PERFORCE change 23852 for review

Brian Feldman green at freebsd.org
Fri Jan 17 19:44:11 GMT 2003 

http://perforce.freebsd.org/chv.cgi?CH=23852

Change 23852 by green at green_laptop_2 on 2003/01/17 11:44:01

	Fix a problem reported by tjr in which incorrect labels were
	checked and okayed during relabel operations in LOMAC.  Fill
	out the partial labels with information from the current label
	to make them complete, as per the comments.

Affected files ...

.. //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#50 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#50 (text+ko) ====

@@ -1649,6 +1649,14 @@
 	 */
 	if (new->ml_flags & MAC_LOMAC_FLAGS_BOTH) {
 		/*
+		 * Fill in the missing parts from the previous label.
+		 */
+		if ((new->ml_flags & MAC_LOMAC_FLAG_SINGLE) == 0)
+			mac_lomac_copy_single(subj, new);
+		else
+			mac_lomac_copy_range(subj, new);
+			
+		/*
 		 * To change the LOMAC single label on a credential, the
 		 * new single label must be in the current range.
 		 */
@@ -1680,6 +1688,10 @@
 		 * single and range of the new label might be performed
 		 * here.
 		 */
+
+		/*
+		 * Fill in what is not already filled in.
+		 */
 	}
 
 	return (0);
@@ -1733,6 +1745,14 @@
 	 */
 	if (new->ml_flags & MAC_LOMAC_FLAGS_BOTH) {
 		/*
+		 * Fill in the missing parts from the previous label.
+		 */
+		if ((new->ml_flags & MAC_LOMAC_FLAG_SINGLE) == 0)
+			mac_lomac_copy_single(subj, new);
+		else
+			mac_lomac_copy_range(subj, new);
+
+		/*
 		 * Rely on the traditional superuser status for the LOMAC
 		 * interface relabel requirements.  XXXMAC: This will go
 		 * away.
@@ -2353,6 +2373,12 @@
 	}
 	if (new->ml_flags & MAC_LOMAC_FLAG_AUX) {
 		/*
+		 * Fill in the missing parts from the previous label.
+		 */
+		if ((new->ml_flags & MAC_LOMAC_FLAG_SINGLE) == 0)
+			mac_lomac_copy_single(subj, new);
+
+		/*
 		 * To change the auxiliary LOMAC label on a vnode, the new
 		 * vnode label must be in the subject range.
 		 */
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

More information about the trustedbsd-cvs mailing list