Date: Sat, 28 Sep 2002 14:41:40 -0700 (PDT) From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 18301 for review Message-ID: <200209282141.g8SLfeYe032160@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=18301 Change 18301 by rwatson@rwatson_tislabs on 2002/09/28 14:41:09 Break out text processing from mac_{biba,mls}_{externalize,internalize} into seperate _parse and _to_string functions. This permits the same text label processing to also be used for sysctls, tunables, and other policy data. Also, we can use it for kernel printfs to indicate the label in use. Affected files ... .. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#117 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#97 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#117 (text+ko) ==== @@ -508,24 +508,14 @@ } static int -mac_biba_externalize_label(struct label *label, struct mac *mac, - struct mac_element *element, int *claimed) +mac_biba_to_string(char *string, size_t size, struct mac_biba *mac_biba) { - struct mac_biba *mac_biba; - char string[MAC_MAX_LABEL_ELEMENT_DATALEN], *curptr; - size_t len, left; - int error; + size_t left, len; + char *curptr; - if (strcmp(MAC_BIBA_LABEL_NAME, element->me_name) != 0) - return (0); - - (*claimed)++; - - mac_biba = SLOT(label); - - bzero(string, sizeof(string)); + bzero(string, size); curptr = string; - left = MAC_MAX_LABEL_ELEMENT_DATALEN; + left = size; if (mac_biba->mb_flags & MAC_BIBA_FLAG_SINGLE) { len = mac_biba_element_to_string(curptr, left, @@ -570,6 +560,28 @@ curptr += len; } + return (0); +} + +static int +mac_biba_externalize_label(struct label *label, struct mac *mac, + struct mac_element *element, int *claimed) +{ + struct mac_biba *mac_biba; + char string[MAC_MAX_LABEL_ELEMENT_DATALEN]; + int error; + + if (strcmp(MAC_BIBA_LABEL_NAME, element->me_name) != 0) + return (0); + + (*claimed)++; + + mac_biba = SLOT(label); + error = mac_biba_to_string(string, MAC_MAX_LABEL_ELEMENT_DATALEN, + mac_biba); + if (error) + return (error); + if (strlen(string)+1 > element->me_databuflen) return (EINVAL); @@ -627,27 +639,16 @@ return (0); } +/* + * Note: destructively consumes the string, make a local copy before + * calling if that's a problem. + */ static int -mac_biba_internalize_label(struct label *label, struct mac *mac, - struct mac_element *element, int *claimed) +mac_biba_parse(struct mac_biba *mac_biba, char *string) { - struct mac_biba *mac_biba, mac_biba_temp; - char string[MAC_MAX_LABEL_ELEMENT_DATALEN]; /* XXX */ - char *range, *rangeend, *rangehigh, *rangelow, *single; + char *single, *range, *rangeend, *rangehigh, *rangelow; int error; - if (strcmp(MAC_BIBA_LABEL_NAME, element->me_name) != 0) - return (0); - - (*claimed)++; - - error = copyin(element->me_data, &string, element->me_datalen); - if (error) - return (error); - - if (!strvalid(string, MAC_MAX_LABEL_ELEMENT_DATALEN)) - return (EINVAL); - /* Do we have a range? */ single = string; range = index(string, '('); @@ -681,28 +682,54 @@ printf("Biba: single: %s, range low: %s, range high: %s\n", single, rangelow, rangehigh); - bzero(&mac_biba_temp, sizeof(mac_biba_temp)); + bzero(mac_biba, sizeof(*mac_biba)); if (single != NULL) { - error = mac_biba_parse_element(&mac_biba_temp.mb_single, - single); + error = mac_biba_parse_element(&mac_biba->mb_single, single); if (error) return (error); - mac_biba_temp.mb_flags |= MAC_BIBA_FLAG_SINGLE; + mac_biba->mb_flags |= MAC_BIBA_FLAG_SINGLE; } if (rangelow != NULL) { - error = mac_biba_parse_element(&mac_biba_temp.mb_rangelow, + error = mac_biba_parse_element(&mac_biba->mb_rangelow, rangelow); if (error) return (error); - error == mac_biba_parse_element(&mac_biba_temp.mb_rangehigh, + error == mac_biba_parse_element(&mac_biba->mb_rangehigh, rangehigh); if (error) return (error); - mac_biba_temp.mb_flags |= MAC_BIBA_FLAG_RANGE; + mac_biba->mb_flags |= MAC_BIBA_FLAG_RANGE; } - error = mac_biba_valid(&mac_biba_temp); + error = mac_biba_valid(mac_biba); + if (error) + return (error); + + return (0); +} + +static int +mac_biba_internalize_label(struct label *label, struct mac *mac, + struct mac_element *element, int *claimed) +{ + struct mac_biba *mac_biba, mac_biba_temp; + char string[MAC_MAX_LABEL_ELEMENT_DATALEN]; /* XXX */ + int error; + + if (strcmp(MAC_BIBA_LABEL_NAME, element->me_name) != 0) + return (0); + + (*claimed)++; + + error = copyin(element->me_data, &string, element->me_datalen); + if (error) + return (error); + + if (!strvalid(string, MAC_MAX_LABEL_ELEMENT_DATALEN)) + return (EINVAL); + + error = mac_biba_parse(&mac_biba_temp, string); if (error) return (error); ==== //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#97 (text+ko) ==== @@ -497,24 +497,14 @@ } static int -mac_mls_externalize_label(struct label *label, struct mac *mac, - struct mac_element *element, int *claimed) +mac_mls_to_string(char *string, size_t size, struct mac_mls *mac_mls) { - struct mac_mls *mac_mls; - char string[MAC_MAX_LABEL_ELEMENT_DATALEN], *curptr; size_t left, len; - int error; + char *curptr; - if (strcmp(MAC_MLS_LABEL_NAME, element->me_name) != 0) - return (0); - - (*claimed)++; - - mac_mls = SLOT(label); - - bzero(string, sizeof(string)); + bzero(string, size); curptr = string; - left = MAC_MAX_LABEL_ELEMENT_DATALEN; + left = size; if (mac_mls->mm_flags & MAC_MLS_FLAG_SINGLE) { len = mac_mls_element_to_string(curptr, left, @@ -559,6 +549,29 @@ curptr += len; } + return (0); +} + +static int +mac_mls_externalize_label(struct label *label, struct mac *mac, + struct mac_element *element, int *claimed) +{ + struct mac_mls *mac_mls; + char string[MAC_MAX_LABEL_ELEMENT_DATALEN]; + int error; + + if (strcmp(MAC_MLS_LABEL_NAME, element->me_name) != 0) + return (0); + + (*claimed)++; + + mac_mls = SLOT(label); + + error = mac_mls_to_string(string, MAC_MAX_LABEL_ELEMENT_DATALEN, + mac_mls); + if (error) + return (error); + if (strlen(string)+1 > element->me_databuflen) return (EINVAL); @@ -616,27 +629,16 @@ return (0); } +/* + * Note: destructively consumes the string, make a local copy before + * calling if that's a problem. + */ static int -mac_mls_internalize_label(struct label *label, struct mac *mac, - struct mac_element *element, int *claimed) +mac_mls_parse(struct mac_mls *mac_mls, char *string) { - struct mac_mls *mac_mls, mac_mls_temp; - char string[MAC_MAX_LABEL_ELEMENT_DATALEN]; /* XXX */ char *range, *rangeend, *rangehigh, *rangelow, *single; int error; - if (strcmp(MAC_MLS_LABEL_NAME, element->me_name) != 0) - return (0); - - (*claimed)++; - - error = copyin(element->me_data, &string, element->me_datalen); - if (error) - return (error); - - if (!strvalid(string, MAC_MAX_LABEL_ELEMENT_DATALEN)) - return (EINVAL); - /* Do we have a range? */ single = string; range = index(string, '('); @@ -670,28 +672,54 @@ printf("MLS: single: %s, range low: %s, range high: %s\n", single, rangelow, rangehigh); - bzero(&mac_mls_temp, sizeof(mac_mls_temp)); + bzero(mac_mls, sizeof(*mac_mls)); if (single != NULL) { - error = mac_mls_parse_element(&mac_mls_temp.mm_single, - single); + error = mac_mls_parse_element(&mac_mls->mm_single, single); if (error) return (error); - mac_mls_temp.mm_flags |= MAC_MLS_FLAG_SINGLE; + mac_mls->mm_flags |= MAC_MLS_FLAG_SINGLE; } if (rangelow != NULL) { - error = mac_mls_parse_element(&mac_mls_temp.mm_rangelow, + error = mac_mls_parse_element(&mac_mls->mm_rangelow, rangelow); if (error) return (error); - error = mac_mls_parse_element(&mac_mls_temp.mm_rangehigh, + error = mac_mls_parse_element(&mac_mls->mm_rangehigh, rangehigh); if (error) return (error); - mac_mls_temp.mm_flags |= MAC_MLS_FLAG_RANGE; + mac_mls->mm_flags |= MAC_MLS_FLAG_RANGE; } - error = mac_mls_valid(&mac_mls_temp); + error = mac_mls_valid(mac_mls); + if (error) + return (error); + + return (0); +} + +static int +mac_mls_internalize_label(struct label *label, struct mac *mac, + struct mac_element *element, int *claimed) +{ + struct mac_mls *mac_mls, mac_mls_temp; + char string[MAC_MAX_LABEL_ELEMENT_DATALEN]; /* XXX */ + int error; + + if (strcmp(MAC_MLS_LABEL_NAME, element->me_name) != 0) + return (0); + + (*claimed)++; + + error = copyin(element->me_data, &string, element->me_datalen); + if (error) + return (error); + + if (!strvalid(string, MAC_MAX_LABEL_ELEMENT_DATALEN)) + return (EINVAL); + + error = mac_mls_parse(&mac_mls_temp, string); if (error) return (error); To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200209282141.g8SLfeYe032160>