diff options
| author | rwatson <rwatson@FreeBSD.org> | 2003-07-31 20:00:06 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2003-07-31 20:00:06 +0000 |
| commit | 62ffcdda2dd60be1e07baa548e93e4dca20c9fcd (patch) | |
| tree | 5d62e4e2bade5d489ecd7bd4137f17e163eea8ae /sys/security/mac_mls | |
| parent | 1e4b5b112b3030bd2d3b6d62dc4613f00959fc01 (diff) | |
| download | FreeBSD-src-62ffcdda2dd60be1e07baa548e93e4dca20c9fcd.zip FreeBSD-src-62ffcdda2dd60be1e07baa548e93e4dca20c9fcd.tar.gz | |
Improve consistency with the Biba policy -- rename
mac_mls_subject_equal_ok() to mac_mls_subject_privileged(),
which more consistently reflects the fact that this is really
about our notion of privilege in the MLS policy.
Since we don't use suser() for privilege in MLS, remove
the suser check from the ifnet relabel ioctl, and replace it
with an MLS privilege check.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
Diffstat (limited to 'sys/security/mac_mls')
| -rw-r--r-- | sys/security/mac_mls/mac_mls.c | 33 |
1 files changed, 10 insertions, 23 deletions
diff --git a/sys/security/mac_mls/mac_mls.c b/sys/security/mac_mls/mac_mls.c index b5e321b..008a0da 100644 --- a/sys/security/mac_mls/mac_mls.c +++ b/sys/security/mac_mls/mac_mls.c @@ -286,11 +286,12 @@ mac_mls_contains_equal(struct mac_mls *mac_mls) } static int -mac_mls_subject_equal_ok(struct mac_mls *mac_mls) +mac_mls_subject_privileged(struct mac_mls *mac_mls) { - KASSERT((mac_mls->mm_flags & MAC_MLS_FLAGS_BOTH) == MAC_MLS_FLAGS_BOTH, - ("mac_mls_subject_equal_ok: subject doesn't have both labels")); + KASSERT((mac_mls->mm_flags & MAC_MLS_FLAGS_BOTH) == + MAC_MLS_FLAGS_BOTH, + ("mac_mls_subject_privileged: subject doesn't have both labels")); /* If the single is EQUAL, it's ok. */ if (mac_mls->mm_single.mme_type == MAC_MLS_TYPE_EQUAL) @@ -1357,7 +1358,7 @@ mac_mls_check_cred_relabel(struct ucred *cred, struct label *newlabel) * their label. */ if (mac_mls_contains_equal(new)) { - error = mac_mls_subject_equal_ok(subj); + error = mac_mls_subject_privileged(subj); if (error) return (error); } @@ -1403,23 +1404,9 @@ mac_mls_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifnet, return (error); /* - * If the MLS label is to be changed, authorize as appropriate. + * Relabeling network interfaces requires MLS privilege. */ - if (new->mm_flags & MAC_MLS_FLAGS_BOTH) { - /* - * Rely on traditional superuser status for the MLS - * interface relabel requirements. XXX: This will go - * away. - */ - error = suser_cred(cred, 0); - if (error) - return (EPERM); - - /* - * XXXMAC: Additional consistency tests regarding the single - * and the range of the new label might be performed here. - */ - } + error = mac_mls_subject_privileged(subj); return (0); } @@ -1548,7 +1535,7 @@ mac_mls_check_pipe_relabel(struct ucred *cred, struct pipe *pipe, * subject must have appropriate privilege. */ if (mac_mls_contains_equal(new)) { - error = mac_mls_subject_equal_ok(subj); + error = mac_mls_subject_privileged(subj); if (error) return (error); } @@ -1710,7 +1697,7 @@ mac_mls_check_socket_relabel(struct ucred *cred, struct socket *socket, * the subject must have appropriate privilege. */ if (mac_mls_contains_equal(new)) { - error = mac_mls_subject_equal_ok(subj); + error = mac_mls_subject_privileged(subj); if (error) return (error); } @@ -2128,7 +2115,7 @@ mac_mls_check_vnode_relabel(struct ucred *cred, struct vnode *vp, * the subject must have appropriate privilege. */ if (mac_mls_contains_equal(new)) { - error = mac_mls_subject_equal_ok(subj); + error = mac_mls_subject_privileged(subj); if (error) return (error); } |
