| mac_biba.c (113531) | mac_biba.c (115395) |
|---|---|
| 1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by Network --- 17 unchanged lines hidden (view full) --- 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * | 1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001, 2002 Networks Associates Technology, Inc. 4 * All rights reserved. 5 * 6 * This software was developed by Robert Watson for the TrustedBSD Project. 7 * 8 * This software was developed for the FreeBSD Project in part by Network --- 17 unchanged lines hidden (view full) --- 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. 33 * |
| 34 * $FreeBSD: head/sys/security/mac_biba/mac_biba.c 113531 2003-04-15 20:51:18Z rwatson $ | 34 * $FreeBSD: head/sys/security/mac_biba/mac_biba.c 115395 2003-05-29 22:51:52Z rwatson $ |
| 35 */ 36 37/* 38 * Developed by the TrustedBSD Project. 39 * Biba fixed label mandatory integrity policy. 40 */ 41 42#include <sys/types.h> --- 599 unchanged lines hidden (view full) --- 642 643 *len = strlen(element_data); 644 return (0); 645} 646 647static int 648mac_biba_parse_element(struct mac_biba_element *element, char *string) 649{ | 35 */ 36 37/* 38 * Developed by the TrustedBSD Project. 39 * Biba fixed label mandatory integrity policy. 40 */ 41 42#include <sys/types.h> --- 599 unchanged lines hidden (view full) --- 642 643 *len = strlen(element_data); 644 return (0); 645} 646 647static int 648mac_biba_parse_element(struct mac_biba_element *element, char *string) 649{ |
| 650 char *compartment, *end, *grade; 651 int value; |
|
| 650 651 if (strcmp(string, "high") == 0 || 652 strcmp(string, "hi") == 0) { 653 element->mbe_type = MAC_BIBA_TYPE_HIGH; 654 element->mbe_grade = MAC_BIBA_TYPE_UNDEF; 655 } else if (strcmp(string, "low") == 0 || 656 strcmp(string, "lo") == 0) { 657 element->mbe_type = MAC_BIBA_TYPE_LOW; 658 element->mbe_grade = MAC_BIBA_TYPE_UNDEF; 659 } else if (strcmp(string, "equal") == 0 || 660 strcmp(string, "eq") == 0) { 661 element->mbe_type = MAC_BIBA_TYPE_EQUAL; 662 element->mbe_grade = MAC_BIBA_TYPE_UNDEF; 663 } else { | 652 653 if (strcmp(string, "high") == 0 || 654 strcmp(string, "hi") == 0) { 655 element->mbe_type = MAC_BIBA_TYPE_HIGH; 656 element->mbe_grade = MAC_BIBA_TYPE_UNDEF; 657 } else if (strcmp(string, "low") == 0 || 658 strcmp(string, "lo") == 0) { 659 element->mbe_type = MAC_BIBA_TYPE_LOW; 660 element->mbe_grade = MAC_BIBA_TYPE_UNDEF; 661 } else if (strcmp(string, "equal") == 0 || 662 strcmp(string, "eq") == 0) { 663 element->mbe_type = MAC_BIBA_TYPE_EQUAL; 664 element->mbe_grade = MAC_BIBA_TYPE_UNDEF; 665 } else { |
| 664 char *p0, *p1; 665 int d; | 666 element->mbe_type = MAC_BIBA_TYPE_GRADE; |
| 666 | 667 |
| 667 p0 = string; 668 d = strtol(p0, &p1, 10); 669 670 if (d < 0 || d > 65535) | 668 /* 669 * Numeric grade piece of the element. 670 */ 671 grade = strsep(&string, ":"); 672 value = strtol(grade, &end, 10); 673 if (end == grade || *end != '\0') |
| 671 return (EINVAL); | 674 return (EINVAL); |
| 672 element->mbe_type = MAC_BIBA_TYPE_GRADE; 673 element->mbe_grade = d; | 675 if (value < 0 || value > 65535) 676 return (EINVAL); 677 element->mbe_grade = value; |
| 674 | 678 |
| 675 if (*p1 != ':') { 676 if (p1 == p0 || *p1 != '\0') 677 return (EINVAL); 678 else 679 return (0); 680 } 681 else 682 if (*(p1 + 1) == '\0') 683 return (0); | 679 /* 680 * Optional compartment piece of the element. If none 681 * are included, we assume that the label has no 682 * compartments. 683 */ 684 if (string == NULL) 685 return (0); 686 if (*string == '\0') 687 return (0); |
