PERFORCE change 85307 for review

[Todd Miller]

http://perforce.freebsd.org/chv.cgi?CH=85307

Change 85307 by millert at millert_ibook on 2005/10/14 20:48:08

	Fix the bug in MAC_INTERNALIZE where the return code from the 
	policies' internalize ops was not being checked. Also invert the
	logic for comparing the label namespace.  Also invert the logic
	for comparing label namespaces in the MAC_EXTERNALIZE macro to
	clarify the source.  From the DSEP branch (wsalamon).

Affected files ...

.. //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/security/mac_internal.h#4 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/security/mac_internal.h#4 (text+ko) ====

@@ -264,24 +264,22 @@
 			continue;					\
 									\
 		for (idx = 0; idx < ME_mpc->mpc_labelname_count; idx++) { \
-			if (strcmp(ME_mpc->mpc_labelnames[idx], element) == 0){\
-				if (count == 0) {			\
-					error = sbuf_printf(&sb, "%s/",	\
-					    element);			\
-					if (error)			\
-						break;			\
-				} else {				\
-					error = sbuf_printf(&sb, ",");	\
-					if (error)			\
-						break;			\
-				}					\
-				error = 				\
-			    ME_mpc->mpc_ops->mpo_externalize_## type ##_label\
-				    (label, element, &sb);		\
+			if (strcmp(ME_mpc->mpc_labelnames[idx], element) != 0)\
+				continue;				\
+			if (count == 0) {				\
+				error = sbuf_printf(&sb, "%s/",	element);\
+				if (error)				\
+					break;				\
+			} else {					\
+				error = sbuf_printf(&sb, ",");		\
 				if (error)				\
 					break;				\
-				count++;				\
 			}						\
+			error = ME_mpc->mpc_ops->mpo_externalize_## type ##_label\
+				    (label, element, &sb);		\
+			if (error)					\
+				break;					\
+			count++;					\
 		}							\
 		if (error)						\
 			break;						\
@@ -404,13 +402,13 @@
 			continue;					\
 									\
 		for (idx = 0; idx < MI_mpc->mpc_labelname_count; idx++) { \
-			if (strcmp(MI_mpc->mpc_labelnames[idx], element) == 0){\
-			    MI_mpc->mpc_ops->mpo_internalize_## type ##_label\
+			if (strcmp(MI_mpc->mpc_labelnames[idx], element) != 0) \
+				continue;				\
+			error = MI_mpc->mpc_ops->mpo_internalize_## type ##_label\
 				    (label, element, element_data);	\
-				if (error)				\
-					break;				\
-				count++;				\
-			}						\
+			if (error)					\
+				break;					\
+			count++;					\
 		}							\
 		if (error)						\
 			break;						\
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message