mac_biba.c (115707) | mac_biba.c (116701) |
---|---|
1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001, 2002, 2003 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by Network --- 17 unchanged lines hidden (view full) --- 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * | 1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001, 2002, 2003 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by Network --- 17 unchanged lines hidden (view full) --- 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * |
34 * $FreeBSD: head/sys/security/mac_biba/mac_biba.c 115707 2003-06-02 17:21:38Z rwatson $ | 34 * $FreeBSD: head/sys/security/mac_biba/mac_biba.c 116701 2003-06-23 01:26:34Z rwatson $ |
35 */ 36 37/* 38 * Developed by the TrustedBSD Project. 39 * Biba fixed label mandatory integrity policy. 40 */ 41 42#include <sys/types.h> --- 528 unchanged lines hidden (view full) --- 571 572 default: 573 panic("mac_biba_element_to_string: invalid type (%d)", 574 element->mbe_type); 575 } 576} 577 578/* | 35 */ 36 37/* 38 * Developed by the TrustedBSD Project. 39 * Biba fixed label mandatory integrity policy. 40 */ 41 42#include <sys/types.h> --- 528 unchanged lines hidden (view full) --- 571 572 default: 573 panic("mac_biba_element_to_string: invalid type (%d)", 574 element->mbe_type); 575 } 576} 577 578/* |
579 * mac_biba_to_string() converts an Biba label to a string, placing the 580 * results in the passed string buffer. It returns 0 on success, 581 * or EINVAL if there isn't room in the buffer. The size of the 582 * string appended, leaving out the nul termination, is returned to 583 * the caller via *caller_len. Eventually, we should expose the 584 * sbuf to the caller rather than using C strings at this layer. | 579 * mac_biba_to_string() converts a Biba label to a string, and places 580 * the results in the passed sbuf. It returns 0 on success, or EINVAL 581 * if there isn't room in the sbuf. Note: the sbuf will be modified 582 * even in a failure case, so the caller may need to revert the sbuf 583 * by restoring the offset if that's undesired. |
585 */ 586static int | 584 */ 585static int |
587mac_biba_to_string(char *string, size_t size, size_t *caller_len, 588 struct mac_biba *mac_biba) | 586mac_biba_to_string(struct sbuf *sb, struct mac_biba *mac_biba) |
589{ | 587{ |
590 struct sbuf sb; | |
591 | 588 |
592 sbuf_new(&sb, string, size, SBUF_FIXEDLEN); 593 | |
594 if (mac_biba->mb_flags & MAC_BIBA_FLAG_SINGLE) { | 589 if (mac_biba->mb_flags & MAC_BIBA_FLAG_SINGLE) { |
595 if (mac_biba_element_to_string(&sb, &mac_biba->mb_single) | 590 if (mac_biba_element_to_string(sb, &mac_biba->mb_single) |
596 == -1) 597 return (EINVAL); 598 } 599 600 if (mac_biba->mb_flags & MAC_BIBA_FLAG_RANGE) { | 591 == -1) 592 return (EINVAL); 593 } 594 595 if (mac_biba->mb_flags & MAC_BIBA_FLAG_RANGE) { |
601 if (sbuf_putc(&sb, '(') == -1) | 596 if (sbuf_putc(sb, '(') == -1) |
602 return (EINVAL); 603 | 597 return (EINVAL); 598 |
604 if (mac_biba_element_to_string(&sb, &mac_biba->mb_rangelow) | 599 if (mac_biba_element_to_string(sb, &mac_biba->mb_rangelow) |
605 == -1) 606 return (EINVAL); 607 | 600 == -1) 601 return (EINVAL); 602 |
608 if (sbuf_putc(&sb, '-') == -1) | 603 if (sbuf_putc(sb, '-') == -1) |
609 return (EINVAL); 610 | 604 return (EINVAL); 605 |
611 if (mac_biba_element_to_string(&sb, &mac_biba->mb_rangehigh) | 606 if (mac_biba_element_to_string(sb, &mac_biba->mb_rangehigh) |
612 == -1) 613 return (EINVAL); 614 | 607 == -1) 608 return (EINVAL); 609 |
615 if (sbuf_putc(&sb, ')') == -1) | 610 if (sbuf_putc(sb, ')') == -1) |
616 return (EINVAL); 617 } 618 | 611 return (EINVAL); 612 } 613 |
619 sbuf_finish(&sb); 620 *caller_len = strlen(string); | |
621 return (0); 622} 623 624static int 625mac_biba_externalize_label(struct label *label, char *element_name, | 614 return (0); 615} 616 617static int 618mac_biba_externalize_label(struct label *label, char *element_name, |
626 char *element_data, size_t size, size_t *len, int *claimed) | 619 struct sbuf *sb, int *claimed) |
627{ 628 struct mac_biba *mac_biba; | 620{ 621 struct mac_biba *mac_biba; |
629 int error; | |
630 631 if (strcmp(MAC_BIBA_LABEL_NAME, element_name) != 0) 632 return (0); 633 634 (*claimed)++; 635 636 mac_biba = SLOT(label); | 622 623 if (strcmp(MAC_BIBA_LABEL_NAME, element_name) != 0) 624 return (0); 625 626 (*claimed)++; 627 628 mac_biba = SLOT(label); |
637 error = mac_biba_to_string(element_data, size, len, mac_biba); 638 if (error) 639 return (error); 640 641 return (0); | 629 return (mac_biba_to_string(sb, mac_biba)); |
642} 643 644static int 645mac_biba_parse_element(struct mac_biba_element *element, char *string) 646{ 647 char *compartment, *end, *grade; 648 int value; 649 --- 2095 unchanged lines hidden --- | 630} 631 632static int 633mac_biba_parse_element(struct mac_biba_element *element, char *string) 634{ 635 char *compartment, *end, *grade; 636 int value; 637 --- 2095 unchanged lines hidden --- |