PERFORCE change 104078 for review
Todd Miller
millert at FreeBSD.org
Tue Aug 15 18:04:56 UTC 2006
http://perforce.freebsd.org/chv.cgi?CH=104078
Change 104078 by millert at millert_macbook on 2006/08/15 18:01:55
If the message number is bad, only return failure if we are in
enforcing mode. Fix some whitespace here too.
Affected files ...
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/ss/mach_av.c#2 edit
Differences ...
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/sedarwin/ss/mach_av.c#2 (text+ko) ====
@@ -129,8 +129,8 @@
sebsd_check_ipc_method1(int subj, int obj, int msgid)
{
struct msgid_classinfo *mcl;
- u32 perms;
- int cl;
+ u32 perms;
+ int cl;
/*
* Return allowed for messages in an unknown subsystem.
@@ -142,10 +142,14 @@
return 0;
cl = (msgid - mcl->baseid) / (8 * sizeof(u32));
- if (cl >= mcl->nclasses)
- return (1); /* bad message, access denied */
+ if (cl >= mcl->nclasses) {
+ /* bad message */
+ if (selinux_enforcing)
+ return (EACCES);
+ else
+ return (0);
+ }
- perms = (u32)1 <<
- (msgid - mcl->baseid - (cl * 8 * sizeof(u32)));
+ perms = (u32)1 << (msgid - mcl->baseid - (cl * 8 * sizeof(u32)));
return avc_has_perm(subj, obj, mcl->classes[cl], perms, NULL);
}
More information about the trustedbsd-cvs
mailing list