Add LOMAC options (the "Z" flag in both cases) to display extra information

in ls(1) and ps(1).

Sponsored by:	DARPA, NAI Labs

16 files changed, 429 insertions, 17 deletions

diff --git a/bin/ls/Makefile b/bin/ls/Makefile
index a865e7f..a4345ff 100644
--- a/bin/ls/Makefile
+++ b/bin/ls/Makefile
@@ -3,7 +3,7 @@
 
 
 PROG=	ls
-SRCS=	cmp.c ls.c print.c util.c
+SRCS=	cmp.c ls.c print.c util.c lomac.c
 
 .if !defined(RELEASE_CRUNCH)
 CFLAGS+= -DCOLORLS
diff --git a/bin/ls/lomac.c b/bin/ls/lomac.c
new file mode 100644
index 0000000..8dbd76c
--- /dev/null
+++ b/bin/ls/lomac.c
@@ -0,0 +1,151 @@
+/*-
+ * Copyright (c) 2001 Networks Associates Technologies, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by NAI Labs, the
+ * Security Research Division of Network Associates, Inc. under
+ * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
+ * CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id: lomac.c,v 1.5 2001/11/26 19:25:52 bfeldman Exp $
+ * $FreeBSD$
+ */
+
+/*
+ * This file encapsulates ls's use of LOMAC's ioctl interface.  ls uses
+ * this interface to determine the LOMAC attributes of files.
+ */
+
+#include <sys/types.h>
+#include <sys/lomacio.h>
+
+#include <err.h>
+#include <fts.h>
+#include <fcntl.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdio.h>
+
+#include "lomac.h"
+
+#define LOMAC_DEVICE "/dev/lomac"
+
+int devlomac; 				/* file descriptor for LOMAC_DEVICE */
+struct lomac_fioctl2 ioctl_args;
+
+/* lomac_start()
+ *
+ * in:     nothing
+ * out:    nothing
+ * return: nothing
+ *
+ * Makes `devlomac' a fd to LOMAC_DEVICE
+ */
+
+void 
+lomac_start(void) {
+
+	if ((devlomac = open(LOMAC_DEVICE, O_RDWR)) == -1)
+		err(1, "cannot open %s", LOMAC_DEVICE);
+}
+
+/* lomac_stop()
+ *
+ * in:     nothing
+ * out:    nothing
+ * return: nothing
+ *
+ * Closes `devlomac', the fd to LOMAC_DEVICE.
+ */
+
+void 
+lomac_stop(void) {
+
+	if (close(devlomac) == -1)
+		err(1, "cannot close %s", LOMAC_DEVICE);
+}
+
+/* get_lattr()
+ *
+ * in:     ent - FTSENT describing file whose LOMAC attributes we wish to know
+ * out:    nothing
+ * return: a string describing `ent's LOMAC attributes
+ *
+ * This function uses LOMAC's ioctl interface to determine the LOMAC
+ * attributes of the file described by `ent'.  
+ *
+ * This function dynamically allocates memory for the attribute strings.
+ * The caller is responsible for eventually deallocating these strings.
+ */
+
+char *
+get_lattr(FTSENT *ent) {
+	char *lattr;
+
+#ifdef NOT_NOW
+	printf("p%d n%d\n", ent->fts_pathlen, ent->fts_namelen);
+	printf("ftscycle %x\n", ent->fts_cycle);
+	printf("ftsparent %x\n", ent->fts_parent);
+	printf("ftslink %x\n", ent->fts_link);
+	printf("ftsnumber %x\n", ent->fts_number);
+	printf("ftslevel %x\n", ent->fts_level);
+	if (ent->fts_pathlen > 0)
+		printf("%x : %s\n", ent->fts_path, ent->fts_path);
+	else
+		printf("length 0 path\n");
+	if (ent->fts_namelen > 0)
+		printf("%x : %s\n", ent->fts_name, ent->fts_name);
+	else
+		printf("length 0 name\n");
+#endif
+	/*
+	 * We use ent->fts_level to determine whether or not ent->fts_path
+	 * is valid.  This is a hack, but the FTS code doesn't seem to
+	 * NULL the first byte of fts_path or zero fts_pathlen when fts_path
+	 * is invalid, so there didn't seem to be a better way of doing it.
