
.. //depot/projects/soc2007/zhouzhouyi_mactest_soc/sys/security/mac_test/mac_test_private.h#7 edit

Differences ...

==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/sys/security/mac_test/mac_test.c#12 (text+ko) ====

@@ -82,6 +82,9 @@
 SYSCTL_NODE(_security_mac, OID_AUTO, test, CTLFLAG_RW, 0,
     "TrustedBSD mac_test policy controls");
 
+SYSCTL_PROC(_security_mac_test, OID_AUTO, pseudoinit, CTLTYPE_INT | CTLFLAG_RW, 0, 0,
+     mac_test_init_if, "I", "set to setup the pseudo interfaces for MAC test");
+
 #define	MAGIC_BPF	0xfe1ad1b6
 #define	MAGIC_DEVFS	0x9ee79c32
 #define	MAGIC_IFNET	0xc218b120
@@ -2725,9 +2728,15 @@
 {
 
 	LOG_DECL
-	LABEL_CHECK(cred->cr_label, MAGIC_CRED);
-	LABEL_CHECK(vplabel, MAGIC_VNODE);
-	COUNTER_INC(vnode_check_setextattr);
+	if (attrnamespace == EXTATTR_NAMESPACE_SYSTEM && !strcmp(name, "mac_test")
+		&& uio->uio_iov->iov_len && !strncmp(uio->uio_iov->iov_base, "mac_test", 8))
+		 LABEL_INIT(vplabel, MAGIC_MACTESTLOG);
+	else {
+		LABEL_CHECK(cred->cr_label, MAGIC_CRED);
+		LABEL_CHECK(vplabel, MAGIC_VNODE);
+		COUNTER_INC(vnode_check_setextattr);
+	}
+	
 
 	return (0);
 }

==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/sys/security/mac_test/mac_test_if.c#4 (text+ko) ====

@@ -28,8 +28,7 @@
 
 /*
  * Developed by the TrustedBSD Project.
- * Generic mandatory access module that does nothing.
- * Generate a pair of pseudo ethernet nodes
+ * Generate a pair of pseudo ethernet nodes for test
  */
 
 /*
@@ -79,6 +78,7 @@
 #include <netinet/ip_var.h>
 #include <machine/in_cksum.h>
 #include "mac_test_private.h"
+
 #ifdef KDB
 #define	DEBUGGER(x)	kdb_enter(x)
 #else
@@ -101,7 +101,7 @@
 		ifp0->if_input(ifp0, mbuf);
 	}
 }
-
+		
 static void 	
 pseudoread1 (void *arg)
 {
@@ -135,17 +135,13 @@
 		IFQ_DRV_DEQUEUE(&ifp->if_snd, mbuf);
 		if (mbuf == NULL)
 			break;
-/*		mbuf = m_defrag(m, M_DONTWAIT);
-		if (mbuf == NULL){
-			m_freem(m);
-			return;
-		}*/
+
 		eh = mtod(mbuf, struct ether_header *);
-	/*      (void)memcpy(eaddrdst, eh->ether_dhost, sizeof(eaddrdst));
-       	        (void)memcpy(eaddrsrc, eh->ether_shost, sizeof(eaddrsrc));*/
+
 		ether_type = ntohs(eh->ether_type);
 		ether_typesave = eh->ether_type;
 		m_adj(mbuf, ETHER_HDR_LEN);	
+
 		switch (ether_type) {
 			case ETHERTYPE_IP:
 				ip = mtod(mbuf, struct ip *);

==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/sys/security/mac_test/mac_test_log.c#6 (text+ko) ====

@@ -60,10 +60,8 @@
 #include <sys/queue.h>
 #include <sys/systm.h>
 #include <sys/kthread.h>
-
+#include <security/mac_test/mac_test_private.h>
 
-#include <security/mac_test/mac_test_private.h>
-#define MAC_TEST_LOG_FILENAME "mactest"
 char *elements="?biba,?lomac,?mls,?sebsd";
 
 static struct cdev *mac_test_log_dev;
@@ -83,6 +81,8 @@
 
 static TAILQ_HEAD(, mac_test_log_entry)	 mac_test_log_list;
 
+static struct proc *mac_test_thread;
+
 static struct vnode *logvnode = 0;
 
