PERFORCE change 85307 for review

Todd Miller millert at FreeBSD.org
Fri Oct 14 13:48:42 PDT 2005 

http://perforce.freebsd.org/chv.cgi?CH=85307

Change 85307 by millert at millert_ibook on 2005/10/14 20:48:08

	Fix the bug in MAC_INTERNALIZE where the return code from the 
	policies' internalize ops was not being checked. Also invert the
	logic for comparing the label namespace.  Also invert the logic
	for comparing label namespaces in the MAC_EXTERNALIZE macro to
	clarify the source.  From the DSEP branch (wsalamon).

Affected files ...

.. //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/security/mac_internal.h#4 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin7/src/darwin/xnu/security/mac_internal.h#4 (text+ko) ====

@@ -264,24 +264,22 @@
 			continue;					\
 									\
 		for (idx = 0; idx < ME_mpc->mpc_labelname_count; idx++) { \
-			if (strcmp(ME_mpc->mpc_labelnames[idx], element) == 0){\
-				if (count == 0) {			\
-					error = sbuf_printf(&sb, "%s/",	\
-					    element);			\
-					if (error)			\
-						break;			\
-				} else {				\
-					error = sbuf_printf(&sb, ",");	\
-					if (error)			\
-						break;			\
-				}					\
-				error = 				\
-			    ME_mpc->mpc_ops->mpo_externalize_## type ##_label\
-				    (label, element, &sb);		\
+			if (strcmp(ME_mpc->mpc_labelnames[idx], element) != 0)\
+				continue;				\
+			if (count == 0) {				\
+				error = sbuf_printf(&sb, "%s/",	element);\
+				if (error)				\
+					break;				\
+			} else {					\
+				error = sbuf_printf(&sb, ",");		\
 				if (error)				\
 					break;				\
-				count++;				\
 			}						\
+			error = ME_mpc->mpc_ops->mpo_externalize_## type ##_label\
+				    (label, element, &sb);		\
+			if (error)					\
+				break;					\
+			count++;					\
 		}							\
 		if (error)						\
 			break;						\
@@ -404,13 +402,13 @@
 			continue;					\
 									\
 		for (idx = 0; idx < MI_mpc->mpc_labelname_count; idx++) { \
-			if (strcmp(MI_mpc->mpc_labelnames[idx], element) == 0){\
-			    MI_mpc->mpc_ops->mpo_internalize_## type ##_label\
+			if (strcmp(MI_mpc->mpc_labelnames[idx], element) != 0) \
+				continue;				\
+			error = MI_mpc->mpc_ops->mpo_internalize_## type ##_label\
 				    (label, element, element_data);	\
-				if (error)				\
-					break;				\
-				count++;				\
-			}						\
+			if (error)					\
+				break;					\
+			count++;					\
 		}							\
 		if (error)						\
 			break;						\

More information about the p4-projects mailing list