PERFORCE change 110121 for review

Thu Nov 16 19:13:54 UTC 2006

http://perforce.freebsd.org/chv.cgi?CH=110121

Change 110121 by millert at millert_macbook on 2006/11/16 19:12:14

	If a policy registers a label namespace that starts with
	'?', exclude it from the default label list return by '*'
	during externalize.

Affected files ...

.. //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_base.c#22 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin8/darwin/xnu/security/mac_base.c#22 (text+ko) ====

@@ -479,7 +479,7 @@
 	struct mac_label_element *mle, **new_mles;
 	struct mac_label_element_list_t *list;
 	struct mac_policy_conf *mpc;
-	const char *name;
+	const char *name, *name2;
 	u_int idx, mle_free, mll_free;
 
 	mpc = mac_get_mpc(handle);
@@ -520,25 +520,29 @@
 		mac_policy_grab_exclusive();
 	for (idx = 0; idx < mpc->mpc_labelname_count; idx++) {
 
-		name = mpc->mpc_labelnames[idx];
-
+		if (*(name = mpc->mpc_labelnames[idx]) == '?')
+			name++;
 		/*
 		 * Check both label element lists and add to the 
 		 * appropriate list only if not already on a list.
 		 */
 		LIST_FOREACH(mle, &mac_static_label_element_list, mle_list) {
-			if (strcmp(name, mle->mle_name) == 0)
+			if (*(name2 = mle->mle_name) == '?')
+				name2++;
+			if (strcmp(name, name2) == 0)
 				break;
 		}
 		if (mle == NULL) {
 			LIST_FOREACH(mle, &mac_label_element_list, mle_list) {
-				if (strcmp(name, mle->mle_name) == 0)
+				if (*(name2 = mle->mle_name) == '?')
+					name2++;
+				if (strcmp(name, name2) == 0)
 					break;
 			}
 		}
 		if (mle == NULL) {
 			mle = new_mles[mle_free];
-			strcpy(mle->mle_name, name);
+			strcpy(mle->mle_name, mpc->mpc_labelnames[idx]);
 			LIST_INIT(&mle->mle_listeners);
 			LIST_INSERT_HEAD(list, mle, mle_list);
 			mle_free++;
@@ -1016,6 +1020,7 @@
 	struct mac_label_listener *mll;
 	struct mac_label_element *mle;
 	struct mac_label_element_list_t *element_list;
+	const char *name;
 	int (*mpo_externalize)(struct label *, char *, struct sbuf *);
 	int all_labels = 0, ignorenotfound = 0, error = 0, busy = FALSE;
 	unsigned int count = 0;
@@ -1029,8 +1034,16 @@
 	element_list = &mac_static_label_element_list;
 element_loop:
 	LIST_FOREACH(mle, element_list, mle_list) {
-		if (!all_labels && strcmp(mle->mle_name, element) != 0)
-			continue;
+		name = mle->mle_name;
+		if (all_labels) {
+			if (*name == '?')
+			    continue;
+		} else {
+			if (*name == '?')
+				name++;
+			if (strcmp(name, element) != 0)
+				continue;
+		}
 		LIST_FOREACH(mll, &mle->mle_listeners, mll_list) {
 			mpc = mac_policy_list.entries[mll->mll_handle].mpc;
 			if (mpc == NULL)
@@ -1040,7 +1053,7 @@
 			    ((char *)mpc->mpc_ops + mpo_externalize_off);
 			if (mpo_externalize == NULL)
 				continue;
-			error = sbuf_printf(sb, "%s/", mle->mle_name);
+			error = sbuf_printf(sb, "%s/", name);
 			if (error)
 				goto done;
 			error = mpo_externalize(label, mle->mle_name, sb);
@@ -1055,7 +1068,7 @@
 				 * (but not all) object types.
 				 */
 				sbuf_setpos(sb, sbuf_len(sb) -
-				    (strlen(mle->mle_name) + 1));
+				    (strlen(name) + 1));
 				error = 0;
 				continue;
 			}
@@ -1121,11 +1134,14 @@
 	int (*mpo_internalize)(struct label *, char *, char *);
 	int error = 0, busy = FALSE;
 	unsigned int count = 0;
+	const char *name;
 
 	element_list = &mac_static_label_element_list;
 element_loop:
 	LIST_FOREACH(mle, element_list, mle_list) {
-		if (strcmp(element_name, mle->mle_name) != 0)
+		if (*(name = mle->mle_name) == '?')
+			name++;
+		if (strcmp(element_name, name) != 0)
 			continue;
 		LIST_FOREACH(mll, &mle->mle_listeners, mll_list) {
 			mpc = mac_policy_list.entries[mll->mll_handle].mpc;
