diff options
author | rwatson <rwatson@FreeBSD.org> | 2004-07-16 02:03:50 +0000 |
---|---|---|
committer | rwatson <rwatson@FreeBSD.org> | 2004-07-16 02:03:50 +0000 |
commit | b41025be8570ffc2fbe6652dd68119c847133da6 (patch) | |
tree | 00b177905ca23c5cdf8464ae7b4d8e671fdc26f0 /sys/security | |
parent | 4bc282eb72bf227a5706f710b20fed6d5dbabe98 (diff) | |
download | FreeBSD-src-b41025be8570ffc2fbe6652dd68119c847133da6.zip FreeBSD-src-b41025be8570ffc2fbe6652dd68119c847133da6.tar.gz |
Rename Biba and MLS _single label elements to _effective, which more
accurately represents the intention of the 'single' label element in
Biba and MLS labels. It also approximates the use of 'effective' in
traditional UNIX credentials, and avoids confusion with 'singlelabel'
in the context of file systems.
Inspired by: trhodes
Diffstat (limited to 'sys/security')
-rw-r--r-- | sys/security/mac_biba/mac_biba.c | 350 | ||||
-rw-r--r-- | sys/security/mac_biba/mac_biba.h | 10 | ||||
-rw-r--r-- | sys/security/mac_mls/mac_mls.c | 336 | ||||
-rw-r--r-- | sys/security/mac_mls/mac_mls.h | 10 |
4 files changed, 353 insertions, 353 deletions
diff --git a/sys/security/mac_biba/mac_biba.c b/sys/security/mac_biba/mac_biba.c index 34c30fa..f8a7321 100644 --- a/sys/security/mac_biba/mac_biba.c +++ b/sys/security/mac_biba/mac_biba.c @@ -1,6 +1,6 @@ /*- * Copyright (c) 1999-2002 Robert N. M. Watson - * Copyright (c) 2001-2003 Networks Associates Technology, Inc. + * Copyright (c) 2001-2004 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed by Robert Watson for the TrustedBSD Project. @@ -221,9 +221,9 @@ mac_biba_subject_dominate_high(struct mac_biba *mac_biba) { struct mac_biba_element *element; - KASSERT((mac_biba->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0, - ("mac_biba_single_in_range: mac_biba not single")); - element = &mac_biba->mb_single; + KASSERT((mac_biba->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) != 0, + ("mac_biba_effective_in_range: mac_biba not effective")); + element = &mac_biba->mb_effective; return (element->mbe_type == MAC_BIBA_TYPE_EQUAL || element->mbe_type == MAC_BIBA_TYPE_HIGH); @@ -240,31 +240,31 @@ mac_biba_range_in_range(struct mac_biba *rangea, struct mac_biba *rangeb) } static int -mac_biba_single_in_range(struct mac_biba *single, struct mac_biba *range) +mac_biba_effective_in_range(struct mac_biba *effective, struct mac_biba *range) { - KASSERT((single->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0, - ("mac_biba_single_in_range: a not single")); + KASSERT((effective->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) != 0, + ("mac_biba_effective_in_range: a not effective")); KASSERT((range->mb_flags & MAC_BIBA_FLAG_RANGE) != 0, - ("mac_biba_single_in_range: b not range")); + ("mac_biba_effective_in_range: b not range")); return (mac_biba_dominate_element(&range->mb_rangehigh, - &single->mb_single) && - mac_biba_dominate_element(&single->mb_single, + &effective->mb_effective) && + mac_biba_dominate_element(&effective->mb_effective, &range->mb_rangelow)); return (1); } static int -mac_biba_dominate_single(struct mac_biba *a, struct mac_biba *b) +mac_biba_dominate_effective(struct mac_biba *a, struct mac_biba *b) { - KASSERT((a->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0, - ("mac_biba_dominate_single: a not single")); - KASSERT((b->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0, - ("mac_biba_dominate_single: b not single")); + KASSERT((a->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) != 0, + ("mac_biba_dominate_effective: a not effective")); + KASSERT((b->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) != 0, + ("mac_biba_dominate_effective: b not effective")); - return (mac_biba_dominate_element(&a->mb_single, &b->mb_single)); + return (mac_biba_dominate_element(&a->mb_effective, &b->mb_effective)); } static int @@ -279,23 +279,23 @@ mac_biba_equal_element(struct mac_biba_element *a, struct mac_biba_element *b) } static int -mac_biba_equal_single(struct mac_biba *a, struct mac_biba *b) +mac_biba_equal_effective(struct mac_biba *a, struct mac_biba *b) { - KASSERT((a->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0, - ("mac_biba_equal_single: a not single")); - KASSERT((b->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0, - ("mac_biba_equal_single: b not single")); + KASSERT((a->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) != 0, + ("mac_biba_equal_effective: a not effective")); + KASSERT((b->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) != 0, + ("mac_biba_equal_effective: b not effective")); - return (mac_biba_equal_element(&a->mb_single, &b->mb_single)); + return (mac_biba_equal_element(&a->mb_effective, &b->mb_effective)); } static int mac_biba_contains_equal(struct mac_biba *mac_biba) { - if (mac_biba->mb_flags & MAC_BIBA_FLAG_SINGLE) - if (mac_biba->mb_single.mbe_type == MAC_BIBA_TYPE_EQUAL) + if (mac_biba->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) + if (mac_biba->mb_effective.mbe_type == MAC_BIBA_TYPE_EQUAL) return (1); if (mac_biba->mb_flags & MAC_BIBA_FLAG_RANGE) { @@ -316,8 +316,8 @@ mac_biba_subject_privileged(struct mac_biba *mac_biba) MAC_BIBA_FLAGS_BOTH, ("mac_biba_subject_privileged: subject doesn't have both labels")); - /* If the single is EQUAL, it's ok. */ - if (mac_biba->mb_single.mbe_type == MAC_BIBA_TYPE_EQUAL) + /* If the effective is EQUAL, it's ok. */ + if (mac_biba->mb_effective.mbe_type == MAC_BIBA_TYPE_EQUAL) return (0); /* If either range endpoint is EQUAL, it's ok. */ @@ -335,30 +335,30 @@ mac_biba_subject_privileged(struct mac_biba *mac_biba) } static int -mac_biba_high_single(struct mac_biba *mac_biba) +mac_biba_high_effective(struct mac_biba *mac_biba) { - KASSERT((mac_biba->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0, - ("mac_biba_equal_single: mac_biba not single")); + KASSERT((mac_biba->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) != 0, + ("mac_biba_equal_effective: mac_biba not effective")); - return (mac_biba->mb_single.mbe_type == MAC_BIBA_TYPE_HIGH); + return (mac_biba->mb_effective.mbe_type == MAC_BIBA_TYPE_HIGH); } static int mac_biba_valid(struct mac_biba *mac_biba) { - if (mac_biba->mb_flags & MAC_BIBA_FLAG_SINGLE) { - switch (mac_biba->mb_single.mbe_type) { + if (mac_biba->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) { + switch (mac_biba->mb_effective.mbe_type) { case MAC_BIBA_TYPE_GRADE: break; case MAC_BIBA_TYPE_EQUAL: case MAC_BIBA_TYPE_HIGH: case MAC_BIBA_TYPE_LOW: - if (mac_biba->mb_single.mbe_grade != 0 || + if (mac_biba->mb_effective.mbe_grade != 0 || !MAC_BIBA_BIT_SET_EMPTY( - mac_biba->mb_single.mbe_compartments)) + mac_biba->mb_effective.mbe_compartments)) return (EINVAL); break; @@ -366,7 +366,7 @@ mac_biba_valid(struct mac_biba *mac_biba) return (EINVAL); } } else { - if (mac_biba->mb_single.mbe_type != MAC_BIBA_TYPE_UNDEF) + if (mac_biba->mb_effective.mbe_type != MAC_BIBA_TYPE_UNDEF) return (EINVAL); } @@ -438,16 +438,16 @@ mac_biba_set_range(struct mac_biba *mac_biba, u_short typelow, } static void -mac_biba_set_single(struct mac_biba *mac_biba, u_short type, u_short grade, +mac_biba_set_effective(struct mac_biba *mac_biba, u_short type, u_short grade, u_char *compartments) { - mac_biba->mb_single.mbe_type = type; - mac_biba->mb_single.mbe_grade = grade; + mac_biba->mb_effective.mbe_type = type; + mac_biba->mb_effective.mbe_grade = grade; if (compartments != NULL) - memcpy(mac_biba->mb_single.mbe_compartments, compartments, - sizeof(mac_biba->mb_single.mbe_compartments)); - mac_biba->mb_flags |= MAC_BIBA_FLAG_SINGLE; + memcpy(mac_biba->mb_effective.mbe_compartments, compartments, + sizeof(mac_biba->mb_effective.mbe_compartments)); + mac_biba->mb_flags |= MAC_BIBA_FLAG_EFFECTIVE; } static void @@ -463,22 +463,22 @@ mac_biba_copy_range(struct mac_biba *labelfrom, struct mac_biba *labelto) } static void -mac_biba_copy_single(struct mac_biba *labelfrom, struct mac_biba *labelto) +mac_biba_copy_effective(struct mac_biba *labelfrom, struct mac_biba *labelto) { - KASSERT((labelfrom->mb_flags & MAC_BIBA_FLAG_SINGLE) != 0, - ("mac_biba_copy_single: labelfrom not single")); + KASSERT((labelfrom->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) != 0, + ("mac_biba_copy_effective: labelfrom not effective")); - labelto->mb_single = labelfrom->mb_single; - labelto->mb_flags |= MAC_BIBA_FLAG_SINGLE; + labelto->mb_effective = labelfrom->mb_effective; + labelto->mb_flags |= MAC_BIBA_FLAG_EFFECTIVE; } static void mac_biba_copy(struct mac_biba *source, struct mac_biba *dest) { - if (source->mb_flags & MAC_BIBA_FLAG_SINGLE) - mac_biba_copy_single(source, dest); + if (source->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) + mac_biba_copy_effective(source, dest); if (source->mb_flags & MAC_BIBA_FLAG_RANGE) mac_biba_copy_range(source, dest); } @@ -581,8 +581,8 @@ static int mac_biba_to_string(struct sbuf *sb, struct mac_biba *mac_biba) { - if (mac_biba->mb_flags & MAC_BIBA_FLAG_SINGLE) { - if (mac_biba_element_to_string(sb, &mac_biba->mb_single) + if (mac_biba->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) { + if (mac_biba_element_to_string(sb, &mac_biba->mb_effective) == -1) return (EINVAL); } @@ -686,12 +686,12 @@ mac_biba_parse_element(struct mac_biba_element *element, char *string) static int mac_biba_parse(struct mac_biba *mac_biba, char *string) { - char *rangehigh, *rangelow, *single; + char *rangehigh, *rangelow, *effective; int error; - single = strsep(&string, "("); - if (*single == '\0') - single = NULL; + effective = strsep(&string, "("); + if (*effective == '\0') + effective = NULL; if (string != NULL) { rangelow = strsep(&string, "-"); @@ -712,11 +712,11 @@ mac_biba_parse(struct mac_biba *mac_biba, char *string) ("mac_biba_parse: range mismatch")); bzero(mac_biba, sizeof(*mac_biba)); - if (single != NULL) { - error = mac_biba_parse_element(&mac_biba->mb_single, single); + if (effective != NULL) { + error = mac_biba_parse_element(&mac_biba->mb_effective, effective); if (error) return (error); - mac_biba->mb_flags |= MAC_BIBA_FLAG_SINGLE; + mac_biba->mb_flags |= MAC_BIBA_FLAG_EFFECTIVE; } if (rangelow != NULL) { @@ -790,7 +790,7 @@ mac_biba_create_devfs_device(struct mount *mp, struct cdev *dev, biba_type = MAC_BIBA_TYPE_EQUAL; else biba_type = MAC_BIBA_TYPE_HIGH; - mac_biba_set_single(mac_biba, biba_type, 0, NULL); + mac_biba_set_effective(mac_biba, biba_type, 0, NULL); } static void @@ -800,7 +800,7 @@ mac_biba_create_devfs_directory(struct mount *mp, char *dirname, struct mac_biba *mac_biba; mac_biba = SLOT(label); - mac_biba_set_single(mac_biba, MAC_BIBA_TYPE_HIGH, 0, NULL); + mac_biba_set_effective(mac_biba, MAC_BIBA_TYPE_HIGH, 0, NULL); } static void @@ -813,7 +813,7 @@ mac_biba_create_devfs_symlink(struct ucred *cred, struct mount *mp, source = SLOT(cred->cr_label); dest = SLOT(delabel); - mac_biba_copy_single(source, dest); + mac_biba_copy_effective(source, dest); } static void @@ -824,9 +824,9 @@ mac_biba_create_mount(struct ucred *cred, struct mount *mp, source = SLOT(cred->cr_label); dest = SLOT(mntlabel); - mac_biba_copy_single(source, dest); + mac_biba_copy_effective(source, dest); dest = SLOT(fslabel); - mac_biba_copy_single(source, dest); + mac_biba_copy_effective(source, dest); } static void @@ -837,9 +837,9 @@ mac_biba_create_root_mount(struct ucred *cred, struct mount *mp, /* Always mount root as high integrity. */ mac_biba = SLOT(fslabel); - mac_biba_set_single(mac_biba, MAC_BIBA_TYPE_HIGH, 0, NULL); + mac_biba_set_effective(mac_biba, MAC_BIBA_TYPE_HIGH, 0, NULL); mac_biba = SLOT(mntlabel); - mac_biba_set_single(mac_biba, MAC_BIBA_TYPE_HIGH, 0, NULL); + mac_biba_set_effective(mac_biba, MAC_BIBA_TYPE_HIGH, 0, NULL); } static void @@ -877,7 +877,7 @@ mac_biba_associate_vnode_devfs(struct mount *mp, struct label *fslabel, source = SLOT(delabel); dest = SLOT(vlabel); - mac_biba_copy_single(source, dest); + mac_biba_copy_effective(source, dest); } static int @@ -897,7 +897,7 @@ mac_biba_associate_vnode_extattr(struct mount *mp, struct label *fslabel, MAC_BIBA_EXTATTR_NAME, &buflen, (char *) &temp, curthread); if (error == ENOATTR || error == EOPNOTSUPP) { /* Fall back to the fslabel. */ - mac_biba_copy_single(source, dest); + mac_biba_copy_effective(source, dest); return (0); } else if (error) return (error); @@ -911,12 +911,12 @@ mac_biba_associate_vnode_extattr(struct mount *mp, struct label *fslabel, printf("mac_biba_associate_vnode_extattr: invalid\n"); return (EPERM); } - if ((temp.mb_flags & MAC_BIBA_FLAGS_BOTH) != MAC_BIBA_FLAG_SINGLE) { - printf("mac_biba_associate_vnode_extattr: not single\n"); + if ((temp.mb_flags & MAC_BIBA_FLAGS_BOTH) != MAC_BIBA_FLAG_EFFECTIVE) { + printf("mac_biba_associate_vnode_extattr: not effective\n"); return (EPERM); } - mac_biba_copy_single(&temp, dest); + mac_biba_copy_effective(&temp, dest); return (0); } @@ -929,7 +929,7 @@ mac_biba_associate_vnode_singlelabel(struct mount *mp, source = SLOT(fslabel); dest = SLOT(vlabel); - mac_biba_copy_single(source, dest); + mac_biba_copy_effective(source, dest); } static int @@ -946,12 +946,12 @@ mac_biba_create_vnode_extattr(struct ucred *cred, struct mount *mp, source = SLOT(cred->cr_label); dest = SLOT(vlabel); - mac_biba_copy_single(source, &temp); + mac_biba_copy_effective(source, &temp); error = vn_extattr_set(vp, IO_NODELOCKED, MAC_BIBA_EXTATTR_NAMESPACE, MAC_BIBA_EXTATTR_NAME, buflen, (char *) &temp, curthread); if (error == 0) - mac_biba_copy_single(source, dest); + mac_biba_copy_effective(source, dest); return (error); } @@ -967,10 +967,10 @@ mac_biba_setlabel_vnode_extattr(struct ucred *cred, struct vnode *vp, bzero(&temp, buflen); source = SLOT(intlabel); - if ((source->mb_flags & MAC_BIBA_FLAG_SINGLE) == 0) + if ((source->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) == 0) return (0); - mac_biba_copy_single(source, &temp); + mac_biba_copy_effective(source, &temp); error = vn_extattr_set(vp, IO_NODELOCKED, MAC_BIBA_EXTATTR_NAMESPACE, MAC_BIBA_EXTATTR_NAME, buflen, (char *) &temp, curthread); @@ -989,7 +989,7 @@ mac_biba_create_inpcb_from_socket(struct socket *so, struct label *solabel, source = SLOT(solabel); dest = SLOT(inplabel); - mac_biba_copy_single(source, dest); + mac_biba_copy_effective(source, dest); } static void @@ -1001,7 +1001,7 @@ mac_biba_create_mbuf_from_socket(struct socket *so, struct label *socketlabel, source = SLOT(socketlabel); dest = SLOT(mbuflabel); - mac_biba_copy_single(source, dest); + mac_biba_copy_effective(source, dest); } static void @@ -1013,7 +1013,7 @@ mac_biba_create_socket(struct ucred *cred, struct socket *socket, source = SLOT(cred->cr_label); dest = SLOT(socketlabel); - mac_biba_copy_single(source, dest); + mac_biba_copy_effective(source, dest); } static void @@ -1025,7 +1025,7 @@ mac_biba_create_pipe(struct ucred *cred, struct pipepair *pp, source = SLOT(cred->cr_label); dest = SLOT(pipelabel); - mac_biba_copy_single(source, dest); + mac_biba_copy_effective(source, dest); } static void @@ -1038,7 +1038,7 @@ mac_biba_create_socket_from_socket(struct socket *oldsocket, source = SLOT(oldsocketlabel); dest = SLOT(newsocketlabel); - mac_biba_copy_single(source, dest); + mac_biba_copy_effective(source, dest); } static void @@ -1074,7 +1074,7 @@ mac_biba_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel, source = SLOT(mbuflabel); dest = SLOT(socketpeerlabel); - mac_biba_copy_single(source, dest); + mac_biba_copy_effective(source, dest); } /* @@ -1090,7 +1090,7 @@ mac_biba_set_socket_peer_from_socket(struct socket *oldsocket, source = SLOT(oldsocketlabel); dest = SLOT(newsocketpeerlabel); - mac_biba_copy_single(source, dest); + mac_biba_copy_effective(source, dest); } static void @@ -1102,7 +1102,7 @@ mac_biba_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d, source = SLOT(cred->cr_label); dest = SLOT(bpflabel); - mac_biba_copy_single(source, dest); + mac_biba_copy_effective(source, dest); } static void @@ -1158,7 +1158,7 @@ mac_biba_create_ifnet(struct ifnet *ifnet, struct label *ifnetlabel) } } set: - mac_biba_set_single(dest, type, 0, NULL); + mac_biba_set_effective(dest, type, 0, NULL); mac_biba_set_range(dest, type, 0, NULL, type, 0, NULL); } @@ -1171,7 +1171,7 @@ mac_biba_create_ipq(struct mbuf *fragment, struct label *fragmentlabel, source = SLOT(fragmentlabel); dest = SLOT(ipqlabel); - mac_biba_copy_single(source, dest); + mac_biba_copy_effective(source, dest); } static void @@ -1184,7 +1184,7 @@ mac_biba_create_datagram_from_ipq(struct ipq *ipq, struct label *ipqlabel, dest = SLOT(datagramlabel); /* Just use the head, since we require them all to match. */ - mac_biba_copy_single(source, dest); + mac_biba_copy_effective(source, dest); } static void @@ -1196,7 +1196,7 @@ mac_biba_create_fragment(struct mbuf *datagram, struct label *datagramlabel, source = SLOT(datagramlabel); dest = SLOT(fragmentlabel); - mac_biba_copy_single(source, dest); + mac_biba_copy_effective(source, dest); } static void @@ -1208,7 +1208,7 @@ mac_biba_create_mbuf_from_inpcb(struct inpcb *inp, struct label *inplabel, source = SLOT(inplabel); dest = SLOT(mlabel); - mac_biba_copy_single(source, dest); + mac_biba_copy_effective(source, dest); } static void @@ -1240,7 +1240,7 @@ mac_biba_create_mbuf_linklayer(struct ifnet *ifnet, struct label *ifnetlabel, dest = SLOT(mbuflabel); - mac_biba_set_single(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL); + mac_biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL); } static void @@ -1252,7 +1252,7 @@ mac_biba_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct label *bpflabel, source = SLOT(bpflabel); dest = SLOT(mbuflabel); - mac_biba_copy_single(source, dest); + mac_biba_copy_effective(source, dest); } static void @@ -1264,7 +1264,7 @@ mac_biba_create_mbuf_from_ifnet(struct ifnet *ifnet, struct label *ifnetlabel, source = SLOT(ifnetlabel); dest = SLOT(mbuflabel); - mac_biba_copy_single(source, dest); + mac_biba_copy_effective(source, dest); } static void @@ -1277,7 +1277,7 @@ mac_biba_create_mbuf_multicast_encap(struct mbuf *oldmbuf, source = SLOT(oldmbuflabel); dest = SLOT(newmbuflabel); - mac_biba_copy_single(source, dest); + mac_biba_copy_effective(source, dest); } static void @@ -1289,7 +1289,7 @@ mac_biba_create_mbuf_netlayer(struct mbuf *oldmbuf, struct label *oldmbuflabel, source = SLOT(oldmbuflabel); dest = SLOT(newmbuflabel); - mac_biba_copy_single(source, dest); + mac_biba_copy_effective(source, dest); } static