Date: Thu, 16 Nov 2006 19:12:31 GMT From: Todd Miller <millert@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 110121 for review Message-ID: <200611161912.kAGJCV7s065868@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=110121 Change 110121 by millert@millert_macbook on 2006/11/16 19:12:14 If a policy registers a label namespace that starts with '?', exclude it from the default label list return by '*' during externalize. Affected files ... .. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_base.c#22 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_base.c#22 (text+ko) ==== @@ -479,7 +479,7 @@ struct mac_label_element *mle, **new_mles; struct mac_label_element_list_t *list; struct mac_policy_conf *mpc; - const char *name; + const char *name, *name2; u_int idx, mle_free, mll_free; mpc = mac_get_mpc(handle); @@ -520,25 +520,29 @@ mac_policy_grab_exclusive(); for (idx = 0; idx < mpc->mpc_labelname_count; idx++) { - name = mpc->mpc_labelnames[idx]; - + if (*(name = mpc->mpc_labelnames[idx]) == '?') + name++; /* * Check both label element lists and add to the * appropriate list only if not already on a list. */ LIST_FOREACH(mle, &mac_static_label_element_list, mle_list) { - if (strcmp(name, mle->mle_name) == 0) + if (*(name2 = mle->mle_name) == '?') + name2++; + if (strcmp(name, name2) == 0) break; } if (mle == NULL) { LIST_FOREACH(mle, &mac_label_element_list, mle_list) { - if (strcmp(name, mle->mle_name) == 0) + if (*(name2 = mle->mle_name) == '?') + name2++; + if (strcmp(name, name2) == 0) break; } } if (mle == NULL) { mle = new_mles[mle_free]; - strcpy(mle->mle_name, name); + strcpy(mle->mle_name, mpc->mpc_labelnames[idx]); LIST_INIT(&mle->mle_listeners); LIST_INSERT_HEAD(list, mle, mle_list); mle_free++; @@ -1016,6 +1020,7 @@ struct mac_label_listener *mll; struct mac_label_element *mle; struct mac_label_element_list_t *element_list; + const char *name; int (*mpo_externalize)(struct label *, char *, struct sbuf *); int all_labels = 0, ignorenotfound = 0, error = 0, busy = FALSE; unsigned int count = 0; @@ -1029,8 +1034,16 @@ element_list = &mac_static_label_element_list; element_loop: LIST_FOREACH(mle, element_list, mle_list) { - if (!all_labels && strcmp(mle->mle_name, element) != 0) - continue; + name = mle->mle_name; + if (all_labels) { + if (*name == '?') + continue; + } else { + if (*name == '?') + name++; + if (strcmp(name, element) != 0) + continue; + } LIST_FOREACH(mll, &mle->mle_listeners, mll_list) { mpc = mac_policy_list.entries[mll->mll_handle].mpc; if (mpc == NULL) @@ -1040,7 +1053,7 @@ ((char *)mpc->mpc_ops + mpo_externalize_off); if (mpo_externalize == NULL) continue; - error = sbuf_printf(sb, "%s/", mle->mle_name); + error = sbuf_printf(sb, "%s/", name); if (error) goto done; error = mpo_externalize(label, mle->mle_name, sb); @@ -1055,7 +1068,7 @@ * (but not all) object types. */ sbuf_setpos(sb, sbuf_len(sb) - - (strlen(mle->mle_name) + 1)); + (strlen(name) + 1)); error = 0; continue; } @@ -1121,11 +1134,14 @@ int (*mpo_internalize)(struct label *, char *, char *); int error = 0, busy = FALSE; unsigned int count = 0; + const char *name; element_list = &mac_static_label_element_list; element_loop: LIST_FOREACH(mle, element_list, mle_list) { - if (strcmp(element_name, mle->mle_name) != 0) + if (*(name = mle->mle_name) == '?') + name++; + if (strcmp(element_name, name) != 0) continue; LIST_FOREACH(mll, &mle->mle_listeners, mll_list) { mpc = mac_policy_list.entries[mll->mll_handle].mpc;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200611161912.kAGJCV7s065868>