From owner-p4-projects  Sat Sep 28 20:17:42 2002
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 2ED3537B404; Sat, 28 Sep 2002 20:17:36 -0700 (PDT)
Delivered-To: perforce@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id CD4C937B401
	for <perforce@freebsd.org>; Sat, 28 Sep 2002 20:17:35 -0700 (PDT)
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7143943E7B
	for <perforce@freebsd.org>; Sat, 28 Sep 2002 20:17:35 -0700 (PDT)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: from freefall.freebsd.org (perforce@localhost [127.0.0.1])
	by freefall.freebsd.org (8.12.6/8.12.6) with ESMTP id g8T3HZCo027588
	for <perforce@freebsd.org>; Sat, 28 Sep 2002 20:17:35 -0700 (PDT)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: (from perforce@localhost)
	by freefall.freebsd.org (8.12.6/8.12.6/Submit) id g8T3HZA3027585
	for perforce@freebsd.org; Sat, 28 Sep 2002 20:17:35 -0700 (PDT)
Date: Sat, 28 Sep 2002 20:17:35 -0700 (PDT)
Message-Id: <200209290317.g8T3HZA3027585@freefall.freebsd.org>
X-Authentication-Warning: freefall.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f
From: Robert Watson <rwatson@FreeBSD.org>
Subject: PERFORCE change 18311 for review
To: Perforce Change Reviews <perforce@freebsd.org>
Sender: owner-p4-projects@FreeBSD.ORG
Precedence: bulk
List-ID: <p4-projects.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20p4-projects>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20p4-projects>
X-Loop: FreeBSD.ORG

http://people.freebsd.org/~peter/p4db/chv.cgi?CH=18311

Change 18311 by rwatson@rwatson_tislabs on 2002/09/28 20:16:53

	Unhook module processing of _prepare(), _to_text(), _from_text()
	for the time being, as we continue to work on the correct
	structural relationship between pluggable user and kernel
	MAC code.  This permits MAC to be used with existing MAC support
	in statically linked binaries, which is fine again now that
	we can interpret labels from the kernel without user module
	help, but also has its downsides.  Expect more work in this
	space soon, including the ability to specify labels that
	require intepretation by a user module vs labels that are
	understood natively without the help of a module.

Affected files ...

.. //depot/projects/trustedbsd/mac/lib/libc/posix1e/mac.c#2 edit

Differences ...

==== //depot/projects/trustedbsd/mac/lib/libc/posix1e/mac.c#2 (text+ko) ====

@@ -78,10 +78,14 @@
 static LIST_HEAD(, internal_module_entry)	internal_module_list;
 static int					internal_initialized;
 
+/* Default sets of labels for various query operations. */
 static char	*default_file_labels;
 static char	*default_ifnet_labels;
 static char	*default_process_labels;
 
+/* List of labels to process internally as text strings. */
+static char	*text_labels;
+
 const char *
 mac_error(int error)
 {
@@ -311,6 +315,22 @@
 
 			LIST_INSERT_HEAD(&internal_module_list, entry,
 			    ime_entries);
+		} else if (strcmp(statement, "text_labels") == 0) {
+			if (text_labels != NULL) {
+				free(text_labels);
+				text_labels = NULL;
+			}
+
+			arg = strsep(&parse, "# \t");
+			if (arg != NULL && arg[0] != '\0') {
+				text_labels = strdup(arg);
+				if (text_labels == NULL) {
+					error =
+					    MAC_ERROR_INSUFFICIENTRESOURCES;
+					fclose(file);
+					goto just_return;
+				}
+			}
 		} else if (strcmp(statement, "default_file_labels") == 0) {
 			if (default_file_labels != NULL) {
 				free(default_file_labels);
@@ -429,13 +449,17 @@
 {
 	struct internal_module_entry *entry;
 
