PERFORCE change 43239 for review
Andrew Reisse
areisse at FreeBSD.org
Mon Dec 1 19:58:44 GMT 2003
http://perforce.freebsd.org/chv.cgi?CH=43239
Change 43239 by areisse at areisse_ibook on 2003/12/01 11:58:06
make sebsd_enabled() library call actually check.
Affected files ...
.. //depot/projects/trustedbsd/sedarwin/libsebsd/system.c#2 edit
.. //depot/projects/trustedbsd/sedarwin/sebsd_system/wslogin/wslogin.c#5 edit
Differences ...
==== //depot/projects/trustedbsd/sedarwin/libsebsd/system.c#2 (text+ko) ====
@@ -42,10 +42,19 @@
int sebsd_enabled()
{
- int error, i;
- error = sysctlbyname ("security.mac.sebsd.enforcing",
- &i, sizeof(int), NULL, 0);
- return (error != ENOENT);
+ int args[2];
+ int i;
+ size_t mibn = sizeof(int) * 64;
+ int mibs[64];
+
+ args[0] = 0;
+ args[1] = 3;
+
+ const char *name = "security.mac.sebsd.enforcing";
+ i = sysctl (args, 2, mibs, &mibn, name, strlen(name));
+ if (i < 0)
+ return 0;
+ return 1;
}
int
==== //depot/projects/trustedbsd/sedarwin/sebsd_system/wslogin/wslogin.c#5 (text+ko) ====
@@ -49,6 +49,9 @@
*/
int setuid (uid_t uid)
{
+ if (!sebsd_enabled())
+ return syscall (23, uid);
+
mac_t execlabel = NULL; /* label to transition to in exec */
openlog ("wslogin", LOG_ODELAY, LOG_AUTH);
@@ -73,7 +76,6 @@
return 0;
}
- if (sebsd_enabled())
{
char *labeltext, *queried, **contexts;
size_t ncontexts;
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list