PERFORCE change 118476 for review
Robert Watson
rwatson at FreeBSD.org
Fri Apr 20 14:29:43 UTC 2007
http://perforce.freebsd.org/chv.cgi?CH=118476
Change 118476 by rwatson at rwatson_zoo on 2007/04/20 14:28:50
Remove currently unused MAC/audit code from mac_audit.c. It can be
re-added as required.
Update copyrights.
Affected files ...
.. //depot/projects/trustedbsd/audit3/sys/security/mac/mac_audit.c#8 edit
.. //depot/projects/trustedbsd/audit3/sys/security/mac/mac_framework.h#6 edit
.. //depot/projects/trustedbsd/audit3/sys/security/mac/mac_policy.h#6 edit
Differences ...
==== //depot/projects/trustedbsd/audit3/sys/security/mac/mac_audit.c#8 (text+ko) ====
@@ -99,125 +99,3 @@
return (error);
}
-
-#if 0
-/*
- * This is the framework entry point for MAC policies to use to add arbitrary
- * data to the current audit record. (Currently not supported, as no
- * existing audit viewers display this format)
- */
-int
-mac_audit_data(int len, u_char *data, struct mac_policy_conf *caller)
-{
- char *sanitized;
-
- if ((len <= 0) || (len > MAC_AUDIT_DATA_LIMIT))
- return (EINVAL);
-
- sanitized = kalloc(len);
- if (sanitized == NULL)
- return (ENOMEM);
-
- bcopy(data, sanitized, len);
- return (audit_mac_data(MAC_AUDIT_DATA_TYPE, len, sanitized));
-}
-
-/*
- * This is the entry point a MAC policy will call to add NULL-terminated
- * ASCII text to the current audit record.
- */
-int
-mac_audit_text(char *text, struct mac_policy_conf *caller)
-{
- char *sanitized;
- int i, allocd, plen, len;
-
- len = strlen(text);
- plen = 2 + strlen(caller->mpc_name);
- if (plen + len >= MAC_AUDIT_DATA_LIMIT)
- return (EINVAL);
-
- /*
- * Make sure the text is only composed of only ASCII printable
- * characters.
- */
- for (i=0; i < len; i++)
- if (text[i] < (char) 32 || text[i] > (char) 126)
- return (EINVAL);
-
- allocd = len + plen + 1;
- sanitized = kalloc(allocd);
- if (sanitized == NULL)
- return (ENOMEM);
-
- strcpy(sanitized, caller->mpc_name);
- strcat(sanitized, ": ");
- strcat(sanitized, text);
-
- return (audit_mac_data(MAC_AUDIT_TEXT_TYPE, allocd, sanitized));
-}
-
-int
-mac_audit_preselect(struct ucred *cred, unsigned short syscode, void *args)
-{
- struct mac_policy_conf *mpc;
- int ret, error, entrycount;
-
- ret = MAC_AUDIT_DEFAULT;
- LIST_FOREACH(mpc, &mac_static_policy_list, mpc_list) {
- if (mpc->mpc_ops->mpo_audit_preselect != NULL) {
- error = mpc->mpc_ops->mpo_audit_preselect(cred,
- syscode, args);
- ret = (ret > error ? ret : error);
- }
- }
- if ((entrycount = mac_policy_list_conditional_busy()) != 0) {
- LIST_FOREACH(mpc, &mac_policy_list, mpc_list) {
- if (mpc->mpc_ops->mpo_audit_preselect != NULL) {
- error = mpc->mpc_ops->mpo_audit_preselect(
- cred, syscode, args);
- ret = (ret > error ? ret : error);
- }
- }
- mac_policy_list_unbusy();
- }
-
- return (ret);
-}
-
-int
-mac_audit_postselect(struct ucred *cred, unsigned short syscode,
- void *args, int error, int retval, int mac_forced)
-{
- struct mac_policy_conf *mpc;
- int ret, mac_error, entrycount;
-
- /*
- * If the audit was forced by a MAC policy by mac_audit_preselect(),
- * echo that.
- */
- if (mac_forced)
- return (MAC_AUDIT_YES);
-
- ret = MAC_AUDIT_DEFAULT;
- LIST_FOREACH(mpc, &mac_static_policy_list, mpc_list) {
- if (mpc->mpc_ops->mpo_audit_postselect != NULL) {
- mac_error = mpc->mpc_ops->mpo_audit_postselect(cred,
- syscode, args, error, retval);
- ret = (ret > mac_error ? ret : mac_error);
- }
- }
- if ((entrycount = mac_policy_list_conditional_busy()) != 0) {
- LIST_FOREACH(mpc, &mac_policy_list, mpc_list) {
- if (mpc->mpc_ops->mpo_audit_postselect != NULL) {
- mac_error = mpc->mpc_ops->mpo_audit_postselect(
- cred, syscode, args, error, retval);
- ret = (ret > mac_error ? ret : mac_error);
- }
- }
- mac_policy_list_unbusy();
- }
-
- return (ret);
-}
-#endif
==== //depot/projects/trustedbsd/audit3/sys/security/mac/mac_framework.h#6 (text+ko) ====
@@ -1,5 +1,5 @@
/*-
- * Copyright (c) 1999-2002 Robert N. M. Watson
+ * Copyright (c) 1999-2002, 2007 Robert N. M. Watson
* Copyright (c) 2001-2005 Networks Associates Technology, Inc.
* Copyright (c) 2005-2006 SPARTA, Inc.
* All rights reserved.
==== //depot/projects/trustedbsd/audit3/sys/security/mac/mac_policy.h#6 (text+ko) ====
@@ -1,5 +1,5 @@
/*-
- * Copyright (c) 1999-2002 Robert N. M. Watson
+ * Copyright (c) 1999-2002, 2007 Robert N. M. Watson
* Copyright (c) 2001-2005 Networks Associates Technology, Inc.
* Copyright (c) 2005-2006 SPARTA, Inc.
* All rights reserved.
More information about the p4-projects
mailing list