62 bsde_rule_to_string(struct mac_bsdextended_rule *rule, char *buf, size_t buflen)  in bsde_rule_to_string()  argument
67 	char *cur, type[sizeof(rule->mbr_object.mbo_type) * CHAR_BIT + 1];  in bsde_rule_to_string()
79 	if (rule->mbr_subject.mbs_flags) {  in bsde_rule_to_string()
80 		if (rule->mbr_subject.mbs_neg == MBS_ALL_FLAGS) {  in bsde_rule_to_string()
91 		if (!notdone && (rule->mbr_subject.mbs_neg & MBO_UID_DEFINED)) {  in bsde_rule_to_string()
98 		if (rule->mbr_subject.mbs_flags & MBO_UID_DEFINED) {  in bsde_rule_to_string()
99 			pwd = getpwuid(rule->mbr_subject.mbs_uid_min);  in bsde_rule_to_string()
109 				    rule->mbr_subject.mbs_uid_min);  in bsde_rule_to_string()
115 			if (rule->mbr_subject.mbs_uid_min !=  in bsde_rule_to_string()
116 			    rule->mbr_subject.mbs_uid_max) {  in bsde_rule_to_string()
117 				pwd = getpwuid(rule->mbr_subject.mbs_uid_max);  in bsde_rule_to_string()
127 					    rule->mbr_subject.mbs_uid_max);  in bsde_rule_to_string()
141 		if (!notdone && (rule->mbr_subject.mbs_neg & MBO_GID_DEFINED)) {  in bsde_rule_to_string()
148 		if (rule->mbr_subject.mbs_flags & MBO_GID_DEFINED) {  in bsde_rule_to_string()
149 			grp = getgrgid(rule->mbr_subject.mbs_gid_min);  in bsde_rule_to_string()
159 				    rule->mbr_subject.mbs_gid_min);  in bsde_rule_to_string()
165 			if (rule->mbr_subject.mbs_gid_min !=  in bsde_rule_to_string()
166 			    rule->mbr_subject.mbs_gid_max) {  in bsde_rule_to_string()
167 				grp = getgrgid(rule->mbr_subject.mbs_gid_max);  in bsde_rule_to_string()
177 					    rule->mbr_subject.mbs_gid_max);  in bsde_rule_to_string()
191 		if (!notdone && (rule->mbr_subject.mbs_neg & MBS_PRISON_DEFINED)) {  in bsde_rule_to_string()
198 		if (rule->mbr_subject.mbs_flags & MBS_PRISON_DEFINED) {  in bsde_rule_to_string()
200 			    rule->mbr_subject.mbs_prison);  in bsde_rule_to_string()
213 	if (rule->mbr_object.mbo_flags) {  in bsde_rule_to_string()
214 		if (rule->mbr_object.mbo_neg == MBO_ALL_FLAGS) {  in bsde_rule_to_string()
225 		if (!notdone && (rule->mbr_object.mbo_neg & MBO_UID_DEFINED)) {  in bsde_rule_to_string()
232 		if (rule->mbr_object.mbo_flags & MBO_UID_DEFINED) {  in bsde_rule_to_string()
233 			pwd = getpwuid(rule->mbr_object.mbo_uid_min);  in bsde_rule_to_string()
243 				    rule->mbr_object.mbo_uid_min);  in bsde_rule_to_string()
249 			if (rule->mbr_object.mbo_uid_min !=  in bsde_rule_to_string()
250 			    rule->mbr_object.mbo_uid_max) {  in bsde_rule_to_string()
251 				pwd = getpwuid(rule->mbr_object.mbo_uid_max);  in bsde_rule_to_string()
261 					    rule->mbr_object.mbo_uid_max);  in bsde_rule_to_string()
275 		if (!notdone && (rule->mbr_object.mbo_neg & MBO_GID_DEFINED)) {  in bsde_rule_to_string()
282 		if (rule->mbr_object.mbo_flags & MBO_GID_DEFINED) {  in bsde_rule_to_string()
283 			grp = getgrgid(rule->mbr_object.mbo_gid_min);  in bsde_rule_to_string()
293 				    rule->mbr_object.mbo_gid_min);  in bsde_rule_to_string()
299 			if (rule->mbr_object.mbo_gid_min !=  in bsde_rule_to_string()
300 			    rule->mbr_object.mbo_gid_max) {  in bsde_rule_to_string()
301 				grp = getgrgid(rule->mbr_object.mbo_gid_max);  in bsde_rule_to_string()
311 					    rule->mbr_object.mbo_gid_max);  in bsde_rule_to_string()
325 		if (!notdone && (rule->mbr_object.mbo_neg & MBO_FSID_DEFINED)) {  in bsde_rule_to_string()
332 		if (rule->mbr_object.mbo_flags & MBO_FSID_DEFINED) {  in bsde_rule_to_string()
335 				if (fsidcmp(&rule->mbr_object.mbo_fsid,  in bsde_rule_to_string()
345 		if (!notdone && (rule->mbr_object.mbo_neg & MBO_SUID)) {  in bsde_rule_to_string()
352 		if (rule->mbr_object.mbo_flags & MBO_SUID) {  in bsde_rule_to_string()
