Unhook the per-policy parsing/printing MAC modules in libc to prepare

to bring in the new MAC label management API.  With the new API
revision, we have only policy-agnostic code in libc and the base
kernel.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories

7 files changed, 5 insertions, 815 deletions

diff --git a/lib/libc/posix1e/Makefile.inc b/lib/libc/posix1e/Makefile.inc
index abac906..3388c8f 100644
--- a/lib/libc/posix1e/Makefile.inc
+++ b/lib/libc/posix1e/Makefile.inc
@@ -19,14 +19,10 @@ SRCS+=	acl_calc_mask.c			\
 	acl_to_text.c			\
 	acl_valid.c			\
 	extattr.c			\
-	mac_biba.c			\
 	mac_free.c			\
 	mac_is_present_np.c		\
 	mac_get.c			\
-	mac_mls.c			\
-	mac_sebsd.c			\
 	mac_set.c			\
-	mac_te.c			\
 	mac_text.c
 
 .if ${LIB} == "c"
diff --git a/lib/libc/posix1e/mac_biba.c b/lib/libc/posix1e/mac_biba.c
deleted file mode 100644
index 7d32480..0000000
--- a/lib/libc/posix1e/mac_biba.c
+++ /dev/null
@@ -1,218 +0,0 @@
-/*
- * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson
- * Copyright (c) 2002 Networks Associates Technology, Inc.
- * All rights reserved.
- *
- * This software was developed by Robert Watson for the TrustedBSD Project.
- *
- * This software was developed for the FreeBSD Project in part by NAI Labs,
- * the Security Research Division of Network Associates, Inc. under
- * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
- * CHATS research program.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. The names of the authors may not be used to endorse or promote
- *    products derived from this software without specific prior written
- *    permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * $FreeBSD$
- */
-
-#include <sys/types.h>
-#include <sys/mac.h>
-
-#include <security/mac_biba/mac_biba.h>
-
-#include <errno.h>
-#include <stdlib.h>
-#include <string.h>
-
-/*
- * Biba labels take the following format:
- * [optional bibasingle][optional bibarange]
- * bibasingle: {low,0-65535,high,equal}
- * bibarange: ([bibasingle]-[bibasingle])
- */
-
-/*
- * Extract mac_biba_element contents from a string.
- */
-static int
-mac_biba_element_from_string(char *string, struct mac_biba_element *element)
-{
-	unsigned long value;
-	char *endp;
-	int error;
-
-	if (strcmp(string, "low") == 0) {
-		element->mbe_type = MAC_BIBA_TYPE_LOW;
-		element->mbe_grade = 0;
-		error = 0;
-	} else if (strcmp(string, "high") == 0) {
-		element->mbe_type = MAC_BIBA_TYPE_HIGH;
-		element->mbe_grade = 0;
-		error = 0;
-	} else if (strcmp(string, "equal") == 0) {
-		element->mbe_type = MAC_BIBA_TYPE_EQUAL;
-		element->mbe_grade = 0;
-		error = 0;
-	} else {
-		value = strtoul(string, &endp, 10);
-		if (*endp == '\0' && value == (u_short) value) {
-			element->mbe_type = MAC_BIBA_TYPE_GRADE;
-			element->mbe_grade = value;
-			error = 0;
-		} else
-			error = EINVAL;
-	}
-
-	return (error);
-}
-
-/*
- * Destructively convert a string into a mac_biba.
- */
-int
-mac_biba_label_from_string(char *string, struct mac *label)
-{
-	char *string_single, *string_rangelow, *string_rangehigh;
-	int error;
-
-	bzero(&label->m_biba, sizeof(label->m_biba));
-
-	/*
-	 * Is a '(' present?, if so check for last character of ')', and
-	 * split into single and range strings after nulling the '(' and
-	 * ')'.  Reject if appropriate.
-	 */
-
-	string_single = strsep(&string, "(");
-	if (*string_single == '\0' && string == NULL) {
-		/* No interesting elements to parse, flags already zero'd. */
-		return (0);
-	}
-	if (string != NULL) {
-		/* If a '(' was present, last character must be ')'. */
-		if (*string == '\0')
-			return (EINVAL);
-		if (string[strlen(string)-1] != ')')
-			return (EINVAL);
-		string[strlen(string)-1] = '\0';
-	}
-
-	/*
-	 * If range is present, split range into rangelow and rangehigh
-	 * based on '-', if present, and nul it.  Process range elements.
