PERFORCE change 18301 for review

Robert Watson rwatson at freebsd.org
Sat Sep 28 21:41:40 GMT 2002


http://people.freebsd.org/~peter/p4db/chv.cgi?CH=18301

Change 18301 by rwatson at rwatson_tislabs on 2002/09/28 14:41:09

	Break out text processing from mac_{biba,mls}_{externalize,internalize}
	into seperate _parse and _to_string functions.  This permits
	the same text label processing to also be used for sysctls,
	tunables, and other policy data.  Also, we can use it for
	kernel printfs to indicate the label in use.

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#117 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#97 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#117 (text+ko) ====

@@ -508,24 +508,14 @@
 }
 
 static int
-mac_biba_externalize_label(struct label *label, struct mac *mac,
-    struct mac_element *element, int *claimed)
+mac_biba_to_string(char *string, size_t size, struct mac_biba *mac_biba)
 {
-	struct mac_biba *mac_biba;
-	char string[MAC_MAX_LABEL_ELEMENT_DATALEN], *curptr;
-	size_t len, left;
-	int error;
+	size_t left, len;
+	char *curptr;
 
-	if (strcmp(MAC_BIBA_LABEL_NAME, element->me_name) != 0)
-		return (0);
-
-	(*claimed)++;
-
-	mac_biba = SLOT(label);
-
-	bzero(string, sizeof(string));
+	bzero(string, size);
 	curptr = string;
-	left = MAC_MAX_LABEL_ELEMENT_DATALEN;
+	left = size;
 
 	if (mac_biba->mb_flags & MAC_BIBA_FLAG_SINGLE) {
 		len = mac_biba_element_to_string(curptr, left,
@@ -570,6 +560,28 @@
 		curptr += len;
 	}
 
+	return (0);
+}
+
+static int
+mac_biba_externalize_label(struct label *label, struct mac *mac,
+    struct mac_element *element, int *claimed)
+{
+	struct mac_biba *mac_biba;
+	char string[MAC_MAX_LABEL_ELEMENT_DATALEN];
+	int error;
+
+	if (strcmp(MAC_BIBA_LABEL_NAME, element->me_name) != 0)
+		return (0);
+
+	(*claimed)++;
+
+	mac_biba = SLOT(label);
+	error = mac_biba_to_string(string, MAC_MAX_LABEL_ELEMENT_DATALEN,
+	    mac_biba);
+	if (error)
+		return (error);
+
 	if (strlen(string)+1 > element->me_databuflen)
 		return (EINVAL);
 
@@ -627,27 +639,16 @@
 	return (0);
 }
 
+/*
+ * Note: destructively consumes the string, make a local copy before
+ * calling if that's a problem.
+ */
 static int
-mac_biba_internalize_label(struct label *label, struct mac *mac,
-    struct mac_element *element, int *claimed)
+mac_biba_parse(struct mac_biba *mac_biba, char *string)
 {
-	struct mac_biba *mac_biba, mac_biba_temp;
-	char string[MAC_MAX_LABEL_ELEMENT_DATALEN];		/* XXX */
-	char *range, *rangeend, *rangehigh, *rangelow, *single;
+	char *single, *range, *rangeend, *rangehigh, *rangelow;
 	int error;
 
-	if (strcmp(MAC_BIBA_LABEL_NAME, element->me_name) != 0)
-		return (0);
-
-	(*claimed)++;
-
-	error = copyin(element->me_data, &string, element->me_datalen);
-	if (error)
-		return (error);
-
-	if (!strvalid(string, MAC_MAX_LABEL_ELEMENT_DATALEN))
-		return (EINVAL);
-
 	/* Do we have a range? */
 	single = string;
 	range = index(string, '(');
@@ -681,28 +682,54 @@
 	printf("Biba: single: %s, range low: %s, range high: %s\n",
 	    single, rangelow, rangehigh);
 
-	bzero(&mac_biba_temp, sizeof(mac_biba_temp));
+	bzero(mac_biba, sizeof(*mac_biba));
 	if (single != NULL) {
-		error = mac_biba_parse_element(&mac_biba_temp.mb_single,
-		    single);
+		error = mac_biba_parse_element(&mac_biba->mb_single, single);
 		if (error)
 			return (error);
-		mac_biba_temp.mb_flags |= MAC_BIBA_FLAG_SINGLE;
+		mac_biba->mb_flags |= MAC_BIBA_FLAG_SINGLE;
 	}
 
 	if (rangelow != NULL) {
-		error = mac_biba_parse_element(&mac_biba_temp.mb_rangelow,
+		error = mac_biba_parse_element(&mac_biba->mb_rangelow,
 		    rangelow);
 		if (error)
 			return (error);
-		error == mac_biba_parse_element(&mac_biba_temp.mb_rangehigh,
+		error == mac_biba_parse_element(&mac_biba->mb_rangehigh,
 		    rangehigh);
 		if (error)
 			return (error);
-		mac_biba_temp.mb_flags |= MAC_BIBA_FLAG_RANGE;
+		mac_biba->mb_flags |= MAC_BIBA_FLAG_RANGE;
 	}
 
-	error = mac_biba_valid(&mac_biba_temp);
+	error = mac_biba_valid(mac_biba);
+	if (error)
+		return (error);
+
+	return (0);
+}
+
+static int
+mac_biba_internalize_label(struct label *label, struct mac *mac,
+    struct mac_element *element, int *claimed)
+{
+	struct mac_biba *mac_biba, mac_biba_temp;
+	char string[MAC_MAX_LABEL_ELEMENT_DATALEN];		/* XXX */
+	int error;
+
+	if (strcmp(MAC_BIBA_LABEL_NAME, element->me_name) != 0)
+		return (0);
+
+	(*claimed)++;
+
+	error = copyin(element->me_data, &string, element->me_datalen);
+	if (error)
+		return (error);
+
+	if (!strvalid(string, MAC_MAX_LABEL_ELEMENT_DATALEN))
+		return (EINVAL);
+
+	error = mac_biba_parse(&mac_biba_temp, string);
 	if (error)
 		return (error);
 