+	 */
+	if (ent->fts_level > 0) {
+		strncpy(ioctl_args.path, ent->fts_path, MAXPATHLEN - 1);
+		strncat(ioctl_args.path, "/",
+		    MAXPATHLEN - strlen(ioctl_args.path) - 1);
+		strncat(ioctl_args.path, ent->fts_accpath,
+		    MAXPATHLEN - strlen(ioctl_args.path) - 1);
+	} else
+		strncpy(ioctl_args.path, ent->fts_accpath, MAXPATHLEN - 1);
+	if (ioctl(devlomac, LIOGETFLATTR, &ioctl_args) == -1)
+		err(1, NULL);
+
+	/* we use ioctl_args.path as scratch space to build lattr */
+	if (ioctl_args.flags != 0)
+		asprintf(&lattr, "%d.%x", ioctl_args.level, ioctl_args.flags);
+	else
+		asprintf(&lattr, "%d", ioctl_args.level);
+
+	if (lattr == NULL)
+		err(1, NULL);
+	return (lattr);
+}
diff --git a/bin/ls/lomac.h b/bin/ls/lomac.h
new file mode 100644
index 0000000..8998bd7
--- /dev/null
+++ b/bin/ls/lomac.h
@@ -0,0 +1,40 @@
+/*-
+ * Copyright (c) 2001 Networks Associates Technologies, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by NAI Labs, the
+ * Security Research Division of Network Associates, Inc. under
+ * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
+ * CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id: lomac.h,v 1.3 2001/11/26 19:23:02 bfeldman Exp $
+ * $FreeBSD$
+ */
+
+void lomac_start(void);
+void lomac_stop(void);
+char *get_lattr(FTSENT *);
diff --git a/bin/ls/ls.1 b/bin/ls/ls.1
index 8175980..7d1c04c 100644
--- a/bin/ls/ls.1
+++ b/bin/ls/ls.1
@@ -43,7 +43,7 @@
 .Nd list directory contents
 .Sh SYNOPSIS
 .Nm
-.Op Fl ABCFGHLPRTWabcdfgiklnoqrstu1
+.Op Fl ABCFGHLPRTWZabcdfgiklnoqrstu1
 .Op Ar
 .Sh DESCRIPTION
 For each operand that names a
@@ -122,6 +122,8 @@ Display complete time information for the file, including
 month, day, hour, minute, second, and year.
 .It Fl W
 Display whiteouts when scanning directories.
+.It Fl Z
+Display each file's LOMAC level.
 .It Fl a
 Include directory entries whose names begin with a
 dot (.).
@@ -245,6 +247,7 @@ option is given, the following information
 is displayed for each file:
 file mode,
 number of links, owner name, group name,
+LOMAC level,
 number of bytes in the file, abbreviated
 month, day-of-month file was last modified,
 hour file last modified, minute file last
@@ -535,6 +538,11 @@ The group field is now automatically included in the long listing for
 files in order to be compatible with the
 .St -p1003.2
 specification.
+.Sh FILES
+.Bl -tag -width /dev/lomac -compact
+.It Pa /dev/lomac
+interface used to query the LOMAC LKM
+.El
 .Sh SEE ALSO
 .Xr chflags 1 ,
 .Xr chmod 1 ,
@@ -542,6 +550,7 @@ specification.
 .Xr xterm 1 ,
 .Xr termcap 5 ,
 .Xr symlink 7 ,
+.Xr lomac 4 ,
 .Xr sticky 8
 .Sh HISTORY
 An
diff --git a/bin/ls/ls.c b/bin/ls/ls.c
index 9070205..86253d7 100644
--- a/bin/ls/ls.c
+++ b/bin/ls/ls.c
@@ -70,6 +70,7 @@ static const char rcsid[] =
 
 #include "ls.h"
 #include "extern.h"
+#include "lomac.h"
 
 /*
  * Upward approximation of the maximum number of characters needed to
@@ -113,6 +114,7 @@ int f_statustime;		/* use time of last mode change */
 int f_timesort;			/* sort by time vice name */
 int f_type;			/* add type character for non-regular files */
 int f_whiteout;			/* show whiteout entries */
+int f_lomac;			/* show LOMAC attributes */
 #ifdef COLORLS
 int f_color;			/* add type in color for non-regular files */
 
