1/*- 2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson 3 * Copyright (c) 2001 Ilmar S. Habibulin 4 * Copyright (c) 2001, 2002, 2003 Networks Associates Technology, Inc. 5 * All rights reserved. 6 * 7 * This software was developed by Robert Watson and Ilmar Habibulin for the 8 * TrustedBSD Project. --- 26 unchanged lines hidden (view full) --- 35 */ 36 37/* 38 * Framework for extensible kernel access control. Kernel and userland 39 * interface to the framework, policy registration and composition. 40 */ 41 42#include <sys/cdefs.h> |
43__FBSDID("$FreeBSD: head/sys/security/mac/mac_net.c 116701 2003-06-23 01:26:34Z rwatson $"); |
44 45#include "opt_mac.h" 46#include "opt_devfs.h" 47 48#include <sys/param.h> 49#include <sys/condvar.h> 50#include <sys/extattr.h> 51#include <sys/imgact.h> 52#include <sys/kernel.h> 53#include <sys/lock.h> 54#include <sys/malloc.h> 55#include <sys/mutex.h> 56#include <sys/mac.h> 57#include <sys/module.h> 58#include <sys/proc.h> |
59#include <sys/sbuf.h> |
60#include <sys/systm.h> 61#include <sys/sysproto.h> 62#include <sys/sysent.h> 63#include <sys/vnode.h> 64#include <sys/mount.h> 65#include <sys/file.h> 66#include <sys/namei.h> 67#include <sys/socket.h> --- 326 unchanged lines hidden (view full) --- 394 (args); \ 395 } \ 396 mac_policy_list_unbusy(); \ 397 } \ 398} while (0) 399 400#define MAC_EXTERNALIZE(type, label, elementlist, outbuf, \ 401 outbuflen) do { \ |
402 int claimed, first, ignorenotfound, savedlen; \ 403 char *element_name, *element_temp; \ 404 struct sbuf sb; \ |
405 \ 406 error = 0; \ |
407 first = 1; \ |
408 sbuf_new(&sb, outbuf, outbuflen, SBUF_FIXEDLEN); \ 409 element_temp = elementlist; \ |
410 while ((element_name = strsep(&element_temp, ",")) != NULL) { \ |
411 if (element_name[0] == '?') { \ 412 element_name++; \ 413 ignorenotfound = 1; \ |
414 } else \ |
415 ignorenotfound = 0; \ |
416 savedlen = sbuf_len(&sb); \ |
417 if (first) { \ |
418 error = sbuf_printf(&sb, "%s/", element_name); \ |
419 first = 0; \ 420 } else \ |
421 error = sbuf_printf(&sb, ",%s/", element_name); \ 422 if (error == -1) { \ 423 error = EINVAL; /* XXX: E2BIG? */ \ |
424 break; \ 425 } \ |
426 claimed = 0; \ |
427 MAC_CHECK(externalize_ ## type, label, element_name, \ |
428 &sb, &claimed); \ |
429 if (error) \ 430 break; \ |
431 if (claimed == 0 && ignorenotfound) { \ 432 /* Revert last label name. */ \ 433 sbuf_setpos(&sb, savedlen); \ 434 } else if (claimed != 1) { \ 435 error = EINVAL; /* XXX: ENOLABEL? */ \ |
436 break; \ 437 } \ 438 } \ |
439 sbuf_finish(&sb); \ |
440} while (0) 441 442#define MAC_INTERNALIZE(type, label, instring) do { \ 443 char *element, *element_name, *element_data; \ 444 int claimed; \ 445 \ 446 error = 0; \ 447 element = instring; \ --- 3508 unchanged lines hidden --- |