 
@@ -95,7 +95,9 @@
 	int flags, vfslocked;
 	struct mount *mp;
 	struct vattr vat;
-
+	struct uio auio;						
+	struct iovec aiov;						
+	
 	/* Only one process may open the device at a time. */
 	mtx_lock(&mac_test_log_mtx);
 	if (!mac_test_log_isopen) {
@@ -105,32 +107,57 @@
 		error = EBUSY;
 	mtx_unlock(&mac_test_log_mtx);
 
+	if (error)
+		goto out;
+
+/* copy from kern/vfs_extattr.c */
 	NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | MPSAFE, UIO_SYSSPACE,
 					"/var/log/mactest", curthread);
 	flags = O_CREAT|O_TRUNC|FWRITE;
 	error = vn_open(&nd, &flags, S_IRUSR| S_IWUSR, NULL);
 
+	if (error)
+		goto out;
+
 	vfslocked = NDHASGIANT(&nd);
 
 	logvnode = nd.ni_vp;
 	VOP_UNLOCK(logvnode, 0, curthread);
 
-	/*truncate it to zero*/
-	vn_start_write(logvnode, &mp, V_WAIT | PCATCH);
+
+	if ((error = vn_start_write(logvnode, &mp, V_WAIT)))
+		goto bad;
+
 	VOP_LEASE(logvnode, curthread, curthread->td_ucred, LEASE_WRITE);
 	VATTR_NULL(&vat);
 	vat.va_size = 0;
 	vn_lock(logvnode, LK_EXCLUSIVE | LK_RETRY, curthread);
-	VOP_SETATTR(logvnode, &vat, curthread->td_ucred, curthread);
+	/*do truncate */
+	error = VOP_SETATTR(logvnode, &vat, curthread->td_ucred, curthread);
+
+
+	/*set the external attribute */
+	aiov.iov_base = "mac_test";						
+	aiov.iov_len = strlen("mac_test");						
+	auio.uio_iov = &aiov;						
+	auio.uio_iovcnt = 1;						
+	auio.uio_offset = 0;						
+	auio.uio_resid = strlen("mac_test");					
+	auio.uio_rw = UIO_WRITE;					
+	auio.uio_segflg = UIO_SYSSPACE;				
+	auio.uio_td = curthread;						
+						
+	mac_vnode_check_setextattr(curthread->td_ucred, logvnode, 
+		EXTATTR_NAMESPACE_SYSTEM, "mac_test", &auio);					
+	error = VOP_SETEXTATTR(logvnode, EXTATTR_NAMESPACE_SYSTEM, 
+		"mac_test", &auio, curthread->td_ucred, curthread);						
 	VOP_UNLOCK(logvnode, 0, curthread);
 	vn_finished_write(mp);
 
-   	extattr_set_vp1(logvnode, EXTATTR_NAMESPACE_SYSTEM, "mac_test",
-		"mac_test", strlen("mac_test"), curthread);
-
+bad:
 	NDFREE(&nd, NDF_ONLY_PNBUF);
-	VFS_UNLOCK_GIANT(vfslocked);
-
+	VFS_UNLOCK_GIANT(vfslocked);	
+out:
 	return (error);
 }
 
@@ -148,9 +175,9 @@
                         continue;
 	}
 	mtx_unlock(&mac_test_wait_close);
-	vn_close(logvnode, O_CREAT|O_TRUNC|FWRITE, curthread->td_ucred,
+	return vn_close(logvnode, O_CREAT|O_TRUNC|FWRITE, curthread->td_ucred,
                              curthread);
-	return (0);
+
 }
 
 static int
@@ -176,9 +203,18 @@
 	if (!mac_test_can_log)
 		return;
 
+	
+	mte = malloc(sizeof(*mte), M_MAC_TEST_LOG, M_NOWAIT | M_ZERO);
+	if (NULL == mte) {
+		return;
+	}
 
-	mte = malloc(sizeof(*mte), M_MAC_TEST_LOG, M_NOWAIT | M_ZERO);
 	mte->mte_record = malloc(record_len, M_MAC_TEST_LOG, M_NOWAIT);
+	if (NULL == mte->mte_record) {
+		free(mte, M_MAC_TEST_LOG);
+		return;
+	}	
+
 	bcopy(record, mte->mte_record, record_len);
 	mte->mte_record_len = record_len;
 	mtx_lock(&mac_test_submit_mtx);
@@ -225,7 +261,6 @@
 	}
 }
 
-static struct proc              *mac_test_thread;
 static void
 mac_test_log_cdev_init(void *unused)
 {