-	 * Reject if appropriate.
-	 */
-	if (string != NULL) {
-		string_rangehigh = string;
-		string_rangelow = strsep(&string_rangehigh, "-");
-		if (*string_rangelow == '\0' || string_rangehigh == NULL)
-			return (EINVAL);
-		error = mac_biba_element_from_string(string_rangelow,
-		    &label->m_biba.mb_rangelow);
-		if (error)
-			return (error);
-		error = mac_biba_element_from_string(string_rangehigh,
-		    &label->m_biba.mb_rangehigh);
-		if (error)
-			return (error);
-		label->m_biba.mb_flags |= MAC_BIBA_FLAG_RANGE;
-	}
-
-	/*
-	 * If single is present, process single and reject if needed.
-	 */
-	if (*string_single != '\0') {
-		error = mac_biba_element_from_string(string_single,
-		    &label->m_biba.mb_single);
-		if (error)
-			return (error);
-		label->m_biba.mb_flags |= MAC_BIBA_FLAG_SINGLE;
-	}
-
-	return (0);
-}
-
-static char *
-mac_biba_string_from_element(struct mac_biba_element *element)
-{
-	char *string;
-
-	switch(element->mbe_type) {
-	case MAC_BIBA_TYPE_LOW:
-		return (strdup("low"));
-
-	case MAC_BIBA_TYPE_HIGH:
-		return (strdup("high"));
-
-	case MAC_BIBA_TYPE_EQUAL:
-		return (strdup("equal"));
-
-	case MAC_BIBA_TYPE_GRADE:
-		asprintf(&string, "%d", element->mbe_grade);
-		return (string);
-
-	default:
-		return (strdup("invalid"));
-	}
-}
-
-char *
-mac_biba_string_from_label(struct mac *label)
-{
-	char *format_string = NULL;
-	char *string = NULL, *string_single = NULL, *string_rangelow = NULL;
-	char *string_rangehigh = NULL;
-
-	if (label->m_biba.mb_flags & MAC_BIBA_FLAG_SINGLE) {
-		string_single = mac_biba_string_from_element(
-		    &label->m_biba.mb_single);
-	}
-	if (label->m_biba.mb_flags & MAC_BIBA_FLAG_RANGE) {
-		string_rangelow = mac_biba_string_from_element(
-		    &label->m_biba.mb_rangelow);
-		string_rangehigh = mac_biba_string_from_element(
-		    &label->m_biba.mb_rangehigh);
-	}
-
-	if (string_rangelow && string_single) {
-		asprintf(&string, "%s(%s-%s)", string_single, string_rangelow,
-		    string_rangehigh);
-	} else if (string_rangelow) {
-		asprintf(&string, "(%s-%s)", string_rangelow,
-		    string_rangehigh);
-	} else if (string_single) {
-		asprintf(&string, "%s", string_single);
-	} else
-		string = strdup("");
-
-	if (string_single)
-		free(string_single);
-	if (string_rangelow)
-		free(string_rangelow);
-	if (string_rangehigh)
-		free(string_rangehigh);
-
-	return (string);
-}
diff --git a/lib/libc/posix1e/mac_internal.h b/lib/libc/posix1e/mac_internal.h
deleted file mode 100644
index 20c46b3..0000000
--- a/lib/libc/posix1e/mac_internal.h
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson
- * Copyright (c) 2002 Networks Associates Technology, Inc.
- * All rights reserved.
- *
- * This software was developed by Robert Watson for the TrustedBSD Project.
- *
- * This software was developed for the FreeBSD Project in part by NAI Labs,
- * the Security Research Division of Network Associates, Inc. under
- * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
- * CHATS research program.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. The names of the authors may not be used to endorse or promote
- *    products derived from this software without specific prior written
- *    permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * $FreeBSD$
- */
-
-/*
- * Eventually, these per-policy interfaces will be handled via a
- * standard userland MAC module interface.
