Use the MAC interface to list process MAC labels rather than using

the LOMAC-specific interface (which is being deprecated).  The
revised LOMAC using the MAC framework will export levels listable
using this mechanism.

Approved by:	re
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories

8 files changed, 58 insertions, 172 deletions

diff --git a/bin/ps/Makefile b/bin/ps/Makefile
index b90e8a5..0bebcb4 100644
--- a/bin/ps/Makefile
+++ b/bin/ps/Makefile
@@ -2,7 +2,7 @@
 #	@(#)Makefile	8.1 (Berkeley) 6/2/93
 
 PROG=	ps
-SRCS=	fmt.c keyword.c nlist.c print.c ps.c lomac.c
+SRCS=	fmt.c keyword.c nlist.c print.c ps.c
 #
 # To support "lazy" ps for non root/wheel users
 # add -DLAZY_PS to the cflags.  This helps
diff --git a/bin/ps/extern.h b/bin/ps/extern.h
index c113462..76c4cfb 100644
--- a/bin/ps/extern.h
+++ b/bin/ps/extern.h
@@ -54,7 +54,7 @@ void	 elapsed(KINFO *, VARENT *);
 const	 char *fmt_argv(char **, char *, size_t);
 double	 getpcpu(const KINFO *);
 void	 kvar(KINFO *, VARENT *);
-void	 lattr(KINFO *, VARENT *);
+void	 label(KINFO *, VARENT *);
 void	 logname(KINFO *, VARENT *);
 void	 longtname(KINFO *, VARENT *);
 void	 lstarted(KINFO *, VARENT *);
@@ -71,6 +71,7 @@ void	 priorityr(KINFO *, VARENT *);
 void	 rgroupname(KINFO *, VARENT *);
 void	 runame(KINFO *, VARENT *);
 void	 rvar(KINFO *, VARENT *);
+int	 s_label(KINFO *);
 int	 s_rgroupname(KINFO *);
 int	 s_runame(KINFO *);
 int	 s_uname(KINFO *);
diff --git a/bin/ps/keyword.c b/bin/ps/keyword.c
index b0a1917..82a3674 100644
--- a/bin/ps/keyword.c
+++ b/bin/ps/keyword.c
@@ -95,13 +95,14 @@ static VAR var[] = {
 		0},
 	{"ktrace", "KTRACE", NULL, 0, kvar, NULL, 8, KOFF(ki_traceflag), INT,
 		"x", 0},
+	{"label", "LABEL", NULL, LJUST|DSIZ, label, s_label, SHRT_MAX, 0, CHAR,
+	    NULL, 0},
 	{"lim", "LIM", NULL, 0, maxrss, NULL, 5, 0, CHAR, NULL, 0},
 	{"login", "LOGIN", NULL, LJUST, logname, NULL, MAXLOGNAME-1, 0, CHAR,
 		NULL, 0},
 	{"logname", "", "login", 0, NULL, NULL, 0, 0, CHAR, NULL, 0},
 	{"lstart", "STARTED", NULL, LJUST|USER, lstarted, NULL, 28, 0, CHAR,
 		NULL, 0},
-	{"lvl", "LVL", NULL, LJUST, lattr, NULL, 3, 0, CHAR, NULL, 0},
 	{"majflt", "MAJFLT", NULL, USER, rvar, NULL, 4, ROFF(ru_majflt),
 		LONG, "ld", 0},
 	{"minflt", "MINFLT", NULL, USER, rvar, NULL, 4, ROFF(ru_minflt),
diff --git a/bin/ps/lomac.c b/bin/ps/lomac.c
deleted file mode 100644
index ec05d1a..0000000
--- a/bin/ps/lomac.c
+++ /dev/null
@@ -1,118 +0,0 @@
-/*-
- * Copyright (c) 2001 Networks Associates Technology, Inc.
- * All rights reserved.
- *
- * This software was developed for the FreeBSD Project by NAI Labs, the
- * Security Research Division of Network Associates, Inc. under
- * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
- * CHATS research program.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. The name of the author may not be used to endorse or promote