==== //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#97 (text+ko) ====

@@ -497,24 +497,14 @@
 }
 
 static int
-mac_mls_externalize_label(struct label *label, struct mac *mac,
-    struct mac_element *element, int *claimed)
+mac_mls_to_string(char *string, size_t size, struct mac_mls *mac_mls)
 {
-	struct mac_mls *mac_mls;
-	char string[MAC_MAX_LABEL_ELEMENT_DATALEN], *curptr;
 	size_t left, len;
-	int error;
+	char *curptr;
 
-	if (strcmp(MAC_MLS_LABEL_NAME, element->me_name) != 0)
-		return (0);
-
-	(*claimed)++;
-
-	mac_mls = SLOT(label);
-
-	bzero(string, sizeof(string));
+	bzero(string, size);
 	curptr = string;
-	left = MAC_MAX_LABEL_ELEMENT_DATALEN;
+	left = size;
 
 	if (mac_mls->mm_flags & MAC_MLS_FLAG_SINGLE) {
 		len = mac_mls_element_to_string(curptr, left,
@@ -559,6 +549,29 @@
 		curptr += len;
 	}
 
+	return (0);
+}
+
+static int
+mac_mls_externalize_label(struct label *label, struct mac *mac,
+    struct mac_element *element, int *claimed)
+{
+	struct mac_mls *mac_mls;
+	char string[MAC_MAX_LABEL_ELEMENT_DATALEN];
+	int error;
+
+	if (strcmp(MAC_MLS_LABEL_NAME, element->me_name) != 0)
+		return (0);
+
+	(*claimed)++;
+
+	mac_mls = SLOT(label);
+
+	error = mac_mls_to_string(string, MAC_MAX_LABEL_ELEMENT_DATALEN,
+	    mac_mls);
+	if (error)
+		return (error);
+
 	if (strlen(string)+1 > element->me_databuflen)
 		return (EINVAL);
 
@@ -616,27 +629,16 @@
 	return (0);
 }
 
+/*
+ * Note: destructively consumes the string, make a local copy before
+ * calling if that's a problem.
+ */
 static int
-mac_mls_internalize_label(struct label *label, struct mac *mac,
-    struct mac_element *element, int *claimed)
+mac_mls_parse(struct mac_mls *mac_mls, char *string)
 {
-	struct mac_mls *mac_mls, mac_mls_temp;
-	char string[MAC_MAX_LABEL_ELEMENT_DATALEN];		/* XXX */
 	char *range, *rangeend, *rangehigh, *rangelow, *single;
 	int error;
 
-	if (strcmp(MAC_MLS_LABEL_NAME, element->me_name) != 0)
-		return (0);
-
-	(*claimed)++;
-
-	error = copyin(element->me_data, &string, element->me_datalen);
-	if (error)
-		return (error);
-
-	if (!strvalid(string, MAC_MAX_LABEL_ELEMENT_DATALEN))
-		return (EINVAL);
-
 	/* Do we have a range? */
 	single = string;
 	range = index(string, '(');
@@ -670,28 +672,54 @@
 	printf("MLS: single: %s, range low: %s, range high: %s\n",
 	    single, rangelow, rangehigh);
 
-	bzero(&mac_mls_temp, sizeof(mac_mls_temp));
+	bzero(mac_mls, sizeof(*mac_mls));
 	if (single != NULL) {
-		error = mac_mls_parse_element(&mac_mls_temp.mm_single,
-		    single);
+		error = mac_mls_parse_element(&mac_mls->mm_single, single);
 		if (error)
 			return (error);
-		mac_mls_temp.mm_flags |= MAC_MLS_FLAG_SINGLE;
+		mac_mls->mm_flags |= MAC_MLS_FLAG_SINGLE;
 	}
 
 	if (rangelow != NULL) {
-		error = mac_mls_parse_element(&mac_mls_temp.mm_rangelow,
+		error = mac_mls_parse_element(&mac_mls->mm_rangelow,
 		    rangelow);
 		if (error)
 			return (error);
-		error = mac_mls_parse_element(&mac_mls_temp.mm_rangehigh,
+		error = mac_mls_parse_element(&mac_mls->mm_rangehigh,
 		    rangehigh);
 		if (error)
 			return (error);
-		mac_mls_temp.mm_flags |= MAC_MLS_FLAG_RANGE;
+		mac_mls->mm_flags |= MAC_MLS_FLAG_RANGE;
 	}
 
-	error = mac_mls_valid(&mac_mls_temp);
+	error = mac_mls_valid(mac_mls);
+	if (error)
+		return (error);
+
+	return (0);
+}
+
+static int
+mac_mls_internalize_label(struct label *label, struct mac *mac,
+    struct mac_element *element, int *claimed)
+{
+	struct mac_mls *mac_mls, mac_mls_temp;
+	char string[MAC_MAX_LABEL_ELEMENT_DATALEN];		/* XXX */
+	int error;
+
+	if (strcmp(MAC_MLS_LABEL_NAME, element->me_name) != 0)
+		return (0);
+
+	(*claimed)++;
+
+	error = copyin(element->me_data, &string, element->me_datalen);
+	if (error)
+		return (error);
+
+	if (!strvalid(string, MAC_MAX_LABEL_ELEMENT_DATALEN))
+		return (EINVAL);
+
+	error = mac_mls_parse(&mac_mls_temp, string);
 	if (error)
 		return (error);
 
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message



More information about the trustedbsd-cvs mailing list