PERFORCE change 20227 for review

Robert Watson rwatson at freebsd.org
Sun Oct 27 04:05:08 GMT 2002 

http://perforce.freebsd.org/chv.cgi?CH=20227

Change 20227 by rwatson at rwatson_tislabs on 2002/10/26 21:04:52

	Integ _system_ check namespace changes into lomac from biba.

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#22 integrate

Differences ...

==== //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#22 (text+ko) ====

@@ -334,6 +334,7 @@
 static int
 mac_lomac_high_single(struct mac_lomac *mac_lomac)
 {
+
 	KASSERT((mac_lomac->ml_flags & MAC_LOMAC_FLAG_SINGLE) != 0,
 	    ("mac_lomac_high_single: mac_lomac not single"));
  
@@ -1912,8 +1913,28 @@
 }
 
 static int
-mac_lomac_check_sysctl(struct ucred *cred, int *name, u_int namelen,
-    void *old, size_t *oldlenp, int inkernel, void *new, size_t newlen)
+mac_lomac_check_vnode_swapon(struct ucred *cred, struct vnode *vp,
+    struct label *label)
+{
+	struct mac_lomac *subj, *obj;
+
+	if (!mac_lomac_enabled)
+		return (0);
+
+	subj = SLOT(&cred->cr_label);
+	obj = SLOT(label);
+
+	if (!mac_lomac_subject_privileged(subj))
+		return (EPERM);
+
+	if (!mac_lomac_high_single(obj))
+		return (EACCES);
+
+	return (0);
+}
+
+static int
+mac_lomac_check_system_sysctl(struct ucred *cred, int *name, u_int namelen,
 {
 	struct mac_lomac *subj;
 
@@ -2397,27 +2418,6 @@
 }
 
 static int
-mac_lomac_check_vnode_swapon(struct ucred *cred, struct vnode *vp,
-    struct label *label)
-{
-	struct mac_lomac *subj, *obj;
-
-	if (!mac_lomac_enabled)
-		return (0);
-
-	subj = SLOT(&cred->cr_label);
-	obj = SLOT(label);
-
-	if (!mac_lomac_subject_privileged(subj))
-		return (EPERM);
-
-	if (!mac_lomac_high_single(obj))
-		return (EACCES);
-
-	return (0);
-}
-
-static int
 mac_lomac_check_vnode_write(struct ucred *active_cred,
     struct ucred *file_cred, struct vnode *vp, struct label *label)
 {
@@ -2670,9 +2670,11 @@
 	{ MAC_CHECK_SOCKET_RELABEL,
 	    (macop_t)mac_lomac_check_socket_relabel },
 	{ MAC_CHECK_SOCKET_VISIBLE,
-	    (macop_t)mac_lomac_check_socket_visible },
-	{ MAC_CHECK_SYSCTL,
-	    (macop_t)mac_lomac_check_sysctl },
+	    (macop_t)mac_loamc_check_socket_visible },
+	{ MAC_CHECK_SYSTEM_SWAPON,
+	    (macop_t)mac_lomac_check_system_swapon },
+	{ MAC_CHECK_SYSTEM_SYSCTL,
+	    (macop_t)mac_lomac_check_system_sysctl },
 	{ MAC_CHECK_VNODE_ACCESS,
 	    (macop_t)mac_lomac_check_vnode_open },
 	{ MAC_CHECK_VNODE_CREATE,
@@ -2713,8 +2715,6 @@
 	    (macop_t)mac_lomac_check_vnode_setowner },
 	{ MAC_CHECK_VNODE_SETUTIMES,
 	    (macop_t)mac_lomac_check_vnode_setutimes },
-	{ MAC_CHECK_VNODE_SWAPON,
-	    (macop_t)mac_lomac_check_vnode_swapon },
 	{ MAC_CHECK_VNODE_WRITE,
 	    (macop_t)mac_lomac_check_vnode_write },
 	{ MAC_THREAD_USERRET,
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

More information about the trustedbsd-cvs mailing list