@@ -163,7 +165,7 @@ main(argc, argv)
 		f_listdot = 1;
 
 	fts_options = FTS_PHYSICAL;
-	while ((ch = getopt(argc, argv, "1ABCFGHLPRTWabcdfgiklnoqrstu")) != -1) {
+	while ((ch = getopt(argc, argv, "1ABCFGHLPRTWZabcdfgiklnoqrstu")) != -1) {
 		switch (ch) {
 		/*
 		 * The -1, -C and -l options all override each other so shell
@@ -269,6 +271,9 @@ main(argc, argv)
 		        f_octal = 0;
 			f_octal_escape = 1;
 			break;
+		case 'Z':
+			f_lomac = 1;
+			break;
 		default:
 		case '?':
 			usage();
@@ -468,11 +473,11 @@ display(p, list)
 	FTSENT *cur;
 	NAMES *np;
 	u_quad_t maxsize;
-	u_long btotal, maxblock, maxinode, maxlen, maxnlink;
-	int bcfile, flen, glen, ulen, maxflags, maxgroup, maxuser;
+	u_long btotal, maxblock, maxinode, maxlen, maxnlink, maxlattr;
+	int bcfile, flen, glen, ulen, lattrlen, maxflags, maxgroup, maxuser;
 	char *initmax;
 	int entries, needstats;
-	char *user, *group, *flags;
+	char *user, *group, *flags, *lattr;
 	char buf[STRBUF_SIZEOF(u_quad_t) + 1];
 	char ngroup[STRBUF_SIZEOF(uid_t) + 1];
 	char nuser[STRBUF_SIZEOF(gid_t) + 1];
@@ -517,9 +522,9 @@ display(p, list)
 		if (initmax2[-1] == ':') strcpy(initmax2, "0");
 
 		ninitmax = sscanf(jinitmax,
-		    " %lu : %lu : %lu : %i : %i : %i : %qu : %lu ",
+		    " %lu : %lu : %lu : %i : %i : %i : %qu : %lu : %lu ",
 		    &maxinode, &maxblock, &maxnlink, &maxuser,
-		    &maxgroup, &maxflags, &maxsize, &maxlen);
+		    &maxgroup, &maxflags, &maxsize, &maxlen, &maxlattr);
 		f_notabs = 1;
 		switch (ninitmax) {
 		 case 0: maxinode = 0;
@@ -530,6 +535,7 @@ display(p, list)
 		 case 5: maxflags = 0;
 		 case 6: maxsize  = 0;
 		 case 7: maxlen   = 0;
+		 case 8: maxlattr = 0;
 #ifdef COLORLS
 		 if (!f_color)
 #endif
@@ -540,8 +546,10 @@ display(p, list)
 		maxnlink = makenines(maxnlink);
 		maxsize = makenines(maxsize);
 	} else if (initmax == NULL || *initmax == '\0')
-		maxblock = maxinode = maxlen = maxnlink =
+		maxlattr = maxblock = maxinode = maxlen = maxnlink =
 		    maxuser = maxgroup = maxflags = maxsize = 0;
+	if (f_lomac)
+		lomac_start();
 	bcfile = 0;
 	flags = NULL;
 	for (cur = list, entries = 0; cur; cur = cur->fts_link) {
@@ -616,9 +624,16 @@ display(p, list)
 						maxflags = flen;
 				} else
 					flen = 0;
+				if (f_lomac) {
+					lattr = get_lattr(cur);
+					lattrlen = strlen(lattr);
+					if (lattrlen > maxlattr)
+						maxlattr = lattrlen;
+				} else
+					lattrlen = 0;
 
