--- //depot/projects/trustedbsd/base/sys/kern/kern_exit.c 2002/10/15 08:16:51 +++ //depot/projects/trustedbsd/mac/sys/kern/kern_exit.c 2002/10/15 11:49:45 @@ -41,6 +41,7 @@ #include "opt_compat.h" #include "opt_ktrace.h" +#include "opt_mac.h" #include #include @@ -62,6 +63,7 @@ #include #include /* for acct_process() function prototype */ #include +#include #include #include #include @@ -739,6 +745,9 @@ */ vm_waitproc(p); mtx_destroy(&p->p_mtx); +#ifdef MAC + mac_destroy_proc(p); +#endif KASSERT(FIRST_THREAD_IN_PROC(p), ("wait1: no residual thread!")); uma_zfree(proc_zone, p); --- //depot/projects/trustedbsd/base/sys/kern/kern_fork.c 2002/10/18 12:15:19 +++ //depot/projects/trustedbsd/mac/sys/kern/kern_fork.c 2002/10/18 13:54:56 @@ -40,6 +40,7 @@ */ #include "opt_ktrace.h" +#include "opt_mac.h" #include #include @@ -57,6 +58,7 @@ #include #include #include +#include #include #include #include @@ -305,6 +307,9 @@ /* Allocate new proc. */ newproc = uma_zalloc(proc_zone, M_WAITOK); +#ifdef MAC + mac_init_proc(newproc); +#endif /* * Although process entries are dynamically created, we still keep --- //depot/projects/trustedbsd/base/sys/kern/kern_mac.c 2002/11/14 22:24:46 +++ //depot/projects/trustedbsd/mac/sys/kern/kern_mac.c 2002/11/16 20:27:56 @@ -180,7 +185,7 @@ static unsigned int nmacmbufs, nmaccreds, nmacifnets, nmacbpfdescs, nmacsockets, nmacmounts, nmactemp, nmacvnodes, nmacdevfsdirents, - nmacipqs, nmacpipes; + nmacipqs, nmacpipes, nmacprocs; SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, mbufs, CTLFLAG_RD, &nmacmbufs, 0, "number of mbufs in use"); @@ -196,6 +201,8 @@ &nmacsockets, 0, "number of sockets in use"); SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, pipes, CTLFLAG_RD, &nmacpipes, 0, "number of pipes in use"); +SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, procs, CTLFLAG_RD, + &nmacprocs, 0, "number of procs in use"); SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, mounts, CTLFLAG_RD, &nmacmounts, 0, "number of mounts in use"); SYSCTL_UINT(_security_mac_debug_counters, OID_AUTO, temp, CTLFLAG_RD, @@ -757,6 +764,17 @@ mac_init_pipe_label(label); } +void +mac_init_proc(struct proc *p) +{ + + mac_init_label(&p->p_label); + MAC_PERFORM(init_proc_label, &p->p_label); +#ifdef MAC_DEBUG + atomic_add_int(&nmacprocs, 1); +#endif +} + static int mac_init_socket_label(struct label *label, int flag) { @@ -940,6 +958,17 @@ free(pipe->pipe_label, M_MACPIPELABEL); } +void +mac_destroy_proc(struct proc *p) +{ + + MAC_PERFORM(destroy_proc_label, &p->p_label); + mac_destroy_label(&p->p_label); +#ifdef MAC_DEBUG + atomic_subtract_int(&nmacprocs, 1); +#endif +} + static void mac_destroy_socket_label(struct label *label) { --- //depot/projects/trustedbsd/base/sys/sys/mac.h 2002/11/13 06:53:14 +++ //depot/projects/trustedbsd/mac/sys/sys/mac.h 2002/11/16 20:22:03 @@ -146,6 +146,7 @@ void mac_init_pipe(struct pipe *); int mac_init_mbuf(struct mbuf *m, int flag); void mac_init_mount(struct mount *); +void mac_init_proc(struct proc *); void mac_init_vnode(struct vnode *); void mac_init_vnode_label(struct label *); void mac_copy_vnode_label(struct label *, struct label *label); @@ -156,6 +157,7 @@ void mac_destroy_ipq(struct ipq *); void mac_destroy_socket(struct socket *); void mac_destroy_pipe(struct pipe *); +void mac_destroy_proc(struct proc *); void mac_destroy_mbuf(struct mbuf *); void mac_destroy_mount(struct mount *); void mac_destroy_vnode(struct vnode *); --- //depot/projects/trustedbsd/base/sys/sys/mac_policy.h 2002/11/13 06:53:14 +++ //depot/projects/trustedbsd/mac/sys/sys/mac_policy.h 2002/11/16 20:22:03 @@ -80,6 +80,7 @@ int (*mpo_init_socket_label)(struct label *label, int flag); int (*mpo_init_socket_peer_label)(struct label *label, int flag); void (*mpo_init_pipe_label)(struct label *label); + void (*mpo_init_proc_label)(struct label *label); void (*mpo_init_vnode_label)(struct label *label); void (*mpo_destroy_bpfdesc_label)(struct label *label); void (*mpo_destroy_cred_label)(struct label *label); @@ -92,6 +93,7 @@ void (*mpo_destroy_socket_label)(struct label *label); void (*mpo_destroy_socket_peer_label)(struct label *label); void (*mpo_destroy_pipe_label)(struct label *label); + void (*mpo_destroy_proc_label)(struct label *label); void (*mpo_destroy_vnode_label)(struct label *label); void (*mpo_copy_pipe_label)(struct label *src, struct label *dest);