Add "-M" argument to id(1), which permits the id command to be used

to print the MAC label of the current process.  "-M" selected as that's
what is used in Trusted IRIX.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, McAfee Research

2 files changed, 46 insertions, 3 deletions

diff --git a/usr.bin/id/id.1 b/usr.bin/id/id.1
index f132f46..7079446 100644
--- a/usr.bin/id/id.1
+++ b/usr.bin/id/id.1
@@ -48,6 +48,8 @@
 .Fl G Op Fl n
 .Op Ar user
 .Nm
+.Fl M
+.Nm
 .Fl P
 .Op Ar user
 .Nm
@@ -78,6 +80,8 @@ The options are as follows:
 .It Fl G
 Display the different group IDs (effective, real and supplementary)
 as white-space separated numbers, in no particular order.
+.It Fl M
+Display the MAC label of the current prorcess.
 .It Fl P
 Display the id as a password file entry.
 .It Fl g
diff --git a/usr.bin/id/id.c b/usr.bin/id/id.c
index 2d4eee7..99f710b 100644
--- a/usr.bin/id/id.c
+++ b/usr.bin/id/id.c
@@ -46,8 +46,10 @@ static char sccsid[] = "@(#)id.c	8.2 (Berkeley) 2/16/94";
 __FBSDID("$FreeBSD$");
 
 #include <sys/param.h>
+#include <sys/mac.h>
 
 #include <err.h>
+#include <errno.h>
 #include <grp.h>
 #include <pwd.h>
 #include <stdio.h>
@@ -59,6 +61,7 @@ void	current(void);
 void	pline(struct passwd *);
 void	pretty(struct passwd *);
 void	group(struct passwd *, int);
+void	maclabel(void);
 void	usage(void);
 void	user(struct passwd *);
 struct passwd *
@@ -71,10 +74,10 @@ main(int argc, char *argv[])
 {
 	struct group *gr;
 	struct passwd *pw;
-	int Gflag, Pflag, ch, gflag, id, nflag, pflag, rflag, uflag;
+	int Gflag, Mflag, Pflag, ch, gflag, id, nflag, pflag, rflag, uflag;
 	const char *myname;
 
-	Gflag = Pflag = gflag = nflag = pflag = rflag = uflag = 0;
+	Gflag = Mflag = Pflag = gflag = nflag = pflag = rflag = uflag = 0;
 
 	myname = strrchr(argv[0], '/');
 	myname = (myname != NULL) ? myname + 1 : argv[0];
@@ -88,11 +91,14 @@ main(int argc, char *argv[])
 	}
 
 	while ((ch = getopt(argc, argv,
-	    (isgroups || iswhoami) ? "" : "PGgnpru")) != -1)
+	    (isgroups || iswhoami) ? "" : "PGMgnpru")) != -1)
 		switch(ch) {
 		case 'G':
 			Gflag = 1;
 			break;
+		case 'M':
+			Mflag = 1;
+			break;
 		case 'P':
 			Pflag = 1;
 			break;
@@ -134,6 +140,9 @@ main(int argc, char *argv[])
 
 	pw = *argv ? who(*argv) : NULL;
 
+	if (Mflag && pw != NULL)
+		usage();
+
 	if (gflag) {
 		id = pw ? pw->pw_gid : rflag ? getgid() : getegid();
 		if (nflag && (gr = getgrgid(id)))
@@ -157,6 +166,11 @@ main(int argc, char *argv[])
 		exit(0);
 	}
 
+	if (Mflag) {
+		maclabel();
+		exit(0);
+	}
+
 	if (Pflag) {
 		pline(pw);
 		exit(0);
@@ -317,6 +331,30 @@ group(struct passwd *pw, int nflag)
 	(void)printf("\n");
 }
 
+void
+maclabel(void)
+{
+	char *string;
+	mac_t label;
+	int error;
+
+	error = mac_prepare_process_label(&label);
+	if (error == -1)
+		errx(1, "mac_prepare_type: %s", strerror(errno));
+
+	error = mac_get_proc(label);
+	if (error == -1)
+		errx(1, "mac_get_proc: %s", strerror(errno));
+
+	error = mac_to_text(label, &string);
+	if (error == -1)
+		errx(1, "mac_to_text: %s", strerror(errno));
+
+	(void)printf("%s\n", string);
+	mac_free(label);
+	free(string);
+}
+
 struct passwd *
 who(char *u)
 {
@@ -366,6 +404,7 @@ usage(void)
 		(void)fprintf(stderr, "%s\n%s\n%s\n%s\n%s\n%s\n",
 		    "usage: id [user]",
 		    "       id -G [-n] [user]",
+		    "       id -M",
 		    "       id -P [user]",
 		    "       id -g [-nr] [user]",
 		    "       id -p [user]",