PERFORCE change 23852 for review
Brian Feldman
green at freebsd.org
Fri Jan 17 19:44:11 GMT 2003
http://perforce.freebsd.org/chv.cgi?CH=23852
Change 23852 by green at green_laptop_2 on 2003/01/17 11:44:01
Fix a problem reported by tjr in which incorrect labels were
checked and okayed during relabel operations in LOMAC. Fill
out the partial labels with information from the current label
to make them complete, as per the comments.
Affected files ...
.. //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#50 edit
Differences ...
==== //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#50 (text+ko) ====
@@ -1649,6 +1649,14 @@
*/
if (new->ml_flags & MAC_LOMAC_FLAGS_BOTH) {
/*
+ * Fill in the missing parts from the previous label.
+ */
+ if ((new->ml_flags & MAC_LOMAC_FLAG_SINGLE) == 0)
+ mac_lomac_copy_single(subj, new);
+ else
+ mac_lomac_copy_range(subj, new);
+
+ /*
* To change the LOMAC single label on a credential, the
* new single label must be in the current range.
*/
@@ -1680,6 +1688,10 @@
* single and range of the new label might be performed
* here.
*/
+
+ /*
+ * Fill in what is not already filled in.
+ */
}
return (0);
@@ -1733,6 +1745,14 @@
*/
if (new->ml_flags & MAC_LOMAC_FLAGS_BOTH) {
/*
+ * Fill in the missing parts from the previous label.
+ */
+ if ((new->ml_flags & MAC_LOMAC_FLAG_SINGLE) == 0)
+ mac_lomac_copy_single(subj, new);
+ else
+ mac_lomac_copy_range(subj, new);
+
+ /*
* Rely on the traditional superuser status for the LOMAC
* interface relabel requirements. XXXMAC: This will go
* away.
@@ -2353,6 +2373,12 @@
}
if (new->ml_flags & MAC_LOMAC_FLAG_AUX) {
/*
+ * Fill in the missing parts from the previous label.
+ */
+ if ((new->ml_flags & MAC_LOMAC_FLAG_SINGLE) == 0)
+ mac_lomac_copy_single(subj, new);
+
+ /*
* To change the auxiliary LOMAC label on a vnode, the new
* vnode label must be in the subject range.
*/
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list