- *    products derived from this software without specific prior written
- *    permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * $Id: lomac.c,v 1.3 2001/11/26 21:04:04 bfeldman Exp $
- */
-
-/*
- * This file encapsulates ls's use of LOMAC's ioctl interface.  ls uses
- * this interface to determine the LOMAC attributes of files.
- */
-
-#include <sys/cdefs.h>
-__FBSDID("$FreeBSD$");
-
-#include <sys/types.h>
-#include <security/lomac/lomacio.h>
-
-#include <err.h>
-#include <fts.h>
-#include <fcntl.h>
-#include <stdlib.h>
-#include <string.h>
-#include <stdio.h>
-#include <unistd.h>
-
-#include "lomac.h"
-
-#define LOMAC_DEVICE "/dev/lomac"
-
-static int devlomac = -1;		/* file descriptor for LOMAC_DEVICE */
-
-/* lomac_start()
- *
- * in:     nothing
- * out:    nothing
- * return: nothing
- *
- * Makes `devlomac' a fd to LOMAC_DEVICE
- */
-
-static void 
-lomac_start(void)
-{
-	if ((devlomac = open(LOMAC_DEVICE, O_RDWR)) == -1)
-		err(1, "cannot open %s", LOMAC_DEVICE);
-}
-
-/* lomac_stop()
- *
- * in:     nothing
- * out:    nothing
- * return: nothing
- *
- * Closes `devlomac', the fd to LOMAC_DEVICE.
- */
-
-void 
-lomac_stop(void)
-{
-
-	if (devlomac != -1 && close(devlomac) == -1)
-		err(1, "cannot close %s", LOMAC_DEVICE);
-}
-
-/* get_lattr()
- *
- * in:     pid - pid of process whose level we want to know
- * out:    nothing
- * return: level of proces `pid'
- *
- * This function uses LOMAC's ioctl interface to determine the LOMAC
- * attributes of the process with pid `pid'.
- *
- * This function presently reports only levels.  When LOMAC's ioctl
- * interface is expanded to report levels and flags, this function
- * will also need expansion.
- */
-
-int
-get_lattr(int pid)
-{
-
-	if (devlomac == -1)
-		lomac_start();
-	if (ioctl(devlomac, LIOGETPLEVEL, &pid) == -1)
-		err(1, "ioctl");
-	return (pid);
-}
diff --git a/bin/ps/lomac.h b/bin/ps/lomac.h
deleted file mode 100644
index d5ea706..0000000
--- a/bin/ps/lomac.h
+++ /dev/null
@@ -1,39 +0,0 @@
-/*-
- * Copyright (c) 2001 Networks Associates Technology, Inc.
- * All rights reserved.
- *
- * This software was developed for the FreeBSD Project by NAI Labs, the
- * Security Research Division of Network Associates, Inc. under
- * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
- * CHATS research program.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. The name of the author may not be used to endorse or promote
- *    products derived from this software without specific prior written
- *    permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * $Id: lomac.h,v 1.2 2001/11/26 19:27:23 bfeldman Exp $
- * $FreeBSD$
- */
-
-void lomac_stop(void);
-int get_lattr(int);
diff --git a/bin/ps/print.c b/bin/ps/print.c
index 3fd367a..31a857b 100644
--- a/bin/ps/print.c
+++ b/bin/ps/print.c
@@ -45,6 +45,7 @@ __FBSDID("$FreeBSD$");
 #include <sys/proc.h>
 #include <sys/stat.h>
 
