1/*-
2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson
3 * Copyright (c) 2001 Ilmar S. Habibulin
4 * Copyright (c) 2001, 2002, 2003 Networks Associates Technology, Inc.
5 * All rights reserved.
6 *
7 * This software was developed by Robert Watson and Ilmar Habibulin for the
8 * TrustedBSD Project.
--- 26 unchanged lines hidden (view full) ---
35 */
36
37/*
38 * Framework for extensible kernel access control. Kernel and userland
39 * interface to the framework, policy registration and composition.
40 */
41
42#include <sys/cdefs.h>
43__FBSDID("$FreeBSD: head/sys/security/mac/mac_syscalls.c 116701 2003-06-23 01:26:34Z rwatson $");
44
45#include "opt_mac.h"
46#include "opt_devfs.h"
47
48#include <sys/param.h>
49#include <sys/condvar.h>
50#include <sys/extattr.h>
51#include <sys/imgact.h>
52#include <sys/kernel.h>
53#include <sys/lock.h>
54#include <sys/malloc.h>
55#include <sys/mutex.h>
56#include <sys/mac.h>
57#include <sys/module.h>
58#include <sys/proc.h>
59#include <sys/sbuf.h>
60#include <sys/systm.h>
61#include <sys/sysproto.h>
62#include <sys/sysent.h>
63#include <sys/vnode.h>
64#include <sys/mount.h>
65#include <sys/file.h>
66#include <sys/namei.h>
67#include <sys/socket.h>
--- 326 unchanged lines hidden (view full) ---
394 (args); \
395 } \
396 mac_policy_list_unbusy(); \
397 } \
398} while (0)
399
400#define MAC_EXTERNALIZE(type, label, elementlist, outbuf, \
401 outbuflen) do { \
402 int claimed, first, ignorenotfound, savedlen; \
403 char *element_name, *element_temp; \
404 struct sbuf sb; \
405 \
406 error = 0; \
407 first = 1; \
408 sbuf_new(&sb, outbuf, outbuflen, SBUF_FIXEDLEN); \
409 element_temp = elementlist; \
410 while ((element_name = strsep(&element_temp, ",")) != NULL) { \
411 if (element_name[0] == '?') { \
412 element_name++; \
413 ignorenotfound = 1; \
414 } else \
415 ignorenotfound = 0; \
416 savedlen = sbuf_len(&sb); \
417 if (first) { \
418 error = sbuf_printf(&sb, "%s/", element_name); \
419 first = 0; \
420 } else \
421 error = sbuf_printf(&sb, ",%s/", element_name); \
422 if (error == -1) { \
423 error = EINVAL; /* XXX: E2BIG? */ \
424 break; \
425 } \
426 claimed = 0; \
427 MAC_CHECK(externalize_ ## type, label, element_name, \
428 &sb, &claimed); \
429 if (error) \
430 break; \
431 if (claimed == 0 && ignorenotfound) { \
432 /* Revert last label name. */ \
433 sbuf_setpos(&sb, savedlen); \
434 } else if (claimed != 1) { \
435 error = EINVAL; /* XXX: ENOLABEL? */ \
436 break; \
437 } \
438 } \
439 sbuf_finish(&sb); \
440} while (0)
441
442#define MAC_INTERNALIZE(type, label, instring) do { \
443 char *element, *element_name, *element_data; \
444 int claimed; \
445 \
446 error = 0; \
447 element = instring; \
--- 3508 unchanged lines hidden ---
2 * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson
3 * Copyright (c) 2001 Ilmar S. Habibulin
4 * Copyright (c) 2001, 2002, 2003 Networks Associates Technology, Inc.
5 * All rights reserved.
6 *
7 * This software was developed by Robert Watson and Ilmar Habibulin for the
8 * TrustedBSD Project.
--- 26 unchanged lines hidden (view full) ---
35 */
36
37/*
38 * Framework for extensible kernel access control. Kernel and userland
39 * interface to the framework, policy registration and composition.
40 */
41
42#include <sys/cdefs.h>
43__FBSDID("$FreeBSD: head/sys/security/mac/mac_syscalls.c 116701 2003-06-23 01:26:34Z rwatson $");
44
45#include "opt_mac.h"
46#include "opt_devfs.h"
47
48#include <sys/param.h>
49#include <sys/condvar.h>
50#include <sys/extattr.h>
51#include <sys/imgact.h>
52#include <sys/kernel.h>
53#include <sys/lock.h>
54#include <sys/malloc.h>
55#include <sys/mutex.h>
56#include <sys/mac.h>
57#include <sys/module.h>
58#include <sys/proc.h>
59#include <sys/sbuf.h>
60#include <sys/systm.h>
61#include <sys/sysproto.h>
62#include <sys/sysent.h>
63#include <sys/vnode.h>
64#include <sys/mount.h>
65#include <sys/file.h>
66#include <sys/namei.h>
67#include <sys/socket.h>
--- 326 unchanged lines hidden (view full) ---
394 (args); \
395 } \
396 mac_policy_list_unbusy(); \
397 } \
398} while (0)
399
400#define MAC_EXTERNALIZE(type, label, elementlist, outbuf, \
401 outbuflen) do { \
402 int claimed, first, ignorenotfound, savedlen; \
403 char *element_name, *element_temp; \
404 struct sbuf sb; \
405 \
406 error = 0; \
407 first = 1; \
408 sbuf_new(&sb, outbuf, outbuflen, SBUF_FIXEDLEN); \
409 element_temp = elementlist; \
410 while ((element_name = strsep(&element_temp, ",")) != NULL) { \
411 if (element_name[0] == '?') { \
412 element_name++; \
413 ignorenotfound = 1; \
414 } else \
415 ignorenotfound = 0; \
416 savedlen = sbuf_len(&sb); \
417 if (first) { \
418 error = sbuf_printf(&sb, "%s/", element_name); \
419 first = 0; \
420 } else \
421 error = sbuf_printf(&sb, ",%s/", element_name); \
422 if (error == -1) { \
423 error = EINVAL; /* XXX: E2BIG? */ \
424 break; \
425 } \
426 claimed = 0; \
427 MAC_CHECK(externalize_ ## type, label, element_name, \
428 &sb, &claimed); \
429 if (error) \
430 break; \
431 if (claimed == 0 && ignorenotfound) { \
432 /* Revert last label name. */ \
433 sbuf_setpos(&sb, savedlen); \
434 } else if (claimed != 1) { \
435 error = EINVAL; /* XXX: ENOLABEL? */ \
436 break; \
437 } \
438 } \
439 sbuf_finish(&sb); \
440} while (0)
441
442#define MAC_INTERNALIZE(type, label, instring) do { \
443 char *element, *element_name, *element_data; \
444 int claimed; \
445 \
446 error = 0; \
447 element = instring; \
--- 3508 unchanged lines hidden ---