+#if 0
 	entry = mac_module_find_by_labelname(element->me_name);
 	if (entry != NULL && entry->ime_free != NULL) {
 		entry->ime_free(element);
 	} else {
+#endif
 		if (element->me_data != NULL)
 			free(element->me_data);
+#if 0
 	}
+#endif
 }
 
 int
@@ -483,6 +507,14 @@
 	return (mac);
 }
 
+static int
+mac_name_in_list(char *string, char *name)
+{
+	
+
+
+}
+
 int
 mac_from_text(struct mac **mac, const char *text)
 {
@@ -518,7 +550,10 @@
 
 	search = dup;
 	while ((element = strsep(&search, MAC_PARSE_ELEMENT_SEP_STR))) {
+#if 0
 		struct internal_module_entry *entry;
+#endif
+		struct mac_element *mac_element;
 		char *labelname, *labelvalue;
 
 		labelvalue = element;
@@ -527,17 +562,13 @@
 			error = MAC_ERROR_UNPARSEABLELABEL;
 			goto free_temp;
 		}
-		if (strcmp(labelvalue, MAC_PARSE_UNKNOWNVALUE) == 0) {
-			error = MAC_ERROR_INVALIDLABELVALUE;
-			goto free_temp;
-		}
-
+		mac_element = &temp->m_elements[temp->m_numliveelements];
+		strcpy(mac_element->me_name, labelname);
+#if 0
 		/*
 		 * Walk down the module list until we find a module that
 		 * is willing to accept this label name.
 		 */
-		strcpy(temp->m_elements[temp->m_numliveelements].me_name,
-		    labelname);
 		entry = mac_module_find_by_labelname(labelname);
 		if (entry == NULL) {
 			error = MAC_ERROR_UNKNOWNLABELNAME;
@@ -553,6 +584,10 @@
 			error = MAC_ERROR_NOFROMTEXT;
 			goto free_temp;
 		}
+#endif
+		mac_element->me_data = strdup(labelvalue);
+		mac_element->me_databuflen = mac_element->me_datalen =
+		    strlen(labelvalue) + 1;
 		temp->m_numliveelements++;
 	}
 
@@ -602,6 +637,7 @@
 	}
 
 	for (count = 0; count < element_count; count++) {
+#if 0
 		entry = mac_module_find_by_labelname(element_array[count]);
 		if (entry == NULL) {
 			free(local_policies);
@@ -609,7 +645,9 @@
 			*mac = NULL;
 			return (MAC_ERROR_UNKNOWNLABELNAME);
 		}
+#endif
 		strcpy(temp->m_elements[count].me_name, element_array[count]);
+#if 0
 		if (entry->ime_prepare == NULL) {
 			free(local_policies);
 			mac_free(temp);
@@ -623,6 +661,18 @@
 			*mac = NULL;
 			return (error);
 		}
+#endif
+		temp->m_elements[count].me_databuflen =
+		    MAC_MAX_LABEL_ELEMENT_DATALEN;
+		temp->m_elements[count].me_data =
+		    malloc(temp->m_elements[count].me_databuflen);
+		if (temp->m_elements[count].me_data == NULL) {
+			free(local_policies);
+			mac_free(temp);
+			*mac = NULL;
+			return (MAC_ERROR_INSUFFICIENTRESOURCES);
+		}
+		temp->m_elements[count].me_datalen = 0;
 		temp->m_numliveelements++;
 	}
 
@@ -634,7 +684,9 @@
 int
 mac_to_text(struct mac *mac, char **text)
 {
+#if 0
 	struct internal_module_entry *entry;
+#endif
 	struct mac_element *element;
 	char *string, *tempstring, *elementstring, *policyvalue;
 	int error, i;
@@ -647,6 +699,7 @@
 	string = NULL;
 	for (i = 0; i < mac->m_numliveelements; i++) {
 		element = &mac->m_elements[i];
+#if 0
 		entry = mac_module_find_by_labelname(element->me_name);
 		if (entry == NULL)
 			elementstring = strdup(MAC_PARSE_UNKNOWNVALUE);
@@ -656,11 +709,13 @@
 			error = entry->ime_to_text(element, &policyvalue);
 			if (error != MAC_SUCCESS)
 				goto error_handler;
-
+#endif
 			asprintf(&elementstring, "%s%s%s", element->me_name,
-			    MAC_PARSE_POLICY_SEP_STR, policyvalue);
+			    MAC_PARSE_POLICY_SEP_STR, element->me_data);
+#if 0
 			free(policyvalue);
 		}
+#endif
 		if (elementstring == NULL) {
 			error = MAC_ERROR_INSUFFICIENTRESOURCES;
 			goto error_handler;

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe p4-projects" in the body of the message