PERFORCE change 32034 for review
Robert Watson
rwatson at FreeBSD.org
Thu May 29 19:57:07 GMT 2003
http://perforce.freebsd.org/chv.cgi?CH=32034
Change 32034 by rwatson at rwatson_tislabs on 2003/05/29 12:56:54
At some point, the mac_biba compartment subset logic seems
to have become inverted; return to logic wherein the Biba
dominate logic for a>=b uses:
a.grade >= b.grade
a.compartment (superset) b.compartment
This brings the _mac branch back into sync with the main
FreeBSD tree; I couldn't find a description for the reason
for this change, but if I missed it, please let me know.
Affected files ...
.. //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#207 edit
Differences ...
==== //depot/projects/trustedbsd/mac/sys/security/mac_biba/mac_biba.c#207 (text+ko) ====
@@ -200,9 +200,9 @@
case MAC_BIBA_TYPE_GRADE:
for (bit = 1; bit <= MAC_BIBA_MAX_COMPARTMENTS; bit++)
- if (MAC_BIBA_BIT_TEST(bit,
+ if (!MAC_BIBA_BIT_TEST(bit,
a->mbe_compartments) &&
- !MAC_BIBA_BIT_TEST(bit,
+ MAC_BIBA_BIT_TEST(bit,
b->mbe_compartments))
return (0);
return (a->mbe_grade >= b->mbe_grade);
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list