From nobody Mon Dec 16 14:46:02 2024
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YBjRt6XP1z5hWcy;
	Mon, 16 Dec 2024 14:46:02 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4YBjRt3gq2z4dv6;
	Mon, 16 Dec 2024 14:46:02 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1734360362;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=B0/d0rjFDPaV3WzrMWvrLr1hGuPV7Ku8jNWq+8CiUi0=;
	b=FR9ZFSidZJMw+fhvRKbP+9V8zrF6dk71Q8zx08XW5CmdMAlSLHukhv9T15s7Y5ElNXivGt
	tjN/KlNhpmoZE128lP2mIAZ60gXroU25L3gNgT17MtgGxNd/yM5OFbJFrJF/itsR/dM4UB
	GEfKY5ep7x/IA0k+pSYLN2n+b/22ldGUXHiA4neccaZERCvhnSknMGsbLwbUKdvIB7f4Pn
	fafXoQMd7dlc7s2FHCnFkLnTv4CWL/cnKRykcVHm+CQcD5YQNMT8JgYHkiLoUrsKkDmZ+1
	FVee1n9QdE/ue5dEFe0gx7gKVJWYj7UrXRripTEQmsoRHaC606XVS6zF6Qtlcw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1734360362;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=B0/d0rjFDPaV3WzrMWvrLr1hGuPV7Ku8jNWq+8CiUi0=;
	b=AZKOVmc9bPZPsrzLk3n/Lo1G30C9yJsE8+x8Ar5GBKz8gKBEyZioIYpqx1ba/YHqtm3Pwa
	ikETg9N1/q0Sf6x3Nmed0jACn3ZuktYJsbCMx9VxcmboMdd3xFwIp9w+3N0QdUZ4wuhgSU
	olc1hhqkI4trtPNgdGgS8mjBIKWiq3BinzFIf9kS51bweqD+boYK2hu+/AsURbfQqI0yku
	EUs4vY5vgVVUoUiocDx2HxZ9ySQyZYV1i30pXH2ksvsFPhkeyiVkt8FSC5Mq01YOKGCq2e
	xEG/PEHYjVpN/Gy9kSzxnz3GdO5MgLI1d4xOKyOvKkL/Z2qKwS/CD3jzrhvJUQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1734360362; a=rsa-sha256; cv=none;
	b=vTE6QdbPWPcyz5EI/OhxC1pXD4YmwUyZqv8NXynKxLUop9ic2N03sW5SkP+ryx3SeHsckL
	cl+MqYj6yy0Rs01uLvueC3J1rlTp2ISayFdJVycno55IYHsVhba1QTfNoyRijrpvKm+gW+
	53SloZ2joZ8/X7byU3D5aXUVcV96IunPt50ReqHGsbIJP2A1HVp2Myrrslms7rfJ3jYuji
	sRSrnYVgeZydZY9pzQERc84eYItucqVjW/BiBtbi3fQ5KoIVs58AAOdNTUdg03VTYILen3
	eseDPrnPdluCCUIKbkJdWxGDLmz0mgoIXc66qm7Ugomi13Uk2Igb77qypG/Wyw==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4YBjRt3HNTzy0H;
	Mon, 16 Dec 2024 14:46:02 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 4BGEk2o5053623;
	Mon, 16 Dec 2024 14:46:02 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 4BGEk2MJ053620;
	Mon, 16 Dec 2024 14:46:02 GMT
	(envelope-from git)
Date: Mon, 16 Dec 2024 14:46:02 GMT
Message-Id: <202412161446.4BGEk2MJ053620@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-main@FreeBSD.org
From: Olivier Certner <olce@FreeBSD.org>
Subject: git: 6aadc7b2ee05 - main - MAC/do: 'struct rule': IDs and
  types as 'u_int', rename fields
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-all@freebsd.org
Sender: owner-dev-commits-src-all@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: olce
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 6aadc7b2ee055fba58984fec715b6e2a754f9d3e
Auto-Submitted: auto-generated

The branch main has been updated by olce:

URL: https://cgit.FreeBSD.org/src/commit/?id=6aadc7b2ee055fba58984fec715b6e2a754f9d3e

commit 6aadc7b2ee055fba58984fec715b6e2a754f9d3e
Author:     Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2024-07-05 11:43:41 +0000
Commit:     Olivier Certner <olce@FreeBSD.org>
CommitDate: 2024-12-16 14:42:37 +0000

    MAC/do: 'struct rule': IDs and types as 'u_int', rename fields
    
    This is in preparation for introducing a common conversion function for
    IDs and to simplify code a bit by removing the from-IDs union and not
    having to introduce a new one for to-IDs in a later commit.
    
