Deleted Added
sdiff udiff text old ( 115707 ) new ( 116701 )
full compact
mac_mls.c (115707) mac_mls.c (116701)
1/*-
2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson
3 * Copyright (c) 2001, 2002, 2003 Networks Associates Technology, Inc.
4 * All rights reserved.
5 *
6 * This software was developed by Robert Watson for the TrustedBSD Project.
7 *
8 * This software was developed for the FreeBSD Project in part by Network

--- 17 unchanged lines hidden (view full) ---

26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 * SUCH DAMAGE.
33 *
1/*-
2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson
3 * Copyright (c) 2001, 2002, 2003 Networks Associates Technology, Inc.
4 * All rights reserved.
5 *
6 * This software was developed by Robert Watson for the TrustedBSD Project.
7 *
8 * This software was developed for the FreeBSD Project in part by Network

--- 17 unchanged lines hidden (view full) ---

26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 * SUCH DAMAGE.
33 *
34 * $FreeBSD: head/sys/security/mac_mls/mac_mls.c 115707 2003-06-02 17:21:38Z rwatson $
34 * $FreeBSD: head/sys/security/mac_mls/mac_mls.c 116701 2003-06-23 01:26:34Z rwatson $
35 */
36
37/*
38 * Developed by the TrustedBSD Project.
39 * MLS fixed label mandatory confidentiality policy.
40 */
41
42#include <sys/types.h>

--- 493 unchanged lines hidden (view full) ---

536
537 default:
538 panic("mac_mls_element_to_string: invalid type (%d)",
539 element->mme_type);
540 }
541}
542
543/*
35 */
36
37/*
38 * Developed by the TrustedBSD Project.
39 * MLS fixed label mandatory confidentiality policy.
40 */
41
42#include <sys/types.h>

--- 493 unchanged lines hidden (view full) ---

536
537 default:
538 panic("mac_mls_element_to_string: invalid type (%d)",
539 element->mme_type);
540 }
541}
542
543/*
544 * mac_mls_to_string() converts an MLS label to a string, placing the
545 * results in the passed string buffer. It returns 0 on success,
546 * or EINVAL if there isn't room in the buffer. The size of the
547 * string appended, leaving out the nul termination, is returned to
548 * the caller via *caller_len. Eventually, we should expose the
549 * sbuf to the caller rather than using C strings at this layer.
544 * mac_mls_to_string() converts an MLS label to a string, and places
545 * the results in the passed sbuf. It returns 0 on success, or EINVAL
546 * if there isn't room in the sbuf. Note: the sbuf will be modified
547 * even in a failure case, so the caller may need to revert the sbuf
548 * by restoring the offset if that's undesired.
550 */
551static int
549 */
550static int
552mac_mls_to_string(char *string, size_t size, size_t *caller_len,
553 struct mac_mls *mac_mls)
551mac_mls_to_string(struct sbuf *sb, struct mac_mls *mac_mls)
554{
552{
555 struct sbuf sb;
556
553
557 sbuf_new(&sb, string, size, SBUF_FIXEDLEN);
558
559 if (mac_mls->mm_flags & MAC_MLS_FLAG_SINGLE) {
554 if (mac_mls->mm_flags & MAC_MLS_FLAG_SINGLE) {
560 if (mac_mls_element_to_string(&sb, &mac_mls->mm_single)
555 if (mac_mls_element_to_string(sb, &mac_mls->mm_single)
561 == -1)
562 return (EINVAL);
563 }
564
565 if (mac_mls->mm_flags & MAC_MLS_FLAG_RANGE) {
556 == -1)
557 return (EINVAL);
558 }
559
560 if (mac_mls->mm_flags & MAC_MLS_FLAG_RANGE) {
566 if (sbuf_putc(&sb, '(') == -1)
561 if (sbuf_putc(sb, '(') == -1)
567 return (EINVAL);
568
562 return (EINVAL);
563
569 if (mac_mls_element_to_string(&sb, &mac_mls->mm_rangelow)
564 if (mac_mls_element_to_string(sb, &mac_mls->mm_rangelow)
570 == -1)
571 return (EINVAL);
572
565 == -1)
566 return (EINVAL);
567
573 if (sbuf_putc(&sb, '-') == -1)
568 if (sbuf_putc(sb, '-') == -1)
574 return (EINVAL);
575
569 return (EINVAL);
570
576 if (mac_mls_element_to_string(&sb, &mac_mls->mm_rangehigh)
571 if (mac_mls_element_to_string(sb, &mac_mls->mm_rangehigh)
577 == -1)
578 return (EINVAL);
579
572 == -1)
573 return (EINVAL);
574
580 if (sbuf_putc(&sb, ')') == -1)
575 if (sbuf_putc(sb, ')') == -1)
581 return (EINVAL);
582 }
583
576 return (EINVAL);
577 }
578
584 sbuf_finish(&sb);
585 *caller_len = strlen(string);
586 return (0);
587}
588
589static int
590mac_mls_externalize_label(struct label *label, char *element_name,
579 return (0);
580}
581
582static int
583mac_mls_externalize_label(struct label *label, char *element_name,
591 char *element_data, size_t size, size_t *len, int *claimed)
584 struct sbuf *sb, int *claimed)
592{
593 struct mac_mls *mac_mls;
585{
586 struct mac_mls *mac_mls;
594 int error;
595
596 if (strcmp(MAC_MLS_LABEL_NAME, element_name) != 0)
597 return (0);
598
599 (*claimed)++;
600
601 mac_mls = SLOT(label);
602
587
588 if (strcmp(MAC_MLS_LABEL_NAME, element_name) != 0)
589 return (0);
590
591 (*claimed)++;
592
593 mac_mls = SLOT(label);
594
603 error = mac_mls_to_string(element_data, size, len, mac_mls);
604 if (error)
605 return (error);
606
607 return (0);
595 return (mac_mls_to_string(sb, mac_mls));
608}
609
610static int
611mac_mls_parse_element(struct mac_mls_element *element, char *string)
612{
613 char *compartment, *end, *level;
614 int value;
615

--- 1885 unchanged lines hidden --- 		596}
597
598static int
599mac_mls_parse_element(struct mac_mls_element *element, char *string)
600{
601 char *compartment, *end, *level;
602 int value;
603

--- 1885 unchanged lines hidden ---