From db33c6f3ae9d1231087710068ee4ea5398aacca7 Mon Sep 17 00:00:00 2001 From: Olivier Certner Date: Thu, 4 Jul 2024 16:08:20 +0200 Subject: [PATCH] MAC: mac_policy.h: Declare common MAC sysctl and jail parameters' nodes Do this only when the headers for these functionalities were included prior to this one. Indeed, if they need to be included, style(9) mandates they should have been so before this one. Remove the common MAC sysctl declaration from , as it is now redundant (all its includers also include ). Remove local such declarations from all policies' files. Reviewed by: jamie Approved by: markj (mentor) MFC after: 5 days Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D46903 --- sys/security/mac/mac_internal.h | 7 ------- sys/security/mac/mac_policy.h | 15 +++++++++++++++ sys/security/mac_biba/mac_biba.c | 2 -- sys/security/mac_bsdextended/mac_bsdextended.c | 2 -- sys/security/mac_grantbylabel/mac_grantbylabel.c | 1 - sys/security/mac_ifoff/mac_ifoff.c | 2 -- sys/security/mac_ipacl/mac_ipacl.c | 2 -- sys/security/mac_lomac/mac_lomac.c | 2 -- sys/security/mac_mls/mac_mls.c | 2 -- sys/security/mac_ntpd/mac_ntpd.c | 2 -- sys/security/mac_partition/mac_partition.c | 2 -- sys/security/mac_pimd/mac_pimd.c | 2 -- sys/security/mac_portacl/mac_portacl.c | 2 -- sys/security/mac_priority/mac_priority.c | 2 -- sys/security/mac_seeotheruids/mac_seeotheruids.c | 2 -- sys/security/mac_stub/mac_stub.c | 2 -- sys/security/mac_test/mac_test.c | 2 -- sys/security/mac_veriexec/mac_veriexec.c | 2 -- 18 files changed, 15 insertions(+), 38 deletions(-) diff --git a/sys/security/mac/mac_internal.h b/sys/security/mac/mac_internal.h index 89f74a65c80..aeef59017d1 100644 --- a/sys/security/mac/mac_internal.h +++ b/sys/security/mac/mac_internal.h @@ -56,13 +56,6 @@ #include #include -/* - * MAC Framework sysctl namespace. - */ -#ifdef SYSCTL_DECL -SYSCTL_DECL(_security_mac); -#endif /* SYSCTL_DECL */ - /* * MAC Framework SDT DTrace probe namespace, macros for declaring entry * point probes, macros for invoking them. diff --git a/sys/security/mac/mac_policy.h b/sys/security/mac/mac_policy.h index cf101bc4414..084684e5749 100644 --- a/sys/security/mac/mac_policy.h +++ b/sys/security/mac/mac_policy.h @@ -1064,4 +1064,19 @@ int mac_policy_modevent(module_t mod, int type, void *data); intptr_t mac_label_get(struct label *l, int slot); void mac_label_set(struct label *l, int slot, intptr_t v); +/* + * Common MAC Framework's sysctl and jail parameters' sysctl nodes' declarations. + * + * Headers and normally have to be included before + * this header as style(9) hints to. If they weren't, just forego the + * corresponding declarations, assuming they are not needed. + */ +#ifdef SYSCTL_DECL +SYSCTL_DECL(_security_mac); +#endif + +#ifdef SYSCTL_JAIL_PARAM_DECL +SYSCTL_JAIL_PARAM_DECL(mac); +#endif + #endif /* !