PERFORCE change 35282 for review

[Robert Watson]

http://perforce.freebsd.org/chv.cgi?CH=35282

Change 35282 by rwatson at rwatson_tislabs on 2003/07/31 12:58:23

	Improve consistency with the Biba policy -- rename
	mac_mls_subject_equal_ok() to mac_mls_subject_privileged(),
	which more consistently reflects the fact that this is really
	about our notion of privilege in the MLS policy.
	
	Since we don't use suser() for privilege in MLS, remove
	the suser check from the ifnet relabel ioctl, and replace it
	with an MLS privilege check.

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#175 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/security/mac_mls/mac_mls.c#175 (text+ko) ====

@@ -286,11 +286,12 @@
 }
 
 static int
-mac_mls_subject_equal_ok(struct mac_mls *mac_mls)
+mac_mls_subject_privileged(struct mac_mls *mac_mls)
 {
 
-	KASSERT((mac_mls->mm_flags & MAC_MLS_FLAGS_BOTH) == MAC_MLS_FLAGS_BOTH,
-	    ("mac_mls_subject_equal_ok: subject doesn't have both labels"));
+	KASSERT((mac_mls->mm_flags & MAC_MLS_FLAGS_BOTH) ==
+	    MAC_MLS_FLAGS_BOTH,
+	    ("mac_mls_subject_privileged: subject doesn't have both labels"));
 
 	/* If the single is EQUAL, it's ok. */
 	if (mac_mls->mm_single.mme_type == MAC_MLS_TYPE_EQUAL)
@@ -1434,7 +1435,7 @@
 		 * their label.
 		 */
 		if (mac_mls_contains_equal(new)) {
-			error = mac_mls_subject_equal_ok(subj);
+			error = mac_mls_subject_privileged(subj);
 			if (error)
 				return (error);
 		}
@@ -1480,23 +1481,9 @@
 		return (error);
 
 	/*
-	 * If the MLS label is to be changed, authorize as appropriate.
+	 * Relabeling network interfaces requires MLS privilege.
 	 */
-	if (new->mm_flags & MAC_MLS_FLAGS_BOTH) {
-		/*
-		 * Rely on traditional superuser status for the MLS
-		 * interface relabel requirements.  XXX: This will go
-		 * away.
-		 */
-		error = suser_cred(cred, 0);
-		if (error)
-			return (EPERM);
-
-		/*
-		 * XXXMAC: Additional consistency tests regarding the single
-		 * and the range of the new label might be performed here.
-		 */
-	}
+	error = mac_mls_subject_privileged(subj);
 
 	return (0);
 }
@@ -1625,7 +1612,7 @@
 		 * subject must have appropriate privilege.
 		 */
 		if (mac_mls_contains_equal(new)) {
-			error = mac_mls_subject_equal_ok(subj);
+			error = mac_mls_subject_privileged(subj);
 			if (error)
 				return (error);
 		}
@@ -1787,7 +1774,7 @@
 		 * the subject must have appropriate privilege.
 		 */
 		if (mac_mls_contains_equal(new)) {
-			error = mac_mls_subject_equal_ok(subj);
+			error = mac_mls_subject_privileged(subj);
 			if (error)
 				return (error);
 		}
@@ -2242,7 +2229,7 @@
 		 * the subject must have appropriate privilege.
 		 */
 		if (mac_mls_contains_equal(new)) {
-			error = mac_mls_subject_equal_ok(subj);
+			error = mac_mls_subject_privileged(subj);
 			if (error)
 				return (error);
 		}