- */
-
-int	 mac_biba_label_from_string __P((char *string, struct mac *label));
-char	*mac_biba_string_from_label __P((struct mac *label));
-int	 mac_mls_label_from_string __P((char *string, struct mac *label));
-char	*mac_mls_string_from_label __P((struct mac *label));
-int	 mac_te_label_from_string __P((char *string, struct mac *label));
-char	*mac_te_string_from_label __P((struct mac *label));
diff --git a/lib/libc/posix1e/mac_mls.c b/lib/libc/posix1e/mac_mls.c
deleted file mode 100644
index 78d7b99..0000000
--- a/lib/libc/posix1e/mac_mls.c
+++ /dev/null
@@ -1,218 +0,0 @@
-/*
- * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson
- * Copyright (c) 2002 Networks Associates Technology, Inc.
- * All rights reserved.
- *
- * This software was developed by Robert Watson for the TrustedBSD Project.
- *
- * This software was developed for the FreeBSD Project in part by NAI Labs,
- * the Security Research Division of Network Associates, Inc. under
- * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
- * CHATS research program.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. The names of the authors may not be used to endorse or promote
- *    products derived from this software without specific prior written
- *    permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * $FreeBSD$
- */
-
-#include <sys/types.h>
-#include <sys/mac.h>
-
-#include <security/mac_mls/mac_mls.h>
-
-#include <errno.h>
-#include <stdlib.h>
-#include <string.h>
-
-/*
- * MLS labels take the following format:
- * [optional mlssingle][optional mlsrange]
- * mlssingle: {low,0-65535,high,equal}
- * mlsrange: ([mlssingle]-[mlssingle])
- */
-
-/*
- * Extract mac_mls_element contents from a string.
- */
-static int
-mac_mls_element_from_string(char *string, struct mac_mls_element *element)
-{
-	unsigned long value;
-	char *endp;
-	int error;
-
-	if (strcmp(string, "low") == 0) {
-		element->mme_type = MAC_MLS_TYPE_LOW;
-		element->mme_level = 0;
-		error = 0;
-	} else if (strcmp(string, "high") == 0) {
-		element->mme_type = MAC_MLS_TYPE_HIGH;
-		element->mme_level = 0;
-		error = 0;
-	} else if (strcmp(string, "equal") == 0) {
-		element->mme_type = MAC_MLS_TYPE_EQUAL;
-		element->mme_level = 0;
-		error = 0;
-	} else {
-		value = strtoul(string, &endp, 10);
-		if (*endp == '\0' && value == (u_short) value) {
-			element->mme_type = MAC_MLS_TYPE_LEVEL;
-			element->mme_level = value;
-			error = 0;
-		} else
-			error = EINVAL;
-	}
-
-	return (error);
-}
-
-/*
- * Destructively convert a string into a mac_mls.
- */
-int
-mac_mls_label_from_string(char *string, struct mac *label)
-{
-	char *string_single, *string_rangelow, *string_rangehigh;
-	int error;
-
-	bzero(&label->m_mls, sizeof(label->m_mls));
-
-	/*
-	 * Is a '(' present?, if so check for last character of ')', and
-	 * split into single and range strings after nulling the '(' and
-	 * ')'.  Reject if appropriate.
-	 */
-
-	string_single = strsep(&string, "(");
-	if (*string_single == '\0' && string == NULL) {
-		/* No interesting elements to parse, flags already zero'd. */
-		return (0);
-	}
-	if (string != NULL) {
-		/* If a '(' was present, last character must be ')'. */
-		if (*string == '\0')
-			return (EINVAL);
-		if (string[strlen(string)-1] != ')')
-			return (EINVAL);
-		string[strlen(string)-1] = '\0';
-	}
-
-	/*
-	 * If range is present, split range into rangelow and rangehigh
-	 * based on '-', if present, and nul it.  Process range elements.
-	 * Reject if appropriate.
