From 01d59d6bbb5b5f5108b1f5454d11ff3b3be2dad6 Mon Sep 17 00:00:00 2001 From: pjd Date: Sun, 22 Feb 2004 12:31:44 +0000 Subject: Reimplement sysctls handling by MAC framework. Now I believe it is done in the right way. Removed some XXMAC cases, we now assume 'high' integrity level for all sysctls, except those with CTLFLAG_ANYBODY flag set. No more magic. Reviewed by: rwatson Approved by: rwatson, scottl (mentor) Tested with: LINT (compilation), mac_biba(4) (functionality) --- sys/security/mac_lomac/mac_lomac.c | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) (limited to 'sys/security/mac_lomac/mac_lomac.c') diff --git a/sys/security/mac_lomac/mac_lomac.c b/sys/security/mac_lomac/mac_lomac.c index f1e7a28..9502c05 100644 --- a/sys/security/mac_lomac/mac_lomac.c +++ b/sys/security/mac_lomac/mac_lomac.c @@ -2063,8 +2063,8 @@ mac_lomac_check_system_swapon(struct ucred *cred, struct vnode *vp, } static int -mac_lomac_check_system_sysctl(struct ucred *cred, int *name, u_int namelen, - void *old, size_t *oldlenp, int inkernel, void *new, size_t newlen) +mac_lomac_check_system_sysctl(struct ucred *cred, struct sysctl_oid *oidp, + void *arg1, int arg2, struct sysctl_req *req) { struct mac_lomac *subj; @@ -2074,16 +2074,10 @@ mac_lomac_check_system_sysctl(struct ucred *cred, int *name, u_int namelen, subj = SLOT(cred->cr_label); /* - * In general, treat sysctl variables as lomac/high, but also - * require privilege to change them, since they are a - * communications channel between grades. Exempt MIB - * queries from this due to undocmented sysctl magic. - * XXXMAC: This probably requires some more review. + * Treat sysctl variables without CTLFLAG_ANYBODY flag as + * lomac/high, but also require privilege to change them. */ - if (new != NULL) { - if (namelen > 0 && name[0] == 0) - return (0); - + if (req->newptr != NULL && (oidp->oid_kind & CTLFLAG_ANYBODY) == 0) { #ifdef notdef if (!mac_lomac_subject_dominate_high(subj)) return (EACCES); -- cgit v1.1