int @@ -1301,7 +1301,7 @@ mac_biba_fragment_match(struct mbuf *fragment, struct label *fragmentlabel, a = SLOT(ipqlabel); b = SLOT(fragmentlabel); - return (mac_biba_equal_single(a, b)); + return (mac_biba_equal_effective(a, b)); } static void @@ -1346,7 +1346,7 @@ mac_biba_create_proc0(struct ucred *cred) dest = SLOT(cred->cr_label); - mac_biba_set_single(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL); + mac_biba_set_effective(dest, MAC_BIBA_TYPE_EQUAL, 0, NULL); mac_biba_set_range(dest, MAC_BIBA_TYPE_LOW, 0, NULL, MAC_BIBA_TYPE_HIGH, 0, NULL); } @@ -1358,7 +1358,7 @@ mac_biba_create_proc1(struct ucred *cred) dest = SLOT(cred->cr_label); - mac_biba_set_single(dest, MAC_BIBA_TYPE_HIGH, 0, NULL); + mac_biba_set_effective(dest, MAC_BIBA_TYPE_HIGH, 0, NULL); mac_biba_set_range(dest, MAC_BIBA_TYPE_LOW, 0, NULL, MAC_BIBA_TYPE_HIGH, 0, NULL); } @@ -1389,7 +1389,7 @@ mac_biba_check_bpfdesc_receive(struct bpf_d *bpf_d, struct label *bpflabel, a = SLOT(bpflabel); b = SLOT(ifnetlabel); - if (mac_biba_equal_single(a, b)) + if (mac_biba_equal_effective(a, b)) return (0); return (EACCES); } @@ -1405,7 +1405,7 @@ mac_biba_check_cred_relabel(struct ucred *cred, struct label *newlabel) /* * If there is a Biba label update for the credential, it may - * be an update of the single, range, or both. + * be an update of the effective, range, or both. */ error = biba_atmostflags(new, MAC_BIBA_FLAGS_BOTH); if (error) @@ -1417,20 +1417,20 @@ mac_biba_check_cred_relabel(struct ucred *cred, struct label *newlabel) if (new->mb_flags & MAC_BIBA_FLAGS_BOTH) { /* * If the change request modifies both the Biba label - * single and range, check that the new single will be + * effective and range, check that the new effective will be * in the new range. */ if ((new->mb_flags & MAC_BIBA_FLAGS_BOTH) == MAC_BIBA_FLAGS_BOTH && - !mac_biba_single_in_range(new, new)) + !mac_biba_effective_in_range(new, new)) return (EINVAL); /* - * To change the Biba single label on a credential, the - * new single label must be in the current range. + * To change the Biba effective label on a credential, the + * new effective label must be in the current range. */ - if (new->mb_flags & MAC_BIBA_FLAG_SINGLE && - !mac_biba_single_in_range(new, subj)) + if (new->mb_flags & MAC_BIBA_FLAG_EFFECTIVE && + !mac_biba_effective_in_range(new, subj)) return (EPERM); /* @@ -1468,7 +1468,7 @@ mac_biba_check_cred_visible(struct ucred *u1, struct ucred *u2) obj = SLOT(u2->cr_label); /* XXX: range */ - if (!mac_biba_dominate_single(obj, subj)) + if (!mac_biba_dominate_effective(obj, subj)) return (ESRCH); return (0); @@ -1486,7 +1486,7 @@ mac_biba_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifnet, /* * If there is a Biba label update for the interface, it may - * be an update of the single, range, or both. + * be an update of the effective, range, or both. */ error = biba_atmostflags(new, MAC_BIBA_FLAGS_BOTH); if (error) @@ -1514,7 +1514,7 @@ mac_biba_check_ifnet_transmit(struct ifnet *ifnet, struct label *ifnetlabel, p = SLOT(mbuflabel); i = SLOT(ifnetlabel); - return (mac_biba_single_in_range(p, i) ? 0 : EACCES); + return (mac_biba_effective_in_range(p, i) ? 0 : EACCES); } static int @@ -1529,7 +1529,7 @@ mac_biba_check_inpcb_deliver(struct inpcb *inp, struct label *inplabel, p = SLOT(mlabel); i = SLOT(inplabel); - return (mac_biba_equal_single(p, i) ? 0 : EACCES); + return (mac_biba_equal_effective(p, i) ? 0 : EACCES); } static int @@ -1549,7 +1549,7 @@ mac_biba_check_kld_load(struct ucred *cred, struct vnode *vp, return (error); obj = SLOT(label); - if (!mac_biba_high_single(obj)) + if (!mac_biba_high_effective(obj)) return (EACCES); return (0); @@ -1581,7 +1581,7 @@ mac_biba_check_mount_stat(struct ucred *cred, struct mount *mp, subj = SLOT(cred->cr_label); obj = SLOT(mntlabel); - if (!mac_biba_dominate_single(obj, subj)) + if (!mac_biba_dominate_effective(obj, subj)) return (EACCES); return (0); @@ -1612,7 +1612,7 @@ mac_biba_check_pipe_poll(struct ucred *cred, struct pipepair *pp, subj = SLOT(cred->cr_label); obj = SLOT((pipelabel)); - if (!mac_biba_dominate_single(obj, subj)) + if (!mac_biba_dominate_effective(obj, subj)) return (EACCES); return (0); @@ -1630,7 +1630,7 @@ mac_biba_check_pipe_read(struct ucred *cred, struct pipepair *pp, subj = SLOT(cred->cr_label); obj = SLOT((pipelabel)); - if (!mac_biba_dominate_single(obj, subj)) + if (!mac_biba_dominate_effective(obj, subj)) return (EACCES); return (0); @@ -1649,9 +1649,9 @@ mac_biba_check_pipe_relabel(struct ucred *cred, struct pipepair *pp, /* * If there is a Biba label update for a pipe, it must be a - * single update. + * effective update. */ - error = biba_atmostflags(new, MAC_BIBA_FLAG_SINGLE); + error = biba_atmostflags(new, MAC_BIBA_FLAG_EFFECTIVE); if (error) return (error); @@ -1659,18 +1659,18 @@ mac_biba_check_pipe_relabel(struct ucred *cred, struct pipepair *pp, * To perform a relabel of a pipe (Biba label or not), Biba must * authorize the relabel. */ - if (!mac_biba_single_in_range(obj, subj)) + if (!mac_biba_effective_in_range(obj, subj)) return (EPERM); /* * If the Biba label is to be changed, authorize as appropriate. */ - if (new->mb_flags & MAC_BIBA_FLAG_SINGLE) { + if (new->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) { /* * To change the Biba label on a pipe, the new pipe label * must be in the subject range. */ - if (!mac_biba_single_in_range(new, subj)) + if (!mac_biba_effective_in_range(new, subj)) return (EPERM); /* @@ -1699,7 +1699,7 @@ mac_biba_check_pipe_stat(struct ucred *cred, struct pipepair *pp, subj = SLOT(cred->cr_label); obj = SLOT((pipelabel)); - if (!mac_biba_dominate_single(obj, subj)) + if (!mac_biba_dominate_effective(obj, subj)) return (EACCES); return (0); @@ -1717,7 +1717,7 @@ mac_biba_check_pipe_write(struct ucred *cred, struct pipepair *pp, subj = SLOT(cred->cr_label); obj = SLOT((pipelabel)); - if (!mac_biba_dominate_single(subj, obj)) + if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); return (0); @@ -1735,9 +1735,9 @@ mac_biba_check_proc_debug(struct ucred *cred, struct proc *proc) obj = SLOT(proc->p_ucred->cr_label); /* XXX: range checks */ - if (!mac_biba_dominate_single(obj, subj)) + if (!mac_biba_dominate_effective(obj, subj)) return (ESRCH); - if (!mac_biba_dominate_single(subj, obj)) + if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); return (0); @@ -1755,9 +1755,9 @@ mac_biba_check_proc_sched(struct ucred *cred, struct proc *proc) obj = SLOT(proc->p_ucred->cr_label); /* XXX: range checks */ - if (!mac_biba_dominate_single(obj, subj)) + if (!mac_biba_dominate_effective(obj, subj)) return (ESRCH); - if (!mac_biba_dominate_single(subj, obj)) + if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); return (0); @@ -1775,9 +1775,9 @@ mac_biba_check_proc_signal(struct ucred *cred, struct proc *proc, int signum) obj = SLOT(proc->p_ucred->cr_label); /* XXX: range checks */ - if (!mac_biba_dominate_single(obj, subj)) + if (!mac_biba_dominate_effective(obj, subj)) return (ESRCH); - if (!mac_biba_dominate_single(subj, obj)) + if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); return (0); @@ -1795,7 +1795,7 @@ mac_biba_check_socket_deliver(struct socket *so, struct label *socketlabel, p = SLOT(mbuflabel); s = SLOT(socketlabel); - return (mac_biba_equal_single(p, s) ? 0 : EACCES); + return (mac_biba_equal_effective(p, s) ? 0 : EACCES); } static int @@ -1811,28 +1811,28 @@ mac_biba_check_socket_relabel(struct ucred *cred, struct socket *so, /* * If there is a Biba label update for the socket, it may be - * an update of single. + * an update of effective. */ - error = biba_atmostflags(new, MAC_BIBA_FLAG_SINGLE); + error = biba_atmostflags(new, MAC_BIBA_FLAG_EFFECTIVE); if (error) return (error); /* - * To relabel a socket, the old socket single must be in the subject + * To relabel a socket, the old socket effective must be in the subject * range. */ - if (!mac_biba_single_in_range(obj, subj)) + if (!mac_biba_effective_in_range(obj, subj)) return (EPERM); /* * If the Biba label is to be changed, authorize as appropriate. */ - if (new->mb_flags & MAC_BIBA_FLAG_SINGLE) { + if (new->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) { /* - * To relabel a socket, the new socket single must be in + * To relabel a socket, the new socket effective must be in * the subject range. */ - if (!mac_biba_single_in_range(new, subj)) + if (!mac_biba_effective_in_range(new, subj)) return (EPERM); /* @@ -1861,7 +1861,7 @@ mac_biba_check_socket_visible(struct ucred *cred, struct socket *socket, subj = SLOT(cred->cr_label); obj = SLOT(socketlabel); - if (!mac_biba_dominate_single(obj, subj)) + if (!mac_biba_dominate_effective(obj, subj)) return (ENOENT); return (0); @@ -1905,7 +1905,7 @@ mac_biba_check_system_acct(struct ucred *cred, struct vnode *vp, return (0); obj = SLOT(label); - if (!mac_biba_high_single(obj)) + if (!mac_biba_high_effective(obj)) return (EACCES); return (0); @@ -1946,7 +1946,7 @@ mac_biba_check_system_swapon(struct ucred *cred, struct vnode *vp, if (error) return (error); - if (!mac_biba_high_single(obj)) + if (!mac_biba_high_effective(obj)) return (EACCES); return (0); @@ -2012,7 +2012,7 @@ mac_biba_check_vnode_chdir(struct ucred *cred, struct vnode *dvp, subj = SLOT(cred->cr_label); obj = SLOT(dlabel); - if (!mac_biba_dominate_single(obj, subj)) + if (!mac_biba_dominate_effective(obj, subj)) return (EACCES); return (0); @@ -2030,7 +2030,7 @@ mac_biba_check_vnode_chroot(struct ucred *cred, struct vnode *dvp, subj = SLOT(cred->cr_label); obj = SLOT(dlabel); - if (!mac_biba_dominate_single(obj, subj)) + if (!mac_biba_dominate_effective(obj, subj)) return (EACCES); return (0); @@ -2048,7 +2048,7 @@ mac_biba_check_vnode_create(struct ucred *cred, struct vnode *dvp, subj = SLOT(cred->cr_label); obj = SLOT(dlabel); - if (!mac_biba_dominate_single(subj, obj)) + if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); return (0); @@ -2067,12 +2067,12 @@ mac_biba_check_vnode_delete(struct ucred *cred, struct vnode *dvp, subj = SLOT(cred->cr_label); obj = SLOT(dlabel); - if (!mac_biba_dominate_single(subj, obj)) + if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); obj = SLOT(label); - if (!mac_biba_dominate_single(subj, obj)) + if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); return (0); @@ -2090,7 +2090,7 @@ mac_biba_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, subj = SLOT(cred->cr_label); obj = SLOT(label); - if (!mac_biba_dominate_single(subj, obj)) + if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); return (0); @@ -2108,7 +2108,7 @@ mac_biba_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp, subj = SLOT(cred->cr_label); obj = SLOT(label); - if (!mac_biba_dominate_single(subj, obj)) + if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); return (0); @@ -2140,7 +2140,7 @@ mac_biba_check_vnode_exec(struct ucred *cred, struct vnode *vp, subj = SLOT(cred->cr_label); obj = SLOT(label); - if (!mac_biba_dominate_single(obj, subj)) + if (!mac_biba_dominate_effective(obj, subj)) return (EACCES); return (0); @@ -2158,7 +2158,7 @@ mac_biba_check_vnode_getacl(struct ucred *cred, struct vnode *vp, subj = SLOT(cred->cr_label); obj = SLOT(label); - if (!mac_biba_dominate_single(obj, subj)) + if (!mac_biba_dominate_effective(obj, subj)) return (EACCES); return (0); @@ -2176,7 +2176,7 @@ mac_biba_check_vnode_getextattr(struct ucred *cred, struct vnode *vp, subj = SLOT(cred->cr_label); obj = SLOT(label); - if (!mac_biba_dominate_single(obj, subj)) + if (!mac_biba_dominate_effective(obj, subj)) return (EACCES); return (0); @@ -2195,12 +2195,12 @@ mac_biba_check_vnode_link(struct ucred *cred, struct vnode *dvp, subj = SLOT(cred->cr_label); obj = SLOT(dlabel); - if (!mac_biba_dominate_single(subj, obj)) + if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); obj = SLOT(label); - if (!mac_biba_dominate_single(subj, obj)) + if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); return (0); @@ -2218,7 +2218,7 @@ mac_biba_check_vnode_listextattr(struct ucred *cred, struct vnode *vp, subj = SLOT(cred->cr_label); obj = SLOT(label); - if (!mac_biba_dominate_single(obj, subj)) + if (!mac_biba_dominate_effective(obj, subj)) return (EACCES); return (0); @@ -2236,7 +2236,7 @@ mac_biba_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, subj = SLOT(cred->cr_label); obj = SLOT(dlabel); - if (!mac_biba_dominate_single(obj, subj)) + if (!mac_biba_dominate_effective(obj, subj)) return (EACCES); return (0); @@ -2259,11 +2259,11 @@ mac_biba_check_vnode_mmap(struct ucred *cred, struct vnode *vp, obj = SLOT(label); if (prot & (VM_PROT_READ | VM_PROT_EXECUTE)) { - if (!mac_biba_dominate_single(obj, subj)) + if (!mac_biba_dominate_effective(obj, subj)) return (EACCES); } if (prot & VM_PROT_WRITE) { - if (!mac_biba_dominate_single(subj, obj)) + if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); } @@ -2284,11 +2284,11 @@ mac_biba_check_vnode_open(struct ucred *cred, struct vnode *vp, /* XXX privilege override for admin? */ if (acc_mode & (VREAD | VEXEC | VSTAT)) { - if (!mac_biba_dominate_single(obj, subj)) + if (!mac_biba_dominate_effective(obj, subj)) return (EACCES); } if (acc_mode & (VWRITE | VAPPEND | VADMIN)) { - if (!mac_biba_dominate_single(subj, obj)) + if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); } @@ -2307,7 +2307,7 @@ mac_biba_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred, subj = SLOT(active_cred->cr_label); obj = SLOT(label); - if (!mac_biba_dominate_single(obj, subj)) + if (!mac_biba_dominate_effective(obj, subj)) return (EACCES); return (0); @@ -2325,7 +2325,7 @@ mac_biba_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred, subj = SLOT(active_cred->cr_label); obj = SLOT(label); - if (!mac_biba_dominate_single(obj, subj)) + if (!mac_biba_dominate_effective(obj, subj)) return (EACCES); return (0); @@ -2343,7 +2343,7 @@ mac_biba_check_vnode_readdir(struct ucred *cred, struct vnode *dvp, subj = SLOT(cred->cr_label); obj = SLOT(dlabel); - if (!mac_biba_dominate_single(obj, subj)) + if (!mac_biba_dominate_effective(obj, subj)) return (EACCES); return (0); @@ -2361,7 +2361,7 @@ mac_biba_check_vnode_readlink(struct ucred *cred, struct vnode *vp, subj = SLOT(cred->cr_label); obj = SLOT(label); - if (!mac_biba_dominate_single(obj, subj)) + if (!mac_biba_dominate_effective(obj, subj)) return (EACCES); return (0); @@ -2380,9 +2380,9 @@ mac_biba_check_vnode_relabel(struct ucred *cred, struct vnode *vp, /* * If there is a Biba label update for the vnode, it must be a - * single label. + * effective label. */ - error = biba_atmostflags(new, MAC_BIBA_FLAG_SINGLE); + error = biba_atmostflags(new, MAC_BIBA_FLAG_EFFECTIVE); if (error) return (error); @@ -2390,18 +2390,18 @@ mac_biba_check_vnode_relabel(struct ucred *cred, struct vnode *vp, * To perform a relabel of the vnode (Biba label or not), Biba must * authorize the relabel. */ - if (!mac_biba_single_in_range(old, subj)) + if (!mac_biba_effective_in_range(old, subj)) return (EPERM); /* * If the Biba label is to be changed, authorize as appropriate. */ - if (new->mb_flags & MAC_BIBA_FLAG_SINGLE) { + if (new->mb_flags & MAC_BIBA_FLAG_EFFECTIVE) { /* * To change the Biba label on a vnode, the new vnode label * must be in the subject range. */ - if (!mac_biba_single_in_range(new, subj)) + if (!mac_biba_effective_in_range(new, subj)) return (EPERM); /* @@ -2431,12 +2431,12 @@ mac_biba_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp, subj = SLOT(cred->cr_label); obj = SLOT(dlabel); - if (!mac_biba_dominate_single(subj, obj)) + if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); obj = SLOT(label); - if (!mac_biba_dominate_single(subj, obj)) + if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); return (0); @@ -2455,13 +2455,13 @@ mac_biba_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp, subj = SLOT(cred->cr_label); obj = SLOT(dlabel); - if (!mac_biba_dominate_single(subj, obj)) + if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); if (vp != NULL) { obj = SLOT(label); - if (!mac_biba_dominate_single(subj, obj)) + if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); } @@ -2480,7 +2480,7 @@ mac_biba_check_vnode_revoke(struct ucred *cred, struct vnode *vp, subj = SLOT(cred->cr_label); obj = SLOT(label); - if (!mac_biba_dominate_single(subj, obj)) + if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); return (0); @@ -2498,7 +2498,7 @@ mac_biba_check_vnode_setacl(struct ucred *cred, struct vnode *vp, subj = SLOT(cred->cr_label); obj = SLOT(label); - if (!mac_biba_dominate_single(subj, obj)) + if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); return (0); @@ -2517,7 +2517,7 @@ mac_biba_check_vnode_setextattr(struct ucred *cred, struct vnode *vp, subj = SLOT(cred->cr_label); obj = SLOT(vnodelabel); - if (!mac_biba_dominate_single(subj, obj)) + if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); /* XXX: protect the MAC EA in a special way? */ @@ -2537,7 +2537,7 @@ mac_biba_check_vnode_setflags(struct ucred *cred, struct vnode *vp, subj = SLOT(cred->cr_label); obj = SLOT(vnodelabel); - if (!mac_biba_dominate_single(subj, obj)) + if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); return (0); @@ -2555,7 +2555,7 @@ mac_biba_check_vnode_setmode(struct ucred *cred, struct vnode *vp, subj = SLOT(cred->cr_label); obj = SLOT(vnodelabel); - if (!mac_biba_dominate_single(subj, obj)) + if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); return (0); @@ -2573,7 +2573,7 @@ mac_biba_check_vnode_setowner(struct ucred *cred, struct vnode *vp, subj = SLOT(cred->cr_label); obj = SLOT(vnodelabel); - if (!mac_biba_dominate_single(subj, obj)) + if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); return (0); @@ -2591,7 +2591,7 @@ mac_biba_check_vnode_setutimes(struct ucred *cred, struct vnode *vp, subj = SLOT(cred->cr_label); obj = SLOT(vnodelabel); - if (!mac_biba_dominate_single(subj, obj)) + if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); return (0); @@ -2609,7 +2609,7 @@ mac_biba_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred, subj = SLOT(active_cred->cr_label); obj = SLOT(vnodelabel); - if (!mac_biba_dominate_single(obj, subj)) + if (!mac_biba_dominate_effective(obj, subj)) return (EACCES); return (0); @@ -2627,7 +2627,7 @@ mac_biba_check_vnode_write(struct ucred *active_cred, subj = SLOT(active_cred->cr_label); obj = SLOT(label); - if (!mac_biba_dominate_single(subj, obj)) + if (!mac_biba_dominate_effective(subj, obj)) return (EACCES); return (0); diff --git a/sys/security/mac_biba/mac_biba.h b/sys/security/mac_biba/mac_biba.h index d96a39b..05eefab 100644 --- a/sys/security/mac_biba/mac_biba.h +++ b/sys/security/mac_biba/mac_biba.h @@ -1,6 +1,6 @@ /*- * Copyright (c) 1999-2002 Robert N. M. Watson - * Copyright (c) 2001-2002 Networks Associates Technology, Inc. + * Copyright (c) 2001-2004 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed by Robert Watson for the TrustedBSD Project. @@ -44,9 +44,9 @@ #define MAC_BIBA_LABEL_NAME "biba" -#define MAC_BIBA_FLAG_SINGLE 0x00000001 /* mb_single initialized */ +#define MAC_BIBA_FLAG_EFFECTIVE 0x00000001 /* mb_effective initialized */ #define MAC_BIBA_FLAG_RANGE 0x00000002 /* mb_range* initialized */ -#define MAC_BIBA_FLAGS_BOTH (MAC_BIBA_FLAG_SINGLE | MAC_BIBA_FLAG_RANGE) +#define MAC_BIBA_FLAGS_BOTH (MAC_BIBA_FLAG_EFFECTIVE | MAC_BIBA_FLAG_RANGE) #define MAC_BIBA_TYPE_UNDEF 0 /* Undefined */ #define MAC_BIBA_TYPE_GRADE 1 /* Hierarchal grade with mb_grade. */ @@ -73,14 +73,14 @@ struct mac_biba_element { }; /* - * Biba labels consist of two components: a single label, and a label + * Biba labels consist of two components: an effective label, and a label * range. Depending on the context, one or both may be used; the mb_flags * field permits the provider to indicate what fields are intended for * use. */ struct mac_biba { int mb_flags; - struct mac_biba_element mb_single; + struct mac_biba_element mb_effective; struct mac_biba_element mb_rangelow, mb_rangehigh; }; diff --git a/sys/security/mac_mls/mac_mls.c b/sys/security/mac_mls/mac_mls.c index 4fcf014..ee390c3 100644 --- a/sys/security/mac_mls/mac_mls.c +++ b/sys/security/mac_mls/mac_mls.c @@ -216,31 +216,31 @@ mac_mls_range_in_range(struct mac_mls *rangea, struct mac_mls *rangeb) } static int -mac_mls_single_in_range(struct mac_mls *single, struct mac_mls *range) +mac_mls_effective_in_range(struct mac_mls *effective, struct mac_mls *range) { - KASSERT((single->mm_flags & MAC_MLS_FLAG_SINGLE) != 0, - ("mac_mls_single_in_range: a not single")); + KASSERT((effective->mm_flags & MAC_MLS_FLAG_EFFECTIVE) != 0, + ("mac_mls_effective_in_range: a not effective")); KASSERT((range->mm_flags & MAC_MLS_FLAG_RANGE) != 0, - ("mac_mls_single_in_range: b not range")); + ("mac_mls_effective_in_range: b not range")); return (mac_mls_dominate_element(&range->mm_rangehigh, - &single->mm_single) && - mac_mls_dominate_element(&single->mm_single, + &effective->mm_effective) && + mac_mls_dominate_element(&effective->mm_effective, &range->mm_rangelow)); return (1); } static int -mac_mls_dominate_single(struct mac_mls *a, struct mac_mls *b) +mac_mls_dominate_effective(struct mac_mls *a, struct mac_mls *b) { - KASSERT((a->mm_flags & MAC_MLS_FLAG_SINGLE) != 0, - ("mac_mls_dominate_single: a not single")); - KASSERT((b->mm_flags & MAC_MLS_FLAG_SINGLE) != 0, - ("mac_mls_dominate_single: b not single")); + KASSERT((a->mm_flags & MAC_MLS_FLAG_EFFECTIVE) != 0, + ("mac_mls_dominate_effective: a not effective")); + KASSERT((b->mm_flags & MAC_MLS_FLAG_EFFECTIVE) != 0, + ("mac_mls_dominate_effective: b not effective")); - return (mac_mls_dominate_element(&a->mm_single, &b->mm_single)); + return (mac_mls_dominate_element(&a->mm_effective, &b->mm_effective)); } static int @@ -255,23 +255,23 @@ mac_mls_equal_element(struct mac_mls_element *a, struct mac_mls_element *b) } static int -mac_mls_equal_single(struct mac_mls *a, struct mac_mls *b) +mac_mls_equal_effective(struct mac_mls *a, struct mac_mls *b) { - KASSERT((a->mm_flags & MAC_MLS_FLAG_SINGLE) != 0, - ("mac_mls_equal_single: a not single")); - KASSERT((b->mm_flags & MAC_MLS_FLAG_SINGLE) != 0, - ("mac_mls_equal_single: b not single")); + KASSERT((a->mm_flags & MAC_MLS_FLAG_EFFECTIVE) != 0, + ("mac_mls_equal_effective: a not effective")); + KASSERT((b->mm_flags & MAC_MLS_FLAG_EFFECTIVE) != 0, + ("mac_mls_equal_effective: b not effective")); - return (mac_mls_equal_element(&a->mm_single, &b->mm_single)); + return (mac_mls_equal_element(&a->mm_effective, &b->mm_effective)); } static int mac_mls_contains_equal(struct mac_mls *mac_mls) { - if (mac_mls->mm_flags & MAC_MLS_FLAG_SINGLE) - if (mac_mls->mm_single.mme_type == MAC_MLS_TYPE_EQUAL) + if (mac_mls->mm_flags & MAC_MLS_FLAG_EFFECTIVE) + if (mac_mls->mm_effective.mme_type == MAC_MLS_TYPE_EQUAL) return (1); if (mac_mls->mm_flags & MAC_MLS_FLAG_RANGE) { @@ -292,8 +292,8 @@ mac_mls_subject_privileged(struct mac_mls *mac_mls) MAC_MLS_FLAGS_BOTH, ("mac_mls_subject_privileged: subject doesn't have both labels")); - /* If the single is EQUAL, it's ok. */ - if (mac_mls->mm_single.mme_type == MAC_MLS_TYPE_EQUAL) + /* If the effective is EQUAL, it's ok. */ + if (mac_mls->mm_effective.mme_type == MAC_MLS_TYPE_EQUAL) return (0); /* If either range endpoint is EQUAL, it's ok. */ @@ -314,17 +314,17 @@ static int mac_mls_valid(struct mac_mls *mac_mls) { - if (mac_mls->mm_flags & MAC_MLS_FLAG_SINGLE) { - switch (mac_mls->mm_single.mme_type) { + if (mac_mls->mm_flags & MAC_MLS_FLAG_EFFECTIVE) { + switch (mac_mls->mm_effective.mme_type) { case MAC_MLS_TYPE_LEVEL: break; case MAC_MLS_TYPE_EQUAL: case MAC_MLS_TYPE_HIGH: case MAC_MLS_TYPE_LOW: - if (mac_mls->mm_single.mme_level != 0 || + if (mac_mls->mm_effective.mme_level != 0 || !MAC_MLS_BIT_SET_EMPTY( - mac_mls->mm_single.mme_compartments)) + mac_mls->mm_effective.mme_compartments)) return (EINVAL); break; @@ -332,7 +332,7 @@ mac_mls_valid(struct mac_mls *mac_mls) return (EINVAL); } } else { - if (mac_mls->mm_single.mme_type != MAC_MLS_TYPE_UNDEF) + if (mac_mls->mm_effective.mme_type != MAC_MLS_TYPE_UNDEF) return (EINVAL); } @@ -404,16 +404,16 @@ mac_mls_set_range(struct mac_mls *mac_mls, u_short typelow, } static void -mac_mls_set_single(struct mac_mls *mac_mls, u_short type, u_short level, +mac_mls_set_effective(struct mac_mls *mac_mls, u_short type, u_short level, u_char *compartments) { - mac_mls->mm_single.mme_type = type; - mac_mls->mm_single.mme_level = level; + mac_mls->mm_effective.mme_type = type; + mac_mls->mm_effective.mme_level = level; if (compartments != NULL) - memcpy(mac_mls->mm_single.mme_compartments, compartments, - sizeof(mac_mls->mm_single.mme_compartments)); - mac_mls->mm_flags |= MAC_MLS_FLAG_SINGLE; + memcpy(mac_mls->mm_effective.mme_compartments, compartments, + sizeof(mac_mls->mm_effective.mme_compartments)); + mac_mls->mm_flags |= MAC_MLS_FLAG_EFFECTIVE; } static void @@ -429,22 +429,22 @@ mac_mls_copy_range(struct mac_mls *labelfrom, struct mac_mls *labelto) } static void -mac_mls_copy_single(struct mac_mls *labelfrom, struct mac_mls *labelto) +mac_mls_copy_effective(struct mac_mls *labelfrom, struct mac_mls *labelto) { - KASSERT((labelfrom->mm_flags & MAC_MLS_FLAG_SINGLE) != 0, - ("mac_mls_copy_single: labelfrom not single")); + KASSERT((labelfrom->mm_flags & MAC_MLS_FLAG_EFFECTIVE) != 0, + ("mac_mls_copy_effective: labelfrom not effective")); - labelto->mm_single = labelfrom->mm_single; - labelto->mm_flags |= MAC_MLS_FLAG_SINGLE; + labelto->mm_effective = labelfrom->mm_effective; + labelto->mm_flags |= MAC_MLS_FLAG_EFFECTIVE; } static void mac_mls_copy(struct mac_mls *source, struct mac_mls *dest) { - if (source->mm_flags & MAC_MLS_FLAG_SINGLE) - mac_mls_copy_single(source, dest); + if (source->mm_flags & MAC_MLS_FLAG_EFFECTIVE) + mac_mls_copy_effective(source, dest); if (source->mm_flags & MAC_MLS_FLAG_RANGE) mac_mls_copy_range(source, dest); } @@ -547,8 +547,8 @@ static int mac_mls_to_string(struct sbuf *sb, struct mac_mls *mac_mls) { - if (mac_mls->mm_flags & MAC_MLS_FLAG_SINGLE) { - if (mac_mls_element_to_string(sb, &mac_mls->mm_single) + if (mac_mls->mm_flags & MAC_MLS_FLAG_EFFECTIVE) { + if (mac_mls_element_to_string(sb, &mac_mls->mm_effective) == -1) return (EINVAL); } @@ -653,12 +653,12 @@ mac_mls_parse_element(struct mac_mls_element *element, char *string) static int mac_mls_parse(struct mac_mls *mac_mls, char *string) { - char *rangehigh, *rangelow, *single; + char *rangehigh, *rangelow, *effective; int error; - single = strsep(&string, "("); - if (*single == '\0') - single = NULL; + effective = strsep(&string, "("); + if (*effective == '\0') + effective = NULL; if (string != NULL) { rangelow = strsep(&string, "-"); @@ -679,11 +679,11 @@ mac_mls_parse(struct mac_mls *mac_mls, char *string) ("mac_mls_parse: range mismatch")); bzero(mac_mls, sizeof(*mac_mls)); - if (single != NULL) { - error = mac_mls_parse_element(&mac_mls->mm_single, single); + if (effective != NULL) { + error = mac_mls_parse_element(&mac_mls->mm_effective, effective); if (error) return (error); - mac_mls->mm_flags |= MAC_MLS_FLAG_SINGLE; + mac_mls->mm_flags |= MAC_MLS_FLAG_EFFECTIVE; } if (rangelow != NULL) { @@ -760,7 +760,7 @@ mac_mls_create_devfs_device(struct mount *mp, struct cdev *dev, mls_type = MAC_MLS_TYPE_EQUAL; else mls_type = MAC_MLS_TYPE_LOW; - mac_mls_set_single(mac_mls, mls_type, 0, NULL); + mac_mls_set_effective(mac_mls, mls_type, 0, NULL); } static void @@ -770,7 +770,7 @@ mac_mls_create_devfs_directory(struct mount *mp, char *dirname, struct mac_mls *mac_mls; mac_mls = SLOT(label); - mac_mls_set_single(mac_mls, MAC_MLS_TYPE_LOW, 0, NULL); + mac_mls_set_effective(mac_mls, MAC_MLS_TYPE_LOW, 0, NULL); } static void @@ -783,7 +783,7 @@ mac_mls_create_devfs_symlink(struct ucred *cred, struct mount *mp, source = SLOT(cred->cr_label); dest = SLOT(delabel); - mac_mls_copy_single(source, dest); + mac_mls_copy_effective(source, dest); } static void @@ -794,9 +794,9 @@ mac_mls_create_mount(struct ucred *cred, struct mount *mp, source = SLOT(cred->cr_label); dest = SLOT(mntlabel); - mac_mls_copy_single(source, dest); + mac_mls_copy_effective(source, dest); dest = SLOT(fslabel); - mac_mls_copy_single(source, dest); + mac_mls_copy_effective(source, dest); } static void @@ -807,9 +807,9 @@ mac_mls_create_root_mount(struct ucred *cred, struct mount *mp, /* Always mount root as high integrity. */ mac_mls = SLOT(fslabel); - mac_mls_set_single(mac_mls, MAC_MLS_TYPE_LOW, 0, NULL); + mac_mls_set_effective(mac_mls, MAC_MLS_TYPE_LOW, 0, NULL); mac_mls = SLOT(mntlabel); - mac_mls_set_single(mac_mls, MAC_MLS_TYPE_LOW, 0, NULL); + mac_mls_set_effective(mac_mls, MAC_MLS_TYPE_LOW, 0, NULL); } static void @@ -834,7 +834,7 @@ mac_mls_update_devfsdirent(struct mount *mp, source = SLOT(vnodelabel); dest = SLOT(direntlabel); - mac_mls_copy_single(source, dest); + mac_mls_copy_effective(source, dest); } static void @@ -847,7 +847,7 @@ mac_mls_associate_vnode_devfs(struct mount *mp, struct label *fslabel, source = SLOT(delabel); dest = SLOT(vlabel); - mac_mls_copy_single(source, dest); + mac_mls_copy_effective(source, dest); } static int @@ -867,7 +867,7 @@ mac_mls_associate_vnode_extattr(struct mount *mp, struct label *fslabel, MAC_MLS_EXTATTR_NAME, &buflen, (char *) &temp, curthread); if (error == ENOATTR || error == EOPNOTSUPP) { /* Fall back to the fslabel. */ - mac_mls_copy_single(source, dest); + mac_mls_copy_effective(source, dest); return (0); } else if (error) return (error); @@ -881,12 +881,12 @@ mac_mls_associate_vnode_extattr(struct mount *mp, struct label *fslabel, printf("mac_mls_associate_vnode_extattr: invalid\n"); return (EPERM); } - if ((temp.mm_flags & MAC_MLS_FLAGS_BOTH) != MAC_MLS_FLAG_SINGLE) { - printf("mac_mls_associated_vnode_extattr: not single\n"); + if ((temp.mm_flags & MAC_MLS_FLAGS_BOTH) != MAC_MLS_FLAG_EFFECTIVE) { + printf("mac_mls_associated_vnode_extattr: not effective\n"); return (EPERM); } - mac_mls_copy_single(&temp, dest); + mac_mls_copy_effective(&temp, dest); return (0); } @@ -899,7 +899,7 @@ mac_mls_associate_vnode_singlelabel(struct mount *mp, source = SLOT(fslabel); dest = SLOT(vlabel); - mac_mls_copy_single(source, dest); + mac_mls_copy_effective(source, dest); } static int @@ -916,12 +916,12 @@ mac_mls_create_vnode_extattr(struct ucred *cred, struct mount *mp, source = SLOT(cred->cr_label); dest = SLOT(vlabel); - mac_mls_copy_single(source, &temp); + mac_mls_copy_effective(source, &temp); error = vn_extattr_set(vp, IO_NODELOCKED, MAC_MLS_EXTATTR_NAMESPACE, MAC_MLS_EXTATTR_NAME, buflen, (char *) &temp, curthread); if (error == 0) - mac_mls_copy_single(source, dest); + mac_mls_copy_effective(source, dest); return (error); } @@ -937,10 +937,10 @@ mac_mls_setlabel_vnode_extattr(struct ucred *cred, struct vnode *vp, bzero(&temp, buflen); source = SLOT(intlabel); - if ((source->mm_flags & MAC_MLS_FLAG_SINGLE) == 0) + if ((source->mm_flags & MAC_MLS_FLAG_EFFECTIVE) == 0) return (0); - mac_mls_copy_single(source, &temp); + mac_mls_copy_effective(source, &temp); error = vn_extattr_set(vp, IO_NODELOCKED, MAC_MLS_EXTATTR_NAMESPACE, MAC_MLS_EXTATTR_NAME, buflen, (char *) &temp, curthread); @@ -959,7 +959,7 @@ mac_mls_create_inpcb_from_socket(struct socket *so, struct label *solabel, source = SLOT(solabel); dest = SLOT(inplabel); - mac_mls_copy_single(source, dest); + mac_mls_copy_effective(source, dest); } static void @@ -971,7 +971,7 @@ mac_mls_create_mbuf_from_socket(struct socket *so, struct label *socketlabel, source = SLOT(socketlabel); dest = SLOT(mbuflabel); - mac_mls_copy_single(source, dest); + mac_mls_copy_effective(source, dest); } static void @@ -983,7 +983,7 @@ mac_mls_create_socket(struct ucred *cred, struct socket *socket, source = SLOT(cred->cr_label); dest = SLOT(socketlabel); - mac_mls_copy_single(source, dest); + mac_mls_copy_effective(source, dest); } static void @@ -995,7 +995,7 @@ mac_mls_create_pipe(struct ucred *cred, struct pipepair *pp, source = SLOT(cred->cr_label); dest = SLOT(pipelabel); - mac_mls_copy_single(source, dest); + mac_mls_copy_effective(source, dest); } static void @@ -1008,7 +1008,7 @@ mac_mls_create_socket_from_socket(struct socket *oldsocket, source = SLOT(oldsocketlabel); dest = SLOT(newsocketlabel); - mac_mls_copy_single(source, dest); + mac_mls_copy_effective(source, dest); } static void @@ -1044,7 +1044,7 @@ mac_mls_set_socket_peer_from_mbuf(struct mbuf *mbuf, struct label *mbuflabel, source = SLOT(mbuflabel); dest = SLOT(socketpeerlabel); - mac_mls_copy_single(source, dest); + mac_mls_copy_effective(source, dest); } /* @@ -1060,7 +1060,7 @@ mac_mls_set_socket_peer_from_socket(struct socket *oldsocket, source = SLOT(oldsocketlabel); dest = SLOT(newsocketpeerlabel); - mac_mls_copy_single(source, dest); + mac_mls_copy_effective(source, dest); } static void @@ -1072,7 +1072,7 @@ mac_mls_create_bpfdesc(struct ucred *cred, struct bpf_d *bpf_d, source = SLOT(cred->cr_label); dest = SLOT(bpflabel); - mac_mls_copy_single(source, dest); + mac_mls_copy_effective(source, dest); } static void @@ -1088,7 +1088,7 @@ mac_mls_create_ifnet(struct ifnet *ifnet, struct label *ifnetlabel) else type = MAC_MLS_TYPE_LOW; - mac_mls_set_single(dest, type, 0, NULL); + mac_mls_set_effective(dest, type, 0, NULL); mac_mls_set_range(dest, type, 0, NULL, type, 0, NULL); } @@ -1101,7 +1101,7 @@ mac_mls_create_ipq(struct mbuf *fragment, struct label *fragmentlabel, source = SLOT(fragmentlabel); dest = SLOT(ipqlabel); - mac_mls_copy_single(source, dest); + mac_mls_copy_effective(source, dest); } static void @@ -1114,7 +1114,7 @@ mac_mls_create_datagram_from_ipq(struct ipq *ipq, struct label *ipqlabel, dest = SLOT(datagramlabel); /* Just use the head, since we require them all to match. */ - mac_mls_copy_single(source, dest); + mac_mls_copy_effective(source, dest); } static void @@ -1126,7 +1126,7 @@ mac_mls_create_fragment(struct mbuf *datagram, struct label *datagramlabel, source = SLOT(datagramlabel); dest = SLOT(fragmentlabel); - mac_mls_copy_single(source, dest); + mac_mls_copy_effective(source, dest); } static void @@ -1138,7 +1138,7 @@ mac_mls_create_mbuf_from_inpcb(struct inpcb *inp, struct label *inplabel, source = SLOT(inplabel); dest = SLOT(mlabel); - mac_mls_copy_single(source, dest); + mac_mls_copy_effective(source, dest); } static void @@ -1170,7 +1170,7 @@ mac_mls_create_mbuf_linklayer(struct ifnet *ifnet, struct label *ifnetlabel, dest = SLOT(mbuflabel); - mac_mls_set_single(dest, MAC_MLS_TYPE_EQUAL, 0, NULL); + mac_mls_set_effective(dest, MAC_MLS_TYPE_EQUAL, 0, NULL); } static void @@ -1182,7 +1182,7 @@ mac_mls_create_mbuf_from_bpfdesc(struct bpf_d *bpf_d, struct label *bpflabel, source = SLOT(bpflabel); dest = SLOT(mbuflabel); - mac_mls_copy_single(source, dest); + mac_mls_copy_effective(source, dest); } static void @@ -1194,7 +1194,7 @@ mac_mls_create_mbuf_from_ifnet(struct ifnet *ifnet, struct label *ifnetlabel, source = SLOT(ifnetlabel); dest = SLOT(mbuflabel); - mac_mls_copy_single(source, dest); + mac_mls_copy_effective(source, dest); } static void @@ -1207,7 +1207,7 @@ mac_mls_create_mbuf_multicast_encap(struct mbuf *oldmbuf, source = SLOT(oldmbuflabel); dest = SLOT(newmbuflabel); - mac_mls_copy_single(source, dest); + mac_mls_copy_effective(source, dest); } static void @@ -1219,7 +1219,7 @@ mac_mls_create_mbuf_netlayer(struct mbuf *oldmbuf, struct label *oldmbuflabel, source = SLOT(oldmbuflabel); dest = SLOT(newmbuflabel); - mac_mls_copy_single(source, dest); + mac_mls_copy_effective(source, dest); } static int @@ -1231,7 +1231,7 @@ mac_mls_fragment_match(struct mbuf *fragment, struct label *fragmentlabel, a = SLOT(ipqlabel); b = SLOT(fragmentlabel); - return (mac_mls_equal_single(a, b)); + return (mac_mls_equal_effective(a, b)); } static void @@ -1276,7 +1276,7 @@ mac_mls_create_proc0(struct ucred *cred) dest = SLOT(cred->cr_label); - mac_mls_set_single(dest, MAC_MLS_TYPE_EQUAL, 0, NULL); + mac_mls_set_effective(dest, MAC_MLS_TYPE_EQUAL, 0, NULL); mac_mls_set_range(dest, MAC_MLS_TYPE_LOW, 0, NULL, MAC_MLS_TYPE_HIGH, 0, NULL); } @@ -1288,7 +1288,7 @@ mac_mls_create_proc1(struct ucred *cred) dest = SLOT(cred->cr_label); - mac_mls_set_single(dest, MAC_MLS_TYPE_LOW, 0, NULL); + mac_mls_set_effective(dest, MAC_MLS_TYPE_LOW, 0, NULL); mac_mls_set_range(dest, MAC_MLS_TYPE_LOW, 0, NULL, MAC_MLS_TYPE_HIGH, 0, NULL); } @@ -1319,7 +1319,7 @@ mac_mls_check_bpfdesc_receive(struct bpf_d *bpf_d, struct label *bpflabel, a = SLOT(bpflabel); b = SLOT(ifnetlabel); - if (mac_mls_equal_single(a, b)) + if (mac_mls_equal_effective(a, b)) return (0); return (EACCES); } @@ -1335,7 +1335,7 @@ mac_mls_check_cred_relabel(struct ucred *cred, struct label *newlabel) /* * If there is an MLS label update for the credential, it may