    Reviewed by:    bapt
    Approved by:    markj (mentor)
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D47613
---
 sys/security/mac_do/mac_do.c | 102 ++++++++++++++++++-------------------------
 1 file changed, 43 insertions(+), 59 deletions(-)

diff --git a/sys/security/mac_do/mac_do.c b/sys/security/mac_do/mac_do.c
index edd728ea070a..bfd5eb136fc1 100644
--- a/sys/security/mac_do/mac_do.c
+++ b/sys/security/mac_do/mac_do.c
@@ -40,14 +40,19 @@ static unsigned		mac_do_osd_jail_slot;
 #define RULE_GID	2
 #define RULE_ANY	3
 
+/*
+ * We assume that 'uid_t' and 'gid_t' are aliases to 'u_int' in conversions
+ * required for parsing rules specification strings.
+ */
+_Static_assert(sizeof(uid_t) == sizeof(u_int) && (uid_t)-1 >= 0 &&
+    sizeof(gid_t) == sizeof(u_int) && (gid_t)-1 >= 0,
+    "mac_do(4) assumes that 'uid_t' and 'gid_t' are aliases to 'u_int'");
+
 struct rule {
-	int	from_type;
-	union {
-		uid_t f_uid;
-		gid_t f_gid;
-	};
-	int	to_type;
-	uid_t t_uid;
+	u_int	from_type;
+	u_int	from_id;
+	u_int	to_type;
+	u_int	to_id;
 	TAILQ_ENTRY(rule) r_entries;
 };
 
@@ -83,71 +88,50 @@ alloc_rules(void)
 static int
 parse_rule_element(char *element, struct rule **rule)
 {
-	int error = 0;
-	char *type, *id, *p;
+	const char *from_type, *from_id, *to;
+	char *p;
 	struct rule *new;
 
 	new = malloc(sizeof(*new), M_DO, M_ZERO|M_WAITOK);
 
-	type = strsep(&element, "=");
-	if (type == NULL) {
-		error = EINVAL;
-		goto error;
-	}
+	from_type = strsep(&element, "=");
+	if (from_type == NULL)
+		goto einval;
 
-	if (strcmp(type, "uid") == 0)
+	if (strcmp(from_type, "uid") == 0)
 		new->from_type = RULE_UID;
-	else if (strcmp(type, "gid") == 0)
+	else if (strcmp(from_type, "gid") == 0)
 		new->from_type = RULE_GID;
-	else {
-		error = EINVAL;
-		goto error;
-	}
+	else
+		goto einval;
 
-	id = strsep(&element, ":");
-	if (id == NULL || *id == '\0') {
-		error = EINVAL;
-		goto error;
-	}
+	from_id = strsep(&element, ":");
+	if (from_id == NULL || *from_id == '\0')
+		goto einval;
 
-	switch (new->from_type) {
-	case RULE_UID:
-		new->f_uid = strtol(id, &p, 10);
-		break;
-	case RULE_GID:
-		new->f_gid = strtol(id, &p, 10);
-		break;
-	default:
-		__assert_unreachable();
-	}
-	if (*p != '\0') {
-		error = EINVAL;
-		goto error;
-	}
+	new->from_id = strtol(from_id, &p, 10);
+	if (*p != '\0')
+		goto einval;
 
-	if (element == NULL || *element == '\0') {
-		error = EINVAL;
-		goto error;
-	}
-	if (strcmp(element, "any") == 0 || strcmp(element, "*") == 0)
+	to = element;
+	if (to == NULL || *to == '\0')
+		goto einval;
+
+	if (strcmp(to, "any") == 0 || strcmp(to, "*") == 0)
 		new->to_type = RULE_ANY;
 	else {
 		new->to_type = RULE_UID;
-		new->t_uid = strtol(element, &p, 10);
-		if (*p != '\0') {
-			error = EINVAL;
-			goto error;
-		}
+		new->to_id = strtol(to, &p, 10);
+		if (*p != '\0')
+			goto einval;
 	}
 
-	MPASS(error == 0);
 	*rule = new;
 	return (0);
-error:
-	MPASS(error != 0);
+einval:
 	free(new, M_DO);
 	*rule = NULL;
-	return (error);
+	return (EINVAL);
 }
 
 /*
@@ -568,9 +552,9 @@ mac_do_destroy(struct mac_policy_conf *mpc)
 static bool
 rule_applies(struct ucred *cred, struct rule *r)
 {
-	if (r->from_type == RULE_UID && r->f_uid == cred->cr_uid)
+	if (r->from_type == RULE_UID && r->from_id == cred->cr_uid)
 		return (true);
-	if (r->from_type == RULE_GID && groupmember(r->f_gid, cred))
+	if (r->from_type == RULE_GID && groupmember(r->from_id, cred))
 		return (true);
 	return (false);
 }
@@ -663,25 +647,25 @@ mac_do_check_setuid(struct ucred *cred, uid_t uid)
 	rule = find_rules(cred->cr_prison, &pr);
 	TAILQ_FOREACH(r, &rule->head, r_entries) {
 		if (r->from_type == RULE_UID) {
-			if (cred->cr_uid != r->f_uid)
+			if (cred->cr_uid != r->from_id)
 				continue;
 			if (r->to_type == RULE_ANY) {
 				error = 0;
 				break;
 			}
-			if (r->to_type == RULE_UID && uid == r->t_uid) {
+			if (r->to_type == RULE_UID && uid == r->to_id) {
 				error = 0;
 				break;
 			}
 		}
 		if (r->from_type == RULE_GID) {
-			if (!groupmember(r->f_gid, cred))
+			if (!groupmember(r->from_id, cred))
 				continue;
 			if (r->to_type == RULE_ANY) {
 				error = 0;
 				break;
 			}
-			if (r->to_type == RULE_UID && uid == r->t_uid) {
+			if (r->to_type == RULE_UID && uid == r->to_id) {
 				error = 0;
 				break;
 			}