==== //depot/projects/soc2007/zhouzhouyi_mactest_soc/sys/security/mac_test/mac_test_private.h#7 (text+ko) ====

@@ -39,8 +39,11 @@
 #include <security/mac/mac_internal.h>
 #include <security/mac/mac_framework.h>
 
+#define MAC_TEST_LOG_FILENAME "mactest"
+
 void
 mac_test_log_submit(void *record, u_int record_len);
+
 int
 mac_test_init_if(SYSCTL_HANDLER_ARGS);
 
@@ -61,276 +64,5 @@
 
 static MALLOC_DEFINE(M_MAC_TEST_LOG, "mac_test_log", "mac test logs");
 
-#define MAC_TEST_LOG_SUBMIT_WITHPID(string,length) do {			\
-	char *buffer;							\
-	char *charpoint;						\
-	struct thread *td = curthread;					\
-	buffer = malloc(1024, M_MAC_TEST_LOG, M_NOWAIT);		\
-	if (!buffer)							\
-		goto exit6;						\
-	sprintf(buffer,"pid = %d ", td->td_proc->p_pid);		\
-	charpoint = buffer + strlen(buffer);				\
-	strcpy(charpoint, string);					\
-	charpoint += strlen(charpoint);					
-
-
-#define MAC_TEST_LOG_DO_SUBMIT						\
-	mac_test_log_submit(buffer, strlen(buffer));			\
-	free(buffer, M_MAC_TEST_LOG);					\
-exit6:									\
-	;								\
-}while(0)
-
-#define MAC_TEST_LOG_SUBMIT_LABEL(type,label) {				\
-	int error;							\
-	int strleng = 0;						\
-	char *buffer1;							\
-	char *elements1 = malloc(256, M_MAC_TEST_LOG, M_NOWAIT);	\
-	if (!elements1)							\
-		goto exit1;						\
-	strcpy(elements1, elements);					\
-	buffer1 = malloc(256, M_MAC_TEST_LOG, M_NOWAIT);		\
-	if (!buffer1)							\
-		goto exit;						\
-	if (!label)							\
-		strcpy(buffer1,"NULL");					\
-	else								\
-	        MAC_EXTERNALIZE(type,label, elements1, buffer1, 256);	\
-	strleng = strlen(buffer1);					\
-	*(buffer1 + strleng) = '\n';					\
-	*(buffer1 + strleng + 1) = 0;					\
-	strcpy(charpoint, buffer1);					\
-	mac_test_log_submit(buffer, strlen(buffer));			\
-        free(buffer1, M_MAC_TEST_LOG);                                  \
-exit:									\
-	free(elements1, M_MAC_TEST_LOG);				\
-exit1:									\
-	free(buffer, M_MAC_TEST_LOG);					\
-exit6:									\
-	;/*extra ; to avoid label at the end of compound statement*/	\
-}}while(0)
-
-#define MAC_TEST_LOG_SUBMIT_LABEL2(type,label,type1,label1)  {      	\
-	int error;							\
-	char *buffer1;							\
-	int strleng = 0;						\
-	char *elements1 = malloc(256, M_MAC_TEST_LOG, M_NOWAIT);	\
-	if (!elements1)							\
-		goto exit3;						\
-	strcpy(elements1, elements);					\
-	buffer1 = malloc(256, M_MAC_TEST_LOG, M_NOWAIT);		\
-	if (!buffer1)							\
-		goto exit2;						\
-	if (!label)							\
-		strcpy(buffer1,"NULL");					\
-	else								\
-	        MAC_EXTERNALIZE(type,label, elements1, buffer1, 256);	\
-	sprintf(charpoint, "%s ", buffer1);				\
-	charpoint += strlen(charpoint);					\
-	strcpy(elements1, elements);					\
-	if (!label1)							\
-		strcpy(buffer1,"NULL");					\
-	else								\
-	        MAC_EXTERNALIZE(type1,label1, elements1, buffer1, 256);	\
-	strleng = strlen(buffer1);					\
-	*(buffer1 + strleng) = '\n';					\
-	*(buffer1 + strleng + 1) = 0;					\
-	strcpy(charpoint, buffer1);					\
-	mac_test_log_submit(buffer, strlen(buffer));			\
-	free(buffer1, M_MAC_TEST_LOG);					\
-exit2:									\
-	free(elements1, M_MAC_TEST_LOG);				\
-exit3:									\
-	free(buffer, M_MAC_TEST_LOG);					\
-exit6:									\
-	;/*extra ; to avoid label at the end of compound statement*/	\
-}}while(0)
-
-#define MAC_TEST_LOG_SUBMIT_LABEL3(type,label,type1,label1,type2,label2)  {      	\
