PERFORCE change 15506 for review

Robert Watson rwatson at freebsd.org
Sun Aug 4 02:51:23 GMT 2002 

http://people.freebsd.org/~peter/p4db/chv.cgi?CH=15506

Change 15506 by rwatson at rwatson_tislabs on 2002/08/03 19:51:15

	Fix some spelling, add KASSERTs, fix some logic in the various
	relabel checks relating to EQUAL labels.  It's now possible to
	do partial label updates with Biba, relabel vnodes as an
	unprivileged user, and the ability to set equal labels is
	limited to privilege.
	
	Remove the suser() call in the vnode relabel check: as long as
	the labels match up well, we consider it OK for unprivileged
	processes to relabel.  The suser() call is still present in
	the subject relabel case, but we'd probably like to get rid of
	that once we figure out how we want to deal with the notion
	of privilege and role in MLS.

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#89 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#89 (text+ko) ====

@@ -138,7 +138,7 @@
 biba_atmostflags(struct mac_biba *mac_biba, int flags)
 {
 
-	if (((mac_biba->mb_flags & MAC_BIBA_FLAGS_BOTH) & flags) != flags)
+	if ((mac_biba->mb_flags & flags) != mac_biba->mb_flags)
 		return (EINVAL);
 	return (0);
 }
@@ -290,9 +290,13 @@
 }
 
 static int
-mac_biba_subj_equal_ok(struct mac_biba *mac_biba)
+mac_biba_subject_equal_ok(struct mac_biba *mac_biba)
 {
 
+	KASSERT((mac_biba->mb_flags & MAC_BIBA_FLAGS_BOTH ==
+	    MAC_BIBA_FLAGS_BOTH),
+	    ("mac_biba_subject_equal_ok: subject doesn't have both labels"));
+
 	/* If the single is EQUAL, it's ok */
 	if (mac_biba->mb_single.mbe_type == MAC_BIBA_TYPE_EQUAL)
 		return (0);
@@ -1242,7 +1246,7 @@
 	subj = SLOT(&cred->cr_label);
 	new = SLOT(newlabel);
 
-	error = mac_biba_atmostflags(new, MAC_BIBA_FLAGS_BOTH);
+	error = biba_atmostflags(new, MAC_BIBA_FLAGS_BOTH);
 	if (error)
 		return (error);
 
@@ -1272,8 +1276,11 @@
 	 * If the old subject label doesn't contain EQUAL, don't let the
 	 * new subject label contain EQUAL.
 	 */
-	if (mac_biba_contains_equal(new) && !mac_biba_subj_equal_ok(subj))
-		return (EPERM);
+	if (mac_biba_contains_equal(new)) {
+		error = mac_biba_subject_equal_ok(subj);
+		if (error)
+			return (error);
+	}
 
 	return (0);
 }
@@ -1306,7 +1313,7 @@
 	subj = SLOT(&cred->cr_label);
 	new = SLOT(newlabel);
 
-	error = mac_biba_atmostflags(new, MAC_BIBA_FLAGS_BOTH);
+	error = biba_atmostflags(new, MAC_BIBA_FLAGS_BOTH);
 	if (error)
 		return (error);
 
@@ -1405,7 +1412,7 @@
 	subj = SLOT(&cred->cr_label);
 	obj = SLOT(pipelabel);
 
-	error = mac_biba_atmostflags(new, MAC_BIBA_FLAG_SINGLE);
+	error = biba_atmostflags(new, MAC_BIBA_FLAG_SINGLE);
 	if (error)
 		return (error);
 
@@ -1420,7 +1427,7 @@
 	 * To relabel a pipe, the new pipe label must be in the subject
 	 * range.
 	 */
-	if (new->mb_flags & MAC_BIBA_FLAGS_SINGLE &&
+	if (new->mb_flags & MAC_BIBA_FLAG_SINGLE &&
 	    !mac_biba_single_in_range(new, subj))
 		return (EPERM);
 
@@ -1428,8 +1435,11 @@
 	 * If the subject label doesn't contain equal, don't let the new
 	 * pipe label contain equal.
 	 */
-	if (mac_biba_contains_equal(new) && !mac_biba_subj_equal_ok(subj))
-		return (EPERM);
+	if (mac_biba_contains_equal(new)) {
+		error = mac_biba_subject_equal_ok(subj);
+		if (error)
+			return (error);
+	}
 
 	return (0);
 }
@@ -1520,7 +1530,7 @@
 	subj = SLOT(&cred->cr_label);
 	obj = SLOT(socketlabel);
 
-	error = mac_biba_atmostflags(new, MAC_BIBA_FLAGS_BOTH);
+	error = biba_atmostflags(new, MAC_BIBA_FLAGS_BOTH);
 	if (error)
 		return (error);
 
@@ -1550,9 +1560,11 @@
 	 * If the subject label doesn't contain EQUAL, don't let the new
 	 * socket label contain EQUAL.
 	 */
-	if (mac_biba_contains_equal(new) && !mac_biba_subj_equal_ok(subj))
-		return (EPERM);
-
+	if (mac_biba_contains_equal(new)) {
+		error = mac_biba_subject_equal_ok(subj);
+		if (error)
+			return (error);
+	}
 	return (0);
 }
 
@@ -1819,7 +1831,7 @@
 	new = SLOT(newlabel);
 	subj = SLOT(&cred->cr_label);
 
-	error = mac_biba_atmostflags(new, MAC_BIBA_FLAGS_BOTH);
+	error = biba_atmostflags(new, MAC_BIBA_FLAGS_BOTH);
 	if (error)
 		return (error);
 
@@ -1842,10 +1854,13 @@
 	 * If the subject label doesn't contain EQUAL, don't let the new
 	 * vnode label contain EQUAL.
 	 */
-	if (mac_biba_contains_equal(new) && !mac_biba_subj_equal_ok(subj))
-		return (EPERM);
+	if (mac_biba_contains_equal(new)) {
+		error = mac_biba_subject_equal_ok(subj);
+		if (error)
+			return (error);
+	}
 
-	return (suser_cred(cred, 0));
+	return (0);
 }
 
 static int
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

More information about the trustedbsd-cvs mailing list