62 bsde_rule_to_string(struct mac_bsdextended_rule *rule, char *buf, size_t buflen)
67 	char *cur, type[sizeof(rule->mbr_object.mbo_type) * CHAR_BIT + 1];
79 	if (rule->mbr_subject.mbs_flags) {
80 		if (rule->mbr_subject.mbs_neg == MBS_ALL_FLAGS) {
91 		if (!notdone && (rule->mbr_subject.mbs_neg & MBO_UID_DEFINED)) {
98 		if (rule->mbr_subject.mbs_flags & MBO_UID_DEFINED) {
99 			pwd = getpwuid(rule->mbr_subject.mbs_uid_min);
109 				    rule->mbr_subject.mbs_uid_min);
115 			if (rule->mbr_subject.mbs_uid_min !=
116 			    rule->mbr_subject.mbs_uid_max) {
117 				pwd = getpwuid(rule->mbr_subject.mbs_uid_max);
127 					    rule->mbr_subject.mbs_uid_max);
141 		if (!notdone && (rule->mbr_subject.mbs_neg & MBO_GID_DEFINED)) {
148 		if (rule->mbr_subject.mbs_flags & MBO_GID_DEFINED) {
149 			grp = getgrgid(rule->mbr_subject.mbs_gid_min);
159 				    rule->mbr_subject.mbs_gid_min);
165 			if (rule->mbr_subject.mbs_gid_min !=
166 			    rule->mbr_subject.mbs_gid_max) {
167 				grp = getgrgid(rule->mbr_subject.mbs_gid_max);
177 					    rule->mbr_subject.mbs_gid_max);
191 		if (!notdone && (rule->mbr_subject.mbs_neg & MBS_PRISON_DEFINED)) {
198 		if (rule->mbr_subject.mbs_flags & MBS_PRISON_DEFINED) {
200 			    rule->mbr_subject.mbs_prison);
213 	if (rule->mbr_object.mbo_flags) {
214 		if (rule->mbr_object.mbo_neg == MBO_ALL_FLAGS) {
225 		if (!notdone && (rule->mbr_object.mbo_neg & MBO_UID_DEFINED)) {
232 		if (rule->mbr_object.mbo_flags & MBO_UID_DEFINED) {
233 			pwd = getpwuid(rule->mbr_object.mbo_uid_min);
243 				    rule->mbr_object.mbo_uid_min);
249 			if (rule->mbr_object.mbo_uid_min !=
250 			    rule->mbr_object.mbo_uid_max) {
251 				pwd = getpwuid(rule->mbr_object.mbo_uid_max);
261 					    rule->mbr_object.mbo_uid_max);
275 		if (!notdone && (rule->mbr_object.mbo_neg & MBO_GID_DEFINED)) {
282 		if (rule->mbr_object.mbo_flags & MBO_GID_DEFINED) {
283 			grp = getgrgid(rule->mbr_object.mbo_gid_min);
293 				    rule->mbr_object.mbo_gid_min);
299 			if (rule->mbr_object.mbo_gid_min !=
300 			    rule->mbr_object.mbo_gid_max) {
301 				grp = getgrgid(rule->mbr_object.mbo_gid_max);
311 					    rule->mbr_object.mbo_gid_max);
325 		if (!notdone && (rule->mbr_object.mbo_neg & MBO_FSID_DEFINED)) {
332 		if (rule->mbr_object.mbo_flags & MBO_FSID_DEFINED) {
335 				if (fsidcmp(&rule->mbr_object.mbo_fsid,
345 		if (!notdone && (rule->mbr_object.mbo_neg & MBO_SUID)) {
352 		if (rule->mbr_object.mbo_flags & MBO_SUID) {
359 		if (!notdone && (rule->mbr_object.mbo_neg & MBO_SGID)) {
366 		if (rule->mbr_object.mbo_flags & MBO_SGID) {
373 		if (!notdone && (rule->mbr_object.mbo_neg & MBO_UID_SUBJECT)) {
380 		if (rule->mbr_object.mbo_flags & MBO_UID_SUBJECT) {
387 		if (!notdone && (rule->mbr_object.mbo_neg & MBO_GID_SUBJECT)) {
394 		if (rule->mbr_object.mbo_flags & MBO_GID_SUBJECT) {
401 		if (!notdone && (rule->mbr_object.mbo_neg & MBO_TYPE_DEFINED)) {
408 		if (rule->mbr_object.mbo_flags & MBO_TYPE_DEFINED) {
410 			if (rule->mbr_object.mbo_type & MBO_TYPE_REG)
412 			if (rule->mbr_object.mbo_type & MBO_TYPE_DIR)
414 			if (rule->mbr_object.mbo_type & MBO_TYPE_BLK)
416 			if (rule->mbr_object.mbo_type & MBO_TYPE_CHR)
418 			if (rule->mbr_object.mbo_type & MBO_TYPE_LNK)
420 			if (rule->mbr_object.mbo_type & MBO_TYPE_SOCK)
422 			if (rule->mbr_object.mbo_type & MBO_TYPE_FIFO)
424 			if (rule->mbr_object.mbo_type == MBO_ALL_TYPE) {
443 	anymode = (rule->mbr_mode & MBI_ALLPERM);
444 	unknownmode = (rule->mbr_mode & ~MBI_ALLPERM);
446 	if (rule->mbr_mode & MBI_ADMIN) {
454 	if (rule->mbr_mode & MBI_READ) {
462 	if (rule->mbr_mode & MBI_STAT) {
470 	if (rule->mbr_mode & MBI_WRITE) {
478 	if (rule->mbr_mode & MBI_EXEC) {
1008 bsde_parse_rule(int argc, char *argv[], struct mac_bsdextended_rule *rule,
1016 	bzero(rule, sizeof(*rule));
1060 	    argv + subject_elements, &rule->mbr_subject, buflen, errstr);
1065 	    argv + object_elements, &rule->mbr_object, buflen, errstr);
1070 	    &rule->mbr_mode, buflen, errstr);
1078 bsde_parse_rule_string(const char *string, struct mac_bsdextended_rule *rule,
1096 	error = bsde_parse_rule(argc, argv, rule, buflen, errstr);
1189 bsde_get_rule(int rulenum, struct mac_bsdextended_rule *rule, size_t errlen,
1207 	size = sizeof(*rule);
1210 	error = sysctl(name, len, rule, &size, NULL, 0);
1217 	} else if (size != sizeof(*rule)) {
1229 	struct mac_bsdextended_rule rule;
1248 	error = sysctl(name, len, NULL, NULL, &rule, 0);
1259 bsde_set_rule(int rulenum, struct mac_bsdextended_rule *rule, size_t buflen,
1280 	error = sysctl(name, len, NULL, NULL, rule, sizeof(*rule));
1291 bsde_add_rule(int *rulenum, struct mac_bsdextended_rule *rule, size_t buflen,
1312 		snprintf(errstr, buflen, "unable to get rule slots: %s",
1320 	error = sysctl(name, len, NULL, NULL, rule, sizeof(*rule));

Indexes created Thu Jun 20 12:38:36 MDT 2024