author: Robert Watson <rwatson@FreeBSD.org> 2002-10-05 16:46:03 +0000
committer: Robert Watson <rwatson@FreeBSD.org> 2002-10-05 16:46:03 +0000
commit: ea599aa018eba3a918f7401fdd94e3acccd2c48c (patch)
tree: bd3cab7d2eabee2045248977744127da68237200 /sys/security
parent: 3bd65612892bf45be964680c677d5f939b06ca39 (diff)
8 files changed, 200 insertions, 24 deletions
diff --git a/sys/security/mac/mac_framework.c b/sys/security/mac/mac_framework.c
index 85101e1f2cc9..180b8aaad692 100644
--- a/sys/security/mac/mac_framework.c
+++ b/sys/security/mac/mac_framework.c
@@ -928,16 +928,38 @@ static int
 mac_policy_unregister(struct mac_policy_conf *mpc)
 {
 
+	/*
+	 * If we fail the load, we may get a request to unload.  Check
+	 * to see if we did the run-time registration, and if not,
+	 * silently succeed.
+	 */
+	MAC_POLICY_LIST_LOCK();
+	if ((mpc->mpc_runtime_flags & MPC_RUNTIME_FLAG_REGISTERED) == 0) {
+		MAC_POLICY_LIST_UNLOCK();
+		return (0);
+	}
 #if 0
 	/*
 	 * Don't allow unloading modules with private data.
 	 */
-	if (mpc->mpc_field_off != NULL)
+	if (mpc->mpc_field_off != NULL) {
+		MAC_POLICY_LIST_UNLOCK();
 		return (EBUSY);
+	}
 #endif
-	if ((mpc->mpc_loadtime_flags & MPC_LOADTIME_FLAG_UNLOADOK) == 0)
+	/*
+	 * Only allow the unload to proceed if the module is unloadable
+	 * by its own definition.
+	 */
+	if ((mpc->mpc_loadtime_flags & MPC_LOADTIME_FLAG_UNLOADOK) == 0) {
+		MAC_POLICY_LIST_UNLOCK();
 		return (EBUSY);
-	MAC_POLICY_LIST_LOCK();
+	}
+	/*
+	 * Right now, we EBUSY if the list is in use.  In the future,
+	 * for reliability reasons, we might want to sleep and wakeup
+	 * later to try again.
+	 */
 	if (mac_policy_list_busy > 0) {
 		MAC_POLICY_LIST_UNLOCK();
 		return (EBUSY);
diff --git a/sys/security/mac/mac_internal.h b/sys/security/mac/mac_internal.h
index 85101e1f2cc9..180b8aaad692 100644
--- a/sys/security/mac/mac_internal.h
+++ b/sys/security/mac/mac_internal.h
@@ -928,16 +928,38 @@ static int
 mac_policy_unregister(struct mac_policy_conf *mpc)
 {
 
+	/*
+	 * If we fail the load, we may get a request to unload.  Check
+	 * to see if we did the run-time registration, and if not,
+	 * silently succeed.
+	 */
+	MAC_POLICY_LIST_LOCK();
+	if ((mpc->mpc_runtime_flags & MPC_RUNTIME_FLAG_REGISTERED) == 0) {
+		MAC_POLICY_LIST_UNLOCK();
+		return (0);
+	}
 #if 0
 	/*
 	 * Don't allow unloading modules with private data.
 	 */
-	if (mpc->mpc_field_off != NULL)
+	if (mpc->mpc_field_off != NULL) {
+		MAC_POLICY_LIST_UNLOCK();
 		return (EBUSY);
+	}
 #endif
-	if ((mpc->mpc_loadtime_flags & MPC_LOADTIME_FLAG_UNLOADOK) == 0)
+	/*
+	 * Only allow the unload to proceed if the module is unloadable
+	 * by its own definition.
+	 */
+	if ((mpc->mpc_loadtime_flags & MPC_LOADTIME_FLAG_UNLOADOK) == 0) {
+		MAC_POLICY_LIST_UNLOCK();
 		return (EBUSY);
-	MAC_POLICY_LIST_LOCK();
+	}
+	/*
+	 * Right now, we EBUSY if the list is in use.  In the future,
+	 * for reliability reasons, we might want to sleep and wakeup
+	 * later to try again.
+	 */
 	if (mac_policy_list_busy > 0) {
 		MAC_POLICY_LIST_UNLOCK();
 		return (EBUSY);
diff --git a/sys/security/mac/mac_net.c b/sys/security/mac/mac_net.c
index 85101e1f2cc9..180b8aaad692 100644
--- a/sys/security/mac/mac_net.c
+++ b/sys/security/mac/mac_net.c
@@ -928,16 +928,38 @@ static int
 mac_policy_unregister(struct mac_policy_conf *mpc)
 {
 
