socsvn commit: r223305 - soc2011/aalvarez/pbmac/lib/libugidfw

Thu Jun 16 18:23:32 UTC 2011

Author: aalvarez
Date: Thu Jun 16 18:23:30 2011
New Revision: 223305
URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=223305

Log:
  Parse rules with filepath object arguments.

Modified:
  soc2011/aalvarez/pbmac/lib/libugidfw/ugidfw.c

Modified: soc2011/aalvarez/pbmac/lib/libugidfw/ugidfw.c
==============================================================================

--- soc2011/aalvarez/pbmac/lib/libugidfw/ugidfw.c	Thu Jun 16 18:21:41 2011	(r223304)
+++ soc2011/aalvarez/pbmac/lib/libugidfw/ugidfw.c	Thu Jun 16 18:23:30 2011	(r223305)
@@ -36,6 +36,8 @@
 #include <sys/sysctl.h>
 #include <sys/ucred.h>
 #include <sys/mount.h>
+#include <sys/types.h>
+#include <sys/stat.h>
 
 #include <security/mac_bsdextended/mac_bsdextended.h>
 
@@ -342,6 +344,21 @@
 			left -= len;
 			cur += len;
 		}
+		if (!notdone && (rule->mbr_object.mbo_neg & MBO_FPATH_DEFINED)) {
+			len = snprintf(cur, left, "! ");
+			if (len < 0 || len > left)
+				goto truncated;
+			left -= len;
+			cur += len;
+		}
+		if (rule->mbr_object.mbo_flags & MBO_FSID_DEFINED) {
+			len = snprintf(cur, left, "filepath %s ",
+			    rule->mbr_object.mbo_fpath);
+			if (len < 0 || len > left)
+				goto truncated;
+			left -= len;
+			cur += len;
+		}
 		if (!notdone && (rule->mbr_object.mbo_neg & MBO_SUID)) {
 			len = snprintf(cur, left, "! ");
 			if (len < 0 || len > left)
@@ -783,6 +800,24 @@
 }
 
 int
+bsde_parse_fpath(char *spec, char** fpath, size_t buflen, char *errstr)
+{
+	size_t len;
+
+	len = strlen(spec);
+	*fpath = malloc(len * sizeof(*spec));
+
+	if (*fpath == NULL) {
+		len = snprintf(errstr, buflen, "Unable to allocate memory for filepath %s: %s",
+		    spec, strerror(errno));
+	}
+		
+	strncpy(*fpath, spec, len);
+
+	return (0);
+}
+
+int
 bsde_parse_object(int argc, char *argv[],
     struct mac_bsdextended_object *object, size_t buflen, char *errstr)
 {
@@ -792,6 +827,7 @@
 	gid_t gid_min, gid_max;
 	int type;
 	struct fsid fsid;
+        char* fpath;
 	size_t len;
 
 	current = 0;
@@ -860,6 +896,24 @@
 				nextnot = 0;
 			}
 			current += 2;
+		} else if (strcmp(argv[current], "filepath") == 0) {
+			if (current + 2 > argc) {
+				len = snprintf(errstr, buflen, "filepath short");
+				return (-1);
+			}
+			if (flags & MBO_FPATH_DEFINED) {
+				len = snprintf(errstr, buflen, "one fpath only");
+				return (-1);
+			}
+			if (bsde_parse_fpath(argv[current+1], &fpath, 
+			    buflen, errstr) < 0)
+				return (-1);
+			flags |= MBO_FPATH_DEFINED;
+			if (nextnot) {
+				neg ^= MBO_FPATH_DEFINED;
+				nextnot = 0;
+			}
+			current += 2;
 		} else if (strcmp(argv[current], "suid") == 0) {
 			flags |= MBO_SUID;
 			if (nextnot) {
@@ -938,6 +992,10 @@
 		object->mbo_fsid = fsid;
 	if (flags & MBO_TYPE_DEFINED)
 		object->mbo_type = type;
+	if (flags & MBO_FPATH_DEFINED) {
+		object->mbo_fpath = fpath;
+		object->mbo_fpath_len = strlen(fpath);
+	}
 
 	return (0);
 }
