diff options
| author | rwatson <rwatson@FreeBSD.org> | 2003-03-25 01:16:10 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2003-03-25 01:16:10 +0000 |
| commit | eb718f29b549c504c2c8ffa0b019eef839347b94 (patch) | |
| tree | 81bd1a5d7c5df1e1fbf23e4ee82180be119d8cbd /sys/security | |
| parent | efec2a74f9148e0e27c5c6f6b26010325a2d9d9c (diff) | |
| download | FreeBSD-src-eb718f29b549c504c2c8ffa0b019eef839347b94.zip FreeBSD-src-eb718f29b549c504c2c8ffa0b019eef839347b94.tar.gz | |
Expand scope of the MLS policy to include a new entry point available
for enforcement:
mac_mls_check_system_swapon() - Require that the subject and the
swapfile target vnode labels dominate one another. An additional
check is probably needed here to require that the swapfile target
has a label of mls/high to prevent information leakage through
swapfiles.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
Diffstat (limited to 'sys/security')
| -rw-r--r-- | sys/security/mac_mls/mac_mls.c | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/sys/security/mac_mls/mac_mls.c b/sys/security/mac_mls/mac_mls.c index c9d8927..ed7ac61 100644 --- a/sys/security/mac_mls/mac_mls.c +++ b/sys/security/mac_mls/mac_mls.c @@ -1761,6 +1761,25 @@ mac_mls_check_socket_visible(struct ucred *cred, struct socket *socket, } static int +mac_mls_check_system_swapon(struct ucred *cred, struct vnode *vp, + struct label *label) +{ + struct mac_mls *subj, *obj; + + if (!mac_mls_enabled) + return (0); + + subj = SLOT(&cred->cr_label); + obj = SLOT(label); + + if (!mac_mls_dominate_single(obj, subj) || + !mac_mls_dominate_single(subj, obj)) + return (EACCES); + + return (0); +} + +static int mac_mls_check_vnode_chdir(struct ucred *cred, struct vnode *dvp, struct label *dlabel) { @@ -2454,6 +2473,7 @@ static struct mac_policy_ops mac_mls_ops = .mpo_check_socket_deliver = mac_mls_check_socket_deliver, .mpo_check_socket_relabel = mac_mls_check_socket_relabel, .mpo_check_socket_visible = mac_mls_check_socket_visible, + .mpo_check_system_swapon = mac_mls_check_system_swapon, .mpo_check_vnode_access = mac_mls_check_vnode_open, .mpo_check_vnode_chdir = mac_mls_check_vnode_chdir, .mpo_check_vnode_chroot = mac_mls_check_vnode_chroot, |