-				if ((np = malloc(sizeof(NAMES) +
-				    ulen + glen + flen + 3)) == NULL)
+				if ((np = malloc(sizeof(NAMES) + lattrlen +
+				    ulen + glen + flen + 4)) == NULL)
 					err(1, NULL);
 
 				np->user = &np->data[0];
@@ -635,6 +650,12 @@ display(p, list)
 				  	(void)strcpy(np->flags, flags);
 					free(flags);
 				}
+				if (f_lomac) {
+					np->lattr = &np->data[ulen + glen + 2
+					    + (f_flags ? flen + 1 : 0)];
+					(void)strcpy(np->lattr, lattr);
+					free(lattr);
+				}
 				cur->fts_pointer = np;
 			}
 		}
@@ -653,6 +674,7 @@ display(p, list)
 		(void)snprintf(buf, sizeof(buf), "%lu", maxblock);
 		d.s_block = strlen(buf);
 		d.s_flags = maxflags;
+		d.s_lattr = maxlattr;
 		d.s_group = maxgroup;
 		(void)snprintf(buf, sizeof(buf), "%lu", maxinode);
 		d.s_inode = strlen(buf);
@@ -669,6 +691,8 @@ display(p, list)
 	if (f_longform)
 		for (cur = list; cur; cur = cur->fts_link)
 			free(cur->fts_pointer);
+	if (f_lomac)
+		lomac_stop();
 }
 
 /*
diff --git a/bin/ls/ls.h b/bin/ls/ls.h
index 3f929e7..fd75306 100644
--- a/bin/ls/ls.h
+++ b/bin/ls/ls.h
@@ -44,6 +44,7 @@ extern long blocksize;		/* block size units */
 
 extern int f_accesstime;	/* use time of last access */
 extern int f_flags;		/* show flags associated with a file */
+extern int f_lomac;		/* show LOMAC attributes */
 extern int f_inode;		/* print inode */
 extern int f_longform;		/* long listing format */
 extern int f_octal;		/* print unprintables in octal */
@@ -66,6 +67,7 @@ typedef struct {
 	int maxlen;
 	int s_block;
 	int s_flags;
+	int s_lattr;
 	int s_group;
 	int s_inode;
 	int s_nlink;
@@ -77,5 +79,6 @@ typedef struct {
 	char *user;
 	char *group;
 	char *flags;
+	char *lattr;
 	char data[1];
 } NAMES;
diff --git a/bin/ls/print.c b/bin/ls/print.c
index 6b410a3..dd586cc 100644
--- a/bin/ls/print.c
+++ b/bin/ls/print.c
@@ -159,6 +159,8 @@ printlong(dp)
 		    np->group);
 		if (f_flags)
 			(void)printf("%-*s ", dp->s_flags, np->flags);
+		if (f_lomac)
+			(void)printf("%-*s ", dp->s_lattr, np->lattr);
 		if (S_ISCHR(sp->st_mode) || S_ISBLK(sp->st_mode))
 			if (minor(sp->st_rdev) > 255 || minor(sp->st_rdev) < 0)
 				(void)printf("%3d, 0x%08x ",
diff --git a/bin/ls/util.c b/bin/ls/util.c
index 56339c8..84d106e 100644
--- a/bin/ls/util.c
+++ b/bin/ls/util.c
@@ -162,9 +162,9 @@ usage()
 {
 	(void)fprintf(stderr,
 #ifdef COLORLS
-	"usage: ls [-ABCFGHLPRTWabcdfgiklnoqrstu1]"
+	"usage: ls [-ABCFGHLPRTWZabcdfgiklnoqrstu1]"
 #else
-	"usage: ls [-ABCFHLPRTWabcdfgiklnoqrstu1]"
+	"usage: ls [-ABCFHLPRTWZabcdfgiklnoqrstu1]"
 #endif
 		      " [file ...]\n");
 	exit(1);
diff --git a/bin/ps/Makefile b/bin/ps/Makefile
index 08ea30b..1381ee9 100644
--- a/bin/ps/Makefile
+++ b/bin/ps/Makefile
@@ -2,7 +2,7 @@
 #	@(#)Makefile	8.1 (Berkeley) 6/2/93
 
