PERFORCE change 17904 for review

Robert Watson rwatson at freebsd.org
Sun Sep 22 03:26:44 GMT 2002 

http://people.freebsd.org/~peter/p4db/chv.cgi?CH=17904

Change 17904 by rwatson at rwatson_tislabs on 2002/09/21 20:25:44

	Modify Biba and MLS to recognize the reality that
	mpo_create_mbuf_from_mbuf() may have a source mbuf that is
	initialized but not created.  Modify nfs_socket.c to not
	explicitly perform the label copy since it will be performed
	later.

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/nfsclient/nfs_socket.c#14 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#108 edit
.. //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#89 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/nfsclient/nfs_socket.c#14 (text+ko) ====

@@ -889,10 +889,6 @@
 	m = nfsm_rpchead(cred, nmp->nm_flag, procnum, auth_type, auth_len,
 	     mrest, mrest_len, &mheadend, &xid);
 
-#ifdef MAC
-	mac_create_mbuf_from_socket(nmp->nm_so, m);
-#endif
-
 	/*
 	 * For stream protocols, insert a Sun RPC Record Mark.
 	 */

==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#108 (text+ko) ====

@@ -925,7 +925,15 @@
 	source = SLOT(oldmbuflabel);
 	dest = SLOT(newmbuflabel);
 
-	mac_biba_copy_single(source, dest);
+	/*
+	 * Because the source mbuf may not yet have been "created",
+	 * just initialized, we do a conditional copy.  Since we don't
+	 * allow mbufs to have ranges, do a KASSERT to make sure that
+	 * doesn't happen.
+	 */
+	KASSERT((source->mb_flags & MAC_BIBA_FLAG_RANGE) != 0,
+	    ("mac_biba_create_mbuf_from_mbuf: source mbuf has range"));
+	mac_biba_copy(source, dest);
 }
 
 static void

==== //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#89 (text+ko) ====

@@ -879,7 +879,15 @@
 	source = SLOT(oldmbuflabel);
 	dest = SLOT(newmbuflabel);
 
-	mac_mls_copy_single(source, dest);
+	/*
+	 * Because the source mbuf may not yet have been "created",
+	 * just initialized, we do a conditional copy.  Since we don't
+	 * allow mbufs to have ranges, do a KASSERT to make sure that
+	 * doesn't happen.
+	 */
+	KASSERT((source->mm_flags & MAC_MLS_FLAG_RANGE) != 0,
+	    ("mac_mls_create_mbuf_from_mbuf: source mbuf has range"));
+	mac_mls_copy(source, dest);
 }
 
 static void
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

More information about the trustedbsd-cvs mailing list