#!/bin/sh
#
# $FreeBSD: head/etc/rc.d/ugidfw 144515 2005-04-02 00:01:03Z trhodes $

# PROVIDE: ugidfw
# REQUIRE:
# BEFORE: LOGIN
# KEYWORD: nojail

. /etc/rc.subr

name="ugidfw"
rcvar="ugidfw_enable"
start_cmd="ugidfw_start"
start_precmd="ugidfw_precmd"
stop_cmd="ugidfw_stop"

ugidfw_load()
{
	if [ -r "${bsdextended_script}" ]; then
		. "${bsdextended_script}"
		echo -n " ${_bsdextended_profile}"
	fi
}

ugidfw_precmd()
{
	if ! sysctl security.mac.bsdextended
          then kldload mac_bsdextended
	    if [ "$?" -ne "0" ]
	      then warn Unable to load the mac_bsdextended module.
	      return 1
	else
	  return 0
	  fi
	fi
	return 0
}

ugidfw_start()
{
	# check for existing profiles and set the default policy script 
	# if none was specified
	[ -z "${bsdextended_profiles}" ] && {
	  bsdextended_profiles=default
	  [ -z "${bsdextended_script}" ] && bsdextended_script=/etc/rc.bsdextended
	  bsdextended_default_script=/etc/rc.bsdextended
	}

	echo -n "Loading MAC bsdextended rules:" 
	for _bsdextended_profile in ${bsdextended_profiles}; do
	  eval bsdextended_script=\"\$bsdextended_${_bsdextended_profile}_script\"
	  ugidfw_load
	done
	echo '.'
}

ugidfw_stop()
{
	# Disable the policy
	#
	kldunload mac_bsdextended
}

load_rc_config $name
run_rc_command "$1"