+	/*
+	 * If we fail the load, we may get a request to unload.  Check
+	 * to see if we did the run-time registration, and if not,
+	 * silently succeed.
+	 */
+	MAC_POLICY_LIST_LOCK();
+	if ((mpc->mpc_runtime_flags & MPC_RUNTIME_FLAG_REGISTERED) == 0) {
+		MAC_POLICY_LIST_UNLOCK();
+		return (0);
+	}
 #if 0
 	/*
 	 * Don't allow unloading modules with private data.
 	 */
-	if (mpc->mpc_field_off != NULL)
+	if (mpc->mpc_field_off != NULL) {
+		MAC_POLICY_LIST_UNLOCK();
 		return (EBUSY);
+	}
 #endif
-	if ((mpc->mpc_loadtime_flags & MPC_LOADTIME_FLAG_UNLOADOK) == 0)
+	/*
+	 * Only allow the unload to proceed if the module is unloadable
+	 * by its own definition.
+	 */
+	if ((mpc->mpc_loadtime_flags & MPC_LOADTIME_FLAG_UNLOADOK) == 0) {
+		MAC_POLICY_LIST_UNLOCK();
 		return (EBUSY);
-	MAC_POLICY_LIST_LOCK();
+	}
+	/*
+	 * Right now, we EBUSY if the list is in use.  In the future,
+	 * for reliability reasons, we might want to sleep and wakeup
+	 * later to try again.
+	 */
 	if (mac_policy_list_busy > 0) {
 		MAC_POLICY_LIST_UNLOCK();
 		return (EBUSY);
diff --git a/sys/security/mac/mac_pipe.c b/sys/security/mac/mac_pipe.c
index 85101e1f2cc9..180b8aaad692 100644
--- a/sys/security/mac/mac_pipe.c
+++ b/sys/security/mac/mac_pipe.c
@@ -928,16 +928,38 @@ static int
 mac_policy_unregister(struct mac_policy_conf *mpc)
 {
 
+	/*
+	 * If we fail the load, we may get a request to unload.  Check
+	 * to see if we did the run-time registration, and if not,
+	 * silently succeed.
+	 */
+	MAC_POLICY_LIST_LOCK();
+	if ((mpc->mpc_runtime_flags & MPC_RUNTIME_FLAG_REGISTERED) == 0) {
+		MAC_POLICY_LIST_UNLOCK();
+		return (0);
+	}
 #if 0
 	/*
 	 * Don't allow unloading modules with private data.
 	 */
-	if (mpc->mpc_field_off != NULL)
+	if (mpc->mpc_field_off != NULL) {
+		MAC_POLICY_LIST_UNLOCK();
 		return (EBUSY);
+	}
 #endif
-	if ((mpc->mpc_loadtime_flags & MPC_LOADTIME_FLAG_UNLOADOK) == 0)
+	/*
+	 * Only allow the unload to proceed if the module is unloadable
+	 * by its own definition.
+	 */
+	if ((mpc->mpc_loadtime_flags & MPC_LOADTIME_FLAG_UNLOADOK) == 0) {
+		MAC_POLICY_LIST_UNLOCK();
 		return (EBUSY);
-	MAC_POLICY_LIST_LOCK();
+	}
+	/*
+	 * Right now, we EBUSY if the list is in use.  In the future,
+	 * for reliability reasons, we might want to sleep and wakeup
+	 * later to try again.
+	 */
 	if (mac_policy_list_busy > 0) {
 		MAC_POLICY_LIST_UNLOCK();
 		return (EBUSY);
diff --git a/sys/security/mac/mac_process.c b/sys/security/mac/mac_process.c
index 85101e1f2cc9..180b8aaad692 100644
--- a/sys/security/mac/mac_process.c
+++ b/sys/security/mac/mac_process.c
@@ -928,16 +928,38 @@ static int
 mac_policy_unregister(struct mac_policy_conf *mpc)
 {
 