-	int error;							\
-	int strleng = 0;						\
-	char *buffer1;							\
-	char *elements1 = malloc(256, M_MAC_TEST_LOG, M_NOWAIT);	\
-	if (!elements1)							\
-		goto exit5;						\
-	strcpy(elements1, elements);					\
-	buffer1 = malloc(256, M_MAC_TEST_LOG, M_NOWAIT);		\
-	if (!buffer1)							\
-		goto exit4;						\
-	if (!label)							\
-		strcpy(buffer1,"NULL");					\
-	else								\
-	        MAC_EXTERNALIZE(type,label, elements1, buffer1, 256);	\
-	sprintf(charpoint, "%s ", buffer1);				\
-	charpoint += strlen(charpoint);					\
-	strcpy(elements1, elements);					\
-	if (!label1)							\
-		strcpy(buffer1,"NULL");					\
-	else								\
-	        MAC_EXTERNALIZE(type1,label1, elements1, buffer1, 256);	\
-	sprintf(charpoint, "%s ", buffer1);				\
-	charpoint += strlen(charpoint);					\
-	strcpy(elements1, elements);					\
-	if (!label2)							\
-		strcpy(buffer1,"NULL");					\
-	else								\
-	        MAC_EXTERNALIZE(type2,label2, elements1, buffer1, 256);	\
-	strleng = strlen(buffer1);					\
-	*(buffer1 + strleng) = '\n';					\
-	*(buffer1 + strleng + 1) = 0;					\
-	strcpy(charpoint, buffer1);					\
-	mac_test_log_submit(buffer, strlen(buffer));			\
-	free(buffer1, M_MAC_TEST_LOG);					\
-exit4:									\
-	free(elements1, M_MAC_TEST_LOG);				\
-exit5:									\
-	free(buffer, M_MAC_TEST_LOG);					\
-exit6:									\
-	;/*extra ; to avoid label at the end of compound statement*/	\
-}}while(0)
-
-
-#define MAC_TEST_LOG_SUBMIT_LABEL4(type,label,type1,label1,type2,label2,\
-	type3,label3)							\
-	 {							      	\
-	int error;							\
-	int strleng = 0;						\
-	char *buffer1;							\
-	char *elements1 = malloc(256, M_MAC_TEST_LOG, M_NOWAIT);	\
-	if (!elements1)							\
-		goto exit8;						\
-	strcpy(elements1, elements);					\
-	buffer1 = malloc(256, M_MAC_TEST_LOG, M_NOWAIT);		\
-	if (!buffer1)							\
-		goto exit7;						\
-	if (!label)							\
-		strcpy(buffer1,"NULL");					\
-	else								\
-	        MAC_EXTERNALIZE(type,label, elements1, buffer1, 256);	\
-	sprintf(charpoint, "%s ", buffer1);				\
-	charpoint += strlen(charpoint);					\
-	strcpy(elements1, elements);					\
-	if (!label1)							\
-		strcpy(buffer1,"NULL");					\
-	else								\
-	        MAC_EXTERNALIZE(type1,label1, elements1, buffer1, 256);	\
-	sprintf(charpoint, "%s ", buffer1);				\
-	charpoint += strlen(charpoint);					\
-	strcpy(elements1, elements);					\
-	if (!label2)							\
-		strcpy(buffer1,"NULL");					\
-	else								\
-	        MAC_EXTERNALIZE(type2,label2, elements1, buffer1, 256);	\
-	sprintf(charpoint, "%s ", buffer1);				\
-	charpoint += strlen(charpoint);					\
-	strcpy(elements1, elements);					\
-	if (!label3)							\
-		strcpy(buffer1,"NULL");					\
-	else								\
-	        MAC_EXTERNALIZE(type3,label3, elements1, buffer1, 256);	\
-	strleng = strlen(buffer1);					\
-	*(buffer1 + strleng) = '\n';					\
-	*(buffer1 + strleng + 1) = 0;					\
-	strcpy(charpoint, buffer1);					\
-	mac_test_log_submit(buffer, strlen(buffer));			\
-	free(buffer1, M_MAC_TEST_LOG);					\
-exit7:									\
-	free(elements1, M_MAC_TEST_LOG);				\
-exit8:									\
-	free(buffer, M_MAC_TEST_LOG);					\
-exit6:									\
-	;/*extra ; to avoid label at the end of compound statement*/	\
-}}while(0)
-
-
-#define MAC_TEST_LOG_SUBMIT_LABEL5(type,label,type1,label1,type2,label2,\
