From owner-p4-projects Sat Sep 28 14:41:50 2002 Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 8A84637B404; Sat, 28 Sep 2002 14:41:41 -0700 (PDT) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3A17A37B401 for ; Sat, 28 Sep 2002 14:41:41 -0700 (PDT) Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id C1C4843E6E for ; Sat, 28 Sep 2002 14:41:40 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from freefall.freebsd.org (perforce@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.6/8.12.6) with ESMTP id g8SLfeCo032170 for ; Sat, 28 Sep 2002 14:41:40 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by freefall.freebsd.org (8.12.6/8.12.6/Submit) id g8SLfeYe032160 for perforce@freebsd.org; Sat, 28 Sep 2002 14:41:40 -0700 (PDT) Date: Sat, 28 Sep 2002 14:41:40 -0700 (PDT) Message-Id: <200209282141.g8SLfeYe032160@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson Subject: PERFORCE change 18301 for review To: Perforce Change Reviews Sender: owner-p4-projects@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG http://people.freebsd.org/~peter/p4db/chv.cgi?CH=18301 Change 18301 by rwatson@rwatson_tislabs on 2002/09/28 14:41:09 Break out text processing from mac_{biba,mls}_{externalize,internalize} into seperate _parse and _to_string functions. This permits the same text label processing to also be used for sysctls, tunables, and other policy data. Also, we can use it for kernel printfs to indicate the label in use. Affected files ... .. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#117 edit .. //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#97 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#117 (text+ko) ==== @@ -508,24 +508,14 @@ } static int -mac_biba_externalize_label(struct label *label, struct mac *mac, - struct mac_element *element, int *claimed) +mac_biba_to_string(char *string, size_t size, struct mac_biba *mac_biba) { - struct mac_biba *mac_biba; - char string[MAC_MAX_LABEL_ELEMENT_DATALEN], *curptr; - size_t len, left; - int error; + size_t left, len; + char *curptr; - if (strcmp(MAC_BIBA_LABEL_NAME, element->me_name) != 0) - return (0); - - (*claimed)++; - - mac_biba = SLOT(label); - - bzero(string, sizeof(string)); + bzero(string, size); curptr = string; - left = MAC_MAX_LABEL_ELEMENT_DATALEN; + left = size; if (mac_biba->mb_flags & MAC_BIBA_FLAG_SINGLE) { len = mac_biba_element_to_string(curptr, left, @@ -570,6 +560,28 @@ curptr += len; } + return (0); +} + +static int +mac_biba_externalize_label(struct label *label, struct mac *mac, + struct mac_element *element, int *claimed) +{ + struct mac_biba *mac_biba; + char string[MAC_MAX_LABEL_ELEMENT_DATALEN]; + int error; + + if (strcmp(MAC_BIBA_LABEL_NAME, element->me_name) != 0) + return (0); + + (*claimed)++; + + mac_biba = SLOT(label); + error = mac_biba_to_string(string, MAC_MAX_LABEL_ELEMENT_DATALEN, + mac_biba); + if (error) + return (error); + if (strlen(string)+1 > element->me_databuflen) return (EINVAL); @@ -627,27 +639,16 @@ return (0); } +/* + * Note: destructively consumes the string, make a local copy before + * calling if that's a problem. + */ static int -mac_biba_internalize_label(struct label *label, struct mac *mac, - struct mac_element *element, int *claimed) +mac_biba_parse(struct mac_biba *mac_biba, char *string) { - struct mac_biba *mac_biba, mac_biba_temp; - char string[MAC_MAX_LABEL_ELEMENT_DATALEN]; /* XXX */ - char *range, *rangeend, *rangehigh, *rangelow, *single; + char *single, *range, *rangeend, *rangehigh, *rangelow; int error; - if (strcmp(MAC_BIBA_LABEL_NAME, element->me_name) != 0) - return (0); - - (*claimed)++; - - error = copyin(element->me_data, &string, element->me_datalen); - if (error) - return (error); - - if (!strvalid(string, MAC_MAX_LABEL_ELEMENT_DATALEN)) - return (EINVAL); - /* Do we have a range? */ single = string; range = index(string, '('); @@ -681,28 +682,54 @@ printf("Biba: single: %s, range low: %s, range high: %s\n", single, rangelow, rangehigh); - bzero(&mac_biba_temp, sizeof(mac_biba_temp)); + bzero(mac_biba, sizeof(*mac_biba)); if (single != NULL) { - error = mac_biba_parse_element(&mac_biba_temp.mb_single, - single); + error = mac_biba_parse_element(&mac_biba->mb_single, single); if (error) return (error); - mac_biba_temp.mb_flags |= MAC_BIBA_FLAG_SINGLE; + mac_biba->mb_flags |= MAC_BIBA_FLAG_SINGLE; } if (rangelow != NULL) { - error = mac_biba_parse_element(&mac_biba_temp.mb_rangelow, + error = mac_biba_parse_element(&mac_biba->mb_rangelow, rangelow); if (error) return (error); - error == mac_biba_parse_element(&mac_biba_temp.mb_rangehigh, + error == mac_biba_parse_element(&mac_biba->mb_rangehigh, rangehigh); if (error) return (error); - mac_biba_temp.mb_flags |= MAC_BIBA_FLAG_RANGE; + mac_biba->mb_flags |= MAC_BIBA_FLAG_RANGE; } - error = mac_biba_valid(&mac_biba_temp); + error = mac_biba_valid(mac_biba); + if (error) + return (error); + + return (0); +} + +static int +mac_biba_internalize_label(struct label *label, struct mac *mac, + struct mac_element *element, int *claimed) +{ + struct mac_biba *mac_biba, mac_biba_temp; + char string[MAC_MAX_LABEL_ELEMENT_DATALEN]; /* XXX */ + int error; + + if (strcmp(MAC_BIBA_LABEL_NAME, element->me_name) != 0) + return (0); + + (*claimed)++; + + error = copyin(element->me_data, &string, element->me_datalen); + if (error) + return (error); + + if (!strvalid(string, MAC_MAX_LABEL_ELEMENT_DATALEN)) + return (EINVAL); + + error = mac_biba_parse(&mac_biba_temp, string); if (error) return (error); ==== //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#97 (text+ko) ==== @@ -497,24 +497,14 @@ } static int -mac_mls_externalize_label(struct label *label, struct mac *mac, - struct mac_element *element, int *claimed) +mac_mls_to_string(char *string, size_t size, struct mac_mls *mac_mls) { - struct mac_mls *mac_mls; - char string[MAC_MAX_LABEL_ELEMENT_DATALEN], *curptr; size_t left, len; - int error; + char *curptr; - if (strcmp(MAC_MLS_LABEL_NAME, element->me_name) != 0) - return (0); - - (*claimed)++; - - mac_mls = SLOT(label); - - bzero(string, sizeof(string)); + bzero(string, size); curptr = string; - left = MAC_MAX_LABEL_ELEMENT_DATALEN; + left = size; if (mac_mls->mm_flags & MAC_MLS_FLAG_SINGLE) { len = mac_mls_element_to_string(curptr, left, @@ -559,6 +549,29 @@ curptr += len; } + return (0); +} + +static int +mac_mls_externalize_label(struct label *label, struct mac *mac, + struct mac_element *element, int *claimed) +{ + struct mac_mls *mac_mls; + char string[MAC_MAX_LABEL_ELEMENT_DATALEN]; + int error; + + if (strcmp(MAC_MLS_LABEL_NAME, element->me_name) != 0) + return (0); + + (*claimed)++; + + mac_mls = SLOT(label); + + error = mac_mls_to_string(string, MAC_MAX_LABEL_ELEMENT_DATALEN, + mac_mls); + if (error) + return (error); + if (strlen(string)+1 > element->me_databuflen) return (EINVAL); @@ -616,27 +629,16 @@ return (0); } +/* + * Note: destructively consumes the string, make a local copy before + * calling if that's a problem. + */ static int -mac_mls_internalize_label(struct label *label, struct mac *mac, - struct mac_element *element, int *claimed) +mac_mls_parse(struct mac_mls *mac_mls, char *string) { - struct mac_mls *mac_mls, mac_mls_temp; - char string[MAC_MAX_LABEL_ELEMENT_DATALEN]; /* XXX */ char *range, *rangeend, *rangehigh, *rangelow, *single; int error; - if (strcmp(MAC_MLS_LABEL_NAME, element->me_name) != 0) - return (0); - - (*claimed)++; - - error = copyin(element->me_data, &string, element->me_datalen); - if (error) - return (error); - - if (!strvalid(string, MAC_MAX_LABEL_ELEMENT_DATALEN)) - return (EINVAL); - /* Do we have a range? */ single = string; range = index(string, '('); @@ -670,28 +672,54 @@ printf("MLS: single: %s, range low: %s, range high: %s\n", single, rangelow, rangehigh); - bzero(&mac_mls_temp, sizeof(mac_mls_temp)); + bzero(mac_mls, sizeof(*mac_mls)); if (single != NULL) { - error = mac_mls_parse_element(&mac_mls_temp.mm_single, - single); + error = mac_mls_parse_element(&mac_mls->mm_single, single); if (error) return (error); - mac_mls_temp.mm_flags |= MAC_MLS_FLAG_SINGLE; + mac_mls->mm_flags |= MAC_MLS_FLAG_SINGLE; } if (rangelow != NULL) { - error = mac_mls_parse_element(&mac_mls_temp.mm_rangelow, + error = mac_mls_parse_element(&mac_mls->mm_rangelow, rangelow); if (error) return (error); - error = mac_mls_parse_element(&mac_mls_temp.mm_rangehigh, + error = mac_mls_parse_element(&mac_mls->mm_rangehigh, rangehigh); if (error) return (error); - mac_mls_temp.mm_flags |= MAC_MLS_FLAG_RANGE; + mac_mls->mm_flags |= MAC_MLS_FLAG_RANGE; } - error = mac_mls_valid(&mac_mls_temp); + error = mac_mls_valid(mac_mls); + if (error) + return (error); + + return (0); +} + +static int +mac_mls_internalize_label(struct label *label, struct mac *mac, + struct mac_element *element, int *claimed) +{ + struct mac_mls *mac_mls, mac_mls_temp; + char string[MAC_MAX_LABEL_ELEMENT_DATALEN]; /* XXX */ + int error; + + if (strcmp(MAC_MLS_LABEL_NAME, element->me_name) != 0) + return (0); + + (*claimed)++; + + error = copyin(element->me_data, &string, element->me_datalen); + if (error) + return (error); + + if (!strvalid(string, MAC_MAX_LABEL_ELEMENT_DATALEN)) + return (EINVAL); + + error = mac_mls_parse(&mac_mls_temp, string); if (error) return (error); To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message