PERFORCE change 148365 for review
Edward Tomasz Napierala
trasz at FreeBSD.org
Mon Aug 25 09:22:09 UTC 2008
http://perforce.freebsd.org/chv.cgi?CH=148365
Change 148365 by trasz at trasz_traszkan on 2008/08/25 09:22:03
Make mac_biba, mac_lomac and mac_mls granularity-compliant.
NOTE: I have no idea if this works. I didn't test it.
Affected files ...
.. //depot/projects/soc2008/trasz_nfs4acl/sys/security/mac_biba/mac_biba.c#5 edit
.. //depot/projects/soc2008/trasz_nfs4acl/sys/security/mac_lomac/mac_lomac.c#4 edit
.. //depot/projects/soc2008/trasz_nfs4acl/sys/security/mac_mls/mac_mls.c#5 edit
Differences ...
==== //depot/projects/soc2008/trasz_nfs4acl/sys/security/mac_biba/mac_biba.c#5 (text+ko) ====
@@ -2830,11 +2830,11 @@
obj = SLOT(vplabel);
/* XXX privilege override for admin? */
- if (acc_mode & (VREAD | VEXEC | VSTAT)) {
+ if (acc_mode & (VREAD | VEXEC | VSTAT_PERMS)) {
if (!biba_dominate_effective(obj, subj))
return (EACCES);
}
- if (acc_mode & (VWRITE | VAPPEND | VADMIN)) {
+ if (acc_mode & VMODIFY_PERMS) {
if (!biba_dominate_effective(subj, obj))
return (EACCES);
}
==== //depot/projects/soc2008/trasz_nfs4acl/sys/security/mac_lomac/mac_lomac.c#4 (text+ko) ====
@@ -2378,7 +2378,7 @@
obj = SLOT(vplabel);
/* XXX privilege override for admin? */
- if (acc_mode & (VWRITE | VAPPEND | VADMIN)) {
+ if (acc_mode & VMODIFY_PERMS) {
if (!lomac_subject_dominate(subj, obj))
return (EACCES);
}
==== //depot/projects/soc2008/trasz_nfs4acl/sys/security/mac_mls/mac_mls.c#5 (text+ko) ====
@@ -2453,11 +2453,11 @@
obj = SLOT(vplabel);
/* XXX privilege override for admin? */
- if (acc_mode & (VREAD | VEXEC | VSTAT)) {
+ if (acc_mode & (VREAD | VEXEC | VSTAT_PERMS)) {
if (!mls_dominate_effective(subj, obj))
return (EACCES);
}
- if (acc_mode & (VWRITE | VAPPEND | VADMIN)) {
+ if (acc_mode & VMODIFY_PERMS) {
if (!mls_dominate_effective(obj, subj))
return (EACCES);
}
More information about the p4-projects
mailing list