MAC/do: Remove superfluous configuration initialization

Configuration objects would be initialized (zeroed, and some
STAILQ_INIT() called) multiple times.  Make sure they are so only once,
and add assertions to check that this is actually the case for functions
that expect it.

Reviewed by:    bapt
MFC after:      1 month
Sponsored by:   The FreeBSD Foundation
Pull Request:   https://ron-dev.freebsd.org/FreeBSD/src/pulls/38
This commit is contained in:
Olivier Certner
2026-05-20 11:29:51 +02:00
parent 4e27cc086b
commit 11b567e94a
+24 -10
View File
@@ -33,6 +33,23 @@
#include <security/mac/mac_policy.h>
#ifdef INVARIANTS
/*
* Should typically be moved to libkern (and perhaps libc) at some point, and be
* optimized if to be used outside of INVARIANTS.
*/
static bool
is_zeroed(const void *const buf, const size_t size)
{
const char *const p = buf;
for (size_t i = 0; i < size; ++i)
if (p[i] != 0)
return (false);
return (true);
}
#endif
static SYSCTL_NODE(_security_mac, OID_AUTO, do,
CTLFLAG_RW|CTLFLAG_MPSAFE, 0, "mac_do policy controls");
@@ -353,25 +370,24 @@ toast_rules(struct rules *const rules)
}
}
/* Assumes storage has been zeroed. */
static void
static inline void
init_rules(struct rules *const rules)
{
MPASS(is_zeroed(rules, sizeof(*rules)));
STAILQ_INIT(&rules->head);
}
static void
static inline void
init_exec_paths(struct exec_paths *const exec_paths)
{
bzero(exec_paths, sizeof(*exec_paths));
exec_paths->exec_paths_str[0] = 0;
MPASS(is_zeroed(exec_paths, sizeof(*exec_paths)));
}
static struct conf *
new_conf(void)
{
struct conf *const conf = malloc(sizeof(*conf), M_MAC_DO, M_WAITOK |
M_ZERO);
struct conf *const conf = malloc(sizeof(*conf), M_MAC_DO,
M_WAITOK | M_ZERO);
init_rules(&conf->rules);
init_exec_paths(&conf->exec_paths);
@@ -1356,9 +1372,7 @@ clone_rules(struct rules *const dst, const struct rules *const src)
{
struct rule *src_rule, *dst_rule;
bzero(dst, sizeof(*dst));
strlcpy(dst->string, src->string, sizeof(dst->string));
STAILQ_INIT(&dst->head);
STAILQ_FOREACH(src_rule, &src->head, r_entries) {
dst_rule = malloc(sizeof(*dst_rule), M_MAC_DO, M_WAITOK |
@@ -1387,7 +1401,7 @@ static void
clone_exec_paths(struct exec_paths *const dst,
const struct exec_paths *const src)
{
bzero(dst, sizeof(*dst));
MPASS(is_zeroed(dst, sizeof(*dst)));
dst->exec_path_count = src->exec_path_count;
for (int i = 0; i < src->exec_path_count; i++)
strlcpy(dst->exec_paths[i], src->exec_paths[i],