Date: Sat, 28 Sep 2002 20:17:35 -0700 (PDT) From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 18311 for review Message-ID: <200209290317.g8T3HZA3027585@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=18311 Change 18311 by rwatson@rwatson_tislabs on 2002/09/28 20:16:53 Unhook module processing of _prepare(), _to_text(), _from_text() for the time being, as we continue to work on the correct structural relationship between pluggable user and kernel MAC code. This permits MAC to be used with existing MAC support in statically linked binaries, which is fine again now that we can interpret labels from the kernel without user module help, but also has its downsides. Expect more work in this space soon, including the ability to specify labels that require intepretation by a user module vs labels that are understood natively without the help of a module. Affected files ... .. //depot/projects/trustedbsd/mac/lib/libc/posix1e/mac.c#2 edit Differences ... ==== //depot/projects/trustedbsd/mac/lib/libc/posix1e/mac.c#2 (text+ko) ==== @@ -78,10 +78,14 @@ static LIST_HEAD(, internal_module_entry) internal_module_list; static int internal_initialized; +/* Default sets of labels for various query operations. */ static char *default_file_labels; static char *default_ifnet_labels; static char *default_process_labels; +/* List of labels to process internally as text strings. */ +static char *text_labels; + const char * mac_error(int error) { @@ -311,6 +315,22 @@ LIST_INSERT_HEAD(&internal_module_list, entry, ime_entries); + } else if (strcmp(statement, "text_labels") == 0) { + if (text_labels != NULL) { + free(text_labels); + text_labels = NULL; + } + + arg = strsep(&parse, "# \t"); + if (arg != NULL && arg[0] != '\0') { + text_labels = strdup(arg); + if (text_labels == NULL) { + error = + MAC_ERROR_INSUFFICIENTRESOURCES; + fclose(file); + goto just_return; + } + } } else if (strcmp(statement, "default_file_labels") == 0) { if (default_file_labels != NULL) { free(default_file_labels); @@ -429,13 +449,17 @@ { struct internal_module_entry *entry; +#if 0 entry = mac_module_find_by_labelname(element->me_name); if (entry != NULL && entry->ime_free != NULL) { entry->ime_free(element); } else { +#endif if (element->me_data != NULL) free(element->me_data); +#if 0 } +#endif } int @@ -483,6 +507,14 @@ return (mac); } +static int +mac_name_in_list(char *string, char *name) +{ + + + +} + int mac_from_text(struct mac **mac, const char *text) { @@ -518,7 +550,10 @@ search = dup; while ((element = strsep(&search, MAC_PARSE_ELEMENT_SEP_STR))) { +#if 0 struct internal_module_entry *entry; +#endif + struct mac_element *mac_element; char *labelname, *labelvalue; labelvalue = element; @@ -527,17 +562,13 @@ error = MAC_ERROR_UNPARSEABLELABEL; goto free_temp; } - if (strcmp(labelvalue, MAC_PARSE_UNKNOWNVALUE) == 0) { - error = MAC_ERROR_INVALIDLABELVALUE; - goto free_temp; - } - + mac_element = &temp->m_elements[temp->m_numliveelements]; + strcpy(mac_element->me_name, labelname); +#if 0 /* * Walk down the module list until we find a module that * is willing to accept this label name. */ - strcpy(temp->m_elements[temp->m_numliveelements].me_name, - labelname); entry = mac_module_find_by_labelname(labelname); if (entry == NULL) { error = MAC_ERROR_UNKNOWNLABELNAME; @@ -553,6 +584,10 @@ error = MAC_ERROR_NOFROMTEXT; goto free_temp; } +#endif + mac_element->me_data = strdup(labelvalue); + mac_element->me_databuflen = mac_element->me_datalen = + strlen(labelvalue) + 1; temp->m_numliveelements++; } @@ -602,6 +637,7 @@ } for (count = 0; count < element_count; count++) { +#if 0 entry = mac_module_find_by_labelname(element_array[count]); if (entry == NULL) { free(local_policies); @@ -609,7 +645,9 @@ *mac = NULL; return (MAC_ERROR_UNKNOWNLABELNAME); } +#endif strcpy(temp->m_elements[count].me_name, element_array[count]); +#if 0 if (entry->ime_prepare == NULL) { free(local_policies); mac_free(temp); @@ -623,6 +661,18 @@ *mac = NULL; return (error); } +#endif + temp->m_elements[count].me_databuflen = + MAC_MAX_LABEL_ELEMENT_DATALEN; + temp->m_elements[count].me_data = + malloc(temp->m_elements[count].me_databuflen); + if (temp->m_elements[count].me_data == NULL) { + free(local_policies); + mac_free(temp); + *mac = NULL; + return (MAC_ERROR_INSUFFICIENTRESOURCES); + } + temp->m_elements[count].me_datalen = 0; temp->m_numliveelements++; } @@ -634,7 +684,9 @@ int mac_to_text(struct mac *mac, char **text) { +#if 0 struct internal_module_entry *entry; +#endif struct mac_element *element; char *string, *tempstring, *elementstring, *policyvalue; int error, i; @@ -647,6 +699,7 @@ string = NULL; for (i = 0; i < mac->m_numliveelements; i++) { element = &mac->m_elements[i]; +#if 0 entry = mac_module_find_by_labelname(element->me_name); if (entry == NULL) elementstring = strdup(MAC_PARSE_UNKNOWNVALUE); @@ -656,11 +709,13 @@ error = entry->ime_to_text(element, &policyvalue); if (error != MAC_SUCCESS) goto error_handler; - +#endif asprintf(&elementstring, "%s%s%s", element->me_name, - MAC_PARSE_POLICY_SEP_STR, policyvalue); + MAC_PARSE_POLICY_SEP_STR, element->me_data); +#if 0 free(policyvalue); } +#endif if (elementstring == NULL) { error = MAC_ERROR_INSUFFICIENTRESOURCES; goto error_handler; To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200209290317.g8T3HZA3027585>