PERFORCE change 21043 for review
Brian Feldman
green at freebsd.org
Wed Nov 13 19:30:26 GMT 2002
http://perforce.freebsd.org/chv.cgi?CH=21043
Change 21043 by green at green_laptop_2 on 2002/11/13 11:29:41
Revise the new LOMAC's interpretation of the subject label. The
components are thus:
single(low-high)
single: The effective level defines what the level
of created files shall be, and what the
lowest-integrity object that may be read
without demotion shall be.
low: The low range level determines the lower bound
that the effective level may become.
high: The high range level determines what protections
are enforced regarding modification of objects
by the subject. Additionally, it is also the
upper bound of the effective level.
Affected files ...
.. //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#38 edit
Differences ...
==== //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#38 (text+ko) ====
@@ -203,8 +203,6 @@
default:
panic("mac_lomac_dominate_element: a->mle_type invalid");
}
-
- return (0);
}
static int
@@ -230,8 +228,6 @@
&single->ml_single) &&
mac_lomac_dominate_element(&single->ml_single,
&range->ml_rangelow));
-
- return (1);
}
static int
@@ -263,6 +259,19 @@
}
static int
+mac_lomac_subject_dominate(struct mac_lomac *a, struct mac_lomac *b)
+{
+ KASSERT((~a->ml_flags &
+ (MAC_LOMAC_FLAG_SINGLE | MAC_LOMAC_FLAG_RANGE)) == 0,
+ ("mac_lomac_dominate_single: a not subject"));
+ KASSERT((b->ml_flags & MAC_LOMAC_FLAG_SINGLE) != 0,
+ ("mac_lomac_dominate_single: b not single"));
+
+ return (mac_lomac_dominate_element(&a->ml_rangehigh,
+ &b->ml_single));
+}
+
+static int
mac_lomac_equal_element(struct mac_lomac_element *a, struct mac_lomac_element *b)
{
@@ -1838,7 +1847,7 @@
subj = SLOT(&cred->cr_label);
obj = SLOT((pipelabel));
- if (!mac_lomac_dominate_single(subj, obj))
+ if (!mac_lomac_subject_dominate(subj, obj))
return (EACCES);
return (0);
@@ -1858,7 +1867,7 @@
/* XXX: range checks */
if (!mac_lomac_dominate_single(obj, subj))
return (ESRCH);
- if (!mac_lomac_dominate_single(subj, obj))
+ if (!mac_lomac_subject_dominate(subj, obj))
return (EACCES);
return (0);
@@ -1878,7 +1887,7 @@
/* XXX: range checks */
if (!mac_lomac_dominate_single(obj, subj))
return (ESRCH);
- if (!mac_lomac_dominate_single(subj, obj))
+ if (!mac_lomac_subject_dominate(subj, obj))
return (EACCES);
return (0);
@@ -1898,7 +1907,7 @@
/* XXX: range checks */
if (!mac_lomac_dominate_single(obj, subj))
return (ESRCH);
- if (!mac_lomac_dominate_single(subj, obj))
+ if (!mac_lomac_subject_dominate(subj, obj))
return (EACCES);
return (0);
@@ -2055,7 +2064,7 @@
subj = SLOT(&cred->cr_label);
obj = SLOT(dlabel);
- if (!mac_lomac_dominate_single(subj, obj))
+ if (!mac_lomac_subject_dominate(subj, obj))
return (EACCES);
if (obj->ml_flags & MAC_LOMAC_FLAG_AUX &&
!mac_lomac_dominate_element(&subj->ml_single, &obj->ml_auxsingle))
@@ -2077,12 +2086,12 @@
subj = SLOT(&cred->cr_label);
obj = SLOT(dlabel);
- if (!mac_lomac_dominate_single(subj, obj))
+ if (!mac_lomac_subject_dominate(subj, obj))
return (EACCES);
obj = SLOT(label);
- if (!mac_lomac_dominate_single(subj, obj))
+ if (!mac_lomac_subject_dominate(subj, obj))
return (EACCES);
return (0);
@@ -2100,7 +2109,7 @@
subj = SLOT(&cred->cr_label);
obj = SLOT(label);
- if (!mac_lomac_dominate_single(subj, obj))
+ if (!mac_lomac_subject_dominate(subj, obj))
return (EACCES);
return (0);
@@ -2119,12 +2128,12 @@
subj = SLOT(&cred->cr_label);
