PERFORCE change 20121 for review

[Robert Watson]

http://perforce.freebsd.org/chv.cgi?CH=20121

Change 20121 by rwatson at rwatson_tislabs on 2002/10/25 07:57:39

	Provide mac_biba_subject_dominate_high(), a utility function
	to determine if the passed subject credential dominates a high
	object.  Use only for sysctl mib entries.

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#159 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#159 (text+ko) ====

@@ -220,6 +220,19 @@
 }
 
 static int
+mac_biba_subject_dominate_high(struct mac_biba *mac_biba)
+{
+	struct mac_biba_element *element;
+
+	KASSERT((mac_biba->mb_single->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0,
+	    ("mac_biba_single_in_range: mac_biba not single"));
+	element = &mac_biba->mb_single;
+
+	return (element->mbe_type == MAC_BIBA_TYPE_EQUAL ||
+	    element->mbe_type == MAC_BIBA_TYPE_HIGH);
+}
+
+static int
 mac_biba_range_in_range(struct mac_biba *rangea, struct mac_biba *rangeb)
 {
 
@@ -1873,14 +1886,19 @@
 	subj = SLOT(&cred->cr_label);
 
 	/*
-	 * Permit sysctl modification only if Biba-privileged; permit
-	 * read by any process.  Exempt certain management interfaces
-	 * that are used to query MIB state.  XXXMAC: This probably
-	 * requires some more review.
+	 * In general, treat sysctl variables as biba/high, but also
+	 * require privilege to change them, since they are a
+	 * communications channel between grades.  Exempt MIB
+	 * queries from this due to undocmented sysctl magic.
+	 * XXXMAC: This probably requires some more review.
 	 */
 	if (new != NULL) {
 		if (namelen > 0 && name[0] == 0)
 			return (0);
+
+		if (!mac_biba_subject_dominate_high(subj))
+			return (EACCES);
+
 		error = mac_biba_privileged(subj);
 		if (error)
 			return (error);
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message