From owner-trustedbsd-cvs@FreeBSD.ORG Thu Nov 16 19:13:54 2006 Return-Path: X-Original-To: trustedbsd-cvs@freebsd.org Delivered-To: trustedbsd-cvs@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 80A9D16A4B3 for ; Thu, 16 Nov 2006 19:13:54 +0000 (UTC) (envelope-from owner-perforce@freebsd.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 558ED43D45 for ; Thu, 16 Nov 2006 19:13:52 +0000 (GMT) (envelope-from owner-perforce@freebsd.org) Received: from mx2.freebsd.org (mx2.freebsd.org [216.136.204.119]) by cyrus.watson.org (Postfix) with ESMTP id 51F7C46D96 for ; Thu, 16 Nov 2006 14:13:50 -0500 (EST) Received: from hub.freebsd.org (hub.freebsd.org [216.136.204.18]) by mx2.freebsd.org (Postfix) with ESMTP id 5541B53B62; Thu, 16 Nov 2006 19:12:39 +0000 (GMT) (envelope-from owner-perforce@freebsd.org) Received: by hub.freebsd.org (Postfix, from userid 32767) id B4DAD16A52F; Thu, 16 Nov 2006 19:12:34 +0000 (UTC) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 761FB16A4AB for ; Thu, 16 Nov 2006 19:12:34 +0000 (UTC) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1C52F43D82 for ; Thu, 16 Nov 2006 19:12:32 +0000 (GMT) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id kAGJCVao065871 for ; Thu, 16 Nov 2006 19:12:31 GMT (envelope-from millert@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.6/8.13.4/Submit) id kAGJCV7s065868 for perforce@freebsd.org; Thu, 16 Nov 2006 19:12:31 GMT (envelope-from millert@freebsd.org) Date: Thu, 16 Nov 2006 19:12:31 GMT Message-Id: <200611161912.kAGJCV7s065868@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to millert@freebsd.org using -f From: Todd Miller To: Perforce Change Reviews Cc: Subject: PERFORCE change 110121 for review X-BeenThere: trustedbsd-cvs@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD CVS and Perforce commit message list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Nov 2006 19:13:54 -0000 http://perforce.freebsd.org/chv.cgi?CH=110121 Change 110121 by millert@millert_macbook on 2006/11/16 19:12:14 If a policy registers a label namespace that starts with '?', exclude it from the default label list return by '*' during externalize. Affected files ... .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_base.c#22 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_base.c#22 (text+ko) ==== @@ -479,7 +479,7 @@ struct mac_label_element *mle, **new_mles; struct mac_label_element_list_t *list; struct mac_policy_conf *mpc; - const char *name; + const char *name, *name2; u_int idx, mle_free, mll_free; mpc = mac_get_mpc(handle); @@ -520,25 +520,29 @@ mac_policy_grab_exclusive(); for (idx = 0; idx < mpc->mpc_labelname_count; idx++) { - name = mpc->mpc_labelnames[idx]; - + if (*(name = mpc->mpc_labelnames[idx]) == '?') + name++; /* * Check both label element lists and add to the * appropriate list only if not already on a list. */ LIST_FOREACH(mle, &mac_static_label_element_list, mle_list) { - if (strcmp(name, mle->mle_name) == 0) + if (*(name2 = mle->mle_name) == '?') + name2++; + if (strcmp(name, name2) == 0) break; } if (mle == NULL) { LIST_FOREACH(mle, &mac_label_element_list, mle_list) { - if (strcmp(name, mle->mle_name) == 0) + if (*(name2 = mle->mle_name) == '?') + name2++; + if (strcmp(name, name2) == 0) break; } } if (mle == NULL) { mle = new_mles[mle_free]; - strcpy(mle->mle_name, name); + strcpy(mle->mle_name, mpc->mpc_labelnames[idx]); LIST_INIT(&mle->mle_listeners); LIST_INSERT_HEAD(list, mle, mle_list); mle_free++; @@ -1016,6 +1020,7 @@ struct mac_label_listener *mll; struct mac_label_element *mle; struct mac_label_element_list_t *element_list; + const char *name; int (*mpo_externalize)(struct label *, char *, struct sbuf *); int all_labels = 0, ignorenotfound = 0, error = 0, busy = FALSE; unsigned int count = 0; @@ -1029,8 +1034,16 @@ element_list = &mac_static_label_element_list; element_loop: LIST_FOREACH(mle, element_list, mle_list) { - if (!all_labels && strcmp(mle->mle_name, element) != 0) - continue; + name = mle->mle_name; + if (all_labels) { + if (*name == '?') + continue; + } else { + if (*name == '?') + name++; + if (strcmp(name, element) != 0) + continue; + } LIST_FOREACH(mll, &mle->mle_listeners, mll_list) { mpc = mac_policy_list.entries[mll->mll_handle].mpc; if (mpc == NULL) @@ -1040,7 +1053,7 @@ ((char *)mpc->mpc_ops + mpo_externalize_off); if (mpo_externalize == NULL) continue; - error = sbuf_printf(sb, "%s/", mle->mle_name); + error = sbuf_printf(sb, "%s/", name); if (error) goto done; error = mpo_externalize(label, mle->mle_name, sb); @@ -1055,7 +1068,7 @@ * (but not all) object types. */ sbuf_setpos(sb, sbuf_len(sb) - - (strlen(mle->mle_name) + 1)); + (strlen(name) + 1)); error = 0; continue; } @@ -1121,11 +1134,14 @@ int (*mpo_internalize)(struct label *, char *, char *); int error = 0, busy = FALSE; unsigned int count = 0; + const char *name; element_list = &mac_static_label_element_list; element_loop: LIST_FOREACH(mle, element_list, mle_list) { - if (strcmp(element_name, mle->mle_name) != 0) + if (*(name = mle->mle_name) == '?') + name++; + if (strcmp(element_name, name) != 0) continue; LIST_FOREACH(mll, &mle->mle_listeners, mll_list) { mpc = mac_policy_list.entries[mll->mll_handle].mpc;