-	 */
-	if (string != NULL) {
-		string_rangehigh = string;
-		string_rangelow = strsep(&string_rangehigh, "-");
-		if (*string_rangelow == '\0' || string_rangehigh == NULL)
-			return (EINVAL);
-		error = mac_mls_element_from_string(string_rangelow,
-		    &label->m_mls.mm_rangelow);
-		if (error)
-			return (error);
-		error = mac_mls_element_from_string(string_rangehigh,
-		    &label->m_mls.mm_rangehigh);
-		if (error)
-			return (error);
-		label->m_mls.mm_flags |= MAC_MLS_FLAG_RANGE;
-	}
-
-	/*
-	 * If single is present, process single and reject if needed.
-	 */
-	if (*string_single != '\0') {
-		error = mac_mls_element_from_string(string_single,
-		    &label->m_mls.mm_single);
-		if (error)
-			return (error);
-		label->m_mls.mm_flags |= MAC_MLS_FLAG_SINGLE;
-	}
-
-	return (0);
-}
-
-static char *
-mac_mls_string_from_element(struct mac_mls_element *element)
-{
-	char *string;
-
-	switch(element->mme_type) {
-	case MAC_MLS_TYPE_LOW:
-		return (strdup("low"));
-
-	case MAC_MLS_TYPE_HIGH:
-		return (strdup("high"));
-
-	case MAC_MLS_TYPE_EQUAL:
-		return (strdup("equal"));
-
-	case MAC_MLS_TYPE_LEVEL:
-		asprintf(&string, "%d", element->mme_level);
-		return (string);
-
-	default:
-		return (strdup("invalid"));
-	}
-}
-
-char *
-mac_mls_string_from_label(struct mac *label)
-{
-	char *format_string = NULL;
-	char *string = NULL, *string_single = NULL, *string_rangelow = NULL;
-	char *string_rangehigh = NULL;
-
-	if (label->m_mls.mm_flags & MAC_MLS_FLAG_SINGLE) {
-		string_single = mac_mls_string_from_element(
-		    &label->m_mls.mm_single);
-	}
-	if (label->m_mls.mm_flags & MAC_MLS_FLAG_RANGE) {
-		string_rangelow = mac_mls_string_from_element(
-		    &label->m_mls.mm_rangelow);
-		string_rangehigh = mac_mls_string_from_element(
-		    &label->m_mls.mm_rangehigh);
-	}
-
-	if (string_rangelow && string_single) {
-		asprintf(&string, "%s(%s-%s)", string_single, string_rangelow,
-		    string_rangehigh);
-	} else if (string_rangelow) {
-		asprintf(&string, "(%s-%s)", string_rangelow,
-		    string_rangehigh);
-	} else if (string_single) {
-		asprintf(&string, "%s", string_single);
-	} else
-		string = strdup("");
-
-	if (string_single)
-		free(string_single);
-	if (string_rangelow)
-		free(string_rangelow);
-	if (string_rangehigh)
-		free(string_rangehigh);
-
-	return (string);
-}
diff --git a/lib/libc/posix1e/mac_sebsd.c b/lib/libc/posix1e/mac_sebsd.c
deleted file mode 100644
index 5a152bd..0000000
--- a/lib/libc/posix1e/mac_sebsd.c
+++ /dev/null
@@ -1,67 +0,0 @@
-/*
- * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson
- * Copyright (c) 2002 Networks Associates Technology, Inc.
- * All rights reserved.
- *
- * This software was developed by Robert Watson for the TrustedBSD Project.
- *
- * This software was developed for the FreeBSD Project in part by NAI Labs,
- * the Security Research Division of Network Associates, Inc. under
- * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
- * CHATS research program.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. The names of the authors may not be used to endorse or promote
- *    products derived from this software without specific prior written
- *    permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * $FreeBSD$
- */
-
-#include <sys/types.h>
-#include <sys/mac.h>
-
-#include <errno.h>
-#include <stdlib.h>
-#include <string.h>
-
-/*
- * SEBSD labels consist of a single psid_t.
