PERFORCE change 19932 for review
Brian Feldman
green at freebsd.org
Tue Oct 22 21:12:14 GMT 2002
http://perforce.freebsd.org/chv.cgi?CH=19932
Change 19932 by green at green_laptop_2 on 2002/10/22 14:11:53
* Improve commenting.
* Allow a process to relabel itself as long as it maintains the
same SEBSD label.
Affected files ...
.. //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#49 edit
Differences ...
==== //depot/projects/trustedbsd/mac/sys/security/sebsd/sebsd.c#49 (text+ko) ====
@@ -232,11 +232,20 @@
return;
}
+/*
+ * SEBSD does not support the relabeling of processes without
+ * transitioning.
+ */
static int
sebsd_check_cred_relabel(struct ucred *cred, struct label *newlabel)
{
- printf("sebsd_check_cred_relabel:: This does nothing\n");
- return EPERM;
+ struct task_security_struct *nsec, *tsec;
+
+ nsec = SLOT(newlabel);
+ tsec = SLOT(&cred->cr_label);
+ if (nsec != NULL && nsec->sid != tsec->sid)
+ return EPERM;
+ return 0;
}
static void
@@ -898,7 +907,7 @@
if (rc)
return (rc);
if (old_file->sclass == 0) {
- printf("vnode_relabel_from:: ERROR, sid=%d, sclass=0, "
+ printf("vnode_rename_from:: ERROR, sid=%d, sclass=0, "
"v_type=%d\n", old_file->sid, vp->v_type);
return 0; /* TBD: debugging */
}
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list