diff options
author | rwatson <rwatson@FreeBSD.org> | 2002-11-08 18:04:36 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2002-11-08 18:04:36 +0000 |
commit | f3748b0c0b9b7ae4a57068095ab2eb98aaea333d (patch) | |
tree | 229b6b138af158da4b65f931e1632502f1dde91f /sys/security/mac_mls | |
parent | 95c4afbed0766fa2e0e178afbc7d5beb07b7d2da (diff) | |
download | FreeBSD-src-f3748b0c0b9b7ae4a57068095ab2eb98aaea333d.zip FreeBSD-src-f3748b0c0b9b7ae4a57068095ab2eb98aaea333d.tar.gz |
Update MAC modules for changes in arguments for exec MAC policy
entry points to include an explicit execlabel.
Approved by: re
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
Diffstat (limited to 'sys/security/mac_mls')
-rw-r--r-- | sys/security/mac_mls/mac_mls.c | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/sys/security/mac_mls/mac_mls.c b/sys/security/mac_mls/mac_mls.c index 71f03c2..898630e 100644 --- a/sys/security/mac_mls/mac_mls.c +++ b/sys/security/mac_mls/mac_mls.c @@ -1862,9 +1862,23 @@ mac_mls_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, static int mac_mls_check_vnode_exec(struct ucred *cred, struct vnode *vp, - struct label *label, struct image_params *imgp) + struct label *label, struct image_params *imgp, + struct label *execlabel) { - struct mac_mls *subj, *obj; + struct mac_mls *subj, *obj, *exec; + int error; + + if (execlabel != NULL) { + /* + * We currently don't permit labels to be changed at + * exec-time as part of MLS, so disallow non-NULL + * MLS label elements in the execlabel. + */ + exec = SLOT(execlabel); + error = mls_atmostflags(exec, 0); + if (error) + return (error); + } if (!mac_mls_enabled) return (0); |