be - * an update of single, range, or both. + * an update of effective, range, or both. */ error = mls_atmostflags(new, MAC_MLS_FLAGS_BOTH); if (error) @@ -1346,21 +1346,21 @@ mac_mls_check_cred_relabel(struct ucred *cred, struct label *newlabel) */ if (new->mm_flags & MAC_MLS_FLAGS_BOTH) { /* - * If the change request modifies both the MLS label single - * and range, check that the new single will be in the + * If the change request modifies both the MLS label effective + * and range, check that the new effective will be in the * new range. */ if ((new->mm_flags & MAC_MLS_FLAGS_BOTH) == MAC_MLS_FLAGS_BOTH && - !mac_mls_single_in_range(new, new)) + !mac_mls_effective_in_range(new, new)) return (EINVAL); /* - * To change the MLS single label on a credential, the - * new single label must be in the current range. + * To change the MLS effective label on a credential, the + * new effective label must be in the current range. */ - if (new->mm_flags & MAC_MLS_FLAG_SINGLE && - !mac_mls_single_in_range(new, subj)) + if (new->mm_flags & MAC_MLS_FLAG_EFFECTIVE && + !mac_mls_effective_in_range(new, subj)) return (EPERM); /* @@ -1398,7 +1398,7 @@ mac_mls_check_cred_visible(struct ucred *u1, struct ucred *u2) obj = SLOT(u2->cr_label); /* XXX: range */ - if (!mac_mls_dominate_single(subj, obj)) + if (!mac_mls_dominate_effective(subj, obj)) return (ESRCH); return (0); @@ -1416,7 +1416,7 @@ mac_mls_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifnet, /* * If there is an MLS label update for the interface, it may - * be an update of single, range, or both. + * be an update of effective, range, or both. */ error = mls_atmostflags(new, MAC_MLS_FLAGS_BOTH); if (error) @@ -1442,7 +1442,7 @@ mac_mls_check_ifnet_transmit(struct ifnet *ifnet, struct label *ifnetlabel, p = SLOT(mbuflabel); i = SLOT(ifnetlabel); - return (mac_mls_single_in_range(p, i) ? 0 : EACCES); + return (mac_mls_effective_in_range(p, i) ? 0 : EACCES); } static int @@ -1457,7 +1457,7 @@ mac_mls_check_inpcb_deliver(struct inpcb *inp, struct label *inplabel, p = SLOT(mlabel); i = SLOT(inplabel); - return (mac_mls_equal_single(p, i) ? 0 : EACCES); + return (mac_mls_equal_effective(p, i) ? 0 : EACCES); } static int @@ -1472,7 +1472,7 @@ mac_mls_check_mount_stat(struct ucred *cred, struct mount *mp, subj = SLOT(cred->cr_label); obj = SLOT(mntlabel); - if (!mac_mls_dominate_single(subj, obj)) + if (!mac_mls_dominate_effective(subj, obj)) return (EACCES); return (0); @@ -1503,7 +1503,7 @@ mac_mls_check_pipe_poll(struct ucred *cred, struct pipepair *pp, subj = SLOT(cred->cr_label); obj = SLOT((pipelabel)); - if (!mac_mls_dominate_single(subj, obj)) + if (!mac_mls_dominate_effective(subj, obj)) return (EACCES); return (0); @@ -1521,7 +1521,7 @@ mac_mls_check_pipe_read(struct ucred *cred, struct pipepair *pp, subj = SLOT(cred->cr_label); obj = SLOT((pipelabel)); - if (!mac_mls_dominate_single(subj, obj)) + if (!mac_mls_dominate_effective(subj, obj)) return (EACCES); return (0); @@ -1540,9 +1540,9 @@ mac_mls_check_pipe_relabel(struct ucred *cred, struct pipepair *pp, /* * If there is an MLS label update for a pipe, it must be a - * single update. + * effective update. */ - error = mls_atmostflags(new, MAC_MLS_FLAG_SINGLE); + error = mls_atmostflags(new, MAC_MLS_FLAG_EFFECTIVE); if (error) return (error); @@ -1550,18 +1550,18 @@ mac_mls_check_pipe_relabel(struct ucred *cred, struct pipepair *pp, * To perform a relabel of a pipe (MLS label or not), MLS must * authorize the relabel. */ - if (!mac_mls_single_in_range(obj, subj)) + if (!mac_mls_effective_in_range(obj, subj)) return (EPERM); /* * If the MLS label is to be changed, authorize as appropriate. */ - if (new->mm_flags & MAC_MLS_FLAG_SINGLE) { + if (new->mm_flags & MAC_MLS_FLAG_EFFECTIVE) { /* * To change the MLS label on a pipe, the new pipe label * must be in the subject range. */ - if (!mac_mls_single_in_range(new, subj)) + if (!mac_mls_effective_in_range(new, subj)) return (EPERM); /* @@ -1590,7 +1590,7 @@ mac_mls_check_pipe_stat(struct ucred *cred, struct pipepair *pp, subj = SLOT(cred->cr_label); obj = SLOT((pipelabel)); - if (!mac_mls_dominate_single(subj, obj)) + if (!mac_mls_dominate_effective(subj, obj)) return (EACCES); return (0); @@ -1608,7 +1608,7 @@ mac_mls_check_pipe_write(struct ucred *cred, struct pipepair *pp, subj = SLOT(cred->cr_label); obj = SLOT((pipelabel)); - if (!mac_mls_dominate_single(obj, subj)) + if (!mac_mls_dominate_effective(obj, subj)) return (EACCES); return (0); @@ -1626,9 +1626,9 @@ mac_mls_check_proc_debug(struct ucred *cred, struct proc *proc) obj = SLOT(proc->p_ucred->cr_label); /* XXX: range checks */ - if (!mac_mls_dominate_single(subj, obj)) + if (!mac_mls_dominate_effective(subj, obj)) return (ESRCH); - if (!mac_mls_dominate_single(obj, subj)) + if (!mac_mls_dominate_effective(obj, subj)) return (EACCES); return (0); @@ -1646,9 +1646,9 @@ mac_mls_check_proc_sched(struct ucred *cred, struct proc *proc) obj = SLOT(proc->p_ucred->cr_label); /* XXX: range checks */ - if (!mac_mls_dominate_single(subj, obj)) + if (!mac_mls_dominate_effective(subj, obj)) return (ESRCH); - if (!mac_mls_dominate_single(obj, subj)) + if (!mac_mls_dominate_effective(obj, subj)) return (EACCES); return (0); @@ -1666,9 +1666,9 @@ mac_mls_check_proc_signal(struct ucred *cred, struct proc *proc, int signum) obj = SLOT(proc->p_ucred->cr_label); /* XXX: range checks */ - if (!mac_mls_dominate_single(subj, obj)) + if (!mac_mls_dominate_effective(subj, obj)) return (ESRCH); - if (!mac_mls_dominate_single(obj, subj)) + if (!mac_mls_dominate_effective(obj, subj)) return (EACCES); return (0); @@ -1686,7 +1686,7 @@ mac_mls_check_socket_deliver(struct socket *so, struct label *socketlabel, p = SLOT(mbuflabel); s = SLOT(socketlabel); - return (mac_mls_equal_single(p, s) ? 0 : EACCES); + return (mac_mls_equal_effective(p, s) ? 0 : EACCES); } static int @@ -1702,28 +1702,28 @@ mac_mls_check_socket_relabel(struct ucred *cred, struct socket *socket, /* * If there is an MLS label update for the socket, it may be - * an update of single. + * an update of effective. */ - error = mls_atmostflags(new, MAC_MLS_FLAG_SINGLE); + error = mls_atmostflags(new, MAC_MLS_FLAG_EFFECTIVE); if (error) return (error); /* - * To relabel a socket, the old socket single must be in the subject + * To relabel a socket, the old socket effective must be in the subject * range. */ - if (!mac_mls_single_in_range(obj, subj)) + if (!mac_mls_effective_in_range(obj, subj)) return (EPERM); /* * If the MLS label is to be changed, authorize as appropriate. */ - if (new->mm_flags & MAC_MLS_FLAG_SINGLE) { + if (new->mm_flags & MAC_MLS_FLAG_EFFECTIVE) { /* - * To relabel a socket, the new socket single must be in + * To relabel a socket, the new socket effective must be in * the subject range. */ - if (!mac_mls_single_in_range(new, subj)) + if (!mac_mls_effective_in_range(new, subj)) return (EPERM); /* @@ -1752,7 +1752,7 @@ mac_mls_check_socket_visible(struct ucred *cred, struct socket *socket, subj = SLOT(cred->cr_label); obj = SLOT(socketlabel); - if (!mac_mls_dominate_single(subj, obj)) + if (!mac_mls_dominate_effective(subj, obj)) return (ENOENT); return (0); @@ -1770,8 +1770,8 @@ mac_mls_check_system_swapon(struct ucred *cred, struct vnode *vp, subj = SLOT(cred->cr_label); obj = SLOT(label); - if (!mac_mls_dominate_single(obj, subj) || - !mac_mls_dominate_single(subj, obj)) + if (!mac_mls_dominate_effective(obj, subj) || + !mac_mls_dominate_effective(subj, obj)) return (EACCES); return (0); @@ -1789,7 +1789,7 @@ mac_mls_check_vnode_chdir(struct ucred *cred, struct vnode *dvp, subj = SLOT(cred->cr_label); obj = SLOT(dlabel); - if (!mac_mls_dominate_single(subj, obj)) + if (!mac_mls_dominate_effective(subj, obj)) return (EACCES); return (0); @@ -1807,7 +1807,7 @@ mac_mls_check_vnode_chroot(struct ucred *cred, struct vnode *dvp, subj = SLOT(cred->cr_label); obj = SLOT(dlabel); - if (!mac_mls_dominate_single(subj, obj)) + if (!mac_mls_dominate_effective(subj, obj)) return (EACCES); return (0); @@ -1825,7 +1825,7 @@ mac_mls_check_vnode_create(struct ucred *cred, struct vnode *dvp, subj = SLOT(cred->cr_label); obj = SLOT(dlabel); - if (!mac_mls_dominate_single(obj, subj)) + if (!mac_mls_dominate_effective(obj, subj)) return (EACCES); return (0); @@ -1844,12 +1844,12 @@ mac_mls_check_vnode_delete(struct ucred *cred, struct vnode *dvp, subj = SLOT(cred->cr_label); obj = SLOT(dlabel); - if (!mac_mls_dominate_single(obj, subj)) + if (!mac_mls_dominate_effective(obj, subj)) return (EACCES); obj = SLOT(label); - if (!mac_mls_dominate_single(obj, subj)) + if (!mac_mls_dominate_effective(obj, subj)) return (EACCES); return (0); @@ -1867,7 +1867,7 @@ mac_mls_check_vnode_deleteacl(struct ucred *cred, struct vnode *vp, subj = SLOT(cred->cr_label); obj = SLOT(label); - if (!mac_mls_dominate_single(obj, subj)) + if (!mac_mls_dominate_effective(obj, subj)) return (EACCES); return (0); @@ -1885,7 +1885,7 @@ mac_mls_check_vnode_deleteextattr(struct ucred *cred, struct vnode *vp, subj = SLOT(cred->cr_label); obj = SLOT(label); - if (!mac_mls_dominate_single(obj, subj)) + if (!mac_mls_dominate_effective(obj, subj)) return (EACCES); return (0); @@ -1917,7 +1917,7 @@ mac_mls_check_vnode_exec(struct ucred *cred, struct vnode *vp, subj = SLOT(cred->cr_label); obj = SLOT(label); - if (!mac_mls_dominate_single(subj, obj)) + if (!mac_mls_dominate_effective(subj, obj)) return (EACCES); return (0); @@ -1935,7 +1935,7 @@ mac_mls_check_vnode_getacl(struct ucred *cred, struct vnode *vp, subj = SLOT(cred->cr_label); obj = SLOT(label); - if (!mac_mls_dominate_single(subj, obj)) + if (!mac_mls_dominate_effective(subj, obj)) return (EACCES); return (0); @@ -1953,7 +1953,7 @@ mac_mls_check_vnode_getextattr(struct ucred *cred, struct vnode *vp, subj = SLOT(cred->cr_label); obj = SLOT(label); - if (!mac_mls_dominate_single(subj, obj)) + if (!mac_mls_dominate_effective(subj, obj)) return (EACCES); return (0); @@ -1972,11 +1972,11 @@ mac_mls_check_vnode_link(struct ucred *cred, struct vnode *dvp, subj = SLOT(cred->cr_label); obj = SLOT(dlabel); - if (!mac_mls_dominate_single(obj, subj)) + if (!mac_mls_dominate_effective(obj, subj)) return (EACCES); obj = SLOT(dlabel); - if (!mac_mls_dominate_single(obj, subj)) + if (!mac_mls_dominate_effective(obj, subj)) return (EACCES); return (0); @@ -1995,7 +1995,7 @@ mac_mls_check_vnode_listextattr(struct ucred *cred, struct vnode *vp, subj = SLOT(cred->cr_label); obj = SLOT(label); - if (!mac_mls_dominate_single(subj, obj)) + if (!mac_mls_dominate_effective(subj, obj)) return (EACCES); return (0); @@ -2013,7 +2013,7 @@ mac_mls_check_vnode_lookup(struct ucred *cred, struct vnode *dvp, subj = SLOT(cred->cr_label); obj = SLOT(dlabel); - if (!mac_mls_dominate_single(subj, obj)) + if (!mac_mls_dominate_effective(subj, obj)) return (EACCES); return (0); @@ -2036,11 +2036,11 @@ mac_mls_check_vnode_mmap(struct ucred *cred, struct vnode *vp, obj = SLOT(label); if (prot & (VM_PROT_READ | VM_PROT_EXECUTE)) { - if (!mac_mls_dominate_single(subj, obj)) + if (!mac_mls_dominate_effective(subj, obj)) return (EACCES); } if (prot & VM_PROT_WRITE) { - if (!mac_mls_dominate_single(obj, subj)) + if (!mac_mls_dominate_effective(obj, subj)) return (EACCES); } @@ -2061,11 +2061,11 @@ mac_mls_check_vnode_open(struct ucred *cred, struct vnode *vp, /* XXX privilege override for admin? */ if (acc_mode & (VREAD | VEXEC | VSTAT)) { - if (!mac_mls_dominate_single(subj, obj)) + if (!mac_mls_dominate_effective(subj, obj)) return (EACCES); } if (acc_mode & (VWRITE | VAPPEND | VADMIN)) { - if (!mac_mls_dominate_single(obj, subj)) + if (!mac_mls_dominate_effective(obj, subj)) return (EACCES); } @@ -2084,7 +2084,7 @@ mac_mls_check_vnode_poll(struct ucred *active_cred, struct ucred *file_cred, subj = SLOT(active_cred->cr_label); obj = SLOT(label); - if (!mac_mls_dominate_single(subj, obj)) + if (!mac_mls_dominate_effective(subj, obj)) return (EACCES); return (0); @@ -2102,7 +2102,7 @@ mac_mls_check_vnode_read(struct ucred *active_cred, struct ucred *file_cred, subj = SLOT(active_cred->cr_label); obj = SLOT(label); - if (!mac_mls_dominate_single(subj, obj)) + if (!mac_mls_dominate_effective(subj, obj)) return (EACCES); return (0); @@ -2120,7 +2120,7 @@ mac_mls_check_vnode_readdir(struct ucred *cred, struct vnode *dvp, subj = SLOT(cred->cr_label); obj = SLOT(dlabel); - if (!mac_mls_dominate_single(subj, obj)) + if (!mac_mls_dominate_effective(subj, obj)) return (EACCES); return (0); @@ -2138,7 +2138,7 @@ mac_mls_check_vnode_readlink(struct ucred *cred, struct vnode *vp, subj = SLOT(cred->cr_label); obj = SLOT(vnodelabel); - if (!mac_mls_dominate_single(subj, obj)) + if (!mac_mls_dominate_effective(subj, obj)) return (EACCES); return (0); @@ -2157,9 +2157,9 @@ mac_mls_check_vnode_relabel(struct ucred *cred, struct vnode *vp, /* * If there is an MLS label update for the vnode, it must be a - * single label. + * effective label. */ - error = mls_atmostflags(new, MAC_MLS_FLAG_SINGLE); + error = mls_atmostflags(new, MAC_MLS_FLAG_EFFECTIVE); if (error) return (error); @@ -2167,18 +2167,18 @@ mac_mls_check_vnode_relabel(struct ucred *cred, struct vnode *vp, * To perform a relabel of the vnode (MLS label or not), MLS must * authorize the relabel. */ - if (!mac_mls_single_in_range(old, subj)) + if (!mac_mls_effective_in_range(old, subj)) return (EPERM); /* * If the MLS label is to be changed, authorize as appropriate. */ - if (new->mm_flags & MAC_MLS_FLAG_SINGLE) { + if (new->mm_flags & MAC_MLS_FLAG_EFFECTIVE) { /* * To change the MLS label on a vnode, the new vnode label * must be in the subject range. */ - if (!mac_mls_single_in_range(new, subj)) + if (!mac_mls_effective_in_range(new, subj)) return (EPERM); /* @@ -2209,12 +2209,12 @@ mac_mls_check_vnode_rename_from(struct ucred *cred, struct vnode *dvp, subj = SLOT(cred->cr_label); obj = SLOT(dlabel); - if (!mac_mls_dominate_single(obj, subj)) + if (!mac_mls_dominate_effective(obj, subj)) return (EACCES); obj = SLOT(label); - if (!mac_mls_dominate_single(obj, subj)) + if (!mac_mls_dominate_effective(obj, subj)) return (EACCES); return (0); @@ -2233,13 +2233,13 @@ mac_mls_check_vnode_rename_to(struct ucred *cred, struct vnode *dvp, subj = SLOT(cred->cr_label); obj = SLOT(dlabel); - if (!mac_mls_dominate_single(obj, subj)) + if (!mac_mls_dominate_effective(obj, subj)) return (EACCES); if (vp != NULL) { obj = SLOT(label); - if (!mac_mls_dominate_single(obj, subj)) + if (!mac_mls_dominate_effective(obj, subj)) return (EACCES); } @@ -2258,7 +2258,7 @@ mac_mls_check_vnode_revoke(struct ucred *cred, struct vnode *vp, subj = SLOT(cred->cr_label); obj = SLOT(label); - if (!mac_mls_dominate_single(obj, subj)) + if (!mac_mls_dominate_effective(obj, subj)) return (EACCES); return (0); @@ -2276,7 +2276,7 @@ mac_mls_check_vnode_setacl(struct ucred *cred, struct vnode *vp, subj = SLOT(cred->cr_label); obj = SLOT(label); - if (!mac_mls_dominate_single(obj, subj)) + if (!mac_mls_dominate_effective(obj, subj)) return (EACCES); return (0); @@ -2295,7 +2295,7 @@ mac_mls_check_vnode_setextattr(struct ucred *cred, struct vnode *vp, subj = SLOT(cred->cr_label); obj = SLOT(vnodelabel); - if (!mac_mls_dominate_single(obj, subj)) + if (!mac_mls_dominate_effective(obj, subj)) return (EACCES); /* XXX: protect the MAC EA in a special way? */ @@ -2315,7 +2315,7 @@ mac_mls_check_vnode_setflags(struct ucred *cred, struct vnode *vp, subj = SLOT(cred->cr_label); obj = SLOT(vnodelabel); - if (!mac_mls_dominate_single(obj, subj)) + if (!mac_mls_dominate_effective(obj, subj)) return (EACCES); return (0); @@ -2333,7 +2333,7 @@ mac_mls_check_vnode_setmode(struct ucred *cred, struct vnode *vp, subj = SLOT(cred->cr_label); obj = SLOT(vnodelabel); - if (!mac_mls_dominate_single(obj, subj)) + if (!mac_mls_dominate_effective(obj, subj)) return (EACCES); return (0); @@ -2351,7 +2351,7 @@ mac_mls_check_vnode_setowner(struct ucred *cred, struct vnode *vp, subj = SLOT(cred->cr_label); obj = SLOT(vnodelabel); - if (!mac_mls_dominate_single(obj, subj)) + if (!mac_mls_dominate_effective(obj, subj)) return (EACCES); return (0); @@ -2369,7 +2369,7 @@ mac_mls_check_vnode_setutimes(struct ucred *cred, struct vnode *vp, subj = SLOT(cred->cr_label); obj = SLOT(vnodelabel); - if (!mac_mls_dominate_single(obj, subj)) + if (!mac_mls_dominate_effective(obj, subj)) return (EACCES); return (0); @@ -2387,7 +2387,7 @@ mac_mls_check_vnode_stat(struct ucred *active_cred, struct ucred *file_cred, subj = SLOT(active_cred->cr_label); obj = SLOT(vnodelabel); - if (!mac_mls_dominate_single(subj, obj)) + if (!mac_mls_dominate_effective(subj, obj)) return (EACCES); return (0); @@ -2405,7 +2405,7 @@ mac_mls_check_vnode_write(struct ucred *active_cred, struct ucred *file_cred, subj = SLOT(active_cred->cr_label); obj = SLOT(label); - if (!mac_mls_dominate_single(obj, subj)) + if (!mac_mls_dominate_effective(obj, subj)) return (EACCES); return (0); diff --git a/sys/security/mac_mls/mac_mls.h b/sys/security/mac_mls/mac_mls.h index 69a3b62..7bed921 100644 --- a/sys/security/mac_mls/mac_mls.h +++ b/sys/security/mac_mls/mac_mls.h @@ -1,6 +1,6 @@ /*- * Copyright (c) 1999-2002 Robert N. M. Watson - * Copyright (c) 2001-2002 Networks Associates Technology, Inc. + * Copyright (c) 2001-2004 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed by Robert Watson for the TrustedBSD Project. @@ -44,9 +44,9 @@ #define MAC_MLS_LABEL_NAME "mls" -#define MAC_MLS_FLAG_SINGLE 0x00000001 /* mm_single initialized */ +#define MAC_MLS_FLAG_EFFECTIVE 0x00000001 /* mm_effective initialized */ #define MAC_MLS_FLAG_RANGE 0x00000002 /* mm_range* initialized */ -#define MAC_MLS_FLAGS_BOTH (MAC_MLS_FLAG_SINGLE | MAC_MLS_FLAG_RANGE) +#define MAC_MLS_FLAGS_BOTH (MAC_MLS_FLAG_EFFECTIVE | MAC_MLS_FLAG_RANGE) #define MAC_MLS_TYPE_UNDEF 0 /* Undefined */ #define MAC_MLS_TYPE_LEVEL 1 /* Hierarchal level with mm_level. */ @@ -78,14 +78,14 @@ struct mac_mls_element { }; /* - * MLS labels consist of two components: a single label, and a label + * MLS labels consist of two components: an effective label, and a label * range. Depending on the context, one or both may be used; the mb_flags * field permits the provider to indicate what fields are intended for * use. */ struct mac_mls { int mm_flags; - struct mac_mls_element mm_single; + struct mac_mls_element mm_effective; struct mac_mls_element mm_rangelow, mm_rangehigh; }; |