PSARC/2002/762 Layered Trusted Solaris

PSARC/2005/060 TSNET: Trusted Networking with Security Labels
PSARC/2005/259 Layered Trusted Solaris Label Interfaces
PSARC/2005/573 Solaris Trusted Extensions for Printing
PSARC/2005/691 Trusted Extensions for Device Allocation
PSARC/2005/723 Solaris Trusted Extensions Filesystem Labeling
PSARC/2006/009 Labeled Auditing
PSARC/2006/155 Trusted Extensions RBAC Changes
PSARC/2006/191 is_system_labeled
6293271 Zone processes should use zone_kcred instead of kcred
6394554 integrate Solaris Trusted Extensions

--HG--
rename : usr/src/cmd/dminfo/Makefile => deleted_files/usr/src/cmd/dminfo/Makefile
rename : usr/src/cmd/dminfo/dminfo.c => usr/src/cmd/allocate/dminfo.c

4 files changed, 22 insertions, 140 deletions

diff --git a/usr/src/cmd/praudit/Makefile b/usr/src/cmd/praudit/Makefile
index e51e7941a5..1cc2377878 100644
--- a/usr/src/cmd/praudit/Makefile
+++ b/usr/src/cmd/praudit/Makefile
@@ -2,9 +2,8 @@
 # CDDL HEADER START
 #
 # The contents of this file are subject to the terms of the
-# Common Development and Distribution License, Version 1.0 only
-# (the "License").  You may not use this file except in compliance
-# with the License.
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
 #
 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 # or http://www.opensolaris.org/os/licensing.
@@ -18,9 +17,11 @@
 # information: Portions Copyright [yyyy] [name of copyright owner]
 #
 # CDDL HEADER END
+
+
 #
 #
-# Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
+# Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
 # Use is subject to license terms.
 #
 # ident	"%Z%%M%	%I%	%E% SMI"
@@ -42,7 +43,9 @@ XGETFLAGS += -a -x praudit.xcl
 CPPFLAGS += -D_PRAUDIT -I$(SRC)/lib/libbsm/common
 CPPFLAGS += -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64
 
-LDLIBS += -lbsm -lnsl -lpam
+LAZYLIBS = $(ZLAZYLOAD) -ltsol $(ZNOLAZYLOAD)
+lint := LAZYLIBS = -ltsol
+LDLIBS += -lbsm -lnsl -lpam $(LAZYLIBS)
 
 .KEEP_STATE:
 
diff --git a/usr/src/cmd/praudit/token.c b/usr/src/cmd/praudit/token.c
index 356b29c221..09fdf0d6a2 100644
--- a/usr/src/cmd/praudit/token.c
+++ b/usr/src/cmd/praudit/token.c
@@ -2,9 +2,8 @@
  * CDDL HEADER START
  *
  * The contents of this file are subject to the terms of the
- * Common Development and Distribution License, Version 1.0 only
- * (the "License").  You may not use this file except in compliance
- * with the License.
+ * Common Development and Distribution License (the "License").
+ * You may not use this file except in compliance with the License.
  *
  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
  * or http://www.opensolaris.org/os/licensing.
@@ -20,7 +19,7 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -65,9 +64,8 @@
 #include <bsm/audit_record.h>
 #include <bsm/libbsm.h>
 
-#ifdef	TSOL
 #include <tsol/label.h>
-#endif	/* TSOL */
+#include <sys/tsol/label_macro.h>
 
 #include "praudit.h"
 #include "toktable.h"
@@ -2154,10 +2152,8 @@ xclient_token(pr_context_t *context)
 int
 slabel_token(pr_context_t *context)
 {
-#ifdef	TSOL
 	bslabel_t label;
 	int	returnstat;
-	int	s;
 	char	strbuf[2048];
 	char	*sp = strbuf;
 	uval_t	uval;
@@ -2166,9 +2162,9 @@ slabel_token(pr_context_t *context)
 	    sizeof (label))) == 0) {
 		uval.uvaltype = PRA_STRING;
 		if (!(context->format & PRF_RAWM)) {
-			/* print in ASCII form using bltos */
-			s = bsltos(&label, &sp, sizeof (strbuf), 0);
-			if (s > 0) {
+			/* print in ASCII form */
+			if (label_to_str(&label, &sp, M_LABEL,
+			    DEF_NAMES) == 0) {
 				uval.string_val = sp;
 				returnstat = pa_print(context, &uval, 1);
 			} else /* cannot convert to string */
@@ -2185,9 +2181,6 @@ slabel_token(pr_context_t *context)
 		}
 	}
 	return (returnstat);
-#else	/* !TSOL */
-	return (-1);
-#endif	/* TSOL */
 }
 