+	/*
+	 * If we fail the load, we may get a request to unload.  Check
+	 * to see if we did the run-time registration, and if not,
+	 * silently succeed.
+	 */
+	MAC_POLICY_LIST_LOCK();
+	if ((mpc->mpc_runtime_flags & MPC_RUNTIME_FLAG_REGISTERED) == 0) {
+		MAC_POLICY_LIST_UNLOCK();
+		return (0);
+	}
 #if 0
 	/*
 	 * Don't allow unloading modules with private data.
 	 */
-	if (mpc->mpc_field_off != NULL)
+	if (mpc->mpc_field_off != NULL) {
+		MAC_POLICY_LIST_UNLOCK();
 		return (EBUSY);
+	}
 #endif
-	if ((mpc->mpc_loadtime_flags & MPC_LOADTIME_FLAG_UNLOADOK) == 0)
+	/*
+	 * Only allow the unload to proceed if the module is unloadable
+	 * by its own definition.
+	 */
+	if ((mpc->mpc_loadtime_flags & MPC_LOADTIME_FLAG_UNLOADOK) == 0) {
+		MAC_POLICY_LIST_UNLOCK();
 		return (EBUSY);
-	MAC_POLICY_LIST_LOCK();
+	}
+	/*
+	 * Right now, we EBUSY if the list is in use.  In the future,
+	 * for reliability reasons, we might want to sleep and wakeup
+	 * later to try again.
+	 */
 	if (mac_policy_list_busy > 0) {
 		MAC_POLICY_LIST_UNLOCK();
 		return (EBUSY);
diff --git a/sys/security/mac/mac_syscalls.c b/sys/security/mac/mac_syscalls.c
index 85101e1f2cc9..180b8aaad692 100644
--- a/sys/security/mac/mac_syscalls.c
+++ b/sys/security/mac/mac_syscalls.c
@@ -928,16 +928,38 @@ static int
 mac_policy_unregister(struct mac_policy_conf *mpc)
 {
 
+	/*
+	 * If we fail the load, we may get a request to unload.  Check
+	 * to see if we did the run-time registration, and if not,
+	 * silently succeed.
+	 */
+	MAC_POLICY_LIST_LOCK();
+	if ((mpc->mpc_runtime_flags & MPC_RUNTIME_FLAG_REGISTERED) == 0) {
+		MAC_POLICY_LIST_UNLOCK();
+		return (0);
+	}
 #if 0
 	/*
 	 * Don't allow unloading modules with private data.
 	 */
-	if (mpc->mpc_field_off != NULL)
+	if (mpc->mpc_field_off != NULL) {
+		MAC_POLICY_LIST_UNLOCK();
 		return (EBUSY);
+	}
 #endif
-	if ((mpc->mpc_loadtime_flags & MPC_LOADTIME_FLAG_UNLOADOK) == 0)
+	/*
+	 * Only allow the unload to proceed if the module is unloadable
+	 * by its own definition.
+	 */
+	if ((mpc->mpc_loadtime_flags & MPC_LOADTIME_FLAG_UNLOADOK) == 0) {
+		MAC_POLICY_LIST_UNLOCK();
 		return (EBUSY);
-	MAC_POLICY_LIST_LOCK();
+	}
+	/*
+	 * Right now, we EBUSY if the list is in use.  In the future,
+	 * for reliability reasons, we might want to sleep and wakeup
+	 * later to try again.
+	 */
 	if (mac_policy_list_busy > 0) {
 		MAC_POLICY_LIST_UNLOCK();
 		return (EBUSY);
diff --git a/sys/security/mac/mac_system.c b/sys/security/mac/mac_system.c
index 85101e1f2cc9..180b8aaad692 100644
--- a/sys/security/mac/mac_system.c
+++ b/sys/security/mac/mac_system.c
@@ -928,16 +928,38 @@ static int
 mac_policy_unregister(struct mac_policy_conf *mpc)
 {
 
