mac: Honor order when registering MAC modules.
Ensure MAC modules are inserted in order that they are registered. Reviewed by: markj Obtained from: Juniper Networks, Inc. Differential Revision: https://reviews.freebsd.org/D39589
This commit is contained in:
parent
21d56b7966
commit
8deb442cf7
@ -519,7 +519,8 @@ mac_policy_fastpath_unregister(struct mac_policy_conf *mpc)
|
|||||||
static int
|
static int
|
||||||
mac_policy_register(struct mac_policy_conf *mpc)
|
mac_policy_register(struct mac_policy_conf *mpc)
|
||||||
{
|
{
|
||||||
struct mac_policy_conf *tmpc;
|
struct mac_policy_list_head *mpc_list;
|
||||||
|
struct mac_policy_conf *last_mpc, *tmpc;
|
||||||
int error, slot, static_entry;
|
int error, slot, static_entry;
|
||||||
|
|
||||||
error = 0;
|
error = 0;
|
||||||
@ -539,19 +540,14 @@ mac_policy_register(struct mac_policy_conf *mpc)
|
|||||||
static_entry = (!mac_late &&
|
static_entry = (!mac_late &&
|
||||||
!(mpc->mpc_loadtime_flags & MPC_LOADTIME_FLAG_UNLOADOK));
|
!(mpc->mpc_loadtime_flags & MPC_LOADTIME_FLAG_UNLOADOK));
|
||||||
|
|
||||||
if (static_entry) {
|
mpc_list = (static_entry) ? &mac_static_policy_list :
|
||||||
LIST_FOREACH(tmpc, &mac_static_policy_list, mpc_list) {
|
&mac_policy_list;
|
||||||
if (strcmp(tmpc->mpc_name, mpc->mpc_name) == 0) {
|
last_mpc = NULL;
|
||||||
error = EEXIST;
|
LIST_FOREACH(tmpc, mpc_list, mpc_list) {
|
||||||
goto out;
|
last_mpc = tmpc;
|
||||||
}
|
if (strcmp(tmpc->mpc_name, mpc->mpc_name) == 0) {
|
||||||
}
|
error = EEXIST;
|
||||||
} else {
|
goto out;
|
||||||
LIST_FOREACH(tmpc, &mac_policy_list, mpc_list) {
|
|
||||||
if (strcmp(tmpc->mpc_name, mpc->mpc_name) == 0) {
|
|
||||||
error = EEXIST;
|
|
||||||
goto out;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (mpc->mpc_field_off != NULL) {
|
if (mpc->mpc_field_off != NULL) {
|
||||||
@ -567,16 +563,14 @@ mac_policy_register(struct mac_policy_conf *mpc)
|
|||||||
mpc->mpc_runtime_flags |= MPC_RUNTIME_FLAG_REGISTERED;
|
mpc->mpc_runtime_flags |= MPC_RUNTIME_FLAG_REGISTERED;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* If we're loading a MAC module after the framework has initialized,
|
* Some modules may depend on the operations of its dependencies.
|
||||||
* it has to go into the dynamic list. If we're loading it before
|
* Inserting modules in order of registration ensures operations
|
||||||
* we've finished initializing, it can go into the static list with
|
* that work on the module list retain dependency order.
|
||||||
* weaker locker requirements.
|
|
||||||
*/
|
*/
|
||||||
if (static_entry)
|
if (last_mpc == NULL)
|
||||||
LIST_INSERT_HEAD(&mac_static_policy_list, mpc, mpc_list);
|
LIST_INSERT_HEAD(mpc_list, mpc, mpc_list);
|
||||||
else
|
else
|
||||||
LIST_INSERT_HEAD(&mac_policy_list, mpc, mpc_list);
|
LIST_INSERT_AFTER(last_mpc, mpc, mpc_list);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Per-policy initialization. Currently, this takes place under the
|
* Per-policy initialization. Currently, this takes place under the
|
||||||
* exclusive lock, so policies must not sleep in their init method.
|
* exclusive lock, so policies must not sleep in their init method.
|
||||||
|
Loading…
Reference in New Issue
Block a user