-	type3,label3, type4, label4)					\
-	 {							      	\
-	int error;							\
-	int strleng = 0;						\
-	char *buffer1;							\
-	char *elements1 = malloc(256, M_MAC_TEST_LOG, M_NOWAIT);	\
-	if (!elements1)							\
-		goto exit10;						\
-	strcpy(elements1, elements);					\
-	buffer1 = malloc(256, M_MAC_TEST_LOG, M_NOWAIT);		\
-	if (!buffer1)							\
-		goto exit9;						\
-	if (!label)							\
-		strcpy(buffer1,"NULL");					\
-	else								\
-	        MAC_EXTERNALIZE(type,label, elements1, buffer1, 256);	\
-	sprintf(charpoint, "%s ", buffer1);				\
-	charpoint += strlen(charpoint);					\
-	strcpy(elements1, elements);					\
-	if (!label1)							\
-		strcpy(buffer1,"NULL");					\
-	else								\
-	        MAC_EXTERNALIZE(type1,label1, elements1, buffer1, 256);	\
-	sprintf(charpoint, "%s ", buffer1);				\
-	charpoint += strlen(charpoint);					\
-	strcpy(elements1, elements);					\
-	if (!label2)							\
-		strcpy(buffer1,"NULL");					\
-	else								\
-	        MAC_EXTERNALIZE(type2,label2, elements1, buffer1, 256);	\
-	sprintf(charpoint, "%s ", buffer1);				\
-	charpoint += strlen(charpoint);					\
-	strcpy(elements1, elements);					\
-	if (!label3)							\
-		strcpy(buffer1,"NULL");					\
-	else								\
-	        MAC_EXTERNALIZE(type3,label3, elements1, buffer1, 256);	\
-	sprintf(charpoint, "%s ", buffer1);				\
-	charpoint += strlen(charpoint);					\
-	strcpy(elements1, elements);					\
-	if (!label4)							\
-		strcpy(buffer1,"NULL");					\
-	else								\
-	        MAC_EXTERNALIZE(type4,label4, elements1, buffer1, 256);	\
-	strleng = strlen(buffer1);					\
-	*(buffer1 + strleng) = '\n';					\
-	*(buffer1 + strleng + 1) = 0;					\
-	strcpy(charpoint, buffer1);					\
-	mac_test_log_submit(buffer, strlen(buffer));			\
-	free(buffer1, M_MAC_TEST_LOG);					\
-exit9:									\
-	free(elements1, M_MAC_TEST_LOG);				\
-exit10:									\
-	free(buffer, M_MAC_TEST_LOG);					\
-exit6:									\
-	;/*extra ; to avoid label at the end of compound statement*/	\
-}}while(0)
-
-#define  extattr_set_vp1(vp, attrnamespace, attrname, data, nbytes, td)do\
-{									\
-         struct mount *mp;						\
-         struct uio auio;						\
-         struct iovec aiov;						\
-         ssize_t count;							\
-         int error;							\
-         VFS_ASSERT_GIANT(vp->v_mount);					\
-         error = vn_start_write(vp, &mp, V_WAIT | PCATCH);		\
-         VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE);			\
-         vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);			\
-         aiov.iov_base = data;						\
-         aiov.iov_len = nbytes;						\
-         auio.uio_iov = &aiov;						\
-         auio.uio_iovcnt = 1;						\
-         auio.uio_offset = 0;						\
-         auio.uio_resid = nbytes;					\
-         auio.uio_rw = UIO_WRITE;					\
-         auio.uio_segflg = UIO_SYSSPACE;				\
-         auio.uio_td = td;						\
-         count = nbytes;						\
-         mac_vnode_check_setextattr(td->td_ucred, vp, attrnamespace,	\
-	             attrname, &auio);					\
-         error = VOP_SETEXTATTR(vp, attrnamespace, attrname, &auio,	\
-             td->td_ucred, td);						\
-         count -= auio.uio_resid;					\
-         td->td_retval[0] = count;					\
-         VOP_UNLOCK(vp, 0, td);						\
-         vn_finished_write(mp);						\
-}while(0)
 #endif /* ! _SECURITY_MAC_TEST_PRIVATE_H */