1/*-
2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson
3 * Copyright (c) 2001, 2002, 2003 Networks Associates Technology, Inc.
4 * All rights reserved.
5 *
6 * This software was developed by Robert Watson for the TrustedBSD Project.
7 *
8 * This software was developed for the FreeBSD Project in part by Network
--- 17 unchanged lines hidden (view full) ---
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 * SUCH DAMAGE.
33 *
34 * $FreeBSD: head/sys/security/mac_biba/mac_biba.c 115707 2003-06-02 17:21:38Z rwatson $
35 */
36
37/*
38 * Developed by the TrustedBSD Project.
39 * Biba fixed label mandatory integrity policy.
40 */
41
42#include <sys/types.h>
--- 528 unchanged lines hidden (view full) ---
571
572 default:
573 panic("mac_biba_element_to_string: invalid type (%d)",
574 element->mbe_type);
575 }
576}
577
578/*
579 * mac_biba_to_string() converts an Biba label to a string, placing the
580 * results in the passed string buffer. It returns 0 on success,
581 * or EINVAL if there isn't room in the buffer. The size of the
582 * string appended, leaving out the nul termination, is returned to
583 * the caller via *caller_len. Eventually, we should expose the
584 * sbuf to the caller rather than using C strings at this layer.
585 */
586static int
587mac_biba_to_string(char *string, size_t size, size_t *caller_len,
588 struct mac_biba *mac_biba)
589{
590 struct sbuf sb;
591
592 sbuf_new(&sb, string, size, SBUF_FIXEDLEN);
593
594 if (mac_biba->mb_flags & MAC_BIBA_FLAG_SINGLE) {
595 if (mac_biba_element_to_string(&sb, &mac_biba->mb_single)
596 == -1)
597 return (EINVAL);
598 }
599
600 if (mac_biba->mb_flags & MAC_BIBA_FLAG_RANGE) {
601 if (sbuf_putc(&sb, '(') == -1)
602 return (EINVAL);
603
604 if (mac_biba_element_to_string(&sb, &mac_biba->mb_rangelow)
605 == -1)
606 return (EINVAL);
607
608 if (sbuf_putc(&sb, '-') == -1)
609 return (EINVAL);
610
611 if (mac_biba_element_to_string(&sb, &mac_biba->mb_rangehigh)
612 == -1)
613 return (EINVAL);
614
615 if (sbuf_putc(&sb, ')') == -1)
616 return (EINVAL);
617 }
618
619 sbuf_finish(&sb);
620 *caller_len = strlen(string);
621 return (0);
622}
623
624static int
625mac_biba_externalize_label(struct label *label, char *element_name,
626 char *element_data, size_t size, size_t *len, int *claimed)
627{
628 struct mac_biba *mac_biba;
629 int error;
630
631 if (strcmp(MAC_BIBA_LABEL_NAME, element_name) != 0)
632 return (0);
633
634 (*claimed)++;
635
636 mac_biba = SLOT(label);
637 error = mac_biba_to_string(element_data, size, len, mac_biba);
638 if (error)
639 return (error);
640
641 return (0);
642}
643
644static int
645mac_biba_parse_element(struct mac_biba_element *element, char *string)
646{
647 char *compartment, *end, *grade;
648 int value;
649
--- 2095 unchanged lines hidden ---
2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson
3 * Copyright (c) 2001, 2002, 2003 Networks Associates Technology, Inc.
4 * All rights reserved.
5 *
6 * This software was developed by Robert Watson for the TrustedBSD Project.
7 *
8 * This software was developed for the FreeBSD Project in part by Network
--- 17 unchanged lines hidden (view full) ---
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 * SUCH DAMAGE.
33 *
34 * $FreeBSD: head/sys/security/mac_biba/mac_biba.c 115707 2003-06-02 17:21:38Z rwatson $
35 */
36
37/*
38 * Developed by the TrustedBSD Project.
39 * Biba fixed label mandatory integrity policy.
40 */
41
42#include <sys/types.h>
--- 528 unchanged lines hidden (view full) ---
571
572 default:
573 panic("mac_biba_element_to_string: invalid type (%d)",
574 element->mbe_type);
575 }
576}
577
578/*
579 * mac_biba_to_string() converts an Biba label to a string, placing the
580 * results in the passed string buffer. It returns 0 on success,
581 * or EINVAL if there isn't room in the buffer. The size of the
582 * string appended, leaving out the nul termination, is returned to
583 * the caller via *caller_len. Eventually, we should expose the
584 * sbuf to the caller rather than using C strings at this layer.
585 */
586static int
587mac_biba_to_string(char *string, size_t size, size_t *caller_len,
588 struct mac_biba *mac_biba)
589{
590 struct sbuf sb;
591
592 sbuf_new(&sb, string, size, SBUF_FIXEDLEN);
593
594 if (mac_biba->mb_flags & MAC_BIBA_FLAG_SINGLE) {
595 if (mac_biba_element_to_string(&sb, &mac_biba->mb_single)
596 == -1)
597 return (EINVAL);
598 }
599
600 if (mac_biba->mb_flags & MAC_BIBA_FLAG_RANGE) {
601 if (sbuf_putc(&sb, '(') == -1)
602 return (EINVAL);
603
604 if (mac_biba_element_to_string(&sb, &mac_biba->mb_rangelow)
605 == -1)
606 return (EINVAL);
607
608 if (sbuf_putc(&sb, '-') == -1)
609 return (EINVAL);
610
611 if (mac_biba_element_to_string(&sb, &mac_biba->mb_rangehigh)
612 == -1)
613 return (EINVAL);
614
615 if (sbuf_putc(&sb, ')') == -1)
616 return (EINVAL);
617 }
618
619 sbuf_finish(&sb);
620 *caller_len = strlen(string);
621 return (0);
622}
623
624static int
625mac_biba_externalize_label(struct label *label, char *element_name,
626 char *element_data, size_t size, size_t *len, int *claimed)
627{
628 struct mac_biba *mac_biba;
629 int error;
630
631 if (strcmp(MAC_BIBA_LABEL_NAME, element_name) != 0)
632 return (0);
633
634 (*claimed)++;
635
636 mac_biba = SLOT(label);
637 error = mac_biba_to_string(element_data, size, len, mac_biba);
638 if (error)
639 return (error);
640
641 return (0);
642}
643
644static int
645mac_biba_parse_element(struct mac_biba_element *element, char *string)
646{
647 char *compartment, *end, *grade;
648 int value;
649
--- 2095 unchanged lines hidden ---