d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add bsde_add_rule(), which is similar to bsde_set_rule() except that

Browse Source 
the caller does not specify the rule number -- instead, the kernel
module is probed for the next available rule, which is then used.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, McAfee Research
This commit is contained in:
Robert Watson 2004-02-25 03:24:39 +00:00
parent b3ab6e504b
commit 47ab23aa82
5 changed files with 79 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
lib/libugidfw/Makefile
View File

@ -8,6 +8,7 @@ INCS= ugidfw.h
MAN+= bsde_get_rule.3 bsde_get_rule_count.3 bsde_parse_rule.3 \ MAN+= bsde_get_rule.3 bsde_get_rule_count.3 bsde_parse_rule.3 \
bsde_rule_to_string.3 libugidfw.3 bsde_rule_to_string.3 libugidfw.3
MLINKS= bsde_get_rule.3 bsde_add_rule.3
MLINKS= bsde_get_rule.3 bsde_delete_rule.3 MLINKS= bsde_get_rule.3 bsde_delete_rule.3
MLINKS+= bsde_get_rule.3 bsde_set_rule.3 MLINKS+= bsde_get_rule.3 bsde_set_rule.3
MLINKS+= bsde_get_rule_count.3 bsde_get_rule_slots.3 MLINKS+= bsde_get_rule_count.3 bsde_get_rule_slots.3

31
lib/libugidfw/bsde_get_rule.3
View File

@ -1,4 +1,4 @@
.\" Copyright (c) 2003 Networks Associates Technology, Inc. .\" Copyright (c) 2003-2004 Networks Associates Technology, Inc.
.\" All rights reserved. .\" All rights reserved.
.\" .\"
.\" This software was developed for the FreeBSD Project by Chris .\" This software was developed for the FreeBSD Project by Chris
@ -30,10 +30,11 @@
.\" .\"
.\" $FreeBSD$ .\" $FreeBSD$
.\" .\"
.Dd January 7, 2003 .Dd February 24, 2004
.Os .Os
.Dt BSDE_GET_RULE 3 .Dt BSDE_GET_RULE 3
.Sh NAME .Sh NAME
.Nm bsde_add_rule ,
.Nm bsde_get_rule , .Nm bsde_get_rule ,
.Nm bsde_set_rule , .Nm bsde_set_rule ,
.Nm bsde_delete_rule .Nm bsde_delete_rule
@ -43,6 +44,11 @@
.Sh SYNOPSIS .Sh SYNOPSIS
.In ugidfw.h .In ugidfw.h
.Ft int .Ft int
.Fo bsde_add_rule
.Fa "int *rulenum" "struct mac_bsdextended_rule *rule"
.Fa "size_t buflen" "char *errstr"
.Fc
.Ft int
.Fo bsde_get_rule .Fo bsde_get_rule
.Fa "int rulenum" "struct mac_bsdextended_rule *rule" .Fa "int rulenum" "struct mac_bsdextended_rule *rule"
.Fa "size_t errlen" "char *errstr" .Fa "size_t errlen" "char *errstr"
@ -56,6 +62,27 @@
.Fn bsde_delete_rule "int rulenum" "size_t errlen" "char *errstr" .Fn bsde_delete_rule "int rulenum" "size_t errlen" "char *errstr"
.Sh DESCRIPTION .Sh DESCRIPTION
The The
.Fn bsde_add_rule
function fills the next available
rule (in
.Vt "struct mac_bsdextended_rule"
form, either from
.Fn bsde_get_rule
or
.Xr bsde_parse_rule 3 ) .
If an error occurs,
.Fa *errstr
is filled with the error string
(up to
.Fa errlen
characters, including the terminating
.Dv NUL ) .
If successful and
.Fa rulenum
is non-NULL, the rule number used will be returned in
.Fa *rulenum .
.Pp
The
.Fn bsde_get_rule .Fn bsde_get_rule
function fills in function fills in
.Fa *rule .Fa *rule

4
lib/libugidfw/libugidfw.3
View File

@ -96,6 +96,10 @@ Uploads the rule to the
module and applies it; module and applies it;
see see
.Xr bsde_set_rule 3 . .Xr bsde_set_rule 3 .
.It Fn bsde_add_rule
Upload the rule to the module, automatically selecting the next available
rule number; see
.Xr bsde_add_rule 3 .
.El .El
.Sh SEE ALSO .Sh SEE ALSO
.Xr bsde_delete_rule 3 , .Xr bsde_delete_rule 3 ,

43
lib/libugidfw/ugidfw.c
View File

@ -1,5 +1,5 @@
/*- /*-
* Copyright (c) 2002 Networks Associates Technology, Inc. * Copyright (c) 2002, 2004 Networks Associates Technology, Inc.
* All rights reserved. * All rights reserved.
* *
* This software was developed for the FreeBSD Project by Network Associates * This software was developed for the FreeBSD Project by Network Associates
@ -708,3 +708,44 @@ bsde_set_rule(int rulenum, struct mac_bsdextended_rule *rule, size_t buflen,
return (0); return (0);
} }
int
bsde_add_rule(int *rulenum, struct mac_bsdextended_rule *rule, size_t buflen,
char *errstr)
{
char charstr[BUFSIZ];
int name[10];
size_t len, size;
int error, rule_slots;
len = 10;
error = bsde_get_mib(MIB ".rules", name, &len);
if (error) {
len = snprintf(errstr, buflen, "%s: %s", MIB ".rules",
strerror(errno));
return (-1);
}
rule_slots = bsde_get_rule_slots(BUFSIZ, charstr);
if (rule_slots == -1) {
len = snprintf(errstr, buflen, "unable to get rule slots: %s",
strerror(errno));
return (-1);
}
name[len] = rule_slots;
len++;
size = sizeof(*rule);
error = sysctl(name, len, NULL, NULL, rule, size);
if (error) {
len = snprintf(errstr, buflen, "%s.%d: %s", MIB ".rules",
rule_slots, strerror(errno));
return (-1);
}
if (rulenum != NULL)
rule_slots;
return (0);
}

4
lib/libugidfw/ugidfw.h
View File

@ -1,5 +1,5 @@
/*- /*-
* Copyright (c) 2002 Networks Associates Technology, Inc. * Copyright (c) 2002, 2004 Networks Associates Technology, Inc.
* All rights reserved. * All rights reserved.
* *
* This software was developed for the FreeBSD Project by Network Associates * This software was developed for the FreeBSD Project by Network Associates
@ -54,6 +54,8 @@ int bsde_get_rule(int rulenum, struct mac_bsdextended_rule *rule,
int bsde_delete_rule(int rulenum, size_t buflen, char *errstr); int bsde_delete_rule(int rulenum, size_t buflen, char *errstr);
int bsde_set_rule(int rulenum, struct mac_bsdextended_rule *rule, int bsde_set_rule(int rulenum, struct mac_bsdextended_rule *rule,
size_t buflen, char *errstr); size_t buflen, char *errstr);
int bsde_add_rule(int *rulename, struct mac_bsdextended_rule *rule,
size_t buflen, char *errstr);
__END_DECLS __END_DECLS
#endif #endif