6415519 auditreduce TX code review issues

6415523 praudit TX code review issues
6415528 syslog plugin TX code review issues

3 files changed, 42 insertions, 40 deletions

diff --git a/usr/src/cmd/auditreduce/auditr.h b/usr/src/cmd/auditreduce/auditr.h
index 4f6d999ff6..bd1f78bd6b 100644
--- a/usr/src/cmd/auditreduce/auditr.h
+++ b/usr/src/cmd/auditreduce/auditr.h
@@ -63,7 +63,6 @@ extern "C" {
 #include <bsm/libbsm.h>
 
 #include <tsol/label.h>
-#include <sys/tsol/label_macro.h>
 
 #include "auditrt.h"
 
diff --git a/usr/src/cmd/auditreduce/option.c b/usr/src/cmd/auditreduce/option.c
index e71b57822f..0e152feda6 100644
--- a/usr/src/cmd/auditreduce/option.c
+++ b/usr/src/cmd/auditreduce/option.c
@@ -90,7 +90,7 @@ static int	proc_group(char *, gid_t *);
 static int	proc_id(char *, int);
 static int	proc_object(char *);
 static void	proc_pcb(audit_pcb_t *, char *, int);
-static int	proc_slabel(char *);
+static int	proc_label(char *);
 static int	proc_subject(char *);
 static int	proc_sid(char *);
 static int	proc_type(char *);
@@ -197,14 +197,14 @@ start_over:
 			if (proc_id(optarg, opt))
 				error = TRUE;
 			break;
-		case 'l':		/* label range -- reserved for TX */
+		case 'l':		/* TX label range */
 			if (!is_system_labeled()) {
 				(void) fprintf(stderr,
 				    gettext("%s option 'l' requires "
 				    "Trusted Extensions.\n"), ar);
 				return (-1);
 			}
-			if (proc_slabel(optarg))
+			if (proc_label(optarg))
 				error = TRUE;
 			break;
 		case 's':		/* session ID */
@@ -1139,16 +1139,16 @@ proc_pcb(audit_pcb_t *pcb, char *suffix, int i)
 
 
 /*
- * .func	proc_slabel - process sensitivity label range argument.
- * .desc	Parse sensitivity label range sl:sl
- * .call	ret = proc_slabel(optstr).
+ * .func	proc_label - process label range argument.
+ * .desc	Parse label range lower-bound[;upper-bound]
+ * .call	ret = proc_label(optstr).
  * .arg	opstr	- ptr to label range string
  * .ret 0	- no errors detected.
- * .ret -1	- errors detected or not Trusted Solaris (error_str set).
+ * .ret -1	- errors detected (error_str set).
  */
 
 int
-proc_slabel(char *optstr)
+proc_label(char *optstr)
 {
 	char	*p;
 	int	error;
@@ -1183,8 +1183,7 @@ proc_slabel(char *optstr)
 		/* lower bound is not specified .. default is admin_low */
 		if (str_to_label(ADMIN_LOW, &m_label->lower_bound, MAC_LABEL,
 		    L_NO_CORRECTION, &error) == -1) {
-			free(m_label);
-			return (-1);
+			goto errout;
 		}
 
 		p++;
@@ -1192,9 +1191,7 @@ proc_slabel(char *optstr)
 			/* upper bound not specified .. default is admin_high */
 			if (str_to_label(ADMIN_HIGH, &m_label->upper_bound,
 			    MAC_LABEL, L_NO_CORRECTION, &error) == -1) {
-				m_label_free(m_label->lower_bound);
-				free(m_label);
-				return (-1);
+				goto errout;
 			}
 		} else {
 			if (str_to_label(p, &m_label->upper_bound, MAC_LABEL,
@@ -1221,9 +1218,7 @@ proc_slabel(char *optstr)
 		/* upper bound is not specified .. default is admin_high */
 		if (str_to_label(ADMIN_HIGH, &m_label->upper_bound,
 		    MAC_LABEL, L_NO_CORRECTION, &error) == -1) {
-			m_label_free(m_label->lower_bound);
-			free(m_label);
-			return (-1);
+			goto errout;
 		}
 	} else {
 		if (str_to_label(p, &m_label->upper_bound, MAC_LABEL,
diff --git a/usr/src/cmd/auditreduce/token.c b/usr/src/cmd/auditreduce/token.c
index b6d52645a1..ff11f2cd2d 100644
--- a/usr/src/cmd/auditreduce/token.c
+++ b/usr/src/cmd/auditreduce/token.c
@@ -822,8 +822,6 @@ path_token(adr_t *adr)
  *	mode					adr_int32
  *	seq					adr_int32
  *	key					adr_int32
- *	label					adr_opaque, sizeof (bslabel_t)
- *							    bytes
  */
 int
 s5_IPC_perm_token(adr_t *adr)
@@ -1906,18 +1904,43 @@ privilege_token(adr_t *adr)
 }
 
 /*
- * Format of slabel token:
- *	slabel			adr_char*(sizeof (bslabel_t))
+ * Format of label token:
+ *      label ID                1 byte
+ *      compartment length      1 byte
+ *      classification          2 bytes
+ *      compartment words       <compartment length> * 4 bytes
  */
 int
-slabel_token(adr_t *adr)
+label_token(adr_t *adr)
 {
-	bslabel_t slabel;
+	static m_label_t *label = NULL;
+	static size_t l_size;
+	int len;
 
-	adrm_char(adr, (char *)&slabel, sizeof (slabel));
+	if (label == NULL) {
+		label = m_label_alloc(MAC_LABEL);
+		l_size = blabel_size() - 4;
+	}
+
+	if (label == NULL) {
+		/* out of memory, should never happen; skip label */
+		char	l;	/* length */
+
+		adr->adr_now += sizeof (char);
+		adrm_char(adr, (char *)&l, 1);
+		adr->adr_now += sizeof (short) + (4 * l);
+		return (-1);
+	}
+
+	adrm_char(adr, (char *)label, 4);
+	len = (int)(((char *)label)[1] * 4);
+	if (len > l_size) {
+		return (-1);
+	}
+	adrm_char(adr, &((char *)label)[4], len);
 
 	if (flags & M_LABEL) {
-		if (blinrange(&slabel, m_label))
+		if (blinrange(label, m_label))
 			checkflags = checkflags | M_LABEL;
 	}
 
@@ -1928,30 +1951,15 @@ slabel_token(adr_t *adr)
 /*
  * Format of useofpriv token:
  *	success/failure		adr_char
- * TSOL:
- *	privilege		adr_int32
- * SOL:
  *	privilege(s)		adr_string
  */
-#ifndef	TSOL
 /* ARGSUSED */
-#endif	/* !TSOL */
 int
 useofpriv_token(adr_t *adr)
 {
 	char	flag;
 
-#ifdef	TSOL
-	priv_t	priv;
-
-	adrm_char(adr, &flag, 1);
-	adrm_int32(adr, (int32_t *)&priv, 1);
-
-	return (-1);
-#else	/* !TSOL */
-
 	adrm_char(adr, &flag, 1);
 	skip_string(adr);
 	return (-1);
-#endif	/* TSOL */
 }