From owner-p4-projects@FreeBSD.ORG  Fri Oct 14 20:48:42 2005
Return-Path: <owner-p4-projects@FreeBSD.ORG>
X-Original-To: p4-projects@freebsd.org
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id C761816A421; Fri, 14 Oct 2005 20:48:41 +0000 (GMT)
X-Original-To: perforce@freebsd.org
Delivered-To: perforce@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8A47016A41F
	for <perforce@freebsd.org>; Fri, 14 Oct 2005 20:48:41 +0000 (GMT)
	(envelope-from millert@freebsd.org)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP id EB44443D46
	for <perforce@freebsd.org>; Fri, 14 Oct 2005 20:48:40 +0000 (GMT)
	(envelope-from millert@freebsd.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id j9EKmejp089046
	for <perforce@freebsd.org>; Fri, 14 Oct 2005 20:48:40 GMT
	(envelope-from millert@freebsd.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.13.1/8.13.1/Submit) id j9EKmeq2089043
	for perforce@freebsd.org; Fri, 14 Oct 2005 20:48:40 GMT
	(envelope-from millert@freebsd.org)
Date: Fri, 14 Oct 2005 20:48:40 GMT
Message-Id: <200510142048.j9EKmeq2089043@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	millert@freebsd.org using -f
From: Todd Miller <millert@FreeBSD.org>
To: Perforce Change Reviews <perforce@freebsd.org>
Cc: 
Subject: PERFORCE change 85307 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Oct 2005 20:48:42 -0000

http://perforce.freebsd.org/chv.cgi?CH=85307

Change 85307 by millert@millert_ibook on 2005/10/14 20:48:08

	Fix the bug in MAC_INTERNALIZE where the return code from the 
	policies' internalize ops was not being checked. Also invert the
	logic for comparing the label namespace.  Also invert the logic
	for comparing label namespaces in the MAC_EXTERNALIZE macro to
	clarify the source.  From the DSEP branch (wsalamon).

Affected files ...

.. //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/security/mac_internal.h#4 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/security/mac_internal.h#4 (text+ko) ====

@@ -264,24 +264,22 @@
 			continue;					\
 									\
 		for (idx = 0; idx < ME_mpc->mpc_labelname_count; idx++) { \
-			if (strcmp(ME_mpc->mpc_labelnames[idx], element) == 0){\
-				if (count == 0) {			\
-					error = sbuf_printf(&sb, "%s/",	\
-					    element);			\
-					if (error)			\
-						break;			\
-				} else {				\
-					error = sbuf_printf(&sb, ",");	\
-					if (error)			\
-						break;			\
-				}					\
-				error = 				\
-			    ME_mpc->mpc_ops->mpo_externalize_## type ##_label\
-				    (label, element, &sb);		\
+			if (strcmp(ME_mpc->mpc_labelnames[idx], element) != 0)\
+				continue;				\
+			if (count == 0) {				\
+				error = sbuf_printf(&sb, "%s/",	element);\
+				if (error)				\
+					break;				\
+			} else {					\
+				error = sbuf_printf(&sb, ",");		\
 				if (error)				\
 					break;				\
-				count++;				\
 			}						\
+			error = ME_mpc->mpc_ops->mpo_externalize_## type ##_label\
+				    (label, element, &sb);		\
+			if (error)					\
+				break;					\
+			count++;					\
 		}							\
 		if (error)						\
 			break;						\
@@ -404,13 +402,13 @@
 			continue;					\
 									\
 		for (idx = 0; idx < MI_mpc->mpc_labelname_count; idx++) { \
-			if (strcmp(MI_mpc->mpc_labelnames[idx], element) == 0){\
-			    MI_mpc->mpc_ops->mpo_internalize_## type ##_label\
+			if (strcmp(MI_mpc->mpc_labelnames[idx], element) != 0) \
+				continue;				\
+			error = MI_mpc->mpc_ops->mpo_internalize_## type ##_label\
 				    (label, element, element_data);	\
-				if (error)				\
-					break;				\
-				count++;				\
-			}						\
+			if (error)					\
+				break;					\
+			count++;					\
 		}							\
 		if (error)						\
 			break;						\