| mac_framework.c (116678) | mac_framework.c (116701) |
|---|---|
| 1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001 Ilmar S. Habibulin 4 * Copyright (c) 2001, 2002, 2003 Networks Associates Technology, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson and Ilmar Habibulin for the 8 * TrustedBSD Project. --- 26 unchanged lines hidden (view full) --- 35 */ 36 37/* 38 * Framework for extensible kernel access control. Kernel and userland 39 * interface to the framework, policy registration and composition. 40 */ 41 42#include <sys/cdefs.h> | 1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001 Ilmar S. Habibulin 4 * Copyright (c) 2001, 2002, 2003 Networks Associates Technology, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson and Ilmar Habibulin for the 8 * TrustedBSD Project. --- 26 unchanged lines hidden (view full) --- 35 */ 36 37/* 38 * Framework for extensible kernel access control. Kernel and userland 39 * interface to the framework, policy registration and composition. 40 */ 41 42#include <sys/cdefs.h> |
| 43__FBSDID("$FreeBSD: head/sys/security/mac/mac_framework.c 116678 2003-06-22 08:41:43Z phk $"); | 43__FBSDID("$FreeBSD: head/sys/security/mac/mac_framework.c 116701 2003-06-23 01:26:34Z rwatson $"); |
| 44 45#include "opt_mac.h" 46#include "opt_devfs.h" 47 48#include <sys/param.h> 49#include <sys/condvar.h> 50#include <sys/extattr.h> 51#include <sys/imgact.h> 52#include <sys/kernel.h> 53#include <sys/lock.h> 54#include <sys/malloc.h> 55#include <sys/mutex.h> 56#include <sys/mac.h> 57#include <sys/module.h> 58#include <sys/proc.h> | 44 45#include "opt_mac.h" 46#include "opt_devfs.h" 47 48#include <sys/param.h> 49#include <sys/condvar.h> 50#include <sys/extattr.h> 51#include <sys/imgact.h> 52#include <sys/kernel.h> 53#include <sys/lock.h> 54#include <sys/malloc.h> 55#include <sys/mutex.h> 56#include <sys/mac.h> 57#include <sys/module.h> 58#include <sys/proc.h> |
| 59#include <sys/sbuf.h> |
|
| 59#include <sys/systm.h> 60#include <sys/sysproto.h> 61#include <sys/sysent.h> 62#include <sys/vnode.h> 63#include <sys/mount.h> 64#include <sys/file.h> 65#include <sys/namei.h> 66#include <sys/socket.h> --- 326 unchanged lines hidden (view full) --- 393 (args); \ 394 } \ 395 mac_policy_list_unbusy(); \ 396 } \ 397} while (0) 398 399#define MAC_EXTERNALIZE(type, label, elementlist, outbuf, \ 400 outbuflen) do { \ | 60#include <sys/systm.h> 61#include <sys/sysproto.h> 62#include <sys/sysent.h> 63#include <sys/vnode.h> 64#include <sys/mount.h> 65#include <sys/file.h> 66#include <sys/namei.h> 67#include <sys/socket.h> --- 326 unchanged lines hidden (view full) --- 394 (args); \ 395 } \ 396 mac_policy_list_unbusy(); \ 397 } \ 398} while (0) 399 400#define MAC_EXTERNALIZE(type, label, elementlist, outbuf, \ 401 outbuflen) do { \ |
| 401 char *curptr, *curptr_start, *element_name, *element_temp; \ 402 size_t left, left_start, len; \ 403 int claimed, first, first_start, ignorenotfound; \ | 402 int claimed, first, ignorenotfound, savedlen; \ 403 char *element_name, *element_temp; \ 404 struct sbuf sb; \ |
| 404 \ 405 error = 0; \ | 405 \ 406 error = 0; \ |
| 406 element_temp = elementlist; \ 407 curptr = outbuf; \ 408 curptr[0] = '\0'; \ 409 left = outbuflen; \ | |
| 410 first = 1; \ | 407 first = 1; \ |
| 408 sbuf_new(&sb, outbuf, outbuflen, SBUF_FIXEDLEN); \ 409 element_temp = elementlist; \ |
|
| 411 while ((element_name = strsep(&element_temp, ",")) != NULL) { \ | 410 while ((element_name = strsep(&element_temp, ",")) != NULL) { \ |
| 412 curptr_start = curptr; \ 413 left_start = left; \ 414 first_start = first; \ | |
| 415 if (element_name[0] == '?') { \ 416 element_name++; \ 417 ignorenotfound = 1; \ | 411 if (element_name[0] == '?') { \ 412 element_name++; \ 413 ignorenotfound = 1; \ |
| 418 } else \ | 414 } else \ |
| 419 ignorenotfound = 0; \ | 415 ignorenotfound = 0; \ |
| 420 claimed = 0; \ | 416 savedlen = sbuf_len(&sb); \ |
| 421 if (first) { \ | 417 if (first) { \ |
| 422 len = snprintf(curptr, left, "%s/", \ 423 element_name); \ | 418 error = sbuf_printf(&sb, "%s/", element_name); \ |
| 424 first = 0; \ 425 } else \ | 419 first = 0; \ 420 } else \ |
| 426 len = snprintf(curptr, left, ",%s/", \ 427 element_name); \ 428 if (len >= left) { \ 429 error = EINVAL; /* XXXMAC: E2BIG */ \ | 421 error = sbuf_printf(&sb, ",%s/", element_name); \ 422 if (error == -1) { \ 423 error = EINVAL; /* XXX: E2BIG? */ \ |
| 430 break; \ 431 } \ | 424 break; \ 425 } \ |
| 432 curptr += len; \ 433 left -= len; \ 434 \ | 426 claimed = 0; \ |
| 435 MAC_CHECK(externalize_ ## type, label, element_name, \ | 427 MAC_CHECK(externalize_ ## type, label, element_name, \ |
| 436 curptr, left, &len, &claimed); \ | 428 &sb, &claimed); \ |
| 437 if (error) \ 438 break; \ | 429 if (error) \ 430 break; \ |
| 439 if (claimed == 1) { \ 440 if (len >= outbuflen) { \ 441 error = EINVAL; /* XXXMAC: E2BIG */ \ 442 break; \ 443 } \ 444 curptr += len; \ 445 left -= len; \ 446 } else if (claimed == 0 && ignorenotfound) { \ 447 /* \ 448 * Revert addition of the label element \ 449 * name. \ 450 */ \ 451 curptr = curptr_start; \ 452 *curptr = '\0'; \ 453 left = left_start; \ 454 first = first_start; \ 455 } else { \ 456 error = EINVAL; /* XXXMAC: ENOLABEL */ \ | 431 if (claimed == 0 && ignorenotfound) { \ 432 /* Revert last label name. */ \ 433 sbuf_setpos(&sb, savedlen); \ 434 } else if (claimed != 1) { \ 435 error = EINVAL; /* XXX: ENOLABEL? */ \ |
| 457 break; \ 458 } \ 459 } \ | 436 break; \ 437 } \ 438 } \ |
| 439 sbuf_finish(&sb); \ |
|
| 460} while (0) 461 462#define MAC_INTERNALIZE(type, label, instring) do { \ 463 char *element, *element_name, *element_data; \ 464 int claimed; \ 465 \ 466 error = 0; \ 467 element = instring; \ --- 3508 unchanged lines hidden --- | 440} while (0) 441 442#define MAC_INTERNALIZE(type, label, instring) do { \ 443 char *element, *element_name, *element_data; \ 444 int claimed; \ 445 \ 446 error = 0; \ 447 element = instring; \ --- 3508 unchanged lines hidden --- |