summaryrefslogtreecommitdiffstats
path: root/sys/security
diff options
context:
space:
mode:
authorrwatson <rwatson@FreeBSD.org>2003-08-21 18:07:52 +0000
committerrwatson <rwatson@FreeBSD.org>2003-08-21 18:07:52 +0000
commit0ebed43e995e8c2f7ae7839875c2ddee9a1f2a34 (patch)
treeb988f05412e6a90a1e9c1e7640d01d73c45b8645 /sys/security
parent79889089766c55e380bc13d48032aeba82265422 (diff)
downloadFreeBSD-src-0ebed43e995e8c2f7ae7839875c2ddee9a1f2a34.zip
FreeBSD-src-0ebed43e995e8c2f7ae7839875c2ddee9a1f2a34.tar.gz
Correct logic for filling out a "new" label during a credential
change in mac_lomac: if both flags are set on the new label, we may not need to always fill out the label (only if one flag is set, not both). Avoid stomping on a section of the label if we are in fact modifying both elements. Because we know that both flags will be set, we don't need to test whether the range or single are set in later consistency checks of the range and single -- just test them. By checking the range of the new vs. the range of the old label before testing the single against the new range, we implicitly test that the new single is in the old range. Document this with a comment. Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
Diffstat (limited to 'sys/security')
-rw-r--r--sys/security/mac_lomac/mac_lomac.c36
1 files changed, 29 insertions, 7 deletions
diff --git a/sys/security/mac_lomac/mac_lomac.c b/sys/security/mac_lomac/mac_lomac.c
index 5ae5ef6..90c971e 100644
--- a/sys/security/mac_lomac/mac_lomac.c
+++ b/sys/security/mac_lomac/mac_lomac.c
@@ -1596,19 +1596,27 @@ mac_lomac_check_cred_relabel(struct ucred *cred, struct label *newlabel)
*/
if (new->ml_flags & MAC_LOMAC_FLAGS_BOTH) {
/*
- * To change the LOMAC single label on a credential, the
- * new single label must be in the current range.
+ * Fill in the missing parts from the previous label.
*/
- if (new->ml_flags & MAC_LOMAC_FLAG_SINGLE &&
- !mac_lomac_single_in_range(new, subj))
- return (EPERM);
+ if ((new->ml_flags & MAC_LOMAC_FLAG_SINGLE) == 0)
+ mac_lomac_copy_single(subj, new);
+ if ((new->ml_flags & MAC_LOMAC_FLAG_RANGE) == 0)
+ mac_lomac_copy_range(subj, new);
/*
* To change the LOMAC range on a credential, the new
* range label must be in the current range.
*/
- if (new->ml_flags & MAC_LOMAC_FLAG_RANGE &&
- !mac_lomac_range_in_range(new, subj))
+ if (!mac_lomac_range_in_range(new, subj))
+ return (EPERM);
+
+ /*
+ * To change the LOMAC single label on a credential, the
+ * new single label must be in the new range. Implicitly
+ * from the previous check, the new single is in the old
+ * range.
+ */
+ if (!mac_lomac_single_in_range(new, new))
return (EPERM);
/*
@@ -1680,6 +1688,14 @@ mac_lomac_check_ifnet_relabel(struct ucred *cred, struct ifnet *ifnet,
*/
if (new->ml_flags & MAC_LOMAC_FLAGS_BOTH) {
/*
+ * Fill in the missing parts from the previous label.
+ */
+ if ((new->ml_flags & MAC_LOMAC_FLAG_SINGLE) == 0)
+ mac_lomac_copy_single(subj, new);
+ if ((new->ml_flags & MAC_LOMAC_FLAG_RANGE) == 0)
+ mac_lomac_copy_range(subj, new);
+
+ /*
* Rely on the traditional superuser status for the LOMAC
* interface relabel requirements. XXXMAC: This will go
* away.
@@ -2300,6 +2316,12 @@ mac_lomac_check_vnode_relabel(struct ucred *cred, struct vnode *vp,
}
if (new->ml_flags & MAC_LOMAC_FLAG_AUX) {
/*
+ * Fill in the missing parts from the previous label.
+ */
+ if ((new->ml_flags & MAC_LOMAC_FLAG_SINGLE) == 0)
+ mac_lomac_copy_single(subj, new);
+
+ /*
* To change the auxiliary LOMAC label on a vnode, the new
* vnode label must be in the subject range.
*/
OpenPOWER on IntegriCloud