PERFORCE change 35273 for review
Robert Watson
rwatson at FreeBSD.org
Thu Jul 31 17:48:32 GMT 2003
http://perforce.freebsd.org/chv.cgi?CH=35273
Change 35273 by rwatson at rwatson_tislabs on 2003/07/31 10:48:05
The MAC Framework does a suser check for interface relabeling
already, so simply do a Biba privilege check to determine
whether an interface relabel request is permitted.
Affected files ...
.. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#217 edit
Differences ...
==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#217 (text+ko) ====
@@ -1550,25 +1550,6 @@
if (error)
return (error);
- /*
- * If the Biba label is to be changed, authorize as appropriate.
- */
- if (new->mb_flags & MAC_BIBA_FLAGS_BOTH) {
- /*
- * Rely on the traditional superuser status for the Biba
- * interface relabel requirements. XXXMAC: This will go
- * away.
- */
- error = suser_cred(cred, 0);
- if (error)
- return (EPERM);
-
- /*
- * XXXMAC: Additional consistency tests regarding the single
- * and the range of the new label might be performed here.
- */
- }
-
return (0);
}
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list