Update device-labeling logic for Biba, LOMAC, and MLS to recognize new-style

pts devices when various policy ptys_equal flags are enabled.

Submitted by:	Estella Mystagic <estella at mystagic.com>
MFC after:	1 week

3 files changed, 3 insertions, 0 deletions

diff --git a/sys/security/mac_biba/mac_biba.c b/sys/security/mac_biba/mac_biba.c
index e66e089..fcede07 100644
--- a/sys/security/mac_biba/mac_biba.c
+++ b/sys/security/mac_biba/mac_biba.c
@@ -955,6 +955,7 @@ biba_devfs_create_device(struct ucred *cred, struct mount *mp,
 		biba_type = MAC_BIBA_TYPE_EQUAL;
 	else if (ptys_equal &&
 	    (strncmp(dev->si_name, "ttyp", strlen("ttyp")) == 0 ||
+	    strncmp(dev->si_name, "pts/", strlen("pts/")) == 0 ||
 	    strncmp(dev->si_name, "ptyp", strlen("ptyp")) == 0))
 		biba_type = MAC_BIBA_TYPE_EQUAL;
 	else
diff --git a/sys/security/mac_lomac/mac_lomac.c b/sys/security/mac_lomac/mac_lomac.c
index af9539c..5cdfc67 100644
--- a/sys/security/mac_lomac/mac_lomac.c
+++ b/sys/security/mac_lomac/mac_lomac.c
@@ -1043,6 +1043,7 @@ lomac_devfs_create_device(struct ucred *cred, struct mount *mp,
 		lomac_type = MAC_LOMAC_TYPE_EQUAL;
 	else if (ptys_equal &&
 	    (strncmp(dev->si_name, "ttyp", strlen("ttyp")) == 0 ||
+	    strncmp(dev->si_name, "pts/", strlen("pts/")) == 0 ||
 	    strncmp(dev->si_name, "ptyp", strlen("ptyp")) == 0))
 		lomac_type = MAC_LOMAC_TYPE_EQUAL;
 	else
diff --git a/sys/security/mac_mls/mac_mls.c b/sys/security/mac_mls/mac_mls.c
index a0669c7..d41799d 100644
--- a/sys/security/mac_mls/mac_mls.c
+++ b/sys/security/mac_mls/mac_mls.c
@@ -918,6 +918,7 @@ mls_devfs_create_device(struct ucred *cred, struct mount *mp,
 		mls_type = MAC_MLS_TYPE_HIGH;
 	else if (ptys_equal &&
 	    (strncmp(dev->si_name, "ttyp", strlen("ttyp")) == 0 ||
+	    strncmp(dev->si_name, "pts/", strlen("pts/")) == 0 ||
 	    strncmp(dev->si_name, "ptyp", strlen("ptyp")) == 0))
 		mls_type = MAC_MLS_TYPE_EQUAL;
 	else