PERFORCE change 118476 for review

Fri Apr 20 14:29:43 UTC 2007

http://perforce.freebsd.org/chv.cgi?CH=118476

Change 118476 by rwatson at rwatson_zoo on 2007/04/20 14:28:50

	Remove currently unused MAC/audit code from mac_audit.c.  It can be
	re-added as required.
	
	Update copyrights.

Affected files ...

.. //depot/projects/trustedbsd/audit3/sys/security/mac/mac_audit.c#8 edit
.. //depot/projects/trustedbsd/audit3/sys/security/mac/mac_framework.h#6 edit
.. //depot/projects/trustedbsd/audit3/sys/security/mac/mac_policy.h#6 edit

Differences ...

==== //depot/projects/trustedbsd/audit3/sys/security/mac/mac_audit.c#8 (text+ko) ====

@@ -99,125 +99,3 @@
 
 	return (error);
 }
-
-#if 0
-/*
- * This is the framework entry point for MAC policies to use to add arbitrary
- * data to the current audit record.  (Currently not supported, as no
- * existing audit viewers display this format)
- */
-int
-mac_audit_data(int len, u_char *data, struct mac_policy_conf *caller)
-{
-	char *sanitized;
-
-	if ((len <= 0) || (len > MAC_AUDIT_DATA_LIMIT))
-		return (EINVAL);
-
-	sanitized = kalloc(len);
-	if (sanitized == NULL)
-		return (ENOMEM);
-
-	bcopy(data, sanitized, len);
-	return (audit_mac_data(MAC_AUDIT_DATA_TYPE, len, sanitized));
-}
-
-/*
- * This is the entry point a MAC policy will call to add NULL-terminated
- * ASCII text to the current audit record.
- */
-int
-mac_audit_text(char *text, struct mac_policy_conf *caller)
-{
-	char *sanitized;
-	int i, allocd, plen, len;
-
-	len = strlen(text);
-	plen = 2 + strlen(caller->mpc_name);
-	if (plen + len >= MAC_AUDIT_DATA_LIMIT)
-		return (EINVAL);
-
-	/*
-	 * Make sure the text is only composed of only ASCII printable
-	 * characters.
-	 */
-	for (i=0; i < len; i++)
-		if (text[i] < (char) 32 || text[i] > (char) 126)
-			return (EINVAL);
-
-	allocd = len + plen + 1;
- 	sanitized = kalloc(allocd);
-	if (sanitized == NULL)
-		return (ENOMEM);
-
-	strcpy(sanitized, caller->mpc_name);
-	strcat(sanitized, ": ");
-	strcat(sanitized, text);
-
-	return (audit_mac_data(MAC_AUDIT_TEXT_TYPE, allocd, sanitized));
-}
-
-int
-mac_audit_preselect(struct ucred *cred, unsigned short syscode, void *args)
-{
-	struct mac_policy_conf *mpc;
-	int ret, error, entrycount;
-
-	ret = MAC_AUDIT_DEFAULT;
-	LIST_FOREACH(mpc, &mac_static_policy_list, mpc_list) {
-		if (mpc->mpc_ops->mpo_audit_preselect != NULL) {
-			error = mpc->mpc_ops->mpo_audit_preselect(cred,
-			    syscode, args);
-			ret = (ret > error ? ret : error);
-		}
-	}
-	if ((entrycount = mac_policy_list_conditional_busy()) != 0) {
-		LIST_FOREACH(mpc, &mac_policy_list, mpc_list) {
-			if (mpc->mpc_ops->mpo_audit_preselect != NULL) {
-				error = mpc->mpc_ops->mpo_audit_preselect(
-				    cred, syscode, args);
-				ret = (ret > error ? ret : error);
-			}
-		}
-		mac_policy_list_unbusy();
-	}
-
-	return (ret);
-}
-
-int
-mac_audit_postselect(struct ucred *cred, unsigned short syscode,
-    void *args, int error, int retval, int mac_forced)
-{
-	struct mac_policy_conf *mpc;
-	int ret, mac_error, entrycount;
-
-	/*
-	 * If the audit was forced by a MAC policy by mac_audit_preselect(),
-	 * echo that.
-	 */
-	if (mac_forced)
-		return (MAC_AUDIT_YES);
-
-	ret = MAC_AUDIT_DEFAULT;
-	LIST_FOREACH(mpc, &mac_static_policy_list, mpc_list) {
-		if (mpc->mpc_ops->mpo_audit_postselect != NULL) {
-			mac_error = mpc->mpc_ops->mpo_audit_postselect(cred,
-			    syscode, args, error, retval);
-			ret = (ret > mac_error ? ret : mac_error);
-		}
-	}
-	if ((entrycount = mac_policy_list_conditional_busy()) != 0) {
-		LIST_FOREACH(mpc, &mac_policy_list, mpc_list) {
-			if (mpc->mpc_ops->mpo_audit_postselect != NULL) {
-				mac_error = mpc->mpc_ops->mpo_audit_postselect(
-				    cred, syscode, args, error, retval);
-				ret = (ret > mac_error ? ret : mac_error);
-			}
-		}
-		mac_policy_list_unbusy();
-	}
-
-	return (ret);
-}
-#endif

==== //depot/projects/trustedbsd/audit3/sys/security/mac/mac_framework.h#6 (text+ko) ====

@@ -1,5 +1,5 @@
 /*-
- * Copyright (c) 1999-2002 Robert N. M. Watson
+ * Copyright (c) 1999-2002, 2007 Robert N. M. Watson
  * Copyright (c) 2001-2005 Networks Associates Technology, Inc.
  * Copyright (c) 2005-2006 SPARTA, Inc.
  * All rights reserved.

==== //depot/projects/trustedbsd/audit3/sys/security/mac/mac_policy.h#6 (text+ko) ====

@@ -1,5 +1,5 @@
 /*-
- * Copyright (c) 1999-2002 Robert N. M. Watson
+ * Copyright (c) 1999-2002, 2007 Robert N. M. Watson
  * Copyright (c) 2001-2005 Networks Associates Technology, Inc.
  * Copyright (c) 2005-2006 SPARTA, Inc.
  * All rights reserved.