 /*
@@ -2280,108 +2273,3 @@ privilege_token(pr_context_t *context)
 	/* privilege: */
 	return (pa_adr_string(context, returnstat, 1));
 }
-
-/*
- * -----------------------------------------------------------------------
- * ilabel_token() 	: Process information label token and display contents
- * return codes 	: -1 - error
- *			:  0 - successful
- * NOTE: At the time of call, the ilabel token id has been retrieved
- *
- * Format of information label token:
- *	label token id		adr_char
- *	label			adr_opaque, sizeof (bilabel_t) bytes
- * -----------------------------------------------------------------------
- */
-/*ARGSUSED*/
-int
-ilabel_token(pr_context_t *context)
-{
-#ifdef	TSOL
-	bilabel_t label;
-	int	returnstat;
-	int	s;
-	char	strbuf[2048];
-	char	*sp = strbuf;
-	uval_t	uval;
-
-	if ((returnstat = pr_adr_char(context, (char *)&label,
-	    sizeof (label))) == 0) {
-		uval.uvaltype = PRA_STRING;
-		if (!(context->format & PRF_RAWM)) {
-			/* print in ASCII form using bltos */
-			s = biltos(&label, &sp, sizeof (strbuf), 0);
-			if (s > 0) {
-				uval.string_val = sp;
-				returnstat = pa_print(context, &uval, 1);
-			} else /* cannot convert to string */
-				returnstat = 1;
-		}
-		/* print in hexadecimal form */
-		if ((context->format & PRF_RAWM) || (returnstat == 1)) {
-			uval.string_val = hexconvert((char *)&label,
-			    sizeof (bilabel_t), sizeof (bilabel_t));
-			if (uval.string_val) {
-				returnstat = pa_print(context, &uval, 1);
-				free(uval.string_val);
-			}
-		}
-	}
-	return (returnstat);
-#else	/* !TSOL */
-	return (-1);
-#endif	/* TSOL */
-}
-
-/*
- * -----------------------------------------------------------------------
- * clearance_token()	: Process clearance token and display contents
- * return codes 	: -1 - error
- *			:  0 - successful
- * NOTE: At the time of call, the clearance token id has been retrieved
- *
- * Format of clearance token:
- *	clearance token id	adr_char
- *	clearance		adr_char, sizeof (bclear_t) bytes
- * -----------------------------------------------------------------------
- */
-/*ARGSUSED*/
-int
-clearance_token(pr_context_t *context)
-{
-#ifdef	TSOL
-	bclear_t clearance;
-	int	returnstat;
-	int	s;
-	char	strbuf[2048];
-	char	*sp = strbuf;
-	uval_t	uval;
-
-	if ((returnstat = pr_adr_char(context, (char *)&clearance,
-	    sizeof (clearance))) == 0) {
-		uval.uvaltype = PRA_STRING;
-		if (!(context->format & PRF_RAWM)) {
-			/* print in ASCII form using bltos */
-			s = bcleartos(&clearance, &sp, sizeof (strbuf),
-			    SHORT_WORDS);
-			if (s > 0) {
-				uval.string_val = sp;
-				returnstat = pa_print(context, &uval, 1);
-			} else /* cannot convert to string */
-				returnstat = 1;
-		}
-		/* print in hexadecimal form */
-		if ((context->format & PRF_RAWM) || (returnstat == 1)) {
-			uval.string_val = hexconvert((char *)&clearance,
-			    sizeof (bclear_t), sizeof (bclear_t));
-			if (uval.string_val) {
-				returnstat = pa_print(context, &uval, 1);
-				free(uval.string_val);
-			}
-		}
-	}
-	return (returnstat);
-#else	/* !TSOL */
-	return (-1);
-#endif	/* TSOL */
-}
diff --git a/usr/src/cmd/praudit/toktable.c b/usr/src/cmd/praudit/toktable.c
index 46081b21fd..dd0f07a9eb 100644
--- a/usr/src/cmd/praudit/toktable.c
+++ b/usr/src/cmd/praudit/toktable.c
@@ -2,9 +2,8 @@
  * CDDL HEADER START
  *
  * The contents of this file are subject to the terms of the
- * Common Development and Distribution License, Version 1.0 only
- * (the "License").  You may not use this file except in compliance
- * with the License.
+ * Common Development and Distribution License (the "License").
+ * You may not use this file except in compliance with the License.
  *
  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
  * or http://www.opensolaris.org/os/licensing.
@@ -20,7 +19,7 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -116,14 +115,9 @@ init_tokens(void)
 	table_init(AUT_ACL, "acl", acl_token, T_ENCLOSED);
 	table_init(AUT_ATTR, "attribute", attribute_token, T_ENCLOSED);
 	table_init(AUT_IPC_PERM, "IPC_perm", s5_IPC_perm_token, T_ENCLOSED);
-	table_initx(AUT_LABEL, "cmw label", "cmw_label",
-	    NOFUNC, T_UNKNOWN);
 	table_init(AUT_GROUPS, "group", group_token, T_ELEMENT);
-	table_initx(AUT_ILABEL, "information label", "information_label",
-	    ilabel_token, T_ELEMENT);
-	table_initx(AUT_SLABEL, "sensitivity label", "sensitivity_label",
+	table_initx(AUT_LABEL, "sensitivity label", "sensitivity_label",
 	    slabel_token, T_ELEMENT);
-	table_init(AUT_CLEAR, "clearance", clearance_token, T_ELEMENT);
 	table_init(AUT_PRIV, "privilege", privilege_token, T_EXTENDED);
 	table_initx(AUT_UPRIV, "use of privilege", "use_of_privilege",
 	    useofpriv_token, T_EXTENDED);
diff --git a/usr/src/cmd/praudit/toktable.h b/usr/src/cmd/praudit/toktable.h
index 261bf29d01..2764b678da 100644
--- a/usr/src/cmd/praudit/toktable.h
+++ b/usr/src/cmd/praudit/toktable.h
@@ -2,9 +2,8 @@
  * CDDL HEADER START
  *
  * The contents of this file are subject to the terms of the
- * Common Development and Distribution License, Version 1.0 only
- * (the "License").  You may not use this file except in compliance
- * with the License.
+ * Common Development and Distribution License (the "License").
+ * You may not use this file except in compliance with the License.
  *
  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
  * or http://www.opensolaris.org/os/licensing.
@@ -20,7 +19,7 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -200,9 +199,7 @@ extern int	acl_token();
 extern int	attribute_token();
 extern int	s5_IPC_perm_token();
 extern int	group_token();
-extern int 	ilabel_token();
 extern int	slabel_token();
-extern int	clearance_token();
 extern int	privilege_token();
 extern int	useofpriv_token();
 extern int	liaison_token();