1 /*-
2  * SPDX-License-Identifier: BSD-2-Clause
12  * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"),
49 #include <sys/mac.h>
57  * XXXMAC: Not thread-safe.
72 		free(ld->ld_name);  in mac_destroy_labels()
73 		free(ld->ld_labels);  in mac_destroy_labels()
101 		return (-1);  in mac_add_type()
107 		return (-1);  in mac_add_type()
114 		return (-1);  in mac_add_type()
123 		if (strcmp(name, ld->ld_name) == 0)  in mac_add_type()
128 		free(ld->ld_labels);  in mac_add_type()
129 		ld->ld_labels = labels_dup;  in mac_add_type()
133 		ld->ld_name = name_dup;  in mac_add_type()
134 		ld->ld_labels = labels_dup;  in mac_add_type()
187 		if (line[strlen(line)-1] == '\n')  in mac_init_internal()
188 			line[strlen(line)-1] = '\0';  in mac_init_internal()
220 			if (mac_add_type(name, labels) == -1) {  in mac_init_internal()
248 			if (mac_add_type(type, labels) == -1) {  in mac_init_internal()
293 mac_free(struct mac *mac)  in mac_free()  argument
296 	if (mac->m_string != NULL)  in mac_free()
297 		free(mac->m_string);  in mac_free()
298 	free(mac);  in mac_free()
304 mac_from_text(struct mac **mac, const char *text)  in mac_from_text()  argument
307 	*mac = (struct mac *) malloc(sizeof(**mac));  in mac_from_text()
308 	if (*mac == NULL)  in mac_from_text()
311 	(*mac)->m_string = strdup(text);  in mac_from_text()
312 	if ((*mac)->m_string == NULL) {  in mac_from_text()
313 		free(*mac);  in mac_from_text()
314 		*mac = NULL;  in mac_from_text()
318 	(*mac)->m_buflen = strlen((*mac)->m_string)+1;  in mac_from_text()
324 mac_to_text(struct mac *mac, char **text)  in mac_to_text()  argument
327 	*text = strdup(mac->m_string);  in mac_to_text()
334 mac_prepare(struct mac **mac, const char *elements)  in mac_prepare()  argument
340 	*mac = (struct mac *) malloc(sizeof(**mac));  in mac_prepare()
341 	if (*mac == NULL)  in mac_prepare()
344 	(*mac)->m_string = malloc(MAC_MAX_LABEL_BUF_LEN);  in mac_prepare()
345 	if ((*mac)->m_string == NULL) {  in mac_prepare()
346 		free(*mac);  in mac_prepare()
347 		*mac = NULL;  in mac_prepare()
351 	strcpy((*mac)->m_string, elements);  in mac_prepare()
352 	(*mac)->m_buflen = MAC_MAX_LABEL_BUF_LEN;  in mac_prepare()
358 mac_prepare_type(struct mac **mac, const char *name)  in mac_prepare_type()  argument
369 		if (strcmp(name, ld->ld_name) == 0)  in mac_prepare_type()
370 			return (mac_prepare(mac, ld->ld_labels));  in mac_prepare_type()
374 	return (-1);		/* XXXMAC: ENOLABEL */  in mac_prepare_type()
378 mac_prepare_ifnet_label(struct mac **mac)  in mac_prepare_ifnet_label()  argument
381 	return (mac_prepare_type(mac, "ifnet"));  in mac_prepare_ifnet_label()
385 mac_prepare_file_label(struct mac **mac)  in mac_prepare_file_label()  argument
388 	return (mac_prepare_type(mac, "file"));  in mac_prepare_file_label()
392 mac_prepare_packet_label(struct mac **mac)  in mac_prepare_packet_label()  argument
395 	return (mac_prepare_type(mac, "packet"));  in mac_prepare_packet_label()
399 mac_prepare_process_label(struct mac **mac)  in mac_prepare_process_label()  argument
402 	return (mac_prepare_type(mac, "process"));  in mac_prepare_process_label()
406  * Simply test whether the TrustedBSD/MAC MIB tree is present; if so,
407  * return 1 to indicate that the system has MAC enabled overall or for
421 			return (-1);  in mac_is_present()
423 		mibname = malloc(sizeof("security.mac.") - 1 +  in mac_is_present()
426 			return (-1);  in mac_is_present()
427 		strcpy(mibname, "security.mac.");  in mac_is_present()
435 		error = sysctlnametomib("security.mac", mib, &siz);  in mac_is_present()
437 	if (error == -1) {  in mac_is_present()