PERFORCE change 19342 for review

Brian Feldman green at freebsd.org
Tue Oct 15 18:46:28 GMT 2002 

http://perforce.freebsd.org/chv.cgi?CH=19342

Change 19342 by green at green_laptop_2 on 2002/10/15 11:46:02

	Use MAC calls, not extattr calls, to set the labels.

Affected files ...

.. //depot/projects/trustedbsd/mac/sbin/sebsd_setfiles/setfiles.c#8 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sbin/sebsd_setfiles/setfiles.c#8 (text+ko) ====

@@ -44,8 +44,9 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <sys/param.h>
-#include <sys/extattr.h>
+#include <sys/mac.h>
 #include <fts.h>
+#include <err.h>
 
 #include <flask.h>
 #include <sebsd.h>
@@ -61,6 +62,7 @@
 	char *type_str;		/* type string for diagnostic messages */
 	char *context;		/* context string */
 	int contextlen;		/* length of context string */
+	mac_t maclabel;		/* context converted into a mac label */
 	regex_t regex;		/* compiled regular expression */
 	mode_t mode;		/* mode format value */
 	security_id_t sid;      /* SID */
@@ -172,17 +174,9 @@
 	 * For now, skip it and over-write prior labels.
 	 */
 
-	error = extattr_set_link(path, SEBSD_MAC_EXTATTR_NAMESPACE,
-				 SEBSD_MAC_EXTATTR_NAME, spec[idx].context,
-				 spec[idx].contextlen);
-	if (error != spec[idx].contextlen) {
-		perror("ERROR setting extended attribute");
-		printf("ERROR setting extended attribute for %s, "
-		       "bad write %d of %d\n",
-		       path, error, spec[idx].contextlen);
-	}
-	if (error < 0)
-		printf("ERROR setting extended attribute for %s\n", path);
+	error = mac_set_link(path, spec[idx].maclabel);
+	if (error)
+		warn("setting context for %s", path);
 
 	return;
 }
@@ -199,7 +193,7 @@
 int main(int argc, char **argv)
 {
 	FILE *fp;
-	char buf[255 + 1], *buf_p;
+	char buf[255 + 1], *buf_p, *labeltext;
 	char regex[1024], type[1024], context[1024];
 	char *anchored_regex;
 	int ch, items, len, lineno, pass, nerr, regerr;
@@ -348,6 +342,13 @@
 
 				spec[nspec].context = strdup(context);
 				spec[nspec].contextlen = strlen(context)+1;
+				asprintf(&labeltext, "sebsd/%s", context);
+				if (labeltext == NULL)
+					err(1, "asprintf");
+				if (mac_from_text(&spec[nspec].maclabel,
+				    labeltext) != 0)
+					err(1, "mac_from_text(%s)", labeltext);
+				free(labeltext);
 				if (strcmp(context, "<<none>>") == 0) {
 					spec[nspec].sid = 0;
 				} else {
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

More information about the trustedbsd-cvs mailing list