_SECURITY_MAC_MAC_POLICY_H_ */ diff --git a/sys/security/mac_biba/mac_biba.c b/sys/security/mac_biba/mac_biba.c index 5d66e2fd4b9..e991e05311d 100644 --- a/sys/security/mac_biba/mac_biba.c +++ b/sys/security/mac_biba/mac_biba.c @@ -88,8 +88,6 @@ #include #include -SYSCTL_DECL(_security_mac); - static SYSCTL_NODE(_security_mac, OID_AUTO, biba, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, "TrustedBSD mac_biba policy controls"); diff --git a/sys/security/mac_bsdextended/mac_bsdextended.c b/sys/security/mac_bsdextended/mac_bsdextended.c index 95efc537735..8a654921438 100644 --- a/sys/security/mac_bsdextended/mac_bsdextended.c +++ b/sys/security/mac_bsdextended/mac_bsdextended.c @@ -68,8 +68,6 @@ static struct mtx ugidfw_mtx; -SYSCTL_DECL(_security_mac); - static SYSCTL_NODE(_security_mac, OID_AUTO, bsdextended, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, "TrustedBSD extended BSD MAC policy controls"); diff --git a/sys/security/mac_grantbylabel/mac_grantbylabel.c b/sys/security/mac_grantbylabel/mac_grantbylabel.c index 4d14577820e..af080e8e34e 100644 --- a/sys/security/mac_grantbylabel/mac_grantbylabel.c +++ b/sys/security/mac_grantbylabel/mac_grantbylabel.c @@ -49,7 +49,6 @@ #define MAC_GRANTBYLABEL_FULLNAME "MAC/grantbylabel" -SYSCTL_DECL(_security_mac); SYSCTL_NODE(_security_mac, OID_AUTO, grantbylabel, CTLFLAG_RW, 0, "MAC/grantbylabel policy controls"); diff --git a/sys/security/mac_ifoff/mac_ifoff.c b/sys/security/mac_ifoff/mac_ifoff.c index d84b9c85a5b..cffe93b4d9a 100644 --- a/sys/security/mac_ifoff/mac_ifoff.c +++ b/sys/security/mac_ifoff/mac_ifoff.c @@ -58,8 +58,6 @@ #include -SYSCTL_DECL(_security_mac); - static SYSCTL_NODE(_security_mac, OID_AUTO, ifoff, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, "TrustedBSD mac_ifoff policy controls"); diff --git a/sys/security/mac_ipacl/mac_ipacl.c b/sys/security/mac_ipacl/mac_ipacl.c index bed77e7866f..eed3eddace8 100644 --- a/sys/security/mac_ipacl/mac_ipacl.c +++ b/sys/security/mac_ipacl/mac_ipacl.c @@ -70,8 +70,6 @@ #include -SYSCTL_DECL(_security_mac); - static SYSCTL_NODE(_security_mac, OID_AUTO, ipacl, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, "TrustedBSD mac_ipacl policy controls"); diff --git a/sys/security/mac_lomac/mac_lomac.c b/sys/security/mac_lomac/mac_lomac.c index aa9abf45872..23acc7b7a59 100644 --- a/sys/security/mac_lomac/mac_lomac.c +++ b/sys/security/mac_lomac/mac_lomac.c @@ -89,8 +89,6 @@ struct mac_lomac_proc { struct mtx mtx; }; -SYSCTL_DECL(_security_mac); - static SYSCTL_NODE(_security_mac, OID_AUTO, lomac, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, "TrustedBSD mac_lomac policy controls"); diff --git a/sys/security/mac_mls/mac_mls.c b/sys/security/mac_mls/mac_mls.c index a22b504c336..54a32b6d564 100644 --- a/sys/security/mac_mls/mac_mls.c +++ b/sys/security/mac_mls/mac_mls.c @@ -89,8 +89,6 @@ #include #include -SYSCTL_DECL(_security_mac); - static SYSCTL_NODE(_security_mac, OID_AUTO, mls, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, "TrustedBSD mac_mls policy controls"); diff --git a/sys/security/mac_ntpd/mac_ntpd.c b/sys/security/mac_ntpd/mac_ntpd.c index 3125bc057be..1aeaeb032bb 100644 --- a/sys/security/mac_ntpd/mac_ntpd.c +++ b/sys/security/mac_ntpd/mac_ntpd.c @@ -34,8 +34,6 @@ #include -SYSCTL_DECL(_security_mac); - static SYSCTL_NODE(_security_mac, OID_AUTO, ntpd, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, "mac_ntpd policy controls"); diff --git a/sys/security/mac_partition/mac_partition.c b/sys/security/mac_partition/mac_partition.c index 2cff042cb33..2f0189b79ac 100644 --- a/sys/security/mac_partition/mac_partition.c +++ b/sys/security/mac_partition/mac_partition.c @@ -61,8 +61,6 @@ #include #include -SYSCTL_DECL(_security_mac); - static SYSCTL_NODE(_security_mac, OID_AUTO, partition, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, "TrustedBSD mac_partition policy controls"); diff --git a/sys/security/mac_pimd/mac_pimd.c b/sys/security/mac_pimd/mac_pimd.c index 19ee307c918..a9276a73b43 100644 --- a/sys/security/mac_pimd/mac_pimd.c +++ b/sys/security/mac_pimd/mac_pimd.c @@ -35,8 +35,6 @@ #include -SYSCTL_DECL(_security_mac); - static SYSCTL_NODE(_security_mac, OID_AUTO, pimd, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, "mac_pimd policy controls"); diff --git a/sys/security/mac_portacl/mac_portacl.c b/sys/security/mac_portacl/mac_portacl.c index 184ec4b4738..b3a5e06c0e2 100644 --- a/sys/security/mac_portacl/mac_portacl.c +++ b/sys/security/mac_portacl/mac_portacl.c @@ -79,8 +79,6 @@ #include -SYSCTL_DECL(_security_mac); - static SYSCTL_NODE(_security_mac, OID_AUTO, portacl, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, "TrustedBSD mac_portacl policy controls"); diff --git a/sys/security/mac_priority/mac_priority.c b/sys/security/mac_priority/mac_priority.c index f460e5195cb..1e5bfb5386c 100644 --- a/sys/security/mac_priority/mac_priority.c +++ b/sys/security/mac_priority/mac_priority.c @@ -35,8 +35,6 @@ #include -SYSCTL_DECL(_security_mac); - static SYSCTL_NODE(_security_mac, OID_AUTO, priority, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, "mac_priority policy controls"); diff --git a/sys/security/mac_seeotheruids/mac_seeotheruids.c b/sys/security/mac_seeotheruids/mac_seeotheruids.c index 1677b092daa..9cd2e0f3c0f 100644 --- a/sys/security/mac_seeotheruids/mac_seeotheruids.c +++ b/sys/security/mac_seeotheruids/mac_seeotheruids.c @@ -59,8 +59,6 @@ #include -SYSCTL_DECL(_security_mac); - static SYSCTL_NODE(_security_mac, OID_AUTO, seeotheruids, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, "TrustedBSD mac_seeotheruids policy controls"); diff --git a/sys/security/mac_stub/mac_stub.c b/sys/security/mac_stub/mac_stub.c index 9a2650ea32f..c602c639ec9 100644 --- a/sys/security/mac_stub/mac_stub.c +++ b/sys/security/mac_stub/mac_stub.c @@ -88,8 +88,6 @@ #include -SYSCTL_DECL(_security_mac); - static SYSCTL_NODE(_security_mac, OID_AUTO, stub, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, "TrustedBSD mac_stub policy controls"); diff --git a/sys/security/mac_test/mac_test.c b/sys/security/mac_test/mac_test.c index 267666555f2..7a6a76ce23c 100644 --- a/sys/security/mac_test/mac_test.c +++ b/sys/security/mac_test/mac_test.c @@ -78,8 +78,6 @@ #include -SYSCTL_DECL(_security_mac); - static SYSCTL_NODE(_security_mac, OID_AUTO, test, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, "TrustedBSD mac_test policy controls"); diff --git a/sys/security/mac_veriexec/mac_veriexec.c b/sys/security/mac_veriexec/mac_veriexec.c index 49060186319..20005ffc75b 100644 --- a/sys/security/mac_veriexec/mac_veriexec.c +++ b/sys/security/mac_veriexec/mac_veriexec.c @@ -81,8 +81,6 @@ static int sysctl_mac_veriexec_state(SYSCTL_HANDLER_ARGS); static int sysctl_mac_veriexec_db(SYSCTL_HANDLER_ARGS); static struct mac_policy_ops mac_veriexec_ops; -SYSCTL_DECL(_security_mac); - SYSCTL_NODE(_security_mac, OID_AUTO, veriexec, CTLFLAG_RW | CTLFLAG_MPSAFE, 0, "MAC/veriexec policy controls");