Make sure to clear the 'registered' flag for MAC policies when they

unregister. Under some obscure (perhaps demented) circumstances, this can result in a panic if a policy is unregistered, and then someone foolishly unregisters it again. Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
author: rwatson <rwatson@FreeBSD.org> 2002-10-19 20:30:12 +0000
committer: rwatson <rwatson@FreeBSD.org> 2002-10-19 20:30:12 +0000
commit: 08f5fce1188ec355c4e7a7ac154b9d41f32a6b9a (patch)
tree: 964f5d070f651dc8128174cd262299083cfdd026 /sys
parent: 91dee1ecbba5ea622c64fab5844ae12e871dbe97 (diff)
download: FreeBSD-src-08f5fce1188ec355c4e7a7ac154b9d41f32a6b9a.zip
FreeBSD-src-08f5fce1188ec355c4e7a7ac154b9d41f32a6b9a.tar.gz
9 files changed, 9 insertions, 0 deletions
diff --git a/sys/kern/kern_mac.c b/sys/kern/kern_mac.c
index eca63c3..88e9636 100644
--- a/sys/kern/kern_mac.c
+++ b/sys/kern/kern_mac.c
@@ -998,6 +998,7 @@ mac_policy_unregister(struct mac_policy_conf *mpc)
 
 	FREE(mpc->mpc_ops, M_MACOPVEC);
 	mpc->mpc_ops = NULL;
+	mpc->mpc_runtime_flags &= ~MPC_RUNTIME_FLAG_REGISTERED;
 
 	printf("Security policy unload: %s (%s)\n", mpc->mpc_fullname,
 	    mpc->mpc_name);
diff --git a/sys/security/mac/mac_framework.c b/sys/security/mac/mac_framework.c
index eca63c3..88e9636 100644
--- a/sys/security/mac/mac_framework.c
+++ b/sys/security/mac/mac_framework.c
@@ -998,6 +998,7 @@ mac_policy_unregister(struct mac_policy_conf *mpc)
 
 	FREE(mpc->mpc_ops, M_MACOPVEC);
 	mpc->mpc_ops = NULL;
+	mpc->mpc_runtime_flags &= ~MPC_RUNTIME_FLAG_REGISTERED;
 
 	printf("Security policy unload: %s (%s)\n", mpc->mpc_fullname,
 	    mpc->mpc_name);
diff --git a/sys/security/mac/mac_internal.h b/sys/security/mac/mac_internal.h
index eca63c3..88e9636 100644
--- a/sys/security/mac/mac_internal.h
+++ b/sys/security/mac/mac_internal.h
@@ -998,6 +998,7 @@ mac_policy_unregister(struct mac_policy_conf *mpc)
 
 	FREE(mpc->mpc_ops, M_MACOPVEC);
 	mpc->mpc_ops = NULL;
+	mpc->mpc_runtime_flags &= ~MPC_RUNTIME_FLAG_REGISTERED;
 
 	printf("Security policy unload: %s (%s)\n", mpc->mpc_fullname,
 	    mpc->mpc_name);
diff --git a/sys/security/mac/mac_net.c b/sys/security/mac/mac_net.c
index eca63c3..88e9636 100644
--- a/sys/security/mac/mac_net.c
+++ b/sys/security/mac/mac_net.c
@@ -998,6 +998,7 @@ mac_policy_unregister(struct mac_policy_conf *mpc)
 
 	FREE(mpc->mpc_ops, M_MACOPVEC);
 	mpc->mpc_ops = NULL;
+	mpc->mpc_runtime_flags &= ~MPC_RUNTIME_FLAG_REGISTERED;
 
 	printf("Security policy unload: %s (%s)\n", mpc->mpc_fullname,
 	    mpc->mpc_name);
diff --git a/sys/security/mac/mac_pipe.c b/sys/security/mac/mac_pipe.c
index eca63c3..88e9636 100644
--- a/sys/security/mac/mac_pipe.c
+++ b/sys/security/mac/mac_pipe.c
@@ -998,6 +998,7 @@ mac_policy_unregister(struct mac_policy_conf *mpc)
 