 PROG=	ps
-SRCS=	fmt.c keyword.c nlist.c print.c ps.c
+SRCS=	fmt.c keyword.c nlist.c print.c ps.c lomac.c
 #
 # To support "lazy" ps for non root/wheel users
 # add -DLAZY_PS to the cflags.  This helps
diff --git a/bin/ps/extern.h b/bin/ps/extern.h
index dedac7e..42977e8 100644
--- a/bin/ps/extern.h
+++ b/bin/ps/extern.h
@@ -82,4 +82,5 @@ void	 uname __P((KINFO *, VARENT *));
 int	 s_uname __P((KINFO *));
 void	 vsize __P((KINFO *, VARENT *));
 void	 wchan __P((KINFO *, VARENT *));
+void	 lattr __P((KINFO *, VARENT *));
 __END_DECLS
diff --git a/bin/ps/keyword.c b/bin/ps/keyword.c
index 63693d7..70ad5a9 100644
--- a/bin/ps/keyword.c
+++ b/bin/ps/keyword.c
@@ -105,6 +105,7 @@ VAR var[] = {
 	{"login", "LOGIN", NULL, LJUST, logname, NULL, MAXLOGNAME-1},
 	{"logname", "", "login"},
 	{"lstart", "STARTED", NULL, LJUST|USER, lstarted, NULL, 28},
+	{"lvl", "LVL", NULL, LJUST, lattr, NULL, 3},
 	{"majflt", "MAJFLT",
 		NULL, USER, rvar, NULL, 4, ROFF(ru_majflt), LONG, "ld"},
 	{"minflt", "MINFLT",
diff --git a/bin/ps/lomac.c b/bin/ps/lomac.c
new file mode 100644
index 0000000..9ad9aa4
--- /dev/null
+++ b/bin/ps/lomac.c
@@ -0,0 +1,113 @@
+/*-
+ * Copyright (c) 2001 Networks Associates Technologies, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by NAI Labs, the
+ * Security Research Division of Network Associates, Inc. under
+ * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
+ * CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id: lomac.c,v 1.3 2001/11/26 21:04:04 bfeldman Exp $
+ * $FreeBSD$
+ */
+
+/*
+ * This file encapsulates ls's use of LOMAC's ioctl interface.  ls uses
+ * this interface to determine the LOMAC attributes of files.
+ */
+
+#include <sys/types.h>
+#include <sys/lomacio.h>
+
+#include <err.h>
+#include <fts.h>
+#include <fcntl.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdio.h>
+
+#include "lomac.h"
+
+#define LOMAC_DEVICE "/dev/lomac"
+
+static int devlomac = -1;		/* file descriptor for LOMAC_DEVICE */
+
+/* lomac_start()
+ *
+ * in:     nothing
+ * out:    nothing
+ * return: nothing
+ *
+ * Makes `devlomac' a fd to LOMAC_DEVICE
+ */
+
+void 
+lomac_start(void) {
+
+	if ((devlomac = open(LOMAC_DEVICE, O_RDWR)) == -1)
+		err(1, "cannot open %s", LOMAC_DEVICE);
+}
+
+/* lomac_stop()
+ *
+ * in:     nothing
+ * out:    nothing
+ * return: nothing
+ *
+ * Closes `devlomac', the fd to LOMAC_DEVICE.
+ */
+
+void 
+lomac_stop(void) {
+
+	if (devlomac != -1 && close(devlomac) == -1)
+		err(1, "cannot close %s", LOMAC_DEVICE);
+}
+
+/* get_lattr()
+ *
+ * in:     pid - pid of process whose level we want to know
+ * out:    nothing
+ * return: level of proces `pid'
+ *
+ * This function uses LOMAC's ioctl interface to determine the LOMAC
+ * attributes of the process with pid `pid'.
+ *
+ * This function presently reports only levels.  When LOMAC's ioctl
+ * interface is expanded to report levels and flags, this function
+ * will also need expansion.
+ */
+
+int
+get_lattr(int pid) {
+
+	if (devlomac == -1)
+		lomac_start();
+	if (ioctl(devlomac, LIOGETPLEVEL, &pid) == -1)
+		err(1, NULL);
+	return (pid);
+}
diff --git a/bin/ps/lomac.h b/bin/ps/lomac.h
new file mode 100644
index 0000000..36a08c4
--- /dev/null
+++ b/bin/ps/lomac.h
@@ -0,0 +1,40 @@
+/*-
+ * Copyright (c) 2001 Networks Associates Technologies, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by NAI Labs, the
