Date: Wed, 13 Nov 2002 11:30:26 -0800 (PST) From: Brian Feldman <green@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 21043 for review Message-ID: <200211131930.gADJUQYd059045@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=21043 Change 21043 by green@green_laptop_2 on 2002/11/13 11:29:41 Revise the new LOMAC's interpretation of the subject label. The components are thus: single(low-high) single: The effective level defines what the level of created files shall be, and what the lowest-integrity object that may be read without demotion shall be. low: The low range level determines the lower bound that the effective level may become. high: The high range level determines what protections are enforced regarding modification of objects by the subject. Additionally, it is also the upper bound of the effective level. Affected files ... .. //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#38 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/security/mac_lomac/mac_lomac.c#38 (text+ko) ==== @@ -203,8 +203,6 @@ default: panic("mac_lomac_dominate_element: a->mle_type invalid"); } - - return (0); } static int @@ -230,8 +228,6 @@ &single->ml_single) && mac_lomac_dominate_element(&single->ml_single, &range->ml_rangelow)); - - return (1); } static int @@ -263,6 +259,19 @@ } static int +mac_lomac_subject_dominate(struct mac_lomac *a, struct mac_lomac *b) +{ + KASSERT((~a->ml_flags & + (MAC_LOMAC_FLAG_SINGLE | MAC_LOMAC_FLAG_RANGE)) == 0, + ("mac_lomac_dominate_single: a not subject")); + KASSERT((b->ml_flags & MAC_LOMAC_FLAG_SINGLE) != 0, + ("mac_lomac_dominate_single: b not single")); + + return (mac_lomac_dominate_element(&a->ml_rangehigh, + &b->ml_single)); +} + +static int mac_lomac_equal_element(struct mac_lomac_element *a, struct mac_lomac_element *b) { @@ -1838,7 +1847,7 @@ subj = SLOT(&cred->cr_label); obj = SLOT((pipelabel)); - if (!mac_lomac_dominate_single(subj, obj)) + if (!mac_lomac_subject_dominate(subj, obj)) return (EACCES); return (0); @@ -1858,7 +1867,7 @@ /* XXX: range checks */ if (!mac_lomac_dominate_single(obj, subj)) return (ESRCH); - if (!mac_lomac_dominate_single(subj, obj)) + if (!mac_lomac_subject_dominate(subj, obj)) return (EACCES); return (0); @@ -1878,7 +1887,7 @@ /* XXX: range checks */ if (!mac_lomac_dominate_single(obj, subj)) return (ESRCH); - if (!mac_lomac_dominate_single(subj, obj)) + if (!mac_lomac_subject_dominate(subj, obj)) return (EACCES); return (0); @@ -1898,7 +1907,7 @@ /* XXX: range checks */ if (!mac_lomac_dominate_single(obj, subj)) return (ESRCH); - if (!mac_lomac_dominate_single(subj, obj)) + if (!mac_lomac_subject_dominate(subj, obj)) return (EACCES); return (0); @@ -2055,7 +2064,7 @@ subj = SLOT(&cred->cr_label); obj = SLOT(dlabel); - if (!mac_lomac_dominate_single(subj, obj)) + if (!mac_lomac_subject_dominate(subj, obj)) return (EACCES); if (obj->ml_flags & MAC_LOMAC_FLAG_AUX && !mac_lomac_dominate_element(&subj->ml_single, &obj->ml_auxsingle)) @@ -2077,12 +2086,12 @@ subj = SLOT(&cred->cr_label); obj = SLOT(dlabel); - if (!mac_lomac_dominate_single(subj, obj)) + if (!mac_lomac_subject_dominate(subj, obj)) return (EACCES); obj = SLOT(label); - if (!mac_lomac_dominate_single(subj, obj)) + if (!mac_lomac_subject_dominate(subj, obj)) return (EACCES); return (0); @@ -2100,7 +2109,7 @@ subj = SLOT(&cred->cr_label); obj = SLOT(label); - if (!mac_lomac_dominate_single(subj, obj)) + if (!mac_lomac_subject_dominate(subj, obj)) return (EACCES); return (0); @@ -2119,12 +2128,12 @@ subj = SLOT(&cred->cr_label); obj = SLOT(dlabel); - if (!mac_lomac_dominate_single(subj, obj)) + if (!mac_lomac_subject_dominate(subj, obj)) return (EACCES); obj = SLOT(label); - if (!mac_lomac_dominate_single(subj, obj)) + if (!mac_lomac_subject_dominate(subj, obj)) return (EACCES); return (0); @@ -2147,7 +2156,7 @@ obj = SLOT(label); if (prot & VM_PROT_WRITE) { - if (!mac_lomac_dominate_single(subj, obj)) + if (!mac_lomac_subject_dominate(subj, obj)) return (EACCES); } if (prot & (VM_PROT_READ | VM_PROT_EXECUTE)) { @@ -2175,7 +2184,7 @@ obj = SLOT(label); if (prot & VM_PROT_WRITE) { - if (!mac_lomac_dominate_single(subj, obj)) + if (!mac_lomac_subject_dominate(subj, obj)) return (EACCES); } if (prot & (VM_PROT_READ | VM_PROT_EXECUTE)) { @@ -2202,7 +2211,7 @@ subj = SLOT(&cred->cr_label); obj = SLOT(label); - if (!mac_lomac_dominate_single(subj, obj)) + if (!mac_lomac_subject_dominate(subj, obj)) *prot &= ~VM_PROT_WRITE; } @@ -2220,7 +2229,7 @@ /* XXX privilege override for admin? */ if (acc_mode & (VWRITE | VAPPEND | VADMIN)) { - if (!mac_lomac_dominate_single(subj, obj)) + if (!mac_lomac_subject_dominate(subj, obj)) return (EACCES); } @@ -2328,12 +2337,12 @@ subj = SLOT(&cred->cr_label); obj = SLOT(dlabel); - if (!mac_lomac_dominate_single(subj, obj)) + if (!mac_lomac_subject_dominate(subj, obj)) return (EACCES); obj = SLOT(label); - if (!mac_lomac_dominate_single(subj, obj)) + if (!mac_lomac_subject_dominate(subj, obj)) return (EACCES); return (0); @@ -2352,13 +2361,13 @@ subj = SLOT(&cred->cr_label); obj = SLOT(dlabel); - if (!mac_lomac_dominate_single(subj, obj)) + if (!mac_lomac_subject_dominate(subj, obj)) return (EACCES); if (vp != NULL) { obj = SLOT(label); - if (!mac_lomac_dominate_single(subj, obj)) + if (!mac_lomac_subject_dominate(subj, obj)) return (EACCES); } @@ -2377,7 +2386,7 @@ subj = SLOT(&cred->cr_label); obj = SLOT(label); - if (!mac_lomac_dominate_single(subj, obj)) + if (!mac_lomac_subject_dominate(subj, obj)) return (EACCES); return (0); @@ -2395,7 +2404,7 @@ subj = SLOT(&cred->cr_label); obj = SLOT(label); - if (!mac_lomac_dominate_single(subj, obj)) + if (!mac_lomac_subject_dominate(subj, obj)) return (EACCES); return (0); @@ -2414,7 +2423,7 @@ subj = SLOT(&cred->cr_label); obj = SLOT(vnodelabel); - if (!mac_lomac_dominate_single(subj, obj)) + if (!mac_lomac_subject_dominate(subj, obj)) return (EACCES); /* XXX: protect the MAC EA in a special way? */ @@ -2434,7 +2443,7 @@ subj = SLOT(&cred->cr_label); obj = SLOT(vnodelabel); - if (!mac_lomac_dominate_single(subj, obj)) + if (!mac_lomac_subject_dominate(subj, obj)) return (EACCES); return (0); @@ -2452,7 +2461,7 @@ subj = SLOT(&cred->cr_label); obj = SLOT(vnodelabel); - if (!mac_lomac_dominate_single(subj, obj)) + if (!mac_lomac_subject_dominate(subj, obj)) return (EACCES); return (0); @@ -2470,7 +2479,7 @@ subj = SLOT(&cred->cr_label); obj = SLOT(vnodelabel); - if (!mac_lomac_dominate_single(subj, obj)) + if (!mac_lomac_subject_dominate(subj, obj)) return (EACCES); return (0); @@ -2488,7 +2497,7 @@ subj = SLOT(&cred->cr_label); obj = SLOT(vnodelabel); - if (!mac_lomac_dominate_single(subj, obj)) + if (!mac_lomac_subject_dominate(subj, obj)) return (EACCES); return (0); @@ -2506,7 +2515,7 @@ subj = SLOT(&active_cred->cr_label); obj = SLOT(label); - if (!mac_lomac_dominate_single(subj, obj)) + if (!mac_lomac_subject_dominate(subj, obj)) return (EACCES); return (0); To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200211131930.gADJUQYd059045>