mac: Honor order when registering MAC modules.
Ensure MAC modules are inserted in order that they are registered. Reviewed by: markj Obtained from: Juniper Networks, Inc. Differential Revision: https://reviews.freebsd.org/D39589
This commit is contained in:
parent
21d56b7966
commit
8deb442cf7
@ -519,7 +519,8 @@ mac_policy_fastpath_unregister(struct mac_policy_conf *mpc)
|
||||
static int
|
||||
mac_policy_register(struct mac_policy_conf *mpc)
|
||||
{
|
||||
struct mac_policy_conf *tmpc;
|
||||
struct mac_policy_list_head *mpc_list;
|
||||
struct mac_policy_conf *last_mpc, *tmpc;
|
||||
int error, slot, static_entry;
|
||||
|
||||
error = 0;
|
||||
@ -539,21 +540,16 @@ mac_policy_register(struct mac_policy_conf *mpc)
|
||||
static_entry = (!mac_late &&
|
||||
!(mpc->mpc_loadtime_flags & MPC_LOADTIME_FLAG_UNLOADOK));
|
||||
|
||||
if (static_entry) {
|
||||
LIST_FOREACH(tmpc, &mac_static_policy_list, mpc_list) {
|
||||
mpc_list = (static_entry) ? &mac_static_policy_list :
|
||||
&mac_policy_list;
|
||||
last_mpc = NULL;
|
||||
LIST_FOREACH(tmpc, mpc_list, mpc_list) {
|
||||
last_mpc = tmpc;
|
||||
if (strcmp(tmpc->mpc_name, mpc->mpc_name) == 0) {
|
||||
error = EEXIST;
|
||||
goto out;
|
||||
}
|
||||
}
|
||||
} else {
|
||||
LIST_FOREACH(tmpc, &mac_policy_list, mpc_list) {
|
||||
if (strcmp(tmpc->mpc_name, mpc->mpc_name) == 0) {
|
||||
error = EEXIST;
|
||||
goto out;
|
||||
}
|
||||
}
|
||||
}
|
||||
if (mpc->mpc_field_off != NULL) {
|
||||
slot = ffs(mac_slot_offsets_free);
|
||||
if (slot == 0) {
|
||||
@ -567,16 +563,14 @@ mac_policy_register(struct mac_policy_conf *mpc)
|
||||
mpc->mpc_runtime_flags |= MPC_RUNTIME_FLAG_REGISTERED;
|
||||
|
||||
/*
|
||||
* If we're loading a MAC module after the framework has initialized,
|
||||
* it has to go into the dynamic list. If we're loading it before
|
||||
* we've finished initializing, it can go into the static list with
|
||||
* weaker locker requirements.
|
||||
* Some modules may depend on the operations of its dependencies.
|
||||
* Inserting modules in order of registration ensures operations
|
||||
* that work on the module list retain dependency order.
|
||||
*/
|
||||
if (static_entry)
|
||||
LIST_INSERT_HEAD(&mac_static_policy_list, mpc, mpc_list);
|
||||
if (last_mpc == NULL)
|
||||
LIST_INSERT_HEAD(mpc_list, mpc, mpc_list);
|
||||
else
|
||||
LIST_INSERT_HEAD(&mac_policy_list, mpc, mpc_list);
|
||||
|
||||
LIST_INSERT_AFTER(last_mpc, mpc, mpc_list);
|
||||
/*
|
||||
* Per-policy initialization. Currently, this takes place under the
|
||||
* exclusive lock, so policies must not sleep in their init method.
|
||||
|
Loading…
Reference in New Issue
Block a user