| 684 | 688 |
| 685 while ((p0 = ++p1)) { 686 d = strtol(p0, &p1, 10); 687 if (d < 1 || d > MAC_BIBA_MAX_COMPARTMENTS) | 689 while ((compartment = strsep(&string, "+")) != NULL) { 690 value = strtol(compartment, &end, 10); 691 if (compartment == end || *end != '\0') |
| 688 return (EINVAL); | 692 return (EINVAL); |
| 689 690 MAC_BIBA_BIT_SET(d, element->mbe_compartments); 691 692 if (*p1 == '\0') 693 break; 694 if (p1 == p0 || *p1 != '+') | 693 if (value < 1 || value > MAC_BIBA_MAX_COMPARTMENTS) |
| 695 return (EINVAL); | 694 return (EINVAL); |
| 695 MAC_BIBA_BIT_SET(value, element->mbe_compartments); |
|
| 696 } 697 } 698 699 return (0); 700} 701 702/* 703 * Note: destructively consumes the string, make a local copy before 704 * calling if that's a problem. 705 */ 706static int 707mac_biba_parse(struct mac_biba *mac_biba, char *string) 708{ | 696 } 697 } 698 699 return (0); 700} 701 702/* 703 * Note: destructively consumes the string, make a local copy before 704 * calling if that's a problem. 705 */ 706static int 707mac_biba_parse(struct mac_biba *mac_biba, char *string) 708{ |
| 709 char *range, *rangeend, *rangehigh, *rangelow, *single; | 709 char *rangehigh, *rangelow, *single; |
| 710 int error; 711 | 710 int error; 711 |
| 712 /* Do we have a range? */ 713 single = string; 714 range = index(string, '('); 715 if (range == single) | 712 single = strsep(&string, "("); 713 if (*single == '\0') |
| 716 single = NULL; | 714 single = NULL; |
| 717 rangelow = rangehigh = NULL; 718 if (range != NULL) { 719 /* Nul terminate the end of the single string. */ 720 *range = '\0'; 721 range++; 722 rangelow = range; 723 rangehigh = index(rangelow, '-'); 724 if (rangehigh == NULL) | 715 716 if (string != NULL) { 717 rangelow = strsep(&string, "-"); 718 if (string == NULL) |
| 725 return (EINVAL); | 719 return (EINVAL); |
| 726 rangehigh++; 727 if (*rangelow == '\0' || *rangehigh == '\0') | 720 rangehigh = strsep(&string, ")"); 721 if (string == NULL) |
| 728 return (EINVAL); | 722 return (EINVAL); |
| 729 rangeend = index(rangehigh, ')'); 730 if (rangeend == NULL) | 723 if (*string != '\0') |
| 731 return (EINVAL); | 724 return (EINVAL); |
| 732 if (*(rangeend + 1) != '\0') 733 return (EINVAL); 734 /* Nul terminate the ends of the ranges. */ 735 *(rangehigh - 1) = '\0'; 736 *rangeend = '\0'; | 725 } else { 726 rangelow = NULL; 727 rangehigh = NULL; |
| 737 } | 728 } |
| 729 |
|
| 738 KASSERT((rangelow != NULL && rangehigh != NULL) || 739 (rangelow == NULL && rangehigh == NULL), | 730 KASSERT((rangelow != NULL && rangehigh != NULL) || 731 (rangelow == NULL && rangehigh == NULL), |
| 740 ("mac_biba_internalize_label: range mismatch")); | 732 ("mac_biba_parse: range mismatch")); |
| 741 742 bzero(mac_biba, sizeof(*mac_biba)); 743 if (single != NULL) { 744 error = mac_biba_parse_element(&mac_biba->mb_single, single); 745 if (error) 746 return (error); 747 mac_biba->mb_flags |= MAC_BIBA_FLAG_SINGLE; 748 } --- 2006 unchanged lines hidden --- | 733 734 bzero(mac_biba, sizeof(*mac_biba)); 735 if (single != NULL) { 736 error = mac_biba_parse_element(&mac_biba->mb_single, single); 737 if (error) 738 return (error); 739 mac_biba->mb_flags |= MAC_BIBA_FLAG_SINGLE; 740 } --- 2006 unchanged lines hidden --- |