60 bsde_rule_to_string(struct mac_bsdextended_rule *rule, char *buf, size_t buflen)
65 	char *cur, type[sizeof(rule->mbr_object.mbo_type) * CHAR_BIT + 1];
78 	if (rule->mbr_subject.mbs_flags) {
79 		if (rule->mbr_subject.mbs_neg == MBS_ALL_FLAGS) {
90 		if (!notdone && (rule->mbr_subject.mbs_neg & MBO_UID_DEFINED)) {
97 		if (rule->mbr_subject.mbs_flags & MBO_UID_DEFINED) {
98 			pwd = getpwuid(rule->mbr_subject.mbs_uid_min);
108 				    rule->mbr_subject.mbs_uid_min);
114 			if (rule->mbr_subject.mbs_uid_min !=
115 			    rule->mbr_subject.mbs_uid_max) {
116 				pwd = getpwuid(rule->mbr_subject.mbs_uid_max);
126 					    rule->mbr_subject.mbs_uid_max);
140 		if (!notdone && (rule->mbr_subject.mbs_neg & MBO_GID_DEFINED)) {
147 		if (rule->mbr_subject.mbs_flags & MBO_GID_DEFINED) {
148 			grp = getgrgid(rule->mbr_subject.mbs_gid_min);
158 				    rule->mbr_subject.mbs_gid_min);
164 			if (rule->mbr_subject.mbs_gid_min !=
165 			    rule->mbr_subject.mbs_gid_max) {
166 				grp = getgrgid(rule->mbr_subject.mbs_gid_max);
176 					    rule->mbr_subject.mbs_gid_max);
190 		if (!notdone && (rule->mbr_subject.mbs_neg & MBS_PRISON_DEFINED)) {
197 		if (rule->mbr_subject.mbs_flags & MBS_PRISON_DEFINED) {
199 			    rule->mbr_subject.mbs_prison);
212 	if (rule->mbr_object.mbo_flags) {
213 		if (rule->mbr_object.mbo_neg == MBO_ALL_FLAGS) {
224 		if (!notdone && (rule->mbr_object.mbo_neg & MBO_UID_DEFINED)) {
231 		if (rule->mbr_object.mbo_flags & MBO_UID_DEFINED) {
232 			pwd = getpwuid(rule->mbr_object.mbo_uid_min);
242 				    rule->mbr_object.mbo_uid_min);
248 			if (rule->mbr_object.mbo_uid_min !=
249 			    rule->mbr_object.mbo_uid_max) {
250 				pwd = getpwuid(rule->mbr_object.mbo_uid_max);
260 					    rule->mbr_object.mbo_uid_max);
274 		if (!notdone && (rule->mbr_object.mbo_neg & MBO_GID_DEFINED)) {
281 		if (rule->mbr_object.mbo_flags & MBO_GID_DEFINED) {
282 			grp = getgrgid(rule->mbr_object.mbo_gid_min);
292 				    rule->mbr_object.mbo_gid_min);
298 			if (rule->mbr_object.mbo_gid_min !=
299 			    rule->mbr_object.mbo_gid_max) {
300 				grp = getgrgid(rule->mbr_object.mbo_gid_max);
310 					    rule->mbr_object.mbo_gid_max);
324 		if (!notdone && (rule->mbr_object.mbo_neg & MBO_FSID_DEFINED)) {
331 		if (rule->mbr_object.mbo_flags & MBO_FSID_DEFINED) {
334 				if (memcmp(&(rule->mbr_object.mbo_fsid),
345 		if (!notdone && (rule->mbr_object.mbo_neg & MBO_SUID)) {
352 		if (rule->mbr_object.mbo_flags & MBO_SUID) {
359 		if (!notdone && (rule->mbr_object.mbo_neg & MBO_SGID)) {
366 		if (rule->mbr_object.mbo_flags & MBO_SGID) {
373 		if (!notdone && (rule->mbr_object.mbo_neg & MBO_UID_SUBJECT)) {
380 		if (rule->mbr_object.mbo_flags & MBO_UID_SUBJECT) {
387 		if (!notdone && (rule->mbr_object.mbo_neg & MBO_GID_SUBJECT)) {
394 		if (rule->mbr_object.mbo_flags & MBO_GID_SUBJECT) {
401 		if (!notdone && (rule->mbr_object.mbo_neg & MBO_TYPE_DEFINED)) {
408 		if (rule->mbr_object.mbo_flags & MBO_TYPE_DEFINED) {
410 			if (rule->mbr_object.mbo_type & MBO_TYPE_REG)
412 			if (rule->mbr_object.mbo_type & MBO_TYPE_DIR)
414 			if (rule->mbr_object.mbo_type & MBO_TYPE_BLK)
416 			if (rule->mbr_object.mbo_type & MBO_TYPE_CHR)
418 			if (rule->mbr_object.mbo_type & MBO_TYPE_LNK)
420 			if (rule->mbr_object.mbo_type & MBO_TYPE_SOCK)
422 			if (rule->mbr_object.mbo_type & MBO_TYPE_FIFO)
424 			if (rule->mbr_object.mbo_type == MBO_ALL_TYPE) {
443 	anymode = (rule->mbr_mode & MBI_ALLPERM);
444 	unknownmode = (rule->mbr_mode & ~MBI_ALLPERM);
446 	if (rule->mbr_mode & MBI_ADMIN) {
454 	if (rule->mbr_mode & MBI_READ) {
462 	if (rule->mbr_mode & MBI_STAT) {
470 	if (rule->mbr_mode & MBI_WRITE) {
478 	if (rule->mbr_mode & MBI_EXEC) {
994 bsde_parse_rule(int argc, char *argv[], struct mac_bsdextended_rule *rule,
1003 	bzero(rule, sizeof(*rule));
1047 	    argv + subject_elements, &rule->mbr_subject, buflen, errstr);
1052 	    argv + object_elements, &rule->mbr_object, buflen, errstr);
1057 	    &rule->mbr_mode, buflen, errstr);
1065 bsde_parse_rule_string(const char *string, struct mac_bsdextended_rule *rule,
1083 	error = bsde_parse_rule(argc, argv, rule, buflen, errstr);
1177 bsde_get_rule(int rulenum, struct mac_bsdextended_rule *rule, size_t errlen,
1195 	size = sizeof(*rule);
1198 	error = sysctl(name, len, rule, &size, NULL, 0);
1205 	} else if (size != sizeof(*rule)) {
1217 	struct mac_bsdextended_rule rule;
1236 	size = sizeof(rule);
1237 	error = sysctl(name, len, NULL, NULL, &rule, 0);
1248 bsde_set_rule(int rulenum, struct mac_bsdextended_rule *rule, size_t buflen,
1269 	size = sizeof(*rule);
1270 	error = sysctl(name, len, NULL, NULL, rule, size);
1281 bsde_add_rule(int *rulenum, struct mac_bsdextended_rule *rule, size_t buflen,
1302 		len = snprintf(errstr, buflen, "unable to get rule slots: %s",
1310 	size = sizeof(*rule);
1311 	error = sysctl(name, len, NULL, NULL, rule, size);

Indexes created Wed Jul 03 21:38:27 MDT 2024