- */
-
-int
-mac_sebsd_label_from_string(char *string, struct mac *label)
-{
-
-	bzero(&label->m_sebsd, sizeof(label->m_sebsd));
-	return (sscanf(string, "%u", &label->m_sebsd.ms_psid) == 1 ? 0
-	    : errno);
-}
-
-char *
-mac_sebsd_string_from_label(struct mac *label)
-{
-	char *ret;
-
-	asprintf(&ret, "%u", label->m_sebsd.ms_psid);
-	return (ret);
-}
diff --git a/lib/libc/posix1e/mac_te.c b/lib/libc/posix1e/mac_te.c
deleted file mode 100644
index c3e3f5e..0000000
--- a/lib/libc/posix1e/mac_te.c
+++ /dev/null
@@ -1,69 +0,0 @@
-/*
- * Copyright (c) 1999, 2000, 2001, 2002 Robert N. M. Watson
- * Copyright (c) 2002 Networks Associates Technology, Inc.
- * All rights reserved.
- *
- * This software was developed by Robert Watson for the TrustedBSD Project.
- *
- * This software was developed for the FreeBSD Project in part by NAI Labs,
- * the Security Research Division of Network Associates, Inc. under
- * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
- * CHATS research program.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. The names of the authors may not be used to endorse or promote
- *    products derived from this software without specific prior written
- *    permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * $FreeBSD$
- */
-
-#include <sys/types.h>
-#include <sys/mac.h>
-
-#include <errno.h>
-#include <stdlib.h>
-#include <string.h>
-
-/*
- * TE labels simply consist of the typename.  The type length may
- * be zero indicating that the text form did not include a type,
- * but the string length must not exceed the length limit in the label.
- */
-
-int
-mac_te_label_from_string(char *string, struct mac *label)
-{
-
-	bzero(&label->m_te, sizeof(label->m_te));
-	if (strlcpy(label->m_te.mt_type, string,
-	    sizeof(label->m_te.mt_type)) >= sizeof(label->m_te.mt_type))
-		return (EINVAL);
-	return (0);
-}
-
-char *
-mac_te_string_from_label(struct mac *label)
-{
-
-	return (strdup(label->m_te.mt_type));
-}
diff --git a/lib/libc/posix1e/mac_text.c b/lib/libc/posix1e/mac_text.c
index c244fdc..9c72c14 100644
--- a/lib/libc/posix1e/mac_text.c
+++ b/lib/libc/posix1e/mac_text.c
@@ -41,204 +41,20 @@
 #include <sys/mac.h>
 
 #include <errno.h>
-#include <stdio.h>
-#include <string.h>
-
-#include "mac_internal.h"
-
-/*
- * POSIX.1e does not define a text format for MAC label string conversions.
- * We use the following format:
- *
- * label: policyname/policyvalue{,...}
- *
- * Each policy is responsible for parsing policyvalue on its own, although
- * policies must not use '/' or ',' in their text representation.  Currently
- * supported policies are "biba, "mls", "te".
- */
-
-#define	STRING_LISTSEP		","
-#define	STRING_ELEMENTSEP	"/"
-
-#define	STRING_BIBA		"biba"
-#define	STRING_MLS		"mls"
-#define	STRING_TE		"te"
+#include <stdlib.h>
 
 char *
 mac_to_text(struct mac *mac_p, size_t *len_p)
 {
-	char *biba = NULL, *mls = NULL, *string = NULL, *te = NULL;
-	int len = -1, before;
-
-	biba = mac_biba_string_from_label(mac_p);
-	if (biba == NULL)
-		goto out;
-
-	mls = mac_mls_string_from_label(mac_p);
-	if (mls == NULL)
-		goto out;
-
-	te = mac_te_string_from_label(mac_p);
-	if (te == NULL)
-		goto out;
-
-	len = 0;
-	if (strlen(biba) != 0)
-		len += strlen(STRING_LISTSEP) + strlen(STRING_BIBA) +
-		    strlen(STRING_ELEMENTSEP) + strlen(biba);
-	if (strlen(mls) != 0)
