PERFORCE change 20496 for review
Robert Watson
rwatson at freebsd.org
Thu Oct 31 22:35:00 GMT 2002
http://perforce.freebsd.org/chv.cgi?CH=20496
Change 20496 by rwatson at rwatson_tislabs on 2002/10/31 14:34:51
Clarify, and in some cases, correct privilege checks.
Affected files ...
.. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#176 edit
Differences ...
==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#176 (text+ko) ====
@@ -1877,14 +1877,16 @@
struct label *label)
{
struct mac_biba *subj, *obj;
+ int error;
if (!mac_biba_enabled)
return (0);
subj = SLOT(&cred->cr_label);
- if (!mac_biba_subject_privileged(subj))
- return (EPERM);
+ error = mac_biba_subject_privileged(subj);
+ if (error)
+ return (error);
if (label == NULL)
return (0);
@@ -1900,14 +1902,16 @@
mac_biba_check_system_settime(struct ucred *cred)
{
struct mac_biba *subj;
+ int error;
if (!mac_biba_enabled)
return (0);
subj = SLOT(&cred->cr_label);
- if (!mac_biba_subject_privileged(subj))
- return (EPERM);
+ error = mac_biba_subject_privileged(subj);
+ if (error)
+ return (error);
return (0);
}
@@ -1917,6 +1921,7 @@
struct label *label)
{
struct mac_biba *subj, *obj;
+ int error;
if (!mac_biba_enabled)
return (0);
@@ -1924,8 +1929,9 @@
subj = SLOT(&cred->cr_label);
obj = SLOT(label);
- if (!mac_biba_subject_privileged(subj))
- return (EPERM);
+ error = mac_biba_subject_privileged(subj);
+ if (error)
+ return (error);
if (!mac_biba_high_single(obj))
return (EACCES);
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list