+	/*
+	 * If we fail the load, we may get a request to unload.  Check
+	 * to see if we did the run-time registration, and if not,
+	 * silently succeed.
+	 */
+	MAC_POLICY_LIST_LOCK();
+	if ((mpc->mpc_runtime_flags & MPC_RUNTIME_FLAG_REGISTERED) == 0) {
+		MAC_POLICY_LIST_UNLOCK();
+		return (0);
+	}
 #if 0
 	/*
 	 * Don't allow unloading modules with private data.
 	 */
-	if (mpc->mpc_field_off != NULL)
+	if (mpc->mpc_field_off != NULL) {
+		MAC_POLICY_LIST_UNLOCK();
 		return (EBUSY);
+	}
 #endif
-	if ((mpc->mpc_loadtime_flags & MPC_LOADTIME_FLAG_UNLOADOK) == 0)
+	/*
+	 * Only allow the unload to proceed if the module is unloadable
+	 * by its own definition.
+	 */
+	if ((mpc->mpc_loadtime_flags & MPC_LOADTIME_FLAG_UNLOADOK) == 0) {
+		MAC_POLICY_LIST_UNLOCK();
 		return (EBUSY);
-	MAC_POLICY_LIST_LOCK();
+	}
+	/*
+	 * Right now, we EBUSY if the list is in use.  In the future,
+	 * for reliability reasons, we might want to sleep and wakeup
+	 * later to try again.
+	 */
 	if (mac_policy_list_busy > 0) {
 		MAC_POLICY_LIST_UNLOCK();
 		return (EBUSY);
diff --git a/sys/security/mac/mac_vfs.c b/sys/security/mac/mac_vfs.c
index 85101e1f2cc9..180b8aaad692 100644
--- a/sys/security/mac/mac_vfs.c
+++ b/sys/security/mac/mac_vfs.c
@@ -928,16 +928,38 @@ static int
 mac_policy_unregister(struct mac_policy_conf *mpc)
 {
 
+	/*
+	 * If we fail the load, we may get a request to unload.  Check
+	 * to see if we did the run-time registration, and if not,
+	 * silently succeed.
+	 */
+	MAC_POLICY_LIST_LOCK();
+	if ((mpc->mpc_runtime_flags & MPC_RUNTIME_FLAG_REGISTERED) == 0) {
+		MAC_POLICY_LIST_UNLOCK();
+		return (0);
+	}
 #if 0
 	/*
 	 * Don't allow unloading modules with private data.
 	 */
-	if (mpc->mpc_field_off != NULL)
+	if (mpc->mpc_field_off != NULL) {
+		MAC_POLICY_LIST_UNLOCK();
 		return (EBUSY);
+	}
 #endif
-	if ((mpc->mpc_loadtime_flags & MPC_LOADTIME_FLAG_UNLOADOK) == 0)
+	/*
+	 * Only allow the unload to proceed if the module is unloadable
+	 * by its own definition.
+	 */
+	if ((mpc->mpc_loadtime_flags & MPC_LOADTIME_FLAG_UNLOADOK) == 0) {
+		MAC_POLICY_LIST_UNLOCK();
 		return (EBUSY);
-	MAC_POLICY_LIST_LOCK();
+	}
+	/*
+	 * Right now, we EBUSY if the list is in use.  In the future,
+	 * for reliability reasons, we might want to sleep and wakeup
+	 * later to try again.
+	 */
 	if (mac_policy_list_busy > 0) {
 		MAC_POLICY_LIST_UNLOCK();
 		return (EBUSY);
author	Robert Watson <rwatson@FreeBSD.org>	2002-10-05 16:46:03 +0000
committer	Robert Watson <rwatson@FreeBSD.org>	2002-10-05 16:46:03 +0000
commit	ea599aa018eba3a918f7401fdd94e3acccd2c48c (patch)
tree	bd3cab7d2eabee2045248977744127da68237200 /sys/security
parent	3bd65612892bf45be964680c677d5f939b06ca39 (diff)