 	FREE(mpc->mpc_ops, M_MACOPVEC);
 	mpc->mpc_ops = NULL;
+	mpc->mpc_runtime_flags &= ~MPC_RUNTIME_FLAG_REGISTERED;
 
 	printf("Security policy unload: %s (%s)\n", mpc->mpc_fullname,
 	    mpc->mpc_name);
diff --git a/sys/security/mac/mac_process.c b/sys/security/mac/mac_process.c
index eca63c3..88e9636 100644
--- a/sys/security/mac/mac_process.c
+++ b/sys/security/mac/mac_process.c
@@ -998,6 +998,7 @@ mac_policy_unregister(struct mac_policy_conf *mpc)
 
 	FREE(mpc->mpc_ops, M_MACOPVEC);
 	mpc->mpc_ops = NULL;
+	mpc->mpc_runtime_flags &= ~MPC_RUNTIME_FLAG_REGISTERED;
 
 	printf("Security policy unload: %s (%s)\n", mpc->mpc_fullname,
 	    mpc->mpc_name);
diff --git a/sys/security/mac/mac_syscalls.c b/sys/security/mac/mac_syscalls.c
index eca63c3..88e9636 100644
--- a/sys/security/mac/mac_syscalls.c
+++ b/sys/security/mac/mac_syscalls.c
@@ -998,6 +998,7 @@ mac_policy_unregister(struct mac_policy_conf *mpc)
 
 	FREE(mpc->mpc_ops, M_MACOPVEC);
 	mpc->mpc_ops = NULL;
+	mpc->mpc_runtime_flags &= ~MPC_RUNTIME_FLAG_REGISTERED;
 
 	printf("Security policy unload: %s (%s)\n", mpc->mpc_fullname,
 	    mpc->mpc_name);
diff --git a/sys/security/mac/mac_system.c b/sys/security/mac/mac_system.c
index eca63c3..88e9636 100644
--- a/sys/security/mac/mac_system.c
+++ b/sys/security/mac/mac_system.c
@@ -998,6 +998,7 @@ mac_policy_unregister(struct mac_policy_conf *mpc)
 
 	FREE(mpc->mpc_ops, M_MACOPVEC);
 	mpc->mpc_ops = NULL;
+	mpc->mpc_runtime_flags &= ~MPC_RUNTIME_FLAG_REGISTERED;
 
 	printf("Security policy unload: %s (%s)\n", mpc->mpc_fullname,
 	    mpc->mpc_name);
diff --git a/sys/security/mac/mac_vfs.c b/sys/security/mac/mac_vfs.c
index eca63c3..88e9636 100644
--- a/sys/security/mac/mac_vfs.c
+++ b/sys/security/mac/mac_vfs.c
@@ -998,6 +998,7 @@ mac_policy_unregister(struct mac_policy_conf *mpc)
 
 	FREE(mpc->mpc_ops, M_MACOPVEC);
 	mpc->mpc_ops = NULL;
+	mpc->mpc_runtime_flags &= ~MPC_RUNTIME_FLAG_REGISTERED;
 
 	printf("Security policy unload: %s (%s)\n", mpc->mpc_fullname,
 	    mpc->mpc_name);
author	rwatson <rwatson@FreeBSD.org>	2002-10-19 20:30:12 +0000
committer	rwatson <rwatson@FreeBSD.org>	2002-10-19 20:30:12 +0000
commit	08f5fce1188ec355c4e7a7ac154b9d41f32a6b9a (patch)
tree	964f5d070f651dc8128174cd262299083cfdd026 /sys
parent	91dee1ecbba5ea622c64fab5844ae12e871dbe97 (diff)
download	FreeBSD-src-08f5fce1188ec355c4e7a7ac154b9d41f32a6b9a.zip FreeBSD-src-08f5fce1188ec355c4e7a7ac154b9d41f32a6b9a.tar.gz