359 		if (!notdone && (rule->mbr_object.mbo_neg & MBO_SGID)) {  in bsde_rule_to_string()
366 		if (rule->mbr_object.mbo_flags & MBO_SGID) {  in bsde_rule_to_string()
373 		if (!notdone && (rule->mbr_object.mbo_neg & MBO_UID_SUBJECT)) {  in bsde_rule_to_string()
380 		if (rule->mbr_object.mbo_flags & MBO_UID_SUBJECT) {  in bsde_rule_to_string()
387 		if (!notdone && (rule->mbr_object.mbo_neg & MBO_GID_SUBJECT)) {  in bsde_rule_to_string()
394 		if (rule->mbr_object.mbo_flags & MBO_GID_SUBJECT) {  in bsde_rule_to_string()
401 		if (!notdone && (rule->mbr_object.mbo_neg & MBO_TYPE_DEFINED)) {  in bsde_rule_to_string()
408 		if (rule->mbr_object.mbo_flags & MBO_TYPE_DEFINED) {  in bsde_rule_to_string()
410 			if (rule->mbr_object.mbo_type & MBO_TYPE_REG)  in bsde_rule_to_string()
412 			if (rule->mbr_object.mbo_type & MBO_TYPE_DIR)  in bsde_rule_to_string()
414 			if (rule->mbr_object.mbo_type & MBO_TYPE_BLK)  in bsde_rule_to_string()
416 			if (rule->mbr_object.mbo_type & MBO_TYPE_CHR)  in bsde_rule_to_string()
418 			if (rule->mbr_object.mbo_type & MBO_TYPE_LNK)  in bsde_rule_to_string()
420 			if (rule->mbr_object.mbo_type & MBO_TYPE_SOCK)  in bsde_rule_to_string()
422 			if (rule->mbr_object.mbo_type & MBO_TYPE_FIFO)  in bsde_rule_to_string()
424 			if (rule->mbr_object.mbo_type == MBO_ALL_TYPE) {  in bsde_rule_to_string()
443 	anymode = (rule->mbr_mode & MBI_ALLPERM);  in bsde_rule_to_string()
444 	unknownmode = (rule->mbr_mode & ~MBI_ALLPERM);  in bsde_rule_to_string()
446 	if (rule->mbr_mode & MBI_ADMIN) {  in bsde_rule_to_string()
454 	if (rule->mbr_mode & MBI_READ) {  in bsde_rule_to_string()
462 	if (rule->mbr_mode & MBI_STAT) {  in bsde_rule_to_string()
470 	if (rule->mbr_mode & MBI_WRITE) {  in bsde_rule_to_string()
478 	if (rule->mbr_mode & MBI_EXEC) {  in bsde_rule_to_string()
1008 bsde_parse_rule(int argc, char *argv[], struct mac_bsdextended_rule *rule,  in bsde_parse_rule()  argument
1016 	bzero(rule, sizeof(*rule));  in bsde_parse_rule()
1019 		snprintf(errstr, buflen, "Rule must begin with subject");  in bsde_parse_rule()
1024 		snprintf(errstr, buflen, "Rule must begin with subject");  in bsde_parse_rule()
1038 		snprintf(errstr, buflen, "Rule must contain an object");  in bsde_parse_rule()
1049 		snprintf(errstr, buflen, "Rule must contain mode");  in bsde_parse_rule()
1060 	    argv + subject_elements, &rule->mbr_subject, buflen, errstr);  in bsde_parse_rule()
1065 	    argv + object_elements, &rule->mbr_object, buflen, errstr);  in bsde_parse_rule()
1070 	    &rule->mbr_mode, buflen, errstr);  in bsde_parse_rule()
1078 bsde_parse_rule_string(const char *string, struct mac_bsdextended_rule *rule,  in bsde_parse_rule_string()  argument
1096 	error = bsde_parse_rule(argc, argv, rule, buflen, errstr);  in bsde_parse_rule_string()
1189 bsde_get_rule(int rulenum, struct mac_bsdextended_rule *rule, size_t errlen,  in bsde_get_rule()  argument
1207 	size = sizeof(*rule);  in bsde_get_rule()
1210 	error = sysctl(name, len, rule, &size, NULL, 0);  in bsde_get_rule()
1217 	} else if (size != sizeof(*rule)) {  in bsde_get_rule()
1229 	struct mac_bsdextended_rule rule;  in bsde_delete_rule()  local
1248 	error = sysctl(name, len, NULL, NULL, &rule, 0);  in bsde_delete_rule()
1259 bsde_set_rule(int rulenum, struct mac_bsdextended_rule *rule, size_t buflen,  in bsde_set_rule()  argument
1280 	error = sysctl(name, len, NULL, NULL, rule, sizeof(*rule));  in bsde_set_rule()
1291 bsde_add_rule(int *rulenum, struct mac_bsdextended_rule *rule, size_t buflen,  in bsde_add_rule()  argument
1312 		snprintf(errstr, buflen, "unable to get rule slots: %s",  in bsde_add_rule()
1320 	error = sysctl(name, len, NULL, NULL, rule, sizeof(*rule));  in bsde_add_rule()