-		len += strlen(STRING_LISTSEP) + strlen(STRING_MLS) +
-		    strlen(STRING_ELEMENTSEP) + strlen(mls);
-	if (strlen(te) != 0)
-		len += strlen(STRING_LISTSEP) + strlen(STRING_TE) +
-		    strlen(STRING_ELEMENTSEP) + strlen(te);
-
-	if (len == 0) {
-		string = strdup("");
-		goto out;
-	}
-
-	string = (char *) malloc(len+1);
-	if (string == NULL)
-		return (NULL);
 
-	len = 0;
-	before = 0;
-
-	if (strlen(biba) != 0) {
-		if (before)
-			len += sprintf(string + len, "%s", STRING_LISTSEP);
-		len += sprintf(string + len, "%s%s%s", STRING_BIBA,
-		    STRING_ELEMENTSEP, biba);
-		before = 1;
-	}
-	if (strlen(mls) != 0) {
-		if (before)
-			len += sprintf(string + len, "%s", STRING_LISTSEP);
-		len += sprintf(string + len, "%s%s%s", STRING_MLS,
-		    STRING_ELEMENTSEP, mls);
-		before = 1;
-	}
-	if (strlen(te) != 0) {
-		if (before)
-			len += sprintf(string + len, "%s", STRING_LISTSEP);
-		len += sprintf(string + len, "%s%s%s", STRING_TE,
-		    STRING_ELEMENTSEP, te);
-		before = 1;
-	}
-
-out:
-	if (biba != NULL)
-		free(biba);
-	if (mls != NULL)
-		free(mls);
-	if (te != NULL)
-		free(te);
-
-	if (len != -1 && len_p != NULL)
-		*len_p = len;
-
-	return (string);
+	errno = EINVAL;
+	return (NULL);
 }
 
 struct mac *
 mac_from_text(const char *text_p)
 {
-	struct mac *label;
-	char *local_string, *next_token, *token, *tmp;
-	char *policy_name, *policy_value;
-	int biba_seen = 0, mls_seen = 0, te_seen = 0;
-	int error;
-
-	/*
-	 * Parse into three assignments, determine which assignments
-	 * they are and recurse appropriately, and reject if there are
-	 * not the right assignments (or duplicates).
-	 */
-
-	label = (struct mac *) malloc(sizeof(*label));
-	if (label == NULL) {
-		errno = ENOMEM;
-		goto exit1;
-	}
-	label->m_macflags = 0;
-	label->m_macflags |= MAC_FLAG_INITIALIZED;
-
-	local_string = strdup(text_p);
-	if (local_string == NULL) {
-		errno = ENOMEM;
-		goto exit2;
-	}
-
-	next_token = local_string;
-	while ((token = strsep(&next_token, STRING_LISTSEP)) != NULL) {
-
-		policy_value = token;
-		policy_name = strsep(&policy_value, STRING_ELEMENTSEP);
-
-		if (strcmp(policy_name, STRING_BIBA) == 0) {
-			error = mac_biba_label_from_string(policy_value,
-			    label);
-			if (error) {
-				errno = error;
-				goto exit2;
-			}
-			biba_seen++;
-		} else if (strcmp(policy_name, STRING_MLS) == 0) {
-			error = mac_mls_label_from_string(policy_value,
-			    label);
-			if (error) {
-				errno = error;
-				goto exit2;
-			}
-			mls_seen++;
-		} else if (strcmp(policy_name, STRING_TE) == 0) {
-			error = mac_te_label_from_string(policy_value, label);
-			if (error) {
-				errno = error;
-				goto exit2;
-			}
-			te_seen++;
-		} else {
-			errno = EINVAL;
-			goto exit2;
-		}
-	}
-
-	if (biba_seen == 0) {
-		error = mac_biba_label_from_string("", label);
-		if (error) {
-			errno = error;
-			goto exit2;
-		}
-	}
-	if (mls_seen == 0) {
-		error = mac_mls_label_from_string("", label);
-		if (error) {
-			errno = error;
-			goto exit2;
-		}
-	}
-	if (te_seen == 0) {
-		error = mac_te_label_from_string("", label);
-		if (error) {
-			errno = error;
-			goto exit2;
-		}
-	}
-
-	if (biba_seen > 1 || mls_seen > 1 || te_seen > 1) {
-		errno = EINVAL;
-		goto exit2;
-	}
-
-	/* Success. */
-	goto exit1;
 
-exit2:
-	free(label);
-	label = NULL;
-exit1:
-	free(local_string);
-	return (label);
+	errno = EINVAL;
+	return (NULL);
 }