+ * Security Research Division of Network Associates, Inc. under
+ * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
+ * CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior written
+ *    permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id: lomac.h,v 1.2 2001/11/26 19:27:23 bfeldman Exp $
+ * $FreeBSD$
+ */
+
+void lomac_start(void);
+void lomac_stop(void);
+int get_lattr(int);
diff --git a/bin/ps/print.c b/bin/ps/print.c
index 471f3fe..6212295 100644
--- a/bin/ps/print.c
+++ b/bin/ps/print.c
@@ -726,3 +726,14 @@ rvar(k, ve)
 	else
 		(void)printf("%*s", v->width, "-");
 }
+
+void
+lattr(k, ve)
+	KINFO *k;
+	VARENT *ve;
+{
+	VAR *v;
+
+	v = ve->var;
+	(void)printf("%-*d", (int)v->width, get_lattr(k->ki_p->ki_pid));
+}
diff --git a/bin/ps/ps.1 b/bin/ps/ps.1
index 5052206..a9970b6 100644
--- a/bin/ps/ps.1
+++ b/bin/ps/ps.1
@@ -40,7 +40,7 @@
 .Nd process status
 .Sh SYNOPSIS
 .Nm
-.Op Fl aCcefhjlmrSTuvwx
+.Op Fl aCcefhjlmrSTuvwxZ
 .Op Fl M Ar core
 .Op Fl N Ar system
 .Op Fl O Ar fmt
@@ -182,6 +182,10 @@ option is specified more than once,
 will use as many columns as necessary without regard for your window size.
 .It Fl x
 Display information about processes without controlling terminals.
+.It Fl Z
+Add lvl to the list of keywords for which
+.Nm
+will display information.
 .El
 .Pp
 A complete list of the available keywords are listed below.
@@ -225,6 +229,8 @@ The soft limit on memory used, specified via a call to
 .It lstart
 The exact time the command started, using the ``%c'' format described in
 .Xr strftime 3 .
+.It lvl
+The LOMAC level of the process.
 .It mtxname
 The name of the
 .Xr mutex 9
@@ -376,6 +382,8 @@ memoryuse limit
 login name of user who started the process
 .It lstart
 time started
+.It lvl
+LOMAC level
 .It majflt
 total page faults
 .It minflt
@@ -498,6 +506,8 @@ special files and device names
 default swap device
 .It Pa /dev/kmem
 default kernel memory
+.It Pa /dev/lomac
+interface used to query the LOMAC LKM
 .It Pa /var/run/dev.db
 /dev name database
 .It Pa /var/db/kvm_kernel.db
@@ -514,6 +524,7 @@ the mount point of
 .Xr kvm 3 ,
 .Xr strftime 3 ,
 .Xr procfs 5 ,
+.Xr lomac 4 ,
 .Xr pstat 8 ,
 .Xr sysctl 8 ,
 .Xr mutex 9
diff --git a/bin/ps/ps.c b/bin/ps/ps.c
index 7bc0c24..691b7f5 100644
--- a/bin/ps/ps.c
+++ b/bin/ps/ps.c
@@ -110,6 +110,7 @@ char   o1[] = "pid";
 char   o2[] = "tt state time command";
 char ufmt[] = "user pid %cpu %mem vsz rss tt state start time command";
 char vfmt[] = "pid state time sl re pagein vsz rss lim tsiz %cpu %mem command";
+char Zfmt[] = "lvl";
 
 kvm_t *kd;
 
@@ -150,9 +151,9 @@ main(argc, argv)
 	memf = nlistf = swapf = _PATH_DEVNULL;
 	while ((ch = getopt(argc, argv,
 #if defined(LAZY_PS)
-	    "aCcefghjLlM:mN:O:o:p:rSTt:U:uvW:wx")) != -1)
+	    "aCcefghjLlM:mN:O:o:p:rSTt:U:uvW:wxZ")) != -1)
 #else
-	    "aCceghjLlM:mN:O:o:p:rSTt:U:uvW:wx")) != -1)
+	    "aCceghjLlM:mN:O:o:p:rSTt:U:uvW:wxZ")) != -1)
 #endif
 		switch((char)ch) {
 		case 'a':
@@ -275,6 +276,10 @@ main(argc, argv)
 		case 'x':
 			xflg = 1;
 			break;
+		case 'Z':
+			parsefmt(Zfmt);
+			Zfmt[0] = '\0';
+			break;
 		case '?':
 		default:
 			usage();
@@ -391,6 +396,7 @@ main(argc, argv)
 		}
 	}
 	free(uids);
+	lomac_stop();
 
 	exit(eval);
 }