obj = SLOT(dlabel);
- if (!mac_lomac_dominate_single(subj, obj))
+ if (!mac_lomac_subject_dominate(subj, obj))
return (EACCES);
obj = SLOT(label);
- if (!mac_lomac_dominate_single(subj, obj))
+ if (!mac_lomac_subject_dominate(subj, obj))
return (EACCES);
return (0);
@@ -2147,7 +2156,7 @@
obj = SLOT(label);
if (prot & VM_PROT_WRITE) {
- if (!mac_lomac_dominate_single(subj, obj))
+ if (!mac_lomac_subject_dominate(subj, obj))
return (EACCES);
}
if (prot & (VM_PROT_READ | VM_PROT_EXECUTE)) {
@@ -2175,7 +2184,7 @@
obj = SLOT(label);
if (prot & VM_PROT_WRITE) {
- if (!mac_lomac_dominate_single(subj, obj))
+ if (!mac_lomac_subject_dominate(subj, obj))
return (EACCES);
}
if (prot & (VM_PROT_READ | VM_PROT_EXECUTE)) {
@@ -2202,7 +2211,7 @@
subj = SLOT(&cred->cr_label);
obj = SLOT(label);
- if (!mac_lomac_dominate_single(subj, obj))
+ if (!mac_lomac_subject_dominate(subj, obj))
*prot &= ~VM_PROT_WRITE;
}
@@ -2220,7 +2229,7 @@
/* XXX privilege override for admin? */
if (acc_mode & (VWRITE | VAPPEND | VADMIN)) {
- if (!mac_lomac_dominate_single(subj, obj))
+ if (!mac_lomac_subject_dominate(subj, obj))
return (EACCES);
}
@@ -2328,12 +2337,12 @@
subj = SLOT(&cred->cr_label);
obj = SLOT(dlabel);
- if (!mac_lomac_dominate_single(subj, obj))
+ if (!mac_lomac_subject_dominate(subj, obj))
return (EACCES);
obj = SLOT(label);
- if (!mac_lomac_dominate_single(subj, obj))
+ if (!mac_lomac_subject_dominate(subj, obj))
return (EACCES);
return (0);
@@ -2352,13 +2361,13 @@
subj = SLOT(&cred->cr_label);
obj = SLOT(dlabel);
- if (!mac_lomac_dominate_single(subj, obj))
+ if (!mac_lomac_subject_dominate(subj, obj))
return (EACCES);
if (vp != NULL) {
obj = SLOT(label);
- if (!mac_lomac_dominate_single(subj, obj))
+ if (!mac_lomac_subject_dominate(subj, obj))
return (EACCES);
}
@@ -2377,7 +2386,7 @@
subj = SLOT(&cred->cr_label);
obj = SLOT(label);
- if (!mac_lomac_dominate_single(subj, obj))
+ if (!mac_lomac_subject_dominate(subj, obj))
return (EACCES);
return (0);
@@ -2395,7 +2404,7 @@
subj = SLOT(&cred->cr_label);
obj = SLOT(label);
- if (!mac_lomac_dominate_single(subj, obj))
+ if (!mac_lomac_subject_dominate(subj, obj))
return (EACCES);
return (0);
@@ -2414,7 +2423,7 @@
subj = SLOT(&cred->cr_label);
obj = SLOT(vnodelabel);
- if (!mac_lomac_dominate_single(subj, obj))
+ if (!mac_lomac_subject_dominate(subj, obj))
return (EACCES);
/* XXX: protect the MAC EA in a special way? */
@@ -2434,7 +2443,7 @@
subj = SLOT(&cred->cr_label);
obj = SLOT(vnodelabel);
- if (!mac_lomac_dominate_single(subj, obj))
+ if (!mac_lomac_subject_dominate(subj, obj))
return (EACCES);
return (0);
@@ -2452,7 +2461,7 @@
subj = SLOT(&cred->cr_label);
obj = SLOT(vnodelabel);
- if (!mac_lomac_dominate_single(subj, obj))
+ if (!mac_lomac_subject_dominate(subj, obj))
return (EACCES);
return (0);
@@ -2470,7 +2479,7 @@
subj = SLOT(&cred->cr_label);
obj = SLOT(vnodelabel);
- if (!mac_lomac_dominate_single(subj, obj))
+ if (!mac_lomac_subject_dominate(subj, obj))
return (EACCES);
return (0);
@@ -2488,7 +2497,7 @@
subj = SLOT(&cred->cr_label);
obj = SLOT(vnodelabel);
- if (!mac_lomac_dominate_single(subj, obj))
+ if (!mac_lomac_subject_dominate(subj, obj))
return (EACCES);
return (0);
@@ -2506,7 +2515,7 @@
subj = SLOT(&active_cred->cr_label);
obj = SLOT(label);
- if (!mac_lomac_dominate_single(subj, obj))
+ if (!mac_lomac_subject_dominate(subj, obj))
return (EACCES);
return (0);
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list