+#include <sys/mac.h>
 #include <sys/user.h>
 #include <sys/sysctl.h>
 
@@ -62,7 +63,6 @@ __FBSDID("$FreeBSD$");
 #include <unistd.h>
 #include <vis.h>
 
-#include "lomac.h"
 #include "ps.h"
 
 #define	ps_pgtok(a)	(((a) * getpagesize()) / 1024)
@@ -726,10 +726,53 @@ rvar(KINFO *k, VARENT *ve)
 }
 
 void
-lattr(KINFO *k, VARENT *ve)
+label(KINFO *k, VARENT *ve)
 {
+	char *string;
+	mac_t label;
+	int error;
 	VAR *v;
 
 	v = ve->var;
-	(void)printf("%-*d", v->width, get_lattr(k->ki_p->ki_pid));
+	string = NULL;
+
+	if (mac_prepare_process_label(&label) == -1) {
+		perror("mac_prepare_process_label");
+		goto out;
+	}
+
+	error = mac_get_pid(k->ki_p->ki_pid, label);
+	if (error == 0) {
+		if (mac_to_text(label, &string) == -1)
+			string = NULL;
+	}
+	mac_free(label);
+
+out:
+	if (string != NULL) {
+		(void)printf("%-*s", v->width, string);
+		free(string);
+	} else
+		(void)printf("%-*s", v->width, "");
+	return;
+}
+
+int
+s_label(KINFO *k)
+{
+	char *string = NULL;
+	mac_t label;
+	int error, size = 0;
+
+	if (mac_prepare_process_label(&label) == -1) {
+		perror("mac_prepare_process_label");
+		return (0);
+	}
+	error = mac_get_pid(k->ki_p->ki_pid, label);
+	if (error == 0 && mac_to_text(label, &string) == 0) {
+		size = strlen(string);
+		free(string);
+	}
+	mac_free(label);
+	return (size);
 }
diff --git a/bin/ps/ps.1 b/bin/ps/ps.1
index be4960c..93c14b5 100644
--- a/bin/ps/ps.1
+++ b/bin/ps/ps.1
@@ -184,7 +184,7 @@ will use as many columns as necessary without regard for your window size.
 .It Fl x
 Display information about processes without controlling terminals.
 .It Fl Z
-Add lvl to the list of keywords for which
+Add label to the list of keywords for which
 .Nm
 will display information.
 .El
@@ -224,14 +224,14 @@ the include file
 .It Dv "P_OWEUPC" Ta No "0x20000	Owe process an addupc() call at next ast"
 .It Dv "P_SWAPPING" Ta No "0x40000	Process is being swapped"
 .El
+.It label
+The MAC label of the process.
 .It lim
 The soft limit on memory used, specified via a call to
 .Xr setrlimit 2 .
 .It lstart
 The exact time the command started, using the ``%c'' format described in
 .Xr strftime 3 .
-.It lvl
-The LOMAC level of the process.
 .It lockname
 The name of the lock that the process is currently blocked on.
 If the name is invalid or unknown, then
@@ -390,14 +390,14 @@ total blocks read (alias inblock)
 job control count
 .It ktrace
 tracing flags
+.It label
+MAC label
 .It lim
 memoryuse limit
 .It logname
 login name of user who started the process
 .It lstart
 time started
-.It lvl
-LOMAC level
 .It majflt
 total page faults
 .It minflt
diff --git a/bin/ps/ps.c b/bin/ps/ps.c
index 98fec49..acdade0 100644
--- a/bin/ps/ps.c
+++ b/bin/ps/ps.c
@@ -64,7 +64,6 @@ __FBSDID("$FreeBSD$");
 #include <string.h>
 #include <unistd.h>
 
-#include "lomac.h"
 #include "ps.h"
 
 #define SEP ", \t"		/* username separators */
@@ -108,7 +107,7 @@ static char   o1[] = "pid";
 static char   o2[] = "tt,state,time,command";
 static char ufmt[] = "user,pid,%cpu,%mem,vsz,rss,tt,state,start,time,command";
 static char vfmt[] = "pid,state,time,sl,re,pagein,vsz,rss,lim,tsiz,%cpu,%mem,command";
-static char Zfmt[] = "lvl";
+static char Zfmt[] = "label";
 
 static kvm_t *kd;
 
@@ -410,7 +409,6 @@ main(int argc, char *argv[])
 		}
 	}
 	free(uids);
-	lomac_stop();
 
 	exit(eval);
 }
@@ -653,7 +651,7 @@ usage(void)
 {
 
 	(void)fprintf(stderr, "%s\n%s\n%s\n",
-	    "usage: ps [-aChjlmrSTuvwx] [-O|o fmt] [-p pid] [-t tty] [-U user]",
+	    "usage: ps [-aChjlmrSTuvwxZ] [-O|o fmt] [-p pid] [-t tty] [-U user]",
 	    "          [-M core] [-N system]",
 	    "       ps [-L]");
 	exit(1);