PERFORCE change 104075 for review

[Todd Miller]

http://perforce.freebsd.org/chv.cgi?CH=104075

Change 104075 by millert at millert_macbook on 2006/08/15 17:53:18

	Add sebsd_prev label namespace for getting at the previous sid.
	Will be used by getprevcon() in libselinux.

Affected files ...

.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#5 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.h#2 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.c#5 (text+ko) ====

@@ -2936,9 +2936,6 @@
 	u_int32_t context_len;
 	int error;
 
-	if (strcmp("sebsd", element_name) != 0)
-		return (0);
-
 	error = security_sid_to_context(sid, &context, &context_len);
 	if (error)
 		return (error);
@@ -2949,16 +2946,35 @@
 	return (error);
 }
 
-#define SEBSD_EXTERNALIZE_LABEL(n1,n2)					\
+#define	SEBSD_EXTERNALIZE_LABEL(n1,n2)					\
 static int sebsd_externalize_##n1##_label(struct label *label,		\
     char *element_name,	struct sbuf *sb)				\
 {									\
 	struct n2##_security_struct *lsec;				\
+									\
+	if (strcmp("sebsd", element_name) != 0)				\
+		return (0);						\
+									\
 	lsec = SLOT(label);						\
 	return (sebsd_externalize_sid(lsec->sid, element_name, sb));	\
 }
 
-SEBSD_EXTERNALIZE_LABEL(cred,task)
+static int sebsd_externalize_cred_label(struct label *label,
+	char *element_name, struct sbuf *sb)
+{
+	struct task_security_struct *tsec;
+	u_int32_t sid;
+
+	tsec = SLOT(label);
+	if (strcmp("sebsd_prev", element_name) == 0)
+		sid = tsec->osid;
+	else if (strcmp("sebsd", element_name) == 0)
+		sid = tsec->sid;
+	else
+		return (0);
+	return (sebsd_externalize_sid(sid, element_name, sb));
+}
+
 SEBSD_EXTERNALIZE_LABEL(network,network)
 SEBSD_EXTERNALIZE_LABEL(vnode,vnode)
 SEBSD_EXTERNALIZE_LABEL(mount_fs,mount_fs)

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/sebsd.h#2 (text+ko) ====

@@ -41,8 +41,8 @@
 #define	SEBSD_ID_STRING			"sebsd"
 #define	SEBSD_MAC_EXTATTR_NAME		"sebsd"
 #define	SEBSD_MAC_EXTATTR_NAMESPACE	EXTATTR_NAMESPACE_SYSTEM
-#define	SEBSD_MAC_LABEL_NAMESPACES	"sebsd"
-#define	SEBSD_MAC_LABEL_NAME_COUNT	1
+#define	SEBSD_MAC_LABEL_NAMESPACES	"sebsd","sebsd_prev"
+#define	SEBSD_MAC_LABEL_NAME_COUNT	2
 
 extern int sebsd_find_data(const char *key, void **valp, size_t *sizep);
 #define	sebsd_find_data(k, v, s)	mac_find_module_data("sebsd", k, v, s)